Skip to content

Commit 23b820d

Browse files
author
cvelistV5 Github Action
committed
8 changes (3 new | 5 updated):
 - 3 new CVEs: CVE-2024-35365, CVE-2024-36613, CVE-2025-0195 - 5 updated CVEs: CVE-2023-1707, CVE-2023-30762, CVE-2023-34249, CVE-2024-56324, CVE-2024-56410
1 parent def3543 commit 23b820d

File tree

10 files changed

+623
-49
lines changed

10 files changed

+623
-49
lines changed

cves/2023/1xxx/CVE-2023-1707.json

Lines changed: 61 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
"assignerShortName": "hp",
99
"dateReserved": "2023-03-29T16:34:11.993Z",
1010
"datePublished": "2023-06-13T17:06:04.682Z",
11-
"dateUpdated": "2024-08-02T05:57:24.901Z"
11+
"dateUpdated": "2025-01-03T17:58:46.273Z"
1212
},
1313
"containers": {
1414
"cna": {
@@ -60,6 +60,66 @@
6060
]
6161
}
6262
]
63+
},
64+
{
65+
"problemTypes": [
66+
{
67+
"descriptions": [
68+
{
69+
"type": "CWE",
70+
"cweId": "CWE-203",
71+
"lang": "en",
72+
"description": "CWE-203 Observable Discrepancy"
73+
}
74+
]
75+
}
76+
],
77+
"metrics": [
78+
{
79+
"cvssV3_1": {
80+
"scope": "UNCHANGED",
81+
"version": "3.1",
82+
"baseScore": 7.5,
83+
"attackVector": "NETWORK",
84+
"baseSeverity": "HIGH",
85+
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
86+
"integrityImpact": "NONE",
87+
"userInteraction": "NONE",
88+
"attackComplexity": "LOW",
89+
"availabilityImpact": "NONE",
90+
"privilegesRequired": "NONE",
91+
"confidentialityImpact": "HIGH"
92+
}
93+
},
94+
{
95+
"other": {
96+
"type": "ssvc",
97+
"content": {
98+
"timestamp": "2025-01-03T17:58:28.258999Z",
99+
"id": "CVE-2023-1707",
100+
"options": [
101+
{
102+
"Exploitation": "none"
103+
},
104+
{
105+
"Automatable": "yes"
106+
},
107+
{
108+
"Technical Impact": "partial"
109+
}
110+
],
111+
"role": "CISA Coordinator",
112+
"version": "2.0.3"
113+
}
114+
}
115+
}
116+
],
117+
"title": "CISA ADP Vulnrichment",
118+
"providerMetadata": {
119+
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
120+
"shortName": "CISA-ADP",
121+
"dateUpdated": "2025-01-03T17:58:46.273Z"
122+
}
63123
}
64124
]
65125
}

cves/2023/30xxx/CVE-2023-30762.json

Lines changed: 61 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
"cveId": "CVE-2023-30762",
77
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
88
"assignerShortName": "jpcert",
9-
"dateUpdated": "2024-08-02T14:37:14.823Z",
9+
"dateUpdated": "2025-01-03T17:58:23.336Z",
1010
"dateReserved": "2023-05-11T00:00:00",
1111
"datePublished": "2023-06-13T00:00:00"
1212
},
@@ -77,6 +77,66 @@
7777
]
7878
}
7979
]
80+
},
81+
{
82+
"problemTypes": [
83+
{
84+
"descriptions": [
85+
{
86+
"type": "CWE",
87+
"cweId": "CWE-306",
88+
"lang": "en",
89+
"description": "CWE-306 Missing Authentication for Critical Function"
90+
}
91+
]
92+
}
93+
],
94+
"metrics": [
95+
{
96+
"cvssV3_1": {
97+
"scope": "UNCHANGED",
98+
"version": "3.1",
99+
"baseScore": 9.8,
100+
"attackVector": "NETWORK",
101+
"baseSeverity": "CRITICAL",
102+
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
103+
"integrityImpact": "HIGH",
104+
"userInteraction": "NONE",
105+
"attackComplexity": "LOW",
106+
"availabilityImpact": "HIGH",
107+
"privilegesRequired": "NONE",
108+
"confidentialityImpact": "HIGH"
109+
}
110+
},
111+
{
112+
"other": {
113+
"type": "ssvc",
114+
"content": {
115+
"timestamp": "2025-01-03T17:56:28.641880Z",
116+
"id": "CVE-2023-30762",
117+
"options": [
118+
{
119+
"Exploitation": "none"
120+
},
121+
{
122+
"Automatable": "yes"
123+
},
124+
{
125+
"Technical Impact": "total"
126+
}
127+
],
128+
"role": "CISA Coordinator",
129+
"version": "2.0.3"
130+
}
131+
}
132+
}
133+
],
134+
"title": "CISA ADP Vulnrichment",
135+
"providerMetadata": {
136+
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
137+
"shortName": "CISA-ADP",
138+
"dateUpdated": "2025-01-03T17:58:23.336Z"
139+
}
80140
}
81141
]
82142
}

