admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-06-27 14:00:33 +00:00
parent 629e4201a2
commit d5b9f7ea27
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
43 changed files with 1631 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2022/48xxx/CVE-2022-48655.json
View File

@ -126,6 +126,11 @@
"url": "https://git.kernel.org/stable/c/e9076ffbcaed5da6c182b144ef9f6e24554af268",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e9076ffbcaed5da6c182b144ef9f6e24554af268"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},

5
2023/52xxx/CVE-2023-52585.json
View File

@ -138,6 +138,11 @@
"url": "https://git.kernel.org/stable/c/b8d55a90fd55b767c25687747e2b24abd1ef8680",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b8d55a90fd55b767c25687747e2b24abd1ef8680"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},

5
2023/52xxx/CVE-2023-52882.json
View File

@ -148,6 +148,11 @@
"url": "https://git.kernel.org/stable/c/7e91ed763dc07437777bd012af7a2bd4493731ff",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7e91ed763dc07437777bd012af7a2bd4493731ff"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},

93
2024/1xxx/CVE-2024-1107.json
View File

@ -1,17 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1107",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@usom.gov.tr",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key",
"cweId": "CWE-639"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Talya Informatics",
"product": {
"product_data": [
{
"product_name": "Travel APPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "v17.0.68"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-0809",
"refsource": "MISC",
"name": "https://www.usom.gov.tr/bildirim/tr-24-0809"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "TR-24-0809",
"defect": [
"TR-24-0809"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Mevra DEM\u0130RALAY"
},
{
"lang": "en",
"value": "Yusuf Kamil \u00c7AVU\u015eO\u011eLU"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

89
2024/1xxx/CVE-2024-1153.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1153",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@usom.gov.tr",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Access Control vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Talya Informatics",
"product": {
"product_data": [
{
"product_name": "Travel APPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "v17.0.68"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-0809",
"refsource": "MISC",
"name": "https://www.usom.gov.tr/bildirim/tr-24-0809"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "TR-24-0809",
"defect": [
"TR-24-0809"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Yusuf Kamil \u00c7AVU\u015eO\u011eLU"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

5
2024/26xxx/CVE-2024-26900.json
View File

@ -148,6 +148,11 @@
"url": "https://git.kernel.org/stable/c/6cf350658736681b9d6b0b6e58c5c76b235bb4c4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6cf350658736681b9d6b0b6e58c5c76b235bb4c4"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},

5
2024/27xxx/CVE-2024-27398.json
View File

@ -189,6 +189,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},

5
2024/27xxx/CVE-2024-27399.json
View File

@ -174,6 +174,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},

5
2024/27xxx/CVE-2024-27401.json
View File

@ -164,6 +164,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},

36
2024/35xxx/CVE-2024-35628.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.24."
"value": "Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.25."
}
]
},
@ -40,9 +40,24 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.8.24"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "1.8.26",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.8.25",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -68,6 +83,19 @@
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;1.8.26 or a higher version."
}
],
"value": "Update to\u00a01.8.26 or a higher version."
}
],
"credits": [
{
"lang": "en",

5
2024/35xxx/CVE-2024-35848.json
View File

@ -137,6 +137,11 @@
"url": "https://git.kernel.org/stable/c/f42c97027fb75776e2e9358d16bf4a99aeb04cf2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f42c97027fb75776e2e9358d16bf4a99aeb04cf2"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},

5
2024/35xxx/CVE-2024-35947.json
View File

@ -159,6 +159,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},

5
2024/36xxx/CVE-2024-36017.json
View File

@ -164,6 +164,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},

5
2024/36xxx/CVE-2024-36031.json
View File

@ -168,6 +168,11 @@
"url": "https://git.kernel.org/stable/c/9da27fb65a14c18efd4473e2e82b76b53ba60252",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9da27fb65a14c18efd4473e2e82b76b53ba60252"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},

