diff --git a/CVE-2021/CVE-2021-473xx/CVE-2021-47339.json b/CVE-2021/CVE-2021-473xx/CVE-2021-47339.json index 495372ae1d1..1665d754c15 100644 --- a/CVE-2021/CVE-2021-473xx/CVE-2021-47339.json +++ b/CVE-2021/CVE-2021-473xx/CVE-2021-47339.json @@ -2,8 +2,8 @@ "id": "CVE-2021-47339", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-21T15:15:20.693", - "lastModified": "2024-11-21T06:35:55.093", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-03-06T12:53:53.273", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,109 @@ "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medios: v4l2-core: borrar expl\u00edcitamente los datos de entrada de ioctl. Como se ve en un informe de error reciente de syzbot, los errores en la implementaci\u00f3n de compat ioctl pueden llevar a que los datos de la pila del kernel no inicializados se utilicen como entrada para controladores de ioctl del conductor. El error informado ya est\u00e1 solucionado, pero es posible que otros errores relacionados sigan presentes o se agreguen en el futuro. Como los controladores ya necesitan verificar la entrada del usuario, el posible impacto es bastante bajo, pero a\u00fan as\u00ed podr\u00eda causar una fuga de informaci\u00f3n. Para estar seguro, borre siempre todo el b\u00fafer ioctl antes de llamar a las funciones del controlador de conversi\u00f3n destinadas a inicializarlos." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-908" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.12.18", + "matchCriteriaId": "921ECC8D-5569-4A2C-ABD6-C7747BC6A7CF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.13", + "versionEndExcluding": "5.13.3", + "matchCriteriaId": "853187F6-707A-487B-95C0-621B5211B43C" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/7b53cca764f9b291b7907fcd39d9e66ad728ee0b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bfb48b54db25c3b4ef4bef5e0691464ebc4aa335", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/dc02c0b2bd6096f2f3ce63e1fc317aeda05f74d8", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7b53cca764f9b291b7907fcd39d9e66ad728ee0b", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bfb48b54db25c3b4ef4bef5e0691464ebc4aa335", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/dc02c0b2bd6096f2f3ce63e1fc317aeda05f74d8", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-473xx/CVE-2021-47346.json b/CVE-2021/CVE-2021-473xx/CVE-2021-47346.json index ac240ed3f53..a5de1adf58d 100644 --- a/CVE-2021/CVE-2021-473xx/CVE-2021-47346.json +++ b/CVE-2021/CVE-2021-473xx/CVE-2021-47346.json @@ -2,8 +2,8 @@ "id": "CVE-2021-47346", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-21T15:15:21.217", - "lastModified": "2024-11-21T06:35:56.020", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-03-06T12:53:53.273", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,55 +15,173 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: coresight: tmc-etf: Correcci\u00f3n global fuera de los l\u00edmites en tmc_update_etf_buffer() confirmaci\u00f3n 6f755e85c332 (\"coresight: Agregar ayuda para insertar paquetes de sincronizaci\u00f3n\") eliminado el final '\\0' desde la matriz barrier_pkt y actualic\u00e9 los sitios de llamadas como etb_update_buffer() para realizar comprobaciones adecuadas del tama\u00f1o de la barrera_pkt antes de leer, pero no se actualiz\u00f3 tmc_update_etf_buffer(), que todav\u00eda lee barrier_pkt m\u00e1s all\u00e1 del tama\u00f1o de la matriz, lo que genera un error de KASAN fuera de los l\u00edmites. Solucione este problema agregando una verificaci\u00f3n del tama\u00f1o de barrier_pkt antes de acceder, como se hace en etb_update_buffer(). bug: KASAN: global fuera de los l\u00edmites en tmc_update_etf_buffer+0x4b8/0x698 Lectura de tama\u00f1o 4 en la direcci\u00f3n ffffffd05b7d1030 por tarea perf/2629 Rastreo de llamadas: dump_backtrace+0x0/0x27c show_stack+0x20/0x2c dump_stack+0x11c/0x188 descripci\u00f3n+0x3c /0x4a4 __kasan_report+0x140/0x164 kasan_report+0x10/0x18 __asan_report_load4_noabort+0x1c/0x24 tmc_update_etf_buffer+0x4b8/0x698 etm_event_stop+0x248/0x2d8 etm_event_del+0x20/0x2c event_sched_out+0x214/0x6f0 group_sched_out+0xd0/0x270 ctx_sched_out+0x2ec/0x518 __perf_event_task_sched_out+0x4fc /0xe6c __schedule+0x1094/0x16a0 preempt_schedule_irq+0x88/0x170 arm64_preempt_schedule_irq+0xf0/0x18c el1_irq+0xe8/0x180 perf_event_exec+0x4d8/0x56c setup_new_exec+0x204/0x4 00 load_elf_binary+0x72c/0x18c0 search_binary_handler+0x13c/0x420 load_script+0x500/0x6c4 search_binary_handler+0x13c /0x420 exec_binprm+0x118/0x654 __do_execve_file+0x77c/0xba4 __arm64_compat_sys_execve+0x98/0xac el0_svc_common+0x1f8/0x5e0 el0_svc_compat_handler+0x84/0xb0 x10/0x50 La direcci\u00f3n del buggy pertenece a la variable: barrier_pkt+0x10/0x40 Estado de la memoria alrededor del buggy direcci\u00f3n: ffffffd05b7d0f00: fa fa fa fa 04 fa fa fa fa fa fa fa 00 00 00 00 ffffffd05b7d0f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffffd05b7d1000: 0 00 00 00 00 00 fa fa fa fa fa fa 00 00 00 03 ^ ffffffd05b7d1080: fa fa fa fa 00 02 fa fa fa fa fa fa 03 fa fa fa ffffffd05b7d1100: fa fa fa fa 00 00 00 00 05 fa fa fa fa fa fa fa ====== ==================================================== ==========" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.14", + "versionEndExcluding": "4.19.198", + "matchCriteriaId": "FF4CC424-32DE-434F-BAFA-9BC2F78E35C1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.133", + "matchCriteriaId": "65A8F1FF-5639-455A-8BF4-9FF529240505" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.51", + "matchCriteriaId": "93289127-DFB3-4515-89DD-50521FF8B7FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.12.18", + "matchCriteriaId": "79D13C82-E06F-4A70-A3D1-C09494FBC94D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.13", + "versionEndExcluding": "5.13.3", + "matchCriteriaId": "853187F6-707A-487B-95C0-621B5211B43C" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/0115687be7b13993066aef602253a53d55f5b11f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/04bd77ef4f4d9fc6102023b85f4590fc2130aac5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/35c1c4bd2d59ad734129d4e232af9d1098023918", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5fae8a946ac2df879caf3f79a193d4766d00239b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/733d4d95c0101d5f277b8e4910411d016e49a9dc", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ef0a06acc6b16388640ad367eedfa2a17f1945db", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0115687be7b13993066aef602253a53d55f5b11f", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/04bd77ef4f4d9fc6102023b85f4590fc2130aac5", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/35c1c4bd2d59ad734129d4e232af9d1098023918", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5fae8a946ac2df879caf3f79a193d4766d00239b", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/733d4d95c0101d5f277b8e4910411d016e49a9dc", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ef0a06acc6b16388640ad367eedfa2a17f1945db", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-488xx/CVE-2022-48805.json b/CVE-2022/CVE-2022-488xx/CVE-2022-48805.json index 9dc4c646b47..5cd82f1e0c6 100644 --- a/CVE-2022/CVE-2022-488xx/CVE-2022-48805.json +++ b/CVE-2022/CVE-2022-488xx/CVE-2022-48805.json @@ -2,8 +2,8 @@ "id": "CVE-2022-48805", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-16T12:15:04.907", - "lastModified": "2024-11-21T07:34:07.360", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-03-06T12:53:17.520", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,71 +15,230 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: usb: ax88179_178a: Reparar accesos fuera de los l\u00edmites en RX fixup ax88179_rx_fixup() contiene varios accesos fuera de los l\u00edmites que pueden ser activados por un archivo malicioso (o defectuoso). Dispositivo USB, en particular: - La matriz de metadatos (hdr_off..hdr_off+2*pkt_cnt) puede estar fuera de los l\u00edmites, provocando lecturas OOB y (en sistemas big-endian) cambios de endianidad OOB. - Un paquete puede superponerse a la matriz de metadatos, lo que provoca un cambio de endianidad OOB posterior que corrompe los datos utilizados por un SKB clonado que ya se ha transferido a la pila de red. - Se puede construir un paquete SKB cuya cola est\u00e9 mucho m\u00e1s all\u00e1 de su extremo, lo que hace que los datos del mont\u00f3n fuera de los l\u00edmites se consideren parte de los datos del SKB. He probado que esto puede ser utilizado por un dispositivo USB malicioso para enviar una solicitud de eco ICMPv6 falsa y recibir una respuesta de eco ICMPv6 en respuesta que contiene datos aleatorios del mont\u00f3n del kernel. Probablemente tambi\u00e9n sea posible obtener escrituras OOB a partir de esto en un sistema little-endian de alguna manera, tal vez activando skb_cow() a trav\u00e9s del procesamiento de opciones de IP, pero no lo he probado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.9", + "versionEndExcluding": "4.9.303", + "matchCriteriaId": "F3207BE2-BF9E-4D22-9A44-F32AC7AE535F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.10", + "versionEndExcluding": "4.14.268", + "matchCriteriaId": "58023BD3-9FC0-4CC9-8E7D-6C88E37089DF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", + "versionEndExcluding": "4.19.231", + "matchCriteriaId": "AC95C65F-81A3-45CE-9AEB-8890D21A3303" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.180", + "matchCriteriaId": "6808B38F-AD73-4D55-A158-6EF605E8EB66" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.101", + "matchCriteriaId": "A154171E-A3B9-42BE-9E97-C9B0EA43FC54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.24", + "matchCriteriaId": "866451F0-299E-416C-B0B8-AE6B33E62CCA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "5.16.10", + "matchCriteriaId": "679523BA-1392-404B-AB85-F5A5408B1ECC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*", + "matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*", + "matchCriteriaId": "C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/1668781ed24da43498799aa4f65714a7de201930", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/63f0cfb36c1f1964a59ce544156677601e2d8740", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/711b6bf3fb052f0a6b5b3205d50e30c0c2980382", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/758290defe93a865a2880d10c5d5abd288b64b5d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9681823f96a811268265f35307072ad80713c274", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a0fd5492ee769029a636f1fb521716b022b1423d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ffd0393adcdcefab7e131488e10dcfde5e02d6eb", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1668781ed24da43498799aa4f65714a7de201930", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/63f0cfb36c1f1964a59ce544156677601e2d8740", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/711b6bf3fb052f0a6b5b3205d50e30c0c2980382", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/758290defe93a865a2880d10c5d5abd288b64b5d", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9681823f96a811268265f35307072ad80713c274", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a0fd5492ee769029a636f1fb521716b022b1423d", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ffd0393adcdcefab7e131488e10dcfde5e02d6eb", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-527xx/CVE-2023-52745.json b/CVE-2023/CVE-2023-527xx/CVE-2023-52745.json index 97d920eaa32..b484bab4e5d 100644 --- a/CVE-2023/CVE-2023-527xx/CVE-2023-52745.json +++ b/CVE-2023/CVE-2023-527xx/CVE-2023-52745.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52745", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-21T16:15:14.303", - "lastModified": "2024-11-21T08:40:29.767", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-03-06T12:53:53.273", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,47 +15,180 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: IB/IPoIB: corrige el IPoIB heredado debido a un n\u00famero incorrecto de colas. La confirmaci\u00f3n citada crea interfaces PKEY secundarias a trav\u00e9s de netlink y tendr\u00e1 m\u00faltiples colas de transmisi\u00f3n y recepci\u00f3n, pero algunos dispositivos no admiten m\u00e1s de Colas 1 tx y 1 rx. Esto provoca un bloqueo cuando el tr\u00e1fico se env\u00eda a trav\u00e9s de la interfaz PKEY debido a que el padre tiene una sola cola pero el hijo tiene varias colas. Este parche fija el n\u00famero de colas en 1 para IPoIB heredado lo antes posible. ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 000000000000036b PGD 0 P4D 0 Ups: 0000 [#1] SMP CPU: 4 PID: 209665 Comm: python3 Not tainted 6.1.0_for_upstream_min_debug_2022_12_12_17_02 #1 Nombre de hardware: PC est\u00e1ndar (Q35 + ICH9, 2009 ), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 01/04/2014 RIP: 0010:kmem_cache_alloc+0xcb/0x450 C\u00f3digo: ce 7e 49 8b 50 08 49 83 78 10 00 4d 8b 28 0f 84 cb 02 00 00 4d 85 ed 0f 84 c2 02 00 00 41 8b 44 24 28 48 8d 4a 01 49 8b 3c 24 <49> 8b 5c 05 00 4c 89 e8 65 48 0f c7 0f 0f 94 c0 4 c0 74 b8 41 8b RSP: 0018:ffff88822acbbab8 EFLAGS: 00010202 RAX: 0000000000000070 RBX: ffff8881c28e3e00 RCX: 00000000064f8dae RDX: 00000000064f8dad RSI: 00000a20 RDI: 0000000000030d00 RBP: 0000000000000a20 R08: ffff8882f5d30d00 R09: ffff888104032f40 R10: ffff88810fade828 R11: 736f6d6570736575 R12: ffff88810081c000 R13: 00000000000002fb R14: ffffffff817fc865 R15: 0000000000000000 FS: 00007f9324ff9700(0000) GS:ffff8882f5d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0050033 CR2: 000000000000036b CR3: 00000001125af004 CR4: 0000000000370ea0 DR0: 00000000000000000 DR1: 00000000000000000 DR2: 0000000000000000 0DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas: skb_clone+0x55/0xd0 ip6_finish_output2+0x3fe/0x690 ip6_finish_output+0xfa/0x310 _skb+0x1e/0x60 udp_v6_send_skb+0x1e5/0x420 udpv6_sendmsg+0xb3c/0xe60 ? ip_mc_finish_output+0x180/0x180? __switch_to_asm+0x3a/0x60? __switch_to_asm+0x34/0x60 sock_sendmsg+0x33/0x40 __sys_sendto+0x103/0x160 ? _copy_to_user+0x21/0x30 ? kvm_clock_get_cycles+0xd/0x10? ktime_get_ts64+0x49/0xe0 __x64_sys_sendto+0x25/0x30 do_syscall_64+0x3d/0x90 Entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7f9374f1ed14 C\u00f3digo: 42 41 f8 ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 68 41 f8 ff 48 8b RSP 002 b:00007f9324ff7bd0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f9324ff7cc8 RCX: 00007f9374f1ed14 RDX: 00000000000002fb RSI: 00007f93000052f0 RDI: 0000000000000030 RBP: 0000000000000000 R08: 00007f9324ff7d40 R09: 000000000000001c R10: 0000000000000000 R11: 00000000000000293 R 12: 0000000000000000 R13: 000000012a05f200 R14: 0000000000000001 R15: 00007f9374d57bdc < /TAREA>" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.9.337", + "versionEndExcluding": "4.10", + "matchCriteriaId": "0C8C5100-ECF6-4F64-9489-EFC7923A7591" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.14.303", + "versionEndExcluding": "4.15", + "matchCriteriaId": "68B456F6-323E-4372-A707-523AAA068DF8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.19.270", + "versionEndExcluding": "4.20", + "matchCriteriaId": "C08F8902-A527-4C5E-A1BC-1DA79FBF4CB1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.4.229", + "versionEndExcluding": "5.4.232", + "matchCriteriaId": "A8FD5F9C-EDEC-495D-9CA3-4D3154063522" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.10.163", + "versionEndExcluding": "5.10.168", + "matchCriteriaId": "6C254C95-139A-4910-972B-2E64E3030DB5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.94", + "matchCriteriaId": "55EC7465-CE9A-4B9C-B0FA-97394061A77F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.16", + "versionEndExcluding": "6.1", + "matchCriteriaId": "6C7522E3-150F-436D-BBD7-96C7B4B795ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.1.2", + "versionEndExcluding": "6.1.12", + "matchCriteriaId": "96E46A63-9BF7-4CAE-89DA-9D17F44673DE" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/1b4ef90cbcfa603b3bb536fbd6f261197012b6f6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4a779187db39b2f32d048a752573e56e4e77807f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7197460dcd43ff0e4a502ba855dd82d37c2848cc", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b1afb666c32931667c15ad1b58e7203f0119dcaf", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e632291a2dbce45a24cddeb5fe28fe71d724ba43", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1b4ef90cbcfa603b3bb536fbd6f261197012b6f6", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4a779187db39b2f32d048a752573e56e4e77807f", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7197460dcd43ff0e4a502ba855dd82d37c2848cc", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b1afb666c32931667c15ad1b58e7203f0119dcaf", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e632291a2dbce45a24cddeb5fe28fe71d724ba43", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-527xx/CVE-2023-52794.json b/CVE-2023/CVE-2023-527xx/CVE-2023-52794.json index 335e1cab4f9..f53b9d4bffe 100644 --- a/CVE-2023/CVE-2023-527xx/CVE-2023-52794.json +++ b/CVE-2023/CVE-2023-527xx/CVE-2023-52794.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52794", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-21T16:15:18.000", - "lastModified": "2024-11-21T08:40:36.007", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-03-06T12:53:53.273", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,110 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: t\u00e9rmica: intel: powerclamp: corrige la falta de coincidencia en la funci\u00f3n get para max_idle KASAN inform\u00f3 esto [444.853098] BUG: KASAN: global-fuera de los l\u00edmites en param_get_int+0x77/0x90 [444.853111 ] Lectura de tama\u00f1o 4 en addr ffffffffc16c9220 por tarea cat/2105... [444.853442] La direcci\u00f3n con errores pertenece a la variable: [444.853443] max_idle+0x0/0xffffffffffffffcde0 [intel_powerclamp] Hay una discrepancia entre param_get_int y la definici\u00f3n de max_idle . Reemplazar param_get_int con param_get_byte resuelve este problema." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.3", + "versionEndExcluding": "6.5.13", + "matchCriteriaId": "81D6709B-8CD5-4054-8AC5-D8C32228FA43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.6", + "versionEndExcluding": "6.6.3", + "matchCriteriaId": "B58252FA-A49C-411F-9B28-DC5FE44BC5A0" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/0a8585281b11e3a0723bba8d8085d61f0b55f37c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6a3866dbdcf39ac93e98708e6abced511733dc18", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/fae633cfb729da2771b5433f6b84ae7e8b4aa5f7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0a8585281b11e3a0723bba8d8085d61f0b55f37c", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6a3866dbdcf39ac93e98708e6abced511733dc18", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/fae633cfb729da2771b5433f6b84ae7e8b4aa5f7", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-527xx/CVE-2023-52799.json b/CVE-2023/CVE-2023-527xx/CVE-2023-52799.json index dfde27588f8..c6559afe62b 100644 --- a/CVE-2023/CVE-2023-527xx/CVE-2023-52799.json +++ b/CVE-2023/CVE-2023-527xx/CVE-2023-52799.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52799", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-21T16:15:18.443", - "lastModified": "2024-11-21T08:40:36.680", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-03-06T12:53:53.273", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,79 +15,235 @@ "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: jfs: corrige el \u00edndice de matriz fuera de los l\u00edmites en dbFindLeaf. Actualmente, mientras se busca dmtree_t para suficientes bloques libres, hay una matriz fuera de los l\u00edmites al obtener el elemento en tp->dm_stree . Para agregar la verificaci\u00f3n requerida para fuera de los l\u00edmites, primero debemos determinar el tipo de dmtree. Por lo tanto, se agreg\u00f3 un par\u00e1metro adicional a dbFindLeaf para que se pueda determinar el tipo de \u00e1rbol y se pueda aplicar la verificaci\u00f3n requerida." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-129" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.14.331", + "matchCriteriaId": "6F120ED7-3012-4856-9F08-B433BC310335" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", + "versionEndExcluding": "4.19.300", + "matchCriteriaId": "C99DDB75-1CAC-40D0-A14D-67A2A55D6005" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.262", + "matchCriteriaId": "28B0AAED-45BA-4928-9A85-66A429B9F038" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.202", + "matchCriteriaId": "39D508B4-58C7-40C2-BE05-44E41110EB98" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.140", + "matchCriteriaId": "15D6C23C-78A3-40D2-B76B-4F1D9C2D95C0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.64", + "matchCriteriaId": "8D7C884A-CAA2-4EA2-9FEB-5CE776D7B05F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.5.13", + "matchCriteriaId": "674C4F82-C336-4B49-BF64-1DE422E889C4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.6", + "versionEndExcluding": "6.6.3", + "matchCriteriaId": "B58252FA-A49C-411F-9B28-DC5FE44BC5A0" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/20f9310a18e3e99fc031e036fcbed67105ae1859", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/22cad8bc1d36547cdae0eef316c47d917ce3147c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/81aa58cd8495b8c3b527f58ccbe19478d8087f61", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/86df90f3fea7c5591f05c8a0010871d435e83046", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/87c681ab49e99039ff2dd3e71852417381b13878", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/88b7894a8f8705bf4e7ea90b10229376abf14514", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a50b796d36719757526ee094c703378895ab5e67", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/da3da5e1e6f71c21d8e6149d7076d936ef5d4cb9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ecfb47f13b08b02cf28b7b50d4941eefa21954d2", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/20f9310a18e3e99fc031e036fcbed67105ae1859", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/22cad8bc1d36547cdae0eef316c47d917ce3147c", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/81aa58cd8495b8c3b527f58ccbe19478d8087f61", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/86df90f3fea7c5591f05c8a0010871d435e83046", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/87c681ab49e99039ff2dd3e71852417381b13878", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/88b7894a8f8705bf4e7ea90b10229376abf14514", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a50b796d36719757526ee094c703378895ab5e67", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/da3da5e1e6f71c21d8e6149d7076d936ef5d4cb9", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ecfb47f13b08b02cf28b7b50d4941eefa21954d2", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-528xx/CVE-2023-52805.json b/CVE-2023/CVE-2023-528xx/CVE-2023-52805.json index 4c25e7aeaf1..c3309393547 100644 --- a/CVE-2023/CVE-2023-528xx/CVE-2023-52805.json +++ b/CVE-2023/CVE-2023-528xx/CVE-2023-52805.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52805", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-21T16:15:18.890", - "lastModified": "2024-11-21T08:40:37.543", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-03-06T12:53:53.273", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,79 +15,235 @@ "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: jfs: corrige el \u00edndice de matriz fuera de los l\u00edmites en diAlloc. Actualmente no se verifica el agno del iag al asignar nuevos inodos para evitar problemas de fragmentaci\u00f3n. Se agreg\u00f3 la comprobaci\u00f3n que se requiere." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-129" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.14.331", + "matchCriteriaId": "6F120ED7-3012-4856-9F08-B433BC310335" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", + "versionEndExcluding": "4.19.300", + "matchCriteriaId": "C99DDB75-1CAC-40D0-A14D-67A2A55D6005" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.262", + "matchCriteriaId": "28B0AAED-45BA-4928-9A85-66A429B9F038" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.202", + "matchCriteriaId": "39D508B4-58C7-40C2-BE05-44E41110EB98" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.140", + "matchCriteriaId": "15D6C23C-78A3-40D2-B76B-4F1D9C2D95C0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.64", + "matchCriteriaId": "8D7C884A-CAA2-4EA2-9FEB-5CE776D7B05F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.5.13", + "matchCriteriaId": "674C4F82-C336-4B49-BF64-1DE422E889C4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.6", + "versionEndExcluding": "6.6.3", + "matchCriteriaId": "B58252FA-A49C-411F-9B28-DC5FE44BC5A0" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/05d9ea1ceb62a55af6727a69269a4fd310edf483", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1708d0a9917fea579cc9da3d87b154285abd2cd8", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1ba7df5457dc1c1071c5f92ac11323533a6430e1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2308d0fb0dc32446b4e6ca37cd09c30374bb64e9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/64f062baf202b82f54987a3f614a6c8f3e466641", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/665b44e55c2767a4f899c3b18f49e9e1c9983777", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7467ca10a5ff09b0e87edf6c4d2a4bfdee69cf2c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8c68af2af697ba2ba3b138be0c6d72e2ce3a3d6d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cf7e3e84df36a9953796c737f080712f631d7083", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/05d9ea1ceb62a55af6727a69269a4fd310edf483", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1708d0a9917fea579cc9da3d87b154285abd2cd8", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1ba7df5457dc1c1071c5f92ac11323533a6430e1", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2308d0fb0dc32446b4e6ca37cd09c30374bb64e9", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/64f062baf202b82f54987a3f614a6c8f3e466641", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/665b44e55c2767a4f899c3b18f49e9e1c9983777", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7467ca10a5ff09b0e87edf6c4d2a4bfdee69cf2c", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8c68af2af697ba2ba3b138be0c6d72e2ce3a3d6d", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cf7e3e84df36a9953796c737f080712f631d7083", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-528xx/CVE-2023-52807.json b/CVE-2023/CVE-2023-528xx/CVE-2023-52807.json index 87815dae3de..994650902ed 100644 --- a/CVE-2023/CVE-2023-528xx/CVE-2023-52807.json +++ b/CVE-2023/CVE-2023-528xx/CVE-2023-52807.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52807", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-21T16:15:19.033", - "lastModified": "2024-11-21T08:40:37.813", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-03-06T12:53:53.273", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,136 @@ "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: hns3: se puede corregir el acceso fuera de los l\u00edmites cuando se lee la informaci\u00f3n fusionada a trav\u00e9s de debugfs. El controlador hns3 define una matriz de cadenas para mostrar la informaci\u00f3n fusionada, pero si el kernel agrega un nuevo modo o un nuevo estado, puede ocurrir acceso fuera de los l\u00edmites cuando se lee informaci\u00f3n fusionada a trav\u00e9s de debugfs, este parche soluciona el problema." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-129" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.64", + "matchCriteriaId": "8D7C884A-CAA2-4EA2-9FEB-5CE776D7B05F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.5.13", + "matchCriteriaId": "674C4F82-C336-4B49-BF64-1DE422E889C4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.6", + "versionEndExcluding": "6.6.3", + "matchCriteriaId": "B58252FA-A49C-411F-9B28-DC5FE44BC5A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*", + "matchCriteriaId": "3A0038DE-E183-4958-A6E3-CE3821FEAFBF" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/07f5b8c47152cadbd9102e053dcb60685820aa09", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/53aba458f23846112c0d44239580ff59bc5c36c3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/be1f703f39efa27b7371b9a4cd983317f1366792", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f79d985c69060047426be68b7e4c1663d5d731b4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/07f5b8c47152cadbd9102e053dcb60685820aa09", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/53aba458f23846112c0d44239580ff59bc5c36c3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/be1f703f39efa27b7371b9a4cd983317f1366792", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f79d985c69060047426be68b7e4c1663d5d731b4", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10904.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10904.json index 1741f65b5f3..52d6c175fa7 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10904.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10904.json @@ -2,19 +2,43 @@ "id": "CVE-2024-10904", "sourceIdentifier": "psirt@esri.com", "published": "2025-03-03T20:15:39.990", - "lastModified": "2025-03-03T20:15:39.990", - "vulnStatus": "Received", + "lastModified": "2025-03-06T12:21:35.360", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 \u2013 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de cross-site scripting almacenado en ArcGIS Server para las versiones 10.9.1 a 11.3 que puede permitir que un atacante remoto autenticado cree un v\u00ednculo almacenado y manipulado que, al hacer clic en \u00e9l, podr\u00eda ejecutar c\u00f3digo JavaScript arbitrario en el navegador de la v\u00edctima. Los privilegios necesarios para ejecutar este ataque son altos y requieren capacidades de publicaci\u00f3n. El impacto es bajo tanto para la confidencialidad como para la integridad, pero no tiene impacto en la disponibilidad." } ], "metrics": { "cvssMetricV31": [ { "source": "psirt@esri.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -47,10 +71,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:esri:arcgis_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.9.1", + "versionEndIncluding": "11.3", + "matchCriteriaId": "0F9FCA91-B1DE-4C4E-8E33-C42BEA8F53D0" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch/", - "source": "psirt@esri.com" + "source": "psirt@esri.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-359xx/CVE-2024-35937.json b/CVE-2024/CVE-2024-359xx/CVE-2024-35937.json index e62b781f7b5..90ed4b7ab2e 100644 --- a/CVE-2024/CVE-2024-359xx/CVE-2024-35937.json +++ b/CVE-2024/CVE-2024-359xx/CVE-2024-35937.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35937", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-19T11:15:49.553", - "lastModified": "2024-11-21T09:21:14.650", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-03-06T12:53:53.273", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,35 +15,116 @@ "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: wifi: cfg80211: comprueba m\u00e1s detenidamente el formato A-MSDU Si parece que hay otra subtrama en el A-MSDU pero el encabezado no est\u00e1 completamente ah\u00ed, podemos terminar leyendo datos fuera de l\u00edmites, s\u00f3lo para descartarlo m\u00e1s tarde. Haga esto un poco m\u00e1s cuidadoso y verifique si el encabezado del subtrama puede estar presente." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.6.27", + "matchCriteriaId": "06E895C1-812D-4DD3-AC6C-7069937B982A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.8.6", + "matchCriteriaId": "22CA5433-1303-41EF-AD4C-F4645DC01541" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/16da1e1dac23be45ef6e23c41b1508c400e6c544", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5d7a8585fbb31e88fb2a0f581b70667d3300d1e9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9ad7974856926129f190ffbe3beea78460b3b7cc", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9eb3bc0973d084423a6df21cf2c74692ff05647e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/16da1e1dac23be45ef6e23c41b1508c400e6c544", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5d7a8585fbb31e88fb2a0f581b70667d3300d1e9", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9ad7974856926129f190ffbe3beea78460b3b7cc", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-369xx/CVE-2024-36923.json b/CVE-2024/CVE-2024-369xx/CVE-2024-36923.json index 7a77c0d0d6f..939e61f443d 100644 --- a/CVE-2024/CVE-2024-369xx/CVE-2024-36923.json +++ b/CVE-2024/CVE-2024-369xx/CVE-2024-36923.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36923", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-30T16:15:15.547", - "lastModified": "2024-12-02T08:15:06.143", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-03-06T12:53:37.607", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,116 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/9p: corrige valores no inicializados durante el desalojo de inodo. Si un iget falla debido a que no puede recuperar informaci\u00f3n del servidor, entonces la estructura del inodo solo se inicializa parcialmente. Cuando se expulsa el inodo, se hac\u00edan referencias a estructuras no inicializadas (como cookies fscache). Este parche busca un bad_inode antes de hacer cualquier otra cosa que no sea borrar el inodo del cach\u00e9. Dado que el inodo es malo, no deber\u00eda tener ning\u00fan estado asociado que deba reescribirse (y realmente no hay una manera de completarlo de todos modos)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-908" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.1.119", + "matchCriteriaId": "F88D2BE0-AC46-46DF-9D63-C6A44E15B813" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.63", + "matchCriteriaId": "8800BB45-48BC-4B52-BDA5-B1E4633F42E5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.8.10", + "matchCriteriaId": "6A6B920C-8D8F-4130-86B4-AD334F4CF2E3" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/18cf7026355187b8d2b4cdfed61dbf873e9d29ff", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1b4cb6e91f19b81217ad98142ee53a1ab25893fd", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3a741b80b3457f079cf637e47800fb7bf8038ad6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6630036b7c228f57c7893ee0403e92c2db2cd21d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1b4cb6e91f19b81217ad98142ee53a1ab25893fd", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6630036b7c228f57c7893ee0403e92c2db2cd21d", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-383xx/CVE-2024-38311.json b/CVE-2024/CVE-2024-383xx/CVE-2024-38311.json new file mode 100644 index 00000000000..7e9d14504a8 --- /dev/null +++ b/CVE-2024/CVE-2024-383xx/CVE-2024-38311.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-38311", + "sourceIdentifier": "security@apache.org", + "published": "2025-03-06T12:15:34.157", + "lastModified": "2025-03-06T12:15:34.157", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Input Validation vulnerability in Apache Traffic Server.\n\nThis issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3.\n\nUsers are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-385xx/CVE-2024-38556.json b/CVE-2024/CVE-2024-385xx/CVE-2024-38556.json index b22326c83b5..e2503a34f1e 100644 --- a/CVE-2024/CVE-2024-385xx/CVE-2024-38556.json +++ b/CVE-2024/CVE-2024-385xx/CVE-2024-38556.json @@ -2,8 +2,8 @@ "id": "CVE-2024-38556", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-06-19T14:15:15.810", - "lastModified": "2024-11-21T09:26:20.280", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-03-06T12:53:37.607", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,47 +15,173 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: agrega un tiempo de espera para adquirir el sem\u00e1foro de la cola de comandos. Evita el manejo de finalizaci\u00f3n forzada en una entrada a la que a\u00fan no se le ha asignado un \u00edndice, lo que provoca un acceso fuera de los l\u00edmites en idx = -22. En lugar de esperar indefinidamente el sem, el flujo de bloqueo ahora espera a que se asigne el \u00edndice o a que se agote el tiempo de espera de adquisici\u00f3n del sem antes de iniciar el temporizador para completar el FW. Ejemplo de registro del kernel: mlx5_core 0000:06:00.0: wait_func_handle_exec_timeout:1128:(pid 185911): cmd[-22]: CREATE_UCTX(0xa04) No se complet\u00f3" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-129" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.4.174", + "versionEndExcluding": "5.5", + "matchCriteriaId": "B9BC8CC5-AB06-4C51-869B-2FE0820D0AC1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.10.94", + "versionEndExcluding": "5.11", + "matchCriteriaId": "D97173A0-CD12-4773-B2F5-A9037AAB0383" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15.17", + "versionEndExcluding": "5.16", + "matchCriteriaId": "FE141E86-782B-4D36-B214-2FB7AC66A083" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16.3", + "versionEndIncluding": "6.1.93", + "matchCriteriaId": "EB815E0A-660A-44C3-9033-8B7238B7CA4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndIncluding": "6.6.33", + "matchCriteriaId": "3254742F-9901-4088-ACB5-27405BB2343E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndIncluding": "6.8.12", + "matchCriteriaId": "F5EDD0D5-6B6E-4F6A-A099-30679CC81755" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.9", + "versionEndIncluding": "6.9.3", + "matchCriteriaId": "9A21A3C2-C96F-4722-B347-C34D308A1B12" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/2d0962d05c93de391ce85f6e764df895f47c8918", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/485d65e1357123a697c591a5aeb773994b247ad7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4baae687a20ef2b82fde12de3c04461e6f2521d6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/94024332a129c6e4275569d85c0c1bfb2ae2d71b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f9caccdd42e999b74303c9b0643300073ed5d319", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2d0962d05c93de391ce85f6e764df895f47c8918", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/485d65e1357123a697c591a5aeb773994b247ad7", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4baae687a20ef2b82fde12de3c04461e6f2521d6", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/94024332a129c6e4275569d85c0c1bfb2ae2d71b", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f9caccdd42e999b74303c9b0643300073ed5d319", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38606.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38606.json index 4d8d0ebc8b7..b9a0a3b7637 100644 --- a/CVE-2024/CVE-2024-386xx/CVE-2024-38606.json +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38606.json @@ -2,8 +2,8 @@ "id": "CVE-2024-38606", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-06-19T14:15:20.567", - "lastModified": "2024-11-21T09:26:28.147", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-03-06T12:53:37.607", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,110 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: crypto: qat: valida el recuento de segmentos devueltos por el FW. La funci\u00f3n adf_send_admin_tl_start() habilita la funci\u00f3n de telemetr\u00eda (TL) en un dispositivo QAT enviando el mensaje ICP_QAT_FW_TL_START al firmware. Esto hace que el FW comience a escribir datos TL en un b\u00fafer DMA en la memoria y devuelve una matriz que contiene la cantidad de aceleradores de cada tipo (porciones) admitidos por este HW. El puntero a esta matriz se almacena en la estructura de datos adf_tl_hw_data llamada slice_cnt. La matriz slice_cnt luego se usa en la funci\u00f3n tl_print_dev_data() para informar en debugfs solo estad\u00edsticas sobre los aceleradores admitidos. Un valor incorrecto de los elementos en slice_cnt podr\u00eda provocar una lectura de memoria fuera de los l\u00edmites. Por el momento, no existe una implementaci\u00f3n de FW que devuelva un valor incorrecto, pero para mayor solidez, valide la matriz de recuento de sectores devuelta por FW." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.8", + "versionEndExcluding": "6.8.12", + "matchCriteriaId": "32F3B5DB-BFED-4D0E-86BB-2B6ECB1CEFB9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.9", + "versionEndExcluding": "6.9.3", + "matchCriteriaId": "E07124C1-19E8-4D21-828D-9932A01D3011" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/483fd65ce29317044d1d00757e3fd23503b6b04c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9b284b915e2a5e63ca133353f8c456eff4446f82", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e57ed345e2e6043629fc74aa5be051415dcc4f77", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/483fd65ce29317044d1d00757e3fd23503b6b04c", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9b284b915e2a5e63ca133353f8c456eff4446f82", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e57ed345e2e6043629fc74aa5be051415dcc4f77", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39507.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39507.json index 1452a0e350a..896ca9219c6 100644 --- a/CVE-2024/CVE-2024-395xx/CVE-2024-39507.json +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39507.json @@ -2,8 +2,8 @@ "id": "CVE-2024-39507", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-12T13:15:13.050", - "lastModified": "2024-11-21T09:27:52.060", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-03-06T12:53:17.520", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,47 +15,167 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: hns3: soluciona el problema de falla del kernel en un escenario concurrente Cuando el estado del enlace cambia, el controlador nic debe notificar al controlador roce para manejar este evento, pero en este momento, el controlador roce puede desiniciar y luego causar un fallo del kernel. Para solucionar el problema, cuando cambia el estado del enlace, es necesario verificar si el roce se registr\u00f3 y, cuando se desinstala, es necesario esperar a que finalice la actualizaci\u00f3n del enlace." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-908" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.1", + "versionEndExcluding": "5.15.162", + "matchCriteriaId": "CBBC1ACE-C74C-483B-8DB2-168B21552C27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.95", + "matchCriteriaId": "D435765D-2766-44F5-B319-F713A13E35CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.35", + "matchCriteriaId": "6F019D15-84C0-416B-8C57-7F51B68992F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.9.6", + "matchCriteriaId": "0ABBBA1D-F79D-4BDB-AA41-D1EDCC4A6975" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", + "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", + "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/12cda920212a49fa22d9e8b9492ac4ea013310a4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/62b5dfb67bfa8bd0301bf3442004563495f9ee48", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/689de7c3bfc7d47e0eacc641c4ce4a0f579aeefa", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6d0007f7b69d684879a0f598a042e40244d3cf63", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b2c5024b771cd1dd8175d5f6949accfadbab7edd", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/12cda920212a49fa22d9e8b9492ac4ea013310a4", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/62b5dfb67bfa8bd0301bf3442004563495f9ee48", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/689de7c3bfc7d47e0eacc641c4ce4a0f579aeefa", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6d0007f7b69d684879a0f598a042e40244d3cf63", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b2c5024b771cd1dd8175d5f6949accfadbab7edd", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-409xx/CVE-2024-40926.json b/CVE-2024/CVE-2024-409xx/CVE-2024-40926.json index 7af19e4353a..9db20bb1c27 100644 --- a/CVE-2024/CVE-2024-409xx/CVE-2024-40926.json +++ b/CVE-2024/CVE-2024-409xx/CVE-2024-40926.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40926", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-12T13:15:15.403", - "lastModified": "2024-11-21T09:31:53.090", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-03-06T12:53:17.520", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,104 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/nouveau: no intente programar hpd_work en tarjetas headless si la tarjeta no tiene hardware de visualizaci\u00f3n, hpd_work y hpd_lock quedan sin inicializar, lo que provoca un ERROR al intentar programar hpd_work en tiempo de ejecuci\u00f3n, reanudaci\u00f3n de PM. Solucionelo agregando una bandera sin cabeza a DRM y omita cualquier hpd si est\u00e1 configurado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-908" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.9.6", + "matchCriteriaId": "0ABBBA1D-F79D-4BDB-AA41-D1EDCC4A6975" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", + "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", + "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/227349998e5740f14d531b0f0d704e66b1ed3c2f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b96a225377b6602299a03d2ce3c289b68cd41bb7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/227349998e5740f14d531b0f0d704e66b1ed3c2f", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b96a225377b6602299a03d2ce3c289b68cd41bb7", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-409xx/CVE-2024-40931.json b/CVE-2024/CVE-2024-409xx/CVE-2024-40931.json index d628f8bd60a..ebaa26b8ce2 100644 --- a/CVE-2024/CVE-2024-409xx/CVE-2024-40931.json +++ b/CVE-2024/CVE-2024-409xx/CVE-2024-40931.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40931", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-12T13:15:15.750", - "lastModified": "2024-11-21T09:31:53.693", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-03-06T12:53:17.520", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,55 +15,188 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: aseg\u00farese de que snd_una se inicialice correctamente al conectarse. Esto est\u00e1 estrictamente relacionado con el commit fb7a0d334894 (\"mptcp: aseg\u00farese de que snd_nxt se inicialice correctamente al conectarse\"). Resulta que syzkaller puede activar la retransmisi\u00f3n despu\u00e9s del respaldo y antes de procesar cualquier otro paquete entrante, de modo que snd_una a\u00fan permanece sin inicializar. Solucione el problema al inicializar expl\u00edcitamente snd_una junto con snd_nxt y write_seq." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-908" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.9", + "versionEndExcluding": "5.10.221", + "matchCriteriaId": "5906D3E8-EF84-4283-A4A5-0019A4E060E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.162", + "matchCriteriaId": "10A39ACC-3005-40E8-875C-98A372D1FFD5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.95", + "matchCriteriaId": "D435765D-2766-44F5-B319-F713A13E35CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.35", + "matchCriteriaId": "6F019D15-84C0-416B-8C57-7F51B68992F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.9.6", + "matchCriteriaId": "0ABBBA1D-F79D-4BDB-AA41-D1EDCC4A6975" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", + "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", + "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/208cd22ef5e57f82d38ec11c1a1703f9401d6dde", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7b9c7fc8600b64a86e4b47b2d190bba380267726", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8031b58c3a9b1db3ef68b3bd749fbee2e1e1aaa3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ef473bf1dd7e8dd08bcc04b9e2d1bfed69a0a7ce", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f03c46eabb3a67bd2993e237ab5517f00a5f1813", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f1f0a46f8bb8890b90ab7194f0a0c8fe2a3fb57f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/208cd22ef5e57f82d38ec11c1a1703f9401d6dde", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7b9c7fc8600b64a86e4b47b2d190bba380267726", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8031b58c3a9b1db3ef68b3bd749fbee2e1e1aaa3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ef473bf1dd7e8dd08bcc04b9e2d1bfed69a0a7ce", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f03c46eabb3a67bd2993e237ab5517f00a5f1813", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f1f0a46f8bb8890b90ab7194f0a0c8fe2a3fb57f", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-409xx/CVE-2024-40984.json b/CVE-2024/CVE-2024-409xx/CVE-2024-40984.json index 287561cac4d..80800ed394f 100644 --- a/CVE-2024/CVE-2024-409xx/CVE-2024-40984.json +++ b/CVE-2024/CVE-2024-409xx/CVE-2024-40984.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40984", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-12T13:15:19.977", - "lastModified": "2024-11-21T09:32:00.383", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-03-06T12:53:17.520", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,71 +15,235 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ACPICA: Revertir \"ACPICA: evitar Informaci\u00f3n: mapeo de m\u00faltiples BAR. Su kernel est\u00e1 bien\". Deshaga las modificaciones realizadas en el commit d410ee5109a1 (\"ACPICA: evite \"Informaci\u00f3n: mapeo de varias BAR. Su kernel est\u00e1 bien.\"\"). El prop\u00f3sito inicial de est\u00e9 commit fue evitar que las asignaciones de memoria para regiones de operaci\u00f3n se superpongan en los l\u00edmites de las p\u00e1ginas, ya que puede generar advertencias si hay diferentes atributos de p\u00e1gina presentes. Sin embargo, se descubri\u00f3 que cuando surge esta situaci\u00f3n, el mapeo contin\u00faa hasta el final del l\u00edmite, pero todav\u00eda hay un intento de leer/escribir en toda la longitud del mapa, lo que lleva a una deferencia del puntero NULL. Por ejemplo, si se realiza una solicitud de asignaci\u00f3n de cuatro bytes pero solo se asigna un byte porque llega al final del l\u00edmite de la p\u00e1gina actual, a\u00fan se realiza un intento de lectura/escritura de cuatro bytes, lo que resulta en una deferencia de puntero NULL. En su lugar, asigne toda la longitud, ya que la especificaci\u00f3n ACPI no exige que deba estar dentro del mismo l\u00edmite de p\u00e1gina. Est\u00e1 permitido mapearlo en diferentes regiones." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.6.32", + "versionEndExcluding": "4.19.317", + "matchCriteriaId": "D19E57A6-28DE-488E-A59D-79D6D29814AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.279", + "matchCriteriaId": "F4E38E58-1B9F-4DF2-AD3D-A8BEAA2959D8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.221", + "matchCriteriaId": "659E1520-6345-41AF-B893-A7C0647585A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.162", + "matchCriteriaId": "10A39ACC-3005-40E8-875C-98A372D1FFD5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.96", + "matchCriteriaId": "61E887B4-732A-40D2-9983-CC6F281EBFB7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.36", + "matchCriteriaId": "E1046C95-860A-45B0-B718-2B29F65BFF10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.9.7", + "matchCriteriaId": "0A047AF2-94AC-4A3A-B32D-6AB930D8EF1C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", + "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", + "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*", + "matchCriteriaId": "79F18AFA-40F7-43F0-BA30-7BDB65F918B9" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/434c6b924e1f4c219aab2d9e05fe79c5364e37d3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/435ecc978c3d5d0c4e172ec5b956dc1904061d98", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6eca23100e9030725f69c1babacd58803f29ec8d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a83e1385b780d41307433ddbc86e3c528db031f0", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ae465109d82f4fb03c5adbe85f2d6a6a3d59124c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/dc5017c57f5eee80020c73ff8b67ba7f9fd08b1f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ddc1f5f124479360a1fd43f73be950781d172239", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e21a4c9129c72fa54dd00f5ebf71219b41d43c04", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/434c6b924e1f4c219aab2d9e05fe79c5364e37d3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/435ecc978c3d5d0c4e172ec5b956dc1904061d98", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6eca23100e9030725f69c1babacd58803f29ec8d", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a83e1385b780d41307433ddbc86e3c528db031f0", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ae465109d82f4fb03c5adbe85f2d6a6a3d59124c", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/dc5017c57f5eee80020c73ff8b67ba7f9fd08b1f", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ddc1f5f124479360a1fd43f73be950781d172239", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e21a4c9129c72fa54dd00f5ebf71219b41d43c04", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41028.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41028.json index 7c63c32bc12..ecc50dc12d8 100644 --- a/CVE-2024/CVE-2024-410xx/CVE-2024-41028.json +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41028.json @@ -2,8 +2,8 @@ "id": "CVE-2024-41028", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T15:15:11.553", - "lastModified": "2024-11-21T09:32:05.793", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-03-06T12:53:17.520", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,166 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: plataforma/x86: toshiba_acpi: corrige el acceso fuera de los l\u00edmites de la matriz. Para utilizar toshiba_dmi_quirks[] junto con las funciones est\u00e1ndar de coincidencia DMI, debe terminar con una entrada vac\u00eda. Dado que falta esta entrada, se produce un acceso fuera de los l\u00edmites a la matriz cada vez que se procesa la lista de peculiaridades. Solucione este problema agregando la entrada vac\u00eda final." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-129" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.1", + "versionEndExcluding": "6.1.100", + "matchCriteriaId": "11AA9FD7-8CF6-4561-A31F-2BD173451E8A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.41", + "matchCriteriaId": "96AC42B8-D66D-4AC5-B466-E9BA7910FA29" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.9.10", + "matchCriteriaId": "AB2E8DEC-CFD5-4C2B-981D-E7E45A36C352" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", + "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", + "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*", + "matchCriteriaId": "79F18AFA-40F7-43F0-BA30-7BDB65F918B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*", + "matchCriteriaId": "BD973AA4-A789-49BD-8D57-B2846935D3C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*", + "matchCriteriaId": "8F3E9E0C-AC3E-4967-AF80-6483E8AB0078" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc7:*:*:*:*:*:*", + "matchCriteriaId": "11AF4CB9-F697-4EA4-8903-8F9417EFDA8E" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/0d71da43d6b7916d36cf1953d793da80433c50bf", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/639868f1cb87b683cf830353bbee0c4078202313", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b6e02c6b0377d4339986e07aeb696c632cd392aa", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e030aa6c972641cb069086a8c7a0f747653e472a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0d71da43d6b7916d36cf1953d793da80433c50bf", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/639868f1cb87b683cf830353bbee0c4078202313", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b6e02c6b0377d4339986e07aeb696c632cd392aa", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e030aa6c972641cb069086a8c7a0f747653e472a", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42264.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42264.json index 3b5d67e9a3b..9f03eb62d4a 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42264.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42264.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42264", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:07.833", - "lastModified": "2024-08-19T12:59:59.177", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-03-06T12:53:17.520", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,15 +15,80 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/v3d: evita el acceso fuera de los l\u00edmites en las extensiones de consulta de rendimiento. Verifique que la cantidad de espacio de usuario de perfmons que se pasa en las extensiones de copia y restablecimiento no sea mayor que el almacenamiento interno del kernel donde se encuentra el Los identificadores se copiar\u00e1n. (cereza escogida del commit f32b5128d2c440368b5bf3a7a356823e235caabb)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.8", + "versionEndExcluding": "6.10.4", + "matchCriteriaId": "F8B935B3-1FAC-4502-A5BA-A3C286A20469" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", + "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/6ce9efd12ae81cf46bf44eb0348594558dfbb9d2", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/73ad583bd4938bf37d2709fc36901eb6f22f2722", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51942.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51942.json index e3c3c284284..1e2e82ee5ae 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51942.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51942.json @@ -2,19 +2,43 @@ "id": "CVE-2024-51942", "sourceIdentifier": "psirt@esri.com", "published": "2025-03-03T20:15:40.167", - "lastModified": "2025-03-03T20:15:40.167", - "vulnStatus": "Received", + "lastModified": "2025-03-06T12:29:08.017", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 \u2013 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de cross-site scripting almacenado en ArcGIS Server para las versiones 10.9.1 a 11.3 que puede permitir que un atacante remoto autenticado cree un v\u00ednculo almacenado y manipulado que, al hacer clic en \u00e9l, podr\u00eda ejecutar c\u00f3digo JavaScript arbitrario en el navegador de la v\u00edctima. Los privilegios necesarios para ejecutar este ataque son altos y requieren capacidades de publicaci\u00f3n. El impacto es bajo tanto para la confidencialidad como para la integridad, pero no tiene impacto en la disponibilidad." } ], "metrics": { "cvssMetricV31": [ { "source": "psirt@esri.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -47,10 +71,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:esri:arcgis_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.9.1", + "versionEndIncluding": "11.3", + "matchCriteriaId": "0F9FCA91-B1DE-4C4E-8E33-C42BEA8F53D0" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch/", - "source": "psirt@esri.com" + "source": "psirt@esri.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51944.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51944.json index d1a941588c6..05a4c20ca21 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51944.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51944.json @@ -2,20 +2,24 @@ "id": "CVE-2024-51944", "sourceIdentifier": "psirt@esri.com", "published": "2025-03-03T20:15:40.327", - "lastModified": "2025-03-03T20:15:40.327", - "vulnStatus": "Received", + "lastModified": "2025-03-06T12:29:08.017", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 \u2013 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de cross-site scripting almacenado en ArcGIS Server para las versiones 10.9.1 a 11.3 que puede permitir que un atacante remoto autenticado cree un v\u00ednculo almacenado y manipulado que, al hacer clic en \u00e9l, podr\u00eda ejecutar c\u00f3digo JavaScript arbitrario en el navegador de la v\u00edctima. Los privilegios necesarios para ejecutar este ataque son altos y requieren capacidades de publicaci\u00f3n. El impacto es bajo tanto para la confidencialidad como para la integridad, pero no tiene impacto en la disponibilidad." } ], "metrics": { "cvssMetricV31": [ { "source": "psirt@esri.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", @@ -32,6 +36,26 @@ }, "exploitabilityScore": 1.7, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -47,10 +71,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:esri:arcgis_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.9.1", + "versionEndIncluding": "11.3", + "matchCriteriaId": "0F9FCA91-B1DE-4C4E-8E33-C42BEA8F53D0" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch/", - "source": "psirt@esri.com" + "source": "psirt@esri.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-531xx/CVE-2024-53162.json b/CVE-2024/CVE-2024-531xx/CVE-2024-53162.json index d2d70fa87f6..6fbeefcb475 100644 --- a/CVE-2024/CVE-2024-531xx/CVE-2024-53162.json +++ b/CVE-2024/CVE-2024-531xx/CVE-2024-53162.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53162", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-24T12:15:24.567", - "lastModified": "2024-12-24T12:15:24.567", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-03-06T12:42:52.363", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,103 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: crypto: qat/qat_4xxx - arreglado por uno en uof_get_name() La matriz fw_objs[] tiene elementos \"num_objs\", por lo que > debe ser >= para evitar un l\u00edmite leer." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.5", + "versionEndExcluding": "6.6.64", + "matchCriteriaId": "54B7846B-C7F0-4910-8749-C0C31DCDDFD7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.11", + "matchCriteriaId": "21434379-192D-472F-9B54-D45E3650E893" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.12", + "versionEndExcluding": "6.12.2", + "matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/05c9a7a5344425860202a8f3efea4d8ed2d10edb", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/475b5098043eef6e72751aadeab687992a5b63d1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/700852528fc5295897d6089eea0656d67f9b9d88", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e69d2845aaa080960f38761f78fd25aa856620c6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-531xx/CVE-2024-53163.json b/CVE-2024/CVE-2024-531xx/CVE-2024-53163.json index e8a02ff42fe..2c28d7e8a99 100644 --- a/CVE-2024/CVE-2024-531xx/CVE-2024-53163.json +++ b/CVE-2024/CVE-2024-531xx/CVE-2024-53163.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53163", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-24T12:15:24.670", - "lastModified": "2024-12-24T12:15:24.670", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-03-06T12:42:52.363", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,89 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: qat/qat_420xx - arreglado por uno en uof_get_name() Esto se llama desde uof_get_name_420xx() donde \"num_objs\" es ARRAY_SIZE() de fw_objs[]. El > debe ser >= para evitar un acceso fuera de los l\u00edmites." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-193" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.8", + "versionEndExcluding": "6.11.11", + "matchCriteriaId": "FF76D5FF-944B-4187-AE80-15327D64BB22" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.12", + "versionEndExcluding": "6.12.2", + "matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/91eef1ad75f03d37dba926b73f9dd6f058bc4d58", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/93a11608fb3720e1bc2b19a2649ac2b49cca1921", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c23661a36eea840b657e485d48ed88b246da1bb8", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-532xx/CVE-2024-53209.json b/CVE-2024/CVE-2024-532xx/CVE-2024-53209.json index 92457469935..d354c587064 100644 --- a/CVE-2024/CVE-2024-532xx/CVE-2024-53209.json +++ b/CVE-2024/CVE-2024-532xx/CVE-2024-53209.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53209", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-27T14:15:28.793", - "lastModified": "2024-12-27T14:15:28.793", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-03-06T12:42:52.363", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,96 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bnxt_en: Corregir par\u00e1metros de espacio de anillo de recepci\u00f3n cuando XDP est\u00e1 activo La configuraci\u00f3n de MTU en el momento en que se adjunta un multi-buffer XDP determina si se utilizar\u00e1 el anillo de agregaci\u00f3n y el controlador rx_skb_func. Esto se hace en bnxt_set_rx_skb_mode(). Si la MTU se cambia m\u00e1s tarde, es posible que sea necesario cambiar la configuraci\u00f3n del anillo de agregaci\u00f3n y que deje de estar sincronizada con la configuraci\u00f3n realizada inicialmente en bnxt_set_rx_skb_mode(). Esto puede provocar una corrupci\u00f3n aleatoria de la memoria y fallas, ya que el hardware puede DMA datos m\u00e1s grandes que el tama\u00f1o de b\u00fafer asignado, como: ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 00000000000003c0 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 17 PID: 0 Comm: swapper/17 Kdump: cargado Tainted: GS OE 6.1.0-226bf9805506 #1 Nombre del hardware: Wiwynn Delta Lake PVT BZA.02601.0150/Delta Lake-Class1, BIOS F0E_3A12 26/08/2021 RIP: 0010:bnxt_rx_pkt+0xe97/0x1ae0 [bnxt_en] C\u00f3digo: 8b 95 70 es ff es ff es 4c 8b 9d 48 es ff es ff es 66 41 89 87 b4 00 00 00 e9 0b f7 es ff es 0f b7 43 0a 49 8b 95 a8 04 00 00 25 es ff es 0f 00 00 <0f> b7 14 42 48 c1 e2 06 49 03 95 a0 04 00 00 0f b6 42 33f RSP: 0018:ffffa19f40cc0d18 EFLAGS: 00010202 RAX: 00000000000001e0 RBX: ffff8e2c805c6100 RCX: 000000000000007ff RDX: 00000000000000000 RSI: ffff8e2c271ab990 RDI: ffff8e2c84f12380 RBP: ffffa19f40cc0e48 R08: 000000000001000d R09: 974ea2fcddfa4cbf R10: 000000000000000 R11: ffffa19f40cc0ff8 R12: ffff8e2c94b58980 R13: ffff8e2c952d6600 R14: 0000000000000016 R15: ffff8e2c271ab990 FS: 0000000000000000(0000) GS:ffff8e3b3f840000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000003c0 CR3: 0000000e8580a004 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Seguimiento de llamadas: __bnxt_poll_work+0x1c2/0x3e0 [bnxt_en] Para solucionar el problema, ahora llamamos a bnxt_set_rx_skb_mode() dentro de bnxt_change_mtu() para configurar correctamente la configuraci\u00f3n de anillos AGG y actualizar rx_skb_func en funci\u00f3n del nuevo valor de MTU. Adem\u00e1s, BNXT_FLAG_NO_AGG_RINGS se borra al comienzo de bnxt_set_rx_skb_mode() para asegurarnos de que se configure o borre en funci\u00f3n de la MTU actual." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.1.45", + "versionEndExcluding": "6.2", + "matchCriteriaId": "8E203173-C610-4A6B-9280-34E2AAB018F8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.10", + "versionEndExcluding": "6.11.11", + "matchCriteriaId": "995110A7-7FE4-4599-9493-806A6208BF8A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.12", + "versionEndExcluding": "6.12.2", + "matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/3051a77a09dfe3022aa012071346937fdf059033", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/84353386762a0a16dd444ead76c012e167d89b41", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bf54a7660fc8d2166f41ff1d67a643b15d8b2250", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-561xx/CVE-2024-56195.json b/CVE-2024/CVE-2024-561xx/CVE-2024-56195.json new file mode 100644 index 00000000000..25b9c567a99 --- /dev/null +++ b/CVE-2024/CVE-2024-561xx/CVE-2024-56195.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-56195", + "sourceIdentifier": "security@apache.org", + "published": "2025-03-06T12:15:35.373", + "lastModified": "2025-03-06T12:15:35.373", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Access Control vulnerability in Apache Traffic Server.\n\nThis issue affects Apache Traffic Server: from 9.2.0 through 9.2.8, from 10.0.0 through 10.0.3.\n\nUsers are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-561xx/CVE-2024-56196.json b/CVE-2024/CVE-2024-561xx/CVE-2024-56196.json new file mode 100644 index 00000000000..06a008ee847 --- /dev/null +++ b/CVE-2024/CVE-2024-561xx/CVE-2024-56196.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-56196", + "sourceIdentifier": "security@apache.org", + "published": "2025-03-06T12:15:35.523", + "lastModified": "2025-03-06T12:15:35.523", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Access Control vulnerability in Apache Traffic Server.\n\nThis issue affects Apache Traffic Server: from 10.0.0 through 10.0.3.\n\nUsers are recommended to upgrade to version 10.0.4, which fixes the issue." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-562xx/CVE-2024-56202.json b/CVE-2024/CVE-2024-562xx/CVE-2024-56202.json new file mode 100644 index 00000000000..17020f44914 --- /dev/null +++ b/CVE-2024/CVE-2024-562xx/CVE-2024-56202.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-56202", + "sourceIdentifier": "security@apache.org", + "published": "2025-03-06T11:15:11.423", + "lastModified": "2025-03-06T11:15:11.423", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Expected Behavior Violation vulnerability in Apache Traffic Server.\n\nThis issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3.\n\nUsers are recommended to upgrade to versions 9.2.9 or 10.0.4 or newer, which fixes the issue." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-440" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-565xx/CVE-2024-56548.json b/CVE-2024/CVE-2024-565xx/CVE-2024-56548.json index f55f7a029f4..5a402fe0198 100644 --- a/CVE-2024/CVE-2024-565xx/CVE-2024-56548.json +++ b/CVE-2024/CVE-2024-565xx/CVE-2024-56548.json @@ -2,8 +2,8 @@ "id": "CVE-2024-56548", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-27T14:15:34.603", - "lastModified": "2024-12-27T14:15:34.603", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-03-06T12:42:52.363", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,43 +15,173 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hfsplus: no consultar el tama\u00f1o del bloque l\u00f3gico del dispositivo varias veces Los tama\u00f1os de bloque de los dispositivos pueden cambiar. Uno de estos casos es un dispositivo de bucle mediante el uso de ioctl LOOP_SET_BLOCK_SIZE. Si bien esto puede causar otros problemas como el rechazo de IO, en el caso de hfsplus, asignar\u00e1 un bloque utilizando ese tama\u00f1o y potencialmente escribir\u00e1 fuera de los l\u00edmites cuando hfsplus_read_wrapper llame a hfsplus_submit_bio y la \u00faltima funci\u00f3n lea un io_size diferente. El uso de un nuevo min_io_size establecido inicialmente en sb_min_blocksize funciona para los prop\u00f3sitos de la soluci\u00f3n original, ya que se establecer\u00e1 en el m\u00e1ximo entre HFSPLUS_SECTOR_SIZE y el primer tama\u00f1o de bloque l\u00f3gico visto. Todav\u00eda usamos el m\u00e1ximo entre HFSPLUS_SECTOR_SIZE y min_io_size en caso de que este \u00faltimo no est\u00e9 inicializado. Probado montando un sistema de archivos hfsplus con tama\u00f1os de bloque de bucle 512, 1024 y 4096. El informe KASAN producido antes de la correcci\u00f3n se ve as\u00ed: [ 419.944641] ========================================================================= [ 419.945655] ERROR: KASAN: slab-use-after-free en hfsplus_read_wrapper+0x659/0xa0a [ 419.946703] Lectura de tama\u00f1o 2 en la direcci\u00f3n ffff88800721fc00 por la tarea repro/10678 [ 419.947612] [ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro No contaminado 6.12.0-rc5-00008-gdf56e0f2f3ca #84 [ 419.949007] Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 [ 419.950035] Seguimiento de llamadas: [ 419.950384] [ 419.950676] dump_stack_lvl+0x57/0x78 [ 419.951212] ? kmem_cache_debug_flags+0xc/0x1d [ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a [ 419.954231] kasan_report+0x89/0xb0 [ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a [ 419.955367] hfsplus_read_wrapper+0x659/0xa0a [ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10 [ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9 [ 419.957214] ? _raw_spin_unlock+0x1a/0x2e [ 419.957772] hfsplus_fill_super+0x348/0x1590 [ 419.958355] ? hlock_class+0x4c/0x109 [ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 419.959499] ? __pfx_string+0x10/0x10 [ 419.960006] ? lock_acquire+0x3e2/0x454 [ 419.960532] ? bdev_name.constprop.0+0xce/0x243 [ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10 [ 419.961799] ? puntero+0x3f0/0x62f [ 419.962277] ? __pfx_pointer+0x10/0x10 [ 419.962761] ? vsnprintf+0x6c4/0xfba [ 419.963178] ? __pfx_vsnprintf+0x10/0x10 [ 419.963621] ? setup_bdev_super+0x376/0x3b3 [ 419.964029] ? snprintf+0x9d/0xd2 [ 419.964344] ? __pfx_snprintf+0x10/0x10 [ 419.964675] ? lock_acquired+0x45c/0x5e9 [ 419.965016] ? set_blocksize+0x139/0x1c1 [ 419.965381] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 419.966179] mount_bdev+0x12f/0x1bf [ 419.966512] ? __pfx_mount_bdev+0x10/0x10 [ 419.966886] ? vfs_parse_fs_string+0xce/0x111 [ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10 [ 419.968073] \u00e1rbol_obtenci\u00f3n_legado+0x104/0x178 [ 419.968414] \u00e1rbol_obtenci\u00f3n_vfs+0x86/0x296 [ 419.968751] montaje_ruta+0xba3/0xd0b [ 419.969157] ? __pfx_path_mount+0x10/0x10 [ 419.969594] ? kmem_cache_free+0x1e2/0x260 [ 419.970311] montaje_ruta+0x99/0xe0 [ 419.970630] ? __pfx_do_mount+0x10/0x10 [ 419.971008] __do_sys_mount+0x199/0x1c9 [ 419.971397] do_syscall_64+0xd0/0x135 [ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 419.972233] RIP: 0033:0x7c3cb812972e [ 419.972564] C\u00f3digo: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48 [ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e [ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI: ---truncado---" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.8", + "versionEndExcluding": "4.19.325", + "matchCriteriaId": "D230D81E-7472-4A2F-B9C6-52626B8EC459" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.287", + "matchCriteriaId": "E4B15788-D35E-4E5B-A9C0-070AE3729B34" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.231", + "matchCriteriaId": "B5C644CC-2BD7-4E32-BC54-8DCC7ABE9935" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.174", + "matchCriteriaId": "419FD073-1517-4FD5-8158-F94BC68A1E89" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.120", + "matchCriteriaId": "09AC6122-E2A4-40FE-9D33-268A1B2EC265" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.64", + "matchCriteriaId": "CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.11", + "matchCriteriaId": "21434379-192D-472F-9B54-D45E3650E893" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.12", + "versionEndExcluding": "6.12.2", + "matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/06cbfbb13ac88f4154c2eb4bc4176f9d10139847", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1c82587cb57687de3f18ab4b98a8850c789bedcf", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/21900e8478126ff6afe3b66679f676e74d1f8830", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2667c9b7b76efcbc7adbfea249892f20c313b0da", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3d7bda75e1a6239db053c73acde17ca146317824", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/baccb5e12577b7a9eff54ffba301fdaa0f3ee5a8", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bfeecda050aa9376f642d5b2a71c4112cc6c8216", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e8a2b1c1c2ea85e9a5a2d0c5a5a7e7c639feb866", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f57725bcc5816425e25218fdf5fb6923bc578cdf", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-565xx/CVE-2024-56555.json