diff --git a/2024/34xxx/CVE-2024-34777.json b/2024/34xxx/CVE-2024-34777.json new file mode 100644 index 00000000000..27d7ae7aafc --- /dev/null +++ b/2024/34xxx/CVE-2024-34777.json @@ -0,0 +1,135 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-34777", + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-mapping: benchmark: fix node id validation\n\nWhile validating node ids in map_benchmark_ioctl(), node_possible() may\nbe provided with invalid argument outside of [0,MAX_NUMNODES-1] range\nleading to:\n\nBUG: KASAN: wild-memory-access in map_benchmark_ioctl (kernel/dma/map_benchmark.c:214)\nRead of size 8 at addr 1fffffff8ccb6398 by task dma_map_benchma/971\nCPU: 7 PID: 971 Comm: dma_map_benchma Not tainted 6.9.0-rc6 #37\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n \ndump_stack_lvl (lib/dump_stack.c:117)\nkasan_report (mm/kasan/report.c:603)\nkasan_check_range (mm/kasan/generic.c:189)\nvariable_test_bit (arch/x86/include/asm/bitops.h:227) [inline]\narch_test_bit (arch/x86/include/asm/bitops.h:239) [inline]\n_test_bit at (include/asm-generic/bitops/instrumented-non-atomic.h:142) [inline]\nnode_state (include/linux/nodemask.h:423) [inline]\nmap_benchmark_ioctl (kernel/dma/map_benchmark.c:214)\nfull_proxy_unlocked_ioctl (fs/debugfs/file.c:333)\n__x64_sys_ioctl (fs/ioctl.c:890)\ndo_syscall_64 (arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nCompare node ids with sane bounds first. NUMA_NO_NODE is considered a\nspecial valid case meaning that benchmarking kthreads won't be bound to a\ncpuset of a given node.\n\nFound by Linux Verification Center (linuxtesting.org)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "65789daa8087", + "version_value": "35d31c8bd472" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.11", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.11", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.161", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.93", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.33", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9.4", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.10-rc2", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/35d31c8bd4722b107f5a2f5ddddce839de04b936", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/35d31c8bd4722b107f5a2f5ddddce839de04b936" + }, + { + "url": "https://git.kernel.org/stable/c/c57874265a3c5206d7aece3793bb2fc9abcd7570", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/c57874265a3c5206d7aece3793bb2fc9abcd7570" + }, + { + "url": "https://git.kernel.org/stable/c/34a816d8735f3924b74be8e5bf766ade1f3bd10b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/34a816d8735f3924b74be8e5bf766ade1f3bd10b" + }, + { + "url": "https://git.kernel.org/stable/c/63e7e05a48a35308aeddd7ecccb68363a5988e87", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/63e7e05a48a35308aeddd7ecccb68363a5988e87" + }, + { + "url": "https://git.kernel.org/stable/c/1ff05e723f7ca30644b8ec3fb093f16312e408ad", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/1ff05e723f7ca30644b8ec3fb093f16312e408ad" + } + ] + }, + "generator": { + "engine": "bippy-7d53e8ef8be4" + } +} \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35779.json b/2024/35xxx/CVE-2024-35779.json index 210e2614f8e..28a42b70f1a 100644 --- a/2024/35xxx/CVE-2024-35779.json +++ b/2024/35xxx/CVE-2024-35779.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35779", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Live Composer Team Page Builder: Live Composer allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through 1.5.42." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Live Composer Team", + "product": { + "product_data": [ + { + "product_name": "Page Builder: Live Composer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.5.42" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/live-composer-page-builder/wordpress-page-builder-live-composer-plugin-1-5-42-contributor-shortcode-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/live-composer-page-builder/wordpress-page-builder-live-composer-plugin-1-5-42-contributor-shortcode-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "LVT-tholv2k (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/36xxx/CVE-2024-36288.json b/2024/36xxx/CVE-2024-36288.json new file mode 100644 index 00000000000..a668e557155 --- /dev/null +++ b/2024/36xxx/CVE-2024-36288.json @@ -0,0 +1,167 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-36288", + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix loop termination condition in gss_free_in_token_pages()\n\nThe in_token->pages[] array is not NULL terminated. This results in\nthe following KASAN splat:\n\n KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f]" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "ab8466d4e268", + "version_value": "57ff6c0a1759" + }, + { + "version_affected": "<", + "version_name": "4420b73c7f26", + "version_value": "6ed45d20d300" + }, + { + "version_affected": "<", + "version_name": "f148a95f68c6", + "version_value": "4cefcd0af745" + }, + { + "version_affected": "<", + "version_name": "fe0b474974fe", + "version_value": "b4878ea99f2b" + }, + { + "version_affected": "<", + "version_name": "879fe60fccd5", + "version_value": "f9977e4e0cd9" + }, + { + "version_affected": "<", + "version_name": "c1d8c429e4d2", + "version_value": "af628d43a822" + }, + { + "version_affected": "<", + "version_name": "8ca148915670", + "version_value": "0a1cb0c6102b" + }, + { + "version_affected": "<", + "version_name": "bafa6b4d95d9", + "version_value": "4a77c3dead97" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.10-rc1", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.10-rc1", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9.4", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.10-rc3", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/57ff6c0a175930856213b2aa39f8c845a53e5b1c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/57ff6c0a175930856213b2aa39f8c845a53e5b1c" + }, + { + "url": "https://git.kernel.org/stable/c/6ed45d20d30005bed94c8c527ce51d5ad8121018", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6ed45d20d30005bed94c8c527ce51d5ad8121018" + }, + { + "url": "https://git.kernel.org/stable/c/4cefcd0af7458bdeff56a9d8dfc6868ce23d128a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4cefcd0af7458bdeff56a9d8dfc6868ce23d128a" + }, + { + "url": "https://git.kernel.org/stable/c/b4878ea99f2b40ef1925720b1b4ca7f4af1ba785", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b4878ea99f2b40ef1925720b1b4ca7f4af1ba785" + }, + { + "url": "https://git.kernel.org/stable/c/f9977e4e0cd98a5f06f2492b4f3547db58deabf5", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f9977e4e0cd98a5f06f2492b4f3547db58deabf5" + }, + { + "url": "https://git.kernel.org/stable/c/af628d43a822b78ad8d4a58d8259f8bf8bc71115", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/af628d43a822b78ad8d4a58d8259f8bf8bc71115" + }, + { + "url": "https://git.kernel.org/stable/c/0a1cb0c6102bb4fd310243588d39461da49497ad", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0a1cb0c6102bb4fd310243588d39461da49497ad" + }, + { + "url": "https://git.kernel.org/stable/c/4a77c3dead97339478c7422eb07bf4bf63577008", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4a77c3dead97339478c7422eb07bf4bf63577008" + } + ] + }, + "generator": { + "engine": "bippy-7d53e8ef8be4" + } +} \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36477.json b/2024/36xxx/CVE-2024-36477.json new file mode 100644 index 00000000000..75c8eeea6ca --- /dev/null +++ b/2024/36xxx/CVE-2024-36477.json @@ -0,0 +1,113 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-36477", + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer\n\nThe TPM SPI transfer mechanism uses MAX_SPI_FRAMESIZE for computing the\nmaximum transfer length and the size of the transfer buffer. As such, it\ndoes not account for the 4 bytes of header that prepends the SPI data\nframe. This can result in out-of-bounds accesses and was confirmed with\nKASAN.\n\nIntroduce SPI_HDRSIZE to account for the header and use to allocate the\ntransfer buffer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "a86a42ac2bd6", + "version_value": "1547183852dc" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.6", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.6", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.33", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9.4", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.10-rc2", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/1547183852dcdfcc25878db7dd3620509217b0cd", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/1547183852dcdfcc25878db7dd3620509217b0cd" + }, + { + "url": "https://git.kernel.org/stable/c/de13c56f99477b56980c7e00b09c776d16b7563d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/de13c56f99477b56980c7e00b09c776d16b7563d" + }, + { + "url": "https://git.kernel.org/stable/c/195aba96b854dd664768f382cd1db375d8181f88", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/195aba96b854dd664768f382cd1db375d8181f88" + } + ] + }, + "generator": { + "engine": "bippy-7d53e8ef8be4" + } +} \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36481.json