mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-05 10:17:57 +00:00
Update CVE sources 2024-08-17 18:41
This commit is contained in:
0xMarcio
parent
1b4814b643
commit
4588d4f698
@ -13,6 +13,7 @@ distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict acc
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
- https://github.com/4n0nym0u5dk/distccd_rce_CVE-2004-2687
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
- https://github.com/CVEDB/PoC-List
|
||||
|
||||
17
2005/CVE-2005-0525.md
Normal file
17
2005/CVE-2005-0525.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2005-0525](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0525)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a JPEG image with an invalid marker value, which causes a negative length value to be passed to php_stream_seek.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11703
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@ -10,7 +10,7 @@ The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) k
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
- http://www.ubuntu.com/usn/usn-410-1
|
||||
|
||||
#### Github
|
||||
- https://github.com/0xCyberY/CVE-T4PDF
|
||||
|
||||
@ -10,6 +10,7 @@ The unformat_24bit_color function in the format parsing code in Irssi before 0.8
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- http://www.ubuntu.com/usn/USN-3086-1
|
||||
- https://irssi.org/security/irssi_sa_2016.txt
|
||||
|
||||
#### Github
|
||||
|
||||
@ -10,6 +10,7 @@ The format_send_to_gui function in the format parsing code in Irssi before 0.8.2
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- http://www.ubuntu.com/usn/USN-3086-1
|
||||
- https://irssi.org/security/irssi_sa_2016.txt
|
||||
|
||||
#### Github
|
||||
|
||||
@ -11,6 +11,7 @@ Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.
|
||||
|
||||
#### Reference
|
||||
- https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/
|
||||
- https://bugs.ghostscript.com/show_bug.cgi?id=697515
|
||||
|
||||
#### Github
|
||||
- https://github.com/mrash/afl-cve
|
||||
|
||||
@ -10,6 +10,7 @@ The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14,
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://wiki.freepbx.org/display/FOP/2020-03-12+SECURITY%3A+Potential+Rest+Phone+Apps+RCE
|
||||
- https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities
|
||||
|
||||
#### Github
|
||||
|
||||
17
2020/CVE-2020-35842.md
Normal file
17
2020/CVE-2020-35842.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2020-35842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35842)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://kb.netgear.com/000062713/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2019-0015
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@ -56,6 +56,7 @@ XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scriptin
|
||||
- https://github.com/pen4uin/vulnerability-research
|
||||
- https://github.com/pen4uin/vulnerability-research-list
|
||||
- https://github.com/s4dbrd/CVE-2020-9496
|
||||
- https://github.com/securelayer7/CVE-Analysis
|
||||
- https://github.com/sobinge/nuclei-templates
|
||||
- https://github.com/soosmile/POC
|
||||
- https://github.com/tanjiti/sec_profile
|
||||
|
||||
@ -45,6 +45,7 @@ The overlayfs implementation in the linux kernel did not properly validate with
|
||||
- https://github.com/KayCHENvip/vulnerability-poc
|
||||
- https://github.com/Metarget/metarget
|
||||
- https://github.com/Miraitowa70/POC-Notes
|
||||
- https://github.com/Mr-Tree-S/POC_EXP
|
||||
- https://github.com/Mr-xn/Penetration_Testing_POC
|
||||
- https://github.com/N1NJ10/eJPT_Prep
|
||||
- https://github.com/NaInSec/CVE-PoC-in-GitHub
|
||||
|
||||
17
2022/CVE-2022-3399.md
Normal file
17
2022/CVE-2022-3399.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2022-3399](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3399)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cookie_notice_options[refuse_code_head]' parameter in versions up to, and including, 2.4.17.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative privileges and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the injected /wp-admin/admin.php?page=cookie-notice page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
|
||||
@ -12,6 +12,7 @@ A vulnerability was found in Axiomatic Bento4 and classified as problematic. Thi
|
||||
#### Reference
|
||||
- https://github.com/axiomatic-systems/Bento4/files/9675042/Bug_2_POC.zip
|
||||
- https://github.com/axiomatic-systems/Bento4/issues/776
|
||||
- https://vuldb.com/?id.212009
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2022/CVE-2022-3770.md
Normal file
17
2022/CVE-2022-3770.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2022-3770](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3770)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A vulnerability classified as critical was found in Yunjing CMS. This vulnerability affects unknown code of the file /index/user/upload_img.html. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212500.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://vuldb.com/?id.212500
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@ -12,6 +12,7 @@ A vulnerability, which was classified as problematic, has been found in Axiomati
|
||||
#### Reference
|
||||
- https://github.com/axiomatic-systems/Bento4/files/9727048/POC_mp4decrypt_34393864.zip
|
||||
- https://github.com/axiomatic-systems/Bento4/issues/792
|
||||
- https://vuldb.com/?id.212681
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@ -13,5 +13,5 @@ Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.
|
||||
- https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
|
||||
|
||||
@ -40,6 +40,7 @@ Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerabili
|
||||
- https://github.com/Malwareman007/CVE-2023-21768
|
||||
- https://github.com/Mr-xn/Penetration_Testing_POC
|
||||
- https://github.com/Rosayxy/Recreate-cve-2023-21768
|
||||
- https://github.com/SafeBreach-Labs/WindowsDowndate
|
||||
- https://github.com/SamuelTulach/nullmap
|
||||
- https://github.com/SenukDias/OSCP_cheat
|
||||
- https://github.com/SirElmard/ethical_hacking
|
||||
|
||||
@ -33,6 +33,7 @@ All versions of Confluence Data Center and Server are affected by this unexploit
|
||||
- https://github.com/nitish778191/fitness_app
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
- https://github.com/sanjai-AK47/CVE-2023-22518
|
||||
- https://github.com/securelayer7/CVE-Analysis
|
||||
- https://github.com/securitycipher/daily-bugbounty-writeups
|
||||
- https://github.com/tanjiti/sec_profile
|
||||
- https://github.com/thecybertix/One-Liner-Collections
|
||||
|
||||
@ -22,5 +22,6 @@ Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and ea
|
||||
- https://github.com/jakabakos/CVE-2023-26360-adobe-coldfusion-rce-exploit
|
||||
- https://github.com/karimhabush/cyberowl
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
- https://github.com/securelayer7/CVE-Analysis
|
||||
- https://github.com/yosef0x01/CVE-2023-26360
|
||||
|
||||
|
||||
@ -89,6 +89,7 @@ RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user
|
||||
- https://github.com/ruycr4ft/CVE-2023-38831
|
||||
- https://github.com/s4m98/winrar-cve-2023-38831-poc-gen
|
||||
- https://github.com/sadnansakin/Winrar_0-day_RCE_Exploitation
|
||||
- https://github.com/securelayer7/CVE-Analysis
|
||||
- https://github.com/sh770/CVE-2023-38831
|
||||
- https://github.com/solomon12354/VolleyballSquid-----CVE-2023-38831-and-Bypass-UAC
|
||||
- https://github.com/takinrom/nto2024-user4-report
|
||||
|
||||
@ -13,5 +13,5 @@ NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write in loadBMP in bmp
|
||||
- https://github.com/LMP88959/NTSC-CRT/issues/32
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
- https://github.com/DiRaltvein/memory-corruption-examples
|
||||
|
||||
|
||||
@ -17,4 +17,5 @@ PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabl
|
||||
- https://github.com/netlas-io/netlas-dorks
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
- https://github.com/nvn1729/advisories
|
||||
- https://github.com/securelayer7/CVE-Analysis
|
||||
|
||||
|
||||
@ -20,6 +20,7 @@ No PoCs from references.
