mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-06 02:32:02 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
23b2f88e54
commit
1df4e7f304
@ -1,17 +1,80 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-6601",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "patrick@puiterwijk.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Improper Control of Resource Identifiers ('Resource Injection')",
|
||||
"cweId": "CWE-99"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253172",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2253172"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 4.7,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "CHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,80 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-6604",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "patrick@puiterwijk.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Improper Control of Resource Identifiers ('Resource Injection')",
|
||||
"cweId": "CWE-99"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334337",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2334337"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 5.3,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,80 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-6605",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "patrick@puiterwijk.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Improper Control of Resource Identifiers ('Resource Injection')",
|
||||
"cweId": "CWE-99"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334336",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2334336"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 7.2,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "CHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.24.11 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must perform a search and replace action to trigger the exploit."
|
||||
"value": "The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. An administrator must perform a search and replace action to trigger the exploit."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -41,7 +41,7 @@
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "*",
|
||||
"version_name": "1.23.8",
|
||||
"version_value": "1.24.11"
|
||||
}
|
||||
]
|
||||
|
||||
@ -5,132 +5,14 @@
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-26929",
|
||||
"ASSIGNER": "cve@kernel.org",
|
||||
"STATE": "PUBLIC"
|
||||
"STATE": "REJECT"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix double free of fcport\n\nThe server was crashing after LOGO because fcport was getting freed twice.\n\n -----------[ cut here ]-----------\n kernel BUG at mm/slub.c:371!\n invalid opcode: 0000 1 SMP PTI\n CPU: 35 PID: 4610 Comm: bash Kdump: loaded Tainted: G OE --------- - - 4.18.0-425.3.1.el8.x86_64 #1\n Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021\n RIP: 0010:set_freepointer.part.57+0x0/0x10\n RSP: 0018:ffffb07107027d90 EFLAGS: 00010246\n RAX: ffff9cb7e3150000 RBX: ffff9cb7e332b9c0 RCX: ffff9cb7e3150400\n RDX: 0000000000001f37 RSI: 0000000000000000 RDI: ffff9cb7c0005500\n RBP: fffff693448c5400 R08: 0000000080000000 R09: 0000000000000009\n R10: 0000000000000000 R11: 0000000000132af0 R12: ffff9cb7c0005500\n R13: ffff9cb7e3150000 R14: ffffffffc06990e0 R15: ffff9cb7ea85ea58\n FS: 00007ff6b79c2740(0000) GS:ffff9cb8f7ec0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055b426b7d700 CR3: 0000000169c18002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n kfree+0x238/0x250\n qla2x00_els_dcmd_sp_free+0x20/0x230 [qla2xxx]\n ? qla24xx_els_dcmd_iocb+0x607/0x690 [qla2xxx]\n qla2x00_issue_logo+0x28c/0x2a0 [qla2xxx]\n ? qla2x00_issue_logo+0x28c/0x2a0 [qla2xxx]\n ? kernfs_fop_write+0x11e/0x1a0\n\nRemove one of the free calls and add check for valid fcport. Also use\nfunction qla2x00_free_fcport() instead of kfree()."
|
||||
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Linux",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Linux",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "1da177e4c3f4",
|
||||
"version_value": "b03e626bd6d3"
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"version": "5.15.154",
|
||||
"lessThanOrEqual": "5.15.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.1.84",
|
||||
"lessThanOrEqual": "6.1.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.6.24",
|
||||
"lessThanOrEqual": "6.6.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.7.12",
|
||||
"lessThanOrEqual": "6.7.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.8.3",
|
||||
"lessThanOrEqual": "6.8.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.9",
|
||||
"lessThanOrEqual": "*",
|
||||
"status": "unaffected",
|
||||
"versionType": "original_commit_for_fix"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/b03e626bd6d3f0684f56ee1890d70fc9ca991c04",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/b03e626bd6d3f0684f56ee1890d70fc9ca991c04"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/282877633b25d67021a34169c5b5519b1d4ef65e",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/282877633b25d67021a34169c5b5519b1d4ef65e"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/f85af9f1aa5e2f53694a6cbe72010f754b5ff862",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/f85af9f1aa5e2f53694a6cbe72010f754b5ff862"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/9b43d2884b54d415caab48878b526dfe2ae9921b",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/9b43d2884b54d415caab48878b526dfe2ae9921b"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/846fb9f112f618ec6ae181d8dae7961652574774",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/846fb9f112f618ec6ae181d8dae7961652574774"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/82f522ae0d97119a43da53e0f729275691b9c525",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/82f522ae0d97119a43da53e0f729275691b9c525"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-9e1c9544281a"
|
||||
}
|
||||
}
|
||||
@ -1,17 +1,93 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-31913",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "psirt@us.ibm.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
|
||||
"cweId": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "IBM",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Sterling B2B Integrator Standard Edition",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "6.0.0.0",
|
||||
"version_value": "6.1.2.5"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "6.2.0.0",
|
||||
"version_value": "6.2.0.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.ibm.com/support/pages/node/7176081",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.ibm.com/support/pages/node/7176081"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.2.0"
|
||||
},
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.5,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"privilegesRequired": "HIGH",
|
||||