b/2024/36xxx/CVE-2024-36481.json new file mode 100644 index 00000000000..6c5404d4a75 --- /dev/null +++ b/2024/36xxx/CVE-2024-36481.json @@ -0,0 +1,113 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-36481", + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/probes: fix error check in parse_btf_field()\n\nbtf_find_struct_member() might return NULL or an error via the\nERR_PTR() macro. However, its caller in parse_btf_field() only checks\nfor the NULL condition. Fix this by using IS_ERR() and returning the\nerror up the stack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "c440adfbe302", + "version_value": "ad4b202da2c4" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.6", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.6", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.33", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9.4", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.10-rc2", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/ad4b202da2c498fefb69e5d87f67b946e7fe1e6a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ad4b202da2c498fefb69e5d87f67b946e7fe1e6a" + }, + { + "url": "https://git.kernel.org/stable/c/4ed468edfeb54c7202e559eba74c25fac6a0dad0", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4ed468edfeb54c7202e559eba74c25fac6a0dad0" + }, + { + "url": "https://git.kernel.org/stable/c/e569eb34970281438e2b48a3ef11c87459fcfbcb", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e569eb34970281438e2b48a3ef11c87459fcfbcb" + } + ] + }, + "generator": { + "engine": "bippy-7d53e8ef8be4" + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38384.json b/2024/38xxx/CVE-2024-38384.json new file mode 100644 index 00000000000..9a0db76d053 --- /dev/null +++ b/2024/38xxx/CVE-2024-38384.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38384", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38662.json b/2024/38xxx/CVE-2024-38662.json index c53969cad1b..f6d16aee481 100644 --- a/2024/38xxx/CVE-2024-38662.json +++ b/2024/38xxx/CVE-2024-38662.json @@ -1,18 +1,166 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38662", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Allow delete from sockmap/sockhash only if update is allowed\n\nWe have seen an influx of syzkaller reports where a BPF program attached to\na tracepoint triggers a locking rule violation by performing a map_delete\non a sockmap/sockhash.\n\nWe don't intend to support this artificial use scenario. Extend the\nexisting verifier allowed-program-type check for updating sockmap/sockhash\nto also cover deleting from a map.\n\nFrom now on only BPF programs which were previously allowed to update\nsockmap/sockhash can delete from these map types." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "dd54b48db0c8", + "version_value": "29467edc2381" + }, + { + "version_affected": "<", + "version_name": "d1e73fb19a4c", + "version_value": "11e8ecc5b860" + }, + { + "version_affected": "<", + "version_name": "a44770fed865", + "version_value": "6693b172f008" + }, + { + "version_affected": "<", + "version_name": "668b3074aa14", + "version_value": "000a65bf1dc0" + }, + { + "version_affected": "<", + "version_name": "ff9105993240", + "version_value": "b81e1c5a3c70" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.9", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.9", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.219", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.161", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.93", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.33", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9.4", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.10-rc2", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/29467edc23818dc5a33042ffb4920b49b090e63d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/29467edc23818dc5a33042ffb4920b49b090e63d" + }, + { + "url": "https://git.kernel.org/stable/c/11e8ecc5b86037fec43d07b1c162e233e131b1d9", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/11e8ecc5b86037fec43d07b1c162e233e131b1d9" + }, + { + "url": "https://git.kernel.org/stable/c/6693b172f008846811f48a099f33effc26068e1e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6693b172f008846811f48a099f33effc26068e1e" + }, + { + "url": "https://git.kernel.org/stable/c/000a65bf1dc04fb2b65e2abf116f0bc0fc2ee7b1", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/000a65bf1dc04fb2b65e2abf116f0bc0fc2ee7b1" + }, + { + "url": "https://git.kernel.org/stable/c/b81e1c5a3c70398cf76631ede63a03616ed1ba3c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b81e1c5a3c70398cf76631ede63a03616ed1ba3c" + }, + { + "url": "https://git.kernel.org/stable/c/98e948fb60d41447fd8d2d0c3b8637fc6b6dc26d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/98e948fb60d41447fd8d2d0c3b8637fc6b6dc26d" + } + ] + }, + "generator": { + "engine": "bippy-7d53e8ef8be4" } } \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38663.json