|
||||
- https://github.com/BrunoiMesquita/DAMN-VULNERABLE-PHP-WEB-APPLICATION
|
||||
- https://github.com/Bulnick/SCode
|
||||
- https://github.com/CapiDeveloper/DVWA
|
||||
- https://github.com/CyReXxD/dvwatest
|
||||
- https://github.com/Cybersecurity-Materials/dvwa
|
||||
- https://github.com/Cybersecurity-test-team/digininja
|
||||
- https://github.com/DHFrisk/Tarea6-DVWA
|
||||
|
||||
17
2023/CVE-2023-41884.md
Normal file
17
2023/CVE-2023-41884.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2023-41884](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41884)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-2qp3-fwpv-mc96
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2023/CVE-2023-42929.md
Normal file
17
2023/CVE-2023-42929.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2023-42929](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42929)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access protected user data.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/beerisgood/macOS_Hardening
|
||||
|
||||
@ -36,6 +36,7 @@ Pre-auth RCE in Apache Ofbiz 18.12.09.It's due to XML-RPC no longer maintained
|
||||
- https://github.com/jakabakos/Apache-OFBiz-Authentication-Bypass
|
||||
- https://github.com/mintoolkit/mint
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
- https://github.com/securelayer7/CVE-Analysis
|
||||
- https://github.com/slimtoolkit/slim
|
||||
- https://github.com/tanjiti/sec_profile
|
||||
- https://github.com/tw0point/BadBizness-CVE-2023-51467
|
||||
|
||||
@ -10,6 +10,7 @@ reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid ses
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/yogeshojha/rengine/security/advisories/GHSA-fx7f-f735-vgh4
|
||||
- https://www.mattz.io/posts/cve-2023-50094/
|
||||
|
||||
#### Github
|
||||
|
||||
@ -1,11 +1,11 @@
|
||||
### [CVE-2023-50569](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50569)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templates_import.php.
|
||||
** REJECT ** DO NOT USE THIS CVE RECORD. Consult IDs: CVE-2023-50250. Reason: This record is a reservation duplicate of CVE-2023-50250. Notes: All CVE users should reference CVE-2023-50250 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.
|
||||
|
||||
### POC
|
||||
|
||||
|
||||
@ -43,6 +43,7 @@ No PoCs from references.
|
||||
- https://github.com/jakabakos/Apache-OFBiz-Authentication-Bypass
|
||||
- https://github.com/murayr/Bizness
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
- https://github.com/securelayer7/CVE-Analysis
|
||||
- https://github.com/tanjiti/sec_profile
|
||||
- https://github.com/tw0point/BadBizness-CVE-2023-51467
|
||||
- https://github.com/txuswashere/OSCP
|
||||
|
||||
17
2023/CVE-2023-5277.md
Normal file
17
2023/CVE-2023-5277.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2023-5277](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5277)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A vulnerability, which was classified as critical, has been found in SourceCodester Engineers Online Portal 1.0. This issue affects some unknown processing of the file student_avatar.php. The manipulation of the argument change leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240905 was assigned to this vulnerability.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://vuldb.com/?id.240905
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@ -13,5 +13,5 @@ Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq pr
|
||||
- https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
|
||||
|
||||
17
2023/CVE-2023-7049.md
Normal file
17
2023/CVE-2023-7049.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2023-7049](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7049)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the 'cm_fieldshow' shortcode due to missing validation on the 'job_id' user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to expose potentially sensitive post metadata.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
|
||||
@ -10,7 +10,7 @@ A vulnerability classified as problematic was found in CodeAstro Simple House Re
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
- https://drive.google.com/file/d/1NHdebIGiV8FybYFGXIqWHjdVGzZCQqAm/view?usp=sharing
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
@ -30,7 +30,7 @@
|
||||
|
||||
### Description
|
||||
|
||||
Summary:Microsoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS), including a subset of Azure Virtual Machine SKUS. This vulnerability enables an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS.Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.This CVE will be updated when the mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.Update: August 13, 2024Microsoft has released the August 2024 security updates that include an opt-in revocation policy mitigation to address this vulnerability. Customers running affected versions of Windows are encouraged to review KB5042562: Guidance for blocking rollback of virtualization-based security related updates to assess if this opt-in policy meets the needs of their environment before implementing this mitigation. There are risks associated with this mitigation that should be understood prior to applying it to your systems. Detailed information about these risks is also available in KB5042562.Details:A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows 10, Windows 11, Windows Server 2016, and higher based systems including Azure Virtual Machines (VM) that support VBS. For more information on Windows versions and VM SKUs supporting VBS, reference: Virtualization-based Security (VBS) | Microsoft Learn.The vulnerability enables an attacker with administrator privileges on the target system to replace current Windows system files with outdated versions. Successful exploitation provides an attacker with the ability to reintroduce previously mitigated vulnerabilities, circumvent VBS security features, and exfiltrate data protected by VBS.Microsoft is developing a security update that will revoke outdated, unpatched VBS system files to mitigate this vulnerability, but it is not yet available. Due to the complexity of blocking such a large quantity of files, rigorous testing is required to avoid integration failures or regressions. This CVE will be updated with new information and links to the security updates once available. For more information see Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response CenterMicrosoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems.Recommended Actions:Microsoft has released an opt-in mitigation available as an interim solution to help protect customers concerned about this vulnerability until the final mitigation is available in a security update.For Windows 10 1809 and later, Windows 11 version 21H2 and later, and Windows Server 2019 and later, administrators can deploy a Microsoft-signed revocation policy (SkuSiPolicy.p7b) to block vulnerable, unpatched versions of VBS system files from being loaded by the operating system. For more information, refer to KB5042562: Guidance for blocking rollback of virtualization-based security related...
