admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-05-23 14:00:33 +00:00
parent da46347e2c
commit 5ace7686ee
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
9 changed files with 214 additions and 403 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
2021/47xxx/CVE-2021-47326.json
View File

@ -1,17 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47326",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}

6
2024/0xxx/CVE-2024-0340.json
View File

@ -130,6 +130,12 @@
}
]
},
"work_around": [
{
"lang": "en",
"value": "null"
}
],
"impact": {
"cvss": [
{

110
2024/26xxx/CVE-2024-26650.json
View File

@ -5,120 +5,14 @@
"CVE_data_meta": {
"ID": "CVE-2024-26650",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe\n\np2sb_bar() unhides P2SB device to get resources from the device. It\nguards the operation by locking pci_rescan_remove_lock so that parallel\nrescans do not find the P2SB device. However, this lock causes deadlock\nwhen PCI bus rescan is triggered by /sys/bus/pci/rescan. The rescan\nlocks pci_rescan_remove_lock and probes PCI devices. When PCI devices\ncall p2sb_bar() during probe, it locks pci_rescan_remove_lock again.\nHence the deadlock.\n\nTo avoid the deadlock, do not lock pci_rescan_remove_lock in p2sb_bar().\nInstead, do the lock at fs_initcall. Introduce p2sb_cache_resources()\nfor fs_initcall which gets and caches the P2SB resources. At p2sb_bar(),\nrefer the cache and return to the caller.\n\nBefore operating the device at P2SB DEVFN for resource cache, check\nthat its device class is PCI_CLASS_MEMORY_OTHER 0x0580 that PCH\nspecifications define. This avoids unexpected operation to other devices\nat the same DEVFN.\n\nTested-by Klara Modin <klarasmodin@gmail.com>"
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9745fb07474f",
"version_value": "2841631a0365"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.0",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.0",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.76",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.15",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.3",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/2841631a03652f32b595c563695d0461072e0de4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2841631a03652f32b595c563695d0461072e0de4"
},
{
"url": "https://git.kernel.org/stable/c/847e1eb30e269a094da046c08273abe3f3361cf2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/847e1eb30e269a094da046c08273abe3f3361cf2"
},
{
"url": "https://git.kernel.org/stable/c/d281ac9a987c553d93211b90fd4fe97d8eca32cd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d281ac9a987c553d93211b90fd4fe97d8eca32cd"
},
{
"url": "https://git.kernel.org/stable/c/5913320eb0b3ec88158cfcb0fa5e996bf4ef681b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5913320eb0b3ec88158cfcb0fa5e996bf4ef681b"
}
]
},
"generator": {
"engine": "bippy-b4257b672505"
}
}

85
2024/35xxx/CVE-2024-35222.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35222",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tauri is a framework for building binaries for all major desktop platforms. Remote origin iFrames in Tauri applications can access the Tauri IPC endpoints without being explicitly allowed in the `dangerousRemoteDomainIpcAccess` in v1 and in the `capabilities` in v2. Valid commands with potentially unwanted consequences (\"delete project\", \"transfer credits\", etc.) could be invoked by an attacker that controls the content of an iframe running inside a Tauri app. This vulnerability has been patched in versions 1.6.7 and 2.0.0-beta.19."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "tauri-apps",
"product": {
"product_data": [
{
"product_name": "tauri",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<= 1.6.6"
},
{
"version_affected": "=",
"version_value": ">= 2.0.0-beta.0, <= 2.0.0-beta.19"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-57fm-592m-34r7",
"refsource": "MISC",
"name": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-57fm-592m-34r7"
},
{
"url": "https://github.com/tauri-apps/tauri/issues/8316",
"refsource": "MISC",
"name": "https://github.com/tauri-apps/tauri/issues/8316"
}
]
},
"source": {
"advisory": "GHSA-57fm-592m-34r7",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
}
]
}