5
2024/36xxx/CVE-2024-36886.json
View File

@ -164,6 +164,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},

141
2024/36xxx/CVE-2024-36889.json
View File

@ -1,18 +1,151 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36889",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: ensure snd_nxt is properly initialized on connect\n\nChristoph reported a splat hinting at a corrupted snd_una:\n\n WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 __mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005\n Modules linked in:\n CPU: 1 PID: 38 Comm: kworker/1:1 Not tainted 6.9.0-rc1-gbbeac67456c9 #59\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014\n Workqueue: events mptcp_worker\n RIP: 0010:__mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005\n Code: be 06 01 00 00 bf 06 01 00 00 e8 a8 12 e7 fe e9 00 fe ff ff e8\n \t8e 1a e7 fe 0f b7 ab 3e 02 00 00 e9 d3 fd ff ff e8 7d 1a e7 fe\n \t<0f> 0b 4c 8b bb e0 05 00 00 e9 74 fc ff ff e8 6a 1a e7 fe 0f 0b e9\n RSP: 0018:ffffc9000013fd48 EFLAGS: 00010293\n RAX: 0000000000000000 RBX: ffff8881029bd280 RCX: ffffffff82382fe4\n RDX: ffff8881003cbd00 RSI: ffffffff823833c3 RDI: 0000000000000001\n RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n R10: 0000000000000000 R11: fefefefefefefeff R12: ffff888138ba8000\n R13: 0000000000000106 R14: ffff8881029bd908 R15: ffff888126560000\n FS: 0000000000000000(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f604a5dae38 CR3: 0000000101dac002 CR4: 0000000000170ef0\n Call Trace:\n <TASK>\n __mptcp_clean_una_wakeup net/mptcp/protocol.c:1055 [inline]\n mptcp_clean_una_wakeup net/mptcp/protocol.c:1062 [inline]\n __mptcp_retrans+0x7f/0x7e0 net/mptcp/protocol.c:2615\n mptcp_worker+0x434/0x740 net/mptcp/protocol.c:2767\n process_one_work+0x1e0/0x560 kernel/workqueue.c:3254\n process_scheduled_works kernel/workqueue.c:3335 [inline]\n worker_thread+0x3c7/0x640 kernel/workqueue.c:3416\n kthread+0x121/0x170 kernel/kthread.c:388\n ret_from_fork+0x44/0x50 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243\n </TASK>\n\nWhen fallback to TCP happens early on a client socket, snd_nxt\nis not yet initialized and any incoming ack will copy such value\ninto snd_una. If the mptcp worker (dumbly) tries mptcp-level\nre-injection after such ack, that would unconditionally trigger a send\nbuffer cleanup using 'bad' snd_una values.\n\nWe could easily disable re-injection for fallback sockets, but such\ndumb behavior already helped catching a few subtle issues and a very\nlow to zero impact in practice.\n\nInstead address the issue always initializing snd_nxt (and write_seq,\nfor consistency) at connect time."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8fd738049ac3",
"version_value": "99951b62bf20"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.9",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.9",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.218",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/99951b62bf20cec9247f633a3bea898338b9e5b4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/99951b62bf20cec9247f633a3bea898338b9e5b4"
},
{
"url": "https://git.kernel.org/stable/c/dc941fec0719d0471a5902424d6b2a17df233193",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/dc941fec0719d0471a5902424d6b2a17df233193"
},
{
"url": "https://git.kernel.org/stable/c/39ca83ed73db9edcc6d70c0dc7a73085a4725012",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/39ca83ed73db9edcc6d70c0dc7a73085a4725012"
},
{
"url": "https://git.kernel.org/stable/c/aa0c07c1f20e05b30019bff083ec43665536f06f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/aa0c07c1f20e05b30019bff083ec43665536f06f"
},
{
"url": "https://git.kernel.org/stable/c/592f69b41766d366dbb8ff4ef5a67c4396527bbe",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/592f69b41766d366dbb8ff4ef5a67c4396527bbe"
},
{
"url": "https://git.kernel.org/stable/c/fb7a0d334894206ae35f023a82cad5a290fd7386",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fb7a0d334894206ae35f023a82cad5a290fd7386"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

