From 025f3820306e3f26ba614efa95cbef3709a3332d Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 19 Aug 2024 14:03:15 +0000 Subject: [PATCH] Auto-Update: 2024-08-19T14:00:19.612838+00:00 --- CVE-2022/CVE-2022-17xx/CVE-2022-1751.json | 8 +- CVE-2022/CVE-2022-331xx/CVE-2022-33162.json | 8 +- CVE-2022/CVE-2022-33xx/CVE-2022-3399.json | 4 +- CVE-2022/CVE-2022-45xx/CVE-2022-4532.json | 8 +- CVE-2023/CVE-2023-07xx/CVE-2023-0714.json | 8 +- CVE-2023/CVE-2023-16xx/CVE-2023-1604.json | 8 +- CVE-2023/CVE-2023-34xx/CVE-2023-3408.json | 8 +- CVE-2023/CVE-2023-34xx/CVE-2023-3409.json | 8 +- CVE-2023/CVE-2023-34xx/CVE-2023-3416.json | 8 +- CVE-2023/CVE-2023-34xx/CVE-2023-3419.json | 8 +- CVE-2023/CVE-2023-40xx/CVE-2023-4024.json | 8 +- CVE-2023/CVE-2023-40xx/CVE-2023-4025.json | 8 +- CVE-2023/CVE-2023-40xx/CVE-2023-4027.json | 8 +- CVE-2023/CVE-2023-45xx/CVE-2023-4507.json | 8 +- CVE-2023/CVE-2023-46xx/CVE-2023-4604.json | 8 +- CVE-2023/CVE-2023-477xx/CVE-2023-47728.json | 8 +- CVE-2023/CVE-2023-47xx/CVE-2023-4730.json | 8 +- CVE-2023/CVE-2023-528xx/CVE-2023-52889.json | 8 +- CVE-2023/CVE-2023-55xx/CVE-2023-5505.json | 8 +- CVE-2023/CVE-2023-70xx/CVE-2023-7049.json | 4 +- CVE-2024/CVE-2024-21xx/CVE-2024-2175.json | 8 +- CVE-2024/CVE-2024-222xx/CVE-2024-22217.json | 4 +- CVE-2024/CVE-2024-222xx/CVE-2024-22218.json | 4 +- CVE-2024/CVE-2024-222xx/CVE-2024-22219.json | 4 +- CVE-2024/CVE-2024-231xx/CVE-2024-23168.json | 4 +- CVE-2024/CVE-2024-250xx/CVE-2024-25008.json | 4 +- CVE-2024/CVE-2024-255xx/CVE-2024-25582.json | 8 +- CVE-2024/CVE-2024-256xx/CVE-2024-25633.json | 4 +- CVE-2024/CVE-2024-258xx/CVE-2024-25837.json | 8 +- CVE-2024/CVE-2024-277xx/CVE-2024-27728.json | 4 +- CVE-2024/CVE-2024-277xx/CVE-2024-27729.json | 4 +- CVE-2024/CVE-2024-277xx/CVE-2024-27730.json | 4 +- CVE-2024/CVE-2024-277xx/CVE-2024-27731.json | 4 +- CVE-2024/CVE-2024-313xx/CVE-2024-31333.json | 4 +- CVE-2024/CVE-2024-322xx/CVE-2024-32231.json | 4 +- CVE-2024/CVE-2024-347xx/CVE-2024-34727.json | 4 +- CVE-2024/CVE-2024-347xx/CVE-2024-34731.json | 4 +- CVE-2024/CVE-2024-347xx/CVE-2024-34734.json | 4 +- CVE-2024/CVE-2024-347xx/CVE-2024-34736.json | 4 +- CVE-2024/CVE-2024-347xx/CVE-2024-34737.json | 4 +- CVE-2024/CVE-2024-347xx/CVE-2024-34738.json | 4 +- CVE-2024/CVE-2024-347xx/CVE-2024-34739.json | 4 +- CVE-2024/CVE-2024-347xx/CVE-2024-34740.json | 4 +- CVE-2024/CVE-2024-347xx/CVE-2024-34741.json | 4 +- CVE-2024/CVE-2024-347xx/CVE-2024-34742.json | 4 +- CVE-2024/CVE-2024-347xx/CVE-2024-34743.json | 4 +- CVE-2024/CVE-2024-356xx/CVE-2024-35686.json | 8 +- CVE-2024/CVE-2024-35xx/CVE-2024-3587.json | 71 ++- CVE-2024/CVE-2024-380xx/CVE-2024-38081.json | 473 +++++++++++++- CVE-2024/CVE-2024-396xx/CVE-2024-39666.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42260.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42261.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42262.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42263.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42264.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42265.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42266.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42267.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42268.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42269.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42270.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42271.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42272.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42273.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42274.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42275.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42276.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42277.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42278.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42279.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42280.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42281.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42282.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42283.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42284.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42285.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42286.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42287.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42288.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42289.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42290.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42291.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42292.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42293.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42294.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42295.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42296.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42297.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42298.json | 8 +- CVE-2024/CVE-2024-422xx/CVE-2024-42299.json | 8 +- CVE-2024/CVE-2024-423xx/CVE-2024-42300.json | 8 +- CVE-2024/CVE-2024-423xx/CVE-2024-42301.json | 8 +- CVE-2024/CVE-2024-423xx/CVE-2024-42302.json | 8 +- CVE-2024/CVE-2024-423xx/CVE-2024-42303.json | 8 +- CVE-2024/CVE-2024-423xx/CVE-2024-42304.json | 8 +- CVE-2024/CVE-2024-423xx/CVE-2024-42305.json | 8 +- CVE-2024/CVE-2024-423xx/CVE-2024-42306.json | 8 +- CVE-2024/CVE-2024-423xx/CVE-2024-42307.json | 8 +- CVE-2024/CVE-2024-423xx/CVE-2024-42308.json | 8 +- CVE-2024/CVE-2024-423xx/CVE-2024-42309.json | 8 +- CVE-2024/CVE-2024-423xx/CVE-2024-42310.json | 8 +- CVE-2024/CVE-2024-423xx/CVE-2024-42311.json | 8 +- CVE-2024/CVE-2024-423xx/CVE-2024-42312.json | 8 +- CVE-2024/CVE-2024-423xx/CVE-2024-42313.json | 8 +- CVE-2024/CVE-2024-423xx/CVE-2024-42314.json | 8 +- CVE-2024/CVE-2024-423xx/CVE-2024-42315.json | 8 +- CVE-2024/CVE-2024-423xx/CVE-2024-42316.json | 8 +- CVE-2024/CVE-2024-423xx/CVE-2024-42317.json | 8 +- CVE-2024/CVE-2024-423xx/CVE-2024-42318.json | 8 +- CVE-2024/CVE-2024-423xx/CVE-2024-42319.json | 8 +- CVE-2024/CVE-2024-423xx/CVE-2024-42320.json | 8 +- CVE-2024/CVE-2024-423xx/CVE-2024-42321.json | 8 +- CVE-2024/CVE-2024-423xx/CVE-2024-42322.json | 8 +- CVE-2024/CVE-2024-424xx/CVE-2024-42462.json | 8 +- CVE-2024/CVE-2024-424xx/CVE-2024-42463.json | 8 +- CVE-2024/CVE-2024-424xx/CVE-2024-42464.json | 8 +- CVE-2024/CVE-2024-424xx/CVE-2024-42465.json | 8 +- CVE-2024/CVE-2024-424xx/CVE-2024-42466.json | 8 +- CVE-2024/CVE-2024-424xx/CVE-2024-42472.json | 4 +- CVE-2024/CVE-2024-424xx/CVE-2024-42475.json | 4 +- CVE-2024/CVE-2024-424xx/CVE-2024-42476.json | 4 +- CVE-2024/CVE-2024-424xx/CVE-2024-42486.json | 8 +- CVE-2024/CVE-2024-424xx/CVE-2024-42487.json | 4 +- CVE-2024/CVE-2024-424xx/CVE-2024-42488.json | 4 +- CVE-2024/CVE-2024-426xx/CVE-2024-42634.json | 8 +- CVE-2024/CVE-2024-426xx/CVE-2024-42637.json | 8 +- CVE-2024/CVE-2024-426xx/CVE-2024-42638.json | 8 +- CVE-2024/CVE-2024-426xx/CVE-2024-42639.json | 8 +- CVE-2024/CVE-2024-427xx/CVE-2024-42757.json | 4 +- CVE-2024/CVE-2024-427xx/CVE-2024-42758.json | 8 +- CVE-2024/CVE-2024-428xx/CVE-2024-42849.json | 8 +- CVE-2024/CVE-2024-428xx/CVE-2024-42850.json | 8 +- CVE-2024/CVE-2024-429xx/CVE-2024-42994.json | 8 +- CVE-2024/CVE-2024-429xx/CVE-2024-42995.json | 8 +- CVE-2024/CVE-2024-430xx/CVE-2024-43005.json | 8 +- CVE-2024/CVE-2024-430xx/CVE-2024-43006.json | 8 +- CVE-2024/CVE-2024-430xx/CVE-2024-43009.json | 8 +- CVE-2024/CVE-2024-430xx/CVE-2024-43011.json | 8 +- CVE-2024/CVE-2024-430xx/CVE-2024-43042.json | 8 +- CVE-2024/CVE-2024-431xx/CVE-2024-43145.json | 8 +- CVE-2024/CVE-2024-432xx/CVE-2024-43207.json | 8 +- CVE-2024/CVE-2024-432xx/CVE-2024-43238.json | 8 +- CVE-2024/CVE-2024-432xx/CVE-2024-43239.json | 8 +- CVE-2024/CVE-2024-432xx/CVE-2024-43241.json | 8 +- CVE-2024/CVE-2024-432xx/CVE-2024-43244.json | 8 +- CVE-2024/CVE-2024-432xx/CVE-2024-43246.json | 8 +- CVE-2024/CVE-2024-432xx/CVE-2024-43262.json | 8 +- CVE-2024/CVE-2024-432xx/CVE-2024-43263.json | 8 +- CVE-2024/CVE-2024-432xx/CVE-2024-43266.json | 8 +- CVE-2024/CVE-2024-432xx/CVE-2024-43267.json | 8 +- CVE-2024/CVE-2024-432xx/CVE-2024-43276.json | 8 +- CVE-2024/CVE-2024-432xx/CVE-2024-43278.json | 8 +- CVE-2024/CVE-2024-432xx/CVE-2024-43279.json | 8 +- CVE-2024/CVE-2024-432xx/CVE-2024-43282.json | 8 +- CVE-2024/CVE-2024-432xx/CVE-2024-43284.json | 8 +- CVE-2024/CVE-2024-432xx/CVE-2024-43286.json | 8 +- CVE-2024/CVE-2024-432xx/CVE-2024-43288.json | 8 +- CVE-2024/CVE-2024-432xx/CVE-2024-43291.json | 8 +- CVE-2024/CVE-2024-432xx/CVE-2024-43292.json | 8 +- CVE-2024/CVE-2024-432xx/CVE-2024-43294.