From c7ffc2213c63a4419f106a3b4dd75080f25ae038 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 7 Jan 2025 09:00:55 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/11xxx/CVE-2024-11625.json | 12 ++- 2024/11xxx/CVE-2024-11626.json | 12 ++- 2024/11xxx/CVE-2024-11627.json | 12 ++- 2024/13xxx/CVE-2024-13175.json | 18 ++++ 2024/49xxx/CVE-2024-49967.json | 165 +-------------------------------- 2024/56xxx/CVE-2024-56686.json | 110 +--------------------- 2024/56xxx/CVE-2024-56762.json | 100 +------------------- 7 files changed, 51 insertions(+), 378 deletions(-) create mode 100644 2024/13xxx/CVE-2024-13175.json diff --git a/2024/11xxx/CVE-2024-11625.json b/2024/11xxx/CVE-2024-11625.json index c3cfa94ecfd..a3add1b260f 100644 --- a/2024/11xxx/CVE-2024-11625.json +++ b/2024/11xxx/CVE-2024-11625.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, 15.2.8400." + "value": "Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421." } ] }, @@ -55,8 +55,9 @@ "version_value": "15.1.8327" }, { - "version_affected": "=", - "version_value": "15.2.8400" + "version_affected": "<=", + "version_name": "15.2.8400", + "version_value": "15.2.8421" } ] } @@ -73,6 +74,11 @@ "url": "https://www.progress.com/sitefinity-cms", "refsource": "MISC", "name": "https://www.progress.com/sitefinity-cms" + }, + { + "url": "https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-11625-and-CVE-2024-11626-January-2025", + "refsource": "MISC", + "name": "https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-11625-and-CVE-2024-11626-January-2025" } ] }, diff --git a/2024/11xxx/CVE-2024-11626.json b/2024/11xxx/CVE-2024-11626.json index 4325a9d06e6..202a04ab961 100644 --- a/2024/11xxx/CVE-2024-11626.json +++ b/2024/11xxx/CVE-2024-11626.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, 15.2.8400." + "value": "Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421." } ] }, @@ -55,8 +55,9 @@ "version_value": "15.1.8327" }, { - "version_affected": "=", - "version_value": "15.2.8400" + "version_affected": "<=", + "version_name": "15.2.8400", + "version_value": "15.2.8421" } ] } @@ -73,6 +74,11 @@ "url": "https://www.progress.com/sitefinity-cms", "refsource": "MISC", "name": "https://www.progress.com/sitefinity-cms" + }, + { + "url": "https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-11625-and-CVE-2024-11626-January-2025", + "refsource": "MISC", + "name": "https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-11625-and-CVE-2024-11626-January-2025" } ] }, diff --git a/2024/11xxx/CVE-2024-11627.json b/2024/11xxx/CVE-2024-11627.json index 3506c178fa1..01c8a081fd0 100644 --- a/2024/11xxx/CVE-2024-11627.json +++ b/2024/11xxx/CVE-2024-11627.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": ": Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, 15.2.8400." + "value": ": Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327,\u00a0from 15.2.8400 through 15.2.8421." } ] }, @@ -55,8 +55,9 @@ "version_value": "15.1.8327" }, { - "version_affected": "=", - "version_value": "15.2.8400" + "version_affected": "<=", + "version_name": "15.2.8400", + "version_value": "15.2.8421" } ] } @@ -73,6 +74,11 @@ "url": "https://www.progress.com/sitefinity-cms", "refsource": "MISC", "name": "https://www.progress.com/sitefinity-cms" + }, + { + "url": "https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-11625-and-CVE-2024-11626-January-2025", + "refsource": "MISC", + "name": "https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-11625-and-CVE-2024-11626-January-2025" } ] }, diff --git a/2024/13xxx/CVE-2024-13175.json b/2024/13xxx/CVE-2024-13175.json new file mode 100644 index 00000000000..81f8d096c31 --- /dev/null +++ b/2024/13xxx/CVE-2024-13175.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13175", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49967.json b/2024/49xxx/CVE-2024-49967.json index 8e591bf6d6e..ba91ebaa578 100644 --- a/2024/49xxx/CVE-2024-49967.json +++ b/2024/49xxx/CVE-2024-49967.json @@ -5,175 +5,14 @@ "CVE_data_meta": { "ID": "CVE-2024-49967", "ASSIGNER": "cve@kernel.org", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: no need to continue when the number of entries is 1" + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Linux", - "product": { - "product_data": [ - { - "product_name": "Linux", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "ac27a0ec112a", - "version_value": "64c8c484242b" - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "2.6.19", - "status": "affected" - }, - { - "version": "0", - "lessThan": "2.6.19", - "status": "unaffected", - "versionType": "semver" - }, - { - "version": "4.19.323", - "lessThanOrEqual": "4.19.*", - "status": "unaffected", - "versionType": "semver" - }, - { - "version": "5.4.285", - "lessThanOrEqual": "5.4.