5
2024/36xxx/CVE-2024-36902.json
View File

@ -164,6 +164,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},

5
2024/36xxx/CVE-2024-36905.json
View File

@ -164,6 +164,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},

131
2024/36xxx/CVE-2024-36916.json
View File

@ -1,18 +1,141 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36916",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iocost: avoid out of bounds shift\n\nUBSAN catches undefined behavior in blk-iocost, where sometimes\niocg->delay is shifted right by a number that is too large,\nresulting in undefined behavior on some architectures.\n\n[ 186.556576] ------------[ cut here ]------------\nUBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23\nshift exponent 64 is too large for 64-bit type 'u64' (aka 'unsigned long long')\nCPU: 16 PID: 0 Comm: swapper/16 Tainted: G S E N 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1\nHardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A23 12/08/2020\nCall Trace:\n <IRQ>\n dump_stack_lvl+0x8f/0xe0\n __ubsan_handle_shift_out_of_bounds+0x22c/0x280\n iocg_kick_delay+0x30b/0x310\n ioc_timer_fn+0x2fb/0x1f80\n __run_timer_base+0x1b6/0x250\n...\n\nAvoid that undefined behavior by simply taking the\n\"delay = 0\" branch if the shift is too large.\n\nI am not sure what the symptoms of an undefined value\ndelay will be, but I suspect it could be more than a\nlittle annoying to debug."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "62accf6c1d7b"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.10.217",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/62accf6c1d7b433752cb3591bba8967b7a801ad5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/62accf6c1d7b433752cb3591bba8967b7a801ad5"
},
{
"url": "https://git.kernel.org/stable/c/844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1"
},
{
"url": "https://git.kernel.org/stable/c/f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca"
},
{
"url": "https://git.kernel.org/stable/c/ce0e99cae00e3131872936713b7f55eefd53ab86",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ce0e99cae00e3131872936713b7f55eefd53ab86"
},
{
"url": "https://git.kernel.org/stable/c/488dc6808cb8369685f18cee81e88e7052ac153b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/488dc6808cb8369685f18cee81e88e7052ac153b"
},
{
"url": "https://git.kernel.org/stable/c/beaa51b36012fad5a4d3c18b88a617aea7a9b96d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/beaa51b36012fad5a4d3c18b88a617aea7a9b96d"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

5
2024/36xxx/CVE-2024-36919.json
View File

@ -154,6 +154,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},

141
2024/36xxx/CVE-2024-36929.json
View File

@ -1,18 +1,151 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36929",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: core: reject skb_copy(_expand) for fraglist GSO skbs\n\nSKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become\ninvalid. Return NULL if such an skb is passed to skb_copy or\nskb_copy_expand, in order to prevent a crash on a potential later\ncall to skb_gso_segment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3a1296a38d0c",
"version_value": "faa83a7797f0"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.6",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.6",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.217",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/faa83a7797f06cefed86731ba4baa3b4dfdc06c1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/faa83a7797f06cefed86731ba4baa3b4dfdc06c1"
},
{
"url": "https://git.kernel.org/stable/c/c7af99cc21923a9650533c9d77265c8dd683a533",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c7af99cc21923a9650533c9d77265c8dd683a533"
},
{
"url": "https://git.kernel.org/stable/c/989bf6fd1e1d058e73a364dce1a0c53d33373f62",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/989bf6fd1e1d058e73a364dce1a0c53d33373f62"
},
{
"url": "https://git.kernel.org/stable/c/cfe34d86ef9765c388f145039006bb79b6c81ac6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cfe34d86ef9765c388f145039006bb79b6c81ac6"
},
{
"url": "https://git.kernel.org/stable/c/aea5e2669c2863fdd8679c40ee310b3bcaa85aec",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/aea5e2669c2863fdd8679c40ee310b3bcaa85aec"
},
{
"url": "https://git.kernel.org/stable/c/d091e579b864fa790dd6a0cd537a22c383126681",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d091e579b864fa790dd6a0cd537a22c383126681"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

