admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-07-02 20:00:36 +00:00
parent 7a81bff9d9
commit 212d1acafc
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
33 changed files with 821 additions and 366 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

144
2021/47xxx/CVE-2021-47285.json
View File

@ -5,154 +5,14 @@
"CVE_data_meta": {
"ID": "CVE-2021-47285",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/nfc/rawsock.c: fix a permission check bug\n\nThe function rawsock_create() calls a privileged function sk_alloc(), which requires a ns-aware check to check net->user_ns, i.e., ns_capable(). However, the original code checks the init_user_ns using capable(). So we replace the capable() with ns_capable()."
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "c08e0be44759"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.4.273",
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.9.273",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.14.237",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.195",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.126",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.44",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.11",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/c08e0be44759d0b5affc5888be4aa5e536873335",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c08e0be44759d0b5affc5888be4aa5e536873335"
},
{
"url": "https://git.kernel.org/stable/c/d6a21a3fb03300fbaa9fc3ed99f8b0962ce28362",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d6a21a3fb03300fbaa9fc3ed99f8b0962ce28362"
},
{
"url": "https://git.kernel.org/stable/c/38cb2e23188af29c43966acee9dbb18b62e26cfe",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/38cb2e23188af29c43966acee9dbb18b62e26cfe"
},
{
"url": "https://git.kernel.org/stable/c/ec72482564ff99c6832d33610d9f8ab7ecc81b6d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ec72482564ff99c6832d33610d9f8ab7ecc81b6d"
},
{
"url": "https://git.kernel.org/stable/c/f3ed12af6bbbaf79eddb0ae14656b8ecacea74f0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f3ed12af6bbbaf79eddb0ae14656b8ecacea74f0"
},
{
"url": "https://git.kernel.org/stable/c/1e5cab50208c8fb7351b798cb1d569debfeb994a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1e5cab50208c8fb7351b798cb1d569debfeb994a"
},
{
"url": "https://git.kernel.org/stable/c/90d0a3c76965d7a10fc87c07be3e9714e2130d5c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/90d0a3c76965d7a10fc87c07be3e9714e2130d5c"
},
{
"url": "https://git.kernel.org/stable/c/8ab78863e9eff11910e1ac8bcf478060c29b379e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8ab78863e9eff11910e1ac8bcf478060c29b379e"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

72
2022/30xxx/CVE-2022-30636.json
View File

@ -1,18 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-30636",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@golang.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator (\\ vs. /), allowing a user to provide a relative path, i.e. .well-known/acme-challenge/..\\..\\asd becomes ..\\..\\asd. The extracted path is then suffixed with +http-01, joined with the cache directory, and opened. Since the controlled path is suffixed with +http-01 before opening, the impact of this is significantly limited, since it only allows reading arbitrary files on the system if and only if they have this suffix."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE 22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "golang.org/x/crypto",
"product": {
"product_data": [
{
"product_name": "golang.org/x/crypto/acme/autocert",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "0.0.0-20220525230936-793ad666bf5e"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://go.dev/cl/408694",
"refsource": "MISC",
"name": "https://go.dev/cl/408694"
},
{
"url": "https://go.dev/issue/53082",
"refsource": "MISC",
"name": "https://go.dev/issue/53082"
},
{
"url": "https://pkg.go.dev/vuln/GO-2024-2961",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2024-2961"
}
]
},
"credits": [
{
"lang": "en",
"value": "Juho Nurminen of Mattermost"
}
]
}

82
2023/24xxx/CVE-2023-24531.json
View File

@ -1,18 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24531",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@golang.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its output as a shell script can cause various bad bahaviors, including executing arbitrary commands or inserting new environment variables. This issue is relatively minor because, in general, if an attacker can set arbitrary environment variables on a system, they have better attack vectors than making \"go env\" print them out."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-138: Improper Neutralization of Special Elements"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Go toolchain",
"product": {
"product_data": [
{
"product_name": "cmd/go",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.21.0-0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://go.dev/cl/488375",
"refsource": "MISC",
"name": "https://go.dev/cl/488375"
},
{
"url": "https://go.dev/cl/493535",
"refsource": "MISC",
"name": "https://go.dev/cl/493535"
},
{
"url": "https://go.dev/issue/58508",
"refsource": "MISC",
"name": "https://go.dev/issue/58508"
},
{
"url": "https://groups.google.com/g/golang-dev/c/ixHOFpSbajE/m/8EjlbKVWAwAJ",
"refsource": "MISC",
"name": "https://groups.google.com/g/golang-dev/c/ixHOFpSbajE/m/8EjlbKVWAwAJ"
},
{
"url": "https://pkg.go.dev/vuln/GO-2024-2962",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2024-2962"
}
]
},
"credits": [
{
"lang": "en",
"value": "Hunter Wittenborn (https://hunterwittenborn.com/)"
}
]
}

