admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-01-07 09:00:55 +00:00
parent c820025a5e
commit c7ffc2213c
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
7 changed files with 51 additions and 378 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
2024/11xxx/CVE-2024-11625.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, 15.2.8400."
"value": "Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421."
}
]
},
@ -55,8 +55,9 @@
"version_value": "15.1.8327"
},
{
"version_affected": "=",
"version_value": "15.2.8400"
"version_affected": "<=",
"version_name": "15.2.8400",
"version_value": "15.2.8421"
}
]
}
@ -73,6 +74,11 @@
"url": "https://www.progress.com/sitefinity-cms",
"refsource": "MISC",
"name": "https://www.progress.com/sitefinity-cms"
},
{
"url": "https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-11625-and-CVE-2024-11626-January-2025",
"refsource": "MISC",
"name": "https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-11625-and-CVE-2024-11626-January-2025"
}
]
},

12
2024/11xxx/CVE-2024-11626.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, 15.2.8400."
"value": "Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421."
}
]
},
@ -55,8 +55,9 @@
"version_value": "15.1.8327"
},
{
"version_affected": "=",
"version_value": "15.2.8400"
"version_affected": "<=",
"version_name": "15.2.8400",
"version_value": "15.2.8421"
}
]
}
@ -73,6 +74,11 @@
"url": "https://www.progress.com/sitefinity-cms",
"refsource": "MISC",
"name": "https://www.progress.com/sitefinity-cms"
},
{
"url": "https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-11625-and-CVE-2024-11626-January-2025",
"refsource": "MISC",
"name": "https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-11625-and-CVE-2024-11626-January-2025"
}
]
},

12
2024/11xxx/CVE-2024-11627.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": ": Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, 15.2.8400."
"value": ": Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327,\u00a0from 15.2.8400 through 15.2.8421."
}
]
},
@ -55,8 +55,9 @@
"version_value": "15.1.8327"
},
{
"version_affected": "=",
"version_value": "15.2.8400"
"version_affected": "<=",
"version_name": "15.2.8400",
"version_value": "15.2.8421"
}
]
}
@ -73,6 +74,11 @@
"url": "https://www.progress.com/sitefinity-cms",
"refsource": "MISC",
"name": "https://www.progress.com/sitefinity-cms"
},
{
"url": "https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-11625-and-CVE-2024-11626-January-2025",
"refsource": "MISC",
"name": "https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-11625-and-CVE-2024-11626-January-2025"
}
]
},

18
2024/13xxx/CVE-2024-13175.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13175",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

165
2024/49xxx/CVE-2024-49967.json
View File

@ -5,175 +5,14 @@
"CVE_data_meta": {
"ID": "CVE-2024-49967",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: no need to continue when the number of entries is 1"
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "ac27a0ec112a",
"version_value": "64c8c484242b"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.19",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.19",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.323",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.285",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.227",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.168",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.113",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.55",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.10.14",
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.11.3",
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/64c8c484242b141998f7408596ddb2dc6da4b1d3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/64c8c484242b141998f7408596ddb2dc6da4b1d3"
},
{
"url": "https://git.kernel.org/stable/c/cdfd6ef391df332c9abb854f4530dd7bfbd71dc4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cdfd6ef391df332c9abb854f4530dd7bfbd71dc4"
},
{
"url": "https://git.kernel.org/stable/c/133ff0d78f1b160de011647bb65807195ca5d1ca",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/133ff0d78f1b160de011647bb65807195ca5d1ca"
},
{
"url": "https://git.kernel.org/stable/c/aca593e6070e21979430c344e9cb0b272a9e7e10",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/aca593e6070e21979430c344e9cb0b272a9e7e10"
},
{
"url": "https://git.kernel.org/stable/c/a02d7f5b24193aed451ac67aad3453472e79dc78",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a02d7f5b24193aed451ac67aad3453472e79dc78"
},
{
"url": "https://git.kernel.org/stable/c/2d64e7dada22ab589d1ac216a3661074d027f25e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2d64e7dada22ab589d1ac216a3661074d027f25e"
},
{
"url": "https://git.kernel.org/stable/c/fe192515d2937b8ed2d21921b558a06dd2031d21",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fe192515d2937b8ed2d21921b558a06dd2031d21"
},
{
"url": "https://git.kernel.org/stable/c/9d4b2e4c36bb88d57018c1cbc8b6a0c4b44a7f42",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9d4b2e4c36bb88d57018c1cbc8b6a0c4b44a7f42"
},
{
"url": "https://git.kernel.org/stable/c/1a00a393d6a7fb1e745a41edd09019bd6a0ad64c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1a00a393d6a7fb1e745a41edd09019bd6a0ad64c"
}
]
},
"generator": {
"engine": "bippy-8e903de6a542"
}
}