*", - "status": "unaffected", - "versionType": "semver" - }, - { - "version": "5.10.227", - "lessThanOrEqual": "5.10.*", - "status": "unaffected", - "versionType": "semver" - }, - { - "version": "5.15.168", - "lessThanOrEqual": "5.15.*", - "status": "unaffected", - "versionType": "semver" - }, - { - "version": "6.1.113", - "lessThanOrEqual": "6.1.*", - "status": "unaffected", - "versionType": "semver" - }, - { - "version": "6.6.55", - "lessThanOrEqual": "6.6.*", - "status": "unaffected", - "versionType": "semver" - }, - { - "version": "6.10.14", - "lessThanOrEqual": "6.10.*", - "status": "unaffected", - "versionType": "semver" - }, - { - "version": "6.11.3", - "lessThanOrEqual": "6.11.*", - "status": "unaffected", - "versionType": "semver" - }, - { - "version": "6.12", - "lessThanOrEqual": "*", - "status": "unaffected", - "versionType": "original_commit_for_fix" - } - ], - "defaultStatus": "affected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://git.kernel.org/stable/c/64c8c484242b141998f7408596ddb2dc6da4b1d3", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/64c8c484242b141998f7408596ddb2dc6da4b1d3" - }, - { - "url": "https://git.kernel.org/stable/c/cdfd6ef391df332c9abb854f4530dd7bfbd71dc4", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/cdfd6ef391df332c9abb854f4530dd7bfbd71dc4" - }, - { - "url": "https://git.kernel.org/stable/c/133ff0d78f1b160de011647bb65807195ca5d1ca", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/133ff0d78f1b160de011647bb65807195ca5d1ca" - }, - { - "url": "https://git.kernel.org/stable/c/aca593e6070e21979430c344e9cb0b272a9e7e10", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/aca593e6070e21979430c344e9cb0b272a9e7e10" - }, - { - "url": "https://git.kernel.org/stable/c/a02d7f5b24193aed451ac67aad3453472e79dc78", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/a02d7f5b24193aed451ac67aad3453472e79dc78" - }, - { - "url": "https://git.kernel.org/stable/c/2d64e7dada22ab589d1ac216a3661074d027f25e", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/2d64e7dada22ab589d1ac216a3661074d027f25e" - }, - { - "url": "https://git.kernel.org/stable/c/fe192515d2937b8ed2d21921b558a06dd2031d21", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/fe192515d2937b8ed2d21921b558a06dd2031d21" - }, - { - "url": "https://git.kernel.org/stable/c/9d4b2e4c36bb88d57018c1cbc8b6a0c4b44a7f42", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/9d4b2e4c36bb88d57018c1cbc8b6a0c4b44a7f42" - }, - { - "url": "https://git.kernel.org/stable/c/1a00a393d6a7fb1e745a41edd09019bd6a0ad64c", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/1a00a393d6a7fb1e745a41edd09019bd6a0ad64c" - } - ] - }, - "generator": { - "engine": "bippy-8e903de6a542" } } \ No newline at end of file diff --git a/2024/56xxx/CVE-2024-56686.json b/2024/56xxx/CVE-2024-56686.json index dda9cdeaf1c..83704ee6114 100644 --- a/2024/56xxx/CVE-2024-56686.json +++ b/2024/56xxx/CVE-2024-56686.json @@ -5,120 +5,14 @@ "CVE_data_meta": { "ID": "CVE-2024-56686", "ASSIGNER": "cve@kernel.org", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix race in buffer_head read fault injection\n\nWhen I enabled ext4 debug for fault injection testing, I encountered the\nfollowing warning:\n\n EXT4-fs error (device sda): ext4_read_inode_bitmap:201: comm fsstress:\n Cannot read inode bitmap - block_group = 8, inode_bitmap = 1051\n WARNING: CPU: 0 PID: 511 at fs/buffer.c:1181 mark_buffer_dirty+0x1b3/0x1d0\n\nThe root cause of the issue lies in the improper implementation of ext4's\nbuffer_head read fault injection. The actual completion of buffer_head\nread and the buffer_head fault injection are not atomic, which can lead\nto the uptodate flag being cleared on normally used buffer_heads in race\nconditions.\n\n[CPU0] [CPU1] [CPU2]\next4_read_inode_bitmap\n ext4_read_bh()\n \n ext4_read_inode_bitmap\n if (buffer_uptodate(bh))\n return bh\n jbd2_journal_commit_transaction\n __jbd2_journal_refile_buffer\n __jbd2_journal_unfile_buffer\n __jbd2_journal_temp_unlink_buffer\n ext4_simulate_fail_bh()\n clear_buffer_uptodate\n mark_buffer_dirty\n \n WARN_ON_ONCE(!buffer_uptodate(bh))\n\nThe best approach would be to perform fault injection in the IO completion\ncallback function, rather than after IO completion. However, the IO\ncompletion callback function cannot get the fault injection code in sb.