"scope": "CHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,93 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-31914",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "psirt@us.ibm.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
|
||||
"cweId": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "IBM",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Sterling B2B Integrator Standard Edition",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "6.0.0.0",
|
||||
"version_value": "6.1.2.5"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "6.2.0.0",
|
||||
"version_value": "6.2.0.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.ibm.com/support/pages/node/7176081",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.ibm.com/support/pages/node/7176081"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.2.0"
|
||||
},
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.4,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "CHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,66 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-51111",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2024-51111",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim's browser."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "http://pnetlab.com",
|
||||
"refsource": "MISC",
|
||||
"name": "http://pnetlab.com"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/Zehraakmanlar/Bortecine-s_CVEs/blob/main/README.md",
|
||||
"url": "https://github.com/Zehraakmanlar/Bortecine-s_CVEs/blob/main/README.md"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,66 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-51112",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2024-51112",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to manipulate URLs to redirect users to arbitrary external websites via a crafted script"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "http://pnetlab.com",
|
||||
"refsource": "MISC",
|
||||
"name": "http://pnetlab.com"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/Zehraakmanlar/Bortecine-s_CVEs/blob/main/README.md",
|
||||
"url": "https://github.com/Zehraakmanlar/Bortecine-s_CVEs/blob/main/README.md"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,105 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-51472",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "psirt@us.ibm.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
|
||||
"cweId": "CWE-80"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "IBM",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "DevOps Deploy",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "8.0",
|
||||
"version_value": "8.0.1.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "UrbanCode Deploy",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "7.2",
|
||||
"version_value": "7.2.3.13"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "7.3",
|
||||
"version_value": "7.3.2.8"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.ibm.com/support/pages/node/7177856",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.ibm.com/support/pages/node/7177856"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.2.0"
|
||||
},
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "HIGH",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 3.1,
|
||||
"baseSeverity": "LOW",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,18 +1,92 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-56757",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cve@kernel.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btusb: mediatek: add intf release flow when usb disconnect\n\nMediaTek claim an special usb intr interface for ISO data transmission.\nThe interface need to be released before unregistering hci device when\nusb disconnect. Removing BT usb dongle without properly releasing the\ninterface may cause Kernel panic while unregister hci device."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Linux",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Linux",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
|
||||
"version_value": "cc569d791ab2a0de74f76e470515d25d24c9b84b"
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"version": "6.12.8",
|
||||
"lessThanOrEqual": "6.12.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.13-rc1",
|
||||
"lessThanOrEqual": "*",
|
||||
"status": "unaffected",
|
||||
"versionType": "original_commit_for_fix"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/cc569d791ab2a0de74f76e470515d25d24c9b84b",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/cc569d791ab2a0de74f76e470515d25d24c9b84b"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/489304e67087abddc2666c5af0159cb95afdcf59",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/489304e67087abddc2666c5af0159cb95afdcf59"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-5f407fcff5a0"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,102 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-56758",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cve@kernel.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: check folio mapping after unlock in relocate_one_folio()\n\nWhen we call btrfs_read_folio() to bring a folio uptodate, we unlock the\nfolio. The result of that is that a different thread can modify the\nmapping (like remove it with invalidate) before we call folio_lock().\nThis results in an invalid page and we need to try again.\n\nIn particular, if we are relocating concurrently with aborting a\ntransaction, this can result in a crash like the following:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP\n CPU: 76 PID: 1411631 Comm: kworker/u322:5\n Workqueue: events_unbound btrfs_reclaim_bgs_work\n RIP: 0010:set_page_extent_mapped+0x20/0xb0\n RSP: 0018:ffffc900516a7be8 EFLAGS: 00010246\n RAX: ffffea009e851d08 RBX: ffffea009e0b1880 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffffc900516a7b90 RDI: ffffea009e0b1880\n RBP: 0000000003573000 R08: 0000000000000001 R09: ffff88c07fd2f3f0\n R10: 0000000000000000 R11: 0000194754b575be R12: 0000000003572000\n R13: 0000000003572fff R14: 0000000000100cca R15: 0000000005582fff\n FS: 0000000000000000(0000) GS:ffff88c07fd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 000000407d00f002 CR4: 00000000007706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n <TASK>\n ? __die+0x78/0xc0\n ? page_fault_oops+0x2a8/0x3a0\n ? __switch_to+0x133/0x530\n ? wq_worker_running+0xa/0x40\n ? exc_page_fault+0x63/0x130\n ? asm_exc_page_fault+0x22/0x30\n ? set_page_extent_mapped+0x20/0xb0\n relocate_file_extent_cluster+0x1a7/0x940\n relocate_data_extent+0xaf/0x120\n relocate_block_group+0x20f/0x480\n btrfs_relocate_block_group+0x152/0x320\n btrfs_relocate_chunk+0x3d/0x120\n btrfs_reclaim_bgs_work+0x2ae/0x4e0\n process_scheduled_works+0x184/0x370\n worker_thread+0xc6/0x3e0\n ? blk_add_timer+0xb0/0xb0\n kthread+0xae/0xe0\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork+0x2f/0x40\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork_asm+0x11/0x20\n </TASK>\n\nThis occurs because cleanup_one_transaction() calls\ndestroy_delalloc_inodes() which calls invalidate_inode_pages2() which\ntakes the folio_lock before setting mapping to NULL. We fail to check\nthis, and subsequently call set_extent_mapping(), which assumes that\nmapping != NULL (in fact it asserts that in debug mode)\n\nNote that the \"fixes\" patch here is not the one that introduced the\nrace (the very first iteration of this code from 2009) but a more recent\nchange that made this particular crash happen in practice."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Linux",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Linux",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "e7f1326cc24e22b38afc3acd328480a1183f9e79",