|
||||
Summary:Microsoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS), including a subset of Azure Virtual Machine SKUS. This vulnerability enables an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS.Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.This CVE will be updated when the mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.Update: August 13, 2024Microsoft has released the August 2024 security updates that include an opt-in revocation policy mitigation to address this vulnerability. Customers running affected versions of Windows are encouraged to review KB5042562: Guidance for blocking rollback of virtualization-based security related updates to assess if this opt-in policy meets the needs of their environment before implementing this mitigation. There are risks associated with this mitigation that should be understood prior to applying it to your systems. Detailed information about these risks is also available in KB5042562.Details:A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows 10, Windows 11, Windows Server 2016, and higher based systems including Azure Virtual Machines (VM) that support VBS. For more information on Windows versions and VM SKUs supporting VBS, reference: Virtualization-based Security (VBS) | Microsoft Learn.The vulnerability enables an attacker with administrator privileges on the target system to replace current Windows system files with outdated versions. Successful exploitation provides an attacker with the ability to reintroduce previously mitigated vulnerabilities, circumvent VBS security features, and exfiltrate data protected by VBS.Microsoft is developing a security update that will revoke outdated, unpatched VBS system files to mitigate this...
|
||||
|
||||
### POC
|
||||
|
||||
|
||||
19
2024/CVE-2024-2175.md
Normal file
19
2024/CVE-2024-2175.md
Normal file
@ -0,0 +1,19 @@
|
||||
### [CVE-2024-2175](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2175)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An insecure permissions vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
@ -14,4 +14,5 @@ No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
- https://github.com/uthrasri/frameworks_base_CVE-2024-23705
|
||||
|
||||
|
||||
@ -75,6 +75,7 @@ Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of
|
||||
- https://github.com/quentin33980/ToolBox-qgt
|
||||
- https://github.com/raheel0x01/CVE-2024-23897
|
||||
- https://github.com/sampsonv/github-trending
|
||||
- https://github.com/securelayer7/CVE-Analysis
|
||||
- https://github.com/securitycipher/daily-bugbounty-writeups
|
||||
- https://github.com/stevenvegar/Jenkins_scripts
|
||||
- https://github.com/tanjiti/sec_profile
|
||||
|
||||
@ -15,5 +15,6 @@ No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/Threekiii/CVE
|
||||
- https://github.com/securelayer7/CVE-Analysis
|
||||
- https://github.com/tanjiti/sec_profile
|
||||
|
||||
|
||||
@ -15,10 +15,12 @@ No PoCs from references.
|
||||
#### Github
|
||||
- https://github.com/Ostorlab/KEV
|
||||
- https://github.com/Zeyad-Azima/CVE-2024-27348
|
||||
- https://github.com/apiverve/news-API
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
- https://github.com/jakabakos/CVE-2024-27348-Apache-HugeGraph-RCE
|
||||
- https://github.com/kljunowsky/CVE-2024-27348
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
- https://github.com/securelayer7/CVE-Analysis
|
||||
- https://github.com/wjlin0/poc-doc
|
||||
- https://github.com/wy876/POC
|
||||
- https://github.com/wy876/wiki
|
||||
|
||||
17
2024/CVE-2024-31798.md
Normal file
17
2024/CVE-2024-31798.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-31798](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31798)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to retrieve the root password for all similar devices
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-31799.md
Normal file
17
2024/CVE-2024-31799.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-31799](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31799)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to read the WiFi passphrase via the UART Debugging Port.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-31800.md
Normal file
17
2024/CVE-2024-31800.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-31800](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31800)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell via the UART Debugging Port.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@ -10,7 +10,7 @@ XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 a
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
- https://www.vicarius.io/vsociety/posts/xwiki-rce-cve-2024-31982
|
||||
|
||||
#### Github
|
||||
- https://github.com/Ostorlab/KEV
|
||||
|
||||
17
2024/CVE-2024-34737.md
Normal file
17
2024/CVE-2024-34737.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-34737](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34737)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In ensureSetPipAspectRatioQuotaTracker of ActivityClientController.java, there is a possible way to generate unmovable and undeletable pip windows due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://android.googlesource.com/platform/frameworks/base/+/8b473b3f79642f42eeeffbfe572df6c6cbe9d79e
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@ -14,5 +14,6 @@ Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. User
|
||||
- https://packetstormsecurity.com/files/179106/Payroll-Management-System-1.0-Remote-Code-Execution.html
|
||||
|
||||
#### Github
|
||||
- https://github.com/ShellUnease/CVE-2024-34833-payroll-management-system-rce
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
|
||||
|
||||
18
2024/CVE-2024-35775.md
Normal file
18
2024/CVE-2024-35775.md
Normal file
@ -0,0 +1,18 @@
|
||||
### [CVE-2024-35775](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35775)
|
||||
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Authentication vulnerability in Soliloquy Team Slider by Soliloquy allows Cross-Site Scripting (XSS).This issue affects Slider by Soliloquy: from n/a through 2.7.6.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
|
||||
@ -17,6 +17,7 @@ GeoServer is an open source server that allows users to share and edit geospatia
|
||||
#### Github
|
||||
- https://github.com/Co5mos/nuclei-tps
|
||||
- https://github.com/Mr-xn/CVE-2024-36401
|
||||
- https://github.com/Mr-xn/Penetration_Testing_POC
|
||||
- https://github.com/Ostorlab/KEV
|
||||
- https://github.com/Threekiii/Awesome-POC
|
||||
- https://github.com/Threekiii/CVE
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
|
||||
### Description
|
||||
|
||||
Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was discovered to contain a write-what-where condition in the in the SW handler for SMI 0xE3.
|
||||
Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was discovered to contain a write-what-where condition in the in the SW handler for SMI 0xE3. Motherboard's with the following chipsets are affected: Intel 300, Intel 400, Intel 500, Intel 600, Intel 700, AMD 300, AMD 400, AMD 500, AMD 600 and AMD 700.
|
||||
|
||||
### POC
|
||||
|
||||
|
||||
18
2024/CVE-2024-37090.md
Normal file
18
2024/CVE-2024-37090.md
Normal file
@ -0,0 +1,18 @@
|
||||
### [CVE-2024-37090](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37090)
|
||||
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Masterstudy Elementor Widgets, StylemixThemes Consulting Elementor Widgets.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2; Consulting Elementor Widgets: from n/a through 1.3.0.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-37091.md
Normal file
17
2024/CVE-2024-37091.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-37091](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37091)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-37513.md
Normal file
17
2024/CVE-2024-37513.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-37513](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37513)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows Path Traversal.This issue affects WPCafe: from n/a through 2.2.27.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-37924.md
Normal file
17
2024/CVE-2024-37924.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-37924](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37924)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wp2speed WP2Speed Faster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP2Speed Faster: from n/a through 1.0.1.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
|
||||
17
2024/CVE-2024-37952.md
Normal file
17
2024/CVE-2024-37952.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-37952](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37952)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Improper Privilege Management vulnerability in themeenergy BookYourTravel allows Privilege Escalation.This issue affects BookYourTravel: from n/a through 8.18.17.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
@ -54,5 +54,6 @@ No PoCs from references.