b/2024/38xxx/CVE-2024-38663.json new file mode 100644 index 00000000000..3d72474f1eb --- /dev/null +++ b/2024/38xxx/CVE-2024-38663.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38663", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38664.json b/2024/38xxx/CVE-2024-38664.json new file mode 100644 index 00000000000..e8e183f148e --- /dev/null +++ b/2024/38xxx/CVE-2024-38664.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38664", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38667.json b/2024/38xxx/CVE-2024-38667.json new file mode 100644 index 00000000000..18460ca820f --- /dev/null +++ b/2024/38xxx/CVE-2024-38667.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38667", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38780.json b/2024/38xxx/CVE-2024-38780.json index 7422963b02d..15ef45686aa 100644 --- a/2024/38xxx/CVE-2024-38780.json +++ b/2024/38xxx/CVE-2024-38780.json @@ -1,18 +1,168 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38780", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf/sw-sync: don't enable IRQ from sync_print_obj()\n\nSince commit a6aa8fca4d79 (\"dma-buf/sw-sync: Reduce irqsave/irqrestore from\nknown context\") by error replaced spin_unlock_irqrestore() with\nspin_unlock_irq() for both sync_debugfs_show() and sync_print_obj() despite\nsync_print_obj() is called from sync_debugfs_show(), lockdep complains\ninconsistent lock state warning.\n\nUse plain spin_{lock,unlock}() for sync_print_obj(), for\nsync_debugfs_show() is already using spin_{lock,unlock}_irq()." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "a6aa8fca4d79", + "version_value": "1ff116f68560" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.14", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.14", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.316", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.278", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.219", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.161", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.93", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.33", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9.4", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.10-rc2", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/1ff116f68560a25656933d5a18e7619cb6773d8a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/1ff116f68560a25656933d5a18e7619cb6773d8a" + }, + { + "url": "https://git.kernel.org/stable/c/165b25e3ee9333f7b04f8db43895beacb51582ed", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/165b25e3ee9333f7b04f8db43895beacb51582ed" + }, + { + "url": "https://git.kernel.org/stable/c/ae6fc4e6a3322f6d1c8ff59150d8469487a73dd8", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ae6fc4e6a3322f6d1c8ff59150d8469487a73dd8" + }, + { + "url": "https://git.kernel.org/stable/c/9d75fab2c14a25553a1664586ed122c316bd1878", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9d75fab2c14a25553a1664586ed122c316bd1878" + }, + { + "url": "https://git.kernel.org/stable/c/242b30466879e6defa521573c27e12018276c33a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/242b30466879e6defa521573c27e12018276c33a" + }, + { + "url": "https://git.kernel.org/stable/c/a4ee78244445ab73af22bfc5a5fc543963b25aef", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a4ee78244445ab73af22bfc5a5fc543963b25aef" + }, + { + "url": "https://git.kernel.org/stable/c/8a283cdfc8beeb14024387a925247b563d614e1e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/8a283cdfc8beeb14024387a925247b563d614e1e" + }, + { + "url": "https://git.kernel.org/stable/c/b794918961516f667b0c745aebdfebbb8a98df39", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b794918961516f667b0c745aebdfebbb8a98df39" + } + ] + }, + "generator": { + "engine": "bippy-7d53e8ef8be4" } } \ No newline at end of file diff --git a/2024/39xxx/CVE-2024-39277.json b/2024/39xxx/CVE-2024-39277.json