133
2024/35xxx/CVE-2024-35876.json
View File

@ -5,143 +5,14 @@
"CVE_data_meta": {
"ID": "CVE-2024-35876",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mce: Make sure to grab mce_sysfs_mutex in set_bank()\n\nModifying a MCA bank's MCA_CTL bits which control which error types to\nbe reported is done over\n\n /sys/devices/system/machinecheck/\n \u251c\u2500\u2500 machinecheck0\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 bank0\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 bank1\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 bank10\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 bank11\n ...\n\nsysfs nodes by writing the new bit mask of events to enable.\n\nWhen the write is accepted, the kernel deletes all current timers and\nreinits all banks.\n\nDoing that in parallel can lead to initializing a timer which is already\narmed and in the timer wheel, i.e., in use already:\n\n ODEBUG: init active (active state 0) object: ffff888063a28000 object\n type: timer_list hint: mce_timer_fn+0x0/0x240 arch/x86/kernel/cpu/mce/core.c:2642\n WARNING: CPU: 0 PID: 8120 at lib/debugobjects.c:514\n debug_print_object+0x1a0/0x2a0 lib/debugobjects.c:514\n\nFix that by grabbing the sysfs mutex as the rest of the MCA sysfs code\ndoes.\n\nReported by: Yue Sun <samsun1006219@gmail.com>\nReported by: xingwei lee <xrivendell7@gmail.com>"
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "976b1b2680fb"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.4.274",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.215",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.154",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.85",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.26",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.5",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/976b1b2680fb4c01aaf05a0623288d87619a6c93",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/976b1b2680fb4c01aaf05a0623288d87619a6c93"
},
{
"url": "https://git.kernel.org/stable/c/f5e65b782f3e07324b9a8fa3cdaee422f057c758",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f5e65b782f3e07324b9a8fa3cdaee422f057c758"
},
{
"url": "https://git.kernel.org/stable/c/f860595512ff5c05a29fa4d64169c3fd1186b8cf",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f860595512ff5c05a29fa4d64169c3fd1186b8cf"
},
{
"url": "https://git.kernel.org/stable/c/20a915154ccb88da08986ab6c9fc4c1cf6259de2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/20a915154ccb88da08986ab6c9fc4c1cf6259de2"
},
{
"url": "https://git.kernel.org/stable/c/5a02df3e92470efd589712925b5c722e730276a0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5a02df3e92470efd589712925b5c722e730276a0"
},
{
"url": "https://git.kernel.org/stable/c/32223b0b60d53f49567fc501f91ca076ae96be6b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/32223b0b60d53f49567fc501f91ca076ae96be6b"
},
{
"url": "https://git.kernel.org/stable/c/3ddf944b32f88741c303f0b21459dbb3872b8bc5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3ddf944b32f88741c303f0b21459dbb3872b8bc5"
}
]
},
"generator": {
"engine": "bippy-d175d3acf727"
}
}

78
2024/35xxx/CVE-2024-35881.json
View File

@ -5,88 +5,14 @@
"CVE_data_meta": {
"ID": "CVE-2024-35881",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/amd/display: Send DTBCLK disable message on first commit\"\n\nThis reverts commit f341055b10bd8be55c3c995dff5f770b236b8ca9.\n\nSystem hang observed, this commit is thought to be the\nregression point."
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "0dab75b433ed"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.8.5",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/0dab75b433ed2480d57ae4f8f725186a46223e42",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0dab75b433ed2480d57ae4f8f725186a46223e42"
},
{
"url": "https://git.kernel.org/stable/c/3a6a32b31a111f6e66526fb2d3cb13a876465076",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3a6a32b31a111f6e66526fb2d3cb13a876465076"
}
]
},
"generator": {
"engine": "bippy-d175d3acf727"
}
}

78
2024/35xxx/CVE-2024-35906.json
View File

@ -5,88 +5,14 @@
"CVE_data_meta": {
"ID": "CVE-2024-35906",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Send DTBCLK disable message on first commit\n\n[Why]\nPrevious patch to allow DTBCLK disable didn't address boot case. Driver\nthinks DTBCLK is disabled by default, so we don't send disable message to\nPMFW. DTBCLK is then enabled at idle desktop on boot, burning power.\n\n[How]\nSet dtbclk_en to true on boot so that disable message is sent during first\ncommit."
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "0dab75b433ed"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.8.5",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/0dab75b433ed2480d57ae4f8f725186a46223e42",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0dab75b433ed2480d57ae4f8f725186a46223e42"
},
{
"url": "https://git.kernel.org/stable/c/f341055b10bd8be55c3c995dff5f770b236b8ca9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f341055b10bd8be55c3c995dff5f770b236b8ca9"
}
]
},
"generator": {
"engine": "bippy-d175d3acf727"
}
}

101
2024/5xxx/CVE-2024-5168.json
View File

@ -1,17 +1,110 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5168",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve-coordination@incibe.es",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper access control vulnerability in Prodys' Quantum Audio codec affecting versions 2.3.4t and below. This vulnerability could allow an unauthenticated user to bypass authentication entirely and execute arbitrary API requests against the web application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Prodys",
"product": {
"product_data": [
{
"product_name": "Quantum Audio codec",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.3.4t"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/improper-access-control-vulnerability-prodys-quantum-audio-codec",
"refsource": "MISC",
"name": "https://www.incibe.es/en/incibe-cert/notices/aviso/improper-access-control-vulnerability-prodys-quantum-audio-codec"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vendor attempted to fix the vulnerability in version 2.3.4t, limiting exploitation to a low-privileged attacker only. Finally, the vulnerability was fully fixed by the manufacturer in version 2.3.4w."
}
],
"value": "The vendor attempted to fix the vulnerability in version 2.3.4t, limiting exploitation to a low-privileged attacker only. Finally, the vulnerability was fully fixed by the manufacturer in version 2.3.4w."
}
],
"credits": [
{
"lang": "en",
"value": "Milan Duric"
},
{
"lang": "en",
"value": "Jakob Pfister"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2024/5xxx/CVE-2024-5270.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5270",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}