From 7853fae85cab3895c9ca5a439d57ba24b2e5a137 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 17 Apr 2024 16:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/46xxx/CVE-2023-46060.json | 56 ++++- 2023/52xxx/CVE-2023-52645.json | 125 ++++++++- 2024/1xxx/CVE-2024-1132.json | 202 +++++++++++++-- 2024/1xxx/CVE-2024-1249.json | 202 +++++++++++++-- 2024/1xxx/CVE-2024-1635.json | 135 +++++++++- 2024/26xxx/CVE-2024-26910.json | 172 ++++++++++++- 2024/26xxx/CVE-2024-26911.json | 92 ++++++- 2024/26xxx/CVE-2024-26912.json | 92 ++++++- 2024/26xxx/CVE-2024-26913.json | 82 +++++- 2024/26xxx/CVE-2024-26914.json | 82 +++++- 2024/26xxx/CVE-2024-26915.json | 115 ++++++++- 2024/26xxx/CVE-2024-26916.json | 140 ++++++++++- 2024/26xxx/CVE-2024-26917.json | 183 +++++++++++++- 2024/26xxx/CVE-2024-26918.json | 103 +++++++- 2024/26xxx/CVE-2024-26919.json | 114 ++++++++- 2024/26xxx/CVE-2024-26920.json | 168 ++++++++++++- 2024/2xxx/CVE-2024-2419.json | 43 +++- 2024/30xxx/CVE-2024-30253.json | 445 ++++++++++++++++++++++++++++++++- 2024/30xxx/CVE-2024-30979.json | 56 ++++- 2024/31xxx/CVE-2024-31463.json | 86 ++++++- 2024/32xxx/CVE-2024-32303.json | 56 ++++- 2024/32xxx/CVE-2024-32305.json | 56 ++++- 2024/32xxx/CVE-2024-32316.json | 56 ++++- 2024/32xxx/CVE-2024-32318.json | 56 ++++- 2024/32xxx/CVE-2024-32320.json | 56 ++++- 2024/32xxx/CVE-2024-32463.json | 115 ++++++++- 2024/32xxx/CVE-2024-32743.json | 18 ++ 2024/32xxx/CVE-2024-32744.json | 18 ++ 2024/32xxx/CVE-2024-32745.json | 18 ++ 2024/3xxx/CVE-2024-3825.json | 84 ++++++- 2024/3xxx/CVE-2024-3922.json | 18 ++ 31 files changed, 3072 insertions(+), 172 deletions(-) create mode 100644 2024/32xxx/CVE-2024-32743.json create mode 100644 2024/32xxx/CVE-2024-32744.json create mode 100644 2024/32xxx/CVE-2024-32745.json create mode 100644 2024/3xxx/CVE-2024-3922.json diff --git a/2023/46xxx/CVE-2023-46060.json b/2023/46xxx/CVE-2023-46060.json index c68491a70d4..2d438f2b95a 100644 --- a/2023/46xxx/CVE-2023-46060.json +++ b/2023/46xxx/CVE-2023-46060.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-46060", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-46060", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Buffer Overflow vulnerability in Tenda AC500 v.2.0.1.9 allows a remote attacker to cause a denial of service via the port parameter at the goform/setVlanInfo component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/peris-navince/founded-0-days/blob/main/Tenda/ac500/fromSetVlanInfo/1.md", + "refsource": "MISC", + "name": "https://github.com/peris-navince/founded-0-days/blob/main/Tenda/ac500/fromSetVlanInfo/1.md" } ] } diff --git a/2023/52xxx/CVE-2023-52645.json b/2023/52xxx/CVE-2023-52645.json index 202cea8a0f8..eded57eb1dd 100644 --- a/2023/52xxx/CVE-2023-52645.json +++ b/2023/52xxx/CVE-2023-52645.json @@ -1,18 +1,135 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-52645", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: mediatek: fix race conditions with genpd\n\nIf the power domains are registered first with genpd and *after that*\nthe driver attempts to power them on in the probe sequence, then it is\npossible that a race condition occurs if genpd tries to power them on\nin the same time.\nThe same is valid for powering them off before unregistering them\nfrom genpd.\nAttempt to fix race conditions by first removing the domains from genpd\nand *after that* powering down domains.\nAlso first power up the domains and *after that* register them\nto genpd." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "59b644b01cf4", + "version_value": "475426ad1ae0" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.11", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.11", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.150", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.80", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.18", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.6", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/475426ad1ae0bfdfd8f160ed9750903799392438", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/475426ad1ae0bfdfd8f160ed9750903799392438" + }, + { + "url": "https://git.kernel.org/stable/c/339ddc983bc1622341d95f244c361cda3da3a4ff", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/339ddc983bc1622341d95f244c361cda3da3a4ff" + }, + { + "url": "https://git.kernel.org/stable/c/f83b9abee9faa4868a6fac4669b86f4c215dae25", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f83b9abee9faa4868a6fac4669b86f4c215dae25" + }, + { + "url": "https://git.kernel.org/stable/c/3cd1d92ee1dbf3e8f988767eb75f26207397792b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/3cd1d92ee1dbf3e8f988767eb75f26207397792b" + }, + { + "url": "https://git.kernel.org/stable/c/c41336f4d69057cbf88fed47951379b384540df5", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/c41336f4d69057cbf88fed47951379b384540df5" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1132.json b/2024/1xxx/CVE-2024-1132.json index 8ff74d52356..08cc7635a8c 100644 --- a/2024/1xxx/CVE-2024-1132.json +++ b/2024/1xxx/CVE-2024-1132.json @@ -55,6 +55,55 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat build of Keycloak 22", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "22.0.10-1", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "22-13", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "22-16", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat build of Keycloak 22.0.10", "version": { @@ -68,6 +117,103 @@ ] } }, + { + "product_name": "Red Hat Single Sign-On 7.6 for RHEL 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:18.0.13-1.redhat_00001.1.el7sso", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Single Sign-On 7.6 for RHEL 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:18.0.13-1.redhat_00001.1.el8sso", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Single Sign-On 7.6 for RHEL 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:18.0.13-1.redhat_00001.1.el9sso", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "RHEL-8 based Middleware Containers", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "7.6-46", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "RHSSO 7.6.8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, { "product_name": "Migration Toolkit for Applications 6", "version": { @@ -94,19 +240,6 @@ ] } }, - { - "product_name": "Red Hat Build of Keycloak", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } - }, { "product_name": "Red Hat build of Quarkus", "version": { @@ -236,19 +369,6 @@ } ] } - }, - { - "product_name": "Red Hat Single Sign-On 7", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } } ] } @@ -258,6 +378,36 @@ }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:1860", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1860" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1861", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1861" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1862", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1862" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1864", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1864" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1866", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1866" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1867", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1867" + }, { "url": "https://access.redhat.com/errata/RHSA-2024:1868", "refsource": "MISC", diff --git a/2024/1xxx/CVE-2024-1249.json b/2024/1xxx/CVE-2024-1249.json index 143e0588334..a8798d93bc9 100644 --- a/2024/1xxx/CVE-2024-1249.json +++ b/2024/1xxx/CVE-2024-1249.json @@ -55,6 +55,55 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat build of Keycloak 22", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "22.0.10-1", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "22-13", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "22-16", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat build of Keycloak 22.0.10", "version": { @@ -68,6 +117,103 @@ ] } }, + { + "product_name": "Red Hat Single Sign-On 7.6 for RHEL 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:18.0.13-1.redhat_00001.1.el7sso", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Single Sign-On 7.6 for RHEL 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:18.0.13-1.redhat_00001.1.el8sso", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Single Sign-On 7.6 for RHEL 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:18.0.13-1.redhat_00001.1.el9sso", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "RHEL-8 based Middleware Containers", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "7.6-46", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "RHSSO 7.6.8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, { "product_name": "Migration Toolkit for Applications 6", "version": { @@ -107,19 +253,6 @@ ] } }, - { - "product_name": "Red Hat Build of Keycloak", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - } - ] - } - }, { "product_name": "Red Hat Data Grid 8", "version": { @@ -330,19 +463,6 @@ } ] } - }, - { - "product_name": "Red Hat Single Sign-On 7", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } } ] } @@ -352,6 +472,36 @@ }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:1860", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1860" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1861", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1861" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1862", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1862" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1864", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1864" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1866", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1866" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1867", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1867" + }, { "url": "https://access.redhat.com/errata/RHSA-2024:1868", "refsource": "MISC", diff --git a/2024/1xxx/CVE-2024-1635.json b/2024/1xxx/CVE-2024-1635.json index f61bb0aaeca..262488095c1 100644 --- a/2024/1xxx/CVE-2024-1635.json +++ b/2024/1xxx/CVE-2024-1635.json @@ -909,6 +909,103 @@ ] } }, + { + "product_name": "Red Hat Single Sign-On 7.6 for RHEL 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:18.0.13-1.redhat_00001.1.el7sso", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Single Sign-On 7.6 for RHEL 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:18.0.13-1.redhat_00001.1.el8sso", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Single Sign-On 7.6 for RHEL 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:18.0.13-1.redhat_00001.1.el9sso", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "RHEL-8 based Middleware Containers", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "7.6-46", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "RHSSO 7.6.8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, { "product_name": "OpenShift Serverless", "version": { @@ -1129,19 +1226,6 @@ } ] } - }, - { - "product_name": "Red Hat Single Sign-On 7", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } } ] } @@ -1171,6 +1255,31 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:1677" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1860", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1860" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1861", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1861" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1862", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1862" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1864", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1864" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1866", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1866" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-1635", "refsource": "MISC", diff --git a/2024/26xxx/CVE-2024-26910.json b/2024/26xxx/CVE-2024-26910.json index 6ca68efd40c..f7bffe2063a 100644 --- a/2024/26xxx/CVE-2024-26910.json +++ b/2024/26xxx/CVE-2024-26910.json @@ -1,18 +1,182 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26910", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: fix performance regression in swap operation\n\nThe patch \"netfilter: ipset: fix race condition between swap/destroy\nand kernel side add/del/test\", commit 28628fa9 fixes a race condition.\nBut the synchronize_rcu() added to the swap function unnecessarily slows\nit down: it can safely be moved to destroy and use call_rcu() instead.\n\nEric Dumazet pointed out that simply calling the destroy functions as\nrcu callback does not work: sets with timeout use garbage collectors\nwhich need cancelling at destroy which can wait. Therefore the destroy\nfunctions are split into two: cancelling garbage collectors safely at\nexecuting the command received by netlink and moving the remaining\npart only into the rcu callback." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "427deb5ba566", + "version_value": "c7f2733e5011" + }, + { + "version_affected": "<", + "version_name": "e7152a138a5a", + "version_value": "a24d5f2ac8ef" + }, + { + "version_affected": "<", + "version_name": "8bb930c3a1ea", + "version_value": "c2dc077d8f72" + }, + { + "version_affected": "<", + "version_name": "875ee3a09e27", + "version_value": "653bc5e6d999" + }, + { + "version_affected": "<", + "version_name": "23c31036f862", + "version_value": "b93a6756a01f" + }, + { + "version_affected": "<", + "version_name": "28628fa952fe", + "version_value": "970709a67696" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.7", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.7", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.269", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.210", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.149", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.79", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.18", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.6", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/c7f2733e5011bfd136f1ca93497394d43aa76225", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/c7f2733e5011bfd136f1ca93497394d43aa76225" + }, + { + "url": "https://git.kernel.org/stable/c/a24d5f2ac8ef702a58e55ec276aad29b4bd97e05", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a24d5f2ac8ef702a58e55ec276aad29b4bd97e05" + }, + { + "url": "https://git.kernel.org/stable/c/c2dc077d8f722a1c73a24e674f925602ee5ece49", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/c2dc077d8f722a1c73a24e674f925602ee5ece49" + }, + { + "url": "https://git.kernel.org/stable/c/653bc5e6d9995d7d5f497c665b321875a626161c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/653bc5e6d9995d7d5f497c665b321875a626161c" + }, + { + "url": "https://git.kernel.org/stable/c/b93a6756a01f4fd2f329a39216f9824c56a66397", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b93a6756a01f4fd2f329a39216f9824c56a66397" + }, + { + "url": "https://git.kernel.org/stable/c/970709a67696b100a57b33af1a3d75fc34b747eb", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/970709a67696b100a57b33af1a3d75fc34b747eb" + }, + { + "url": "https://git.kernel.org/stable/c/97f7cf1cd80eeed3b7c808b7c12463295c751001", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/97f7cf1cd80eeed3b7c808b7c12463295c751001" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26911.json b/2024/26xxx/CVE-2024-26911.json index 90a831bea20..8a62837b43c 100644 --- a/2024/26xxx/CVE-2024-26911.json +++ b/2024/26xxx/CVE-2024-26911.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26911", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/buddy: Fix alloc_range() error handling code\n\nFew users have observed display corruption when they boot\nthe machine to KDE Plasma or playing games. We have root\ncaused the problem that whenever alloc_range() couldn't\nfind the required memory blocks the function was returning\nSUCCESS in some of the corner cases.\n\nThe right approach would be if the total allocated size\nis less than the required size, the function should\nreturn -ENOSPC." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0a1844bf0b53", + "version_value": "4b59c3fada06" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.7", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.7", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.6", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/4b59c3fada06e5e8010ef7700689c71986e667a2", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4b59c3fada06e5e8010ef7700689c71986e667a2" + }, + { + "url": "https://git.kernel.org/stable/c/8746c6c9dfa31d269c65dd52ab42fde0720b7d91", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/8746c6c9dfa31d269c65dd52ab42fde0720b7d91" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26912.json b/2024/26xxx/CVE-2024-26912.json index 01818f1f6d0..5a44cc7a633 100644 --- a/2024/26xxx/CVE-2024-26912.json +++ b/2024/26xxx/CVE-2024-26912.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26912", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: fix several DMA buffer leaks\n\nNouveau manages GSP-RM DMA buffers with nvkm_gsp_mem objects. Several of\nthese buffers are never dealloced. Some of them can be deallocated\nright after GSP-RM is initialized, but the rest need to stay until the\ndriver unloads.\n\nAlso futher bullet-proof these objects by poisoning the buffer and\nclearing the nvkm_gsp_mem object when it is deallocated. Poisoning\nthe buffer should trigger an error (or crash) from GSP-RM if it tries\nto access the buffer after we've deallocated it, because we were wrong\nabout when it is safe to deallocate.\n\nFinally, change the mem->size field to a size_t because that's the same\ntype that dma_alloc_coherent expects." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "176fdcbddfd2", + "version_value": "6190d4c08897" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.7", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.7", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.6", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/6190d4c08897d748dd25f0b78267a90aa1694e15", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6190d4c08897d748dd25f0b78267a90aa1694e15" + }, + { + "url": "https://git.kernel.org/stable/c/042b5f83841fbf7ce39474412db3b5e4765a7ea7", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/042b5f83841fbf7ce39474412db3b5e4765a7ea7" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26913.json b/2024/26xxx/CVE-2024-26913.json index 25290dff8ce..ccf2c4ba5e9 100644 --- a/2024/26xxx/CVE-2024-26913.json +++ b/2024/26xxx/CVE-2024-26913.json @@ -1,18 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26913", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue\n\n[why]\nodm calculation is missing for pipe split policy determination\nand cause Underflow/Corruption issue.\n\n[how]\nAdd the odm calculation." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f4", + "version_value": "cdbe0be8874c" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.7.6", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/cdbe0be8874c63bca85b8c38e5b1eecbdd18df31", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/cdbe0be8874c63bca85b8c38e5b1eecbdd18df31" + }, + { + "url": "https://git.kernel.org/stable/c/faf51b201bc42adf500945732abb6220c707d6f3", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/faf51b201bc42adf500945732abb6220c707d6f3" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26914.json b/2024/26xxx/CVE-2024-26914.json index 576f90077cf..2bc8efd31dd 100644 --- a/2024/26xxx/CVE-2024-26914.json +++ b/2024/26xxx/CVE-2024-26914.json @@ -1,18 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26914", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix incorrect mpc_combine array size\n\n[why]\nMAX_SURFACES is per stream, while MAX_PLANES is per asic. The\nmpc_combine is an array that records all the planes per asic. Therefore\nMAX_PLANES should be used as the array size. Using MAX_SURFACES causes\narray overflow when there are more than 3 planes.\n\n[how]\nUse the MAX_PLANES for the mpc_combine array size." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f4", + "version_value": "0bd8ef618a42" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.7.6", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/0bd8ef618a42d7e6ea3f701065264e15678025e3", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0bd8ef618a42d7e6ea3f701065264e15678025e3" + }, + { + "url": "https://git.kernel.org/stable/c/39079fe8e660851abbafa90cd55cbf029210661f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/39079fe8e660851abbafa90cd55cbf029210661f" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26915.json b/2024/26xxx/CVE-2024-26915.json index cfa767c2e08..eda1be2ea8a 100644 --- a/2024/26xxx/CVE-2024-26915.json +++ b/2024/26xxx/CVE-2024-26915.json @@ -1,18 +1,125 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26915", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Reset IH OVERFLOW_CLEAR bit\n\nAllows us to detect subsequent IH ring buffer overflows as well." