admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-07-02 19:00:33 +00:00
parent 0f96fff9e3
commit 7a81bff9d9
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
9 changed files with 439 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
2022/25xxx/CVE-2022-25477.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25477",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-25477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 leaks driver logs that contain addresses of kernel mode objects, weakening KASLR."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://realtek.com",
"refsource": "MISC",
"name": "http://realtek.com"
},
{
"refsource": "CONFIRM",
"name": "https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf",
"url": "https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a",
"url": "https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a"
}
]
}

66
2022/25xxx/CVE-2022-25478.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25478",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-25478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 provides read and write access to the PCI configuration space of the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://realtek.com",
"refsource": "MISC",
"name": "http://realtek.com"
},
{
"refsource": "CONFIRM",
"name": "https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf",
"url": "https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a",
"url": "https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a"
}
]
}

66
2022/25xxx/CVE-2022-25479.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25479",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-25479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows for the leakage of kernel memory from both the stack and the heap."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://realtek.com",
"refsource": "MISC",
"name": "http://realtek.com"
},
{
"refsource": "CONFIRM",
"name": "https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf",
"url": "https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a",
"url": "https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a"
}
]
}

66
2022/25xxx/CVE-2022-25480.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25480",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-25480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows writing to kernel memory beyond the SystemBuffer of the IRP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://realtek.com",
"refsource": "MISC",
"name": "http://realtek.com"
},
{
"refsource": "CONFIRM",
"name": "https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf",
"url": "https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a",
"url": "https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a"
}
]
}

72
2024/39xxx/CVE-2024-39894.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-39894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.openssh.com/txt/release-9.8",
"refsource": "MISC",
"name": "https://www.openssh.com/txt/release-9.8"
},
{
"url": "https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html",
"refsource": "MISC",
"name": "https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/07/02/1",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2024/07/02/1"
}
]
}
}