99
2024/38xxx/CVE-2024-38391.json
View File

@ -5,109 +5,14 @@
"CVE_data_meta": {
"ID": "CVE-2024-38391",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/region: Fix cxlr_pmem leaks\n\nBefore this error path, cxlr_pmem pointed to a kzalloc() memory, free\nit to avoid this memory leaking."
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "f17b558d6663",
"version_value": "24b9362c9fa5"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.2",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.2",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.33",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.4",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/24b9362c9fa57f9291b380a3cc77b8b5c9fa27da",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/24b9362c9fa57f9291b380a3cc77b8b5c9fa27da"
},
{
"url": "https://git.kernel.org/stable/c/eef8d414b07a1e85c1367324fb6c6a46b79269bd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/eef8d414b07a1e85c1367324fb6c6a46b79269bd"
},
{
"url": "https://git.kernel.org/stable/c/1c987cf22d6b65ade46145c03eef13f0e3e81d83",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1c987cf22d6b65ade46145c03eef13f0e3e81d83"
}
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
}
}

96
2024/38xxx/CVE-2024-38537.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38537",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Fides is an open-source privacy engineering platform. `fides.js`, a client-side script used to interact with the consent management features of Fides, used the `polyfill.io` domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard. Therefore it was possible for users of legacy, pre-2017 browsers who navigate to a page serving `fides.js` to download and execute malicious scripts from the `polyfill.io` domain when the domain was compromised and serving malware. No exploitation of `fides.js` via `polyfill.io` has been identified as of time of publication.\n\nThe vulnerability has been patched in Fides version `2.39.1`. Users are advised to upgrade to this version or later to secure their systems against this threat. On Thursday, June 27, 2024, Cloudflare and Namecheap intervened at a domain level to ensure `polyfill.io` and its subdomains could not resolve to the compromised service, rendering this vulnerability unexploitable. Prior to the domain level intervention, there were no server-side workarounds and the confidentiality, integrity, and availability impacts of this vulnerability were high. Clients could ensure they were not affected by using a modern browser that supported the fetch standard."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
"cweId": "CWE-829"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ethyca",
"product": {
"product_data": [
{
"product_name": "fides",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.39.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/ethyca/fides/security/advisories/GHSA-cvw4-c69g-7v7m",
"refsource": "MISC",
"name": "https://github.com/ethyca/fides/security/advisories/GHSA-cvw4-c69g-7v7m"
},
{
"url": "https://github.com/ethyca/fides/pull/5026",
"refsource": "MISC",
"name": "https://github.com/ethyca/fides/pull/5026"
},
{
"url": "https://github.com/ethyca/fides/commit/868c4d629760572192bd61db34f5a4458ed12005",
"refsource": "MISC",
"name": "https://github.com/ethyca/fides/commit/868c4d629760572192bd61db34f5a4458ed12005"
},
{
"url": "https://fetch.spec.whatwg.org",
"refsource": "MISC",
"name": "https://fetch.spec.whatwg.org"
},
{
"url": "https://sansec.io/research/polyfill-supply-chain-attack",
"refsource": "MISC",
"name": "https://sansec.io/research/polyfill-supply-chain-attack"
}
]
},
"source": {
"advisory": "GHSA-cvw4-c69g-7v7m",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
}
]
}