b/CVE-2024/CVE-2024-565xx/CVE-2024-56555.json index 18e38a9465d..fb9d6b74e7c 100644 --- a/CVE-2024/CVE-2024-565xx/CVE-2024-56555.json +++ b/CVE-2024/CVE-2024-565xx/CVE-2024-56555.json @@ -2,8 +2,8 @@ "id": "CVE-2024-56555", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-27T15:15:14.297", - "lastModified": "2024-12-27T15:15:14.297", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-03-06T12:42:52.363", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,15 +15,75 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: binder: correcci\u00f3n de OOB en binder_add_freeze_work() En binder_add_freeze_work() iteramos sobre proc->nodes con el proc->inner_lock retenido. Sin embargo, este bloqueo se elimina temporalmente para adquirir primero el node->lock (orden de anidaci\u00f3n de bloqueos). Esto puede competir con binder_deferred_release() que elimina los nodos del proc->nodes rbtree y los agrega a la lista binder_dead_nodes. Esto genera una iteraci\u00f3n rota en binder_add_freeze_work() ya que rb_next() usar\u00e1 datos de binder_dead_nodes, lo que activa un acceso fuera de los l\u00edmites: ====================================================================== ERROR: KASAN: global fuera de los l\u00edmites en rb_next+0xfc/0x124 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffffcb84285f7170 por la tarea freeze/660 CPU: 8 UID: 0 PID: 660 Comm: freeze No contaminado 6.11.0-07343-ga727812a8d45 #18 Nombre del hardware: linux,dummy-virt (DT) Rastreo de llamadas: rb_next+0xfc/0x124 binder_add_freeze_work+0x344/0x534 binder_ioctl+0x1e70/0x25ac __arm64_sys_ioctl+0x124/0x190 La direcci\u00f3n con errores pertenece a la variable: binder_dead_nodes+0x10/0x40 [...] =================================================================== Esto es posible porque proc->nodes (rbtree) y binder_dead_nodes (lista) comparten entradas en binder_node a trav\u00e9s de una uni\u00f3n: struct binder_node { [...] union { struct rb_node rb_node; struct hlist_node dead_node; }; Corrija la ejecuci\u00f3n comprobando que el procedimiento sigue activo. Si no es as\u00ed, simplemente salga de la iteraci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.12", + "versionEndExcluding": "6.12.4", + "matchCriteriaId": "938626A1-5477-4679-A5E2-2AADE66DEDCA" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/011e69a1b23011c0db3af4b8293fdd4522cc97b0", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6b1be1da1f8279cf091266e71b5153c5b02aaff6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-575xx/CVE-2024-57579.json b/CVE-2024/CVE-2024-575xx/CVE-2024-57579.json index 3a1c6037b88..1881bd32716 100644 --- a/CVE-2024/CVE-2024-575xx/CVE-2024-57579.json +++ b/CVE-2024/CVE-2024-575xx/CVE-2024-57579.json @@ -2,8 +2,8 @@ "id": "CVE-2024-57579", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-16T21:15:17.057", - "lastModified": "2025-02-18T21:15:24.023", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-03-06T12:42:52.363", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,11 +15,78 @@ "value": " Se descubri\u00f3 que Tenda AC18 V15.03.05.19 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro limitSpeedUp en la funci\u00f3n formSetClientState." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac18_firmware:15.03.05.19:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3A313A-5085-4ABB-92D0-A26208EE44FB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CF9F8AF9-F921-4348-922B-EE5E6037E7AC" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/qijiale/Tenda/tree/main/6", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-575xx/CVE-2024-57580.json b/CVE-2024/CVE-2024-575xx/CVE-2024-57580.json index 5ec9c08af85..b43160583aa 100644 --- a/CVE-2024/CVE-2024-575xx/CVE-2024-57580.json +++ b/CVE-2024/CVE-2024-575xx/CVE-2024-57580.json @@ -2,8 +2,8 @@ "id": "CVE-2024-57580", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-16T21:15:17.223", - "lastModified": "2025-02-18T21:15:24.200", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-03-06T12:42:52.363", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,11 +15,79 @@ "value": "Se descubri\u00f3 que Tenda AC18 V15.03.05.19 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro devName en la funci\u00f3n formSetDeviceName." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac18_firmware:15.03.05.19:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3A313A-5085-4ABB-92D0-A26208EE44FB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CF9F8AF9-F921-4348-922B-EE5E6037E7AC" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/qijiale/Tenda/tree/main/7", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-575xx/CVE-2024-57581.json b/CVE-2024/CVE-2024-575xx/CVE-2024-57581.json index d90eb39bb4a..d382eb26e89 100644 --- a/CVE-2024/CVE-2024-575xx/CVE-2024-57581.json +++ b/CVE-2024/CVE-2024-575xx/CVE-2024-57581.json @@ -2,8 +2,8 @@ "id": "CVE-2024-57581", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-16T21:15:17.437", - "lastModified": "2025-02-18T21:15:24.370", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-03-06T12:42:52.363", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,11 +15,79 @@ "value": " Se descubri\u00f3 que Tenda AC18 V15.03.05.19 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro firewallEn en la funci\u00f3n formSetFirewallCfg." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac18_firmware:15.03.05.19:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3A313A-5085-4ABB-92D0-A26208EE44FB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CF9F8AF9-F921-4348-922B-EE5E6037E7AC" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/qijiale/Tenda/tree/main/8", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-575xx/CVE-2024-57582.json b/CVE-2024/CVE-2024-575xx/CVE-2024-57582.json index baff42c5db7..c77dc03af6a 100644 --- a/CVE-2024/CVE-2024-575xx/CVE-2024-57582.json +++ b/CVE-2024/CVE-2024-575xx/CVE-2024-57582.json @@ -2,8 +2,8 @@ "id": "CVE-2024-57582", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-16T21:15:17.627", - "lastModified": "2025-02-18T21:15:24.550", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-03-06T12:42:52.363", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,11 +15,79 @@ "value": " Se descubri\u00f3 que Tenda AC18 V15.03.05.19 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro startIP en la funci\u00f3n formSetPPTPServer." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac18_firmware:15.03.05.19:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3A313A-5085-4ABB-92D0-A26208EE44FB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CF9F8AF9-F921-4348-922B-EE5E6037E7AC" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/qijiale/Tenda/tree/main/9", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-578xx/CVE-2024-57834.json b/CVE-2024/CVE-2024-578xx/CVE-2024-57834.json index 78c77ec84b8..2a0f4e382e7 100644 --- a/CVE-2024/CVE-2024-578xx/CVE-2024-57834.json +++ b/CVE-2024/CVE-2024-578xx/CVE-2024-57834.json @@ -2,8 +2,8 @@ "id": "CVE-2024-57834", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-02-27T03:15:10.870", - "lastModified": "2025-02-27T03:15:10.870", - "vulnStatus": "Received", + "lastModified": "2025-03-06T12:42:22.567", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,27 +15,116 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: vidtv: Se corrige una desreferencia de puntero nulo en vidtv_mux_stop_thread syzbot informa una desreferencia de puntero nulo en vidtv_mux_stop_thread. [1] Si dvb->mux no se inicializa correctamente mediante vidtv_mux_init() en vidtv_start_streaming(), se activar\u00e1 la desreferencia de puntero nulo sobre mux en vidtv_mux_stop_thread(). Ajuste el tiempo de inicializaci\u00f3n de la transmisi\u00f3n y verif\u00edquelo antes de detenerlo. [1] KASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f] CPU: 0 UID: 0 PID: 5842 Comm: syz-executor248 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:vidtv_mux_stop_thread+0x26/0x80 drivers/media/test-drivers/vidtv/vidtv_mux.c:471 Code: 90 90 90 90 66 0f 1f 00 55 53 48 89 fb e8 82 2e c8 f9 48 8d bb 28 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 02 7e 3b 0f b6 ab 28 01 00 00 31 ff 89 ee e8 RSP: 0018:ffffc90003f2faa8 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff87cfb125 RDX: 0000000000000025 RSI: ffffffff87d120ce RDI: 0000000000000128 RBP: ffff888029b8d220 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000003 R12: ffff888029b8d188 R13: ffffffff8f590aa0 R14: ffffc9000581c5c8 R15: ffff888029a17710 FS: 00007f7eef5156c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f7eef5e635c CR3: 0000000076ca6000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: vidtv_stop_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:209 [inline] vidtv_stop_feed+0x151/0x250 drivers/media/test-drivers/vidtv/vidtv_bridge.c:252 dmx_section_feed_stop_filtering+0x90/0x160 drivers/media/dvb-core/dvb_demux.c:1000 dvb_dmxdev_feed_stop.isra.0+0x1ee/0x270 drivers/media/dvb-core/dmxdev.c:486 dvb_dmxdev_filter_stop+0x22a/0x3a0 drivers/media/dvb-core/dmxdev.c:559 dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline] dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246 __fput+0x3f8/0xb60 fs/file_table.c:450 task_work_run+0x14e/0x250 kernel/task_work.c:239 get_signal+0x1d3/0x2610 kernel/signal.c:2790 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337 exit_to_user_mode_loop kernel/entry/common.c:111 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f " } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.1.129", + "matchCriteriaId": "18BF0B0B-D95C-472C-A99F-DE209F253F6F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.79", + "matchCriteriaId": "B16AADE5-B2FD-4C14-B4E4-85E8EDAFE775" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.12.16", + "matchCriteriaId": "13C8DB18-FC60-425F-84E5-3EDDEC61B2FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.13", + "versionEndExcluding": "6.13.4", + "matchCriteriaId": "2A2093ED-74A9-43F9-AC72-50030F374EA4" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/1221989555db711578a327a9367f1be46500cb48", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2c5601b99d79d196fe4a37159e3dfb38e778ea18", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/86307e443c5844f38e1b98e2c51a4195c55576cd", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/904a8323cc8afa7eb9ce3e67303a2b3f2f787306", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/95432a37778c9c5dd105b7b9f19e9695c9e166cf", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58002.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58002.json index 9e57b190314..fbaf33cf087 100644 --- a/CVE-2024/CVE-2024-580xx/CVE-2024-58002.json +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58002.json @@ -2,8 +2,8 @@ "id": "CVE-2024-58002", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-02-27T03:15:11.180", - "lastModified": "2025-02-27T13:15:11.153", - "vulnStatus": "Received", + "lastModified": "2025-03-06T12:42:22.567", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,103 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: uvcvideo: Eliminar punteros colgantes Cuando se escribe un control as\u00edncrono, copiamos un puntero al identificador de archivo que inici\u00f3 la operaci\u00f3n. Ese puntero se utilizar\u00e1 cuando el dispositivo termine. Lo que podr\u00eda ser en cualquier momento en el futuro. Si el usuario cierra ese descriptor de archivo, se liberar\u00e1 su estructura y habr\u00e1 un puntero colgante por cada control as\u00edncrono pendiente, que el controlador intentar\u00e1 utilizar. Limpie todos los punteros colgantes durante release(). Para evitar agregar una penalizaci\u00f3n de rendimiento en el caso m\u00e1s com\u00fan (sin operaci\u00f3n as\u00edncrona), se ha introducido un contador con cierta l\u00f3gica para asegurarse de que se gestiona correctamente." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.19", + "versionEndExcluding": "6.6.80", + "matchCriteriaId": "75080FCA-11DD-4E2C-BD8B-593BA4A9E12D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.12.14", + "matchCriteriaId": "033BB7EE-C9A2-45EA-BAC9-87BB9D951BCD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.13", + "versionEndExcluding": "6.13.3", + "matchCriteriaId": "0E92CEE3-1FC3-4AFC-A513-DEDBA7414F00" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/221cd51efe4565501a3dbf04cc011b537dcce7fb", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/438bda062b2c40ddd7df23b932e29ffe0a448cac", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4dbaa738c583a0e947803c69e8996e88cf98d971", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9edc7d25f7e49c33a1ce7a5ffadea2222065516c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58005.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58005.json index 3356e20e22a..6c24a6bb9c8 100644 --- a/CVE-2024/CVE-2024-580xx/CVE-2024-58005.json +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58005.json @@ -2,8 +2,8 @@ "id": "CVE-2024-58005", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-02-27T03:15:11.480", - "lastModified": "2025-02-27T03:15:11.480", - "vulnStatus": "Received", + "lastModified": "2025-03-06T12:42:22.567", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,103 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tpm: Cambio a kvalloc() en eventlog/acpi.c Se inform\u00f3 el siguiente error en HPE ProLiant D320: [ 10.693310][ T1] tpm_tis STM0925:00: 2.0 TPM (device-id 0x3, rev-id 0) [ 10.848132][ T1] ------------[ cut here ]------------ [ 10.853559][ T1] WARNING: CPU: 59 PID: 1 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x2ca/0x330 [ 10.862827][ T1] Modules linked in: [ 10.866671][ T1] CPU: 59 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-lp155.2.g52785e2-default #1 openSUSE Tumbleweed (unreleased) 588cd98293a7c9eba9013378d807364c088c9375 [ 10.882741][ T1] Hardware name: HPE ProLiant DL320 Gen12/ProLiant DL320 Gen12, BIOS 1.20 10/28/2024 [ 10.892170][ T1] RIP: 0010:__alloc_pages_noprof+0x2ca/0x330 [ 10.898103][ T1] Code: 24 08 e9 4a fe ff ff e8 34 36 fa ff e9 88 fe ff ff 83 fe 0a 0f 86 b3 fd ff ff 80 3d 01 e7 ce 01 00 75 09 c6 05 f8 e6 ce 01 01 <0f> 0b 45 31 ff e9 e5 fe ff ff f7 c2 00 00 08 00 75 42 89 d9 80 e1 [ 10.917750][ T1] RSP: 0000:ffffb7cf40077980 EFLAGS: 00010246 [ 10.923777][ T1] RAX: 0000000000000000 RBX: 0000000000040cc0 RCX: 0000000000000000 [ 10.931727][ T1] RDX: 0000000000000000 RSI: 000000000000000c RDI: 0000000000040cc0 La transcripci\u00f3n anterior muestra que ACPI apunt\u00f3 a un b\u00fafer de 16 MiB para los eventos de registro porque RSI se asigna al par\u00e1metro 'order' de __alloc_pages_noprof(). Solucione el error pasando de devm_kmalloc() a devm_add_action() y kvmalloc() y devm_add_action()." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.6.16", + "versionEndExcluding": "6.6.78", + "matchCriteriaId": "4D0FFD74-B194-42F1-BCAA-0F00C9205123" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.12.14", + "matchCriteriaId": "033BB7EE-C9A2-45EA-BAC9-87BB9D951BCD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.13", + "versionEndExcluding": "6.13.3", + "matchCriteriaId": "0E92CEE3-1FC3-4AFC-A513-DEDBA7414F00" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/422d7f4e8d817be467986589c7968d3ea402f7da", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4c8bfe643bbd00b04ee8f9545ef33bf6a68c38db", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/50365a6304a57266e8f4d3078060743c3b7a1e0d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a3a860bc0fd6c07332e4911cf9a238d20de90173", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58010.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58010.json index 5511b154b1b..eef221785f4 100644 --- a/CVE-2024/CVE-2024-580xx/CVE-2024-58010.json +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58010.json @@ -2,8 +2,8 @@ "id": "CVE-2024-58010", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-02-27T03:15:11.980", - "lastModified": "2025-02-27T03:15:11.980", - "vulnStatus": "Received", + "lastModified": "2025-03-06T12:42:22.567", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,27 +15,117 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: binfmt_flat: soluciona un error de desbordamiento de enteros en sistemas de 32 bits La mayor\u00eda de estos tama\u00f1os y recuentos est\u00e1n limitados a 256 MB, por lo que el c\u00e1lculo no da como resultado un desbordamiento de enteros. Tambi\u00e9n es necesario comprobar el recuento de \"relocs\". De lo contrario, en sistemas de 32 bits, el c\u00e1lculo de \"full_data\" podr\u00eda ser incorrecto. full_data = data_len + relocs * sizeof(unsigned long);" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.8", + "versionEndExcluding": "6.1.129", + "matchCriteriaId": "CD7077AC-7BD1-4A82-9E6F-7C2C54EDCF40" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.78", + "matchCriteriaId": "0C58261F-EDFB-4A12-8CCD-F12101482030" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.12.14", + "matchCriteriaId": "033BB7EE-C9A2-45EA-BAC9-87BB9D951BCD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.13", + "versionEndExcluding": "6.13.3", + "matchCriteriaId": "0E92CEE3-1FC3-4AFC-A513-DEDBA7414F00" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/55cf2f4b945f6a6416cc2524ba740b83cc9af25a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8e8cd712bb06a507b26efd2a56155076aa454345", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/95506c7f33452450346fbe2975c1359100f854ca", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a009378af674b808efcca1e2e67916e79ce866b3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d17ca8f2dfcf423c439859995910a20e38b86f00", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58011.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58011.json index 4f1f143133a..4fdd14b2680 100644 --- a/CVE-2024/CVE-2024-580xx/CVE-2024-58011.json +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58011.json @@ -2,8 +2,8 @@ "id": "CVE-2024-58011", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-02-27T03:15:12.087", - "lastModified": "2025-02-27T03:15:12.087", - "vulnStatus": "Received", + "lastModified": "2025-03-06T12:42:22.567", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,27 +15,116 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: platform/x86: int3472: Verificar si adev == NULL No todos los dispositivos tienen un fwnode complementario ACPI, por lo que adev podr\u00eda ser NULL. Esto puede ocurrir (te\u00f3ricamente) cuando un usuario vincula manualmente uno de los controladores int3472 a otro dispositivo i2c/platform a trav\u00e9s de sysfs. Agregue una verificaci\u00f3n para adev que no est\u00e9 configurado y devuelva -ENODEV en ese caso para evitar una posible desreferencia de puntero NULL en skl_int3472_get_acpi_buffer()." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.1.129", + "matchCriteriaId": "18BF0B0B-D95C-472C-A99F-DE209F253F6F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.78", + "matchCriteriaId": "0C58261F-EDFB-4A12-8CCD-F12101482030" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.12.14", + "matchCriteriaId": "033BB7EE-C9A2-45EA-BAC9-87BB9D951BCD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.13", + "versionEndExcluding": "6.13.3", + "matchCriteriaId": "0E92CEE3-1FC3-4AFC-A513-DEDBA7414F00" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/0a30353beca2693d30bde477024d755ffecea514", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4f8b210823cc2d1f9d967f089a6c00d025bb237f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a808ecf878ad646ebc9c83d9fc4ce72fd9c49d3d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cd2fd6eab480dfc247b737cf7a3d6b009c4d0f1c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f9c7cc44758f4930b41285a6d54afa8cbd9762b4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58012.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58012.json index 8883edafc99..d9eb8ee96b2 100644 --- a/CVE-2024/CVE-2024-580xx/CVE-2024-58012.json +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58012.json @@ -2,8 +2,8 @@ "id": "CVE-2024-58012", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-02-27T03:15:12.187", - "lastModified": "2025-02-27T03:15:12.187", - "vulnStatus": "Received", + "lastModified": "2025-03-06T12:21:35.360", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,88 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: SOF: Intel: hda-dai: Aseg\u00farese de que el widget DAI sea v\u00e1lido durante los par\u00e1metros Cada DAI de la CPU debe asociarse con un widget. Sin embargo, la topolog\u00eda podr\u00eda no crear la cantidad correcta de widgets DAI para amplificadores agregados. Y provocar\u00e1 una deferencia de puntero NULL. Verifique que el widget DAI asociado con el DAI de la CPU sea v\u00e1lido para evitar la deferencia de puntero NULL debido a la falta de widgets DAI en topolog\u00edas con amplificadores agregados." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.12.14", + "matchCriteriaId": "2D1543FB-8952-4D81-AFAD-E80CE6CB1F8A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.13", + "versionEndExcluding": "6.13.3", + "matchCriteriaId": "0E92CEE3-1FC3-4AFC-A513-DEDBA7414F00" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/569922b82ca660f8b24e705f6cf674e6b1f99cc7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/789a2fbf0900982788408d3b0034e0e3f914fb3b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e012a77e4d7632cf615ba9625b1600ed8985c3b5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58017.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58017.json index 8f564565e2b..9bdf0518647 100644 --- a/CVE-2024/CVE-2024-580xx/CVE-2024-58017.json +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58017.json @@ -2,8 +2,8 @@ "id": "CVE-2024-58017", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-02-27T03:15:12.690", - "lastModified": "2025-02-27T03:15:12.690", - "vulnStatus": "Received", + "lastModified": "2025-03-06T12:21:35.360", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,27 +15,116 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: printk: Se corrige el desbordamiento de entero con signo al definir LOG_BUF_LEN_MAX. El cambio de 1 << 31 en un entero de 32 bits provoca un desbordamiento de entero con signo, lo que conduce a un comportamiento indefinido. Para evitarlo, convierta 1 a u32 antes de realizar el cambio, lo que garantiza un comportamiento bien definido. Este cambio evita expl\u00edcitamente cualquier desbordamiento potencial al garantizar que el cambio se produzca en un entero de 32 bits sin signo." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.1.129", + "matchCriteriaId": "18BF0B0B-D95C-472C-A99F-DE209F253F6F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.78", + "matchCriteriaId": "0C58261F-EDFB-4A12-8CCD-F12101482030" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.12.14", + "matchCriteriaId": "033BB7EE-C9A2-45EA-BAC9-87BB9D951BCD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.13", + "versionEndExcluding": "6.13.3", + "matchCriteriaId": "0E92CEE3-1FC3-4AFC-A513-DEDBA7414F00" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/3d6f83df8ff2d5de84b50377e4f0d45e25311c7a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/404e5fd918a0b14abec06c7eca128f04c9b98e41", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4a2c4e7265b8eed83c25d86d702cea06493cab18", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4acf6bab775dbd22a9a799030a808a7305e01d63", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9a6d43844de2479a3ff8d674c3e2a16172e01598", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58020.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58020.json index aa5c9d6e61f..f13880d8381 100644 --- a/CVE-2024/CVE-2024-580xx/CVE-2024-58020.json +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58020.json @@ -2,8 +2,8 @@ "id": "CVE-2024-58020", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-02-27T03:15:12.997", - "lastModified": "2025-02-27T03:15:12.997", - "vulnStatus": "Received", + "lastModified": "2025-03-06T12:21:35.360", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,27 +15,169 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: multitouch: Agregar comprobaci\u00f3n NULL en mt_input_configured devm_kasprintf() puede devolver un puntero NULL en caso de error, pero este valor devuelto en mt_input_configured() no se comprueba. Agregar comprobaci\u00f3n NULL en mt_input_configured() para controlar el error de desreferencia de puntero NULL del kernel." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.14.326", + "versionEndExcluding": "4.15", + "matchCriteriaId": "B7B3CDB0-0B42-463E-9E20-DD9CF990E40F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.19.295", + "versionEndExcluding": "4.20", + "matchCriteriaId": "17432972-1EC7-4C0A-9A09-36F90BE8963A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.4.257", + "versionEndExcluding": "5.5", + "matchCriteriaId": "6592FB47-66C7-415E-9A0E-5F40984BE4E3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.10.195", + "versionEndExcluding": "5.11", + "matchCriteriaId": "DC594734-BB21-44EC-B327-F5F4E4800AA8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15.132", + "versionEndExcluding": "5.16", + "matchCriteriaId": "6D5530E8-38DC-4A0B-A3CB-10DA342CACFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.1.53", + "versionEndExcluding": "6.1.129", + "matchCriteriaId": "0C1170AD-392C-41B9-8ADE-B117B8D3C893" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.16", + "versionEndExcluding": "6.5", + "matchCriteriaId": "A5099559-2D15-42A5-A561-71B34FEFF36F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.5.3", + "versionEndExcluding": "6.6.79", + "matchCriteriaId": "85292534-F886-41C7-A2AF-C5BA18E5A56B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.12.16", + "matchCriteriaId": "13C8DB18-FC60-425F-84E5-3EDDEC61B2FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.13", + "versionEndExcluding": "6.13.4", + "matchCriteriaId": "2A2093ED-74A9-43F9-AC72-50030F374EA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*", + "matchCriteriaId": "186716B6-2B66-4BD0-852E-D48E71C0C85F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*", + "matchCriteriaId": "0D3E781C-403A-498F-9DA9-ECEE50F41E75" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/4e7113f591163d99adc7cbcd7295030c8c5d3fc7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/62f8bf06262b6fc55c58f4c5256140f1382f3b01", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/97c09cc2e72769edb6994b531edcfa313b96bade", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9b8e2220d3a052a690b1d1b23019673e612494c5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/aa879ef6d3acf96fa2c7122d0632061d4ea58d48", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58021.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58021.json index d9d07224e66..61837fdba28 100644 --- a/CVE-2024/CVE-2024-580xx/CVE-2024-58021.json +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58021.json @@ -2,8 +2,8 @@ "id": "CVE-2024-58021", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-02-27T03:15:13.110", - "lastModified": "2025-02-27T03:15:13.110", - "vulnStatus": "Received", + "lastModified": "2025-03-06T12:21:35.360", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,99 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: winwing: Agregar comprobaci\u00f3n NULL en winwing_init_led() devm_kasprintf() puede devolver un puntero NULL en caso de error, pero este valor devuelto en winwing_init_led() no se comprueba. Agregar comprobaci\u00f3n NULL en winwing_init_led() para controlar el error de desreferencia de puntero NULL del kernel." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.10", + "versionEndExcluding": "6.12.16", + "matchCriteriaId": "FB84018C-08CC-4578-B5A7-296AAE265678" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.13", + "versionEndExcluding": "6.13.4", + "matchCriteriaId": "2A2093ED-74A9-43F9-AC72-50030F374EA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*", + "matchCriteriaId": "186716B6-2B66-4BD0-852E-D48E71C0C85F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*", + "matchCriteriaId": "0D3E781C-403A-498F-9DA9-ECEE50F41E75" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/4001f6f79183b8868d80dd2036dfb4ea3d325e8f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/45ab5166a82d038c898985b0ad43ead69c1f9573", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b99dbdee8a89c44d03ae9830ab19f31e124a3f32", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7872.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7872.json new file mode 100644 index 00000000000..4b32a7a0996 --- /dev/null +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7872.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-7872", + "sourceIdentifier": "iletisim@usom.gov.tr", + "published": "2025-03-06T12:15:35.667", + "lastModified": "2025-03-06T12:15:35.667", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Insertion of Sensitive Information Into Sent Data vulnerability in ExtremePACS Extreme XDS allows Retrieve Embedded Sensitive Data.This issue affects Extreme XDS: before 3933." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-201" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-25-0057", + "source": "iletisim@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-03xx/CVE-2025-0349.json b/CVE-2025/CVE-2025-03xx/CVE-2025-0349.json index 8a29e9b85ea..e2a624ee695 100644 --- a/CVE-2025/CVE-2025-03xx/CVE-2025-0349.json +++ b/CVE-2025/CVE-2025-03xx/CVE-2025-0349.json @@ -2,8 +2,8 @@ "id": "CVE-2025-0349", "sourceIdentifier": "cna@vuldb.com", "published": "2025-01-09T11:15:16.547", - "lastModified": "2025-01-09T11:15:16.547", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-03-06T12:42:52.363", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -80,6 +80,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -122,28 +142,87 @@ "value": "CWE-121" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.05.16:*:*:*:*:*:*:*", + "matchCriteriaId": "6F60AFD7-74AF-4CA2-8232-2858D5AD023A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*", + "matchCriteriaId": "00830EE1-D0BB-462E-9F15-4E59560C14B8" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/wy876/cve/issues/5", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory", + "Issue Tracking" + ] }, { "url": "https://vuldb.com/?ctiid.290862", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.290862", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.477048", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.tenda.com.cn/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-13xx/CVE-2025-1383.json b/CVE-2025/CVE-2025-13xx/CVE-2025-1383.json new file mode 100644 index 00000000000..7c317337606 --- /dev/null +++ b/CVE-2025/CVE-2025-13xx/CVE-2025-1383.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2025-1383", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-06T12:15:35.937", + "lastModified": "2025-03-06T12:15:35.937", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.2. This is due to missing or incorrect nonce validation on the ajax_transcript_delete() function. This makes it possible for unauthenticated attackers to delete arbitrary episode transcripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/podlove-podcasting-plugin-for-wordpress/tags/4.2.0/lib/modules/transcripts/transcripts.php#L223", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3246867/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/podlove-podcasting-plugin-for-wordpress/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/00a95ae7-3c58-4e5e-aaef-c04d1dacf27f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-16xx/CVE-2025-1666.json b/CVE-2025/CVE-2025-16xx/CVE-2025-1666.json new file mode 100644 index 00000000000..6376553ef15 --- /dev/null +++ b/CVE-2025/CVE-2025-16xx/CVE-2025-1666.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-1666", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-06T12:15:36.117", + "lastModified": "2025-03-06T12:15:36.117", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Cookie banner plugin for WordPress \u2013 Cookiebot CMP by Usercentrics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the send_uninstall_survey() function in all versions up to, and including, 4.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit the uninstall survey on behalf of a website." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/cookiebot/tags/4.4.1/src/lib/Cookiebot_Review.php#L135", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3251089%40cookiebot&new=3251089%40cookiebot&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d2e5fca6-363c-4875-9eb8-44e080d99650?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-16xx/CVE-2025-1696.json b/CVE-2025/CVE-2025-16xx/CVE-2025-1696.json new file mode 100644 index 00000000000..639681e4454 --- /dev/null +++ b/CVE-2025/CVE-2025-16xx/CVE-2025-1696.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2025-1696", + "sourceIdentifier": "security@docker.com", + "published": "2025-03-06T12:15:36.293", + "lastModified": "2025-03-06T12:15:36.293", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data\u2014potentially including sensitive details\u2014was written to log files in clear text whenever an HTTP GET request was made through a proxy. An attacker with read access to these logs could obtain the proxy information and leverage it for further attacks or unauthorized access. Starting with version 4.39.0, Docker Desktop no longer logs the proxy string, thereby mitigating this risk." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security@docker.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.2, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "HIGH", + "subIntegrityImpact": "HIGH", + "subAvailabilityImpact": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security@docker.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "references": [ + { + "url": "https://docs.docker.com/desktop/settings-and-maintenance/settings/#proxies", + "source": "security@docker.com" + }, + { + "url": "https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/#check-the-logs", + "source": "security@docker.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-18xx/CVE-2025-1877.json b/CVE-2025/CVE-2025-18xx/CVE-2025-1877.json index 8092f96f9ea..f553eb548fb 100644 --- a/CVE-2025/CVE-2025-18xx/CVE-2025-1877.json +++ b/CVE-2025/CVE-2025-18xx/CVE-2025-1877.json @@ -2,8 +2,8 @@ "id": "CVE-2025-1877", "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-03T19:15:34.180", - "lastModified": "2025-03-03T19:15:34.180", - "vulnStatus": "Received", + "lastModified": "2025-03-06T12:21:35.360", + "vulnStatus": "Analyzed", "cveTags": [ { "sourceIdentifier": "cna@vuldb.com", @@ -16,6 +16,10 @@ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in D-Link DAP-1562 1.10. This affects the function pure_auth_check of the component HTTP POST Request Handler. The manipulation of the argument a1 leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer." + }, + { + "lang": "es", + "value": "En D-Link DAP-1562 1.10 se ha detectado una vulnerabilidad clasificada como cr\u00edtica que afecta a la funci\u00f3n pure_auth_check del componente HTTP POST Request Handler. La manipulaci\u00f3n del argumento a1 provoca la desreferenciaci\u00f3n de un puntero nulo. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Esta vulnerabilidad solo afecta a los productos que ya no reciben soporte del fabricante." } ], "metrics": { @@ -66,7 +70,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", @@ -83,6 +87,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ], "cvssMetricV2": [ @@ -125,28 +149,82 @@ "value": "CWE-476" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dap-1562_firmware:1.10:*:*:*:*:*:*:*", + "matchCriteriaId": "6B8E40F7-E259-4FB4-B0C4-A3691F63EDE9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dap-1562:*:*:*:*:*:*:*:*", + "matchCriteriaId": "C432B987-E305-46A8-A957-D46922DE8E49" + } + ] + } + ] } ], "references": [ { "url": "https://vuldb.com/?ctiid.298191", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.298191", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?submit.506526", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://witty-maiasaura-083.notion.site/D-link-DAP-1562-pure_auth_check-Vulnerability-1a5b2f2a63618013a1fecb743f2d0667", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://www.dlink.com/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-18xx/CVE-2025-1878.json b/CVE-2025/CVE-2025-18xx/CVE-2025-1878.json index dbaa0dc9671..ad9ad48a36b 100644 --- a/CVE-2025/CVE-2025-18xx/CVE-2025-1878.json +++ b/CVE-2025/CVE-2025-18xx/CVE-2025-1878.json @@ -2,13 +2,17 @@ "id": "CVE-2025-1878", "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-03T19:15:34.387", - "lastModified": "2025-03-03T19:15:34.387", - "vulnStatus": "Received", + "lastModified": "2025-03-06T12:21:35.360", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in i-Drive i11 and i12 up to 20250227 and classified as problematic. This vulnerability affects unknown code of the component WiFi. The manipulation leads to use of default password. Access to the local network is required for this attack to succeed. The complexity of an attack is rather high. The exploitation appears to be difficult. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad en i-Drive i11 e i12 hasta 20250227 y se ha clasificado como problem\u00e1tica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del componente WiFi. La manipulaci\u00f3n lleva al uso de una contrase\u00f1a predeterminada. Para que este ataque tenga \u00e9xito, es necesario tener acceso a la red local. La complejidad del ataque es bastante alta. La explotaci\u00f3n parece dif\u00edcil. No ha sido posible identificar al responsable actual del producto. Se debe suponer que el producto ha llegado al final de su vida \u00fatil." } ], "metrics": { @@ -59,6 +63,26 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 3.1, + "baseSeverity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -114,24 +138,104 @@ "value": "CWE-1393" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:i-drive:i11_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "20250227", + "matchCriteriaId": "F190E901-E255-488B-8393-25824B55501C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:i-drive:i11:-:*:*:*:*:*:*:*", + "matchCriteriaId": "99791A64-0205-42B7-B8B4-9F8E1992C33B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:i-drive:i12_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "20250227", + "matchCriteriaId": "0F0904B4-A160-4619-B46A-E399C7C0B339" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:i-drive:i12:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4D6068DB-18B4-4B44-9512-8F54119E2C06" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/geo-chen/i-Drive", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.298192", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.298192", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?submit.510949", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-18xx/CVE-2025-1893.json b/CVE-2025/CVE-2025-18xx/CVE-2025-1893.json index 5f736345893..56d08317843 100644 --- a/CVE-2025/CVE-2025-18xx/CVE-2025-1893.json +++ b/CVE-2025/CVE-2025-18xx/CVE-2025-1893.json @@ -2,13 +2,17 @@ "id": "CVE-2025-1893", "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-04T01:15:11.327", - "lastModified": "2025-03-04T17:15:15.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-03-06T12:21:35.360", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Open5GS up to 2.7.2. It has been declared as problematic. Affected by this vulnerability is the function gmm_state_authentication of the file src/amf/gmm-sm.c of the component AMF. The manipulation leads to denial of service. The attack can be launched remotely. This vulnerability allows a single UE to crash the AMF, resulting in the complete loss of mobility and session management services and causing a network-wide outage. All registered UEs will lose connectivity, and new registrations will be blocked until the AMF is restarted, leading to a high availability impact. The exploit has been disclosed to the public and may be used. The patch is named e31e9965f00d9c744a7f728497cb4f3e97744ee8. It is recommended to apply a patch to fix this issue." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en Open5GS hasta la versi\u00f3n 2.7.2. Se ha declarado como problem\u00e1tica. La vulnerabilidad afecta a la funci\u00f3n gmm_state_authentication del archivo src/amf/gmm-sm.c del componente UDM Subscriber Data Management. La manipulaci\u00f3n provoca una denegaci\u00f3n de servicio. El ataque se puede lanzar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. El parche se llama e31e9965f00d9c744a7f728497cb4f3e97744ee8. Se recomienda aplicar un parche para solucionar este problema." } ], "metrics": { @@ -76,6 +80,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ], "cvssMetricV2": [ @@ -116,38 +140,85 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.7.2", + "matchCriteriaId": "E8160C0A-E77F-487D-B5E0-C6657E80D327" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/open5gs/open5gs/commit/e31e9965f00d9c744a7f728497cb4f3e97744ee8", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/open5gs/open5gs/issues/3707", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://github.com/open5gs/open5gs/issues/3707#issue-2833194192", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://github.com/open5gs/open5gs/issues/3707#issuecomment-2639620554", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://vuldb.com/?ctiid.298411", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.298411", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.505952", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/open5gs/open5gs/issues/3707#issue-2833194192", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-19xx/CVE-2025-1900.json b/CVE-2025/CVE-2025-19xx/CVE-2025-1900.json index 13afd172051..b6d2983f942 100644 --- a/CVE-2025/CVE-2025-19xx/CVE-2025-1900.json +++ b/CVE-2025/CVE-2025-19xx/CVE-2025-1900.json @@ -2,13 +2,17 @@ "id": "CVE-2025-1900", "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-04T04:15:11.853", - "lastModified": "2025-03-04T17:15:16.023", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-03-06T12:21:35.360", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /add-table.php. The manipulation of the argument tableno leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en PHPGurukul Restaurant Table Booking System 1.0 y se ha clasificado como cr\u00edtica. Este problema afecta a algunas funciones desconocidas del archivo /add-table.php. La manipulaci\u00f3n del argumento tableno provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { @@ -76,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -118,32 +142,80 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpgurukul:restaurant_table_booking_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "02963BE3-61BC-41D5-82BA-71B773AA8FA0" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/chenzi-dynasty/CVE/issues/2", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://phpgurukul.com/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://vuldb.com/?ctiid.298418", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.298418", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?submit.506609", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/chenzi-dynasty/CVE/issues/2", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-19xx/CVE-2025-1901.json b/CVE-2025/CVE-2025-19xx/CVE-2025-1901.json index 8d7a3bb85a7..98615b758b3 100644 --- a/CVE-2025/CVE-2025-19xx/CVE-2025-1901.json +++ b/CVE-2025/CVE-2025-19xx/CVE-2025-1901.json @@ -2,13 +2,17 @@ "id": "CVE-2025-1901", "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-04T04:15:12.030", - "lastModified": "2025-03-04T17:15:16.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-03-06T12:21:35.360", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/check_availability.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en PHPGurukul Restaurant Table Booking System 1.0. Se ha clasificado como cr\u00edtica. Afecta a una parte desconocida del archivo /admin/check_availability.php. La manipulaci\u00f3n del argumento username provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { @@ -76,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -118,32 +142,80 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpgurukul:restaurant_table_booking_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "02963BE3-61BC-41D5-82BA-71B773AA8FA0" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/chenzi-dynasty/CVE/issues/1", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://phpgurukul.com/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://vuldb.com/?ctiid.298419", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.298419", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.506612", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/chenzi-dynasty/CVE/issues/1", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-19xx/CVE-2025-1902.json b/CVE-2025/CVE-2025-19xx/CVE-2025-1902.json index 91c08955ca6..01e14792c75 100644 --- a/CVE-2025/CVE-2025-19xx/CVE-2025-1902.json +++ b/CVE-2025/CVE-2025-19xx/CVE-2025-1902.json @@ -2,13 +2,17 @@ "id": "CVE-2025-1902", "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-04T04:15:12.210", - "lastModified": "2025-03-04T16:15:37.450", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-03-06T12:21:35.360", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PHPGurukul Student Record System 3.2. It has been declared as critical. This vulnerability affects unknown code of the file /password-recovery.php. The manipulation of the argument emailid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en PHPGurukul Student Record System 3.2. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /password-recovery.php. La manipulaci\u00f3n del argumento emailid conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { @@ -76,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -118,32 +142,79 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpgurukul:student_record_system:3.2:*:*:*:*:*:*:*", + "matchCriteriaId": "E68A607F-73CA-4800-991A-96066D92F68D" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/panghuanjie/Code-audits/issues/3", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://phpgurukul.com/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://vuldb.com/?ctiid.298420", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.298420", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.506623", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/panghuanjie/Code-audits/issues/3", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-19xx/CVE-2025-1903.json b/CVE-2025/CVE-2025-19xx/CVE-2025-1903.json index 883da00190d..5e39ece09b9 100644 --- a/CVE-2025/CVE-2025-19xx/CVE-2025-1903.json +++ b/CVE-2025/CVE-2025-19xx/CVE-2025-1903.json @@ -2,13 +2,17 @@ "id": "CVE-2025-1903", "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-04T04:15:12.383", - "lastModified": "2025-03-04T16:15:37.577", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-03-06T12:21:35.360", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Codezips Online Shopping Website 1.0. It has been rated as critical. This issue affects some unknown processing of the file /cart_add.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en Codezips Online Shopping Website 1.0. Se ha calificado como cr\u00edtica. Este problema afecta a algunos procesos desconocidos del archivo /cart_add.php. La manipulaci\u00f3n del argumento id conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha revelado al p\u00fablico y puede utilizarse." } ], "metrics": { @@ -76,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -118,28 +142,70 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codezips:online_shopping_website:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9700AC-E333-40C6-B8B3-40E25A9771E6" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/takakie/CVE/blob/main/cve_3.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.298421", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.298421", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?submit.506667", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/takakie/CVE/blob/main/cve_3.md", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-19xx/CVE-2025-1904.json b/CVE-2025/CVE-2025-19xx/CVE-2025-1904.json index 17e46f7b523..6171d351307 100644 --- a/CVE-2025/CVE-2025-19xx/CVE-2025-1904.json +++ b/CVE-2025/CVE-2025-19xx/CVE-2025-1904.json @@ -2,13 +2,17 @@ "id": "CVE-2025-1904", "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-04T05:15:14.440", - "lastModified": "2025-03-04T16:15:37.700", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-03-06T12:17:33.710", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank System 1.0. Affected by this issue is some unknown functionality of the file /Blood/A+.php. The manipulation of the argument Availibility leads to cross site scripting. The attack may be launched remotely." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en code-projects Blood Bank System 1.0. Este problema afecta a una funcionalidad desconocida del archivo /Blood/A+.php. La manipulaci\u00f3n del argumento Availibility conduce a cross-site scripting. El ataque puede ejecutarse de forma remota." } ], "metrics": { @@ -76,6 +80,26 @@ }, "exploitabilityScore": 2.1, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ], "cvssMetricV2": [ @@ -118,32 +142,77 @@ "value": "CWE-94" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:blood_bank_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CB3CB4C2-E5C6-4136-B3A8-418484B48FD2" + } + ] + } + ] } ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/lokihardk/cve/blob/main/xss-2_25.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.298424", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.298424", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?submit.506868", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/lokihardk/cve/blob/main/xss-2_25.md", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-19xx/CVE-2025-1905.json b/CVE-2025/CVE-2025-19xx/CVE-2025-1905.json index ea108cc3dea..60325143783 100644 --- a/CVE-2025/CVE-2025-19xx/CVE-2025-1905.json +++ b/CVE-2025/CVE-2025-19xx/CVE-2025-1905.json @@ -2,13 +2,17 @@ "id": "CVE-2025-1905", "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-04T05:15:14.680", - "lastModified": "2025-03-04T15:15:24.033", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-03-06T12:17:33.710", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file employee.php. The manipulation of the argument Full Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en SourceCodester Employee Management System 1.0. Afecta a una parte desconocida del archivo employee.php. La manipulaci\u00f3n del argumento Full Name provoca cross-site scripting. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Tambi\u00e9n pueden verse afectados otros par\u00e1metros." } ], "metrics": { @@ -76,6 +80,26 @@ }, "exploitabilityScore": 2.1, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ], "cvssMetricV2": [ @@ -118,32 +142,77 @@ "value": "CWE-94" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:remyandrade:employee_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0F228168-0FA5-49AE-ADDE-39BC9772B293" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/sorcha-l/cve/blob/main/Employee%20Management%20System%20by%20rems%20has%20xss.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.298425", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.298425", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?submit.508301", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.sourcecodester.com/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/sorcha-l/cve/blob/main/Employee%20Management%20System%20by%20rems%20has%20xss.md", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21735.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21735.json index f8ae79d7e0f..0bed76ee721 100644 --- a/CVE-2025/CVE-2025-217xx/CVE-2025-21735.json +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21735.json @@ -2,8 +2,8 @@ "id": "CVE-2025-21735", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-02-27T03:15:14.130", - "lastModified": "2025-02-27T03:15:14.130", - "vulnStatus": "Received", + "lastModified": "2025-03-06T12:21:35.360", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,27 +15,117 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: NFC: nci: A\u00f1adir comprobaci\u00f3n de los l\u00edmites en nci_hci_create_pipe() La variable \"pipe\" es un u8 que proviene de la red. Si es mayor que 127, entonces da como resultado una corrupci\u00f3n de memoria en el llamador, nci_hci_connect_gate()." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.4", + "versionEndExcluding": "6.1.129", + "matchCriteriaId": "AD0077D1-9437-4FCC-9E03-7E13D6F0A533" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.78", + "matchCriteriaId": "0C58261F-EDFB-4A12-8CCD-F12101482030" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.12.14", + "matchCriteriaId": "033BB7EE-C9A2-45EA-BAC9-87BB9D951BCD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.13", + "versionEndExcluding": "6.13.3", + "matchCriteriaId": "0E92CEE3-1FC3-4AFC-A513-DEDBA7414F00" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/110b43ef05342d5a11284cc8b21582b698b4ef1c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/172cdfc3a5ea20289c58fb73dadc6fd4a8784a4e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2ae4bade5a64d126bd18eb66bd419005c5550218", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/59c7ed20217c0939862fbf8145bc49d5b3a13f4f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d5a461c315e5ff92657f84d8ba50caa5abf5c22a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21736.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21736.json index a66d8df8431..86f71455df1 100644 --- a/CVE-2025/CVE-2025-217xx/CVE-2025-21736.json +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21736.json @@ -2,8 +2,8 @@ "id": "CVE-2025-21736", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-02-27T03:15:14.230", - "lastModified": "2025-02-27T03:15:14.230", - "vulnStatus": "Received", + "lastModified": "2025-03-06T12:21:35.360", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,27 +15,117 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: se corrigen posibles desbordamientos de int en nilfs_fiemap() Dado que nilfs_bmap_lookup_contig() en nilfs_fiemap() calcula su resultado al estar preparado para pasar por bloques potencialmente maxblocks == INT_MAX, el valor en n puede experimentar un desbordamiento causado por el desplazamiento a la izquierda de blkbits. Si bien es extremadamente improbable que ocurra, no corra riesgos y convierta la expresi\u00f3n de la mano derecha a un tipo m\u00e1s amplio para mitigar el problema. Encontrado por Linux Verification Center (linuxtesting.org) con la herramienta de an\u00e1lisis est\u00e1tico SVACE." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.6.38", + "versionEndExcluding": "6.1.129", + "matchCriteriaId": "C5CC21AE-713E-4404-8968-EE1EBC95B996" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.78", + "matchCriteriaId": "0C58261F-EDFB-4A12-8CCD-F12101482030" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.12.14", + "matchCriteriaId": "033BB7EE-C9A2-45EA-BAC9-87BB9D951BCD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.13", + "versionEndExcluding": "6.13.3", + "matchCriteriaId": "0E92CEE3-1FC3-4AFC-A513-DEDBA7414F00" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/250423300b4b0335918be187ef3cade248c06e6a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6438ef381c183444f7f9d1de18f22661cba1e946", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b9495a9109abc31d3170f7aad7d48aa64610a1a2", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f2bd0f1ab47822fe5bd699c8458b896c4b2edea1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f3d80f34f58445355fa27b9579a449fb186aa64e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21737.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21737.json index 3d9439fd043..7d3aca7b52b 100644 --- a/CVE-2025/CVE-2025-217xx/CVE-2025-21737.json +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21737.json @@ -2,8 +2,8 @@ "id": "CVE-2025-21737", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-02-27T03:15:14.327", - "lastModified": "2025-02-27T03:15:14.327", - "vulnStatus": "Received", + "lastModified": "2025-03-06T12:21:35.360", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,89 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ceph: se corrige una p\u00e9rdida de memoria en ceph_mds_auth_match() Ahora liberamos la asignaci\u00f3n de subcadena de la ruta de destino temporal en cada rama posible, en lugar de omitir la rama predeterminada. En algunos casos, se produjo una p\u00e9rdida de memoria que pod\u00eda bloquear r\u00e1pidamente el sistema (seg\u00fan la cantidad de accesos a archivos que se intentaran). Esto se detect\u00f3 en producci\u00f3n porque provoc\u00f3 un crecimiento continuo de la memoria, lo que finalmente provoc\u00f3 un OOM del kernel y lo bloque\u00f3 por completo. Rastreo de pila de kmemleak relevante: objeto sin referencia 0xffff888131e69900 (tama\u00f1o 128): comm \"git\", pid 66104, jiffies 4295435999 volcado hexadecimal (primeros 32 bytes): 76 6f 6c 75 6d 65 73 2f 63 6f 6e 74 61 69 6e 65 vol\u00famenes/contenedores 72 73 2f 67 69 74 65 61 2f 67 69 74 65 61 2f 67 rs/gitea/gitea/g backtrace (crc 2f3bb450): [] __kmalloc_noprof+0x359/0x510 [] ceph_mds_check_access+0x5bf/0x14e0 [ceph] [] ceph_open+0x312/0xd80 [ceph] [] do_dentry_open+0x456/0x1120 [] vfs_open+0x79/0x360 [] path_openat+0x1de5/0x4390 [] do_filp_open+0x19c/0x3c0 [] do_sys_openat2+0x141/0x180 [] __x64_sys_open+0xe5/0x1a0 [] do_syscall_64+0xb7/0x210 [] entry_SYSCALL_64_after_hwframe+0x77/0x7f Se puede activar montando un subdirectorio de un sistema de archivos CephFS y luego intentando acceder a los archivos en este subdirectorio con un token de autenticaci\u00f3n usando una capacidad con alcance de ruta: $ ceph auth get client.services [client.services] key = REDACTED caps mds = \"allow rw fsname=cephfs path=/volumes/\" caps mon = \"allow r fsname=cephfs\" caps osd = \"allow rw tag cephfs data=cephfs\" $ cat /proc/self/mounts services@[REDACTADO].cephfs=/volumes/containers /ceph/containers ceph rw,noatime,name=services,secret=,ms_mode=prefer-crc,mount_timeout=300,acl,mon_addr=[REDACTADO]:3300,recover_session=clean 0 0 $ seq 1 1000000 | xargs -P32 --replace={} touch /ceph/containers/file-{} && \\ seq 1 1000000 | xargs -P32 --replace={} cat /ceph/containers/file-{} [ idryomov: combinar instrucciones if, cambiar el nombre de rc a path_matched y convertirlo en un bool, formatear ]" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.10", + "versionEndExcluding": "6.12.14", + "matchCriteriaId": "39B6CD9F-15B4-4B45-976A-23B03B501740" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.13", + "versionEndExcluding": "6.13.3", + "matchCriteriaId": "0E92CEE3-1FC3-4AFC-A513-DEDBA7414F00" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/146109fe936ac07f8f60cd6267543688985b96bc", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2b6086c5efe5c7bd6e0eb440d96c26ca0d20d9d7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3b7d93db450e9d8ead80d75e2a303248f1528c35", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21740.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21740.json index 54a3ded4e4c..f0b212a558a 100644 --- a/CVE-2025/CVE-2025-217xx/CVE-2025-21740.json +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21740.json @@ -2,8 +2,8 @@ "id": "CVE-2025-21740", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-02-27T03:15:14.630", - "lastModified": "2025-02-27T03:15:14.630", - "vulnStatus": "Received", + "lastModified": "2025-03-06T12:21:35.360", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,80 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: x86/mmu: Aseg\u00farese de que el subproceso de recuperaci\u00f3n de p\u00e1ginas enormes de NX est\u00e9 activo antes de reactivarlo. Al reactivar el subproceso de recuperaci\u00f3n de p\u00e1ginas enormes de NX de una m\u00e1quina virtual, aseg\u00farese de que el subproceso est\u00e9 realmente activo antes de intentar reactivarlo. Ahora que el subproceso se genera a pedido durante KVM_RUN, se puede acceder a una m\u00e1quina virtual sin un subproceso de recuperaci\u00f3n a trav\u00e9s de los par\u00e1metros del m\u00f3dulo relacionado. ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000040 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:vhost_task_wake+0x5/0x10 Rastreo de llamadas: set_nx_huge_pages+0xcc/0x1e0 [kvm] param_attr_store+0x8a/0xd0 module_attr_store+0x1a/0x30 kernfs_fop_write_iter+0x12f/0x1e0 vfs_write+0x233/0x3e0 ksys_write+0x60/0xd0 do_syscall_64+0x5b/0x160 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x7f3b52710104 M\u00f3dulos vinculados en: kvm_intel kvm CR2: 000000000000040" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*", + "matchCriteriaId": "186716B6-2B66-4BD0-852E-D48E71C0C85F" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/2b3928b7c896e5a9fb6b1373924adafe8e01a0c6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/43fb96ae78551d7bfa4ecca956b258f085d67c40", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/974f85f1f7eb7dc7fce0988046e06eeccab576a7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21741.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21741.json index cc435644990..27ccadf33f9 100644 --- a/CVE-2025/CVE-2025-217xx/CVE-2025-21741.json +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21741.json @@ -2,8 +2,8 @@ "id": "CVE-2025-21741", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-02-27T03:15:14.730", - "lastModified": "2025-02-27T03:15:14.730", - "vulnStatus": "Received", + "lastModified": "2025-03-06T12:21:35.360", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,103 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usbnet: ipheth: fix DPE OoB read Corrige una lectura de DPE fuera de los l\u00edmites, limita la cantidad de DPE procesados a la cantidad que cabe en el encabezado NDP16 de tama\u00f1o fijo." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.5", + "versionEndExcluding": "6.6.78", + "matchCriteriaId": "620D4308-FEF2-4D7F-84A9-21E66BDB5A28" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.12.14", + "matchCriteriaId": "033BB7EE-C9A2-45EA-BAC9-87BB9D951BCD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.13", + "versionEndExcluding": "6.13.3", + "matchCriteriaId": "0E92CEE3-1FC3-4AFC-A513-DEDBA7414F00" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/22475242ddb70e35c9148234be9a3aa9fb8efff9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5835bf66c50ac2b85ed28b282c2456c3516ef0a6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/971b8c572559e52d32a2b82f2d9e0685439a0117", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ee591f2b281721171896117f9946fced31441418", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21742.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21742.json index a9d6a1b9339..809709b3e33 100644 --- a/CVE-2025/CVE-2025-217xx/CVE-2025-21742.json +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21742.json @@ -2,8 +2,8 @@ "id": "CVE-2025-21742", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-02-27T03:15:14.830", - "lastModified": "2025-02-27T03:15:14.830", - "vulnStatus": "Received", + "lastModified": "2025-03-06T12:21:35.360", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,103 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usbnet: ipheth: usar ubicaci\u00f3n est\u00e1tica de NDP16 en URB El c\u00f3digo original permit\u00eda que el inicio de NDP16 estuviera en cualquier lugar dentro de URB seg\u00fan el valor `wNdpIndex` en NTH16. Solo se comprob\u00f3 la posici\u00f3n de inicio de NDP16, por lo que era posible que incluso la parte de longitud fija de NDP16 se extendiera m\u00e1s all\u00e1 del final de URB, lo que generaba una lectura fuera de los l\u00edmites. En los dispositivos iOS, el encabezado NDP16 siempre sigue directamente a NTH16. Conf\u00ede en este formato espec\u00edfico y compru\u00e9belo. Esto, junto con la comprobaci\u00f3n de longitud m\u00ednima de URB espec\u00edfica de NCM que ya existe, garantizar\u00e1 que la parte de longitud fija de NDP16 m\u00e1s una cantidad establecida de DPE quepan dentro de URB. Tenga en cuenta que esta confirmaci\u00f3n por s\u00ed sola no aborda por completo la lectura OoB. El l\u00edmite en la cantidad de DPE debe aplicarse por separado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.5", + "versionEndExcluding": "6.6.78", + "matchCriteriaId": "620D4308-FEF2-4D7F-84A9-21E66BDB5A28" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.12.14", + "matchCriteriaId": "033BB7EE-C9A2-45EA-BAC9-87BB9D951BCD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.13", + "versionEndExcluding": "6.13.3", + "matchCriteriaId": "0E92CEE3-1FC3-4AFC-A513-DEDBA7414F00" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/2b619445dcb6dab97d8ed033fb57225aca1288c4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/86586dcb75cb8fd062a518aca8ee667938b91efb", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8fb062178e1ce180e2cfdc9abc83a1b9fea381ca", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cf1ac7f7cf601ac31d1580559c002b5e37b733b7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-259xx/CVE-2025-25939.json b/CVE-2025/CVE-2025-259xx/CVE-2025-25939.json index 814b2ed6ca3..9507f5f909f 100644 --- a/CVE-2025/CVE-2025-259xx/CVE-2025-25939.json +++ b/CVE-2025/CVE-2025-259xx/CVE-2025-25939.json @@ -2,8 +2,8 @@ "id": "CVE-2025-25939", "sourceIdentifier": "cve@mitre.org", "published": "2025-03-03T19:15:35.290", - "lastModified": "2025-03-04T17:15:17.720", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-03-06T12:21:35.360", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,14 +81,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:reprisesoftware:license_manager:14.2:*:*:*:*:*:*:*", + "matchCriteriaId": "0B9734D3-A4A7-43AE-8887-61EE71FA5628" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/SamR2406/CVE-IDs/blob/main/Reprise%20License%20Manager%2014.2%20-%20Reflected%20Cross-Site%20Scripting%20%28CVE-2025-25939%29", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/SamR2406/CVE-IDs/blob/main/Reprise%20License%20Manager%2014.2%20-%20Reflected%20Cross-Site%20Scripting%20%28CVE-2025-25939%29", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-259xx/CVE-2025-25967.json b/CVE-2025/CVE-2025-259xx/CVE-2025-25967.json index 3b2fd7eb144..335a065cff8 100644 --- a/CVE-2025/CVE-2025-259xx/CVE-2025-25967.json +++ b/CVE-2025/CVE-2025-259xx/CVE-2025-25967.json @@ -2,8 +2,8 @@ "id": "CVE-2025-25967", "sourceIdentifier": "cve@mitre.org", "published": "2025-03-03T19:15:35.400", - "lastModified": "2025-03-04T17:15:18.070", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-03-06T12:21:35.360", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ddsn:acora_cms:10.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "FEA57E21-C43F-4273-A2B2-6DE0D9991F97" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/padayali-JD/CVE-2025-25967", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27499.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27499.json index 32f8db688c4..b495eeaa4d8 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27499.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27499.json @@ -2,8 +2,8 @@ "id": "CVE-2025-27499", "sourceIdentifier": "security-advisories@github.com", "published": "2025-03-03T19:15:36.027", - "lastModified": "2025-03-04T17:15:20.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-03-06T12:21:35.360", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } ] }, "weaknesses": [ @@ -73,18 +95,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.2.10", + "matchCriteriaId": "D0DAA48F-2211-4AE8-986C-01B766B8DF15" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/LabRedesCefetRJ/WeGIA/commit/1ac0d0701ad93103482374e8092ad1a5ab15d3fc", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-v248-mr5r-87pf", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-v248-mr5r-87pf", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index f4657d160c2..d3acc68ed4f 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-03-06T11:00:20.763007+00:00 +2025-03-06T13:00:21.008455+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-03-06T10:15:11.897000+00:00 +2025-03-06T12:53:53.273000+00:00 ``` ### Last Data Feed Release @@ -33,25 +33,52 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -284300 +284308 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `8` -- [CVE-2024-13897](CVE-2024/CVE-2024-138xx/CVE-2024-13897.json) (`2025-03-06T09:15:25.787`) -- [CVE-2024-13902](CVE-2024/CVE-2024-139xx/CVE-2024-13902.json) (`2025-03-06T10:15:09.900`) -- [CVE-2025-1540](CVE-2025/CVE-2025-15xx/CVE-2025-1540.json) (`2025-03-06T09:15:26.317`) -- [CVE-2025-1672](CVE-2025/CVE-2025-16xx/CVE-2025-1672.json) (`2025-03-06T10:15:11.897`) +- [CVE-2024-38311](CVE-2024/CVE-2024-383xx/CVE-2024-38311.json) (`2025-03-06T12:15:34.157`) +- [CVE-2024-56195](CVE-2024/CVE-2024-561xx/CVE-2024-56195.json) (`2025-03-06T12:15:35.373`) +- [CVE-2024-56196](CVE-2024/CVE-2024-561xx/CVE-2024-56196.json) (`2025-03-06T12:15:35.523`) +- [CVE-2024-56202](CVE-2024/CVE-2024-562xx/CVE-2024-56202.json) (`2025-03-06T11:15:11.423`) +- [CVE-2024-7872](CVE-2024/CVE-2024-78xx/CVE-2024-7872.json) (`2025-03-06T12:15:35.667`) +- [CVE-2025-1383](CVE-2025/CVE-2025-13xx/CVE-2025-1383.json) (`2025-03-06T12:15:35.937`) +- [CVE-2025-1666](CVE-2025/CVE-2025-16xx/CVE-2025-1666.json) (`2025-03-06T12:15:36.117`) +- [CVE-2025-1696](CVE-2025/CVE-2025-16xx/CVE-2025-1696.json) (`2025-03-06T12:15:36.293`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `58` -- [CVE-2022-1586](CVE-2022/CVE-2022-15xx/CVE-2022-1586.json) (`2025-03-06T09:15:22.620`) -- [CVE-2024-12297](CVE-2024/CVE-2024-122xx/CVE-2024-12297.json) (`2025-03-06T09:15:25.380`) +- [CVE-2024-58010](CVE-2024/CVE-2024-580xx/CVE-2024-58010.json) (`2025-03-06T12:42:22.567`) +- [CVE-2024-58011](CVE-2024/CVE-2024-580xx/CVE-2024-58011.json) (`2025-03-06T12:42:22.567`) +- [CVE-2024-58012](CVE-2024/CVE-2024-580xx/CVE-2024-58012.json) (`2025-03-06T12:21:35.360`) +- [CVE-2024-58017](CVE-2024/CVE-2024-580xx/CVE-2024-58017.json) (`2025-03-06T12:21:35.360`) +- [CVE-2024-58020](CVE-2024/CVE-2024-580xx/CVE-2024-58020.json) (`2025-03-06T12:21:35.360`) +- [CVE-2024-58021](CVE-2024/CVE-2024-580xx/CVE-2024-58021.json) (`2025-03-06T12:21:35.360`) +- [CVE-2025-0349](CVE-2025/CVE-2025-03xx/CVE-2025-0349.json) (`2025-03-06T12:42:52.363`) +- [CVE-2025-1877](CVE-2025/CVE-2025-18xx/CVE-2025-1877.json) (`2025-03-06T12:21:35.360`) +- [CVE-2025-1878](CVE-2025/CVE-2025-18xx/CVE-2025-1878.json) (`2025-03-06T12:21:35.360`) +- [CVE-2025-1893](CVE-2025/CVE-2025-18xx/CVE-2025-1893.json) (`2025-03-06T12:21:35.360`) +- [CVE-2025-1900](CVE-2025/CVE-2025-19xx/CVE-2025-1900.json) (`2025-03-06T12:21:35.360`) +- [CVE-2025-1901](CVE-2025/CVE-2025-19xx/CVE-2025-1901.json) (`2025-03-06T12:21:35.360`) +- [CVE-2025-1902](CVE-2025/CVE-2025-19xx/CVE-2025-1902.json) (`2025-03-06T12:21:35.360`) +- [CVE-2025-1903](CVE-2025/CVE-2025-19xx/CVE-2025-1903.json) (`2025-03-06T12:21:35.360`) +- [CVE-2025-1904](CVE-2025/CVE-2025-19xx/CVE-2025-1904.json) (`2025-03-06T12:17:33.710`) +- [CVE-2025-1905](CVE-2025/CVE-2025-19xx/CVE-2025-1905.json) (`2025-03-06T12:17:33.710`) +- [CVE-2025-21735](CVE-2025/CVE-2025-217xx/CVE-2025-21735.json) (`2025-03-06T12:21:35.360`) +- [CVE-2025-21736](CVE-2025/CVE-2025-217xx/CVE-2025-21736.json) (`2025-03-06T12:21:35.360`) +- [CVE-2025-21737](CVE-2025/CVE-2025-217xx/CVE-2025-21737.json) (`2025-03-06T12:21:35.360`) +- [CVE-2025-21740](CVE-2025/CVE-2025-217xx/CVE-2025-21740.json) (`2025-03-06T12:21:35.360`) +- [CVE-2025-21741](CVE-2025/CVE-2025-217xx/CVE-2025-21741.json) (`2025-03-06T12:21:35.360`) +- [CVE-2025-21742](CVE-2025/CVE-2025-217xx/CVE-2025-21742.json) (`2025-03-06T12:21:35.360`) +- [CVE-2025-25939](CVE-2025/CVE-2025-259xx/CVE-2025-25939.json) (`2025-03-06T12:21:35.360`) +- [CVE-2025-25967](CVE-2025/CVE-2025-259xx/CVE-2025-25967.json) (`2025-03-06T12:21:35.360`) +- [CVE-2025-27499](CVE-2025/CVE-2025-274xx/CVE-2025-27499.json) (`2025-03-06T12:21:35.360`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 583ad518277..39045328747 100644 --- a/_state.csv +++ b/_state.csv @@ -187587,14 +187587,14 @@ CVE-2021-47335,0,0,328eb3645a18c5f29c918b49774ba62cf65897a9bf118eba16623aa0b88c0 CVE-2021-47336,0,0,574b511187a20b144e1a41e424bb252a26bf57fd2f2c258012116c53068fbcd0,2024-11-21T06:35:54.710000 CVE-2021-47337,0,0,8ec2c16fbd2d59b62517775d6a115d978a1c780bdbe272cf5580ca5a86d19041,2024-12-24T16:15:04.180000 CVE-2021-47338,0,0,425f97b29f6fd84c1870c95018e168e8eda67e84848abca9e2dfac701dc5c166,2024-12-24T16:39:44.677000 -CVE-2021-47339,0,0,cd62aba2bd328791f6a37767f7a795af7e092f3226a5718588a8cb6495509ceb,2024-11-21T06:35:55.093000 +CVE-2021-47339,0,1,0bbf6ea18cc43bc9424cdc88c45e67afdd8a79a5bc05a5b5806223b35d346141,2025-03-06T12:53:53.273000 CVE-2021-47340,0,0,4800185c819526cfdd83b27045687b91c60e90a3e12af11337074c136ce8ddde,2024-11-21T06:35:55.207000 CVE-2021-47341,0,0,de6df9bc89a00c0eee555b5550f951ca1c227ff6ccb6bb702130533fcb19308f,2025-01-14T17:28:39.313000 CVE-2021-47342,0,0,87691d96ad1a4689fc95ec83dde8f8407d98a729b3e3a4eff31c1bce3aa3fc7d,2024-12-26T19:29:20.557000 CVE-2021-47343,0,0,05baa50e8f01703dbae3936b2595f3acbc4f37225bdead1e4b8828946131a960,2024-11-21T06:35:55.597000 CVE-2021-47344,0,0,0287c421eaf460be9da303f1ed618d93b1e3b5047e6ae4b098d9a2bb4b53f405,2024-12-24T16:13:44.487000 CVE-2021-47345,0,0,e7fced2d39bb01ac3aa638228f3d111fb4e7a3b155cc0145bd8963569fdff796,2024-12-24T16:12:42.907000 -CVE-2021-47346,0,0,32b9c544ac1061e5f33e07be1b358a01938290794709b474e083fa381ca963b8,2024-11-21T06:35:56.020000 +CVE-2021-47346,0,1,3ad39eb0aa50f6e7e059868f8dd4535c9aa127957aed91df43a10d9d37fde26f,2025-03-06T12:53:53.273000 