admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-07-29 07:00:37 +00:00
parent a66750dbfa
commit 1717299317
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
18 changed files with 1670 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
2022/48xxx/CVE-2022-48666.json
View File

@ -41,7 +41,7 @@
{
"version_affected": "<",
"version_name": "65ca846a5314",
"version_value": "2e7eb4c1e8af"
"version_value": "5ce8fad94123"
},
{
"version_value": "not down converted",
@ -57,6 +57,18 @@
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.223",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.164",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.19.12",
"lessThanOrEqual": "5.19.*",
@ -84,6 +96,16 @@
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/5ce8fad941233e81f2afb5b52a3fcddd3ba8732f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5ce8fad941233e81f2afb5b52a3fcddd3ba8732f"
},
{
"url": "https://git.kernel.org/stable/c/f818708eeeae793e12dc39f8984ed7732048a7d9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f818708eeeae793e12dc39f8984ed7732048a7d9"
},
{
"url": "https://git.kernel.org/stable/c/2e7eb4c1e8af8385de22775bd0be552f59b28c9a",
"refsource": "MISC",
@ -97,6 +119,6 @@
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
"engine": "bippy-c9c4e1df01b2"
}
}

64
2024/36xxx/CVE-2024-36484.json
View File

@ -38,6 +38,26 @@
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "34e41a031fd7",
"version_value": "7de00adc9bd0"
},
{
"version_affected": "<",
"version_name": "ed5e279b69e0",
"version_value": "59801e88c99f"
},
{
"version_affected": "<",
"version_name": "413c33b9f3bc",
"version_value": "6e03006548c6"
},
{
"version_affected": "<",
"version_name": "2552c9d9440f",
"version_value": "21c14c556ccc"
},
{
"version_affected": "<",
"version_name": "3fe4ef0568a4",
@ -67,6 +87,30 @@
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.319",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.281",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.223",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.164",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.93",
"lessThanOrEqual": "6.1.*",
@ -106,6 +150,26 @@
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/7de00adc9bd035d861ba4177848ca0bfa5ed1e04",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7de00adc9bd035d861ba4177848ca0bfa5ed1e04"
},
{
"url": "https://git.kernel.org/stable/c/59801e88c99f7c3f44a4d20af6ba6417aa359b5d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/59801e88c99f7c3f44a4d20af6ba6417aa359b5d"
},
{
"url": "https://git.kernel.org/stable/c/6e03006548c66b979f4e5e9fc797aac4dad82822",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6e03006548c66b979f4e5e9fc797aac4dad82822"
},
{
"url": "https://git.kernel.org/stable/c/21c14c556cccd0cb54b71ec5e901e64ba84c7165",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/21c14c556cccd0cb54b71ec5e901e64ba84c7165"
},
{
"url": "https://git.kernel.org/stable/c/c09ddc605893df542c6cf8dde6a57a93f7cf0adb",
"refsource": "MISC",