|
||||
#### Github
|
||||
- https://github.com/being1943/my_rss_reader
|
||||
- https://github.com/kherrick/hacker-news
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
- https://github.com/zhaoolee/garss
|
||||
|
||||
|
||||
@ -43,5 +43,6 @@ Windows MSHTML Platform Spoofing Vulnerability
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/apiverve/news-API
|
||||
- https://github.com/thepcn3rd/goAdventures
|
||||
|
||||
|
||||
17
2024/CVE-2024-38123.md
Normal file
17
2024/CVE-2024-38123.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-38123](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38123)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Windows Bluetooth Driver Information Disclosure Vulnerability
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
56
2024/CVE-2024-38125.md
Normal file
56
2024/CVE-2024-38125.md
Normal file
@ -0,0 +1,56 @@
|
||||
### [CVE-2024-38125](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38125)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
&color=blue)
|
||||
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
45
2024/CVE-2024-38126.md
Normal file
45
2024/CVE-2024-38126.md
Normal file
@ -0,0 +1,45 @@
|
||||
### [CVE-2024-38126](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38126)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Windows Network Address Translation (NAT) Denial of Service Vulnerability
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
52
2024/CVE-2024-38127.md
Normal file
52
2024/CVE-2024-38127.md
Normal file
@ -0,0 +1,52 @@
|
||||
### [CVE-2024-38127](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38127)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
&color=blue)
|
||||
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Windows Hyper-V Elevation of Privilege Vulnerability
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
39
2024/CVE-2024-38128.md
Normal file
39
2024/CVE-2024-38128.md
Normal file
@ -0,0 +1,39 @@
|
||||
### [CVE-2024-38128](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38128)
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
&color=blue)
|
||||
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
56
2024/CVE-2024-38130.md
Normal file
56
2024/CVE-2024-38130.md
Normal file
@ -0,0 +1,56 @@
|
||||
### [CVE-2024-38130](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38130)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
&color=blue)
|
||||
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
58
2024/CVE-2024-38131.md
Normal file
58
2024/CVE-2024-38131.md
Normal file
@ -0,0 +1,58 @@
|
||||
### [CVE-2024-38131](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38131)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
&color=blue)
|
||||
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Clipboard Virtual Channel Extension Remote Code Execution Vulnerability
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
45
2024/CVE-2024-38132.md
Normal file
45
2024/CVE-2024-38132.md
Normal file
@ -0,0 +1,45 @@
|
||||
### [CVE-2024-38132](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38132)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Windows Network Address Translation (NAT) Denial of Service Vulnerability
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
36
2024/CVE-2024-38133.md
Normal file
36
2024/CVE-2024-38133.md
Normal file
@ -0,0 +1,36 @@
|
||||
### [CVE-2024-38133](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38133)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Windows Kernel Elevation of Privilege Vulnerability
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
36
2024/CVE-2024-38136.md
Normal file
36
2024/CVE-2024-38136.md
Normal file
@ -0,0 +1,36 @@
|
||||
### [CVE-2024-38136](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38136)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
33
2024/CVE-2024-38137.md
Normal file
33
2024/CVE-2024-38137.md
Normal file
@ -0,0 +1,33 @@
|
||||
### [CVE-2024-38137](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38137)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
&color=blue)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
42
2024/CVE-2024-38143.md
Normal file
42
2024/CVE-2024-38143.md
Normal file
@ -0,0 +1,42 @@
|
||||
### [CVE-2024-38143](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38143)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
|
||||
22
2024/CVE-2024-38189.md
Normal file
22
2024/CVE-2024-38189.md
Normal file
@ -0,0 +1,22 @@
|
||||
### [CVE-2024-38189](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38189)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Microsoft Project Remote Code Execution Vulnerability
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
@ -18,7 +18,7 @@
|
||||
|
||||
### Description
|
||||
|
||||
SummaryMicrosoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful.Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.This CVE will be updated, and customers will be notified when the official mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.DetailsA security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Update potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability.Microsoft is developing a security update that will mitigate this vulnerability, but it is not yet available. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center.Microsoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems.Recommended ActionsThe following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update is available.Configure “Audit Object Access” settings to monitor attempts to access files, such as handle creation, read / write operations, or modifications to security descriptors.Audit File System - Windows 10 | Microsoft LearnApply a basic audit policy on a file or folder - Windows 10 | Microsoft LearnAudit users with permission to perform Update and Restore operations to ensure only the appropriate users can perform these operations.Audit: Audit the use of Backup and Restore privilege (Windows 10) - Windows 10 | Microsoft LearnImplement an Access Control List or Discretionary Access Control Lists to restrict the access or modification of Update files and perform Restore operations to appropriate users, for example administrators only.Access Control overview | Microsoft LearnDiscretionary Access Control Lists (DACL)Auditing sensitive privileges used to identify access, modification, or replacement of Update related files could help indicate attempts to exploit this vulnerability.Audit Sensitive Privilege Use - Windows 10 | Microsoft Learn
|
||||
SummaryMicrosoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful.Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.This CVE will be updated, and customers will be notified when the official mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.DetailsA security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Update potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability.Microsoft is developing a security update that will mitigate this vulnerability, but it is not yet available. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center.Microsoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems.Recommended ActionsThe following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update...
|
||||
|
||||
### POC
|
||||
|
||||
|
||||
@ -13,5 +13,5 @@ A command-injection issue in the Certificate Signing Request (CSR) functionality
|
||||
- https://github.com/google/security-research/security/advisories/GHSA-gx6g-8mvx-3q5c
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
|
||||
|
||||
@ -13,5 +13,5 @@ NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request F
|
||||
- https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web/security/advisories/GHSA-gph5-rx77-3pjg
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
|
||||
|
||||
@ -13,5 +13,6 @@ Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Code
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
|
||||
17
2024/CVE-2024-39708.md
Normal file
17
2024/CVE-2024-39708.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-39708](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39708)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manager) before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory (used by .NET Shadow Copies) such that privilege escalation can occur if the core agent service loads that file.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://www.cyberark.com/resources/threat-research-blog/identity-crisis-the-curious-case-of-a-delinea-local-privilege-escalation-vulnerability
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-40336.md
Normal file
17
2024/CVE-2024-40336.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-40336](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40336)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
idccms v1.35 is vulnerable to Cross Site Scripting (XSS) within the 'Image Advertising Management.'
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/Tank992/cms/blob/main/73/readme.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-41264.md
Normal file
17
2024/CVE-2024-41264.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-41264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41264)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue discovered in casdoor v1.636.0 allows attackers to obtain sensitive information via the ssh.InsecureIgnoreHostKey() method.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42299.md
Normal file
17
2024/CVE-2024-42299.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42299](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42299)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In the Linux kernel, the following vulnerability has been resolved:fs/ntfs3: Update log->page_{mask,bits} if log->page_size changedIf an NTFS file system is mounted to another system with differentPAGE_SIZE from the original system, log->page_size will change inlog_replay(), but log->page_{mask,bits} don't change correspondingly.This will cause a panic because "u32 bytes = log->page_size - page_off"will get a negative value in the later read_log_page().