110
2024/56xxx/CVE-2024-56686.json
View File

@ -5,120 +5,14 @@
"CVE_data_meta": {
"ID": "CVE-2024-56686",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix race in buffer_head read fault injection\n\nWhen I enabled ext4 debug for fault injection testing, I encountered the\nfollowing warning:\n\n EXT4-fs error (device sda): ext4_read_inode_bitmap:201: comm fsstress:\n Cannot read inode bitmap - block_group = 8, inode_bitmap = 1051\n WARNING: CPU: 0 PID: 511 at fs/buffer.c:1181 mark_buffer_dirty+0x1b3/0x1d0\n\nThe root cause of the issue lies in the improper implementation of ext4's\nbuffer_head read fault injection. The actual completion of buffer_head\nread and the buffer_head fault injection are not atomic, which can lead\nto the uptodate flag being cleared on normally used buffer_heads in race\nconditions.\n\n[CPU0] [CPU1] [CPU2]\next4_read_inode_bitmap\n ext4_read_bh()\n <bh read complete>\n ext4_read_inode_bitmap\n if (buffer_uptodate(bh))\n return bh\n jbd2_journal_commit_transaction\n __jbd2_journal_refile_buffer\n __jbd2_journal_unfile_buffer\n __jbd2_journal_temp_unlink_buffer\n ext4_simulate_fail_bh()\n clear_buffer_uptodate\n mark_buffer_dirty\n <report warning>\n WARN_ON_ONCE(!buffer_uptodate(bh))\n\nThe best approach would be to perform fault injection in the IO completion\ncallback function, rather than after IO completion. However, the IO\ncompletion callback function cannot get the fault injection code in sb.\n\nFix it by passing the result of fault injection into the bh read function,\nwe simulate faults within the bh read function itself. This requires adding\nan extra parameter to the bh read functions that need fault injection."
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "46f870d690fecc792a66730dcbbf0aa109f5f9ab",
"version_value": "77035e4d27e15f87ea55929c8bb8fb1970129e2f"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.6",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.6",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.64",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.11.11",
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.2",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/77035e4d27e15f87ea55929c8bb8fb1970129e2f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/77035e4d27e15f87ea55929c8bb8fb1970129e2f"
},
{
"url": "https://git.kernel.org/stable/c/25a5acf88fed59e060405bbb48098f4a3a2c2adc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/25a5acf88fed59e060405bbb48098f4a3a2c2adc"
},
{
"url": "https://git.kernel.org/stable/c/61832ee7fa2fbd569d129379e795038abfb0d128",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/61832ee7fa2fbd569d129379e795038abfb0d128"
},
{
"url": "https://git.kernel.org/stable/c/2f3d93e210b9c2866c8b3662adae427d5bf511ec",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2f3d93e210b9c2866c8b3662adae427d5bf511ec"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

100
2024/56xxx/CVE-2024-56762.json
View File

@ -5,110 +5,14 @@
"CVE_data_meta": {
"ID": "CVE-2024-56762",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/sqpoll: fix sqpoll error handling races\n\nBUG: KASAN: slab-use-after-free in __lock_acquire+0x370b/0x4a10 kernel/locking/lockdep.c:5089\nCall Trace:\n<TASK>\n...\n_raw_spin_lock_irqsave+0x3d/0x60 kernel/locking/spinlock.c:162\nclass_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]\ntry_to_wake_up+0xb5/0x23c0 kernel/sched/core.c:4205\nio_sq_thread_park+0xac/0xe0 io_uring/sqpoll.c:55\nio_sq_thread_finish+0x6b/0x310 io_uring/sqpoll.c:96\nio_sq_offload_create+0x162/0x11d0 io_uring/sqpoll.c:497\nio_uring_create io_uring/io_uring.c:3724 [inline]\nio_uring_setup+0x1728/0x3230 io_uring/io_uring.c:3806\n...\n\nKun Hu reports that the SQPOLL creating error path has UAF, which\nhappens if io_uring_alloc_task_context() fails and then io_sq_thread()\nmanages to run and complete before the rest of error handling code,\nwhich means io_sq_thread_finish() is looking at already killed task.\n\nNote that this is mostly theoretical, requiring fault injection on\nthe allocation side to trigger in practice."
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "6237331361711810d8f2e3fbfe2f7a6f9548f5e0"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.123",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.69",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.8",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc5",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/6237331361711810d8f2e3fbfe2f7a6f9548f5e0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6237331361711810d8f2e3fbfe2f7a6f9548f5e0"
},
{
"url": "https://git.kernel.org/stable/c/80120bb4eef7848d5aa3b1a0cd88367cd05fbe03",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/80120bb4eef7848d5aa3b1a0cd88367cd05fbe03"
},
{
"url": "https://git.kernel.org/stable/c/8e8494c83cf73168118587e9567e4f7e50ce4fd8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8e8494c83cf73168118587e9567e4f7e50ce4fd8"
},
{
"url": "https://git.kernel.org/stable/c/e33ac68e5e21ec1292490dfe061e75c0dbdd3bd4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e33ac68e5e21ec1292490dfe061e75c0dbdd3bd4"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}