From 6596e45572f84b60a15cd5759a5fab1db42e5a4f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 7 Feb 2024 22:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/4xxx/CVE-2023-4132.json | 47 ++++++ 2023/6xxx/CVE-2023-6356.json | 274 ++++++++++++++++++++++++++++++++- 2023/6xxx/CVE-2023-6535.json | 274 ++++++++++++++++++++++++++++++++- 2023/6xxx/CVE-2023-6536.json | 274 ++++++++++++++++++++++++++++++++- 2023/6xxx/CVE-2023-6606.json | 45 ++++++ 2023/6xxx/CVE-2023-6610.json | 98 +++++++++++- 2023/7xxx/CVE-2023-7192.json | 45 ++++++ 2024/0xxx/CVE-2024-0646.json | 98 +++++++++++- 2024/0xxx/CVE-2024-0690.json | 36 ++++- 2024/1xxx/CVE-2024-1335.json | 18 +++ 2024/1xxx/CVE-2024-1336.json | 18 +++ 2024/1xxx/CVE-2024-1337.json | 18 +++ 2024/1xxx/CVE-2024-1338.json | 18 +++ 2024/1xxx/CVE-2024-1339.json | 18 +++ 2024/1xxx/CVE-2024-1340.json | 18 +++ 2024/1xxx/CVE-2024-1341.json | 18 +++ 2024/23xxx/CVE-2024-23448.json | 84 +++++++++- 2024/24xxx/CVE-2024-24806.json | 96 +++++++++++- 18 files changed, 1464 insertions(+), 33 deletions(-) create mode 100644 2024/1xxx/CVE-2024-1335.json create mode 100644 2024/1xxx/CVE-2024-1336.json create mode 100644 2024/1xxx/CVE-2024-1337.json create mode 100644 2024/1xxx/CVE-2024-1338.json create mode 100644 2024/1xxx/CVE-2024-1339.json create mode 100644 2024/1xxx/CVE-2024-1340.json create mode 100644 2024/1xxx/CVE-2024-1341.json diff --git a/2023/4xxx/CVE-2023-4132.json b/2023/4xxx/CVE-2023-4132.json index 0ac070ff584..c1a2dff9ef8 100644 --- a/2023/4xxx/CVE-2023-4132.json +++ b/2023/4xxx/CVE-2023-4132.json @@ -95,6 +95,27 @@ ] } }, + { + "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-372.91.1.el8_6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "version": { @@ -116,6 +137,27 @@ ] } }, + { + "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-372.91.1.el8_6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 6", "version": { @@ -210,6 +252,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:0575" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0724", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0724" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-4132", "refsource": "MISC", diff --git a/2023/6xxx/CVE-2023-6356.json b/2023/6xxx/CVE-2023-6356.json index cae35af3c43..173726278b2 100644 --- a/2023/6xxx/CVE-2023-6356.json +++ b/2023/6xxx/CVE-2023-6356.json @@ -1,17 +1,283 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6356", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NULL Pointer Dereference", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-372.91.1.el8_6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-284.52.1.el9_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-284.52.1.rt14.337.el9_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-372.91.1.el8_6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Fedora", + "product": { + "product_data": [ + { + "product_name": "Fedora", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:0723", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0723" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0724", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0724" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0725", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0725" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2023-6356", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-6356" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254054", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2254054" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "To mitigate this issue, prevent module nvmet-tcp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically." + } + ], + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Alon Zahavi for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6535.json b/2023/6xxx/CVE-2023-6535.json index 8098be9710a..0c7230d1981 100644 --- a/2023/6xxx/CVE-2023-6535.json +++ b/2023/6xxx/CVE-2023-6535.json @@ -1,17 +1,283 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6535", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NULL Pointer Dereference", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-372.91.1.el8_6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-284.52.1.el9_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-284.52.1.rt14.337.el9_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-372.91.1.el8_6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Fedora", + "product": { + "product_data": [ + { + "product_name": "Fedora", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:0723", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0723" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0724", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0724" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0725", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0725" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2023-6535", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-6535" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254053", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2254053" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "To mitigate this issue, prevent module nvmet-tcp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically." + } + ], + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Alon