136
2024/36xxx/CVE-2024-36938.json
View File

@ -1,18 +1,146 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36938",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue\n\nFix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which\nsyzbot reported [1].\n\n[1]\nBUG: KCSAN: data-race in sk_psock_drop / sk_psock_skb_ingress_enqueue\n\nwrite to 0xffff88814b3278b8 of 8 bytes by task 10724 on cpu 1:\n sk_psock_stop_verdict net/core/skmsg.c:1257 [inline]\n sk_psock_drop+0x13e/0x1f0 net/core/skmsg.c:843\n sk_psock_put include/linux/skmsg.h:459 [inline]\n sock_map_close+0x1a7/0x260 net/core/sock_map.c:1648\n unix_release+0x4b/0x80 net/unix/af_unix.c:1048\n __sock_release net/socket.c:659 [inline]\n sock_close+0x68/0x150 net/socket.c:1421\n __fput+0x2c1/0x660 fs/file_table.c:422\n __fput_sync+0x44/0x60 fs/file_table.c:507\n __do_sys_close fs/open.c:1556 [inline]\n __se_sys_close+0x101/0x1b0 fs/open.c:1541\n __x64_sys_close+0x1f/0x30 fs/open.c:1541\n do_syscall_64+0xd3/0x1d0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nread to 0xffff88814b3278b8 of 8 bytes by task 10713 on cpu 0:\n sk_psock_data_ready include/linux/skmsg.h:464 [inline]\n sk_psock_skb_ingress_enqueue+0x32d/0x390 net/core/skmsg.c:555\n sk_psock_skb_ingress_self+0x185/0x1e0 net/core/skmsg.c:606\n sk_psock_verdict_apply net/core/skmsg.c:1008 [inline]\n sk_psock_verdict_recv+0x3e4/0x4a0 net/core/skmsg.c:1202\n unix_read_skb net/unix/af_unix.c:2546 [inline]\n unix_stream_read_skb+0x9e/0xf0 net/unix/af_unix.c:2682\n sk_psock_verdict_data_ready+0x77/0x220 net/core/skmsg.c:1223\n unix_stream_sendmsg+0x527/0x860 net/unix/af_unix.c:2339\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x140/0x180 net/socket.c:745\n ____sys_sendmsg+0x312/0x410 net/socket.c:2584\n ___sys_sendmsg net/socket.c:2638 [inline]\n __sys_sendmsg+0x1e9/0x280 net/socket.c:2667\n __do_sys_sendmsg net/socket.c:2676 [inline]\n __se_sys_sendmsg net/socket.c:2674 [inline]\n __x64_sys_sendmsg+0x46/0x50 net/socket.c:2674\n do_syscall_64+0xd3/0x1d0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nvalue changed: 0xffffffff83d7feb0 -> 0x0000000000000000\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 0 PID: 10713 Comm: syz-executor.4 Tainted: G W 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\n\nPrior to this, commit 4cd12c6065df (\"bpf, sockmap: Fix NULL pointer\ndereference in sk_psock_verdict_data_ready()\") fixed one NULL pointer\nsimilarly due to no protection of saved_data_ready. Here is another\ndifferent caller causing the same issue because of the same reason. So\nwe should protect it with sk_callback_lock read lock because the writer\nside in the sk_psock_drop() uses \"write_lock_bh(&sk->sk_callback_lock);\".\n\nTo avoid errors that could happen in future, I move those two pairs of\nlock into the sk_psock_data_ready(), which is suggested by John Fastabend."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "604326b41a6f",
"version_value": "c0809c128dad"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.20",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.20",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.223",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/c0809c128dad4c3413818384eb06a341633db973",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c0809c128dad4c3413818384eb06a341633db973"
},
{
"url": "https://git.kernel.org/stable/c/5965bc7535fb87510b724e5465ccc1a1cf00916d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5965bc7535fb87510b724e5465ccc1a1cf00916d"
},
{
"url": "https://git.kernel.org/stable/c/39dc9e1442385d6e9be0b6491ee488dddd55ae27",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/39dc9e1442385d6e9be0b6491ee488dddd55ae27"
},
{
"url": "https://git.kernel.org/stable/c/b397a0ab8582c533ec0c6b732392f141fc364f87",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b397a0ab8582c533ec0c6b732392f141fc364f87"
},
{
"url": "https://git.kernel.org/stable/c/772d5729b5ff0df0d37b32db600ce635b2172f80",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/772d5729b5ff0df0d37b32db600ce635b2172f80"
},
{
"url": "https://git.kernel.org/stable/c/6648e613226e18897231ab5e42ffc29e63fa3365",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6648e613226e18897231ab5e42ffc29e63fa3365"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