cves/2023/34xxx/CVE-2023-34249.json

Lines changed: 33 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
"assignerShortName": "GitHub_M",
99
"dateReserved": "2023-05-31T13:51:51.174Z",
1010
"datePublished": "2023-06-13T16:40:44.556Z",
11-
"dateUpdated": "2024-08-02T16:01:54.319Z"
11+
"dateUpdated": "2025-01-03T18:05:40.878Z"
1212
},
1313
"containers": {
1414
"cna": {
@@ -113,6 +113,38 @@
113113
"url": "https://github.com/benjjvi/PyBB/commit/dcaeccd37198ecd3e41ea766d1099354b60d69c2"
114114
}
115115
]
116+
},
117+
{
118+
"metrics": [
119+
{
120+
"other": {
121+
"type": "ssvc",
122+
"content": {
123+
"timestamp": "2025-01-03T18:05:30.954951Z",
124+
"id": "CVE-2023-34249",
125+
"options": [
126+
{
127+
"Exploitation": "none"
128+
},
129+
{
130+
"Automatable": "yes"
131+
},
132+
{
133+
"Technical Impact": "total"
134+
}
135+
],
136+
"role": "CISA Coordinator",
137+
"version": "2.0.3"
138+
}
139+
}
140+
}
141+
],
142+
"title": "CISA ADP Vulnrichment",
143+
"providerMetadata": {
144+
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
145+
"shortName": "CISA-ADP",
146+
"dateUpdated": "2025-01-03T18:05:40.878Z"
147+
}
116148
}
117149
]
118150
}

cves/2024/35xxx/CVE-2024-35365.json

Lines changed: 62 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,62 @@
1+
{
2+
"dataType": "CVE_RECORD",
3+
"cveMetadata": {
4+
"state": "PUBLISHED",
5+
"cveId": "CVE-2024-35365",
6+
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
7+
"assignerShortName": "mitre",
8+
"dateUpdated": "2025-01-03T18:05:27.157890",
9+
"dateReserved": "2024-05-17T00:00:00",
10+
"datePublished": "2025-01-03T00:00:00"
11+
},
12+
"containers": {
13+
"cna": {
14+
"providerMetadata": {
15+
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
16+
"shortName": "mitre",
17+
"dateUpdated": "2025-01-03T18:05:27.157890"
18+
},
19+
"descriptions": [
20+
{
21+
"lang": "en",
22+
"value": "FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function."
23+
}
24+
],
25+
"affected": [
26+
{
27+
"vendor": "n/a",
28+
"product": "n/a",
29+
"versions": [
30+
{
31+
"version": "n/a",
32+
"status": "affected"
33+
}
34+
]
35+
}
36+
],
37+
"references": [
38+
{
39+
"url": "https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/fftools/ffmpeg_mux_init.c#L886"
40+
},
41+
{
42+
"url": "https://github.com/ffmpeg/ffmpeg/commit/ced5c5fdb8634d39ca9472a2026b2d2fea16c4e5"
43+
},
44+
{
45+
"url": "https://gist.github.com/1047524396/d7d4ea8055b75c4a9f9bbcff31d21423"
46+
}
47+
],
48+
"problemTypes": [
49+
{
50+
"descriptions": [
51+
{
52+
"type": "text",
53+
"lang": "en",
54+
"description": "n/a"
55+
}
56+
]
57+
}
58+
]
59+
}
60+
},
61+
"dataVersion": "5.1"
62+
}