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42300.md
Normal file
17
2024/CVE-2024-42300.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42300](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42300)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In the Linux kernel, the following vulnerability has been resolved:erofs: fix race in z_erofs_get_gbuf()In z_erofs_get_gbuf(), the current task may be migrated to anotherCPU between `z_erofs_gbuf_id()` and `spin_lock(&gbuf->lock)`.Therefore, z_erofs_put_gbuf() will trigger the following issuewhich was found by stress test:<2>[772156.434168] kernel BUG at fs/erofs/zutil.c:58!..<4>[772156.435007]<4>[772156.439237] CPU: 0 PID: 3078 Comm: stress Kdump: loaded Tainted: G E 6.10.0-rc7+ #2<4>[772156.439239] Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 1.0.0 01/01/2017<4>[772156.439241] pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)<4>[772156.439243] pc : z_erofs_put_gbuf+0x64/0x70 [erofs]<4>[772156.439252] lr : z_erofs_lz4_decompress+0x600/0x6a0 [erofs]..<6>[772156.445958] stress (3127): drop_caches: 1<4>[772156.446120] Call trace:<4>[772156.446121] z_erofs_put_gbuf+0x64/0x70 [erofs]<4>[772156.446761] z_erofs_lz4_decompress+0x600/0x6a0 [erofs]<4>[772156.446897] z_erofs_decompress_queue+0x740/0xa10 [erofs]<4>[772156.447036] z_erofs_runqueue+0x428/0x8c0 [erofs]<4>[772156.447160] z_erofs_readahead+0x224/0x390 [erofs]..
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42301.md
Normal file
17
2024/CVE-2024-42301.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42301](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42301)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In the Linux kernel, the following vulnerability has been resolved:dev/parport: fix the array out-of-bounds riskFixed array out-of-bounds issues caused by sprintfby replacing it with snprintf for safer data copying,ensuring the destination buffer is not overflowed.Below is the stack trace I encountered during the actual issue:[ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector:Kernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport][ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm:QThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2[ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp[ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYunPGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024[ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace:[ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0[ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20[ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c[ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc[ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38[ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport]
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42302.md
Normal file
17
2024/CVE-2024-42302.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42302](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42302)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In the Linux kernel, the following vulnerability has been resolved:PCI/DPC: Fix use-after-free on concurrent DPC and hot-removalKeith reports a use-after-free when a DPC event occurs concurrently tohot-removal of the same portion of the hierarchy:The dpc_handler() awaits readiness of the secondary bus below theDownstream Port where the DPC event occurred. To do so, it polls theconfig space of the first child device on the secondary bus. If thatchild device is concurrently removed, accesses to its struct pci_devcause the kernel to oops.That's because pci_bridge_wait_for_secondary_bus() neglects to hold areference on the child device. Before v6.3, the function was onlycalled on resume from system sleep or on runtime resume. Holding areference wasn't necessary back then because the pciehp IRQ threadcould never run concurrently. (On resume from system sleep, IRQs arenot enabled until after the resume_noirq phase. And runtime resume isalways awaited before a PCI device is removed.)However starting with v6.3, pci_bridge_wait_for_secondary_bus() is alsocalled on a DPC event. Commit 53b54ad074de ("PCI/DPC: Await readinessof secondary bus after reset"), which introduced that, failed toappreciate that pci_bridge_wait_for_secondary_bus() now needs to hold areference on the child device because dpc_handler() and pciehp mayindeed run concurrently. The commit was backported to v5.10+ stablekernels, so that's the oldest one affected.Add the missing reference acquisition.Abridged stack trace: BUG: unable to handle page fault for address: 00000000091400c0 CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0 RIP: pci_bus_read_config_dword+0x17/0x50 pci_dev_wait() pci_bridge_wait_for_secondary_bus() dpc_reset_link() pcie_do_recovery() dpc_handler()
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42303.md
Normal file
17
2024/CVE-2024-42303.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42303](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42303)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In the Linux kernel, the following vulnerability has been resolved:media: imx-pxp: Fix ERR_PTR dereference in pxp_probe()devm_regmap_init_mmio() can fail, add a check and bail out in case oferror.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42304.md
Normal file
17
2024/CVE-2024-42304.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42304](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42304)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In the Linux kernel, the following vulnerability has been resolved:ext4: make sure the first directory block is not a holeThe syzbot constructs a directory that has no dirblock but is non-inline,i.e. the first directory block is a hole. And no errors are reported whencreating files in this directory in the following flow. ext4_mknod ... ext4_add_entry // Read block 0 ext4_read_dirblock(dir, block, DIRENT) bh = ext4_bread(NULL, inode, block, 0) if (!bh && (type == INDEX || type == DIRENT_HTREE)) // The first directory block is a hole // But type == DIRENT, so no error is reported.After that, we get a directory block without '.' and '..' but with a validdentry. This may cause some code that relies on dot or dotdot (such asmake_indexed_dir()) to crash.Therefore when ext4_read_dirblock() finds that the first directory blockis a hole report that the filesystem is corrupted and return an error toavoid loading corrupted data from disk causing something bad.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42305.md
Normal file
17
2024/CVE-2024-42305.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42305](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42305)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In the Linux kernel, the following vulnerability has been resolved:ext4: check dot and dotdot of dx_root before making dir indexedSyzbot reports a issue as follows:============================================BUG: unable to handle page fault for address: ffffed11022e24fePGD 23ffee067 P4D 23ffee067 PUD 0Oops: Oops: 0000 [#1] PREEMPT SMP KASAN PTICPU: 0 PID: 5079 Comm: syz-executor306 Not tainted 6.10.0-rc5-g55027e689933 #0Call Trace: <TASK> make_indexed_dir+0xdaf/0x13c0 fs/ext4/namei.c:2341 ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2451 ext4_rename fs/ext4/namei.c:3936 [inline] ext4_rename2+0x26e5/0x4370 fs/ext4/namei.c:4214[...]============================================The immediate cause of this problem is that there is only one valid dentryfor the block to be split during do_split, so split==0 results in out ofbounds accesses to the map triggering the issue. do_split unsigned split dx_make_map count = 1 split = count/2 = 0; continued = hash2 == map[split - 1].hash; ---> map[4294967295]The maximum length of a filename is 255 and the minimum block size is 1024,so it is always guaranteed that the number of entries is greater than orequal to 2 when do_split() is called.But syzbot's crafted image has no dot and dotdot in dir, and the dentrydistribution in dirblock is as follows: bus dentry1 hole dentry2 free|xx--|xx-------------|...............|xx-------------|...............|0 12 (8+248)=256 268 256 524 (8+256)=264 788 236 1024So when renaming dentry1 increases its name_len length by 1, neither holenor free is sufficient to hold the new dentry, and make_indexed_dir() iscalled.In make_indexed_dir() it is assumed that the first two entries of thedirblock must be dot and dotdot, so bus and dentry1 are left in dx_rootbecause they are treated as dot and dotdot, and only dentry2 is movedto the new leaf block. That's why count is equal to 1.Therefore add the ext4_check_dx_root() helper function to add more sanitychecks to dot and dotdot before starting the conversion to avoid the aboveissue.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42306.md