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43303.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43304.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43305.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43306.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43307.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43308.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43309.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43313.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43315.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43318.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43320.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43321.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43322.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43324.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43327.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43329.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43330.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43335.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43342.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43344.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43346.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43347.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43348.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43349.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43350.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43351.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43352.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43353.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43357.json | 4 +- CVE-2024/CVE-2024-433xx/CVE-2024-43366.json | 4 +- CVE-2024/CVE-2024-433xx/CVE-2024-43367.json | 4 +- CVE-2024/CVE-2024-433xx/CVE-2024-43369.json | 4 +- CVE-2024/CVE-2024-433xx/CVE-2024-43370.json | 4 +- CVE-2024/CVE-2024-433xx/CVE-2024-43374.json | 4 +- CVE-2024/CVE-2024-433xx/CVE-2024-43378.json | 4 +- CVE-2024/CVE-2024-433xx/CVE-2024-43381.json | 8 +- CVE-2024/CVE-2024-433xx/CVE-2024-43395.json | 8 +- CVE-2024/CVE-2024-434xx/CVE-2024-43472.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43807.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43808.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43809.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43810.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43815.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43816.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43817.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43818.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43819.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43820.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43821.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43822.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43823.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43824.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43825.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43826.json | 10 +- CVE-2024/CVE-2024-438xx/CVE-2024-43827.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43828.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43829.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43830.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43831.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43832.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43833.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43834.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43835.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43836.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43837.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43838.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43839.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43840.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43841.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43842.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43843.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43844.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43845.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43846.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43847.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43848.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43849.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43850.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43851.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43852.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43853.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43854.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43855.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43856.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43857.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43858.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43859.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43860.json | 8 +- CVE-2024/CVE-2024-440xx/CVE-2024-44067.json | 8 +- CVE-2024/CVE-2024-440xx/CVE-2024-44069.json | 8 +- CVE-2024/CVE-2024-440xx/CVE-2024-44070.json | 8 +- CVE-2024/CVE-2024-440xx/CVE-2024-44073.json | 8 +- CVE-2024/CVE-2024-440xx/CVE-2024-44076.json | 8 +- CVE-2024/CVE-2024-440xx/CVE-2024-44083.json | 8 +- CVE-2024/CVE-2024-47xx/CVE-2024-4763.json | 8 +- CVE-2024/CVE-2024-47xx/CVE-2024-4781.json | 8 +- CVE-2024/CVE-2024-47xx/CVE-2024-4782.json | 8 +- CVE-2024/CVE-2024-52xx/CVE-2024-5209.json | 8 +- CVE-2024/CVE-2024-52xx/CVE-2024-5210.json | 8 +- CVE-2024/CVE-2024-60xx/CVE-2024-6004.json | 8 +- CVE-2024/CVE-2024-60xx/CVE-2024-6098.json | 8 +- CVE-2024/CVE-2024-62xx/CVE-2024-6221.json | 8 +- CVE-2024/CVE-2024-63xx/CVE-2024-6330.json | 8 +- CVE-2024/CVE-2024-64xx/CVE-2024-6451.json | 8 +- CVE-2024/CVE-2024-64xx/CVE-2024-6456.json | 4 +- CVE-2024/CVE-2024-64xx/CVE-2024-6459.json | 8 +- CVE-2024/CVE-2024-64xx/CVE-2024-6460.json | 4 +- CVE-2024/CVE-2024-65xx/CVE-2024-6500.json | 8 +- CVE-2024/CVE-2024-67xx/CVE-2024-6731.json | 62 +- CVE-2024/CVE-2024-67xx/CVE-2024-6732.json | 62 +- CVE-2024/CVE-2024-68xx/CVE-2024-6843.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7136.json | 4 +- CVE-2024/CVE-2024-71xx/CVE-2024-7144.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7145.