From 012e7b2bbe3070cb1e930a29807a8eeb12b5d00b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 29 Jul 2024 17:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/33xxx/CVE-2024-33365.json | 61 +++++++++++-- 2024/41xxx/CVE-2024-41640.json | 56 ++++++++++-- 2024/41xxx/CVE-2024-41819.json | 81 ++++++++++++++++- 2024/42xxx/CVE-2024-42084.json | 158 ++++++++++++++++++++++++++++++++- 2024/42xxx/CVE-2024-42085.json | 130 ++++++++++++++++++++++++++- 2024/42xxx/CVE-2024-42086.json | 158 ++++++++++++++++++++++++++++++++- 2024/42xxx/CVE-2024-42087.json | 148 +++++++++++++++++++++++++++++- 2024/42xxx/CVE-2024-42088.json | 92 ++++++++++++++++++- 2024/42xxx/CVE-2024-42089.json | 158 ++++++++++++++++++++++++++++++++- 2024/42xxx/CVE-2024-42090.json | 158 ++++++++++++++++++++++++++++++++- 2024/6xxx/CVE-2024-6748.json | 79 ++++++++++++++++- 2024/7xxx/CVE-2024-7211.json | 18 ++++ 12 files changed, 1249 insertions(+), 48 deletions(-) create mode 100644 2024/7xxx/CVE-2024-7211.json diff --git a/2024/33xxx/CVE-2024-33365.json b/2024/33xxx/CVE-2024-33365.json index ca344aacc7b..28b09f00931 100644 --- a/2024/33xxx/CVE-2024-33365.json +++ b/2024/33xxx/CVE-2024-33365.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-33365", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-33365", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.20_cn allows a remote attacker to execute arbitrary code via the Virtual_Data_Check function in the bin/httpd component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://hackmd.io/@JohnathanHuuTri/rJNbEItJC", + "refsource": "MISC", + "name": "https://hackmd.io/@JohnathanHuuTri/rJNbEItJC" + }, + { + "refsource": "MISC", + "name": "https://github.com/johnathanhuutri/CVE_report/blob/master/CVE-2024-33365/README.md", + "url": "https://github.com/johnathanhuutri/CVE_report/blob/master/CVE-2024-33365/README.md" } ] } diff --git a/2024/41xxx/CVE-2024-41640.json b/2024/41xxx/CVE-2024-41640.json index 07f66383f06..32f5ae1c678 100644 --- a/2024/41xxx/CVE-2024-41640.json +++ b/2024/41xxx/CVE-2024-41640.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-41640", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-41640", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in AML Surety Eco up to 3.5 allows an attacker to run arbitrary code via crafted GET request using the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/alemusix/CVE-2024-41640", + "url": "https://github.com/alemusix/CVE-2024-41640" } ] } diff --git a/2024/41xxx/CVE-2024-41819.json b/2024/41xxx/CVE-2024-41819.json index ca5462dd0c4..296fb2e6d43 100644 --- a/2024/41xxx/CVE-2024-41819.json +++ b/2024/41xxx/CVE-2024-41819.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-41819", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Note Mark is a web-based Markdown notes app. A stored cross-site scripting (XSS) vulnerability in Note Mark allows attackers to execute arbitrary web scripts via a crafted payload injected into the URL value of a link in the markdown content. This vulnerability is fixed in 0.13.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "enchant97", + "product": { + "product_data": [ + { + "product_name": "note-mark", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<= 0.13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/enchant97/note-mark/security/advisories/GHSA-rm48-9mqf-8jc3", + "refsource": "MISC", + "name": "https://github.com/enchant97/note-mark/security/advisories/GHSA-rm48-9mqf-8jc3" + }, + { + "url": "https://github.com/enchant97/note-mark/commit/a0997facb82f85bfb8c0d497606d89e7d150e182", + "refsource": "MISC", + "name": "https://github.com/enchant97/note-mark/commit/a0997facb82f85bfb8c0d497606d89e7d150e182" + } + ] + }, + "source": { + "advisory": "GHSA-rm48-9mqf-8jc3", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/42xxx/CVE-2024-42084.json b/2024/42xxx/CVE-2024-42084.json index 0333fabc901..3217a3bbfcb 100644 --- a/2024/42xxx/CVE-2024-42084.json +++ b/2024/42xxx/CVE-2024-42084.json @@ -1,18 +1,168 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-42084", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nftruncate: pass a signed offset\n\nThe old ftruncate() syscall, using the 32-bit off_t misses a sign\nextension when called in compat mode on 64-bit architectures. As a\nresult, passing a negative length accidentally succeeds in truncating\nto file size between 2GiB and 4GiB.