\n\nFix it by passing the result of fault injection into the bh read function,\nwe simulate faults within the bh read function itself. This requires adding\nan extra parameter to the bh read functions that need fault injection." + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Linux", - "product": { - "product_data": [ - { - "product_name": "Linux", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "46f870d690fecc792a66730dcbbf0aa109f5f9ab", - "version_value": "77035e4d27e15f87ea55929c8bb8fb1970129e2f" - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "5.6", - "status": "affected" - }, - { - "version": "0", - "lessThan": "5.6", - "status": "unaffected", - "versionType": "semver" - }, - { - "version": "6.6.64", - "lessThanOrEqual": "6.6.*", - "status": "unaffected", - "versionType": "semver" - }, - { - "version": "6.11.11", - "lessThanOrEqual": "6.11.*", - "status": "unaffected", - "versionType": "semver" - }, - { - "version": "6.12.2", - "lessThanOrEqual": "6.12.*", - "status": "unaffected", - "versionType": "semver" - }, - { - "version": "6.13-rc1", - "lessThanOrEqual": "*", - "status": "unaffected", - "versionType": "original_commit_for_fix" - } - ], - "defaultStatus": "affected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://git.kernel.org/stable/c/77035e4d27e15f87ea55929c8bb8fb1970129e2f", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/77035e4d27e15f87ea55929c8bb8fb1970129e2f" - }, - { - "url": "https://git.kernel.org/stable/c/25a5acf88fed59e060405bbb48098f4a3a2c2adc", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/25a5acf88fed59e060405bbb48098f4a3a2c2adc" - }, - { - "url": "https://git.kernel.org/stable/c/61832ee7fa2fbd569d129379e795038abfb0d128", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/61832ee7fa2fbd569d129379e795038abfb0d128" - }, - { - "url": "https://git.kernel.org/stable/c/2f3d93e210b9c2866c8b3662adae427d5bf511ec", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/2f3d93e210b9c2866c8b3662adae427d5bf511ec" - } - ] - }, - "generator": { - "engine": "bippy-5f407fcff5a0" } } \ No newline at end of file diff --git a/2024/56xxx/CVE-2024-56762.json b/2024/56xxx/CVE-2024-56762.json index ba572ceea92..1015490b638 100644 --- a/2024/56xxx/CVE-2024-56762.json +++ b/2024/56xxx/CVE-2024-56762.json @@ -5,110 +5,14 @@ "CVE_data_meta": { "ID": "CVE-2024-56762", "ASSIGNER": "cve@kernel.org", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/sqpoll: fix sqpoll error handling races\n\nBUG: KASAN: slab-use-after-free in __lock_acquire+0x370b/0x4a10 kernel/locking/lockdep.c:5089\nCall Trace:\n\n...\n_raw_spin_lock_irqsave+0x3d/0x60 kernel/locking/spinlock.c:162\nclass_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]\ntry_to_wake_up+0xb5/0x23c0 kernel/sched/core.c:4205\nio_sq_thread_park+0xac/0xe0 io_uring/sqpoll.c:55\nio_sq_thread_finish+0x6b/0x310 io_uring/sqpoll.c:96\nio_sq_offload_create+0x162/0x11d0 io_uring/sqpoll.c:497\nio_uring_create io_uring/io_uring.c:3724 [inline]\nio_uring_setup+0x1728/0x3230 io_uring/io_uring.c:3806\n...\n\nKun Hu reports that the SQPOLL creating error path has UAF, which\nhappens if io_uring_alloc_task_context() fails and then io_sq_thread()\nmanages to run and complete before the rest of error handling code,\nwhich means io_sq_thread_finish() is looking at already killed task.\n\nNote that this is mostly theoretical, requiring fault injection on\nthe allocation side to trigger in practice." + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Linux", - "product": { - "product_data": [ - { - "product_name": "Linux", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", - "version_value": "6237331361711810d8f2e3fbfe2f7a6f9548f5e0" - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "6.1.123", - "lessThanOrEqual": "6.1.*", - "status": "unaffected", - "versionType": "semver" - }, - { - "version": "6.6.69", - "lessThanOrEqual": "6.6.*", - "status": "unaffected", - "versionType": "semver" - }, - { - "version": "6.12.8", - "lessThanOrEqual": "6.12.*", - "status": "unaffected", - "versionType": "semver" - }, - { - "version": "6.13-rc5", - "lessThanOrEqual": "*", - "status": "unaffected", - "versionType": "original_commit_for_fix" - } - ], - "defaultStatus": "affected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://git.kernel.org/stable/c/6237331361711810d8f2e3fbfe2f7a6f9548f5e0", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/6237331361711810d8f2e3fbfe2f7a6f9548f5e0" - }, - { - "url": "https://git.kernel.org/stable/c/80120bb4eef7848d5aa3b1a0cd88367cd05fbe03", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/80120bb4eef7848d5aa3b1a0cd88367cd05fbe03" - }, - { - "url": "https://git.kernel.org/stable/c/8e8494c83cf73168118587e9567e4f7e50ce4fd8", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/8e8494c83cf73168118587e9567e4f7e50ce4fd8" - }, - { - "url": "https://git.kernel.org/stable/c/e33ac68e5e21ec1292490dfe061e75c0dbdd3bd4", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/e33ac68e5e21ec1292490dfe061e75c0dbdd3bd4" - } - ] - }, - "generator": { - "engine": "bippy-5f407fcff5a0" } } \ No newline at end of file