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7146.json | 4 +- CVE-2024/CVE-2024-71xx/CVE-2024-7147.json | 4 +- CVE-2024/CVE-2024-73xx/CVE-2024-7301.json | 4 +- CVE-2024/CVE-2024-74xx/CVE-2024-7422.json | 4 +- CVE-2024/CVE-2024-75xx/CVE-2024-7501.json | 4 +- CVE-2024/CVE-2024-76xx/CVE-2024-7630.json | 4 +- CVE-2024/CVE-2024-76xx/CVE-2024-7646.json | 8 +- CVE-2024/CVE-2024-77xx/CVE-2024-7703.json | 8 +- CVE-2024/CVE-2024-78xx/CVE-2024-7838.json | 4 +- CVE-2024/CVE-2024-78xx/CVE-2024-7839.json | 4 +- CVE-2024/CVE-2024-78xx/CVE-2024-7841.json | 4 +- CVE-2024/CVE-2024-78xx/CVE-2024-7842.json | 4 +- CVE-2024/CVE-2024-78xx/CVE-2024-7843.json | 4 +- CVE-2024/CVE-2024-78xx/CVE-2024-7844.json | 4 +- CVE-2024/CVE-2024-78xx/CVE-2024-7845.json | 4 +- CVE-2024/CVE-2024-78xx/CVE-2024-7849.json | 4 +- CVE-2024/CVE-2024-78xx/CVE-2024-7851.json | 4 +- CVE-2024/CVE-2024-78xx/CVE-2024-7852.json | 4 +- CVE-2024/CVE-2024-78xx/CVE-2024-7853.json | 4 +- CVE-2024/CVE-2024-78xx/CVE-2024-7866.json | 4 +- CVE-2024/CVE-2024-78xx/CVE-2024-7867.json | 4 +- CVE-2024/CVE-2024-78xx/CVE-2024-7868.json | 4 +- CVE-2024/CVE-2024-78xx/CVE-2024-7886.json | 8 +- CVE-2024/CVE-2024-78xx/CVE-2024-7887.json | 8 +- CVE-2024/CVE-2024-78xx/CVE-2024-7896.json | 10 +- CVE-2024/CVE-2024-78xx/CVE-2024-7897.json | 10 +- CVE-2024/CVE-2024-78xx/CVE-2024-7898.json | 10 +- CVE-2024/CVE-2024-78xx/CVE-2024-7899.json | 8 +- CVE-2024/CVE-2024-79xx/CVE-2024-7900.json | 8 +- CVE-2024/CVE-2024-79xx/CVE-2024-7901.json | 8 +- CVE-2024/CVE-2024-79xx/CVE-2024-7902.json | 8 +- CVE-2024/CVE-2024-79xx/CVE-2024-7903.json | 8 +- CVE-2024/CVE-2024-79xx/CVE-2024-7904.json | 8 +- CVE-2024/CVE-2024-79xx/CVE-2024-7905.json | 8 +- CVE-2024/CVE-2024-79xx/CVE-2024-7906.json | 8 +- CVE-2024/CVE-2024-79xx/CVE-2024-7907.json | 8 +- CVE-2024/CVE-2024-79xx/CVE-2024-7908.json | 8 +- CVE-2024/CVE-2024-79xx/CVE-2024-7909.json | 8 +- CVE-2024/CVE-2024-79xx/CVE-2024-7910.json | 8 +- CVE-2024/CVE-2024-79xx/CVE-2024-7911.json | 8 +- CVE-2024/CVE-2024-79xx/CVE-2024-7912.json | 8 +- CVE-2024/CVE-2024-79xx/CVE-2024-7913.json | 8 +- CVE-2024/CVE-2024-79xx/CVE-2024-7914.json | 8 +- CVE-2024/CVE-2024-79xx/CVE-2024-7916.json | 8 +- CVE-2024/CVE-2024-79xx/CVE-2024-7917.json | 8 +- CVE-2024/CVE-2024-79xx/CVE-2024-7919.json | 8 +- CVE-2024/CVE-2024-79xx/CVE-2024-7920.json | 8 +- CVE-2024/CVE-2024-79xx/CVE-2024-7921.json | 8 +- README.md | 35 +- _state.csv | 646 ++++++++++---------- 324 files changed, 2667 insertions(+), 990 deletions(-) diff --git a/CVE-2022/CVE-2022-17xx/CVE-2022-1751.json b/CVE-2022/CVE-2022-17xx/CVE-2022-1751.json index 0f5186d0d42..3bca77d1d40 100644 --- a/CVE-2022/CVE-2022-17xx/CVE-2022-1751.json +++ b/CVE-2022/CVE-2022-17xx/CVE-2022-1751.json @@ -2,13 +2,17 @@ "id": "CVE-2022-1751", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-17T08:15:04.550", - "lastModified": "2024-08-17T08:15:04.550", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Skitter Slideshow plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.2 via the /image.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services." + }, + { + "lang": "es", + "value": "El complemento Skitter Slideshow para WordPress es vulnerable a Server-Side Request Forgery en todas las versiones hasta la 2.5.2 incluida a trav\u00e9s del archivo /image.php. Esto hace posible que atacantes no autenticados realicen solicitudes web a ubicaciones arbitrarias que se originan en la aplicaci\u00f3n web y pueden usarse para consultar y modificar informaci\u00f3n de servicios internos." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-331xx/CVE-2022-33162.json b/CVE-2022/CVE-2022-331xx/CVE-2022-33162.json index ed83ebd4ace..58a615e790a 100644 --- a/CVE-2022/CVE-2022-331xx/CVE-2022-33162.json +++ b/CVE-2022/CVE-2022-331xx/CVE-2022-33162.json @@ -2,13 +2,17 @@ "id": "CVE-2022-33162", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-08-16T19:15:06.213", - "lastModified": "2024-08-16T19:15:06.213", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. IBM X-Force ID: 228570." + }, + { + "lang": "es", + "value": "IBM Security Directory Integrator 7.2.0 y Security Verify Directory Integrator 10.0.0 no realizan ninguna autenticaci\u00f3n para la funcionalidad que requiere una identidad de usuario demostrable o consume una cantidad significativa de recursos. ID de IBM X-Force: 228570." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-33xx/CVE-2022-3399.json b/CVE-2022/CVE-2022-33xx/CVE-2022-3399.json index 0361bc128f5..3cbc23f1d1c 100644 --- a/CVE-2022/CVE-2022-33xx/CVE-2022-3399.json +++ b/CVE-2022/CVE-2022-33xx/CVE-2022-3399.json @@ -2,8 +2,8 @@ "id": "CVE-2022-3399", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-16T03:15:09.627", - "lastModified": "2024-08-16T03:15:09.627", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-45xx/CVE-2022-4532.json b/CVE-2022/CVE-2022-45xx/CVE-2022-4532.json index f576a80064f..f98d29c6d2e 100644 --- a/CVE-2022/CVE-2022-45xx/CVE-2022-4532.json +++ b/CVE-2022/CVE-2022-45xx/CVE-2022-4532.json @@ -2,13 +2,17 @@ "id": "CVE-2022-4532", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-17T08:15:04.887", - "lastModified": "2024-08-17T08:15:04.887", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in." + }, + { + "lang": "es", + "value": "El complemento LOGIN AND REGISTRATION ATTEMPTS LIMIT para WordPress es vulnerable a la suplantaci\u00f3n de direcciones IP en versiones hasta la 2.1 incluida. Esto se debe a restricciones insuficientes sobre d\u00f3nde se recupera la informaci\u00f3n de la direcci\u00f3n IP para el registro de solicitudes y las restricciones de inicio de sesi\u00f3n. Los atacantes pueden proporcionar al encabezado X-Forwarded-For una direcci\u00f3n IP diferente que se registrar\u00e1 y se puede usar para evitar configuraciones que pueden haber bloqueado el inicio de sesi\u00f3n de una direcci\u00f3n IP." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-07xx/CVE-2023-0714.json b/CVE-2023/CVE-2023-07xx/CVE-2023-0714.json index f6fb4637a92..b0fcc1f5945 100644 --- a/CVE-2023/CVE-2023-07xx/CVE-2023-0714.json +++ b/CVE-2023/CVE-2023-07xx/CVE-2023-0714.json @@ -2,13 +2,17 @@ "id": "CVE-2023-0714", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-17T10:15:06.147", - "lastModified": "2024-08-17T10:15:06.147", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This allows unauthenticated visitors to perform a \"double extension\" attack and upload files containing a malicious extension but ending with a benign extension, which may make remote code execution possible in some configurations." + }, + { + "lang": "es", + "value": "Metform Elementor Contact Form Builder para WordPress es vulnerable a la carga arbitraria de archivos debido a una validaci\u00f3n insuficiente del tipo de archivo en versiones hasta la 3.2.4 incluida. Esto permite a los visitantes no autenticados realizar un ataque de \"doble extensi\u00f3n\" y cargar archivos que contienen una extensi\u00f3n maliciosa pero que terminan con una extensi\u00f3n benigna, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo en algunas configuraciones." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-16xx/CVE-2023-1604.json b/CVE-2023/CVE-2023-16xx/CVE-2023-1604.json index ce4b230b918..399dfb6da98 100644 --- a/CVE-2023/CVE-2023-16xx/CVE-2023-1604.json +++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1604.json @@ -2,13 +2,17 @@ "id": "CVE-2023-1604", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-17T08:15:05.090", - "lastModified": "2024-08-17T08:15:05.090", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Short URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.8. This is due to missing or incorrect nonce validation on the configuration_page function. This makes it possible for unauthenticated attackers to add and import redirects, including comments containing cross-site scripting as detailed in CVE-2023-1602, granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Short URL para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 1.6.8 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n configuration_page. Esto hace posible que atacantes no autenticados agreguen e importen redireccionamientos, incluidos comentarios que contengan Cross-Site Scripting como se detalla en CVE-2023-1602, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3408.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3408.json index d652fd17495..544043596de 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3408.