24
2024/41xxx/CVE-2024-41009.json
View File

@ -41,7 +41,7 @@
{
"version_affected": "<",
"version_name": "457f44363a88",
"version_value": "d1b9df0435bc"
"version_value": "be35504b959f"
},
{
"version_value": "not down converted",
@ -57,6 +57,18 @@
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.223",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.164",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.97",
"lessThanOrEqual": "6.1.*",
@ -96,6 +108,16 @@
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/be35504b959f2749bab280f4671e8df96dcf836f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/be35504b959f2749bab280f4671e8df96dcf836f"
},
{
"url": "https://git.kernel.org/stable/c/0f98f40eb1ed52af8b81f61901b6c0289ff59de4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0f98f40eb1ed52af8b81f61901b6c0289ff59de4"
},
{
"url": "https://git.kernel.org/stable/c/d1b9df0435bc61e0b44f578846516df8ef476686",
"refsource": "MISC",

46
2024/41xxx/CVE-2024-41012.json
View File

@ -41,7 +41,7 @@
{
"version_affected": "<",
"version_name": "c293621bbf67",
"version_value": "ef8fc41cd6f9"
"version_value": "d30ff3304083"
},
{
"version_value": "not down converted",
@ -57,6 +57,30 @@
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.319",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.281",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.223",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.164",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.101",
"lessThanOrEqual": "6.1.*",
@ -96,6 +120,26 @@
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/d30ff33040834c3b9eee29740acd92f9c7ba2250",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d30ff33040834c3b9eee29740acd92f9c7ba2250"
},
{
"url": "https://git.kernel.org/stable/c/dc2ce1dfceaa0767211a9d963ddb029ab21c4235",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/dc2ce1dfceaa0767211a9d963ddb029ab21c4235"
},
{
"url": "https://git.kernel.org/stable/c/5661b9c7ec189406c2dde00837aaa4672efb6240",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5661b9c7ec189406c2dde00837aaa4672efb6240"
},
{
"url": "https://git.kernel.org/stable/c/52c87ab18c76c14d7209646ccb3283b3f5d87b22",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/52c87ab18c76c14d7209646ccb3283b3f5d87b22"
},
{
"url": "https://git.kernel.org/stable/c/ef8fc41cd6f95f9a4a3470f085aecf350569a0b3",
"refsource": "MISC",

71
2024/41xxx/CVE-2024-41013.json
View File

@ -1,18 +1,81 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41013",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: don't walk off the end of a directory data block\n\nThis adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry\nto make sure don't stray beyond valid memory region. Before patching, the\nloop simply checks that the start offset of the dup and dep is within the\nrange. So in a crafted image, if last entry is xfs_dir2_data_unused, we\ncan change dup->length to dup->length-1 and leave 1 byte of space. In the\nnext traversal, this space will be considered as dup or dep. We may\nencounter an out of bound read when accessing the fixed members.\n\nIn the patch, we make sure that the remaining bytes large enough to hold\nan unused entry before accessing xfs_dir2_data_unused and\nxfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also make\nsure that the remaining bytes large enough to hold a dirent with a\nsingle-byte name before accessing xfs_dir2_data_entry."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "0c7fcdb6d06c"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.11-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/0c7fcdb6d06cdf8b19b57c17605215b06afa864a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0c7fcdb6d06cdf8b19b57c17605215b06afa864a"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

71
2024/41xxx/CVE-2024-41014.json
View File

@ -1,18 +1,81 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41014",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: add bounds checking to xlog_recover_process_data\n\nThere is a lack of verification of the space occupied by fixed members\nof xlog_op_header in the xlog_recover_process_data.\n\nWe can create a crafted image to trigger an out of bounds read by\nfollowing these steps:\n 1) Mount an image of xfs, and do some file operations to leave records\n 2) Before umounting, copy the image for subsequent steps to simulate\n abnormal exit. Because umount will ensure that tail_blk and\n head_blk are the same, which will result in the inability to enter\n xlog_recover_process_data\n 3) Write a tool to parse and modify the copied image in step 2\n 4) Make the end of the xlog_op_header entries only 1 byte away from\n xlog_rec_header->h_size\n 5) xlog_rec_header->h_num_logops++\n 6) Modify xlog_rec_header->h_crc\n\nFix:\nAdd a check to make sure there is sufficient space to access fixed members\nof xlog_op_header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "fb63435b7c7d"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.11-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