Normal file
17
2024/CVE-2024-42306.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42306](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42306)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In the Linux kernel, the following vulnerability has been resolved:udf: Avoid using corrupted block bitmap bufferWhen the filesystem block bitmap is corrupted, we detect the corruptionwhile loading the bitmap and fail the allocation with error. However thenext allocation from the same bitmap will notice the bitmap buffer isalready loaded and tries to allocate from the bitmap with mixed results(depending on the exact nature of the bitmap corruption). Fix theproblem by using BH_verified bit to indicate whether the bitmap is validor not.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42307.md
Normal file
17
2024/CVE-2024-42307.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42307](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42307)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In the Linux kernel, the following vulnerability has been resolved:cifs: fix potential null pointer use in destroy_workqueue in init_cifs error pathDan Carpenter reported a Smack static checker warning: fs/smb/client/cifsfs.c:1981 init_cifs() error: we previously assumed 'serverclose_wq' could be null (see line 1895)The patch which introduced the serverclose workqueue used the wrongoredering in error paths in init_cifs() for freeing it on errors.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42308.md
Normal file
17
2024/CVE-2024-42308.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42308](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42308)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Check for NULL pointer[why & how]Need to make sure plane_state is initializedbefore accessing its members.(cherry picked from commit 295d91cbc700651782a60572f83c24861607b648)
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42309.md
Normal file
17
2024/CVE-2024-42309.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42309](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42309)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In the Linux kernel, the following vulnerability has been resolved:drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modesIn psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() isassigned to mode, which will lead to a possible NULL pointer dereferenceon failure of drm_mode_duplicate(). Add a check to avoid npd.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42310.md
Normal file
17
2024/CVE-2024-42310.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42310](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42310)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In the Linux kernel, the following vulnerability has been resolved:drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modesIn cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate()is assigned to mode, which will lead to a NULL pointer dereference onfailure of drm_mode_duplicate(). Add a check to avoid npd.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42311.md
Normal file
17
2024/CVE-2024-42311.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42311](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42311)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In the Linux kernel, the following vulnerability has been resolved:hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()Syzbot reports uninitialized value access issue as below:loop0: detected capacity change from 0 to 64=====================================================BUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30 hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30 d_revalidate fs/namei.c:862 [inline] lookup_fast+0x89e/0x8e0 fs/namei.c:1649 walk_component fs/namei.c:2001 [inline] link_path_walk+0x817/0x1480 fs/namei.c:2332 path_lookupat+0xd9/0x6f0 fs/namei.c:2485 filename_lookup+0x22e/0x740 fs/namei.c:2515 user_path_at_empty+0x8b/0x390 fs/namei.c:2924 user_path_at include/linux/namei.h:57 [inline] do_mount fs/namespace.c:3689 [inline] __do_sys_mount fs/namespace.c:3898 [inline] __se_sys_mount+0x66b/0x810 fs/namespace.c:3875 __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6bBUG: KMSAN: uninit-value in hfs_ext_read_extent fs/hfs/extent.c:196 [inline]BUG: KMSAN: uninit-value in hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366 hfs_ext_read_extent fs/hfs/extent.c:196 [inline] hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366 block_read_full_folio+0x4ff/0x11b0 fs/buffer.c:2271 hfs_read_folio+0x55/0x60 fs/hfs/inode.c:39 filemap_read_folio+0x148/0x4f0 mm/filemap.c:2426 do_read_cache_folio+0x7c8/0xd90 mm/filemap.c:3553 do_read_cache_page mm/filemap.c:3595 [inline] read_cache_page+0xfb/0x2f0 mm/filemap.c:3604 read_mapping_page include/linux/pagemap.h:755 [inline] hfs_btree_open+0x928/0x1ae0 fs/hfs/btree.c:78 hfs_mdb_get+0x260c/0x3000 fs/hfs/mdb.c:204 hfs_fill_super+0x1fb1/0x2790 fs/hfs/super.c:406 mount_bdev+0x628/0x920 fs/super.c:1359 hfs_mount+0xcd/0xe0 fs/hfs/super.c:456 legacy_get_tree+0x167/0x2e0 fs/fs_context.c:610 vfs_get_tree+0xdc/0x5d0 fs/super.c:1489 do_new_mount+0x7a9/0x16f0 fs/namespace.c:3145 path_mount+0xf98/0x26a0 fs/namespace.c:3475 do_mount fs/namespace.c:3488 [inline] __do_sys_mount fs/namespace.c:3697 [inline] __se_sys_mount+0x919/0x9e0 fs/namespace.c:3674 __ia32_sys_mount+0x15b/0x1b0 fs/namespace.c:3674 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82Uninit was created at: __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590 __alloc_pages_node include/linux/gfp.h:238 [inline] alloc_pages_node include/linux/gfp.h:261 [inline] alloc_slab_page mm/slub.c:2190 [inline] allocate_slab mm/slub.c:2354 [inline] new_slab+0x2d7/0x1400 mm/slub.c:2407 ___slab_alloc+0x16b5/0x3970 mm/slub.c:3540 __slab_alloc mm/slub.c:3625 [inline] __slab_alloc_node mm/slub.c:3678 [inline] slab_alloc_node mm/slub.c:3850 [inline] kmem_cache_alloc_lru+0x64d/0xb30 mm/slub.c:3879 alloc_inode_sb include/linux/fs.h:3018 [inline] hfs_alloc_inode+0x5a/0xc0 fs/hfs/super.c:165 alloc_inode+0x83/0x440 fs/inode.c:260 new_inode_pseudo fs/inode.c:1005 [inline] new_inode+0x38/0x4f0 fs/inode.c:1031 hfs_new_inode+0x61/0x1010 fs/hfs/inode.c:186 hfs_mkdir+0x54/0x250 fs/hfs/dir.c:228 vfs_mkdir+0x49a/0x700 fs/namei.c:4126 do_mkdirat+0x529/0x810 fs/namei.c:4149 __do_sys_mkdirat fs/namei.c:4164 [inline] __se_sys_mkdirat fs/namei.c:4162 [inline] __x64_sys_mkdirat+0xc8/0x120 fs/namei.c:4162 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6bIt missed to initialize .tz_secondswest, .cached_start and .cached_blocksfields in struct hfs_inode_info after hfs_alloc_inode(), fix it.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42312.md
Normal file
17
2024/CVE-2024-42312.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42312](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42312)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In the Linux kernel, the following vulnerability has been resolved:sysctl: always initialize i_uid/i_gidAlways initialize i_uid/i_gid inside the sysfs core so set_ownership()can safely skip setting them.Commit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values ofi_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid whenset_ownership() was not implemented. It also missed adjustingnet_ctl_set_ownership() to use the same default values in case thecomputation of a better value failed.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42313.md
Normal file
17