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3408.json @@ -2,13 +2,17 @@ "id": "CVE-2023-3408", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-17T09:15:06.420", - "lastModified": "2024-08-17T09:15:06.420", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'save_settings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including enabling a setting which allows lower-privileged users such as contributors to perform code execution, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El tema Bricks para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 1.8.1 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n 'save_settings'. Esto hace posible que atacantes no autenticados modifiquen la configuraci\u00f3n del tema, incluida la habilitaci\u00f3n de una configuraci\u00f3n que permite a los usuarios con menos privilegios, como los contribuyentes, realizar la ejecuci\u00f3n de c\u00f3digo; a trav\u00e9s de una solicitud falsificada, pueden enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3409.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3409.json index e3d71f8e42c..a34bfb41d3d 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3409.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3409.json @@ -2,13 +2,17 @@ "id": "CVE-2023-3409", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-17T09:15:06.790", - "lastModified": "2024-08-17T09:15:06.790", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'reset_settings' function. This makes it possible for unauthenticated attackers to reset the theme's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El tema Bricks para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 1.8.1 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n 'reset_settings'. Esto hace posible que atacantes no autenticados restablezcan la configuraci\u00f3n del tema mediante una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3416.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3416.json index 2cba24039d7..5e9664819c2 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3416.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3416.json @@ -2,13 +2,17 @@ "id": "CVE-2023-3416", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-17T10:15:07.383", - "lastModified": "2024-08-17T10:15:07.383", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'subscriptionCouponId' parameter via the 'create_stripe_subscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + }, + { + "lang": "es", + "value": "El complemento tagDiv Opt-In Builder es vulnerable a la inyecci\u00f3n ciega de SQL a trav\u00e9s del par\u00e1metro 'subscriptionCouponId' a trav\u00e9s del endpoint de la API REST 'create_stripe_subscription' en versiones hasta la 1.4.4 incluida debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de suficiente preparaci\u00f3n en la consulta SQL existente. Esto hace posible que atacantes autenticados con privilegios de nivel de administrador agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer informaci\u00f3n confidencial de la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3419.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3419.json index a7586d4fc1b..d1abeb72734 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3419.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3419.json @@ -2,13 +2,17 @@ "id": "CVE-2023-3419", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-17T10:15:07.633", - "lastModified": "2024-08-17T10:15:07.633", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'couponId' parameter of the 'recreate_stripe_subscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + }, + { + "lang": "es", + "value": "El complemento tagDiv Opt-In Builder es vulnerable a la inyecci\u00f3n ciega de SQL a trav\u00e9s del par\u00e1metro 'couponId' del endpoint de la API REST 'recreate_stripe_subscription' en versiones hasta la 1.4.4 incluida debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de suficiente preparaci\u00f3n en la consulta SQL existente. Esto hace posible que atacantes autenticados con privilegios de nivel de administrador agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer informaci\u00f3n confidencial de la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4024.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4024.json index ca192fcd97f..bf7c99a7f73 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4024.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4024.json @@ -2,13 +2,17 @@ "id": "CVE-2023-4024", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-17T08:15:05.300", - "lastModified": "2024-08-17T08:15:05.300", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to delete player instances." + }, + { + "lang": "es", + "value": "El complemento Radio Player para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n delete_player en versiones hasta la 2.0.73 incluida. Esto hace posible que atacantes no autenticados eliminen instancias de jugadores." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4025.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4025.json index 6663a0c02ba..543007d19ca 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4025.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4025.json @@ -2,13 +2,17 @@ "id": "CVE-2023-4025", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-17T08:15:05.500", - "lastModified": "2024-08-17T08:15:05.500", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update player instances." + }, + { + "lang": "es", + "value": "El complemento Radio Player para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n update_player en versiones hasta la 2.0.73 incluida. Esto hace posible que atacantes no autenticados actualicen las instancias de los jugadores." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4027.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4027.json index f2ba9c4fffb..1f3f31ad18f 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4027.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4027.json @@ -2,13 +2,17 @@ "id": "CVE-2023-4027", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-17T08:15:05.703", - "lastModified": "2024-08-17T08:15:05.703", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_settings function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update plugin settings." + }, + { + "lang": "es", + "value": "El complemento Radio Player para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n update_settings en versiones hasta la 2.0.73 incluida. Esto hace posible que atacantes no autenticados actualicen la configuraci\u00f3n del complemento." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4507.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4507.json index c95aa9312e0..fb20ec16f5f 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4507.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4507.json @@ -2,13 +2,17 @@ "id": "CVE-2023-4507", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-17T08:15:05.893", - "lastModified": "2024-08-17T08:15:05.893", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Admission AppManager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'q' parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Admission AppManager para WordPress es vulnerable a Cross-Site Scripting Reflejado a trav\u00e9s del par\u00e1metro 'q' en versiones hasta la 1.0.0 incluida debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4604.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4604.json index 278aeada894..3cd789ac44d 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4604.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4604.json @@ -2,13 +2,17 @@ "id": "CVE-2023-4604", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-17T08:15:06.097", - "lastModified": "2024-08-17T08:15:06.097", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Slideshow, Image Slider by 2J plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018post\u2019 parameter in versions up to, and including, 1.3.54 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Slideshow, Image Slider de 2J para WordPress es vulnerable a Cross-Site Scripting Reflejado a trav\u00e9s del par\u00e1metro 'post' en versiones hasta la 1.3.54 incluida debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47728.