159
2024/41xxx/CVE-2024-41015.json
View File

@ -1,18 +1,169 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41015",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: add bounds checking to ocfs2_check_dir_entry()\n\nThis adds sanity checks for ocfs2_dir_entry to make sure all members of\nocfs2_dir_entry don't stray beyond valid memory region."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "13d38c00df97"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.19.319",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.281",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.223",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.164",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.102",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.43",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.12",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10.2",
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.11-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/13d38c00df97289e6fba2e54193959293fd910d2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/13d38c00df97289e6fba2e54193959293fd910d2"
},
{
"url": "https://git.kernel.org/stable/c/564d23cc5b216211e1694d53f7e45959396874d0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/564d23cc5b216211e1694d53f7e45959396874d0"
},
{
"url": "https://git.kernel.org/stable/c/77495e5da5cb110a8fed27b052c77853fe282176",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/77495e5da5cb110a8fed27b052c77853fe282176"
},
{
"url": "https://git.kernel.org/stable/c/53de17ad01cb5f6f8426f597e9d5c87d4cf53bb7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/53de17ad01cb5f6f8426f597e9d5c87d4cf53bb7"
},
{
"url": "https://git.kernel.org/stable/c/fd65685594ee707cbf3ddf22ebb73697786ac114",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fd65685594ee707cbf3ddf22ebb73697786ac114"
},
{
"url": "https://git.kernel.org/stable/c/e05a24289db90f76ff606086aadd62d068a88dcd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e05a24289db90f76ff606086aadd62d068a88dcd"
},
{
"url": "https://git.kernel.org/stable/c/624b380074f0dc209fb8706db3295c735079f34c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/624b380074f0dc209fb8706db3295c735079f34c"
},
{
"url": "https://git.kernel.org/stable/c/edb2e67dd4626b06fd7eb37252d5067912e78d59",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/edb2e67dd4626b06fd7eb37252d5067912e78d59"
},
{
"url": "https://git.kernel.org/stable/c/255547c6bb8940a97eea94ef9d464ea5967763fb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/255547c6bb8940a97eea94ef9d464ea5967763fb"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

71
2024/41xxx/CVE-2024-41016.json
View File

@ -1,18 +1,81 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41016",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\n\nxattr in ocfs2 maybe 'non-indexed', which saved with additional space\nrequested. It's better to check if the memory is out of bound before\nmemcmp, although this possibility mainly comes from crafted poisonous\nimages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "af77c4fc1871"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.11-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/af77c4fc1871847b528d58b7fdafb4aa1f6a9262",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/af77c4fc1871847b528d58b7fdafb4aa1f6a9262"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