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f4", + "version_value": "9a9d00c23d17" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.15.152", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.82", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.18", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.6", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/9a9d00c23d170d4ef5a1b28e6b69f5c85dd12bc1", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9a9d00c23d170d4ef5a1b28e6b69f5c85dd12bc1" + }, + { + "url": "https://git.kernel.org/stable/c/a28f4d1e0bed85943d309ac243fd1c200f8af9a2", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a28f4d1e0bed85943d309ac243fd1c200f8af9a2" + }, + { + "url": "https://git.kernel.org/stable/c/8983397951b4b0bd51bb4b4ba9749424e1ccbb70", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/8983397951b4b0bd51bb4b4ba9749424e1ccbb70" + }, + { + "url": "https://git.kernel.org/stable/c/2827633c9dab6304ec4cdbf369363219832e605d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2827633c9dab6304ec4cdbf369363219832e605d" + }, + { + "url": "https://git.kernel.org/stable/c/7330256268664ea0a7dd5b07a3fed363093477dd", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7330256268664ea0a7dd5b07a3fed363093477dd" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26916.json b/2024/26xxx/CVE-2024-26916.json index e0fc52bd381..8334410ba97 100644 --- a/2024/26xxx/CVE-2024-26916.json +++ b/2024/26xxx/CVE-2024-26916.json @@ -1,18 +1,150 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26916", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/amd: flush any delayed gfxoff on suspend entry\"\n\ncommit ab4750332dbe (\"drm/amdgpu/sdma5.2: add begin/end_use ring\ncallbacks\") caused GFXOFF control to be used more heavily and the\ncodepath that was removed from commit 0dee72639533 (\"drm/amd: flush any\ndelayed gfxoff on suspend entry\") now can be exercised at suspend again.\n\nUsers report that by using GNOME to suspend the lockscreen trigger will\ncause SDMA traffic and the system can deadlock.\n\nThis reverts commit 0dee726395333fea833eaaf838bc80962df886c8." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "f94942885e84", + "version_value": "65158edb0a3a" + }, + { + "version_affected": "<", + "version_name": "78b2ba39beef", + "version_value": "ff70e6ff6fc2" + }, + { + "version_affected": "<", + "version_name": "3aae4ef4d799", + "version_value": "caa2565a2e13" + }, + { + "version_affected": "<", + "version_name": "ab4750332dbe", + "version_value": "d855ceb6a5fd" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.7", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.7", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.149", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.79", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.18", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.6", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/65158edb0a3a8df23197d52cd24287e39eaf95d6", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/65158edb0a3a8df23197d52cd24287e39eaf95d6" + }, + { + "url": "https://git.kernel.org/stable/c/ff70e6ff6fc2413caf33410af7462d1f584d927e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ff70e6ff6fc2413caf33410af7462d1f584d927e" + }, + { + "url": "https://git.kernel.org/stable/c/caa2565a2e13899be31f7b1e069e6465d3e2adb0", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/caa2565a2e13899be31f7b1e069e6465d3e2adb0" + }, + { + "url": "https://git.kernel.org/stable/c/d855ceb6a5fde668c5431156bc60fae0cc52b764", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d855ceb6a5fde668c5431156bc60fae0cc52b764" + }, + { + "url": "https://git.kernel.org/stable/c/916361685319098f696b798ef1560f69ed96e934", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/916361685319098f696b798ef1560f69ed96e934" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26917.json b/2024/26xxx/CVE-2024-26917.json index 2e234309fae..59dc2ae602e 100644 --- a/2024/26xxx/CVE-2024-26917.json +++ b/2024/26xxx/CVE-2024-26917.json @@ -1,18 +1,193 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26917", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: Revert \"scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock\"\n\nThis reverts commit 1a1975551943f681772720f639ff42fbaa746212.\n\nThis commit causes interrupts to be lost for FCoE devices, since it changed\nsping locks from \"bh\" to \"irqsave\".\n\nInstead, a work queue should be used, and will be addressed in a separate\ncommit." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "264eae2f523d", + "version_value": "94a600226b6d" + }, + { + "version_affected": "<", + "version_name": "d2bf25674cea", + "version_value": "2209fc6e3d77" + }, + { + "version_affected": "<", + "version_name": "9cce8ef7a6fa", + "version_value": "7d4e19f7ff64" + }, + { + "version_affected": "<", + "version_name": "076fb40cf27a", + "version_value": "5b8f473c4de9" + }, + { + "version_affected": "<", + "version_name": "5a5fb3b1754f", + "version_value": "6bb22ac1d11d" + }, + { + "version_affected": "<", + "version_name": "1a1975551943", + "version_value": "2996c7e97ea7" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.6", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.6", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.307", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.269", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.210", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.149", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.79", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.18", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.6", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/94a600226b6d0ef065ee84024b450b566c5a87d6", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/94a600226b6d0ef065ee84024b450b566c5a87d6" + }, + { + "url": "https://git.kernel.org/stable/c/2209fc6e3d7727d787dc6ef9baa1e9eae6b1295b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2209fc6e3d7727d787dc6ef9baa1e9eae6b1295b" + }, + { + "url": "https://git.kernel.org/stable/c/7d4e19f7ff644c5b79e8271df8ac2e549b436a5b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7d4e19f7ff644c5b79e8271df8ac2e549b436a5b" + }, + { + "url": "https://git.kernel.org/stable/c/5b8f473c4de95c056c1c767b1ad48c191544f6a5", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5b8f473c4de95c056c1c767b1ad48c191544f6a5" + }, + { + "url": "https://git.kernel.org/stable/c/6bb22ac1d11d7d20f91e7fd2e657a9e5f6db65e0", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6bb22ac1d11d7d20f91e7fd2e657a9e5f6db65e0" + }, + { + "url": "https://git.kernel.org/stable/c/2996c7e97ea7cf4c1838a1b1dbc0885934113783", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2996c7e97ea7cf4c1838a1b1dbc0885934113783" + }, + { + "url": "https://git.kernel.org/stable/c/25675159040bffc7992d5163f3f33ba7d0142f21", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/25675159040bffc7992d5163f3f33ba7d0142f21" + }, + { + "url": "https://git.kernel.org/stable/c/977fe773dcc7098d8eaf4ee6382cb51e13e784cb", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/977fe773dcc7098d8eaf4ee6382cb51e13e784cb" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26918.json