|
||||
"version_value": "d508e56270389b3a16f5b3cf247f4eb1bbad1578"
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"version": "6.6",
|
||||
"status": "affected"
|
||||
},
|
||||
{
|
||||
"version": "0",
|
||||
"lessThan": "6.6",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.12.8",
|
||||
"lessThanOrEqual": "6.12.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.13-rc5",
|
||||
"lessThanOrEqual": "*",
|
||||
"status": "unaffected",
|
||||
"versionType": "original_commit_for_fix"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/d508e56270389b3a16f5b3cf247f4eb1bbad1578",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/d508e56270389b3a16f5b3cf247f4eb1bbad1578"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/3e74859ee35edc33a022c3f3971df066ea0ca6b9",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/3e74859ee35edc33a022c3f3971df066ea0ca6b9"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-5f407fcff5a0"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,92 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-56759",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cve@kernel.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free when COWing tree bock and tracing is enabled\n\nWhen a COWing a tree block, at btrfs_cow_block(), and we have the\ntracepoint trace_btrfs_cow_block() enabled and preemption is also enabled\n(CONFIG_PREEMPT=y), we can trigger a use-after-free in the COWed extent\nbuffer while inside the tracepoint code. This is because in some paths\nthat call btrfs_cow_block(), such as btrfs_search_slot(), we are holding\nthe last reference on the extent buffer @buf so btrfs_force_cow_block()\ndrops the last reference on the @buf extent buffer when it calls\nfree_extent_buffer_stale(buf), which schedules the release of the extent\nbuffer with RCU. This means that if we are on a kernel with preemption,\nthe current task may be preempted before calling trace_btrfs_cow_block()\nand the extent buffer already released by the time trace_btrfs_cow_block()\nis called, resulting in a use-after-free.\n\nFix this by moving the trace_btrfs_cow_block() from btrfs_cow_block() to\nbtrfs_force_cow_block() before the COWed extent buffer is freed.\nThis also has a side effect of invoking the tracepoint in the tree defrag\ncode, at defrag.c:btrfs_realloc_node(), since btrfs_force_cow_block() is\ncalled there, but this is fine and it was actually missing there."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Linux",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Linux",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
|
||||
"version_value": "c3a403d8ce36f5a809a492581de5ad17843e4701"
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"version": "6.12.8",
|
||||
"lessThanOrEqual": "6.12.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.13-rc5",
|
||||
"lessThanOrEqual": "*",
|
||||
"status": "unaffected",
|
||||
"versionType": "original_commit_for_fix"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/c3a403d8ce36f5a809a492581de5ad17843e4701",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/c3a403d8ce36f5a809a492581de5ad17843e4701"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/44f52bbe96dfdbe4aca3818a2534520082a07040",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/44f52bbe96dfdbe4aca3818a2534520082a07040"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-5f407fcff5a0"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,113 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-56760",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cve@kernel.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/MSI: Handle lack of irqdomain gracefully\n\nAlexandre observed a warning emitted from pci_msi_setup_msi_irqs() on a\nRISCV platform which does not provide PCI/MSI support:\n\n WARNING: CPU: 1 PID: 1 at drivers/pci/msi/msi.h:121 pci_msi_setup_msi_irqs+0x2c/0x32\n __pci_enable_msix_range+0x30c/0x596\n pci_msi_setup_msi_irqs+0x2c/0x32\n pci_alloc_irq_vectors_affinity+0xb8/0xe2\n\nRISCV uses hierarchical interrupt domains and correctly does not implement\nthe legacy fallback. The warning triggers from the legacy fallback stub.\n\nThat warning is bogus as the PCI/MSI layer knows whether a PCI/MSI parent\ndomain is associated with the device or not. There is a check for MSI-X,\nwhich has a legacy assumption. But that legacy fallback assumption is only\nvalid when legacy support is enabled, but otherwise the check should simply\nreturn -ENOTSUPP.\n\nLoongarch tripped over the same problem and blindly enabled legacy support\nwithout implementing the legacy fallbacks. There are weak implementations\nwhich return an error, so the problem was papered over.\n\nCorrect pci_msi_domain_supports() to evaluate the legacy mode and add\nthe missing supported check into the MSI enable path to complete it."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Linux",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Linux",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "d2a463b297415ca6dd4d60bb1c867dd7c931587b",
|
||||
"version_value": "b1f7476e07b93d65a1a3643dcb4a7bed80d4328d"
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"version": "6.2",
|
||||
"status": "affected"
|
||||
},
|
||||
{
|
||||
"version": "0",
|
||||
"lessThan": "6.2",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.6.69",
|
||||
"lessThanOrEqual": "6.6.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.12.8",
|
||||
"lessThanOrEqual": "6.12.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.13-rc5",
|
||||
"lessThanOrEqual": "*",
|
||||
"status": "unaffected",
|
||||