159
2024/41xxx/CVE-2024-41017.json
View File

@ -1,18 +1,169 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41017",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: don't walk off the end of ealist\n\nAdd a check before visiting the members of ea to\nmake sure each ea stays within the ealist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "7f91bd0f2941"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.19.319",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.281",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.223",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.164",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.102",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.43",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.12",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10.2",
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.11-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/7f91bd0f2941fa36449ce1a15faaa64f840d9746",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7f91bd0f2941fa36449ce1a15faaa64f840d9746"
},
{
"url": "https://git.kernel.org/stable/c/fc16776a82e8df97b6c4f9a10ba95aa44cef7ba5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fc16776a82e8df97b6c4f9a10ba95aa44cef7ba5"
},
{
"url": "https://git.kernel.org/stable/c/6386f1b6a10e5d1ddd03db4ff6dfc55d488852ce",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6386f1b6a10e5d1ddd03db4ff6dfc55d488852ce"
},
{
"url": "https://git.kernel.org/stable/c/7e21574195a45fc193555fa40e99fed16565ff7e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7e21574195a45fc193555fa40e99fed16565ff7e"
},
{
"url": "https://git.kernel.org/stable/c/4e034f7e563ab723b93a59980e4a1bb33198ece8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4e034f7e563ab723b93a59980e4a1bb33198ece8"
},
{
"url": "https://git.kernel.org/stable/c/17440dbc66ab98b410514b04987f61deedb86751",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/17440dbc66ab98b410514b04987f61deedb86751"
},
{
"url": "https://git.kernel.org/stable/c/f4435f476b9bf059cd9e26a69f5b29c768d00375",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f4435f476b9bf059cd9e26a69f5b29c768d00375"
},
{
"url": "https://git.kernel.org/stable/c/dbde7bc91093fa9c2410e418b236b70fde044b73",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/dbde7bc91093fa9c2410e418b236b70fde044b73"
},
{
"url": "https://git.kernel.org/stable/c/d0fa70aca54c8643248e89061da23752506ec0d4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d0fa70aca54c8643248e89061da23752506ec0d4"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

119
2024/41xxx/CVE-2024-41018.json
View File

@ -1,18 +1,129 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41018",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Add a check for attr_names and oatbl\n\nAdded out-of-bound checking for *ane (ATTR_NAME_ENTRY)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "e0b64e4ad2eb",
"version_value": "f3124d51e4e7"
},
{
"version_affected": "<",
"version_name": "865e7a7700d9",
"version_value": "c114d2b88f8b"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.8",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.43",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.12",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10.2",
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.11-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/f3124d51e4e7b56a732419d8dc270e807252334f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f3124d51e4e7b56a732419d8dc270e807252334f"
},
{
"url": "https://git.kernel.org/stable/c/c114d2b88f8b226d4b2acf5a1ba0412cde6c31dd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c114d2b88f8b226d4b2acf5a1ba0412cde6c31dd"
},
{
"url": "https://git.kernel.org/stable/c/9b71f820f7168f1eab8378c80c7ea8a022a475bc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9b71f820f7168f1eab8378c80c7ea8a022a475bc"
},
{
"url": "https://git.kernel.org/stable/c/702d4930eb06dcfda85a2fa67e8a1a27bfa2a845",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/702d4930eb06dcfda85a2fa67e8a1a27bfa2a845"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

126
2024/41xxx/CVE-2024-41019.json
View File

@ -1,18 +1,136 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41019",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Validate ff offset\n\nThis adds sanity checks for ff offset. There is a check\non rt->first_free at first, but walking through by ff\nwithout any check. If the second ff is a large offset.\nWe may encounter an out-of-bound read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "35652dfa8cc9"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.15.164",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.102",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.43",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.12",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10.2",
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.11-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/35652dfa8cc9a8a900ec0f1e0395781f94ffc5f0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/35652dfa8cc9a8a900ec0f1e0395781f94ffc5f0"
},
{
"url": "https://git.kernel.org/stable/c/818a257428644b8873e79c44404d8fb6598d4440",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/818a257428644b8873e79c44404d8fb6598d4440"
},
{
"url": "https://git.kernel.org/stable/c/6ae7265a7b816879fd0203e83b5030d3720bbb7a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6ae7265a7b816879fd0203e83b5030d3720bbb7a"
},
{
"url": "https://git.kernel.org/stable/c/82c94e6a7bd116724738aa67eba6f5fedf3a3319",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/82c94e6a7bd116724738aa67eba6f5fedf3a3319"
},
{
"url": "https://git.kernel.org/stable/c/617cf144c206f98978ec730b17159344fd147cb4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/617cf144c206f98978ec730b17159344fd147cb4"
},
{
"url": "https://git.kernel.org/stable/c/50c47879650b4c97836a0086632b3a2e300b0f06",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/50c47879650b4c97836a0086632b3a2e300b0f06"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