b/2024/26xxx/CVE-2024-26918.json index 67876fdfe0f..8e3d64b0b1d 100644 --- a/2024/26xxx/CVE-2024-26918.json +++ b/2024/26xxx/CVE-2024-26918.json @@ -1,18 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26918", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Fix active state requirement in PME polling\n\nThe commit noted in fixes added a bogus requirement that runtime PM managed\ndevices need to be in the RPM_ACTIVE state for PME polling. In fact, only\ndevices in low power states should be polled.\n\nHowever there's still a requirement that the device config space must be\naccessible, which has implications for both the current state of the polled\ndevice and the parent bridge, when present. It's not sufficient to assume\nthe bridge remains in D0 and cases have been observed where the bridge\npasses the D0 test, but the PM state indicates RPM_SUSPENDING and config\nspace of the polled device becomes inaccessible during pci_pme_wakeup().\n\nTherefore, since the bridge is already effectively required to be in the\nRPM_ACTIVE state, formalize this in the code and elevate the PM usage count\nto maintain the state while polling the subordinate device.\n\nThis resolves a regression reported in the bugzilla below where a\nThunderbolt/USB4 hierarchy fails to scan for an attached NVMe endpoint\ndownstream of a bridge in a D3hot power state." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "d3fcd7360338", + "version_value": "63b1a3d9dd3b" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.6", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.6", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.18", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.6", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/63b1a3d9dd3b3f6d67f524e76270e66767090583", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/63b1a3d9dd3b3f6d67f524e76270e66767090583" + }, + { + "url": "https://git.kernel.org/stable/c/a4f12e5cbac2865c151d1e97e36eb24205afb23b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a4f12e5cbac2865c151d1e97e36eb24205afb23b" + }, + { + "url": "https://git.kernel.org/stable/c/41044d5360685e78a869d40a168491a70cdb7e73", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/41044d5360685e78a869d40a168491a70cdb7e73" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26919.json b/2024/26xxx/CVE-2024-26919.json index 6b2386c2aa6..c46ca79d2e4 100644 --- a/2024/26xxx/CVE-2024-26919.json +++ b/2024/26xxx/CVE-2024-26919.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26919", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: ulpi: Fix debugfs directory leak\n\nThe ULPI per-device debugfs root is named after the ulpi device's\nparent, but ulpi_unregister_interface tries to remove a debugfs\ndirectory named after the ulpi device itself. This results in the\ndirectory sticking around and preventing subsequent (deferred) probes\nfrom succeeding. Change the directory name to match the ulpi device." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "bd0a0a024f2a", + "version_value": "d31b886ed6a5" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.18", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.18", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.79", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.18", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.6", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/d31b886ed6a5095214062ee4fb55037eb930adb6", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d31b886ed6a5095214062ee4fb55037eb930adb6" + }, + { + "url": "https://git.kernel.org/stable/c/330d22aba17a4d30a56f007d0f51291d7e00862b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/330d22aba17a4d30a56f007d0f51291d7e00862b" + }, + { + "url": "https://git.kernel.org/stable/c/33713945cc92ea9c4a1a9479d5c1b7acb7fc4df3", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/33713945cc92ea9c4a1a9479d5c1b7acb7fc4df3" + }, + { + "url": "https://git.kernel.org/stable/c/3caf2b2ad7334ef35f55b95f3e1b138c6f77b368", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/3caf2b2ad7334ef35f55b95f3e1b138c6f77b368" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26920.json b/2024/26xxx/CVE-2024-26920.json index 7b1fddd09f8..28b024daa9e 100644 --- a/2024/26xxx/CVE-2024-26920.json +++ b/2024/26xxx/CVE-2024-26920.json @@ -1,18 +1,178 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26920", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/trigger: Fix to return error if failed to alloc snapshot\n\nFix register_snapshot_trigger() to return error code if it failed to\nallocate a snapshot instead of 0 (success). Unless that, it will register\nsnapshot trigger without an error." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "57f2a2ad73e9", + "version_value": "bcf4a115a506" + }, + { + "version_affected": "<", + "version_name": "0026e356e51a", + "version_value": "8ffd5590f4d6" + }, + { + "version_affected": "<", + "version_name": "0bbe7f719985", + "version_value": "56cfbe607107" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.7", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.7", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.307", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.269", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.210", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.149", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.79", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.18", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.6", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/bcf4a115a5068f3331fafb8c176c1af0da3d8b19", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/bcf4a115a5068f3331fafb8c176c1af0da3d8b19" + }, + { + "url": "https://git.kernel.org/stable/c/8ffd5590f4d6ef5460acbeac7fbdff7025f9b419", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/8ffd5590f4d6ef5460acbeac7fbdff7025f9b419" + }, + { + "url": "https://git.kernel.org/stable/c/56cfbe60710772916a5ba092c99542332b48e870", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/56cfbe60710772916a5ba092c99542332b48e870" + }, + { + "url": "https://git.kernel.org/stable/c/b5085b5ac1d96ea2a8a6240f869655176ce44197", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b5085b5ac1d96ea2a8a6240f869655176ce44197" + }, + { + "url": "https://git.kernel.org/stable/c/36be97e9eb535fe3008a5cb040b1e56f29f2e398", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/36be97e9eb535fe3008a5cb040b1e56f29f2e398" + }, + { + "url": "https://git.kernel.org/stable/c/6022c065c9ec465d84cebff8f480db083e4ee06b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6022c065c9ec465d84cebff8f480db083e4ee06b" + }, + { + "url": "https://git.kernel.org/stable/c/4b001ef14baab16b553a002cb9979e31b8fc0c6b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4b001ef14baab16b553a002cb9979e31b8fc0c6b" + }, + { + "url": "https://git.kernel.org/stable/c/0958b33ef5a04ed91f61cef4760ac412080c4e08", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0958b33ef5a04ed91f61cef4760ac412080c4e08" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2419.json