\n\nChanging the type of the compat syscall to the signed compat_off_t\nchanges the behavior so it instead returns -EINVAL.\n\nThe native entry point, the truncate() syscall and the corresponding\nloff_t based variants are all correct already and do not suffer\nfrom this mistake." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3f6d078d4acc", + "version_value": "c329760749b5" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "3.9", + "status": "affected" + }, + { + "version": "0", + "lessThan": "3.9", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.317", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.279", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.221", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.162", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.97", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.37", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9.8", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.10", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/c329760749b5419769e57cb2be80955d2805f9c9", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/c329760749b5419769e57cb2be80955d2805f9c9" + }, + { + "url": "https://git.kernel.org/stable/c/f531d4bc6c5588d713359e42ed65e46816d841d8", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f531d4bc6c5588d713359e42ed65e46816d841d8" + }, + { + "url": "https://git.kernel.org/stable/c/84bf6b64a1a0dfc6de7e1b1c776d58d608e7865a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/84bf6b64a1a0dfc6de7e1b1c776d58d608e7865a" + }, + { + "url": "https://git.kernel.org/stable/c/dbb226d81cd02cee140139c2369791e6f61f2007", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/dbb226d81cd02cee140139c2369791e6f61f2007" + }, + { + "url": "https://git.kernel.org/stable/c/5ae6af68410bdad6181ec82104bb9985a7a6a0fa", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5ae6af68410bdad6181ec82104bb9985a7a6a0fa" + }, + { + "url": "https://git.kernel.org/stable/c/836359247b0403e0634bfbc83e5bb8063fad287a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/836359247b0403e0634bfbc83e5bb8063fad287a" + }, + { + "url": "https://git.kernel.org/stable/c/930a4c369f74da26816eaaa71b5888d29b759c27", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/930a4c369f74da26816eaaa71b5888d29b759c27" + }, + { + "url": "https://git.kernel.org/stable/c/4b8e88e563b5f666446d002ad0dc1e6e8e7102b0", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4b8e88e563b5f666446d002ad0dc1e6e8e7102b0" + } + ] + }, + "generator": { + "engine": "bippy-c9c4e1df01b2" } } \ No newline at end of file diff --git a/2024/42xxx/CVE-2024-42085.json b/2024/42xxx/CVE-2024-42085.json index 137eb2243a2..2a77d97940f 100644 --- a/2024/42xxx/CVE-2024-42085.json +++ b/2024/42xxx/CVE-2024-42085.json @@ -1,18 +1,140 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-42085", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock\n\nWhen config CONFIG_USB_DWC3_DUAL_ROLE is selected, and trigger system\nto enter suspend status with below command:\necho mem > /sys/power/state\nThere will be a deadlock issue occurring. Detailed invoking path as\nbelow:\ndwc3_suspend_common()\n spin_lock_irqsave(&dwc->lock, flags); <-- 1st\n dwc3_gadget_suspend(dwc);\n dwc3_gadget_soft_disconnect(dwc);\n spin_lock_irqsave(&dwc->lock, flags); <-- 2nd\nThis issue is exposed by commit c7ebd8149ee5 (\"usb: dwc3: gadget: Fix\nNULL pointer dereference in dwc3_gadget_suspend\") that removes the code\nof checking whether dwc->gadget_driver is NULL or not. It causes the\nfollowing code is executed and deadlock occurs when trying to get the\nspinlock. In fact, the root cause is the commit 5265397f9442(\"usb: dwc3:\nRemove DWC3 locking during gadget suspend/resume\") that forgot to remove\nthe lock of otg mode. So, remove the redundant lock of otg mode during\ngadget suspend/resume." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2fa487a94667", + "version_value": "7026576e8909" + }, + { + "version_affected": "<", + "version_name": "5265397f9442", + "version_value": "d77e2b5104c5" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.1", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.1", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.162", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.97", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.37", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9.8", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.10", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/7026576e89094aa9a0062aa6d10cba18aa99944c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7026576e89094aa9a0062aa6d10cba18aa99944c" + }, + { + "url": "https://git.kernel.org/stable/c/d77e2b5104c51d3668b9717c825a4a06998efe63", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d77e2b5104c51d3668b9717c825a4a06998efe63" + }, + { + "url": "https://git.kernel.org/stable/c/17e2956633ca560b95f1cbbb297cfc2adf650649", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/17e2956633ca560b95f1cbbb297cfc2adf650649" + }, + { + "url": "https://git.kernel.org/stable/c/f1274cfab183e69a7c7bafffcb4f50703c876276", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f1274cfab183e69a7c7bafffcb4f50703c876276" + }, + { + "url": "https://git.kernel.org/stable/c/7838de15bb700c2898a7d741db9b1f3cbc86c136", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7838de15bb700c2898a7d741db9b1f3cbc86c136" + } + ] + }, + "generator": { + "engine": "bippy-c9c4e1df01b2" } } \ No newline at end of file diff --git a/2024/42xxx/CVE-2024-42086.json b/2024/42xxx/CVE-2024-42086.json index 690316263a7..90c5214be23 100644 --- a/2024/42xxx/CVE-2024-42086.json +++ b/2024/42xxx/CVE-2024-42086.json @@ -1,18 +1,168 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-42086", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: chemical: bme680: Fix overflows in compensate() functions\n\nThere are cases in the compensate functions of the driver that\nthere could be overflows of variables due to bit shifting ops.\nThese implications were initially discussed here [1] and they\nwere mentioned in log message of Commit 1b3bd8592780 (\"iio:\nchemical: Add support for Bosch BME680 sensor\").\n\n[1]: https://lore.kernel.org/linux-iio/20180728114028.3c1bbe81@archlinux/" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1b3bd8592780", + "version_value": "6fa31bbe2ea8" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.19", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.19", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.317", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.279", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.221", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.162", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.97", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.37", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9.8", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.10", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/6fa31bbe2ea8665ee970258eb8320cbf231dbe9e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6fa31bbe2ea8665ee970258eb8320cbf231dbe9e" + }, + { + "url": "https://git.kernel.org/stable/c/b0af334616ed425024bf220adda0f004806b5feb", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b0af334616ed425024bf220adda0f004806b5feb" + }, + { + "url": "https://git.kernel.org/stable/c/c326551e99f5416986074ce78bef94f6a404b517", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/c326551e99f5416986074ce78bef94f6a404b517" + }, + { + "url": "https://git.kernel.org/stable/c/7a13d1357658d3a3c1cd7b3b9543c805a6e5e6e9", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7a13d1357658d3a3c1cd7b3b9543c805a6e5e6e9" + }, + { + "url": "https://git.kernel.org/stable/c/ba1bb3e2a38a7fef1c1818dd4f2d9abbfdde553a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ba1bb3e2a38a7fef1c1818dd4f2d9abbfdde553a" + }, + { + "url": "https://git.kernel.org/stable/c/b5967393d50e3c6e632efda3ea3fdde14c1bfd0e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b5967393d50e3c6e632efda3ea3fdde14c1bfd0e" + }, + { + "url": "https://git.kernel.org/stable/c/3add41bbda92938e9a528d74659dfc552796be4e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/3add41bbda92938e9a528d74659dfc552796be4e" + }, + { + "url": "https://git.kernel.org/stable/c/fdd478c3ae98c3f13628e110dce9b6cfb0d9b3c8", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/fdd478c3ae98c3f13628e110dce9b6cfb0d9b3c8" + } + ] + }, + "generator": { + "engine": "bippy-c9c4e1df01b2" } } \ No newline at end of file diff --git a/2024/42xxx/CVE-2024-42087.json b/2024/42xxx/CVE-2024-42087.json index bac9d9b5827..bc386fbb097 100644 --- a/2024/42xxx/CVE-2024-42087.json +++ b/2024/42xxx/CVE-2024-42087.json @@ -1,18 +1,158 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-42087", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep\n\nThe ilitek-ili9881c controls the reset GPIO using the non-sleeping\ngpiod_set_value() function. This complains loudly when the GPIO\ncontroller needs to sleep. As the caller can sleep, use\ngpiod_set_value_cansleep() to fix the issue." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f4", + "version_value": "b71348be1236" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.19.317", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.279", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.221", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.162", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.97", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.37", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9.8", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.10", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/b71348be1236398be2d04c5e145fd6eaae86a91b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b71348be1236398be2d04c5e145fd6eaae86a91b" + }, + { + "url": "https://git.kernel.org/stable/c/98686ec1824728ff41d7b358131f7d0227c2ba2a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/98686ec1824728ff41d7b358131f7d0227c2ba2a" + }, + { + "url": "https://git.kernel.org/stable/c/cae52f61fda0f5d2949dc177f984c9e187d4c6a0", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/cae52f61fda0f5d2949dc177f984c9e187d4c6a0" + }, + { + "url": "https://git.kernel.org/stable/c/489f38de3375ab84b3d269d0a1d64d6ee95d7044", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/489f38de3375ab84b3d269d0a1d64d6ee95d7044" + }, + { + "url": "https://git.kernel.org/stable/c/5f41401219fbe7663b3cf65ebd4ed95ebbb8ffb9", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5f41401219fbe7663b3cf65ebd4ed95ebbb8ffb9" + }, + { + "url": "https://git.kernel.org/stable/c/1618f7a875ffd916596392fd29880c0429b8af60", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/1618f7a875ffd916596392fd29880c0429b8af60" + }, + { + "url": "https://git.kernel.org/stable/c/e646402bf82145349fcf5dcbe395afaf02a8ce47", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e646402bf82145349fcf5dcbe395afaf02a8ce47" + }, + { + "url": "https://git.kernel.org/stable/c/ee7860cd8b5763017f8dc785c2851fecb7a0c565", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ee7860cd8b5763017f8dc785c2851fecb7a0c565" + } + ] + }, + "generator": { + "engine": "bippy-c9c4e1df01b2" } } \ No newline at end of file diff --git a/2024/42xxx/CVE-2024-42088.json b/2024/42xxx/CVE-2024-42088.json index 11b1935276c..b6273f66141 100644 --- a/2024/42xxx/CVE-2024-42088.json +++ b/2024/42xxx/CVE-2024-42088.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-42088", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: mt8195: Add platform entry for ETDM1_OUT_BE dai link\n\nCommit e70b8dd26711 (\"ASoC: mediatek: mt8195: Remove afe-dai component\nand rework codec link\") removed the codec entry for the ETDM1_OUT_BE\ndai link entirely instead of replacing it with COMP_EMPTY(). This worked\nby accident as the remaining COMP_EMPTY() platform entry became the codec\nentry, and the platform entry became completely empty, effectively the\nsame as COMP_DUMMY() since snd_soc_fill_dummy_dai() doesn't do anything\nfor platform entries.\n\nThis causes a KASAN out-of-bounds warning in mtk_soundcard_common_probe()\nin sound/soc/mediatek/common/mtk-soundcard-driver.c:\n\n\tfor_each_card_prelinks(card, i, dai_link) {\n\t\tif (adsp_node && !strncmp(dai_link->name, \"AFE_SOF\", strlen(\"AFE_SOF\")))\n\t\t\tdai_link->platforms->of_node = adsp_node;\n\t\telse if (!dai_link->platforms->name && !dai_link->platforms->of_node)\n\t\t\tdai_link->platforms->of_node = platform_node;\n\t}\n\nwhere the code expects the platforms array to have space for at least one entry.