2024/CVE-2024-42313.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42313](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42313)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In the Linux kernel, the following vulnerability has been resolved:media: venus: fix use after free in vdec_closeThere appears to be a possible use after free with vdec_close().The firmware will add buffer release work to the work queue throughHFI callbacks as a normal part of decoding. Randomly closing thedecoder device from userspace during normal decoding can incura read after free for inst.Fix it by cancelling the work in vdec_close.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42314.md
Normal file
17
2024/CVE-2024-42314.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42314)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In the Linux kernel, the following vulnerability has been resolved:btrfs: fix extent map use-after-free when adding pages to compressed bioAt add_ra_bio_pages() we are accessing the extent map to calculate'add_size' after we dropped our reference on the extent map, resultingin a use-after-free. Fix this by computing 'add_size' before dropping ourextent map reference.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42315.md
Normal file
17
2024/CVE-2024-42315.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42315](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42315)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In the Linux kernel, the following vulnerability has been resolved:exfat: fix potential deadlock on __exfat_get_dentry_setWhen accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-arrayis allocated in __exfat_get_entry_set. The problem is that the bh-array isallocated with GFP_KERNEL. It does not make sense. In the following cases,a deadlock for sbi->s_lock between the two processes may occur. CPU0 CPU1 ---- ---- kswapd balance_pgdat lock(fs_reclaim) exfat_iterate lock(&sbi->s_lock) exfat_readdir exfat_get_uniname_from_ext_entry exfat_get_dentry_set __exfat_get_dentry_set kmalloc_array ... lock(fs_reclaim) ... evict exfat_evict_inode lock(&sbi->s_lock)To fix this, let's allocate bh-array with GFP_NOFS.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42316.md
Normal file
17
2024/CVE-2024-42316.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42316](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42316)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In the Linux kernel, the following vulnerability has been resolved:mm/mglru: fix div-by-zero in vmpressure_calc_level()evict_folios() uses a second pass to reclaim folios that have gone throughpage writeback and become clean before it finishes the first pass, sincefolio_rotate_reclaimable() cannot handle those folios due to theisolation.The second pass tries to avoid potential double counting by deductingscan_control->nr_scanned. However, this can result in underflow ofnr_scanned, under a condition where shrink_folio_list() does not incrementnr_scanned, i.e., when folio_trylock() fails.The underflow can cause the divisor, i.e., scale=scanned+reclaimed invmpressure_calc_level(), to become zero, resulting in the following crash: [exception RIP: vmpressure_work_fn+101] process_one_work at ffffffffa3313f2bSince scan_control->nr_scanned has no established semantics, the potentialdouble counting has minimal risks. Therefore, fix the problem by notdeducting scan_control->nr_scanned in evict_folios().
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42317.md
Normal file
17
2024/CVE-2024-42317.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42317](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42317)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In the Linux kernel, the following vulnerability has been resolved:mm/huge_memory: avoid PMD-size page cache if neededxarray can't support arbitrary page cache size. the largest and supportedpage cache size is defined as MAX_PAGECACHE_ORDER by commit 099d90642a71("mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray"). However,it's possible to have 512MB page cache in the huge memory's collapsingpath on ARM64 system whose base page size is 64KB. 512MB page cache isbreaking the limitation and a warning is raised when the xarray entry issplit as shown in the following example.[root@dhcp-10-26-1-207 ~]# cat /proc/1/smaps | grep KernelPageSizeKernelPageSize: 64 kB[root@dhcp-10-26-1-207 ~]# cat /tmp/test.c :int main(int argc, char **argv){ const char *filename = TEST_XFS_FILENAME; int fd = 0; void *buf = (void *)-1, *p; int pgsize = getpagesize(); int ret = 0; if (pgsize != 0x10000) { fprintf(stdout, "System with 64KB base page size is required!\n"); return -EPERM; } system("echo 0 > /sys/devices/virtual/bdi/253:0/read_ahead_kb"); system("echo 1 > /proc/sys/vm/drop_caches"); /* Open the xfs file */ fd = open(filename, O_RDONLY); assert(fd > 0); /* Create VMA */ buf = mmap(NULL, TEST_MEM_SIZE, PROT_READ, MAP_SHARED, fd, 0); assert(buf != (void *)-1); fprintf(stdout, "mapped buffer at 0x%p\n", buf); /* Populate VMA */ ret = madvise(buf, TEST_MEM_SIZE, MADV_NOHUGEPAGE); assert(ret == 0); ret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_READ); assert(ret == 0); /* Collapse VMA */ ret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE); assert(ret == 0); ret = madvise(buf, TEST_MEM_SIZE, MADV_COLLAPSE); if (ret) { fprintf(stdout, "Error %d to madvise(MADV_COLLAPSE)\n", errno); goto out; } /* Split xarray entry. Write permission is needed */ munmap(buf, TEST_MEM_SIZE); buf = (void *)-1; close(fd); fd = open(filename, O_RDWR); assert(fd > 0); fallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE, TEST_MEM_SIZE - pgsize, pgsize);out: if (buf != (void *)-1) munmap(buf, TEST_MEM_SIZE); if (fd > 0) close(fd); return ret;}[root@dhcp-10-26-1-207 ~]# gcc /tmp/test.c -o /tmp/test[root@dhcp-10-26-1-207 ~]# /tmp/test ------------[ cut here ]------------ WARNING: CPU: 25 PID: 7560 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \ nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \ nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \ ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse \ xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 virtio_net \ sha1_ce net_failover virtio_blk virtio_console failover dimlib virtio_mmio CPU: 25 PID: 7560 Comm: test Kdump: loaded Not tainted 6.10.0-rc7-gavin+ #9 Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : xas_split_alloc+0xf8/0x128 lr : split_huge_page_to_list_to_order+0x1c4/0x780 sp : ffff8000ac32f660 x29: ffff8000ac32f660 x28: ffff0000e0969eb0 x27: ffff8000ac32f6c0 x26: 0000000000000c40 x25: ffff0000e0969eb0 x24: 000000000000000d x23: ffff8000ac32f6c0 x22: ffffffdfc0700000 x21: 0000000000000000 x20: 0000000000000000 x19: ffffffdfc0700000 x18: 0000000000000000 x17: 0000000000000000 x16: ffffd5f3708ffc70 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: ffffffffffffffc0 x10: 0000000000000040 x9 : ffffd5f3708e692c x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff0000e0969eb8 x5 : ffffd5f37289e378 x4 : 0000000000000000 x3 : 0000000000000c40 x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000 Call trace: xas_split_alloc+0xf8/0x128 split_huge_page_to_list_to_order+0x1c4/0x780 truncate_inode_partial_folio+0xdc/0x160 truncate_inode_pages_range+0x1b4/0x4a8 truncate_pagecache_range+0x84/0xa---truncated---
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42318.md
Normal file
17
2024/CVE-2024-42318.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42318](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42318)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In the Linux kernel, the following vulnerability has been resolved:landlock: Don't lose track of restrictions on cred_transferWhen a process' cred struct is replaced, this _almost_ always invokesthe cred_prepare LSM hook; but in one special case (whenKEYCTL_SESSION_TO_PARENT updates the parent's credentials), thecred_transfer LSM hook is used instead. Landlock only implements thecred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causesall information on Landlock restrictions to be lost.This basically means that a process with the ability to use the fork()and keyctl() syscalls can get rid of all Landlock restrictions onitself.Fix it by adding a cred_transfer hook that does the same thing as theexisting cred_prepare hook. (Implemented by having hook_cred_prepare()call hook_cred_transfer() so that the two functions are less likely toaccidentally diverge in the future.)