b/2024/2xxx/CVE-2024-2419.json index a6f43983fd0..c4e9196ff51 100644 --- a/2024/2xxx/CVE-2024-2419.json +++ b/2024/2xxx/CVE-2024-2419.json @@ -56,12 +56,48 @@ "product": { "product_data": [ { - "product_name": "Red Hat Build of Keycloak", + "product_name": "Red Hat build of Keycloak 22", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "22.0.10-1", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "22-13", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "22-16", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } } @@ -76,6 +112,11 @@ }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:1867", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1867" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-2419", "refsource": "MISC", diff --git a/2024/30xxx/CVE-2024-30253.json b/2024/30xxx/CVE-2024-30253.json index 2184c233958..1c6ab77e944 100644 --- a/2024/30xxx/CVE-2024-30253.json +++ b/2024/30xxx/CVE-2024-30253.json @@ -1,17 +1,454 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30253", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with `@solana/web3.js` will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with `@solana/web3.js`, your application/service may crash, resulting in a loss of availability. This vulnerability is fixed in 1.0.1, 1.10.2, 1.11.1, 1.12.1, 1.1.2, 1.13.1, 1.14.1, 1.15.1, 1.16.2, 1.17.1, 1.18.1, 1.19.1, 1.20.3, 1.21.1, 1.22.1, 1.23.1, 1.24.3, 1.25.1, 1.26.1, 1.27.1, 1.28.1, 1.2.8, 1.29.4, 1.30.3, 1.31.1, 1.3.1, 1.32.3, 1.33.1, 1.34.1, 1.35.2, 1.36.1, 1.37.3, 1.38.1, 1.39.2, 1.40.2, 1.41.11, 1.4.1, 1.42.1, 1.43.7, 1.44.4, 1.45.1, 1.46.1, 1.47.5, 1.48.1, 1.49.1, 1.50.2, 1.51.1, 1.5.1, 1.52.1, 1.53.1, 1.54.2, 1.55.1, 1.56.3, 1.57.1, 1.58.1, 1.59.2, 1.60.1, 1.61.2, 1.6.1, 1.62.2, 1.63.2, 1.64.1, 1.65.1, 1.66.6, 1.67.3, 1.68.2, 1.69.1, 1.70.4, 1.71.1, 1.72.1, 1.7.2, 1.73.5, 1.74.1, 1.75.1, 1.76.1, 1.77.4, 1.78.8, 1.79.1, 1.80.1, 1.81.1, 1.8.1, 1.82.1, 1.83.1, 1.84.1, 1.85.1, 1.86.1, 1.87.7, 1.88.1, 1.89.2, 1.90.2, 1.9.2, and 1.91.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "solana-labs", + "product": { + "product_data": [ + { + "product_name": "solana-web3.js", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.91.0, < 1.91.3" + }, + { + "version_affected": "=", + "version_value": ">= 1.90, < 1.90.2" + }, + { + "version_affected": "=", + "version_value": ">= 1.89, < 1.89.2" + }, + { + "version_affected": "=", + "version_value": "= 1.88.0" + }, + { + "version_affected": "=", + "version_value": ">=1.87.0, < 1.87.7" + }, + { + "version_affected": "=", + "version_value": "= 1.86.0" + }, + { + "version_affected": "=", + "version_value": "= 1.85.0" + }, + { + "version_affected": "=", + "version_value": "= 1.84.0" + }, + { + "version_affected": "=", + "version_value": "= 1.83.0" + }, + { + "version_affected": "=", + "version_value": "= 1.82.0" + }, + { + "version_affected": "=", + "version_value": "= 1.81.0" + }, + { + "version_affected": "=", + "version_value": "= 1.80.0" + }, + { + "version_affected": "=", + "version_value": "= 1.79.0" + }, + { + "version_affected": "=", + "version_value": ">= 1.78, < 1.78.8" + }, + { + "version_affected": "=", + "version_value": ">= 1.77, < 1.77.4" + }, + { + "version_affected": "=", + "version_value": "= 1.76.0" + }, + { + "version_affected": "=", + "version_value": "= 1.75.0" + }, + { + "version_affected": "=", + "version_value": "= 1.74.0" + }, + { + "version_affected": "=", + "version_value": ">= 1.73.0, < 1.73.5" + }, + { + "version_affected": "=", + "version_value": "= 1.72.0" + }, + { + "version_affected": "=", + "version_value": "= 1.71.0" + }, + { + "version_affected": "=", + "version_value": ">= 1.70.0, < 1.70.4" + }, + { + "version_affected": "=", + "version_value": "= 1.69.0" + }, + { + "version_affected": "=", + "version_value": ">= 1.68.0, < 1.68.2" + }, + { + "version_affected": "=", + "version_value": ">= 1.67.0, < 1.67.3" + }, + { + "version_affected": "=", + "version_value": ">= 1.66.0, < 1.66.6" + }, + { + "version_affected": "=", + "version_value": "= 1.65.0" + }, + { + "version_affected": "=", + "version_value": "= 1.64.0" + }, + { + "version_affected": "=", + "version_value": ">= 1.63.0, < 1.63.2" + }, + { + "version_affected": "=", + "version_value": ">= 1.62.0, < 1.62.2" + }, + { + "version_affected": "=", + "version_value": ">= 1.61.0, < 1.61.2" + }, + { + "version_affected": "=", + "version_value": "= 1.60.0" + }, + { + "version_affected": "=", + "version_value": ">= 1.59.0, < 1.59.2" + }, + { + "version_affected": "=", + "version_value": "= 1.58.0" + }, + { + "version_affected": "=", + "version_value": "= 1.57.0" + }, + { + "version_affected": "=", + "version_value": ">= 1.56.0, < 1.56.3" + }, + { + "version_affected": "=", + "version_value": "= 1.55.0" + }, + { + "version_affected": "=", + "version_value": ">= 1.54.0, < 1.54.2" + }, + { + "version_affected": "=", + "version_value": "= 1.53.0" + }, + { + "version_affected": "=", + "version_value": "= 1.52.0" + }, + { + "version_affected": "=", + "version_value": "= 1.51.0" + }, + { + "version_affected": "=", + "version_value": ">= 1.50.0, < 1.50.2" + }, + { + "version_affected": "=", + "version_value": "= 1.49.0" + }, + { + "version_affected": "=", + "version_value": "= 1.48.0" + }, + { + "version_affected": "=", + "version_value": ">= 1.47.0, < 1.47.5" + }, + { + "version_affected": "=", + "version_value": "= 1.46.0" + }, + { + "version_affected": "=", + "version_value": "= 1.45.0" + }, + { + "version_affected": "=", + "version_value": ">= 1.44.0, < 1.44.4" + }, + { + "version_affected": "=", + "version_value": ">= 1.43.0, < 1.43.7" + }, + { + "version_affected": "=", + "version_value": "= 1.42.0" + }, + { + "version_affected": "=", + "version_value": ">= 1.41.0, < 1.41.11" + }, + { + "version_affected": "=", + "version_value": ">= 1.40.0, < 1.40.2" + }, + { + "version_affected": "=", + "version_value": ">= 1.39.0, < 1.39.2" + }, + { + "version_affected": "=", + "version_value": "= 1.38.0" + }, + { + "version_affected": "=", + "version_value": ">= 