CVE-2021-47347,0,0,0cc930dc1ed330c553df41204e22122e0adaa56369dd9ae499682bc065fb28c3,2024-11-21T06:35:56.147000 CVE-2021-47348,0,0,e4697ba877d750d4853325d31141852c2f5197fb92af29ad909f172ef0454520,2024-11-21T06:35:56.340000 CVE-2021-47349,0,0,4bbe92cbdd19bea4c0660020f8f6f562d96fbf23f4aff4917213209b46165265,2025-01-10T18:12:28.513000 @@ -189381,7 +189381,7 @@ CVE-2022-1582,0,0,dace5e4010745f77894b12ada5b9e82644ec62025375cf740a6b2ebdd764ac CVE-2022-1583,0,0,9fc38651a069d6f2da6bd685610c015b33d8de1f21446b0fc9bccaccc34c643a,2024-11-21T06:41:00.943000 CVE-2022-1584,0,0,fd8ea0d786a8cc4ee1614f65f6ce5bd87dad6e566c4414065756f607612464af,2024-11-21T06:41:01.053000 CVE-2022-1585,0,0,7ae45bdbf483386a0b5c6ce9a6289f541468fb6bf7c1a82dd016ea498870c6b2,2024-11-21T06:41:01.180000 -CVE-2022-1586,0,1,b22a07222d6583368b52544fed9de2db26aef6afa8f52486a2552793f18965ad,2025-03-06T09:15:22.620000 +CVE-2022-1586,0,0,b22a07222d6583368b52544fed9de2db26aef6afa8f52486a2552793f18965ad,2025-03-06T09:15:22.620000 CVE-2022-1587,0,0,33531b130b42bff477994b0784c4db381a86095bed324f62c579e2e1f266ca43,2024-11-21T06:41:01.463000 CVE-2022-1588,0,0,bd6f8bc30591dc10ab8cff70a8c4dcd1839e97bc2ac01535e77d20aca85e3290,2023-11-07T03:42:01.640000 CVE-2022-1589,0,0,96e1e225316eab2298ded5be262eee0dba57de9ca9e6e3b7e6a051e3dede1578,2024-11-21T06:41:01.620000 @@ -212902,7 +212902,7 @@ CVE-2022-48801,0,0,a8fd5f16c8a757c25d85dfc312a52de37c1cf99353d1034498d2c616b2131 CVE-2022-48802,0,0,452388413750fad0016a585aeb6293a87a2a7a194129365e3d1068278e8d25d8,2024-11-21T07:34:07.003000 CVE-2022-48803,0,0,3944ba64b4bf5014e3b95671d9aaf2ca749998f790b192bd3d54f239fb4ea60a,2024-11-21T07:34:07.110000 CVE-2022-48804,0,0,d4967cc93f900d12692fa8fabca50399bd7d028413bcceb09e055fdf35a9730a,2024-11-21T07:34:07.233000 -CVE-2022-48805,0,0,eafb76468caf3773fec16fc91069ae96f622e966b1385ebd5ce466a806cd447f,2024-11-21T07:34:07.360000 +CVE-2022-48805,0,1,8e6b524333b04d106219144103e9304ac84f634dae2155072f7be9b027fcfb2e,2025-03-06T12:53:17.520000 CVE-2022-48806,0,0,138d514a8f59997aa967f097597406012727075dc083aaf3ae10ca94a35161d7,2024-11-21T07:34:07.470000 CVE-2022-48807,0,0,2526145aa7b4eed086785b29ff23ceec41a1875b0c9d0ab2bac70882e3cf55f9,2024-11-21T07:34:07.577000 CVE-2022-48808,0,0,0dde40ae7f1b74db3ad7c6c323821786b9fb456c6601160feb9f4b68999dd61a,2024-11-21T07:34:07.673000 @@ -241295,7 +241295,7 @@ CVE-2023-52741,0,0,e094cb6d7949e9747b892e241771f0453892c45a739ad5b8d158747bb6e06 CVE-2023-52742,0,0,dcf30954d8fabdab5fd680401ef1008be31a6a0cfb68e9a64806fc115f0213b5,2024-11-21T08:40:29.373000 CVE-2023-52743,0,0,24474008a2d4a403beada0f7d4c53935aab14c11f5c2d46143b8959c21bd597a,2024-11-21T08:40:29.513000 CVE-2023-52744,0,0,7a3a1b5b261511bb66fcf29aaabee541486137c90ee2c22ba6c248ce3835f026,2025-01-06T20:40:45.057000 -CVE-2023-52745,0,0,ae2005c8c23b148195cf0a12d45fef3cedd3d57293bb19723349c108b6823f88,2024-11-21T08:40:29.767000 +CVE-2023-52745,0,1,6b03e0345e3a79fe23ee08f8fbe19ea712253ff9277a62ebb384898480dfc2b1,2025-03-06T12:53:53.273000 CVE-2023-52746,0,0,29638259c02e0300a082658fbef0482f5797bd8a4800b195c2b69bc6212469f2,2024-11-21T08:40:29.907000 CVE-2023-52747,0,0,89a1a7bcc5367ff871cada9f72228e4bee14cd524a7a7ce281e3ad78d5396323,2024-11-21T08:40:30.097000 CVE-2023-52748,0,0,2b830ddfbbba0c67aa7dbe55dc7af2c2e0c7de4c1479e35323f1e39833c237ea,2024-11-21T08:40:30.220000 @@ -241349,21 +241349,21 @@ CVE-2023-52790,0,0,cf29a624de21cf22cc512d40f0a593951c8cd9239711d0b8442ff032accda CVE-2023-52791,0,0,be484a6e97e5a1fc91f5818964596896eec93bf44f2a3ba3ebb847d5e9c824b0,2024-11-21T08:40:35.750000 CVE-2023-52792,0,0,2cc23cf56cc94d378ac71d87d803d2cb686a46236118e6b58b26100b7927b4af,2024-11-21T08:40:35.870000 CVE-2023-52793,0,0,1deada04b9b58b9a08cdc8b4e56907afa2f473e86ceaaf1b863ba75e6bd438dd,2024-05-24T05:15:08.403000 -CVE-2023-52794,0,0,3f44b84fa1b352f9f6ba565950b04328a54586a79bd309ce61d29f4923e0797b,2024-11-21T08:40:36.007000 +CVE-2023-52794,0,1,bc3693e384d7812dd89a94906db45df7f7f197c2dcae1133aea42c4607d3db28,2025-03-06T12:53:53.273000 CVE-2023-52795,0,0,4e485f41269e4ca02c2bb151f581018ee7564bf7c1a16986ad072ba672d15994,2025-01-10T17:59:58.747000 CVE-2023-52796,0,0,919ab49a1f7e861a493c89fa6e458020589d307e7c501ef2a28fc7f2409c4699,2024-11-21T08:40:36.233000 CVE-2023-52797,0,0,a8f1fd2b50ee0014f6c08ba16dee5539f5b8b20b0a40b1a44d6ff84573d23ca5,2024-11-21T08:40:36.360000 CVE-2023-52798,0,0,698516f7a6422b64182796c4d1e386edea13c08d9ebe3b1a1a173e4cdc460cee,2024-11-21T08:40:36.483000 -CVE-2023-52799,0,0,0a7e96f1b4481394278d8d0f3c93d8e013d7d80d699b9909b78f1db0173ae7fd,2024-11-21T08:40:36.680000 +CVE-2023-52799,0,1,558d824ca47ee11384d74f49c72379f5ffc461019f8a8398a85e803f1e0276de,2025-03-06T12:53:53.273000 CVE-2023-5280,0,0,0e31d757c38846a6f016aa4d2a0c766d9c944cae8392888fd9d4cf58ba1afdfc,2024-11-21T08:41:26.490000 CVE-2023-52800,0,0,625396b2707a4b12a8608a41ca88f7c126404d546ab4a0974abef35f6ea67b88,2024-11-21T08:40:36.803000 CVE-2023-52801,0,0,0902d38420cc02715fe58ab7f76650517aa83d22bc371e771b393939439b0034,2024-11-21T08:40:37.040000 CVE-2023-52802,0,0,38a995833f5576e7c1a5ec4da3354344605bb944329f5f6f5f2b3f5909e6538e,2024-06-08T12:15:09.783000 CVE-2023-52803,0,0,ca542d715af19bc455d62c41688c3fc24d4ece330c1660f25b0f2926b8cdad17,2024-11-21T08:40:37.290000 CVE-2023-52804,0,0,f63595acad5f021611a295b0c2137b6f281e5bf0a3b7dab20aa319bececcb019,2024-11-21T08:40:37.423000 -CVE-2023-52805,0,0,e678e396ca530331218a46d4e9f526a8755a980b822efea8e927fcaaf1a16d6d,2024-11-21T08:40:37.543000 +CVE-2023-52805,0,1,5186bfc33c8855ecef32265d9b68c63d746ff5e76e8ed7f555e16356ac6e93d9,2025-03-06T12:53:53.273000 CVE-2023-52806,0,0,fb65670f4d45809f58388ae1354ca1aa5879a8eee50756f04297590c93c61e8a,2024-11-21T08:40:37.667000 -CVE-2023-52807,0,0,63957d0dcb7d7efc05d2531fb945162f710d97589865c92c99a73e1bd025efc6,2024-11-21T08:40:37.813000 +CVE-2023-52807,0,1,ddf74cd7700539e42b905e69205ce85a408eb5e82fb88ea2b1fbbb1b5bf76ba4,2025-03-06T12:53:53.273000 CVE-2023-52808,0,0,efd8d7bcb58f484b4b5e80898bd3c70762a13bd27971c0de98e557ec212b9f08,2025-01-14T16:32:53.767000 CVE-2023-52809,0,0,06fb50dbad98d780f58c95c2791d1c3f12990ff40b05f531900523b7250bea47,2024-11-21T08:40:38.040000 CVE-2023-5281,0,0,0dde3d47be17b2e8c89e29d997d88d34ff2d1fb77efff2971add322c1411cd86,2024-11-21T08:41:26.610000 @@ -245071,7 +245071,7 @@ CVE-2024-10899,0,0,3278ed9055fdf20d3bd937513eb10691156bd1e9c65996b252cdb3333f0a4 CVE-2024-1090,0,0,bc0bffa7867d1fecd545d2e7f7fb647c415e4e72464ebb88604cc3a8a49285b6,2024-12-27T15:41:41.897000 CVE-2024-10900,0,0,5438023601d5947725ce57a2b51b24b31a697395c49ac1553534945223b38a58,2024-11-29T20:58:31.967000 CVE-2024-10903,0,0,4b83af475b2ee1b428df17dee5389cac414e31e1e9acd0596c2e9a6f9d70e177,2024-12-30T18:15:06.253000 -CVE-2024-10904,0,0,b5c85bc64c6a5df341d4a7ec0174ec4603ee6d8c2b1b075accd30dfa52ac8f4c,2025-03-03T20:15:39.990000 +CVE-2024-10904,0,1,52d94fd1600e7c5493b7463b9a1bf1b1bb9ec7f5a03b12e7d597cc7acde74140,2025-03-06T12:21:35.360000 CVE-2024-10905,0,0,98e243c9c6d3626765a0f5bec050b58ca35d0a0d124978428fd582cb710fa7ee,2024-12-06T18:15:22.207000 CVE-2024-10909,0,0,8a3e5be040021a81e0e5e83c9e95ad90e5ace916bf19a03e529e43ec6a7f9976,2024-12-06T10:15:05.107000 CVE-2024-1091,0,0,fa73b748b3282d0c18d5fab689944bdcb646646e83d04482ca4b128ad52fd399,2024-12-27T15:45:27.200000 @@ -246376,7 +246376,7 @@ CVE-2024-12292,0,0,9c2e3f4715c47523d2f1e1d813aca821c280ab211aff2eeed6650ad59c376 CVE-2024-12293,0,0,2953fa4e59ad0d89a9c80037ec9c293444942d58e596c71e3b8975df1192ecb7,2024-12-17T09:15:05.347000 CVE-2024-12294,0,0,beb757b9be530a21bd62fb0889c97c31013e2208ab8db98bc3384b757caf5365,2024-12-11T11:15:06.623000 CVE-2024-12296,0,0,2e1864fa6072ab80c406429c59d508ec6233147fe965c5fb3773394e06f5d391,2025-02-20T16:09:14.287000 -CVE-2024-12297,0,1,0bf5340e7a5fbc70cb59bfd941e3c3af31a7ca051fcdd935c4a0bdf03ed01122,2025-03-06T09:15:25.380000 +CVE-2024-12297,0,0,0bf5340e7a5fbc70cb59bfd941e3c3af31a7ca051fcdd935c4a0bdf03ed01122,2025-03-06T09:15:25.380000 CVE-2024-12298,0,0,cc5fe609045dfd20e01ee8b5a4a2dfa91435af5a3c75ddd1927f875f5047d786,2025-01-14T01:15:09.423000 CVE-2024-12299,0,0,6bf8e5e626459eb3d35ab60bd9555f090eb208e414339f648c4215470dc975d2,2025-01-31T18:22:07.800000 CVE-2024-1230,0,0,4e58704ea3cd6d96f1b95bf7630f56ca27fd7e9cf7f7c464007165035f04082e,2024-11-21T08:50:06.710000 @@ -247764,12 +247764,12 @@ CVE-2024-1388,0,0,4055ac29f5fc98e5c697dde8e9fd854a4a3e80aad935e1d1af922e2721330e CVE-2024-13883,0,0,1e82cdf8d40eea1cf0fdba117374eff50482e8082835729e73b8298b4bf2a5eb,2025-02-25T03:39:21.267000 CVE-2024-13888,0,0,45ea465fd1196bf38b8c341b411c16c5302500649feb2c402e910f2e8aae7f79,2025-02-25T20:39:44.927000 CVE-2024-1389,0,0,44c915b89d8f24815db27dcf9521c10fcca5d968291afb2cbd201094aadb9d12,2025-01-27T17:15:51.567000 -CVE-2024-13897,1,1,07f598b96e670ba19e3823cc39b2ae054e4338a7f34c42c2715bbbd41cb120b3,2025-03-06T09:15:25.787000 +CVE-2024-13897,0,0,07f598b96e670ba19e3823cc39b2ae054e4338a7f34c42c2715bbbd41cb120b3,2025-03-06T09:15:25.787000 CVE-2024-13899,0,0,372540a329e3dd48ea203e26ad119a2f49b08582c995a840b88c85b67384dc50,2025-02-22T04:15:09.720000 CVE-2024-1390,0,0,ffdeb8cc4a3b1077717739c1e237f842eedff68b0ec02858887f3acd549f9f88,2025-01-22T16:49:11.553000 CVE-2024-13900,0,0,a36f38c86f625b2f6c78f95d04b10fcda1c4c7dcd50cfc141d8c356f3933fb59,2025-02-25T04:02:36.137000 CVE-2024-13901,0,0,b4d4185fc2cf368e3c24da5377f1f5ad78958c5d2f761e097232a413aff597e6,2025-03-01T06:15:33.827000 -CVE-2024-13902,1,1,d88d3cc9e45e0c55d2afb6679644be58fc5bebe0dd23fa62d23f86a13679c70f,2025-03-06T10:15:09.900000 +CVE-2024-13902,0,0,d88d3cc9e45e0c55d2afb6679644be58fc5bebe0dd23fa62d23f86a13679c70f,2025-03-06T10:15:09.900000 CVE-2024-13905,0,0,94a06017058e47ea224d64f1fcc59573ef0629f841649e95825b26eac6b9c491,2025-02-27T05:15:13.610000 CVE-2024-13907,0,0,f2da3425f3470ad3127836884558cd2ad3921d2f9bdfdbcb35d8a21b911174f4,2025-02-27T07:15:33.543000 CVE-2024-1391,0,0,fccbf24dfb651f372e2b51106217c90f4de85c1f936edcd91290184be12fa7b9,2025-01-17T19:52:57.843000 @@ -260677,7 +260677,7 @@ CVE-2024-35933,0,0,0325908b6390f4a1c9c15094b5dc41c2e597d6d95f2ad6932f319d5dab89c CVE-2024-35934,0,0,361be744c073c07234d0642797a28f51b9670336f6d7218b1ba2a8dcda01d171,2024-11-21T09:21:14.217000 CVE-2024-35935,0,0,082a285269746fc3fb873203b6e873841d4b83b7804fa4f36094730041c93f93,2024-11-21T09:21:14.350000 CVE-2024-35936,0,0,c01c5dac7b5e0bd9601007610c8046f83929460d70171551603976f6ee883491,2024-11-21T09:21:14.507000 -CVE-2024-35937,0,0,e6385c96d6b1d75d3ce8d89803a7d914cece248ded927549657aaff3b0f58ea9,2024-11-21T09:21:14.650000 +CVE-2024-35937,0,1,008f0b099676b1080f92c478a89722853e7a3bcd13760052a5e66ae4736fee3a,2025-03-06T12:53:53.273000 CVE-2024-35938,0,0,2efeaa65672def64c85e39f960d3d01dbf5533390de3d3f54f180152cb69f5c5,2024-11-21T09:21:14.773000 CVE-2024-35939,0,0,b275ecea9c74fd7d5d66bfdbd96bb842e1b97b53f548850ac73334b3c0feb367,2024-11-21T09:21:14.910000 CVE-2024-3594,0,0,55e7aa826fd5ac5a92668a76380c7410f96136b5e95724eafd64e2c8b6da6f6b,2024-11-21T09:29:56.900000 @@ -261421,7 +261421,7 @@ CVE-2024-3692,0,0,4dcb31a4127d38bd6452acf10121a61d94095197d226ab1d1d43421fddb139 CVE-2024-36920,0,0,296892b15bf2eebaea9778f89d4376d82d5fbf60b24a815d649d1db5c3fa6f0d,2024-11-21T09:22:49.243000 CVE-2024-36921,0,0,9fca1ce588f5b618b74dc938d23c125f5b25e6ce9d67dfc6fa92e435e2aa9c02,2025-03-01T02:33:14.063000 CVE-2024-36922,0,0,cb456c0e747a1f1081cb6fb9c8ef844df9b204267e34052842655b94a5e35cfc,2024-11-21T09:22:49.503000 -CVE-2024-36923,0,0,7fbdae4f65b059ccfed4178ce35980ddf45ac6b67f309a18511a4433b8a64400,2024-12-02T08:15:06.143000 +CVE-2024-36923,0,1,0db7b408bf0a465cbfc2832e1b29fcb0647fe6414a24bf7817d48e4bb93e5987,2025-03-06T12:53:37.607000 CVE-2024-36924,0,0,137498aa9e34e1e8acd4de9ea1ba41b050722b5260fa3d73369cc3248a483780,2025-01-10T18:29:03.477000 CVE-2024-36925,0,0,e0ca67c8234568b1dc27df68d69c690ead06aac125c9af02d4ad6e41e9d1146a,2024-11-21T09:22:49.863000 CVE-2024-36926,0,0,800fd4d9a99b5fed12fe0fc1b134ce999c0c2fa4531986545f76a96538c7238d,2024-11-21T09:22:50.010000 @@ -262659,6 +262659,7 @@ CVE-2024-38308,0,0,1baa56b2e3fdd13244d0b9df4f23464d3904d173da05d6eee250ad40c0e7a CVE-2024-38309,0,0,c1db647894461fb62d3b4308d8d05a2e39c8d0f31c7a0d9ba995ad235729362c,2024-11-29T21:15:05.287000 CVE-2024-3831,0,0,5e708a1e6973c6b70cfbb375324ac255e6a5b9f7cfb486bea916fa269c4f84cf,2025-01-28T03:13:30.017000 CVE-2024-38310,0,0,6659b53a28a05a037a22232686eb9e98f1c5c7d893b655725e2374a7009bc039,2025-02-12T22:15:35.630000 +CVE-2024-38311,1,1,369eff6a0ba7445ff178358722ea77f1fec89a19709c21a4fcf2a228cd4abcc6,2025-03-06T12:15:34.157000 CVE-2024-38312,0,0,71e3649445240de28e850a435dc82d1d3d363c5ab712373016bf34e6f709156c,2024-11-21T09:25:21.193000 CVE-2024-38313,0,0,b4fccf4bc32a428a2ed3da857e5610d03364deeda806c6ba074978d77fa6902f,2024-11-21T09:25:21.687000 CVE-2024-38314,0,0,7f72becf752c493d63d9011af9e40e717b070fb953c18b5df93807710a713461,2024-10-25T12:56:07.750000 @@ -262882,7 +262883,7 @@ CVE-2024-38552,0,0,720fe50f9f09822193355713378016678554e327fdf10962760ff63ce824c CVE-2024-38553,0,0,7daa674f39b9fbc7f9a8957c03f3f61bd55305270fb94814d9818955a2978ffd,2024-12-02T08:15:06.310000 CVE-2024-38554,0,0,df13f1949b7bd7172dedebdb3b62a0c27acdc95d1295e38abf4aeb7af3ad3c7b,2024-11-21T09:26:19.990000 CVE-2024-38555,0,0,48d1e5dfc3dfc2a4b0fa5c5ab09979a6f28a54ef666340efda4f6723bf60db30,2024-11-21T09:26:20.137000 -CVE-2024-38556,0,0,02b1c6a6cd1abdcbfff5f60ef9e4b90d62ec0b9be883ec71647836a8d9d6a412,2024-11-21T09:26:20.280000 +CVE-2024-38556,0,1,e977e95883a20ac81c76c1728a2713c1d5a8684fee03db223b7ae7f79b586fc7,2025-03-06T12:53:37.607000 CVE-2024-38557,0,0,0dfaaf21c71ac44704804f687fb153b22f5d2adac3615ba3150b80b203367d77,2024-11-21T09:26:20.410000 CVE-2024-38558,0,0,bb5f5c588cc6220a8f52a1016f93a06d7e93f2566de01426efa76e676cd4b0af,2024-11-21T09:26:20.560000 CVE-2024-38559,0,0,951562632157e6a8b239329dc6cd2960e3a234244a65bba4b498169c45b70e96,2024-11-21T09:26:20.703000 @@ -262937,7 +262938,7 @@ CVE-2024-38602,0,0,6074885d7e84857d272e5e137d9ef3004b7d1aeb12bd595cc6a908e5bc762 CVE-2024-38603,0,0,2b3756b5f98fde6d2e61eed6983eabc482f401bb309bc43a7cc9339b578c9f49,2024-11-21T09:26:27.690000 CVE-2024-38604,0,0,fb5dc88ac4d02670b799830b7a6a54f5a6ce8e126f7a992e07bd7920b7ba6b1e,2024-11-21T09:26:27.827000 CVE-2024-38605,0,0,183c92803d7c394a3b7337f01dc27e0a8297faa87b9fe235d18e0f744813603c,2024-11-21T09:26:27.937000 -CVE-2024-38606,0,0,34ac3167bf64347533c5bbfc39813262a6126ff1a71e5c3e75053b00f50e7b6e,2024-11-21T09:26:28.147000 +CVE-2024-38606,0,1,5b837976fc0cfff01c96d0ebdbf3bdeb77ee1bcb7c75a0a1b490b22332b86f0d,2025-03-06T12:53:37.607000 CVE-2024-38607,0,0,55432cbb40c6349effbcd61958d80414a37550b349345ac1cd3aae9bdab797a7,2024-11-21T09:26:28.270000 CVE-2024-38608,0,0,9047d5fa6031e3edcce1a9b27f9a4f65f4b59fc23ac62e10259c6e642290f89b,2024-11-21T09:26:28.400000 CVE-2024-38609,0,0,1f5427b015e1032af6948292a48310f693450e7b841e694549a3d08bf031c00a,2025-01-31T15:32:13.697000 @@ -263606,7 +263607,7 @@ CVE-2024-39503,0,0,bfb8778b93d9dc0e3353fdde95567e557faa2bac791848eaa56eec80d82ee CVE-2024-39504,0,0,03a15e491e92fc31a2f489e2f508052010008630cdd84ebe3d7f8047088fc997,2024-11-21T09:27:50.633000 CVE-2024-39505,0,0,90a964e49c1df1a8320475bf163c491aa6a65384a876c0c3c686e952d6b3f1c9,2024-11-21T09:27:50.837000 CVE-2024-39506,0,0,531242bb57168b2c94d7c9f571365b7ffc2568e0de39b689dd6586cfb83bad6d,2024-11-21T09:27:51.840000 -CVE-2024-39507,0,0,eea785e0a70ae45d3e39445c9d0cb7221d9647c50587d94002fed904120e6a87,2024-11-21T09:27:52.060000 +CVE-2024-39507,0,1,0127099630075f68e4559e0978f83cae8096f30555a2cc503a1c48ca8c3cfbe0,2025-03-06T12:53:17.520000 CVE-2024-39508,0,0,b61527ede473f71ec957d7f063dfe9afc808de70d8a3a6ea55db87260a93d703,2024-11-21T09:27:52.240000 CVE-2024-39509,0,0,1d8d55009f9cf6a11df5a012ce860d80d98e7fff9e22285b239717e5da5825e4,2024-11-21T09:27:52.407000 CVE-2024-3951,0,0,fe866e4ae1f51945bb25f7c9b08a9604548e90afa543b0c28badacc4120fa05b,2024-11-21T09:30:45.817000 @@ -264531,13 +264532,13 @@ CVE-2024-40922,0,0,51adb2c79fa9bf216d4427e9aed62e8ac8a5b9ca3ed410a7841ad1b8fd35e CVE-2024-40923,0,0,5efd6b4ae80a0f1404002746c36b7cef623484910276e4bb035c5a2f595a19f6,2024-11-21T09:31:52.723000 CVE-2024-40924,0,0,0f9d33d7b2d19938ae91198bf63ca56eaaeb77e2f520287ce7027ad8d2f1cd68,2024-11-21T09:31:52.850000 CVE-2024-40925,0,0,952bfc3433123f21d86aa6aae5c34aa75b8dbf982f063d2a21b34992f7bd7f1e,2024-11-21T09:31:52.970000 -CVE-2024-40926,0,0,5831181a8b7bef951fef0db4bce57778033c501ed4e6986e83d0f4f667178dc3,2024-11-21T09:31:53.090000 +CVE-2024-40926,0,1,d223453a80724f856ccdd7f4bb557c9f9d03089af135db8a993acbb7fb8c2b9b,2025-03-06T12:53:17.520000 CVE-2024-40927,0,0,3e45cd4c7d7b84f311fd8311cd12a748117e2e084a0ae25d71c9b0f17cb60f82,2024-11-21T09:31:53.210000 CVE-2024-40928,0,0,6bbb47c365ce69b1a36872686a7534abbb78ea0d91fdb478bcb9952597ccc35a,2025-02-03T15:37:36.703000 CVE-2024-40929,0,0,12ca49b2c39711ccc5bc7ec2bc8205b440ce5ff05e6cbcb5d341b829355f554d,2024-11-21T09:31:53.453000 CVE-2024-4093,0,0,791843648abfc4702cff784098fbe535c7a1bd9ba321300437d4415f1c140614,2025-02-11T15:33:25.337000 CVE-2024-40930,0,0,223e3bb5f491ddf209a9c6b0fdb035fae8a1844766aa0528db1cea737cf6605c,2024-11-21T09:31:53.580000 -CVE-2024-40931,0,0,96882eebf9a09ed1c69210e115624b04dd3a24bfe345b4823c3d48777a9e24ea,2024-11-21T09:31:53.693000 +CVE-2024-40931,0,1,8f4491f4ac7f3cbfe8a7e805820debf6b6a8bf9abd6d3846fe73b7d538d9fa62,2025-03-06T12:53:17.520000 CVE-2024-40932,0,0,396501b3682afb3f6991ae19df88e118e519447a6804c55f105fd35e30fb00dd,2024-11-21T09:31:53.817000 CVE-2024-40933,0,0,7c0cb98e6ad09b1eb03291e4c89ea0fa86745de6ed168fa2a93f9f27003a69b0,2025-02-03T15:38:11.110000 CVE-2024-40934,0,0,715b4cd58b992c333d81aa8ac045f4eea34f011597b59a061268df50bd4135a7,2024-11-21T09:31:54.097000 @@ -264595,7 +264596,7 @@ CVE-2024-40980,0,0,de3031711db513dcb148f704b93b2dd78d8a01c6b42c8e20d4a48c56f1176 CVE-2024-40981,0,0,37c3f0cff46cff282ec46d2f86b939aa2408325f560b29ec75fca4a796526834,2024-11-21T09:31:59.973000 CVE-2024-40982,0,0,bcacd4044a55751834c2f177b012689b5a04e030964cc42170ae5439258936b0,2025-02-24T13:15:10.790000 CVE-2024-40983,0,0,4f1e7e94a10f77a2a960c5963137825b1a7d9ac1338f04d0af0e9fa582272b5b,2024-11-21T09:32:00.260000 -CVE-2024-40984,0,0,5a6f81736dc096bd4ee64d69e7f660826fc7563949b3fe4b13e875b88e888936,2024-11-21T09:32:00.383000 +CVE-2024-40984,0,1,fe8e68c20234bcaf7527f868ca295e700815cf8eed594aa35fa1e26e09754795,2025-03-06T12:53:17.520000 CVE-2024-40985,0,0,53f2aaafe6f291a7057a7769a5566edb3215c6fde96a4df2ae27d2aacc836123,2024-11-21T09:32:00.513000 CVE-2024-40986,0,0,70433503e15bf19a04d4804979b973ebc8834bf0f36157900d4e6769acc11f76,2024-11-21T09:32:00.620000 CVE-2024-40987,0,0,8c6da8c46e3a70e3ea00130ef8dc2384edf3f6f8358535f996c64f7236534443,2024-11-21T09:32:00.723000 @@ -264643,7 +264644,7 @@ CVE-2024-41024,0,0,9faa43cc5c0f4a4049a5bf7f7c881facd92c066a96211564626b0d8428345 CVE-2024-41025,0,0,de776435d7227d8dd4a23ef7e5396bac477026279e493e401efa28a0e142b9b2,2025-02-03T15:43:55.150000 CVE-2024-41026,0,0,8124be7ddcb0df6adead65670a9a1962058fdeb9eb9d2a9d4d19132c4a090025,2024-11-21T09:32:05.570000 CVE-2024-41027,0,0,eaa63e74c3ce16129be48c23bd10b961f700b28c359c1860f0f1e79e575ef9f2,2024-11-21T09:32:05.680000 -CVE-2024-41028,0,0,2bbc1103ef90eb4a6f274e7ffb652a7917726810c5c7ef2e4bba871d848e1836,2024-11-21T09:32:05.793000 +CVE-2024-41028,0,1,b924dfe0be651b444de118992a2fc5d3da1562c9baa5d2af8c66efd53f193fb0,2025-03-06T12:53:17.520000 CVE-2024-41029,0,0,f9db8ea6446b76e46dc00691964188fe35e2a1ac13ab357464786adaee900744,2024-11-21T09:32:05.920000 CVE-2024-4103,0,0,aaca6600ff13db66884b3ef298ff81547c88ad56078acd57bcd1d6a0339d855f,2024-11-21T09:42:11.887000 CVE-2024-41030,0,0,9168be225963c75def9fd0a94bac40604a890ecf2829523390253cb24d1adb15,2024-11-21T09:32:06.033000 @@ -265573,7 +265574,7 @@ CVE-2024-42260,0,0,eb52125b7ac8aa328b971df28fae3672970357ac79f1958c3b76d2a4939b7 CVE-2024-42261,0,0,72fe870a41ca864453ed4788fd4a91439d6c4b246a2a5f09a56b04af1e7ecbf8,2024-08-19T12:59:59.177000 CVE-2024-42262,0,0,7f3d17e5526185f5375daae7ba422211b70f3364ede237c89feab9ff5e43cedf,2024-08-19T20:05:15.407000 CVE-2024-42263,0,0,3493b915ba1505678529c159f5fa9faa50bc66ec51cc9c94e8dae616046ad302,2024-08-19T20:41:11.240000 -CVE-2024-42264,0,0,4e13db08e37efb231e0b44e1379a734611c8e5c51edafc967a85f3d1354ed33b,2024-08-19T12:59:59.177000 +CVE-2024-42264,0,1,19896bcf2395821479fd72c8393e62d357c4df261d67a94cbe2787b624fb5190,2025-03-06T12:53:17.520000 CVE-2024-42265,0,0,dc9a1e67a9f4810f2841027c6483efefd3f1789eb7007a2fd693f56892bd11a5,2024-08-19T12:59:59.177000 CVE-2024-42266,0,0,e3773d6d9416557898775f8e251bb3caface8cb0ca7f14ef02f46bb386d50723,2024-08-19T12:59:59.177000 CVE-2024-42267,0,0,881474d04f014e3df273462be8ded36c9d57a485e542f49fb9e4732784ec7797,2024-08-19T12:59:59.177000 @@ -272697,8 +272698,8 @@ CVE-2024-51939,0,0,20d7c044823f2dbd5a93ccbf1e62122469f38a0e0e61d27f0eead27fdd2e2 CVE-2024-5194,0,0,8d46b9bc1f0e922d7415f01b9e20c3241c30409b16aacd585324be8545f4e31e,2024-11-21T09:47:09.967000 CVE-2024-51940,0,0,eea7140ef8e6920e3e5dd47ba7cd4d003e663b87564e69e84f825f175f7f9241,2024-11-19T21:57:32.967000 CVE-2024-51941,0,0,99e7c2ec210b1b461bcd0a5c19e2f109b9f77e87df47efb160f27ffa568291f1,2025-01-22T15:15:14.247000 -CVE-2024-51942,0,0,082c39c914afc1f152b290c50010a7d9580d0c869923867e8a317acf2d1e1eec,2025-03-03T20:15:40.167000 -CVE-2024-51944,0,0,a177c1bf58a67a2a44392a289609dc0c9cb6629e7f4210ba46cd84c0679b842b,2025-03-03T20:15:40.327000 +CVE-2024-51942,0,1,8b161189d0d45cb0bf63bd465c92a2e8ee75c81f4791280570986eb3c455233b,2025-03-06T12:29:08.017000 +CVE-2024-51944,0,1,f8c98d1793f9787c17c7c73cfd2debb113898aecd312f3c77a685c088878faaf,2025-03-06T12:29:08.017000 CVE-2024-51945,0,0,1ae5ce04d1d327652720171f30e6b6504353f9d9238219139425e6dde4fc5bc0,2025-03-03T20:15:40.483000 CVE-2024-51946,0,0,32d060e63bb43a324ec55d23a71a44484d8536def4a0cea14a4ef958035a8ff0,2025-03-03T20:15:40.640000 CVE-2024-51947,0,0,da610cce302aa6ac199dfd0acfd63684d2e11449b65a14620f4ba6cc7bcb3c54,2025-03-03T20:15:40.797000 @@ -273537,8 +273538,8 @@ CVE-2024-53158,0,0,e531f3eba6de342b83e364b8771c46bf2c1c9fd8d80363877d69a71c57f42 CVE-2024-53159,0,0,0efe60c571308791e08c5af46e2d936d40b42d7671e5dc75fbe9400ec226f8d4,2025-01-09T16:16:21.233000 CVE-2024-53160,0,0,4057796bb00f7bfb6f732886520cc805fa7c46e82813820ad292c8bad3293b53,2024-12-24T12:15:24.340000 CVE-2024-53161,0,0,eeaec3335f10b57ba4a8525bcd94f1272174075b2c57b00bf93a768e727c0f4c,2025-02-03T15:25:26.370000 -CVE-2024-53162,0,0,df85a11e6a978a988f94147768e1b797ee8fbd7bfaeb313c7dca04eaeb48550d,2024-12-24T12:15:24.567000 -CVE-2024-53163,0,0,66596d105919462a53b931e709d5eb700f2bcd31c90e615927d319007d3e6306,2024-12-24T12:15:24.670000 +CVE-2024-53162,0,1,13791b79bfd48cf5f925f39149cd282969ff08c3caf8fc15af9672577fe9c6d1,2025-03-06T12:42:52.363000 +CVE-2024-53163,0,1,ca051451cb062f472005eea53a1981cf99673d16fa9b3fbe27a6088714c52748,2025-03-06T12:42:52.363000 CVE-2024-53164,0,0,ae2c77989297659bea888fe0f75049cc76e1ff4e5da327a92f529457a5afac7f,2025-01-09T16:16:21.297000 CVE-2024-53165,0,0,a4943f78f99297463146bf300537cb48a621a1dff9c540e1bec71a9d3b2949f4,2025-02-11T16:15:40.500000 CVE-2024-53166,0,0,6b47b227a3c2839f79bbaeaa4f5e16e222ce5bbd89cad0bd429474bf1b6f91e1,2025-02-10T18:15:26.717000 @@ -273586,7 +273587,7 @@ CVE-2024-53205,0,0,aad40af383a0fae2dfd165489485b38af4279f086ab2ffc2acc584ef6f771 CVE-2024-53206,0,0,2f6a2fc7adb42267dc8ee97a338aa8c24c6fa9462fbe1480b8392e4aae94186c,2025-02-11T16:15:41.840000 CVE-2024-53207,0,0,eb965d61db6125837dce0de6ef3af14c44ea9331488a35d8508a0d1b2053b009,2025-01-08T21:26:42.470000 CVE-2024-53208,0,0,bc7e68ca2f003cd79ddc6d7ce610dc12e11f263a6b66fec26ebcb92d92485dc8,2025-01-16T16:46:38.657000 -CVE-2024-53209,0,0,7ad715ecbb06e0041c0696aae9738d453a48992d1e72e23f65a4ba9908764ec4,2024-12-27T14:15:28.793000 +CVE-2024-53209,0,1,fbdb0aa91991e41bb2553cc9ad5cfedb1ff21c2c3efb53602bcaf5363e2b2b68,2025-03-06T12:42:52.363000 CVE-2024-5321,0,0,0f218b8b6fcc3fc0b4ccef7040ede5ee801dc8e00258e6450bd3f123b6e73ca4,2024-11-21T09:47:25.283000 CVE-2024-53210,0,0,edb6f6743b39b3d9aaae84e10ec98f8816051f339f526267a629d8a9b382a055,2025-01-14T15:50:32.413000 CVE-2024-53211,0,0,18d392b735905bf509d5b499622b5915d2a7dc656aac6c7b71a8cc77eb401829,2024-12-27T14:15:29.017000 @@ -275170,12 +275171,15 @@ CVE-2024-56178,0,0,9564968521bb8f5c11b766d9cc78936576e1fac39bcc14d058711ca02bbf4 CVE-2024-5618,0,0,d2d97c727c060ec84f3174901af9ab7b075641151198c4f29457077453fd0cc0,2024-11-21T09:48:01.670000 CVE-2024-56180,0,0,9a461075be1a2eaf70b03c0f7152f850619b8e5d7322fa7b2ca03c910642bb05,2025-02-18T15:15:16.500000 CVE-2024-5619,0,0,847b29035ced8b12638c0c9edc7633e1fcbe758edecd5717d697d3abb49553ce,2024-11-21T09:48:01.807000 +CVE-2024-56195,1,1,5061972a1cb73878137e3bd459e010e89d1c1704b622db6ed4fbc91bfa8ff13b,2025-03-06T12:15:35.373000 +CVE-2024-56196,1,1,b46ae86c15fd0353a72c49b206ddbd52d33b27b1eae894036c9613fbfa8f4b28,2025-03-06T12:15:35.523000 CVE-2024-56197,0,0,e9afd498035eec9eafab8200bca26d2809dec4007383a3f79e63ae62a3cb2cb9,2025-02-04T21:15:27.260000 CVE-2024-56198,0,0,3b67ef470891f025afa6af0da137e788f43839b85f759fed43bf437c7d57fc06,2024-12-31T16:15:27.247000 CVE-2024-56199,0,0,b62df53baa8d4848a6f31e2b0b1f49a9a24a4405c740c5c1ac552cd60e35a283,2025-01-02T18:15:20.427000 CVE-2024-5620,0,0,240638ef58a29a459ed1037710fcf1b7e875e31a78e263978233bb4c4a8442da,2024-11-21T09:48:01.930000 