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42319.md
Normal file
17
2024/CVE-2024-42319.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42319](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42319)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In the Linux kernel, the following vulnerability has been resolved:mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()When mtk-cmdq unbinds, a WARN_ON message with conditionpm_runtime_get_sync() < 0 occurs.According to the call tracei below: cmdq_mbox_shutdown mbox_free_channel mbox_controller_unregister __devm_mbox_controller_unregister ...The root cause can be deduced to be calling pm_runtime_get_sync() aftercalling pm_runtime_disable() as observed below:1. CMDQ driver uses devm_mbox_controller_register() in cmdq_probe() to bind the cmdq device to the mbox_controller, so devm_mbox_controller_unregister() will automatically unregister the device bound to the mailbox controller when the device-managed resource is removed. That means devm_mbox_controller_unregister() and cmdq_mbox_shoutdown() will be called after cmdq_remove().2. CMDQ driver also uses devm_pm_runtime_enable() in cmdq_probe() after devm_mbox_controller_register(), so that devm_pm_runtime_disable() will be called after cmdq_remove(), but before devm_mbox_controller_unregister().To fix this problem, cmdq_probe() needs to movedevm_mbox_controller_register() after devm_pm_runtime_enable() to makedevm_pm_runtime_disable() be called afterdevm_mbox_controller_unregister().
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42320.md
Normal file
17
2024/CVE-2024-42320.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42320](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42320)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In the Linux kernel, the following vulnerability has been resolved:s390/dasd: fix error checks in dasd_copy_pair_store()dasd_add_busid() can return an error via ERR_PTR() if an allocationfails. However, two callsites in dasd_copy_pair_store() do not checkthe result, potentially resulting in a NULL pointer dereference. Fixthis by checking the result with IS_ERR() and returning the error upthe stack.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42321.md
Normal file
17
2024/CVE-2024-42321.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42321)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In the Linux kernel, the following vulnerability has been resolved:net: flow_dissector: use DEBUG_NET_WARN_ON_ONCEThe following splat is easy to reproduce upstream as well as in -stablekernels. Florian Westphal provided the following commit: d1dab4f71d37 ("net: add and use __skb_get_hash_symmetric_net")but this complementary fix has been also suggested by Willem de Bruijnand it can be easily backported to -stable kernel which consists inusing DEBUG_NET_WARN_ON_ONCE instead to silence the following splatgiven __skb_get_hash() is used by the nftables tracing infrastructure toto identify packets in traces.[69133.561393] ------------[ cut here ]------------[69133.561404] WARNING: CPU: 0 PID: 43576 at net/core/flow_dissector.c:1104 __skb_flow_dissect+0x134f/[...][69133.561944] CPU: 0 PID: 43576 Comm: socat Not tainted 6.10.0-rc7+ #379[69133.561959] RIP: 0010:__skb_flow_dissect+0x134f/0x2ad0[69133.561970] Code: 83 f9 04 0f 84 b3 00 00 00 45 85 c9 0f 84 aa 00 00 00 41 83 f9 02 0f 84 81 fc ffff 44 0f b7 b4 24 80 00 00 00 e9 8b f9 ff ff <0f> 0b e9 20 f3 ff ff 41 f6 c6 20 0f 84 e4 ef ff ff 48 8d 7b 12 e8[69133.561979] RSP: 0018:ffffc90000006fc0 EFLAGS: 00010246[69133.561988] RAX: 0000000000000000 RBX: ffffffff82f33e20 RCX: ffffffff81ab7e19[69133.561994] RDX: dffffc0000000000 RSI: ffffc90000007388 RDI: ffff888103a1b418[69133.562001] RBP: ffffc90000007310 R08: 0000000000000000 R09: 0000000000000000[69133.562007] R10: ffffc90000007388 R11: ffffffff810cface R12: ffff888103a1b400[69133.562013] R13: 0000000000000000 R14: ffffffff82f33e2a R15: ffffffff82f33e28[69133.562020] FS: 00007f40f7131740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000[69133.562027] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033[69133.562033] CR2: 00007f40f7346ee0 CR3: 000000015d200001 CR4: 00000000001706f0[69133.562040] Call Trace:[69133.562044] <IRQ>[69133.562049] ? __warn+0x9f/0x1a0[ 1211.841384] ? __skb_flow_dissect+0x107e/0x2860[...][ 1211.841496] ? bpf_flow_dissect+0x160/0x160[ 1211.841753] __skb_get_hash+0x97/0x280[ 1211.841765] ? __skb_get_hash_symmetric+0x230/0x230[ 1211.841776] ? mod_find+0xbf/0xe0[ 1211.841786] ? get_stack_info_noinstr+0x12/0xe0[ 1211.841798] ? bpf_ksym_find+0x56/0xe0[ 1211.841807] ? __rcu_read_unlock+0x2a/0x70[ 1211.841819] nft_trace_init+0x1b9/0x1c0 [nf_tables][ 1211.841895] ? nft_trace_notify+0x830/0x830 [nf_tables][ 1211.841964] ? get_stack_info+0x2b/0x80[ 1211.841975] ? nft_do_chain_arp+0x80/0x80 [nf_tables][ 1211.842044] nft_do_chain+0x79c/0x850 [nf_tables]
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42322.md
Normal file
17
2024/CVE-2024-42322.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42322)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In the Linux kernel, the following vulnerability has been resolved:ipvs: properly dereference pe in ip_vs_add_serviceUse pe directly to resolve sparse warning: net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42462.md
Normal file
17
2024/CVE-2024-42462.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42462](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42462)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Bypass.This issue affects upKeeper Manager: through 5.1.9.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42463.md
Normal file
17
2024/CVE-2024-42463.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42463](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42463)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user