5
2024/36xxx/CVE-2024-36933.json
View File

@ -164,6 +164,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},

152
2024/36xxx/CVE-2024-36939.json
View File

@ -1,18 +1,162 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36939",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Handle error of rpc_proc_register() in nfs_net_init().\n\nsyzkaller reported a warning [0] triggered while destroying immature\nnetns.\n\nrpc_proc_register() was called in init_nfs_fs(), but its error\nhas been ignored since at least the initial commit 1da177e4c3f4\n(\"Linux-2.6.12-rc2\").\n\nRecently, commit d47151b79e32 (\"nfs: expose /proc/net/sunrpc/nfs\nin net namespaces\") converted the procfs to per-netns and made\nthe problem more visible.\n\nEven when rpc_proc_register() fails, nfs_net_init() could succeed,\nand thus nfs_net_exit() will be called while destroying the netns.\n\nThen, remove_proc_entry() will be called for non-existing proc\ndirectory and trigger the warning below.\n\nLet's handle the error of rpc_proc_register() properly in nfs_net_init().\n\n[0]:\nname 'nfs'\nWARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nModules linked in:\nCPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nCode: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff <0f> 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb\nRSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c\nRDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc\nR13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8\nFS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <TASK>\n rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310\n nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438\n ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170\n setup_net+0x46c/0x660 net/core/net_namespace.c:372\n copy_net_ns+0x244/0x590 net/core/net_namespace.c:505\n create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228\n ksys_unshare+0x342/0x760 kernel/fork.c:3322\n __do_sys_unshare kernel/fork.c:3393 [inline]\n __se_sys_unshare kernel/fork.c:3391 [inline]\n __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\nRIP: 0033:0x7f30d0febe5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110\nRAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600\nRBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002\nR13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000\n </TASK>"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "b33ca18c3a11"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.12",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.276",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.217",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/b33ca18c3a1190208dfd569c4fa8a2f93084709f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b33ca18c3a1190208dfd569c4fa8a2f93084709f"
},
{
"url": "https://git.kernel.org/stable/c/d4891d817350c67392d4731536945f3809a2a0ba",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d4891d817350c67392d4731536945f3809a2a0ba"
},
{
"url": "https://git.kernel.org/stable/c/ea6ce93327bd2c8a0c6cf6f2f0e800f3b778f021",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ea6ce93327bd2c8a0c6cf6f2f0e800f3b778f021"
},
{
"url": "https://git.kernel.org/stable/c/8ae63bd858691bee0e2a92571f2fbb36a4d86d65",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8ae63bd858691bee0e2a92571f2fbb36a4d86d65"
},
{
"url": "https://git.kernel.org/stable/c/8a1f89c98dcc542dd6d287e573523714702e0f9c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8a1f89c98dcc542dd6d287e573523714702e0f9c"
},
{
"url": "https://git.kernel.org/stable/c/9909dde2e53a19585212c32fe3eda482b5faaaa3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9909dde2e53a19585212c32fe3eda482b5faaaa3"
},
{
"url": "https://git.kernel.org/stable/c/24457f1be29f1e7042e50a7749f5c2dde8c433c8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/24457f1be29f1e7042e50a7749f5c2dde8c433c8"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