"versionType": "original_commit_for_fix"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/b1f7476e07b93d65a1a3643dcb4a7bed80d4328d",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/b1f7476e07b93d65a1a3643dcb4a7bed80d4328d"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/aed157301c659a48f5564cc4568cf0e5c8831af0",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/aed157301c659a48f5564cc4568cf0e5c8831af0"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/a60b990798eb17433d0283788280422b1bd94b18",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/a60b990798eb17433d0283788280422b1bd94b18"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-5f407fcff5a0"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,102 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-56761",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cve@kernel.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fred: Clear WFE in missing-ENDBRANCH #CPs\n\nAn indirect branch instruction sets the CPU indirect branch tracker\n(IBT) into WAIT_FOR_ENDBRANCH (WFE) state and WFE stays asserted\nacross the instruction boundary. When the decoder finds an\ninappropriate instruction while WFE is set ENDBR, the CPU raises a #CP\nfault.\n\nFor the \"kernel IBT no ENDBR\" selftest where #CPs are deliberately\ntriggered, the WFE state of the interrupted context needs to be\ncleared to let execution continue. Otherwise when the CPU resumes\nfrom the instruction that just caused the previous #CP, another\nmissing-ENDBRANCH #CP is raised and the CPU enters a dead loop.\n\nThis is not a problem with IDT because it doesn't preserve WFE and\nIRET doesn't set WFE. But FRED provides space on the entry stack\n(in an expanded CS area) to save and restore the WFE state, thus the\nWFE state is no longer clobbered, so software must clear it.\n\nClear WFE to avoid dead looping in ibt_clear_fred_wfe() and the\n!ibt_fatal code path when execution is allowed to continue.\n\nClobbering WFE in any other circumstance is a security-relevant bug.\n\n[ dhansen: changelog rewording ]"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Linux",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Linux",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "a5f6c2ace9974adf92ce65dacca8126d90adabfe",
|
||||
"version_value": "b939f108e86b76119428a6fa4e92491e09ac7867"
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"version": "6.6",
|
||||
"status": "affected"
|
||||
},
|
||||
{
|
||||
"version": "0",
|
||||
"lessThan": "6.6",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.12.8",
|
||||
"lessThanOrEqual": "6.12.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.13-rc5",
|
||||
"lessThanOrEqual": "*",
|
||||
"status": "unaffected",
|
||||
"versionType": "original_commit_for_fix"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/b939f108e86b76119428a6fa4e92491e09ac7867",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/b939f108e86b76119428a6fa4e92491e09ac7867"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/dc81e556f2a017d681251ace21bf06c126d5a192",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/dc81e556f2a017d681251ace21bf06c126d5a192"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-5f407fcff5a0"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,114 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-56762",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cve@kernel.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/sqpoll: fix sqpoll error handling races\n\nBUG: KASAN: slab-use-after-free in __lock_acquire+0x370b/0x4a10 kernel/locking/lockdep.c:5089\nCall Trace:\n<TASK>\n...\n_raw_spin_lock_irqsave+0x3d/0x60 kernel/locking/spinlock.c:162\nclass_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]\ntry_to_wake_up+0xb5/0x23c0 kernel/sched/core.c:4205\nio_sq_thread_park+0xac/0xe0 io_uring/sqpoll.c:55\nio_sq_thread_finish+0x6b/0x310 io_uring/sqpoll.c:96\nio_sq_offload_create+0x162/0x11d0 io_uring/sqpoll.c:497\nio_uring_create io_uring/io_uring.c:3724 [inline]\nio_uring_setup+0x1728/0x3230 io_uring/io_uring.c:3806\n...\n\nKun Hu reports that the SQPOLL creating error path has UAF, which\nhappens if io_uring_alloc_task_context() fails and then io_sq_thread()\nmanages to run and complete before the rest of error handling code,\nwhich means io_sq_thread_finish() is looking at already killed task.\n\nNote that this is mostly theoretical, requiring fault injection on\nthe allocation side to trigger in practice."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Linux",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Linux",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
|
||||
"version_value": "6237331361711810d8f2e3fbfe2f7a6f9548f5e0"
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"version": "6.1.123",
|
||||
"lessThanOrEqual": "6.1.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.6.69",
|
||||
"lessThanOrEqual": "6.6.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.12.8",
|
||||
"lessThanOrEqual": "6.12.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.13-rc5",
|
||||
"lessThanOrEqual": "*",
|
||||
"status": "unaffected",
|
||||
"versionType": "original_commit_for_fix"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/6237331361711810d8f2e3fbfe2f7a6f9548f5e0",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/6237331361711810d8f2e3fbfe2f7a6f9548f5e0"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/80120bb4eef7848d5aa3b1a0cd88367cd05fbe03",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/80120bb4eef7848d5aa3b1a0cd88367cd05fbe03"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/8e8494c83cf73168118587e9567e4f7e50ce4fd8",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/8e8494c83cf73168118587e9567e4f7e50ce4fd8"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/e33ac68e5e21ec1292490dfe061e75c0dbdd3bd4",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/e33ac68e5e21ec1292490dfe061e75c0dbdd3bd4"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-5f407fcff5a0"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,124 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-56763",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cve@kernel.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Prevent bad count for tracing_cpumask_write\n\nIf a large count is provided, it will trigger a warning in bitmap_parse_user.\nAlso check zero for it."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Linux",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Linux",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "9e01c1b74c9531e301c900edaa92a99fcb7738f2",
|
||||
"version_value": "3d15f4c2449558ffe83b4dba30614ef1cd6937c3"
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"version": "2.6.29",
|
||||
"status": "affected"
|
||||
},
|
||||
{
|
||||
"version": "0",
|
||||
"lessThan": "2.6.29",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.1.123",
|
||||
"lessThanOrEqual": "6.1.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.6.69",
|
||||
"lessThanOrEqual": "6.6.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.12.8",
|
||||
"lessThanOrEqual": "6.12.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.13-rc5",
|
||||
"lessThanOrEqual": "*",
|
||||
"status": "unaffected",
|
||||