136
2024/6xxx/CVE-2024-6387.json
View File

@ -100,85 +100,45 @@
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/07/01/12"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/13",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/07/01/13"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/02/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/07/02/1"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-6387",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2024-6387"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294604",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2294604"
},
{
"url": "https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt",
"refsource": "MISC",
"name": "https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt"
},
{
"url": "https://github.com/zgzhang/cve-2024-6387-poc",
"refsource": "MISC",
"name": "https://github.com/zgzhang/cve-2024-6387-poc"
},
{
"url": "https://ubuntu.com/security/CVE-2024-6387",
"refsource": "MISC",
"name": "https://ubuntu.com/security/CVE-2024-6387"
},
{
"url": "https://ubuntu.com/security/notices/USN-6859-1",
"refsource": "MISC",
"name": "https://ubuntu.com/security/notices/USN-6859-1"
},
{
"url": "https://www.suse.com/security/cve/CVE-2024-6387.html",
"refsource": "MISC",
"name": "https://www.suse.com/security/cve/CVE-2024-6387.html"
},
{
"url": "https://explore.alas.aws.amazon.com/CVE-2024-6387.html",
"refsource": "MISC",
"name": "https://explore.alas.aws.amazon.com/CVE-2024-6387.html"
},
{
"url": "https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/",
"refsource": "MISC",
"name": "https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/"
},
{
"url": "https://www.openssh.com/txt/release-9.8",
"refsource": "MISC",
"name": "https://www.openssh.com/txt/release-9.8"
},
{
"url": "https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html",
"refsource": "MISC",
"name": "https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html"
},
{
"url": "https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html",
"refsource": "MISC",
"name": "https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html"
},
{
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server",
"refsource": "MISC",
"name": "https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server"
},
{
"url": "https://www.theregister.com/2024/07/01/regresshion_openssh/",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294604",
"refsource": "MISC",
"name": "https://www.theregister.com/2024/07/01/regresshion_openssh/"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2294604"
},
{
"url": "https://news.ycombinator.com/item?id=40843778",
"url": "https://explore.alas.aws.amazon.com/CVE-2024-6387.html",
"refsource": "MISC",
"name": "https://news.ycombinator.com/item?id=40843778"
"name": "https://explore.alas.aws.amazon.com/CVE-2024-6387.html"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2024-6387",
"url": "https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2024-6387"
"name": "https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc"
},
{
"url": "https://github.com/oracle/oracle-linux/issues/149",
@ -191,9 +151,24 @@
"name": "https://github.com/rapier1/hpn-ssh/issues/87"
},
{
"url": "https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/",
"url": "https://github.com/zgzhang/cve-2024-6387-poc",
"refsource": "MISC",
"name": "https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/"
"name": "https://github.com/zgzhang/cve-2024-6387-poc"
},
{
"url": "https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html",
"refsource": "MISC",
"name": "https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html"
},
{
"url": "https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html",
"refsource": "MISC",
"name": "https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html"
},
{
"url": "https://news.ycombinator.com/item?id=40843778",
"refsource": "MISC",
"name": "https://news.ycombinator.com/item?id=40843778"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010",
@ -201,9 +176,9 @@
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/13",
"url": "https://security-tracker.debian.org/tracker/CVE-2024-6387",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/07/01/13"
"name": "https://security-tracker.debian.org/tracker/CVE-2024-6387"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240701-0001/",
@ -211,16 +186,51 @@
"name": "https://security.netapp.com/advisory/ntap-20240701-0001/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/02/1",
"url": "https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/07/02/1"
"name": "https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/"
},
{
"url": "https://ubuntu.com/security/CVE-2024-6387",
"refsource": "MISC",
"name": "https://ubuntu.com/security/CVE-2024-6387"
},
{
"url": "https://ubuntu.com/security/notices/USN-6859-1",
"refsource": "MISC",
"name": "https://ubuntu.com/security/notices/USN-6859-1"
},
{
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc",
"refsource": "MISC",
"name": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc"
},
{
"url": "https://www.openssh.com/txt/release-9.8",
"refsource": "MISC",
"name": "https://www.openssh.com/txt/release-9.8"
},
{
"url": "https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt",
"refsource": "MISC",
"name": "https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt"
},
{
"url": "https://www.suse.com/security/cve/CVE-2024-6387.html",
"refsource": "MISC",
"name": "https://www.suse.com/security/cve/CVE-2024-6387.html"
},
{
"url": "https://www.theregister.com/2024/07/01/regresshion_openssh/",
"refsource": "MISC",
"name": "https://www.theregister.com/2024/07/01/regresshion_openssh/"
}
]
},
"work_around": [
{
"lang": "en",
"value": "This issue can be mitigated by setting the LoginGraceTime parameter to 0 in the sshd configuration file.\n\n1) As root user, open the /etc/ssh/sshd_config\n2) Add or edit the parameter configuration:\n~~~\nLoginGraceTime 0\n~~~\n3) Save and close the file\n4) Restart the sshd daemon:\n~~~\nsystemctl restart sshd.service\n~~~\n\nNotice the sshd server will still be vulnerable to Denial of Service attacks due to the possibility os MaxStartups connection exhaustion, however it'll be safe against possible remote code execution attacks."
"value": "This mitigation can protect against a remote code execution attack, however the sshd server will remain vulnerable to a Denial of Service attack due to the possibility of MaxStartups connection exhaustion. The below process disables the LoginGraceTime parameter:\n\n1) As root user, open the /etc/ssh/sshd_config\n2) Add or edit the parameter configuration:\n~~~\nLoginGraceTime 0\n~~~\n3) Save and close the file\n4) Restart the sshd daemon:\n~~~\nsystemctl restart sshd.service\n~~~"
}
],
"impact": {

18
2024/6xxx/CVE-2024-6456.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6456",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/6xxx/CVE-2024-6457.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6457",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/6xxx/CVE-2024-6458.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6458",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}