5
2024/36xxx/CVE-2024-36940.json
View File

@ -164,6 +164,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},

5
2024/36xxx/CVE-2024-36941.json
View File

@ -164,6 +164,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},

5
2024/36xxx/CVE-2024-36946.json
View File

@ -164,6 +164,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},

5
2024/36xxx/CVE-2024-36950.json
View File

@ -154,6 +154,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},

141
2024/36xxx/CVE-2024-36953.json
View File

@ -1,18 +1,151 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36953",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()\n\nvgic_v2_parse_attr() is responsible for finding the vCPU that matches\nthe user-provided CPUID, which (of course) may not be valid. If the ID\nis invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handled\ngracefully.\n\nSimilar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id()\nactually returns something and fail the ioctl if not."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7d450e282171",
"version_value": "4404465a1bee"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.7",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.7",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.217",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/4404465a1bee3607ad90a4c5f9e16dfd75b85728",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4404465a1bee3607ad90a4c5f9e16dfd75b85728"
},
{
"url": "https://git.kernel.org/stable/c/17db92da8be5dd3bf63c01f4109fe47db64fc66f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/17db92da8be5dd3bf63c01f4109fe47db64fc66f"
},
{
"url": "https://git.kernel.org/stable/c/3a5b0378ac6776c7c31b18e0f3c1389bd6005e80",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3a5b0378ac6776c7c31b18e0f3c1389bd6005e80"
},
{
"url": "https://git.kernel.org/stable/c/8d6a1c8e3de36cb0f5e866f1a582b00939e23104",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8d6a1c8e3de36cb0f5e866f1a582b00939e23104"
},
{
"url": "https://git.kernel.org/stable/c/01981276d64e542c177b243f7c979fee855d5487",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/01981276d64e542c177b243f7c979fee855d5487"
},
{
"url": "https://git.kernel.org/stable/c/6ddb4f372fc63210034b903d96ebbeb3c7195adb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6ddb4f372fc63210034b903d96ebbeb3c7195adb"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

5
2024/36xxx/CVE-2024-36954.json
View File

@ -179,6 +179,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},

5
2024/36xxx/CVE-2024-36957.json
View File

@ -142,6 +142,11 @@
"url": "https://git.kernel.org/stable/c/f299ee709fb45036454ca11e90cb2810fe771878",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f299ee709fb45036454ca11e90cb2810fe771878"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},

5
2024/36xxx/CVE-2024-36959.json
View File

@ -184,6 +184,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},

5
2024/36xxx/CVE-2024-36960.json
View File

@ -164,6 +164,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
]
},

8
2024/38xxx/CVE-2024-38564.json
View File

@ -40,7 +40,7 @@
"version_data": [
{
"version_affected": "<",
"version_name": "af6eea57437a",
"version_name": "4a1e7c0c63e0",
"version_value": "6675c541f540"
},
{
@ -48,12 +48,12 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.7",
"version": "5.10",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.7",
"lessThan": "5.10",
"status": "unaffected",
"versionType": "custom"
},
@ -119,6 +119,6 @@
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
"engine": "bippy-7d53e8ef8be4"
}
}

56
2024/39xxx/CVE-2024-39153.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39153",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-39153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/info_deal.php?mudi=del&dataType=news&dataTypeCN."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Thirtypenny77/cms2/blob/main/50/csrf.md",
"refsource": "MISC",
"name": "https://github.com/Thirtypenny77/cms2/blob/main/50/csrf.md"
}
]
}

56
2024/39xxx/CVE-2024-39154.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39154",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-39154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=del&dataType=word&dataTypeCN."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Thirtypenny77/cms2/blob/main/54/csrf.md",
"refsource": "MISC",
"name": "https://github.com/Thirtypenny77/cms2/blob/main/54/csrf.md"
}
]
}

56
2024/39xxx/CVE-2024-39155.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39155",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-39155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=add."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Thirtypenny77/cms2/blob/main/56/csrf.md",
"refsource": "MISC",
"name": "https://github.com/Thirtypenny77/cms2/blob/main/56/csrf.md"
}
]
}

56
2024/39xxx/CVE-2024-39156.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39156",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-39156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Thirtypenny77/cms2/blob/main/55/csrf.md",
"refsource": "MISC",
"name": "https://github.com/Thirtypenny77/cms2/blob/main/55/csrf.md"
}
]
}

56
2024/39xxx/CVE-2024-39157.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39157",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-39157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Thirtypenny77/cms2/blob/main/57/csrf.md",
"refsource": "MISC",
"name": "https://github.com/Thirtypenny77/cms2/blob/main/57/csrf.md"
}
]
}

56
2024/39xxx/CVE-2024-39158.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39158",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-39158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/userSys_deal.php?mudi=infoSet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Thirtypenny77/cms2/blob/main/58/csrf.md",
"refsource": "MISC",
"name": "https://github.com/Thirtypenny77/cms2/blob/main/58/csrf.md"
}
]
}