"versionType": "original_commit_for_fix"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/3d15f4c2449558ffe83b4dba30614ef1cd6937c3",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/3d15f4c2449558ffe83b4dba30614ef1cd6937c3"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/03041e474a6a8f1bfd4b96b164bb3165c48fa1a3",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/03041e474a6a8f1bfd4b96b164bb3165c48fa1a3"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/1cca920af19df5dd91254e5ff35e68e911683706",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/1cca920af19df5dd91254e5ff35e68e911683706"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/98feccbf32cfdde8c722bc4587aaa60ee5ac33f0",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/98feccbf32cfdde8c722bc4587aaa60ee5ac33f0"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-5f407fcff5a0"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,102 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-56764",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cve@kernel.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk: detach gendisk from ublk device if add_disk() fails\n\nInside ublk_abort_requests(), gendisk is grabbed for aborting all\ninflight requests. And ublk_abort_requests() is called when exiting\nthe uring context or handling timeout.\n\nIf add_disk() fails, the gendisk may have been freed when calling\nublk_abort_requests(), so use-after-free can be caused when getting\ndisk's reference in ublk_abort_requests().\n\nFixes the bug by detaching gendisk from ublk device if add_disk() fails."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Linux",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Linux",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "bd23f6c2c2d00518e2f27f2d25cef795de9bee56",
|
||||
"version_value": "7d680f2f76a3417fdfc3946da7471e81464f7b41"
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"version": "6.7",
|
||||
"status": "affected"
|
||||
},
|
||||
{
|
||||
"version": "0",
|
||||
"lessThan": "6.7",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.12.8",
|
||||
"lessThanOrEqual": "6.12.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.13-rc5",
|
||||
"lessThanOrEqual": "*",
|
||||
"status": "unaffected",
|
||||
"versionType": "original_commit_for_fix"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/7d680f2f76a3417fdfc3946da7471e81464f7b41",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/7d680f2f76a3417fdfc3946da7471e81464f7b41"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/75cd4005da5492129917a4a4ee45e81660556104",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/75cd4005da5492129917a4a4ee45e81660556104"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-5f407fcff5a0"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,124 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-56765",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cve@kernel.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/vas: Add close() callback in vas_vm_ops struct\n\nThe mapping VMA address is saved in VAS window struct when the\npaste address is mapped. This VMA address is used during migration\nto unmap the paste address if the window is active. The paste\naddress mapping will be removed when the window is closed or with\nthe munmap(). But the VMA address in the VAS window is not updated\nwith munmap() which is causing invalid access during migration.\n\nThe KASAN report shows:\n[16386.254991] BUG: KASAN: slab-use-after-free in reconfig_close_windows+0x1a0/0x4e8\n[16386.255043] Read of size 8 at addr c00000014a819670 by task drmgr/696928\n\n[16386.255096] CPU: 29 UID: 0 PID: 696928 Comm: drmgr Kdump: loaded Tainted: G B 6.11.0-rc5-nxgzip #2\n[16386.255128] Tainted: [B]=BAD_PAGE\n[16386.255148] Hardware name: IBM,9080-HEX Power11 (architected) 0x820200 0xf000007 of:IBM,FW1110.00 (NH1110_016) hv:phyp pSeries\n[16386.255181] Call Trace:\n[16386.255202] [c00000016b297660] [c0000000018ad0ac] dump_stack_lvl+0x84/0xe8 (unreliable)\n[16386.255246] [c00000016b297690] [c0000000006e8a90] print_report+0x19c/0x764\n[16386.255285] [c00000016b297760] [c0000000006e9490] kasan_report+0x128/0x1f8\n[16386.255309] [c00000016b297880] [c0000000006eb5c8] __asan_load8+0xac/0xe0\n[16386.255326] [c00000016b2978a0] [c00000000013f898] reconfig_close_windows+0x1a0/0x4e8\n[16386.255343] [c00000016b297990] [c000000000140e58] vas_migration_handler+0x3a4/0x3fc\n[16386.255368] [c00000016b297a90] [c000000000128848] pseries_migrate_partition+0x4c/0x4c4\n...\n\n[16386.256136] Allocated by task 696554 on cpu 31 at 16377.277618s:\n[16386.256149] kasan_save_stack+0x34/0x68\n[16386.256163] kasan_save_track+0x34/0x80\n[16386.256175] kasan_save_alloc_info+0x58/0x74\n[16386.256196] __kasan_slab_alloc+0xb8/0xdc\n[16386.256209] kmem_cache_alloc_noprof+0x200/0x3d0\n[16386.256225] vm_area_alloc+0x44/0x150\n[16386.256245] mmap_region+0x214/0x10c4\n[16386.256265] do_mmap+0x5fc/0x750\n[16386.256277] vm_mmap_pgoff+0x14c/0x24c\n[16386.256292] ksys_mmap_pgoff+0x20c/0x348\n[16386.256303] sys_mmap+0xd0/0x160\n...\n\n[16386.256350] Freed by task 0 on cpu 31 at 16386.204848s:\n[16386.256363] kasan_save_stack+0x34/0x68\n[16386.256374] kasan_save_track+0x34/0x80\n[16386.256384] kasan_save_free_info+0x64/0x10c\n[16386.256396] __kasan_slab_free+0x120/0x204\n[16386.256415] kmem_cache_free+0x128/0x450\n[16386.256428] vm_area_free_rcu_cb+0xa8/0xd8\n[16386.256441] rcu_do_batch+0x2c8/0xcf0\n[16386.256458] rcu_core+0x378/0x3c4\n[16386.256473] handle_softirqs+0x20c/0x60c\n[16386.256495] do_softirq_own_stack+0x6c/0x88\n[16386.256509] do_softirq_own_stack+0x58/0x88\n[16386.256521] __irq_exit_rcu+0x1a4/0x20c\n[16386.256533] irq_exit+0x20/0x38\n[16386.256544] interrupt_async_exit_prepare.constprop.0+0x18/0x2c\n...\n\n[16386.256717] Last potentially related work creation:\n[16386.256729] kasan_save_stack+0x34/0x68\n[16386.256741] __kasan_record_aux_stack+0xcc/0x12c\n[16386.256753] __call_rcu_common.constprop.0+0x94/0xd04\n[16386.256766] vm_area_free+0x28/0x3c\n[16386.256778] remove_vma+0xf4/0x114\n[16386.256797] do_vmi_align_munmap.constprop.0+0x684/0x870\n[16386.256811] __vm_munmap+0xe0/0x1f8\n[16386.256821] sys_munmap+0x54/0x6c\n[16386.256830] system_call_exception+0x1a0/0x4a0\n[16386.256841] system_call_vectored_common+0x15c/0x2ec\n\n[16386.256868] The buggy address belongs to the object at c00000014a819670\n which belongs to the cache vm_area_struct of size 168\n[16386.256887] The buggy address is located 0 bytes inside of\n freed 168-byte region [c00000014a819670, c00000014a819718)\n\n[16386.256915] The buggy address belongs to the physical page:\n[16386.256928] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a81\n[16386.256950] memcg:c0000000ba430001\n[16386.256961] anon flags: 0x43ffff800000000(node=4|zone=0|lastcpupid=0x7ffff)\n[16386.256975] page_type: 0xfdffffff(slab)\n[16386\n---truncated---"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Linux",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Linux",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "37e6764895ef7431f45ff603a548549d409993d2",
|
||||