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47728.json index 20245f32f7d..2fa94c9a1c2 100644 --- a/CVE-2023/CVE-2023-477xx/CVE-2023-47728.json +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47728.json @@ -2,13 +2,17 @@ "id": "CVE-2023-47728", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-08-16T20:15:09.780", - "lastModified": "2024-08-16T20:15:09.780", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the request. This information could be used in further attacks against the system. IBM X-Force ID: 272201." + }, + { + "lang": "es", + "value": "IBM QRadar Suite Software 1.10.12.0 a 1.10.22.0 e IBM Cloud Pak for Security 1.10.0.0 a 1.10.11.0 podr\u00edan permitir a un atacante remoto obtener informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado en la solicitud. Esta informaci\u00f3n podr\u00eda usarse en futuros ataques contra el sistema. ID de IBM X-Force: 272201." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4730.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4730.json index a92bb48975d..8bbc17e1ddc 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4730.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4730.json @@ -2,13 +2,17 @@ "id": "CVE-2023-4730", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-17T08:15:06.297", - "lastModified": "2024-08-17T08:15:06.297", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The LadiApp plugn for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init_endpoint() function hooked via 'init' in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to modify a variety of settings. An attacker can directly modify the 'ladipage_key' which enables them to create new posts on the website and inject malicious web scripts." + }, + { + "lang": "es", + "value": "El complemento LadiApp para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n init_endpoint() conectada a trav\u00e9s de 'init' en versiones hasta la 4.3 incluida. Esto hace posible que atacantes no autenticados modifiquen una variedad de configuraciones. Un atacante puede modificar directamente 'ladipage_key', lo que le permite crear nuevas publicaciones en el sitio web e inyectar scripts web maliciosos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-528xx/CVE-2023-52889.json b/CVE-2023/CVE-2023-528xx/CVE-2023-52889.json index 70b0eb77587..134d9810ad1 100644 --- a/CVE-2023/CVE-2023-528xx/CVE-2023-52889.json +++ b/CVE-2023/CVE-2023-528xx/CVE-2023-52889.json @@ -2,13 +2,17 @@ "id": "CVE-2023-52889", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:07.073", - "lastModified": "2024-08-19T05:15:05.943", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: Fix null pointer deref when receiving skb during sock creation\n\nThe panic below is observed when receiving ICMP packets with secmark set\nwhile an ICMP raw socket is being created. SK_CTX(sk)->label is updated\nin apparmor_socket_post_create(), but the packet is delivered to the\nsocket before that, causing the null pointer dereference.\nDrop the packet if label context is not set.\n\n BUG: kernel NULL pointer dereference, address: 000000000000004c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 0 PID: 407 Comm: a.out Not tainted 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df\n Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/28/2020\n RIP: 0010:aa_label_next_confined+0xb/0x40\n Code: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 <8b> 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2\n RSP: 0018:ffffa92940003b08 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000e\n RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002\n R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400\n R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000\n FS: 00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0\n PKRU: 55555554\n Call Trace:\n \n ? __die+0x23/0x70\n ? page_fault_oops+0x171/0x4e0\n ? exc_page_fault+0x7f/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? aa_label_next_confined+0xb/0x40\n apparmor_secmark_check+0xec/0x330\n security_sock_rcv_skb+0x35/0x50\n sk_filter_trim_cap+0x47/0x250\n sock_queue_rcv_skb_reason+0x20/0x60\n raw_rcv+0x13c/0x210\n raw_local_deliver+0x1f3/0x250\n ip_protocol_deliver_rcu+0x4f/0x2f0\n ip_local_deliver_finish+0x76/0xa0\n __netif_receive_skb_one_core+0x89/0xa0\n netif_receive_skb+0x119/0x170\n ? __netdev_alloc_skb+0x3d/0x140\n vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n __napi_poll+0x28/0x1b0\n net_rx_action+0x2a4/0x380\n __do_softirq+0xd1/0x2c8\n __irq_exit_rcu+0xbb/0xf0\n common_interrupt+0x86/0xa0\n \n \n asm_common_interrupt+0x26/0x40\n RIP: 0010:apparmor_socket_post_create+0xb/0x200\n Code: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 <55> 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48\n RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286\n RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001\n RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740\n RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000\n R10: ffff8b57444cec70 R11: 0000000000000000 R12: 0000000000000003\n R13: 0000000000000002 R14: ffff8b574eaab740 R15: ffffffffbd8e4748\n ? __pfx_apparmor_socket_post_create+0x10/0x10\n security_socket_post_create+0x4b/0x80\n __sock_create+0x176/0x1f0\n __sys_socket+0x89/0x100\n __x64_sys_socket+0x17/0x20\n do_syscall_64+0x5d/0x90\n ? do_syscall_64+0x6c/0x90\n ? do_syscall_64+0x6c/0x90\n ? do_syscall_64+0x6c/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: apparmor: corrige la deref del puntero nulo al recibir skb durante la creaci\u00f3n del calcet\u00edn. El siguiente p\u00e1nico se observa al recibir paquetes ICMP con la marca de seguridad configurada mientras se crea un socket ICMP sin formato. SK_CTX(sk)->label se actualiza en apparmor_socket_post_create(), pero el paquete se entrega al socket antes de eso, lo que provoca la desreferencia del puntero nulo. Descarte el paquete si el contexto de la etiqueta no est\u00e1 establecido. ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 000000000000004c #PF: acceso de lectura del supervisor en modo kernel #PF: c\u00f3digo_error(0x0000) - p\u00e1gina no presente PGD 0 P4D 0 Ups: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 407 Comm: a.out No contaminado 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df Nombre del hardware: VMware, Inc. Plataforma virtual VMware/Plataforma de referencia de escritorio 440BX, BIOS 6.00 28/05/2020 RIP 0010:aa_label_ siguiente_confinado+0xb/0x40 C\u00f3digo: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 > 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2 RSP: 0018:ffffa92940003b08 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 000 RCX: 000000000000000e RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 00000000000000000 RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002 R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400 R13: 00000000000000001 R14: 0000000000000001 R15: 00000000000 FS: 00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0 PKRU: 55555554 Seguimiento de llamadas: ? __morir+0x23/0x70 ? page_fault_oops+0x171/0x4e0? exc_page_fault+0x7f/0x180? asm_exc_page_fault+0x26/0x30? aa_label_next_confined+0xb/0x40 apparmor_secmark_check+0xec/0x330 seguridad_sock_rcv_skb+0x35/0x50 sk_filter_trim_cap+0x47/0x250 sock_queue_rcv_skb_reason+0x20/0x60 raw_rcv+0x13c/0x210 local_deliver+0x1f3/0x250 ip_protocol_deliver_rcu+0x4f/0x2f0 ip_local_deliver_finish+0x76/0xa0 __netif_receive_skb_one_core+0x89/0xa0 netif_receive_skb+0x119/0x170? __netdev_alloc_skb+0x3d/0x140 vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a] vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56 a84f9c97178c57a43a24ec073b45a9d6f01f3a] __napi_poll+0x28/0x1b0 net_rx_action+0x2a4/0x380 __do_softirq+0xd1/0x2c8 __irq_exit_rcu+0xbb/0xf0 common_interrupt+0x86/0xa0 asm_common_interrupt+0x26/0x40 RIP: 0010:apparmor_socket_post_create+0xb/0x200 C\u00f3digo: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 <55> 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48 RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286 RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001 RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740 RBP: 0000000000000001 R08: 000000000000 R09: 0000000000000000 R10: ffff8b57444cec70 R11: 0000000000000000 R12: 00000000000000003 R13: 0000000000000002 R14: 74eaab740 R15: fffffffbd8e4748 ? __pfx_apparmor_socket_post_create+0x10/0x10 security_socket_post_create+0x4b/0x80 __sock_create+0x176/0x1f0 __sys_socket+0x89/0x100 __x64_sys_socket+0x17/0x20 do_syscall_64+0x5d/0x 90? do_syscall_64+0x6c/0x90? do_syscall_64+0x6c/0x90? do_syscall_64+0x6c/0x90 entrada_SYSCALL_64_after_hwframe+0x72/0xdc" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5505.