100
2024/6xxx/CVE-2024-6372.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6372",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. This affects an unknown part of the file customeradd.php. The manipulation of the argument fullname/address/phonenumber/sex/email/city/comment leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269805 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in itsourcecode Tailoring Management System 1.0 gefunden. Es betrifft eine unbekannte Funktion der Datei customeradd.php. Durch Manipulieren des Arguments fullname/address/phonenumber/sex/email/city/comment mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "itsourcecode",
"product": {
"product_data": [
{
"product_name": "Tailoring Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.269805",
"refsource": "MISC",
"name": "https://vuldb.com/?id.269805"
},
{
"url": "https://vuldb.com/?ctiid.269805",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.269805"
},
{
"url": "https://vuldb.com/?submit.364752",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.364752"
},
{
"url": "https://github.com/Galaxy-lrc/cve/issues/1",
"refsource": "MISC",
"name": "https://github.com/Galaxy-lrc/cve/issues/1"
}
]
},
"credits": [
{
"lang": "en",
"value": "galaxy (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

100
2024/6xxx/CVE-2024-6373.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6373",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in itsourcecode Online Food Ordering System up to 1.0 and classified as critical. This vulnerability affects unknown code of the file /addproduct.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-269806 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In itsourcecode Online Food Ordering System bis 1.0 wurde eine kritische Schwachstelle gefunden. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /addproduct.php. Durch das Beeinflussen des Arguments photo mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "itsourcecode",
"product": {
"product_data": [
{
"product_name": "Online Food Ordering System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.269806",
"refsource": "MISC",
"name": "https://vuldb.com/?id.269806"
},
{
"url": "https://vuldb.com/?ctiid.269806",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.269806"
},
{
"url": "https://vuldb.com/?submit.364646",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.364646"
},
{
"url": "https://github.com/Abyssun/abyssun-/issues/1",
"refsource": "MISC",
"name": "https://github.com/Abyssun/abyssun-/issues/1"
}
]
},
"credits": [
{
"lang": "en",
"value": "abyssun (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

109
2024/6xxx/CVE-2024-6374.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6374",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as problematic. This issue affects some unknown processing of the file /subject.php of the component Subject Page. The manipulation of the argument Subject Title/Sybillus Details leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269807."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in lahirudanushka School Management System 1.0.0/1.0.1 gefunden. Dies betrifft einen unbekannten Teil der Datei /subject.php der Komponente Subject Page. Durch Beeinflussen des Arguments Subject Title/Sybillus Details mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "lahirudanushka",
"product": {
"product_data": [
{
"product_name": "School Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0.0"
},
{
"version_affected": "=",
"version_value": "1.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.269807",
"refsource": "MISC",
"name": "https://vuldb.com/?id.269807"
},
{
"url": "https://vuldb.com/?ctiid.269807",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.269807"
},
{
"url": "https://vuldb.com/?submit.364874",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.364874"
},
{
"url": "https://secretive-agate-23c.notion.site/School-Management-System-PHP-MySQL-stored-1-0-1-XSS-50088f0ed9e94efda9c57772ce192980",
"refsource": "MISC",
"name": "https://secretive-agate-23c.notion.site/School-Management-System-PHP-MySQL-stored-1-0-1-XSS-50088f0ed9e94efda9c57772ce192980"
},
{
"url": "https://secretive-agate-23c.notion.site/School-Management-System-PHP-MySQL-stored-1-0-1-Stored-XSS-41c9f85f307441c5885fb0df3d3fcc08",
"refsource": "MISC",
"name": "https://secretive-agate-23c.notion.site/School-Management-System-PHP-MySQL-stored-1-0-1-Stored-XSS-41c9f85f307441c5885fb0df3d3fcc08"
}
]
},
"credits": [
{
"lang": "en",
"value": "Taher Aboud (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

18
2024/6xxx/CVE-2024-6387.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6387",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}