"version_value": "8b2282b5084521254a2cd9742a3f4e1d5b77f843"
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"version": "5.18",
|
||||
"status": "affected"
|
||||
},
|
||||
{
|
||||
"version": "0",
|
||||
"lessThan": "5.18",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.1.123",
|
||||
"lessThanOrEqual": "6.1.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.6.69",
|
||||
"lessThanOrEqual": "6.6.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.12.8",
|
||||
"lessThanOrEqual": "6.12.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.13-rc5",
|
||||
"lessThanOrEqual": "*",
|
||||
"status": "unaffected",
|
||||
"versionType": "original_commit_for_fix"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/8b2282b5084521254a2cd9742a3f4e1d5b77f843",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/8b2282b5084521254a2cd9742a3f4e1d5b77f843"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/b7f60ffdfd96f8fc826f1d61a1c6067d828e20b9",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/b7f60ffdfd96f8fc826f1d61a1c6067d828e20b9"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/6d9cd27105459f169993a4c5f216499a946dbf34",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/6d9cd27105459f169993a4c5f216499a946dbf34"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/05aa156e156ef3168e7ab8a68721945196495c17",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/05aa156e156ef3168e7ab8a68721945196495c17"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-5f407fcff5a0"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,139 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-56766",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cve@kernel.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: fix double free in atmel_pmecc_create_user()\n\nThe \"user\" pointer was converted from being allocated with kzalloc() to\nbeing allocated by devm_kzalloc(). Calling kfree(user) will lead to a\ndouble free."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Linux",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Linux",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "24cbc37e837fd9e31e5024480b779207d1d99f1d",
|
||||
"version_value": "6ea15205d7e2b811fbbdf79783f686f58abfb4b7"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "f1290871c8aaeb13029390a2b6e5c05733a1be6f",
|
||||
"version_value": "dd45c87782738715d5e7c167f8dabf0814a7394a"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "8ac19ec818c548c5788da5926dcc8af96fad4bb1",
|
||||
"version_value": "d2f090ea57f8d6587e09d4066f740a8617767b3d"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "6d734f1bfc336aaea91313a5632f2f197608fadd",
|
||||
"version_value": "d8e4771f99c0400a1873235704b28bb803c83d17"
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"version": "6.13-rc1",
|
||||
"status": "affected"
|
||||
},
|
||||
{
|
||||
"version": "0",
|
||||
"lessThan": "6.13-rc1",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.1.123",
|
||||
"lessThanOrEqual": "6.1.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.6.69",
|
||||
"lessThanOrEqual": "6.6.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.12.8",
|
||||
"lessThanOrEqual": "6.12.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.13-rc5",
|
||||
"lessThanOrEqual": "*",
|
||||
"status": "unaffected",
|
||||
"versionType": "original_commit_for_fix"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/6ea15205d7e2b811fbbdf79783f686f58abfb4b7",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/6ea15205d7e2b811fbbdf79783f686f58abfb4b7"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/dd45c87782738715d5e7c167f8dabf0814a7394a",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/dd45c87782738715d5e7c167f8dabf0814a7394a"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/d2f090ea57f8d6587e09d4066f740a8617767b3d",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/d2f090ea57f8d6587e09d4066f740a8617767b3d"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/d8e4771f99c0400a1873235704b28bb803c83d17",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/d8e4771f99c0400a1873235704b28bb803c83d17"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-5f407fcff5a0"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,124 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-56767",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cve@kernel.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset\n\nThe at_xdmac_memset_create_desc may return NULL, which will lead to a\nnull pointer dereference. For example, the len input is error, or the\natchan->free_descs_list is empty and memory is exhausted. Therefore, add\ncheck to avoid this."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Linux",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Linux",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "b206d9a23ac71cb905f5fb6e0cd813406f89b678",
|
||||
"version_value": "fdba6d5e455388377ec7e82a5913ddfcc7edd93b"
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"version": "4.2",
|
||||
"status": "affected"
|
||||
},
|
||||
{
|
||||
"version": "0",
|
||||
"lessThan": "4.2",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.1.123",
|
||||
"lessThanOrEqual": "6.1.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.6.69",
|
||||
"lessThanOrEqual": "6.6.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.12.8",
|
||||
"lessThanOrEqual": "6.12.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.13-rc5",
|
||||
"lessThanOrEqual": "*",
|
||||
"status": "unaffected",
|
||||
"versionType": "original_commit_for_fix"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/fdba6d5e455388377ec7e82a5913ddfcc7edd93b",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/fdba6d5e455388377ec7e82a5913ddfcc7edd93b"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/e658f1c133b854b2ae799147301d82dddb8f3162",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/e658f1c133b854b2ae799147301d82dddb8f3162"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/54376d8d26596f98ed7432a788314bb9154bf3e3",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/54376d8d26596f98ed7432a788314bb9154bf3e3"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/c43ec96e8d34399bd9dab2f2dc316b904892133f",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/c43ec96e8d34399bd9dab2f2dc316b904892133f"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-5f407fcff5a0"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,102 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-56768",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cve@kernel.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP\n\nOn x86-64 calling bpf_get_smp_processor_id() in a kernel with CONFIG_SMP\ndisabled can trigger the following bug, as pcpu_hot is unavailable:\n\n [ 8.471774] BUG: unable to handle page fault for address: 00000000936a290c\n [ 8.471849] #PF: supervisor read access in kernel mode\n [ 8.471881] #PF: error_code(0x0000) - not-present page\n\nFix by inlining a return 0 in the !CONFIG_SMP case."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Linux",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Linux",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "1ae6921009e5d72787e07ccc04754514ccf6bc99",