110
2024/39xxx/CVE-2024-39362.json
View File

@ -5,120 +5,14 @@
"CVE_data_meta": {
"ID": "CVE-2024-39362",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: acpi: Unbind mux adapters before delete\n\nThere is an issue with ACPI overlay table removal specifically related\nto I2C multiplexers.\n\nConsider an ACPI SSDT Overlay that defines a PCA9548 I2C mux on an\nexisting I2C bus. When this table is loaded we see the creation of a\ndevice for the overall PCA9548 chip and 8 further devices - one\ni2c_adapter each for the mux channels. These are all bound to their\nACPI equivalents via an eventual invocation of acpi_bind_one().\n\nWhen we unload the SSDT overlay we run into the problem. The ACPI\ndevices are deleted as normal via acpi_device_del_work_fn() and the\nacpi_device_del_list.\n\nHowever, the following warning and stack trace is output as the\ndeletion does not go smoothly:\n------------[ cut here ]------------\nkernfs: can not remove 'physical_node', no directory\nWARNING: CPU: 1 PID: 11 at fs/kernfs/dir.c:1674 kernfs_remove_by_name_ns+0xb9/0xc0\nModules linked in:\nCPU: 1 PID: 11 Comm: kworker/u128:0 Not tainted 6.8.0-rc6+ #1\nHardware name: congatec AG conga-B7E3/conga-B7E3, BIOS 5.13 05/16/2023\nWorkqueue: kacpi_hotplug acpi_device_del_work_fn\nRIP: 0010:kernfs_remove_by_name_ns+0xb9/0xc0\nCode: e4 00 48 89 ef e8 07 71 db ff 5b b8 fe ff ff ff 5d 41 5c 41 5d e9 a7 55 e4 00 0f 0b eb a6 48 c7 c7 f0 38 0d 9d e8 97 0a d5 ff <0f> 0b eb dc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90\nRSP: 0018:ffff9f864008fb28 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff8ef90a8d4940 RCX: 0000000000000000\nRDX: ffff8f000e267d10 RSI: ffff8f000e25c780 RDI: ffff8f000e25c780\nRBP: ffff8ef9186f9870 R08: 0000000000013ffb R09: 00000000ffffbfff\nR10: 00000000ffffbfff R11: ffff8f000e0a0000 R12: ffff9f864008fb50\nR13: ffff8ef90c93dd60 R14: ffff8ef9010d0958 R15: ffff8ef9186f98c8\nFS: 0000000000000000(0000) GS:ffff8f000e240000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f48f5253a08 CR3: 00000003cb82e000 CR4: 00000000003506f0\nCall Trace:\n <TASK>\n ? kernfs_remove_by_name_ns+0xb9/0xc0\n ? __warn+0x7c/0x130\n ? kernfs_remove_by_name_ns+0xb9/0xc0\n ? report_bug+0x171/0x1a0\n ? handle_bug+0x3c/0x70\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? kernfs_remove_by_name_ns+0xb9/0xc0\n ? kernfs_remove_by_name_ns+0xb9/0xc0\n acpi_unbind_one+0x108/0x180\n device_del+0x18b/0x490\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n device_unregister+0xd/0x30\n i2c_del_adapter.part.0+0x1bf/0x250\n i2c_mux_del_adapters+0xa1/0xe0\n i2c_device_remove+0x1e/0x80\n device_release_driver_internal+0x19a/0x200\n bus_remove_device+0xbf/0x100\n device_del+0x157/0x490\n ? __pfx_device_match_fwnode+0x10/0x10\n ? srso_return_thunk+0x5/0x5f\n device_unregister+0xd/0x30\n i2c_acpi_notify+0x10f/0x140\n notifier_call_chain+0x58/0xd0\n blocking_notifier_call_chain+0x3a/0x60\n acpi_device_del_work_fn+0x85/0x1d0\n process_one_work+0x134/0x2f0\n worker_thread+0x2f0/0x410\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xe3/0x110\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2f/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n </TASK>\n---[ end trace 0000000000000000 ]---\n...\nrepeated 7 more times, 1 for each channel of the mux\n...\n\nThe issue is that the binding of the ACPI devices to their peer I2C\nadapters is not correctly cleaned up. Digging deeper into the issue we\nsee that the deletion order is such that the ACPI devices matching the\nmux channel i2c adapters are deleted first during the SSDT overlay\nremoval. For each of the channels we see a call to i2c_acpi_notify()\nwith ACPI_RECONFIG_DEVICE_REMOVE but, because these devices are not\nactually i2c_clients, nothing is done for them.\n\nLater on, after each of the mux channels has been dealt with, we come\nto delete the i2c_client representing the PCA9548 device. This is the\ncall stack we see above, whereby the kernel cleans up the i2c_client\nincluding destruction of the mux and its channel adapters. At this\npoint we do attempt to unbind from the ACPI peers but those peers \n---truncated---"
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "525e6fabeae2",
"version_value": "b1574c8c0a80"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.8",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.34",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.5",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/b1574c8c0a80bd587a7651bf64f00be1f5391d27",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b1574c8c0a80bd587a7651bf64f00be1f5391d27"
},
{
"url": "https://git.kernel.org/stable/c/90dd0592b3b005d6f15c4e23e1364d3ae95e588d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/90dd0592b3b005d6f15c4e23e1364d3ae95e588d"
},
{
"url": "https://git.kernel.org/stable/c/4f08050a47a59d199e214d711b989bb4f5150373",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4f08050a47a59d199e214d711b989bb4f5150373"
},
{
"url": "https://git.kernel.org/stable/c/3f858bbf04dbac934ac279aaee05d49eb9910051",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3f858bbf04dbac934ac279aaee05d49eb9910051"
}
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
}
}