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5505.json index b420f3e8528..4657dcc3ff6 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5505.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5505.json @@ -2,13 +2,17 @@ "id": "CVE-2023-5505", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-17T09:15:07.160", - "lastModified": "2024-08-17T09:15:07.160", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run that are intended to prevent directory listing and file access. This means that an attacker could set the backup directory to the root of another site in a shared environment and thus disable that site." + }, + { + "lang": "es", + "value": "El complemento BackWPup para WordPress es vulnerable a Directory Traversal en versiones hasta la 4.0.1 incluida a trav\u00e9s de la carpeta de copia de seguridad espec\u00edfica del trabajo. Esto permite a los atacantes autenticados almacenar copias de seguridad en carpetas arbitrarias en el servidor, siempre que el servidor pueda escribir en ellas. Adem\u00e1s, la configuraci\u00f3n predeterminada colocar\u00e1 un archivo index.php y .htaccess en el directorio elegido (a menos que ya est\u00e9 presente) cuando se ejecute el primer trabajo de copia de seguridad, cuyo objetivo es evitar la lista de directorios y el acceso a archivos. Esto significa que un atacante podr\u00eda establecer el directorio de respaldo en la ra\u00edz de otro sitio en un entorno compartido y as\u00ed desactivar ese sitio." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7049.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7049.json index ffe42212fcb..d5db881e194 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7049.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7049.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7049", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-16T03:15:09.887", - "lastModified": "2024-08-16T03:15:09.887", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-21xx/CVE-2024-2175.json b/CVE-2024/CVE-2024-21xx/CVE-2024-2175.json index 409062f7c74..1446ae4dd5f 100644 --- a/CVE-2024/CVE-2024-21xx/CVE-2024-2175.json +++ b/CVE-2024/CVE-2024-21xx/CVE-2024-2175.json @@ -2,13 +2,17 @@ "id": "CVE-2024-2175", "sourceIdentifier": "psirt@lenovo.com", "published": "2024-08-16T15:15:27.940", - "lastModified": "2024-08-16T15:15:27.940", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An insecure permissions vulnerability was reported in\u00a0Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM)\n\n that could allow a local attacker to escalate privileges." + }, + { + "lang": "es", + "value": "Se inform\u00f3 una vulnerabilidad de permisos inseguros en Lenovo Display Control Center (LDCC) y Lenovo Accessories and Display Manager (LADM) que podr\u00eda permitir a un atacante local escalar privilegios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22217.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22217.json index 5b1131b0f17..5cb466efa04 100644 --- a/CVE-2024/CVE-2024-222xx/CVE-2024-22217.json +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22217.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22217", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-15T18:15:19.090", - "lastModified": "2024-08-15T18:15:19.090", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22218.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22218.json index 8f3467975a5..bf94c797468 100644 --- a/CVE-2024/CVE-2024-222xx/CVE-2024-22218.json +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22218.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22218", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-15T18:15:19.197", - "lastModified": "2024-08-15T19:35:05.533", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22219.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22219.json index 21dd6b05fb3..f53f82c92a1 100644 --- a/CVE-2024/CVE-2024-222xx/CVE-2024-22219.json +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22219.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22219", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-15T18:15:19.290", - "lastModified": "2024-08-15T18:15:19.290", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23168.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23168.json index 6538e92d6bb..355f7489a77 100644 --- a/CVE-2024/CVE-2024-231xx/CVE-2024-23168.json +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23168.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23168", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-15T19:15:18.070", - "lastModified": "2024-08-15T21:35:03.230", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-250xx/CVE-2024-25008.json b/CVE-2024/CVE-2024-250xx/CVE-2024-25008.json index 79d8badaeb4..f69b6e84f1e 100644 --- a/CVE-2024/CVE-2024-250xx/CVE-2024-25008.json +++ b/CVE-2024/CVE-2024-250xx/CVE-2024-25008.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25008", "sourceIdentifier": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "published": "2024-08-16T10:15:04.823", - "lastModified": "2024-08-16T10:15:04.823", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-255xx/CVE-2024-25582.json b/CVE-2024/CVE-2024-255xx/CVE-2024-25582.json index 32b79e1ef09..d89d7ece594 100644 --- a/CVE-2024/CVE-2024-255xx/CVE-2024-25582.json +++ b/CVE-2024/CVE-2024-255xx/CVE-2024-25582.json @@ -2,13 +2,17 @@ "id": "CVE-2024-25582", "sourceIdentifier": "security@open-xchange.com", "published": "2024-08-19T07:15:03.970", - "lastModified": "2024-08-19T08:15:06.977", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Module savepoints could be abused to inject references to malicious code delivered through the same domain. Attackers could perform malicious API requests or extract information from the users account. Exploiting this vulnerability requires temporary access to an account or successful social engineering to make a user follow a prepared link to a malicious account. Please deploy the provided updates and patch releases. The savepoint module path has been restricted to modules that provide the feature, excluding any arbitrary or non-existing modules. No publicly available exploits are known." + }, + { + "lang": "es", + "value": "Se podr\u00eda abusar de los puntos de guardado del m\u00f3dulo para inyectar referencias a c\u00f3digo malicioso entregado a trav\u00e9s del mismo dominio. Los atacantes podr\u00edan realizar solicitudes API maliciosas o extraer informaci\u00f3n de la cuenta del usuario. Explotar esta vulnerabilidad requiere acceso temporal a una cuenta o ingenier\u00eda social exitosa para hacer que un usuario siga un enlace preparado a una cuenta maliciosa. Implemente las actualizaciones y lanzamientos de parches proporcionados. La ruta del m\u00f3dulo de punto de guardado se ha restringido a los m\u00f3dulos que proporcionan la funci\u00f3n, excluyendo cualquier m\u00f3dulo arbitrario o inexistente. No se conocen exploits disponibles p\u00fablicamente." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-256xx/CVE-2024-25633.json b/CVE-2024/CVE-2024-256xx/CVE-2024-25633.json index 5c0554d21eb..748c56422a4 100644 --- a/CVE-2024/CVE-2024-256xx/CVE-2024-25633.json +++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25633.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25633", "sourceIdentifier": "security-advisories@github.com", "published": "2024-08-15T19:15:18.213", - "lastModified": "2024-08-15T19:15:18.213", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-258xx/CVE-2024-25837.json b/CVE-2024/CVE-2024-258xx/CVE-2024-25837.json index 320c1bb7925..f4ebf221390 100644 --- a/CVE-2024/CVE-2024-258xx/CVE-2024-25837.json +++ b/CVE-2024/CVE-2024-258xx/CVE-2024-25837.json @@ -2,13 +2,17 @@ "id": "CVE-2024-25837", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-16T18:15:08.907", - "lastModified": "2024-08-16T18:15:08.907", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A stored cross-site scripting (XSS) vulnerability in October CMS Bloghub Plugin v1.3.8 and lower allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments section." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en el complemento CMS Bloghub v1.3.8 y anteriores de octubre permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado en la secci\u00f3n Comentarios." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-277xx/CVE-2024-27728.json b/CVE-2024/CVE-2024-277xx/CVE-2024-27728.json index 57ee01d35d0..3fd569dd1c3 100644 --- a/CVE-2024/CVE-2024-277xx/CVE-2024-27728.json +++ b/CVE-2024/CVE-2024-277xx/CVE-2024-27728.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27728", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-15T19:15:18.477", - "lastModified": "2024-08-15T19:15:18.477", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-277xx/CVE-2024-27729.json b/CVE-2024/CVE-2024-277xx/CVE-2024-27729.json index daa1fa1a845..77ce5d50cee 100644 --- a/CVE-2024/CVE-2024-277xx/CVE-2024-27729.json +++ b/CVE-2024/CVE-2024-277xx/CVE-2024-27729.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27729", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-15T19:15:18.573", - "lastModified": "2024-08-15T19:15:18.573", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-277xx/CVE-2024-27730.json b/CVE-2024/CVE-2024-277xx/CVE-2024-27730.json index 49e4856293b..97c6d4e2f34 100644 --- a/CVE-2024/CVE-2024-277xx/CVE-2024-27730.json +++ b/CVE-2024/CVE-2024-277xx/CVE-2024-27730.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27730", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-15T19:15:18.663", - "lastModified": "2024-08-16T16:35:06.563", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-277xx/CVE-2024-27731.json b/CVE-2024/CVE-2024-277xx/CVE-2024-27731.json index d21fea43389..813230f8413 100644 --- a/CVE-2024/CVE-2024-277xx/CVE-2024-27731.json +++ b/CVE-2024/CVE-2024-277xx/CVE-2024-27731.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27731", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-15T19:15:18.770", - "lastModified": "2024-08-16T18:35:09.407", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-313xx/CVE-2024-31333.json b/CVE-2024/CVE-2024-313xx/CVE-2024-31333.json index 3fbf5066587..2765c44bb11 100644 --- a/CVE-2024/CVE-2024-313xx/CVE-2024-31333.json +++ b/CVE-2024/CVE-2024-313xx/CVE-2024-31333.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31333", "sourceIdentifier": "security@android.com", "published": "2024-08-15T22:15:06.123", - "lastModified": "2024-08-16T15:35:05.893", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-322xx/CVE-2024-32231.json b/CVE-2024/CVE-2024-322xx/CVE-2024-32231.json index 4b15dcf2f3c..fc69f73915e 100644 --- a/CVE-2024/CVE-2024-322xx/CVE-2024-32231.json +++ b/CVE-2024/CVE-2024-322xx/CVE-2024-32231.json @@ -2,8 +2,8 @@ "id": "CVE-2024-32231", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-15T18:15:19.507", - "lastModified": "2024-08-15T18:15:19.507", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34727.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34727.json index 67ac89214ae..6a99c808f25 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34727.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34727.json @@ -2,8 +2,8 @@ "id": "CVE-2024-34727", "sourceIdentifier": "security@android.com", "published": "2024-08-15T22:15:06.190", - "lastModified": "2024-08-15T22:15:06.190", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34731.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34731.json index a57c71d4a4c..b44b967528b 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34731.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34731.json @@ -2,8 +2,8 @@ "id": "CVE-2024-34731", "sourceIdentifier": "security@android.com", "published": "2024-08-15T22:15:06.263", - "lastModified": "2024-08-16T15:35:07.050", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34734.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34734.json index cc8d0147889..4e060c60698 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34734.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34734.json @@ -2,8 +2,8 @@ "id": "CVE-2024-34734", "sourceIdentifier": "security@android.com", "published": "2024-08-15T22:15:06.337", - "lastModified": "2024-08-16T15:35:08.043", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34736.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34736.json index 77fd368d7b3..8050b439869 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34736.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34736.json @@ -2,8 +2,8 @@ "id": "CVE-2024-34736", "sourceIdentifier": "security@android.com", "published": "2024-08-15T22:15:06.400", - "lastModified": "2024-08-15T22:15:06.400", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34737.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34737.json index fbe07274b64..5655eff7586 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34737.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34737.json @@ -2,8 +2,8 @@ "id": "CVE-2024-34737", "sourceIdentifier": "security@android.com", "published": "2024-08-15T22:15:06.467", - "lastModified": "2024-08-16T15:35:09.367", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34738.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34738.json index 8c627c0edb2..1a6f405a182 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34738.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34738.json @@ -2,8 +2,8 @@ "id": "CVE-2024-34738", "sourceIdentifier": "security@android.com", "published": "2024-08-15T22:15:06.623", - "lastModified": "2024-08-16T15:35:09.537", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34739.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34739.json index ac9e47ecf78..a4fb7b7f0f7 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34739.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34739.json @@ -2,8 +2,8 @@ "id": "CVE-2024-34739", "sourceIdentifier": "security@android.com", "published": "2024-08-15T22:15:06.690", - "lastModified": "2024-08-16T15:35:09.703", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34740.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34740.json index 6a043582671..15956c41aeb 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34740.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34740.json @@ -2,8 +2,8 @@ "id": "CVE-2024-34740", "sourceIdentifier": "security@android.com", "published": "2024-08-15T22:15:06.753", - "lastModified": "2024-08-16T14:35:02.640", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34741.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34741.json index 244ca62428b..2613993a948 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34741.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34741.json @@ -2,8 +2,8 @@ "id": "CVE-2024-34741", "sourceIdentifier": "security@android.com", "published": "2024-08-15T22:15:06.820", - "lastModified": "2024-08-16T16:35:12.133", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34742.