|
||||
"version_value": "f4ab7d74247b0150547cf909b3f6f24ee85183df"
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"version": "6.10",
|
||||
"status": "affected"
|
||||
},
|
||||
{
|
||||
"version": "0",
|
||||
"lessThan": "6.10",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.12.8",
|
||||
"lessThanOrEqual": "6.12.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.13-rc4",
|
||||
"lessThanOrEqual": "*",
|
||||
"status": "unaffected",
|
||||
"versionType": "original_commit_for_fix"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/f4ab7d74247b0150547cf909b3f6f24ee85183df",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/f4ab7d74247b0150547cf909b3f6f24ee85183df"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/23579010cf0a12476e96a5f1acdf78a9c5843657",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/23579010cf0a12476e96a5f1acdf78a9c5843657"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-5f407fcff5a0"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,124 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-56769",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cve@kernel.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg\n\nSyzbot reports [1] an uninitialized value issue found by KMSAN in\ndib3000_read_reg().\n\nLocal u8 rb[2] is used in i2c_transfer() as a read buffer; in case\nthat call fails, the buffer may end up with some undefined values.\n\nSince no elaborate error handling is expected in dib3000_write_reg(),\nsimply zero out rb buffer to mitigate the problem.\n\n[1] Syzkaller report\ndvb-usb: bulk message failed: -22 (6/0)\n=====================================================\nBUG: KMSAN: uninit-value in dib3000mb_attach+0x2d8/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758\n dib3000mb_attach+0x2d8/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758\n dibusb_dib3000mb_frontend_attach+0x155/0x2f0 drivers/media/usb/dvb-usb/dibusb-mb.c:31\n dvb_usb_adapter_frontend_init+0xed/0x9a0 drivers/media/usb/dvb-usb/dvb-usb-dvb.c:290\n dvb_usb_adapter_init drivers/media/usb/dvb-usb/dvb-usb-init.c:90 [inline]\n dvb_usb_init drivers/media/usb/dvb-usb/dvb-usb-init.c:186 [inline]\n dvb_usb_device_init+0x25a8/0x3760 drivers/media/usb/dvb-usb/dvb-usb-init.c:310\n dibusb_probe+0x46/0x250 drivers/media/usb/dvb-usb/dibusb-mb.c:110\n...\nLocal variable rb created at:\n dib3000_read_reg+0x86/0x4e0 drivers/media/dvb-frontends/dib3000mb.c:54\n dib3000mb_attach+0x123/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758\n..."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Linux",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Linux",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "74340b0a8bc60b400c7e5fe4950303aa6f914d16",
|
||||
"version_value": "3876e3a1c31a58a352c6bf5d2a90e3304445a637"
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"version": "2.6.19",
|
||||
"status": "affected"
|
||||
},
|
||||
{
|
||||
"version": "0",
|
||||
"lessThan": "2.6.19",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.1.123",
|
||||
"lessThanOrEqual": "6.1.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.6.69",
|
||||
"lessThanOrEqual": "6.6.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.12.8",
|
||||
"lessThanOrEqual": "6.12.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"version": "6.13-rc4",
|
||||
"lessThanOrEqual": "*",
|
||||
"status": "unaffected",
|
||||
"versionType": "original_commit_for_fix"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/3876e3a1c31a58a352c6bf5d2a90e3304445a637",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/3876e3a1c31a58a352c6bf5d2a90e3304445a637"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/1d6de21f00293d819b5ca6dbe75ff1f3b6392140",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/1d6de21f00293d819b5ca6dbe75ff1f3b6392140"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/c1197c1457bb7098cf46366e898eb52b41b6876a",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/c1197c1457bb7098cf46366e898eb52b41b6876a"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/2dd59fe0e19e1ab955259978082b62e5751924c7",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/2dd59fe0e19e1ab955259978082b62e5751924c7"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-5f407fcff5a0"
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0249.json
Normal file
18
2025/0xxx/CVE-2025-0249.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0249",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0250.json
Normal file
18
2025/0xxx/CVE-2025-0250.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0250",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0251.json
Normal file
18
2025/0xxx/CVE-2025-0251.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0251",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0252.json
Normal file
18
2025/0xxx/CVE-2025-0252.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0252",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0253.json
Normal file
18
2025/0xxx/CVE-2025-0253.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0253",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0254.json
Normal file
18
2025/0xxx/CVE-2025-0254.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0254",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0255.json
Normal file
18
2025/0xxx/CVE-2025-0255.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0255",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0256.json
Normal file
18
2025/0xxx/CVE-2025-0256.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0256",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0257.json
Normal file
18
2025/0xxx/CVE-2025-0257.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0257",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0258.json
Normal file
18
2025/0xxx/CVE-2025-0258.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0258",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0259.json
Normal file
18
2025/0xxx/CVE-2025-0259.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0259",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0260.json
Normal file
18
2025/0xxx/CVE-2025-0260.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0260",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0261.json
Normal file
18
2025/0xxx/CVE-2025-0261.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0261",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0262.json
Normal file
18
2025/0xxx/CVE-2025-0262.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0262",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0263.json
Normal file
18
2025/0xxx/CVE-2025-0263.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0263",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0264.json