Zahavi for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6536.json b/2023/6xxx/CVE-2023-6536.json index c55b7485c7d..bdc6ab2fb1e 100644 --- a/2023/6xxx/CVE-2023-6536.json +++ b/2023/6xxx/CVE-2023-6536.json @@ -1,17 +1,283 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6536", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NULL Pointer Dereference", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-372.91.1.el8_6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-284.52.1.el9_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-284.52.1.rt14.337.el9_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-372.91.1.el8_6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Fedora", + "product": { + "product_data": [ + { + "product_name": "Fedora", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:0723", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0723" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0724", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0724" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0725", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0725" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2023-6536", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-6536" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254052", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2254052" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "To mitigate this issue, prevent module nvmet-tcp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically." + } + ], + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Alon Zahavi for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6606.json b/2023/6xxx/CVE-2023-6606.json index af9d4cb69bc..7180315436d 100644 --- a/2023/6xxx/CVE-2023-6606.json +++ b/2023/6xxx/CVE-2023-6606.json @@ -55,6 +55,41 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-284.52.1.el9_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-284.52.1.rt14.337.el9_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 6", "version": { @@ -153,6 +188,16 @@ }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:0723", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0723" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0725", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0725" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-6606", "refsource": "MISC", diff --git a/2023/6xxx/CVE-2023-6610.json b/2023/6xxx/CVE-2023-6610.json index 6557861f628..9f66cc76a6c 100644 --- a/2023/6xxx/CVE-2023-6610.json +++ b/2023/6xxx/CVE-2023-6610.json @@ -55,6 +55,83 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-372.91.1.el8_6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-284.52.1.el9_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-284.52.1.rt14.337.el9_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-372.91.1.el8_6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 6", "version": { @@ -91,12 +168,6 @@ "product_name": "Red Hat Enterprise Linux 8", "version": { "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - }, { "version_value": "not down converted", "x_cve_json_5_version_data": { @@ -153,6 +224,21 @@ }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:0723", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0723" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0724", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0724" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0725", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0725" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-6610", "refsource": "MISC", diff --git a/2023/7xxx/CVE-2023-7192.json b/2023/7xxx/CVE-2023-7192.json index 763858c68fd..9f4e6422564 100644 --- a/2023/7xxx/CVE-2023-7192.json +++ b/2023/7xxx/CVE-2023-7192.json @@ -60,6 +60,41 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-284.52.1.el9_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-284.52.1.rt14.337.el9_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 6", "version": { @@ -158,6 +193,16 @@ }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:0723", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0723" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0725", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0725" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-7192", "refsource": "MISC", diff --git a/2024/0xxx/CVE-2024-0646.json b/2024/0xxx/CVE-2024-0646.json index 4c493754390..61c18508b80 100644 --- a/2024/0xxx/CVE-2024-0646.json +++ b/2024/0xxx/CVE-2024-0646.json @@ -65,6 +65,83 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-372.91.1.el8_6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-284.52.1.el9_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-284.52.1.rt14.337.el9_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-372.91.1.el8_6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 6", "version": { @@ -101,12 +178,6 @@ "product_name": "Red Hat Enterprise Linux 8", "version": { "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - }, { "version_value": "not down converted", "x_cve_json_5_version_data": { @@ -163,6 +234,21 @@ }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:0723", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0723" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0724", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0724" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0725", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0725" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-0646", "refsource": "MISC", diff --git a/2024/0xxx/CVE-2024-0690.json b/2024/0xxx/CVE-2024-0690.json index 53fc5f37dfd..82732a62be3 100644 --- a/2024/0xxx/CVE-2024-0690.json +++ b/2024/0xxx/CVE-2024-0690.json @@ -69,12 +69,41 @@ "product": { "product_data": [ { - "product_name": "Red Hat Ansible Automation Platform 2", + "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "1:2.15.9-1.el8ap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "1:2.15.9-1.el9ap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } } @@ -167,6 +196,11 @@ }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:0733", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0733" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-0690", "refsource": "MISC", diff --git a/2024/1xxx/CVE-2024-1335.json b/2024/1xxx/CVE-2024-1335.json new file mode 100644 index 00000000000..75ce6c61404 --- /dev/null +++ b/2024/1xxx/CVE-2024-1335.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1335", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1336.json b/2024/1xxx/CVE-2024-1336.json new file mode 100644 index 00000000000..3f0933231d3 --- /dev/null +++ b/2024/1xxx/CVE-2024-1336.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1336", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1337.json b/2024/1xxx/CVE-2024-1337.json new file mode 100644 index 00000000000..404f2536374 --- /dev/null +++ b/2024/1xxx/CVE-2024-1337.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1337", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1338.json b/2024/1xxx/CVE-2024-1338.json new file mode 100644 index 00000000000..2e876d057e7 --- /dev/null +++ b/2024/1xxx/CVE-2024-1338.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1338", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1339.json b/2024/1xxx/CVE-2024-1339.json new file mode 100644 index 00000000000..c4cabb5132f --- /dev/null +++ b/2024/1xxx/CVE-2024-1339.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1339", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1340.json b/2024/1xxx/CVE-2024-1340.json new file mode 100644 index 00000000000..456da48106f --- /dev/null +++ b/2024/1xxx/CVE-2024-1340.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1340", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1341.json b/2024/1xxx/CVE-2024-1341.json new file mode 100644 index 00000000000..5c8f0bf22d9 --- /dev/null +++ b/2024/1xxx/CVE-2024-1341.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1341", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/23xxx/CVE-2024-23448.json b/2024/23xxx/CVE-2024-23448.json index 1e1e544cc43..220fe475eff 100644 --- a/2024/23xxx/CVE-2024-23448.json +++ b/2024/23xxx/CVE-2024-23448.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23448", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@elastic.co", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532: Insertion of Sensitive Information into Log File", + "cweId": "CWE-532" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Elastic", + "product": { + "product_data": [ + { + "product_name": "APM Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "8.12", + "version_value": "8.12.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://discuss.elastic.co/t/apm-server-8-12-1-security-update-esa-2024-03/352688", + "refsource": "MISC", + "name": "https://discuss.elastic.co/t/apm-server-8-12-1-security-update-esa-2024-03/352688" + }, + { + "url": "https://www.elastic.co/community/security", + "refsource": "MISC", + "name": "https://www.elastic.co/community/security" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/24xxx/CVE-2024-24806.json b/2024/24xxx/CVE-2024-24806.json index daf21aaec1f..a8c1b7c4315 100644 --- a/2024/24xxx/CVE-2024-24806.json +++ b/2024/24xxx/CVE-2024-24806.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-24806", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-918: Server-Side Request Forgery (SSRF)", + "cweId": "CWE-918" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "libuv", + "product": { + "product_data": [ + { + "product_name": "libuv", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.45.0, < 1.48.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6", + "refsource": "MISC", + "name": "https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6" + }, + { + "url": "https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629", + "refsource": "MISC", + "name": "https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629" + }, + { + "url": "https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70", + "refsource": "MISC", + "name": "https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70" + }, + { + "url": "https://github.com/libuv/libuv/commit/c858a147643de38a09dd4164758ae5b685f2b488", + "refsource": "MISC", + "name": "https://github.com/libuv/libuv/commit/c858a147643de38a09dd4164758ae5b685f2b488" + }, + { + "url": "https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39", + "refsource": "MISC", + "name": "https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39" + } + ] + }, + "source": { + "advisory": "GHSA-f74f-cvh7-c6q6", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] }