cves/2024/36xxx/CVE-2024-36613.json

Lines changed: 62 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,62 @@
1+
{
2+
"dataType": "CVE_RECORD",
3+
"cveMetadata": {
4+
"state": "PUBLISHED",
5+
"cveId": "CVE-2024-36613",
6+
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
7+
"assignerShortName": "mitre",
8+
"dateUpdated": "2025-01-03T18:03:24.158945",
9+
"dateReserved": "2024-05-30T00:00:00",
10+
"datePublished": "2025-01-03T00:00:00"
11+
},
12+
"containers": {
13+
"cna": {
14+
"providerMetadata": {
15+
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
16+
"shortName": "mitre",
17+
"dateUpdated": "2025-01-03T18:03:24.158945"
18+
},
19+
"descriptions": [
20+
{
21+
"lang": "en",
22+
"value": "FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior."
23+
}
24+
],
25+
"affected": [
26+
{
27+
"vendor": "n/a",
28+
"product": "n/a",
29+
"versions": [
30+
{
31+
"version": "n/a",
32+
"status": "affected"
33+
}
34+
]
35+
}
36+
],
37+
"references": [
38+
{
39+
"url": "https://github.com/ffmpeg/ffmpeg/commit/50d8e4f27398fd5778485a827d7a2817921f8540"
40+
},
41+
{
42+
"url": "https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/dxa.c#L125"
43+
},
44+
{
45+
"url": "https://gist.github.com/1047524396/0f4d90ef87553f772f888223085ac806"
46+
}
47+
],
48+
"problemTypes": [
49+
{
50+
"descriptions": [
51+
{
52+
"type": "text",
53+
"lang": "en",
54+
"description": "n/a"
55+
}
56+
]
57+
}
58+
]
59+
}
60+
},
61+
"dataVersion": "5.1"
62+
}

cves/2024/56xxx/CVE-2024-56324.json

Lines changed: 36 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
"assignerShortName": "GitHub_M",
99
"dateReserved": "2024-12-18T23:44:51.604Z",
1010
"datePublished": "2025-01-03T15:56:52.174Z",
11-
"dateUpdated": "2025-01-03T15:56:52.174Z"
11+
"dateUpdated": "2025-01-03T18:05:04.820Z"
1212
},
1313
"containers": {
1414
"cna": {
@@ -103,6 +103,40 @@
103103
"advisory": "GHSA-3w9f-fgr5-5g78",
104104
"discovery": "UNKNOWN"
105105
}
106-
}
106+
},
107+
"adp": [
108+
{
109+
"metrics": [
110+
{
111+
"other": {
112+
"type": "ssvc",
113+
"content": {
114+
"timestamp": "2025-01-03T18:04:54.319891Z",
115+
"id": "CVE-2024-56324",
116+
"options": [
117+
{
118+
"Exploitation": "none"
119+
},
120+
{
121+
"Automatable": "no"
122+
},
123+
{
124+
"Technical Impact": "partial"
125+
}
126+
],
127+
"role": "CISA Coordinator",
128+
"version": "2.0.3"
129+
}
130+
}
131+
}
132+
],
133+
"title": "CISA ADP Vulnrichment",
134+
"providerMetadata": {
135+
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
136+
"shortName": "CISA-ADP",
137+
"dateUpdated": "2025-01-03T18:05:04.820Z"
138+
}
139+
}
140+
]
107141
}
108142
}

0 commit comments

Comments
 (0)