Normal file
18
2025/0xxx/CVE-2025-0264.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0264",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0265.json
Normal file
18
2025/0xxx/CVE-2025-0265.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0265",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0266.json
Normal file
18
2025/0xxx/CVE-2025-0266.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0266",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0267.json
Normal file
18
2025/0xxx/CVE-2025-0267.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0267",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0268.json
Normal file
18
2025/0xxx/CVE-2025-0268.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0268",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0269.json
Normal file
18
2025/0xxx/CVE-2025-0269.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0269",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0270.json
Normal file
18
2025/0xxx/CVE-2025-0270.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0270",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0271.json
Normal file
18
2025/0xxx/CVE-2025-0271.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0271",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0272.json
Normal file
18
2025/0xxx/CVE-2025-0272.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0272",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0273.json
Normal file
18
2025/0xxx/CVE-2025-0273.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0273",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0274.json
Normal file
18
2025/0xxx/CVE-2025-0274.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0274",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0275.json
Normal file
18
2025/0xxx/CVE-2025-0275.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0275",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0276.json
Normal file
18
2025/0xxx/CVE-2025-0276.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0276",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0277.json
Normal file
18
2025/0xxx/CVE-2025-0277.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0277",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0278.json
Normal file
18
2025/0xxx/CVE-2025-0278.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0278",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0279.json
Normal file
18
2025/0xxx/CVE-2025-0279.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0279",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0280.json
Normal file
18
2025/0xxx/CVE-2025-0280.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0280",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0281.json
Normal file
18
2025/0xxx/CVE-2025-0281.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0281",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0282.json
Normal file
18
2025/0xxx/CVE-2025-0282.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0282",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0283.json
Normal file
18
2025/0xxx/CVE-2025-0283.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0283",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2025/0xxx/CVE-2025-0284.json
Normal file
18
2025/0xxx/CVE-2025-0284.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-0284",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,68 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-21613",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security-advisories@github.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')",
|
||||
"cweId": "CWE-88"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "go-git",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "go-git",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": ">= 4.0.0, < 5.13.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "GHSA-v725-9546-7q7m",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -1,17 +1,85 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-21614",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security-advisories@github.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-400: Uncontrolled Resource Consumption",
|
||||
"cweId": "CWE-400"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "go-git",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "go-git",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": ">= 4.0.0, < 5.13.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "GHSA-r9px-m959-cxf4",
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,85 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-21615",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security-advisories@github.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "AAT (Another Activity Tracker) is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from malicious apps installed on the same device."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
|
||||
"cweId": "CWE-200"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "bailuk",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "AAT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "< 1.26"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/bailuk/AAT/security/advisories/GHSA-pwpm-x58v-px5c",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/bailuk/AAT/security/advisories/GHSA-pwpm-x58v-px5c"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "GHSA-pwpm-x58v-px5c",
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "LOCAL",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.5,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,90 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-21618",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security-advisories@github.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "NiceGUI is an easy-to-use, Python-based UI framework. Prior to 2.9.1, authenticating with NiceGUI logged in the user for all browsers, including browsers in incognito mode. This vulnerability is fixed in 2.9.1."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-287: Improper Authentication",
|
||||
"cweId": "CWE-287"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "zauberzeug",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "nicegui",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "< 2.9.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/zauberzeug/nicegui/security/advisories/GHSA-v6jv-p6r8-j78w",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/zauberzeug/nicegui/security/advisories/GHSA-v6jv-p6r8-j78w"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/zauberzeug/nicegui/commit/1621a4ba6a06676b8094362d36623551e651adc1",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/zauberzeug/nicegui/commit/1621a4ba6a06676b8094362d36623551e651adc1"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "GHSA-v6jv-p6r8-j78w",
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user