18
2024/39xxx/CVE-2024-39895.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39895",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/39xxx/CVE-2024-39896.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39896",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/39xxx/CVE-2024-39897.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39897",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/39xxx/CVE-2024-39898.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39898",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/39xxx/CVE-2024-39899.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39899",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/39xxx/CVE-2024-39900.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39900",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/39xxx/CVE-2024-39901.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39901",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/39xxx/CVE-2024-39902.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39902",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/39xxx/CVE-2024-39903.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39903",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/39xxx/CVE-2024-39904.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39904",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/39xxx/CVE-2024-39905.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39905",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/39xxx/CVE-2024-39906.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39906",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/39xxx/CVE-2024-39907.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39907",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/39xxx/CVE-2024-39908.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39908",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/39xxx/CVE-2024-39909.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39909",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/39xxx/CVE-2024-39910.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39910",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/39xxx/CVE-2024-39911.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39911",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/39xxx/CVE-2024-39912.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39912",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/39xxx/CVE-2024-39913.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39913",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/39xxx/CVE-2024-39914.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39914",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/39xxx/CVE-2024-39915.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39915",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/39xxx/CVE-2024-39916.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39916",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/39xxx/CVE-2024-39917.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39917",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/39xxx/CVE-2024-39918.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39918",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/39xxx/CVE-2024-39919.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39919",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

2
2024/6xxx/CVE-2024-6387.json
View File

@ -230,7 +230,7 @@
"work_around": [
{
"lang": "en",
"value": "This mitigation can protect against a remote code execution attack, however the sshd server will remain vulnerable to a Denial of Service attack due to the possibility of MaxStartups connection exhaustion. The below process disables the LoginGraceTime parameter:\n\n1) As root user, open the /etc/ssh/sshd_config\n2) Add or edit the parameter configuration:\n~~~\nLoginGraceTime 0\n~~~\n3) Save and close the file\n4) Restart the sshd daemon:\n~~~\nsystemctl restart sshd.service\n~~~"
"value": "This mitigation can protect against a Remote Code Execution attack, however the sshd server will remain vulnerable to a Denial of Service attack due to the possibility of MaxStartups connection exhaustion. The below process disables the LoginGraceTime parameter:\n\n1) As root user, open the /etc/ssh/sshd_config\n2) Add or edit the parameter configuration:\n~~~\nLoginGraceTime 0\n~~~\n3) Save and close the file\n4) Restart the sshd daemon:\n~~~\nsystemctl restart sshd.service\n~~~"
}
],
"impact": {

132
2024/6xxx/CVE-2024-6452.json
View File

@ -1,17 +1,141 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6452",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical was found in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file AdminGoodscontroller.java. The manipulation of the argument goodsId/goodsSn/name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270235."
},
{
"lang": "deu",
"value": "In linlinjava litemall bis 1.8.0 wurde eine kritische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei AdminGoodscontroller.java. Durch das Beeinflussen des Arguments goodsId/goodsSn/name mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "linlinjava",
"product": {
"product_data": [
{
"product_name": "litemall",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
},
{
"version_affected": "=",
"version_value": "1.1"
},
{
"version_affected": "=",
"version_value": "1.2"
},
{
"version_affected": "=",
"version_value": "1.3"
},
{
"version_affected": "=",
"version_value": "1.4"
},
{
"version_affected": "=",
"version_value": "1.5"
},
{
"version_affected": "=",
"version_value": "1.6"
},
{
"version_affected": "=",
"version_value": "1.7"
},
{
"version_affected": "=",
"version_value": "1.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.270235",
"refsource": "MISC",
"name": "https://vuldb.com/?id.270235"
},
{
"url": "https://vuldb.com/?ctiid.270235",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.270235"
},
{
"url": "https://vuldb.com/?submit.367635",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.367635"
},
{
"url": "https://github.com/linlinjava/litemall/issues/548",
"refsource": "MISC",
"name": "https://github.com/linlinjava/litemall/issues/548"
}
]
},
"credits": [
{
"lang": "en",
"value": "Tmac (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}