CVE-2024-56200,0,0,3879bcf029467f661c4f86f22f421720527f4e18cebe03faa8ac0ac24cb0d998,2024-12-19T19:15:08.280000 CVE-2024-56201,0,0,fcf381b194171b51a5229bbac53f5e329fb502829416a1a37abaece0e20f4002,2025-02-18T22:15:12.910000 +CVE-2024-56202,1,1,56b4a87f440cecd788b6a9dd57890c9c4416d61ca169d201a38d8af53065d0ed,2025-03-06T11:15:11.423000 CVE-2024-56203,0,0,e99e9de74c83a36dbb17a843377a1378f7cef98ac1909cf2366fcf78cc18f19f,2024-12-31T14:15:25.400000 CVE-2024-56204,0,0,6a6e8f022625febdb1ce3a481d0a8e2bb1f1902592ae6e2bfa4e06cd41426aed,2024-12-31T14:15:25.547000 CVE-2024-56205,0,0,8369f1bc37e0dcf8f712f3109d50a2811210639fc84cb65dbb5b1dd98af12e24,2024-12-31T13:15:08.803000 @@ -275438,7 +275442,7 @@ CVE-2024-56544,0,0,8a7f14bcfbf3a6d0d0b05eb7bf9e4f8c9bffe91101daa0f73648af61ea7c5 CVE-2024-56545,0,0,b19a2ba17d6965bf3b02f8b4675286f8fb225dc536b446fa97ec76fd3722b1f2,2024-12-27T14:15:34.270000 CVE-2024-56546,0,0,69a114fe693d135933b03c09be788b3440117b47c45a7792afcbcac9317d87c0,2024-12-27T14:15:34.383000 CVE-2024-56547,0,0,e8b50d10358462601d97aeca5191b7d8139764ee45376f21c8029ea1eac06a30,2024-12-27T14:15:34.497000 -CVE-2024-56548,0,0,7c9a02e95fb8a2c4877315f3f9754b64954272853f7d5c53b2e0dae8ec953220,2024-12-27T14:15:34.603000 +CVE-2024-56548,0,1,0c74a7d90e7eef20610734f63deefd7089991371ee9a9bdcec249a4eb0b7371e,2025-03-06T12:42:52.363000 CVE-2024-56549,0,0,f06d0249fff07a351b0adb594ef910674acea63172f8ea331235c7c1107d08ec,2025-02-21T14:15:50.947000 CVE-2024-5655,0,0,0fa4e3b504ccc8e08941dc807198e5a29b07306b6e1d02090b484b1570bb08fd,2024-11-21T09:48:06.140000 CVE-2024-56550,0,0,04d74517c386c38c5a8c7b0e1144163e0e9e19fcfd004bb9db0bb6bb64a064cf,2024-12-27T15:15:13.737000 @@ -275446,7 +275450,7 @@ CVE-2024-56551,0,0,36f204fddaadc42f9861b127270dda6a10a23445438a767cc28684d21a76f CVE-2024-56552,0,0,a3c48da8b466f06a1443e801f2355b958e7309a0c2bd86f0bd0c1f10746499ed,2024-12-27T15:15:13.970000 CVE-2024-56553,0,0,d73f092fa407a2c4632c4de0d4d2babdb741c99293b819a91977b3209c030fb6,2025-01-15T18:35:51.337000 CVE-2024-56554,0,0,4950d099528e83b14a4e664e675a49b2cb0f0bca70f7a35876c65aeedeef4938,2025-02-10T18:15:30.680000 -CVE-2024-56555,0,0,7adf2e4fb5453894eeb5b79cb553881f2648ee08d2c76da8c16ab1a614e5e322,2024-12-27T15:15:14.297000 +CVE-2024-56555,0,1,884600d2a02055b52b7728da3577ca03c9ba0b308206c6e00653bcca6cccc353,2025-03-06T12:42:52.363000 CVE-2024-56556,0,0,62adf1a099eefec4d0fa5a439487b9bcfa2c7b9741ffaabb648fd7f8b0ed7670,2025-02-10T18:15:30.940000 CVE-2024-56557,0,0,f222bea6eebf5ee087c56d4680fd17e1ef91317d2973edefb93be336214804d0,2025-02-18T16:15:18.597000 CVE-2024-56558,0,0,dae4ef50d75c61c1b5a5060f05a03785acd6b71bd1850448ee41b577d959c9ce,2025-02-11T16:15:43.450000 @@ -276003,11 +276007,11 @@ CVE-2024-5757,0,0,d27353d3a809fffc6956c99202ff019e529c86d532d278e7bed95c99f1ad6b CVE-2024-57575,0,0,10f9db09488c680e59179edd32f39ae852f953dfae5ffee53935cd40d92b886e,2025-02-03T20:15:34.597000 CVE-2024-57577,0,0,bae775b370a8acb307c4cb68af424e3eba8ab59b46dde10579b517ba186c6837,2025-01-17T18:15:27.893000 CVE-2024-57578,0,0,c3279c5dafbf0cdd4403337b162aba3068d6b8d4f0424f16fe98dbf2bcb27771,2025-01-17T18:15:28.430000 -CVE-2024-57579,0,0,4a49cc775ec905f43185526fd05f4ea280ad4fb134a294c43bb08f7528375e43,2025-02-18T21:15:24.023000 +CVE-2024-57579,0,1,998c634aaf72ebc07e60fd4101f3ff588564deb00e5a24d254aea61bfbf0aa4f,2025-03-06T12:42:52.363000 CVE-2024-5758,0,0,c078716fbf80b259c8ceac06415d3d039d4ef773f8ae701649c6b0b1483ee99e,2024-06-13T21:15:57.543000 -CVE-2024-57580,0,0,231802c03b62a08e8e2448c2500c2fac9afc439d20c2835d347ef717087aef18,2025-02-18T21:15:24.200000 -CVE-2024-57581,0,0,be9b4854ff1b2aa1e80cc5f4c232e70769ccf544f8e3e98777284e512a17d43d,2025-02-18T21:15:24.370000 -CVE-2024-57582,0,0,0ef47b6acdbce57bcbba96e422ace8b4945065cc783a0c29e78904d9fc8aabd6,2025-02-18T21:15:24.550000 +CVE-2024-57580,0,1,5386ab0a31ac0414e0bafcdd93e2d3649e0dc143fcb13adc039707846357654a,2025-03-06T12:42:52.363000 +CVE-2024-57581,0,1,86f2c2ce89d7f7c1ea938f6ec9bdb7e42f919b1b3148032fa9c5467796d1eb80,2025-03-06T12:42:52.363000 +CVE-2024-57582,0,1,ec57dc747c9963ddf2f1259638e8142ee12e0a5daccca4dde80591a5cb608b5c,2025-03-06T12:42:52.363000 CVE-2024-57583,0,0,ccfb387ff3c30d35babb34dfb2c64006998b94ce941ed7ea8395016f8be83325,2025-02-04T15:15:18.557000 CVE-2024-57587,0,0,69e0c38068f525a5b86457cd182be111c6d82d7686ae8a5f6131539166579a3b,2025-02-07T17:15:30.453000 CVE-2024-5759,0,0,7a62530c172037696b680530af67b7622649644977afb4734ee0d6d8975bff51,2024-11-21T09:48:17.467000 @@ -276172,7 +276176,7 @@ CVE-2024-5782,0,0,3007fa9c37260ea7caeb87e42b238e099fb02a0dcdaea4137ab796f4ff5698 CVE-2024-57822,0,0,43973cb11c0d7745a76972fd2125c40dd56918f079243999a6a248fd7bb74d81,2025-01-10T15:15:16.337000 CVE-2024-57823,0,0,5ca581226a27965f69cc1b47d8d6ed60ad65266a2e4a0de113585f678075fc75,2025-01-10T14:15:29.583000 CVE-2024-5783,0,0,457a67b18c53addb8fb271e75294a5e3a7e25c57923089dcfbdfc7dbab590f38,2024-06-12T08:15:51.480000 -CVE-2024-57834,0,0,bde9acb0b7abe7c1e386a2730de4ca504543339b28713c466fa9ab3cc4779534,2025-02-27T03:15:10.870000 +CVE-2024-57834,0,1,e3cca5e287184f32d20397e91dde398ce533990b77cde31e05ffb1748294feb6,2025-03-06T12:42:22.567000 CVE-2024-57838,0,0,7205305ae1088ef41361b6511691e021bab207c0c324bab7b09b17a8c1a06218,2025-01-11T14:15:25.940000 CVE-2024-57839,0,0,5656e2417e5685f2e1ff410b1767104ed6341a8132fd402fbef4fd6f8615e85a,2025-01-11T15:15:07.050000 CVE-2024-5784,0,0,f27ecf8abffd9e6c282a3d3ca16cce2ce0cb1c19ecd7f5c543f166278a4d8c33,2024-09-03T14:48:19.570000 @@ -276325,28 +276329,28 @@ CVE-2024-57999,0,0,192cd62115ee0eebfc0e3194a10d118c6cde7d7dffe718c35de3e7f488afc CVE-2024-5800,0,0,ee30c93c9e24a52f4a9c5cf5ce5afed2bf419d548311799a41776eadbe274015,2024-08-12T13:41:36.517000 CVE-2024-58000,0,0,9bead4c6f4a6e6b0b3e4ccb9dcb95d8e89506cd6b149e93be860b24427528e09,2025-02-27T02:15:14.033000 CVE-2024-58001,0,0,062b95b71d62b8392e7dec859d235ae0235da3e946e47b40e89a8df2d660fc6c,2025-02-27T03:15:11.080000 -CVE-2024-58002,0,0,1a9c3228768abf13b45bb540cdf462ee558a3422ccc99d3bffd888c9d0113534,2025-02-27T13:15:11.153000 +CVE-2024-58002,0,1,8e8852dd697e5e3716cfa9f1993a71241026eb80957adf43243b6e6532856287,2025-03-06T12:42:22.567000 CVE-2024-58003,0,0,d63162215e1a5dbdf2f26a3a80f9f12faed3d9c520fa6be1ac27c057f67243cd,2025-02-27T03:15:11.277000 CVE-2024-58004,0,0,68844712d1835a2f20b5302361ac491d98dd1a1f13907be2f39c078787a0c250,2025-02-27T03:15:11.380000 -CVE-2024-58005,0,0,498809a5c8c3445d0fbab8c50a86835899fbaf9e1b0f24c0e59c6bcda647277f,2025-02-27T03:15:11.480000 +CVE-2024-58005,0,1,1395e55c0601825a9bf63d4a1f6b18315e7cffca113c9765a19b51b299c5c98c,2025-03-06T12:42:22.567000 CVE-2024-58006,0,0,99bcd7c70bad6c86d4a686c41e032b597709b74aa5784099886d83704a9dc686,2025-02-27T03:15:11.583000 CVE-2024-58007,0,0,99668dc3f95779e9ab7d159225d35092d54f8a625cb70f7c1df3ac9c1790c35c,2025-02-27T03:15:11.680000 CVE-2024-58008,0,0,83bb44015382c711e9fe765b2c4558ae62041f53545addc939db33a1da1a9569,2025-02-27T03:15:11.780000 CVE-2024-58009,0,0,6a6126ef4bf4110693d6a0d67f707884629b7a16a613596b22e7f8f6785b193e,2025-02-27T03:15:11.880000 CVE-2024-5801,0,0,88cefa27997e2bcbe21b5c883c0afde76d26ad02906fc919eaea4622c76add0a,2024-08-12T13:41:36.517000 -CVE-2024-58010,0,0,7890f0fc518a397a6f3394be59f08277a93d5e6d2c7bea10037599ec5ef4e93d,2025-02-27T03:15:11.980000 -CVE-2024-58011,0,0,1e5ed1e9dbbfdfc9c4e1f83ef735602eb4423be5efad22020690bcd20febf463,2025-02-27T03:15:12.087000 -CVE-2024-58012,0,0,a87781614600ca02d98d4520ab570199bd055ca58f903501e236e127b34cd233,2025-02-27T03:15:12.187000 +CVE-2024-58010,0,1,c1fd457cf19b62729c1f9b9b7bbb9293ec963169d1a004a0837507c00ece7219,2025-03-06T12:42:22.567000 +CVE-2024-58011,0,1,fc794450673cbe9ad7f2b33dc371eab9dfbd1bfc29db3b7101769aa8d3911f9e,2025-03-06T12:42:22.567000 +CVE-2024-58012,0,1,c8d740bec17d8fc7f5d246a577a3ca722860950bfe7cc6f3f55a1529388c0457,2025-03-06T12:21:35.360000 CVE-2024-58013,0,0,db720d7ccdda587cf86c812bf9a23ff3242ad2c6818001578519aa3e1096cd28,2025-03-05T22:15:35.690000 CVE-2024-58014,0,0,c7b2aa63e8b7bec392f61441db5b82d30877f13fd011c4249345a8e6613810f5,2025-02-27T03:15:12.390000 CVE-2024-58015,0,0,408dce73f62364b52ba252950975a281e1135fb7b4b23b2ccae7c773ad3c39ca,2025-02-27T03:15:12.493000 CVE-2024-58016,0,0,4b26c1146b2a0dfbe10569fbb6f1cac4750ac1fe03a88c36d84acf78d6c876e6,2025-02-27T03:15:12.590000 -CVE-2024-58017,0,0,aac48f4a0f6ee353067da107e148227722b1660b9e32f3c904e5114adbf112dc,2025-02-27T03:15:12.690000 +CVE-2024-58017,0,1,18bd37de338911a20f5914e76e03d06f45cf2a45cb08188b214fd79e66278cc8,2025-03-06T12:21:35.360000 CVE-2024-58018,0,0,2d45ea9e1b61e8eef6ac2402ad337a326ac66e5ce54a80719f057d18b1037900,2025-02-27T03:15:12.797000 CVE-2024-58019,0,0,ebe852acb58145e0f515ee4e65d8d88d1691b0b856363c64f164142eb938ae30,2025-02-27T03:15:12.897000 CVE-2024-5802,0,0,19fff604014c9cef9e0f8bc6a62b84f7523f1797653eafe6700c36b3d03bd7a8,2024-11-21T09:48:21.447000 -CVE-2024-58020,0,0,c6dd37c1ce19d533a907eee523d03dd86887dec00b10f065b1660bbe7fc7135b,2025-02-27T03:15:12.997000 -CVE-2024-58021,0,0,228350909b9f49e0925cb16d6fff6890df30f86ad805ed469980f5769f553c12,2025-02-27T03:15:13.110000 +CVE-2024-58020,0,1,5a8fbd0ea6230b3adf124651d3209ddd707b5ccdd2a1f6069d1ce1136d9e87ff,2025-03-06T12:21:35.360000 +CVE-2024-58021,0,1,1a52cd1a00902ee421b6fe06d4bf4ed4d9ccb5fd0ebd997107ce026e3de83c83,2025-03-06T12:21:35.360000 CVE-2024-58022,0,0,fa469b1694a27ff9f3883dfbb31bb0fb81728568f162205ac4ad417c587e1c4b,2025-03-05T14:05:15.387000 CVE-2024-5803,0,0,9f82593b4c57457c96daef99978d68eaca19c8db6ce80dfb437501b3b95974d3,2024-10-04T13:50:43.727000 CVE-2024-58034,0,0,a58d20858f51668ab0e30ae7e40910f616321f1f89fdedf57b44aac4e3186045,2025-03-04T18:15:24.617000 @@ -278232,6 +278236,7 @@ CVE-2024-7868,0,0,9e808ba59db5e75df79564ecc2138484211632b9d431d14239406d748d65bd CVE-2024-7869,0,0,a24ed1b37588c27588e8f347c06825561aa4e483768430e73928fa9d6c6d77d1,2024-10-04T13:51:25.567000 CVE-2024-7870,0,0,3ed63dc8c6790f45531fa92ee00a8019436a7c365c07e1d62a5d07b0d3c88d17,2024-10-07T12:29:19.203000 CVE-2024-7871,0,0,31db92eb5e0af181e39b35c41b604931a9d330c8192fefbcc353a016d70cbca3,2024-09-04T17:34:14.630000 +CVE-2024-7872,1,1,da9e48ba3c5ebdf2a98907c1d3bb0d0d8666f811524323efeb2f562336a5c4c6,2025-03-06T12:15:35.667000 CVE-2024-7873,0,0,03a7d50af22555e4239c69e93e200f90c2450fb77addde43aeb65c5f4bc2bdc1,2024-09-20T12:30:51.220000 CVE-2024-7874,0,0,79509650a2a2c64601c5be3ed14299dfd192578a0a0c4b43f8e745203fae82b5,2024-12-06T21:15:09.487000 CVE-2024-7875,0,0,fb1669572475de6533c581f8c56bc49b1a49b90132a9fcae7ae022ebc7e1b8e2,2024-12-06T21:15:09.613000 @@ -280194,7 +280199,7 @@ CVE-2025-0345,0,0,fdab4ab061ba34e7ae56477c0a30fa81f9f16f64f88fe386d4634a52d9c45c CVE-2025-0346,0,0,784962397b9f922e5eb47e0f60b46c47f1349646424ee2278ecbe0e3b77a240f,2025-02-27T02:05:55.703000 CVE-2025-0347,0,0,6673240c782ee6585e0b98006b3eaddd70b95ff8f7b53165bb334c59c3c173da,2025-02-27T02:05:55.703000 CVE-2025-0348,0,0,e571492bb8da0d49f53156cf92abd508dd738cda3756ae8e9a52c4288cbf6dee,2025-01-09T10:15:07.700000 -CVE-2025-0349,0,0,98a8219cc563ba024e27c7236f3a4a547c151021bf0a7a22608574ccb74bd810,2025-01-09T11:15:16.547000 +CVE-2025-0349,0,1,aefa841112d10deacd44207c4ea560230b6873b18e02516a9c1ce182b55a447c,2025-03-06T12:42:52.363000 CVE-2025-0350,0,0,568075e13fb305f34efa279da3968d622f1d523cffbec586aa7d1232c4534cda,2025-02-04T20:36:53.180000 CVE-2025-0352,0,0,3a526a5a58f779d9c18dd79a4421979dfef5808334aa001e60b548298e16dc22,2025-02-20T20:15:46.383000 CVE-2025-0353,0,0,fefe78eacfc73b3da0e296010fc7bc87595c20639bad926c14a54ed0a611d0ba,2025-01-29T12:15:29.477000 @@ -280837,6 +280842,7 @@ CVE-2025-1378,0,0,d0208345267ae9796dcf80d03ba8ecbf2300d71dbaf402ff968e0ce73cff89 CVE-2025-1379,0,0,c44b0567f6d42e02494f415a80eeeac6ce86521e3a7c055a79a4396e3ddebab8,2025-02-18T20:15:24.460000 CVE-2025-1380,0,0,7ec337c9b7d3226eb945ee86e72b56068996db39674e4d48869c07d60e2a44ac,2025-02-18T20:15:24.560000 CVE-2025-1381,0,0,a7ba87fad7a72f1bffe925c9548fe9143d4d449a7f8ce12fa978a99f26accdf5,2025-02-18T20:15:24.667000 +CVE-2025-1383,1,1,26b3f9287a3dc8bde52150fc61dab501d76865193cef15f0f8e76bc4558f6230,2025-03-06T12:15:35.937000 CVE-2025-1387,0,0,b80cfff8816a5a4c7344419c24985cf6849d91e56da599c269854d931b93688f,2025-02-17T04:15:08.807000 CVE-2025-1388,0,0,8e601c55f63d7c4a99175dca26ea6e765f5666baba3a63fcb66bd4e1e37a8c84,2025-02-17T04:15:08.960000 CVE-2025-1389,0,0,795a35efe21e6a34ebaee5d031621504f5de1cd150eb87bc8f92558df8e46474,2025-02-17T05:15:10.317000 @@ -280889,7 +280895,7 @@ CVE-2025-1536,0,0,13d2bb79966b022c194b53190d029539a3b9db0220df5fb889249e7f79d2fa CVE-2025-1537,0,0,861630e1b0372f1f37852ff12813e7a5ac2fa6d179d082cf3113227aa130bf0c,2025-02-21T15:15:12.460000 CVE-2025-1538,0,0,13e428f2e0a70ca29f792d43841bea06ccb32609b695e1ccad7a3e5c918f65a6,2025-02-25T20:54:42.947000 CVE-2025-1539,0,0,97460c98bf526740214940beb1708fd987b97676a93649d845868894467b4304,2025-02-21T15:15:12.830000 -CVE-2025-1540,1,1,0c563f4f685636159ddf5e4314eb08b0ba3d992f086b463f21581a35e349e4cd,2025-03-06T09:15:26.317000 +CVE-2025-1540,0,0,0c563f4f685636159ddf5e4314eb08b0ba3d992f086b463f21581a35e349e4cd,2025-03-06T09:15:26.317000 CVE-2025-1543,0,0,dfb74998b01a6403cafc6b46cb4c4c78345f8468d3e985eba5ddcbda95801293,2025-02-21T16:15:32.787000 CVE-2025-1544,0,0,2377ad87743f4fe242650024fb03372701542bc42778ab3d19eda86c524de177,2025-02-21T16:15:32.953000 CVE-2025-1546,0,0,84418e607817926124f36f2ad2fdd36567961e93366563a9f6287482acdf5eab,2025-02-21T18:15:21.523000 @@ -280955,8 +280961,9 @@ CVE-2025-1645,0,0,04ec87d98beb60cc953f9d19acf54f139fb80161a3db0460324c4b28ab5996 CVE-2025-1646,0,0,82269c59d8fff978173814c505cbeb09d268e21305971283c38395c7897fc304,2025-02-25T14:15:31.320000 CVE-2025-1648,0,0,01be54e92ee6583d4b180477f3f82c99c2017256ad3257671bbc83775fcbe841,2025-02-28T01:30:32.830000 CVE-2025-1662,0,0,65cfd856306d889617e3038fc6a8c795bc27be9c444f1a9c5df3c4ffdd828a0f,2025-02-28T09:15:12.373000 +CVE-2025-1666,1,1,ea2a7fe153b3bd999a528b5a5c12f9cc09134d2f6112f43b8b3a66a17753fd12,2025-03-06T12:15:36.117000 CVE-2025-1671,0,0,dfe1ff393d446d4a55c0e76e273c07a93a52c6ac6df15c5814731fbc40a9a1ea,2025-03-01T08:15:34.320000 -CVE-2025-1672,1,1,7a20675a12af4d2fa4d4625b3c2a44c55632de2b78981cd05f1c08d4059e6b7d,2025-03-06T10:15:11.897000 +CVE-2025-1672,0,0,7a20675a12af4d2fa4d4625b3c2a44c55632de2b78981cd05f1c08d4059e6b7d,2025-03-06T10:15:11.897000 CVE-2025-1673,0,0,43512569ec0b0b4646ee8d2f3e7a6a4bcb909a60652f0dbc32a6d2623d178b1f,2025-02-28T01:30:32.830000 CVE-2025-1674,0,0,c9ab5cf0d854b00d30135f8d3aae01653c22e99139baff93dd6ad32b17a41d13,2025-02-28T01:30:32.830000 CVE-2025-1675,0,0,0b817eb545f757f9942631ee6d87bc1530fc1d31342388c76d70ff502c500bfa,2025-02-25T08:15:30.020000 @@ -280971,6 +280978,7 @@ CVE-2025-1691,0,0,fa342911d8aff1f1c916fab2606c8daed81ceb012a2ca7f67eb6c905e0ec58 CVE-2025-1692,0,0,ada4fe9963e6bfb9428a6effda149b259cc8c8d330fa71a5cddb43ce0441e458,2025-02-27T13:15:11.413000 CVE-2025-1693,0,0,78bee8ea11b0f84269d8265b773d2949284a15da89c9262684dc7b4564686390,2025-02-27T13:15:11.563000 CVE-2025-1695,0,0,11ac8a68241490aba1f5f798db0dba9522b478d170bec56bb4dd6fd08e218fb4,2025-03-05T15:18:38.660000 +CVE-2025-1696,1,1,e19ce729f319138dda2bbd521ee9f97aba68e3dde2fd97d4281f0a0a35131297,2025-03-06T12:15:36.293000 CVE-2025-1702,0,0,41f2b6913f8c8180797afd2cc2f175ceac2f74f281e62e10b6b473a6add44571,2025-03-05T12:15:35.420000 CVE-2025-1714,0,0,7d464005cc3e2fe8abdf07631689d8f1c4467f8ffe467852e3ced1b0a0be0afa,2025-03-05T15:15:15.413000 CVE-2025-1716,0,0,db3aecae26e7981ab8a106cfd43bc335b9dad5cbc10d04d2c9d637c981434378,2025-03-03T16:15:39.520000 @@ -281062,8 +281070,8 @@ CVE-2025-1873,0,0,e1c282e5ad730be363eaf77efd9ada11d8c28125c103f5c76eae6f3dc74ed9 CVE-2025-1874,0,0,aaac5f5bbefa513f1f275c65a81e3107f76733903a225b9b994a8887fc4365fa,2025-03-03T13:15:12.693000 CVE-2025-1875,0,0,05a3bf51a95148d04bc21a250ccef05a1148e7afa6764429679a636a04f327f8,2025-03-03T13:15:12.837000 CVE-2025-1876,0,0,b0ccd9a3c40b94458651917984a63f6cfe9c27f4d03f238f5e27495b9a9a3392,2025-03-04T17:15:14.313000 -CVE-2025-1877,0,0,4b3ca9eb38fe13d61b6a5fe1999238787def06e15c7cfb4ade6a5110ae7008d1,2025-03-03T19:15:34.180000 -CVE-2025-1878,0,0,ec23e88b569005bf7d3c4526d077acc62c590ae5f6c22422ff423486f2dbc798,2025-03-03T19:15:34.387000 +CVE-2025-1877,0,1,7d73aa334c0864103a3ab0869970d09cd3d668eccad8f23727a1269ca151bc0e,2025-03-06T12:21:35.360000 +CVE-2025-1878,0,1,3ebce170851420b7dbf1460879d38b0859a7dd259c353dc64c458f5e8f2fb0f9,2025-03-06T12:21:35.360000 CVE-2025-1879,0,0,8dfd2646c676c3ece0a7cdb47902f86b3104dd08987a88251e5f89a02963e9ad,2025-03-05T14:05:15.387000 CVE-2025-1880,0,0,c72d611e03bec1601138d23f870cd9f7c0e1da9ae20c7fdea23df40cce84c0ac,2025-03-05T14:05:15.387000 CVE-2025-1881,0,0,30af475aa1857a9549937ceaba0a5a810af94b0854718b918bcc65af8247966d,2025-03-05T14:05:15.387000 @@ -281072,19 +281080,19 @@ CVE-2025-1889,0,0,5072bd95a86d25feae5791cf255f77defba5f3e20f781603009ba8bbf0cc98 CVE-2025-1890,0,0,c1d47d4a4aeac7a335593000ae0438d3423e1a99470e82a526c70a2e79722b6e,2025-03-05T14:05:15.387000 CVE-2025-1891,0,0,9b2d5672e830320e85f4ce1b1237cb247e1b08f382010ca70ebe9ce25ecd4518,2025-03-05T20:16:46.363000 CVE-2025-1892,0,0,23e8bd45c61a59b4dc633c22bbb6b47bcebfa584a27c4f28fe02f9776032c8ce,2025-03-05T20:16:46.363000 -CVE-2025-1893,0,0,9be412d2514b9be0790e5a4193b6955597746daf900e90c81d514cf9ccc312d7,2025-03-04T17:15:15.890000 +CVE-2025-1893,0,1,b2d203b613f27dbac4f37dcede36fc006d1bdec55036de6db0319aba9208eaa8,2025-03-06T12:21:35.360000 CVE-2025-1894,0,0,1e18049f5b87411c04f983f9b00db61cf73fb4d9a08324c4d43d383b4f67f4a4,2025-03-05T15:18:38.660000 CVE-2025-1895,0,0,b57852434c30ca53442c5acf041813dfb48893d7697f9a81c13c127c1f342ef7,2025-03-05T15:18:38.660000 CVE-2025-1896,0,0,d6468fd7c73c75a3b36bb29f1c2fee1b2fb32ea5a7c8aea8e3f379d9e7426436,2025-03-04T02:15:36.340000 CVE-2025-1897,0,0,ef6eeecac44103a3a11c26621ef98dac5d2bbb27b9150790aed2c97e99413493,2025-03-04T02:15:36.513000 CVE-2025-1898,0,0,6dd4f4dd3867537e2273be7442c60d9cdb3ccf4846f81ef9fd2704d9557f1c1e,2025-03-04T02:15:36.680000 CVE-2025-1899,0,0,a77691b4c448ef2bbbe9d4136b221ec0c7528d9c510c1bc782c445389d323e3c,2025-03-05T18:47:21.313000 -CVE-2025-1900,0,0,d3082e94b9592441088dc165b99a15ab6d554db678fa3c756afc71794924b0d3,2025-03-04T17:15:16.023000 -CVE-2025-1901,0,0,6a0e0b6d920b5be207e384b12f77ca4dbc6181d350853bd89c4970865324796a,2025-03-04T17:15:16.150000 -CVE-2025-1902,0,0,4f33e98a96c36f9eb4cbf4c992c7f8a6dde5fe1c6867df23a308ccaf03d2c2be,2025-03-04T16:15:37.450000 -CVE-2025-1903,0,0,feb447ed58cefdf61303da7ea43a9121d478203aceeb23851a14b658ab7612c4,2025-03-04T16:15:37.577000 -CVE-2025-1904,0,0,67789ecf25a3a069ead16fcfc4d62d28da2bab19c41d0fefbcf5c0a48757e274,2025-03-04T16:15:37.700000 -CVE-2025-1905,0,0,96b71a21d0d8fc3a56947eb8c835bfa740c8bb7b678faabc75b6ff6682fc8368,2025-03-04T15:15:24.033000 +CVE-2025-1900,0,1,2bb4415842bd144755e10d37e7bdda984b10b0e407943e93eb4e77d1b80545fa,2025-03-06T12:21:35.360000 +CVE-2025-1901,0,1,39502d1ad733af26c8353312629d13298f6f85261490cede3884982e164f6103,2025-03-06T12:21:35.360000 +CVE-2025-1902,0,1,6642b45a5b9d0157dbcbfe7ed8407322ac885c09e239452506eca1dd8061d1d4,2025-03-06T12:21:35.360000 +CVE-2025-1903,0,1,c97c725b330640c2eb326cf708d9cdba957f8bee8128cf210d90507df4f160cd,2025-03-06T12:21:35.360000 +CVE-2025-1904,0,1,5982f191697594854129a95e84a87d047a15fabc77030ebb45046f4ce2b93e2a,2025-03-06T12:17:33.710000 +CVE-2025-1905,0,1,f6cb8f547b222722f8a05ade71066d34df308515521c260f6830f7a0901183d4,2025-03-06T12:17:33.710000 CVE-2025-1906,0,0,50fb789742a4cb14c8bf4cadc940496288485e869e115b1312bb9ddc6bd1a640,2025-03-04T15:15:24.233000 CVE-2025-1914,0,0,26644d87f7ea78754e61afdf88af3b53e637cc322d9c410d45452411107b6199,2025-03-05T15:15:15.560000 CVE-2025-1915,0,0,87990d884ed6a1cf9c53cbb9074aeaf50ed7455c17bcda3f0fc14c8f3723c450,2025-03-05T15:15:15.743000 @@ -281767,14 +281775,14 @@ CVE-2025-21731,0,0,7c1b8af4bebbeff1dfc9fae4f71bc7c3973872aeed99474f1f0af7f7a91ef CVE-2025-21732,0,0,3b60bb445ae2b0c463604586ead7cd7b0115346717e34f71b063126e52774df3,2025-02-27T03:15:13.820000 CVE-2025-21733,0,0,f431674ee055b07860a3ac39c72dd3c08e4e4c04f40b001135cbbbbb35e430d4,2025-02-27T03:15:13.923000 CVE-2025-21734,0,0,d9f8314f03451f7ef65c7d0edb09eb5d3aed3906394ae2705f0dbf091413da63,2025-02-27T03:15:14.030000 -CVE-2025-21735,0,0,f00cdf857ebf20f7da9c191889fcba9e17b193dd64265116cbef549b0744ce37,2025-02-27T03:15:14.130000 -CVE-2025-21736,0,0,12d1558a5dc1f85ce4cf2716c96609d8bd9bb9dbccfa808fac85daf0d1929cee,2025-02-27T03:15:14.230000 -CVE-2025-21737,0,0,768d515a38f902b8b97672712ea806582913394e097a3e9b09f27b7b266c7dfb,2025-02-27T03:15:14.327000 +CVE-2025-21735,0,1,9447e89c5d3f0e8239c27fb7722fcbae09018357fec71126d259ef460ed6c98d,2025-03-06T12:21:35.360000 +CVE-2025-21736,0,1,95b5d003bb740dbf9be6a52daa32d7623c068f24bfe6d5597bc9ed5c0178fb53,2025-03-06T12:21:35.360000 +CVE-2025-21737,0,1,adbd37458e33d4b47282f1ae2cdaa9237f3384c7ef422beb49ae5c4d15493f31,2025-03-06T12:21:35.360000 CVE-2025-21738,0,0,be77dcc026730be68ea4112c0fa30198339fe27d884a1a08600eb0bb1db551ea,2025-02-27T03:15:14.427000 CVE-2025-21739,0,0,744890e3cb1b9afcafda7c757903b6daa82212d794f0c9620286b179d883b7a1,2025-02-27T19:15:50.067000 -CVE-2025-21740,0,0,7249c4b68e96d97177baa5eae9d79ee979e7ed8b572bfb8e81aa81e7f83677fe,2025-02-27T03:15:14.630000 -CVE-2025-21741,0,0,df36a0330c927b9091228821306a4f8407b97e29af863546770c389d0454bb68,2025-02-27T03:15:14.730000 -CVE-2025-21742,0,0,948b6be9d312397d4e03fb9c5c1c202768d0b546febb18e7cb94d44bd8082a56,2025-02-27T03:15:14.830000 +CVE-2025-21740,0,1,22d267932c0c117f2bd6c851facd5454bb12998f423d0c9d7180bce46944d5ed,2025-03-06T12:21:35.360000 +CVE-2025-21741,0,1,865a61ef696dae829a575967cdb4ff384cea015538d94f81eb0d0bf40d9dc881,2025-03-06T12:21:35.360000 +CVE-2025-21742,0,1,b7fdadee381668e0eb92c87e1e70c39135d4fab66863f67fa8e359a4c75a4348,2025-03-06T12:21:35.360000 CVE-2025-21743,0,0,9a9acf545dda075999a27b2c6861db1133404fa1f33a76b52eb77a04cdf73400,2025-03-05T18:47:21.313000 CVE-2025-21744,0,0,4b24b592f92e54ef2bc8ba435c4dc52efe3ad202fb9364b0c791aa7b879e6019,2025-03-05T18:47:21.313000 CVE-2025-21745,0,0,bacd274e8d326f43626f4106545cf6113091b8569b7bec5b3c07f641bfe243d8,2025-03-05T18:47:21.313000 @@ -283800,7 +283808,7 @@ CVE-2025-25899,0,0,0a94e1ac94f2348ced8620095f1a1cdbc8d00da1d929db972e382fd33828a CVE-2025-25900,0,0,0a49592be1d696f5f901fb9602bc587e2d7d2fe0e68d036d6f9f545c33b03dec,2025-02-13T16:16:50.037000 CVE-2025-25901,0,0,dbbaa66456410cc814c13398a9419347a95d4c008549889e82c9e08064439afb,2025-02-20T15:15:14.380000 CVE-2025-25916,0,0,4e2a1655b4a6aaf2526c4ed04e0ae1c0b064355e8a43832e8f7a15b5c3ab676d,2025-02-28T16:15:39.867000 -CVE-2025-25939,0,0,992d3a3af85a865c5e3cc230e47c5cf7bd41ddf87fd1808183c7bb3c2eac5924,2025-03-04T17:15:17.720000 +CVE-2025-25939,0,1,7dbd849d533c834d2205e6078f0487c45587eccd9cff67e78aa1acfe6cb8ca0d,2025-03-06T12:21:35.360000 CVE-2025-25942,0,0,abb06ac2462106029cbb8bb08119f5129d89323ab66d1de7f80d7b48f0130201,2025-02-20T15:15:14.587000 CVE-2025-25943,0,0,ddbf4f2120cdf8c0c6ec76a602b8a3405d44d5883b4cc9347335166be4d0cf63,2025-02-20T15:15:14.743000 CVE-2025-25944,0,0,ddbe030374d7cbb79a7eeac3a7fcb4800d8524e9c1e33154d3a9a0836431ffdc,2025-02-20T15:15:14.900000 @@ -283816,7 +283824,7 @@ CVE-2025-25953,0,0,c63208d17b5abc8d04a1effcfa3f9d2231a0266b3bf41265e2e620c714e3b CVE-2025-25957,0,0,b65136edccab78b78b9c909881827ed1ed034886966746fcab259eb6d692acae,2025-02-21T15:15:13.067000 CVE-2025-25958,0,0,0f8b1b28a95747b988ec24f56374cc73cf997d93ede793e430858c23744338af,2025-02-21T16:15:33.173000 CVE-2025-25960,0,0,f81f6a42cc37f50d144da0c1d5b21881b06cbfd074736b0e8bb6bc8c20ba8aa2,2025-02-21T22:15:13.297000 -CVE-2025-25967,0,0,8662c596eed740ea24b45b4d8fa4d0f68ae1a4d1dd35ac039e7586a3b87f6d25,2025-03-04T17:15:18.070000 +CVE-2025-25967,0,1,81784ba9feac0723a167c707a9320ff214d739b74a7e612ad514cf55aca18698,2025-03-06T12:21:35.360000 CVE-2025-25968,0,0,aa03a40375072b5ed2e0cc97eadb8b6a24b2d3fca5df43f3cc84fd5f8cf62db9,2025-02-20T20:15:46.993000 CVE-2025-25973,0,0,65ef8616835d158faacedce49a052fb547828e3d5a16eaa3b291d668b6b798cd,2025-02-20T20:15:47.153000 CVE-2025-25988,0,0,2e4eb2e7125515f27fdfebdfe00a0ef8ddea99213605fc21d44aa06160606890,2025-02-14T19:15:14.497000 @@ -284229,7 +284237,7 @@ CVE-2025-27425,0,0,43f7986422b72b569737fcbe0c2ca989629ae4db5bdd877f11b2c4de8f9e5 CVE-2025-27426,0,0,3424a995371007e75834114eff317845d6ca8dec201ea4e5a46602f3aae7a610,2025-03-04T16:15:40.933000 CVE-2025-27497,0,0,2fc0d7db27c0271849809e7a3569c315d4d896035f23974cb31f5ee306ac5122,2025-03-05T16:15:40.587000 CVE-2025-27498,0,0,5abce51fa5a892a16b00a0cc6ce6e1fd8dbe5c06f14b98e0dedb5a5e4ad38ec0,2025-03-03T17:15:16.443000 -CVE-2025-27499,0,0,4965d1f33bd39650c875a4f519cbf29847dad09c69afddd5d8f9f75ded369f59,2025-03-04T17:15:20.250000 +CVE-2025-27499,0,1,2a0981b70298c8422dcc388fd2e38e8ce3aebafeb3f8ba21e6fc5b4555397cd3,2025-03-06T12:21:35.360000 CVE-2025-27500,0,0,cb6df3c7837dc5abc6c6f0695bd5500abd68f8bbec81fe765a02e55411ae2f90,2025-03-05T20:16:46.363000 CVE-2025-27501,0,0,53b5f824b786b51b76ab4a2d3f0a9e775ebc9b9bbcc03d086c0bdf69f6ac7cb6,2025-03-05T20:16:46.363000 CVE-2025-27507,0,0,ac222d7a76e525c1f46cf22a467332d1ebeead1ea6a6b94fad24e3b75b3e24ea,2025-03-04T17:15:20.360000