158
2024/41xxx/CVE-2024-41090.json
View File

@ -1,18 +1,168 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41090",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntap: add missing verification for short frame\n\nThe cited commit missed to check against the validity of the frame length\nin the tap_get_user_xdp() path, which could cause a corrupted skb to be\nsent downstack. Even before the skb is transmitted, the\ntap_get_user_xdp()-->skb_set_network_header() may assume the size is more\nthan ETH_HLEN. Once transmitted, this could either cause out-of-bound\naccess beyond the actual length, or confuse the underlayer with incorrect\nor inconsistent header length in the skb metadata.\n\nIn the alternative path, tap_get_user() already prohibits short frame which\nhas the length less than Ethernet header size from being transmitted.\n\nThis is to drop any frame shorter than the Ethernet header size just like\nhow tap_get_user() does.\n\nCVE: CVE-2024-41090"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0efac27791ee",
"version_value": "8be915fc5ff9"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.20",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.20",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.281",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.223",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.164",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.102",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.43",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.12",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10.2",
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.11-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/8be915fc5ff9a5e296f6538be12ea75a1a93bdea",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8be915fc5ff9a5e296f6538be12ea75a1a93bdea"
},
{
"url": "https://git.kernel.org/stable/c/7431144b406ae82807eb87d8c98e518475b0450f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7431144b406ae82807eb87d8c98e518475b0450f"
},
{
"url": "https://git.kernel.org/stable/c/e5e5e63c506b93b89b01f522b6a7343585f784e6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e5e5e63c506b93b89b01f522b6a7343585f784e6"
},
{
"url": "https://git.kernel.org/stable/c/ee93e6da30377cf2a75e16cd32bb9fcd86a61c46",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ee93e6da30377cf2a75e16cd32bb9fcd86a61c46"
},
{
"url": "https://git.kernel.org/stable/c/aa6a5704cab861c9b2ae9f475076e1881e87f5aa",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/aa6a5704cab861c9b2ae9f475076e1881e87f5aa"
},
{
"url": "https://git.kernel.org/stable/c/73d462a38d5f782b7c872fe9ae8393d9ef5483da",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/73d462a38d5f782b7c872fe9ae8393d9ef5483da"
},
{
"url": "https://git.kernel.org/stable/c/e1a786b9bbb767fd1c922d424aaa8078cc542309",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e1a786b9bbb767fd1c922d424aaa8078cc542309"
},
{
"url": "https://git.kernel.org/stable/c/ed7f2afdd0e043a397677e597ced0830b83ba0b3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ed7f2afdd0e043a397677e597ced0830b83ba0b3"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