1.37.0, < 1.37.3" + }, + { + "version_affected": "=", + "version_value": "= 1.36.0" + }, + { + "version_affected": "=", + "version_value": ">= 1.35.0, < 1.35.2" + }, + { + "version_affected": "=", + "version_value": "= 1.34.0" + }, + { + "version_affected": "=", + "version_value": "= 1.33.0" + }, + { + "version_affected": "=", + "version_value": ">= 1.32.0, < 1.32.2" + }, + { + "version_affected": "=", + "version_value": "= 1.31.0" + }, + { + "version_affected": "=", + "version_value": ">= 1.30.0, < 1.30.3" + }, + { + "version_affected": "=", + "version_value": ">= 1.29.0, < 1.29.4" + }, + { + "version_affected": "=", + "version_value": "= 1.28.0" + }, + { + "version_affected": "=", + "version_value": "= 1.27.0" + }, + { + "version_affected": "=", + "version_value": "= 1.26.0" + }, + { + "version_affected": "=", + "version_value": "= 1.25.0" + }, + { + "version_affected": "=", + "version_value": ">= 1.24.0, < 1.24.3" + }, + { + "version_affected": "=", + "version_value": "= 1.23.0" + }, + { + "version_affected": "=", + "version_value": "= 1.22.0" + }, + { + "version_affected": "=", + "version_value": "= 1.21.0" + }, + { + "version_affected": "=", + "version_value": ">= 1.20.0, < 1.20.3" + }, + { + "version_affected": "=", + "version_value": "= 1.19.0" + }, + { + "version_affected": "=", + "version_value": "= 1.18.0" + }, + { + "version_affected": "=", + "version_value": "= 1.17.0" + }, + { + "version_affected": "=", + "version_value": ">= 1.16.0, < 1.16.2" + }, + { + "version_affected": "=", + "version_value": "= 1.15.0" + }, + { + "version_affected": "=", + "version_value": "= 1.14.0" + }, + { + "version_affected": "=", + "version_value": "= 1.13.0" + }, + { + "version_affected": "=", + "version_value": "= 1.12.0" + }, + { + "version_affected": "=", + "version_value": "= 1.11.0" + }, + { + "version_affected": "=", + "version_value": ">= 1.10.0, < 1.10.2" + }, + { + "version_affected": "=", + "version_value": " >= 1.9.0, < 1.9.2" + }, + { + "version_affected": "=", + "version_value": "= 1.8.0" + }, + { + "version_affected": "=", + "version_value": ">= 1.7.0, < 1.7.2" + }, + { + "version_affected": "=", + "version_value": "= 1.6.0" + }, + { + "version_affected": "=", + "version_value": "= 1.5.0" + }, + { + "version_affected": "=", + "version_value": "= 1.4.0" + }, + { + "version_affected": "=", + "version_value": "= 1.3.0" + }, + { + "version_affected": "=", + "version_value": ">= 1.2.0, < 1.2.8" + }, + { + "version_affected": "=", + "version_value": ">= 1.1.0, < 1.1.2" + }, + { + "version_affected": "=", + "version_value": "< 1.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-8m45-2rjm-j347", + "refsource": "MISC", + "name": "https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-8m45-2rjm-j347" + }, + { + "url": "https://github.com/solana-labs/solana-web3.js/commit/77d935221a4805107b20b60ae7c1148725e4e2d0", + "refsource": "MISC", + "name": "https://github.com/solana-labs/solana-web3.js/commit/77d935221a4805107b20b60ae7c1148725e4e2d0" + } + ] + }, + "source": { + "advisory": "GHSA-8m45-2rjm-j347", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/30xxx/CVE-2024-30979.json b/2024/30xxx/CVE-2024-30979.json index 522f783a7e6..15a3016e21e 100644 --- a/2024/30xxx/CVE-2024-30979.json +++ b/2024/30xxx/CVE-2024-30979.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30979", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30979", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability in Cyber Cafe Management System 1.0 allows a remote attacker to execute arbitrary code via the compname parameter in edit-computer-details.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://medium.com/@shanunirwan/cve-2024-30979-stored-cross-site-scripting-xss-in-cyber-cafe-management-system-project-ccms-1-44b10f50817b", + "url": "https://medium.com/@shanunirwan/cve-2024-30979-stored-cross-site-scripting-xss-in-cyber-cafe-management-system-project-ccms-1-44b10f50817b" } ] } diff --git a/2024/31xxx/CVE-2024-31463.json b/2024/31xxx/CVE-2024-31463.json index d557702f032..d60494f3042 100644 --- a/2024/31xxx/CVE-2024-31463.json +++ b/2024/31xxx/CVE-2024-31463.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31463", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Ironic-image is an OpenStack Ironic deployment packaged and configured by Metal3. When the reverse proxy mode is enabled by the `IRONIC_REVERSE_PROXY_SETUP` variable set to `true`, 1) HTTP basic credentials are validated on the HTTPD side in a separate container, not in the Ironic service itself and 2) Ironic listens in host network on a private port 6388 on localhost by default. As a result, when the reverse proxy mode is used, any Pod or local Unix user on the control plane Node can access the Ironic API on the private port without authentication. A similar problem affects Ironic Inspector (`INSPECTOR_REVERSE_PROXY_SETUP` set to `true`), although the attack potential is smaller there. This issue affects operators deploying ironic-image in the reverse proxy mode, which is the recommended mode when TLS is used (also recommended), with the `IRONIC_PRIVATE_PORT` variable unset or set to a numeric value. In this case, an attacker with enough privileges to launch a pod on the control plane with host networking can access Ironic API and use it to modify bare-metal machine, e.g. provision them with a new image or change their BIOS settings. This vulnerability is fixed in 24.1.1. " + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel", + "cweId": "CWE-288" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "metal3-io", + "product": { + "product_data": [ + { + "product_name": "ironic-image", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 24.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/metal3-io/ironic-image/security/advisories/GHSA-g2cm-9v5f-qg7r", + "refsource": "MISC", + "name": "https://github.com/metal3-io/ironic-image/security/advisories/GHSA-g2cm-9v5f-qg7r" + }, + { + "url": "https://github.com/metal3-io/ironic-image/pull/494", + "refsource": "MISC", + "name": "https://github.com/metal3-io/ironic-image/pull/494" + }, + { + "url": "https://github.com/metal3-io/ironic-image/commit/48e40bd30d49aefabac6fc80204a8650b13d10b4", + "refsource": "MISC", + "name": "https://github.com/metal3-io/ironic-image/commit/48e40bd30d49aefabac6fc80204a8650b13d10b4" + } + ] + }, + "source": { + "advisory": "GHSA-g2cm-9v5f-qg7r", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/32xxx/CVE-2024-32303.json b/2024/32xxx/CVE-2024-32303.json index 5528aaa11b0..516628d2248 100644 --- a/2024/32xxx/CVE-2024-32303.json +++ b/2024/32xxx/CVE-2024-32303.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-32303", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-32303", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/fromWizardHandle.