\n\nAdd an COMP_EMPTY() entry so that dai_link->platforms has space." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "e70b8dd26711", + "version_value": "42b9ab7a4d7e" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.8", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.8", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9.8", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.10", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/42b9ab7a4d7e6c5efd71847541e4fcc213585aad", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/42b9ab7a4d7e6c5efd71847541e4fcc213585aad" + }, + { + "url": "https://git.kernel.org/stable/c/282a4482e198e03781c152c88aac8aa382ef9a55", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/282a4482e198e03781c152c88aac8aa382ef9a55" + } + ] + }, + "generator": { + "engine": "bippy-c9c4e1df01b2" } } \ No newline at end of file diff --git a/2024/42xxx/CVE-2024-42089.json b/2024/42xxx/CVE-2024-42089.json index 8b97529776a..51eb8041a36 100644 --- a/2024/42xxx/CVE-2024-42089.json +++ b/2024/42xxx/CVE-2024-42089.json @@ -1,18 +1,168 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-42089", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl-asoc-card: set priv->pdev before using it\n\npriv->pdev pointer was set after being used in\nfsl_asoc_card_audmux_init().\nMove this assignment at the start of the probe function, so\nsub-functions can correctly use pdev through priv.\n\nfsl_asoc_card_audmux_init() dereferences priv->pdev to get access to the\ndev struct, used with dev_err macros.\nAs priv is zero-initialised, there would be a NULL pointer dereference.\nNote that if priv->dev is dereferenced before assignment but never used,\nfor example if there is no error to be printed, the driver won't crash\nprobably due to compiler optimisations." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "708b4351f08c", + "version_value": "ae81535ce250" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "3.18", + "status": "affected" + }, + { + "version": "0", + "lessThan": "3.18", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.317", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.279", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.221", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.162", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.97", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.37", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9.8", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.10", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/ae81535ce2503aabc4adab3472f4338070cdeb6a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ae81535ce2503aabc4adab3472f4338070cdeb6a" + }, + { + "url": "https://git.kernel.org/stable/c/8896e18b7c366f8faf9344abfd0971435f1c723a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/8896e18b7c366f8faf9344abfd0971435f1c723a" + }, + { + "url": "https://git.kernel.org/stable/c/3662eb2170e59b58ad479982dc1084889ba757b9", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/3662eb2170e59b58ad479982dc1084889ba757b9" + }, + { + "url": "https://git.kernel.org/stable/c/544ab46b7ece6d6bebbdee5d5659c0a0f804a99a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/544ab46b7ece6d6bebbdee5d5659c0a0f804a99a" + }, + { + "url": "https://git.kernel.org/stable/c/8faf91e58425c2f6ce773250dfd995f1c2d461ac", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/8faf91e58425c2f6ce773250dfd995f1c2d461ac" + }, + { + "url": "https://git.kernel.org/stable/c/29bc9e7c75398b0d12fc30955f2e9b2dd29ffaed", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/29bc9e7c75398b0d12fc30955f2e9b2dd29ffaed" + }, + { + "url": "https://git.kernel.org/stable/c/7c18b4d89ff9c810b6e562408afda5ce165c4ea6", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7c18b4d89ff9c810b6e562408afda5ce165c4ea6" + }, + { + "url": "https://git.kernel.org/stable/c/90f3feb24172185f1832636264943e8b5e289245", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/90f3feb24172185f1832636264943e8b5e289245" + } + ] + }, + "generator": { + "engine": "bippy-c9c4e1df01b2" } } \ No newline at end of file diff --git a/2024/42xxx/CVE-2024-42090.json b/2024/42xxx/CVE-2024-42090.json index c46170eff5f..0ab4985a2a9 100644 --- a/2024/42xxx/CVE-2024-42090.json +++ b/2024/42xxx/CVE-2024-42090.json @@ -1,18 +1,168 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-42090", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER\n\nIn create_pinctrl(), pinctrl_maps_mutex is acquired before calling\nadd_setting(). If add_setting() returns -EPROBE_DEFER, create_pinctrl()\ncalls pinctrl_free(). However, pinctrl_free() attempts to acquire\npinctrl_maps_mutex, which is already held by create_pinctrl(), leading to\na potential deadlock.