158
2024/41xxx/CVE-2024-41091.json
View File

@ -1,18 +1,168 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41091",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntun: add missing verification for short frame\n\nThe cited commit missed to check against the validity of the frame length\nin the tun_xdp_one() path, which could cause a corrupted skb to be sent\ndownstack. Even before the skb is transmitted, the\ntun_xdp_one-->eth_type_trans() may access the Ethernet header although it\ncan be less than ETH_HLEN. Once transmitted, this could either cause\nout-of-bound access beyond the actual length, or confuse the underlayer\nwith incorrect or inconsistent header length in the skb metadata.\n\nIn the alternative path, tun_get_user() already prohibits short frame which\nhas the length less than Ethernet header size from being transmitted for\nIFF_TAP.\n\nThis is to drop any frame shorter than the Ethernet header size just like\nhow tun_get_user() does.\n\nCVE: CVE-2024-41091"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "043d222f93ab",
"version_value": "32b0aaba5dbc"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.20",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.20",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.281",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.223",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.164",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.102",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.43",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.12",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10.2",
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.11-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/32b0aaba5dbc85816898167d9b5d45a22eae82e9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/32b0aaba5dbc85816898167d9b5d45a22eae82e9"
},
{
"url": "https://git.kernel.org/stable/c/6100e0237204890269e3f934acfc50d35fd6f319",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6100e0237204890269e3f934acfc50d35fd6f319"
},
{
"url": "https://git.kernel.org/stable/c/589382f50b4a5d90d16d8bc9dcbc0e927a3e39b2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/589382f50b4a5d90d16d8bc9dcbc0e927a3e39b2"
},
{
"url": "https://git.kernel.org/stable/c/ad6b3f622ccfb4bfedfa53b6ebd91c3d1d04f146",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ad6b3f622ccfb4bfedfa53b6ebd91c3d1d04f146"
},
{
"url": "https://git.kernel.org/stable/c/d5ad89b7d01ed4e66fd04734fc63d6e78536692a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d5ad89b7d01ed4e66fd04734fc63d6e78536692a"
},
{
"url": "https://git.kernel.org/stable/c/a9d1c27e2ee3b0ea5d40c105d6e728fc114470bb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a9d1c27e2ee3b0ea5d40c105d6e728fc114470bb"
},
{
"url": "https://git.kernel.org/stable/c/8418f55302fa1d2eeb73e16e345167e545c598a5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8418f55302fa1d2eeb73e16e345167e545c598a5"
},
{
"url": "https://git.kernel.org/stable/c/049584807f1d797fc3078b68035450a9769eb5c3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/049584807f1d797fc3078b68035450a9769eb5c3"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

72
2024/6xxx/CVE-2024-6366.json
View File

@ -1,18 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6366",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "User Profile Builder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.11.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/5b90cbdd-52cc-4e7b-bf39-bea0dd59e19e/",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/5b90cbdd-52cc-4e7b-bf39-bea0dd59e19e/"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Michel Prunet"
},
{
"lang": "en",
"value": "WPScan"
}
]
}

72
2024/6xxx/CVE-2024-6487.json
View File

@ -1,18 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6487",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Inline Related Posts",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.8.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/eeec9608-a7b2-4926-bac2-4c81a65dd473/",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/eeec9608-a7b2-4926-bac2-4c81a65dd473/"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Dmitrii Ignatyev"
},
{
"lang": "en",
"value": "WPScan"
}
]
}

100
2024/7xxx/CVE-2024-7186.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7186",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been classified as critical. This affects the function setWiFiAclAddConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272607. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in TOTOLINK A3600R 4.1.2cu.5182_B20201102 ausgemacht. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion setWiFiAclAddConfig der Datei /cgi-bin/cstecgi.cgi. Mittels dem Manipulieren des Arguments comment mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow",
"cweId": "CWE-120"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "TOTOLINK",
"product": {
"product_data": [
{
"product_name": "A3600R",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.1.2cu.5182_B20201102"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.272607",
"refsource": "MISC",
"name": "https://vuldb.com/?id.272607"
},
{
"url": "https://vuldb.com/?ctiid.272607",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.272607"
},
{
"url": "https://vuldb.com/?submit.378055",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.378055"
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setWiFiAclAddConfig.md",
"refsource": "MISC",
"name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setWiFiAclAddConfig.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "wxhwxhwxh_tutu (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
}
]
}

100
2024/7xxx/CVE-2024-7187.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7187",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been declared as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272608. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "In TOTOLINK A3600R 4.1.2cu.5182_B20201102 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion UploadCustomModule der Datei /cgi-bin/cstecgi.cgi. Mittels Manipulieren des Arguments File mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow",
"cweId": "CWE-120"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "TOTOLINK",
"product": {
"product_data": [
{
"product_name": "A3600R",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.1.2cu.5182_B20201102"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.272608",
"refsource": "MISC",
"name": "https://vuldb.com/?id.272608"
},
{
"url": "https://vuldb.com/?ctiid.272608",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.272608"
},
{
"url": "https://vuldb.com/?submit.378291",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.378291"
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/UploadCustomModule.md",
"refsource": "MISC",
"name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/UploadCustomModule.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "wxhwxhwxh_tutu (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
}
]
}