mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
"-Synchronized-Data."
This commit is contained in:
parent
9b6d2b0cb4
commit
d178bc07a3
@ -1,18 +1,77 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29070",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@apache.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "On versions before 2.1.4,\u00a0session is not invalidated after logout. When the user logged in successfully, the Backend service returns \"Authorization\" as the front-end authentication credential. \"Authorization\" can still initiate requests and access data even after logout.\n\nMitigation:\n\nall users should upgrade to 2.1.4\n\n"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-613 Insufficient Session Expiration",
|
||||
"cweId": "CWE-613"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Apache Software Foundation",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Apache StreamPark",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "1.0.0",
|
||||
"version_value": "2.1.4"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://lists.apache.org/thread/zslblrz1l0n9t67mqdv42yv75ncfn9zl",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.apache.org/thread/zslblrz1l0n9t67mqdv42yv75ncfn9zl"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "L0ne1y"
|
||||
}
|
||||
]
|
||||
}
|
@ -1,18 +1,102 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-41012",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cve@kernel.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilelock: Remove locks reliably when fcntl/close race is detected\n\nWhen fcntl_setlk() races with close(), it removes the created lock with\ndo_lock_file_wait().\nHowever, LSMs can allow the first do_lock_file_wait() that created the lock\nwhile denying the second do_lock_file_wait() that tries to remove the lock.\nSeparately, posix_lock_file() could also fail to\nremove a lock due to GFP_KERNEL allocation failure (when splitting a range\nin the middle).\n\nAfter the bug has been triggered, use-after-free reads will occur in\nlock_get_status() when userspace reads /proc/locks. This can likely be used\nto read arbitrary kernel memory, but can't corrupt kernel memory.\n\nFix it by calling locks_remove_posix() instead, which is designed to\nreliably get rid of POSIX locks associated with the given file and\nfiles_struct and is also used by filp_flush()."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Linux",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Linux",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "c293621bbf67",
|
||||
"version_value": "b6d223942c34"
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"version": "2.6.13",
|
||||
"status": "affected"
|
||||
},
|
||||
{
|
||||
"version": "0",
|
||||
"lessThan": "2.6.13",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "6.9.9",
|
||||
"lessThanOrEqual": "6.9.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "6.10",
|
||||
"lessThanOrEqual": "*",
|
||||
"status": "unaffected",
|
||||
"versionType": "original_commit_for_fix"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/b6d223942c34057fdfd8f149e763fa823731b224",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/b6d223942c34057fdfd8f149e763fa823731b224"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/3cad1bc010416c6dd780643476bc59ed742436b9",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/3cad1bc010416c6dd780643476bc59ed742436b9"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-c9c4e1df01b2"
|
||||
}
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user