\n\nThis patch resolves the issue by releasing pinctrl_maps_mutex before\ncalling pinctrl_free(), preventing the deadlock.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "42fed7ba44e4", + "version_value": "e65a0dc2e85e" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "3.10", + "status": "affected" + }, + { + "version": "0", + "lessThan": "3.10", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.317", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.279", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.221", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.162", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.97", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.37", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9.8", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.10", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/e65a0dc2e85efb28e182aca50218e8a056d0ce04", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e65a0dc2e85efb28e182aca50218e8a056d0ce04" + }, + { + "url": "https://git.kernel.org/stable/c/420ce1261907e5dbeda1e4daffd5b6c76f8188c0", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/420ce1261907e5dbeda1e4daffd5b6c76f8188c0" + }, + { + "url": "https://git.kernel.org/stable/c/b813e3fd102a959c5b208ed68afe27e0137a561b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b813e3fd102a959c5b208ed68afe27e0137a561b" + }, + { + "url": "https://git.kernel.org/stable/c/01fe2f885f7813f8aed5d3704b384a97b1116a9e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/01fe2f885f7813f8aed5d3704b384a97b1116a9e" + }, + { + "url": "https://git.kernel.org/stable/c/b36efd2e3e22a329444b6b24fa48df6d20ae66e6", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b36efd2e3e22a329444b6b24fa48df6d20ae66e6" + }, + { + "url": "https://git.kernel.org/stable/c/4038c57bf61631219b31f1bd6e92106ec7f084dc", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4038c57bf61631219b31f1bd6e92106ec7f084dc" + }, + { + "url": "https://git.kernel.org/stable/c/48a7a7c9571c3e62f17012dd7f2063e926179ddd", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/48a7a7c9571c3e62f17012dd7f2063e926179ddd" + }, + { + "url": "https://git.kernel.org/stable/c/adec57ff8e66aee632f3dd1f93787c13d112b7a1", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/adec57ff8e66aee632f3dd1f93787c13d112b7a1" + } + ] + }, + "generator": { + "engine": "bippy-c9c4e1df01b2" } } \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6748.json b/2024/6xxx/CVE-2024-6748.json index 0c6e1e45f36..4e425962d00 100644 --- a/2024/6xxx/CVE-2024-6748.json +++ b/2024/6xxx/CVE-2024-6748.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6748", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@manageengine.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zohocorp ManageEngine\u00a0OpManager, OpManager Plus, OpManager MSP and RMM versions\u00a0128317 and below are vulnerable to authenticated SQL injection in the URL monitoring." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ManageEngine", + "product": { + "product_data": [ + { + "product_name": "OpManager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "128317" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.manageengine.com/itom/advisory/cve-2024-6748.html", + "refsource": "MISC", + "name": "https://www.manageengine.com/itom/advisory/cve-2024-6748.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" } ] } diff --git a/2024/7xxx/CVE-2024-7211.json b/2024/7xxx/CVE-2024-7211.json new file mode 100644 index 00000000000..9b76ee48400 --- /dev/null +++ b/2024/7xxx/CVE-2024-7211.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7211", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file