index eed82e71558..eea921be0bd 100644 --- a/2024/39xxx/CVE-2024-39277.json +++ b/2024/39xxx/CVE-2024-39277.json @@ -1,18 +1,135 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-39277", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-mapping: benchmark: handle NUMA_NO_NODE correctly\n\ncpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark()\nresulting in the following sanitizer report:\n\nUBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28\nindex -1 is out of range for type 'cpumask [64][1]'\nCPU: 1 PID: 990 Comm: dma_map_benchma Not tainted 6.9.0-rc6 #29\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n \ndump_stack_lvl (lib/dump_stack.c:117)\nubsan_epilogue (lib/ubsan.c:232)\n__ubsan_handle_out_of_bounds (lib/ubsan.c:429)\ncpumask_of_node (arch/x86/include/asm/topology.h:72) [inline]\ndo_map_benchmark (kernel/dma/map_benchmark.c:104)\nmap_benchmark_ioctl (kernel/dma/map_benchmark.c:246)\nfull_proxy_unlocked_ioctl (fs/debugfs/file.c:333)\n__x64_sys_ioctl (fs/ioctl.c:890)\ndo_syscall_64 (arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nUse cpumask_of_node() in place when binding a kernel thread to a cpuset\nof a particular node.\n\nNote that the provided node id is checked inside map_benchmark_ioctl().\nIt's just a NUMA_NO_NODE case which is not handled properly later.\n\nFound by Linux Verification Center (linuxtesting.org)." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "65789daa8087", + "version_value": "b41b0018e8ca" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.11", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.11", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.161", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.93", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.33", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9.4", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.10-rc2", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/b41b0018e8ca06e985e87220a618ec633988fd13", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b41b0018e8ca06e985e87220a618ec633988fd13" + }, + { + "url": "https://git.kernel.org/stable/c/8e1ba9df9a35e8dc64f657a64e523c79ba01e464", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/8e1ba9df9a35e8dc64f657a64e523c79ba01e464" + }, + { + "url": "https://git.kernel.org/stable/c/5a91116b003175302f2e6ad94b76fb9b5a141a41", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5a91116b003175302f2e6ad94b76fb9b5a141a41" + }, + { + "url": "https://git.kernel.org/stable/c/50ee21bfc005e69f183d6b4b454e33f0c2571e1f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/50ee21bfc005e69f183d6b4b454e33f0c2571e1f" + }, + { + "url": "https://git.kernel.org/stable/c/e64746e74f717961250a155e14c156616fcd981f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e64746e74f717961250a155e14c156616fcd981f" + } + ] + }, + "generator": { + "engine": "bippy-7d53e8ef8be4" } } \ No newline at end of file diff --git a/2024/39xxx/CVE-2024-39291.json b/2024/39xxx/CVE-2024-39291.json new file mode 100644 index 00000000000..3f9fa758087 --- /dev/null +++ b/2024/39xxx/CVE-2024-39291.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-39291", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/39xxx/CVE-2024-39292.json b/2024/39xxx/CVE-2024-39292.json new file mode 100644 index 00000000000..765a2ebf043 --- /dev/null +++ b/2024/39xxx/CVE-2024-39292.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-39292", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5058.json b/2024/5xxx/CVE-2024-5058.json index 5d62054dd79..e22f58813df 100644 --- a/2024/5xxx/CVE-2024-5058.json +++ b/2024/5xxx/CVE-2024-5058.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5058", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Typing Text allows Stored XSS.This issue affects Typing Text: from n/a through 1.2.5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WPDeveloper", + "product": { + "product_data": [ + { + "product_name": "Typing Text", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.2.6", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.2.5", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/typing-text/wordpress-typing-text-plugin-1-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/typing-text/wordpress-typing-text-plugin-1-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.2.6 or a higher version." + } + ], + "value": "Update to 1.2.6 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "vps1- (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] }