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/fromWizardHandle.md" } ] } diff --git a/2024/32xxx/CVE-2024-32305.json b/2024/32xxx/CVE-2024-32305.json index 70f1d1840e5..f5cf691069e 100644 --- a/2024/32xxx/CVE-2024-32305.json +++ b/2024/32xxx/CVE-2024-32305.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-32305", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-32305", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda A18 v15.03.05.05 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/fromWizardHandle.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/fromWizardHandle.md" } ] } diff --git a/2024/32xxx/CVE-2024-32316.json b/2024/32xxx/CVE-2024-32316.json index bc349de0c96..0927120131b 100644 --- a/2024/32xxx/CVE-2024-32316.json +++ b/2024/32xxx/CVE-2024-32316.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-32316", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-32316", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability in the fromDhcpListClient function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/fromDhcpListClient_list1.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/fromDhcpListClient_list1.md" } ] } diff --git a/2024/32xxx/CVE-2024-32318.json b/2024/32xxx/CVE-2024-32318.json index 1209029c54c..764e57ac74a 100644 --- a/2024/32xxx/CVE-2024-32318.json +++ b/2024/32xxx/CVE-2024-32318.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-32318", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-32318", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the vlan parameter in the formSetVlanInfo function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/fromSetVlanInfo_vlan.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/fromSetVlanInfo_vlan.md" } ] } diff --git a/2024/32xxx/CVE-2024-32320.json b/2024/32xxx/CVE-2024-32320.json index cdbdfd46e71..84a56f43542 100644 --- a/2024/32xxx/CVE-2024-32320.json +++ b/2024/32xxx/CVE-2024-32320.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-32320", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-32320", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the timeZone parameter in the formSetTimeZone function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/formSetTimeZone.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/formSetTimeZone.md" } ] } diff --git a/2024/32xxx/CVE-2024-32463.json b/2024/32xxx/CVE-2024-32463.json index 07f4122cd7d..9ecf1be3084 100644 --- a/2024/32xxx/CVE-2024-32463.json +++ b/2024/32xxx/CVE-2024-32463.json @@ -1,17 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32463", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "phlex is an open source framework for building object-oriented views in Ruby. There is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. The filter to detect and prevent the use of the `javascript:` URL scheme in the `href` attribute of an `` tag could be bypassed with tab `\\t` or newline `\\n` characters between the characters of the protocol, e.g. `java\\tscript:`. This vulnerability is fixed in 1.10.1, 1.9.2, 1.8.3, 1.7.2, 1.6.3, 1.5.3, and 1.4.2. Configuring a Content Security Policy that does not allow `unsafe-inline` would effectively prevent this vulnerability from being exploited." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "phlex-ruby", + "product": { + "product_data": [ + { + "product_name": "phlex", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.10.0, < 1.10.1" + }, + { + "version_affected": "=", + "version_value": ">= 1.9.0, < 1.9.2" + }, + { + "version_affected": "=", + "version_value": ">= 1.8.0, < 1.8.3" + }, + { + "version_affected": "=", + "version_value": ">= 1.7.0, < 1.7.2" + }, + { + "version_affected": "=", + "version_value": ">= 1.6.0, < 1.6.3" + }, + { + "version_affected": "=", + "version_value": ">= 1.5.0, < 1.5.3" + }, + { + "version_affected": "=", + "version_value": ">= 1.4.0, < 1.4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/phlex-ruby/phlex/security/advisories/GHSA-g7xq-xv8c-h98c", + "refsource": "MISC", + "name": "https://github.com/phlex-ruby/phlex/security/advisories/GHSA-g7xq-xv8c-h98c" + }, + { + "url": "https://github.com/phlex-ruby/phlex/commit/9e3f5b980655817993682e409cbda72956d865cb", + "refsource": "MISC", + "name": "https://github.com/phlex-ruby/phlex/commit/9e3f5b980655817993682e409cbda72956d865cb" + }, + { + "url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy", + "refsource": "MISC", + "name": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy" + }, + { + "url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#unsafe-inline", + "refsource": "MISC", + "name": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#unsafe-inline" + } + ] + }, + "source": { + "advisory": "GHSA-g7xq-xv8c-h98c", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/32xxx/CVE-2024-32743.json b/2024/32xxx/CVE-2024-32743.json new file mode 100644 index 00000000000..f02b7832bd7 --- /dev/null +++ b/2024/32xxx/CVE-2024-32743.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-32743", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/32xxx/CVE-2024-32744.json b/2024/32xxx/CVE-2024-32744.json new file mode 100644 index 00000000000..c73281dbdcf --- /dev/null +++ b/2024/32xxx/CVE-2024-32744.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-32744", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/32xxx/CVE-2024-32745.json b/2024/32xxx/CVE-2024-32745.json new file mode 100644 index 00000000000..1ed3ac884f1 --- /dev/null +++ b/2024/32xxx/CVE-2024-32745.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-32745", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3825.json b/2024/3xxx/CVE-2024-3825.json index 48368afc219..f934fa990eb 100644 --- a/2024/3xxx/CVE-2024-3825.json +++ b/2024/3xxx/CVE-2024-3825.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3825", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@perforce.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw which results in credential enumeration\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Blazemeter", + "product": { + "product_data": [ + { + "product_name": "BlazeMeter Jenkins plugin", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0.0.0", + "version_value": "4.22" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://portal.perforce.com/s/detail/a91PA000001STsvYAG", + "refsource": "MISC", + "name": "https://portal.perforce.com/s/detail/a91PA000001STsvYAG" + }, + { + "url": "https://github.com/Blazemeter/blazemeter-jenkins-plugin/commit/11ec94f68136a0612ae1b37b5370053132cb2528", + "refsource": "MISC", + "name": "https://github.com/Blazemeter/blazemeter-jenkins-plugin/commit/11ec94f68136a0612ae1b37b5370053132cb2528" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/3xxx/CVE-2024-3922.json b/2024/3xxx/CVE-2024-3922.json new file mode 100644 index 00000000000..31799e8d067 --- /dev/null +++ b/2024/3xxx/CVE-2024-3922.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3922", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file