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34742.json index b1a81e298b6..dfe754e6b36 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34742.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34742.json @@ -2,8 +2,8 @@ "id": "CVE-2024-34742", "sourceIdentifier": "security@android.com", "published": "2024-08-15T22:15:06.890", - "lastModified": "2024-08-15T22:15:06.890", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34743.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34743.json index b2b0024a6e8..166a58bd208 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34743.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34743.json @@ -2,8 +2,8 @@ "id": "CVE-2024-34743", "sourceIdentifier": "security@android.com", "published": "2024-08-15T22:15:06.957", - "lastModified": "2024-08-15T22:15:06.957", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-356xx/CVE-2024-35686.json b/CVE-2024/CVE-2024-356xx/CVE-2024-35686.json index f4edc696c10..2c7c0cca063 100644 --- a/CVE-2024/CVE-2024-356xx/CVE-2024-35686.json +++ b/CVE-2024/CVE-2024-356xx/CVE-2024-35686.json @@ -2,13 +2,17 @@ "id": "CVE-2024-35686", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T22:15:07.647", - "lastModified": "2024-08-18T22:15:07.647", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in Automattic Sensei LMS, Automattic Sensei Pro (WC Paid Courses).This issue affects Sensei LMS: from n/a through 4.23.1; Sensei Pro (WC Paid Courses): from n/a through 4.23.1.1.23.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Automattic Sensei LMS, Automattic Sensei Pro (cursos pagos de WC). Este problema afecta a Sensei LMS: desde n/a hasta 4.23.1; Sensei Pro (cursos pagos de WC): desde n/a hasta 4.23.1.1.23.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-35xx/CVE-2024-3587.json b/CVE-2024/CVE-2024-35xx/CVE-2024-3587.json index 271f66b1207..cc49058ab0b 100644 --- a/CVE-2024/CVE-2024-35xx/CVE-2024-3587.json +++ b/CVE-2024/CVE-2024-35xx/CVE-2024-3587.json @@ -2,8 +2,8 @@ "id": "CVE-2024-3587", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-16T09:15:02.693", - "lastModified": "2024-07-16T13:43:58.773", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-08-19T13:34:17.217", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -18,8 +18,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", @@ -39,18 +59,57 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:averta:auxinportfolio:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.3.3", + "matchCriteriaId": "B82E8C2F-AB65-425E-8EB3-F25D528D5ADF" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/auxin-portfolio/tags/2.3.2/public/templates/elements/recent-portfolio.php#L179", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3115537/auxin-portfolio/trunk/public/templates/elements/recent-portfolio.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b0ea041b-f09d-4c62-aada-26afbc60b6f2?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-380xx/CVE-2024-38081.json b/CVE-2024/CVE-2024-380xx/CVE-2024-38081.json index b1cea15eabf..45b349f0c64 100644 --- a/CVE-2024/CVE-2024-380xx/CVE-2024-38081.json +++ b/CVE-2024/CVE-2024-380xx/CVE-2024-38081.json @@ -2,8 +2,8 @@ "id": "CVE-2024-38081", "sourceIdentifier": "secure@microsoft.com", "published": "2024-07-09T17:15:43.750", - "lastModified": "2024-07-09T18:18:38.713", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-08-19T13:53:27.237", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -40,6 +40,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "secure@microsoft.com", "type": "Secondary", @@ -51,10 +61,467 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", + "matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", + "matchCriteriaId": "734112B3-1383-4BE3-8721-C0F84566B764" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", + "matchCriteriaId": "36B0E40A-84EF-4099-A395-75D6B8CDA196" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", + "matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", + "matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", + "matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", + "matchCriteriaId": "D00F295B-6ECF-43C4-BD71-98F835CCDB0D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", + "matchCriteriaId": "1648C361-E25C-42FE-8543-03DE56100201" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "matchCriteriaId": "0E2A7014-8078-4C40-91E3-ACA60A98AC68" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "matchCriteriaId": "979081E3-FB60-43E0-BF86-ED301E7EF25C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "matchCriteriaId": "7F7487B8-BE4D-4707-9E20-39840A260831" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "matchCriteriaId": "47D0AB10-CD2F-4500-A4D6-CC2BA724036C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*", + "matchCriteriaId": "B7674920-AE12-4A25-BE57-34AEDDA74D76" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*", + "matchCriteriaId": "AA1CCA3D-299D-4BCD-8565-98083C40525C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:x64:*", + "matchCriteriaId": "8968BAC8-A1DB-4F88-89F8-4BE47919C247" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", + "matchCriteriaId": "AF6437F9-6631-49D3-A6C2-62329E278E31" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", + "matchCriteriaId": "3E4E76DC-838A-46D7-BC09-E2C149699050" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", + "matchCriteriaId": "1F0241B0-855A-489C-9AAE-68BC2556F24D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "8EDC4407-7E92-4E60-82F0-0C87D1860D3A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*", + "matchCriteriaId": "B7674920-AE12-4A25-BE57-34AEDDA74D76" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", + "matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", + "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", + "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*", + "matchCriteriaId": "AA1CCA3D-299D-4BCD-8565-98083C40525C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:x64:*", + "matchCriteriaId": "8968BAC8-A1DB-4F88-89F8-4BE47919C247" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", + "matchCriteriaId": "D400E856-2B2E-4CEA-8CA5-309FDF371CEA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", + "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", + "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", + "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", + "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", + "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", + "matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", + "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", + "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "934D4E46-12C1-41DC-A28C-A2C430E965E4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "matchCriteriaId": "979081E3-FB60-43E0-BF86-ED301E7EF25C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "matchCriteriaId": "7F7487B8-BE4D-4707-9E20-39840A260831" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "matchCriteriaId": "47D0AB10-CD2F-4500-A4D6-CC2BA724036C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "matchCriteriaId": "6CB5C848-9883-4FE0-9A6B-B7B52E704AC1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", + "matchCriteriaId": "50D643A0-5F16-4D63-BF83-19DF8F93AE25" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", + "matchCriteriaId": "1F0241B0-855A-489C-9AAE-68BC2556F24D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "matchCriteriaId": "1B822942-B429-406C-A13A-A2379AA952CF" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndExcluding": "6.0.32", + "matchCriteriaId": "1233A609-9772-490F-80F5-8AA750BF25CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.4", + "versionEndExcluding": "17.4.21", + "matchCriteriaId": "1EF1832B-95B7-4253-92EC-0912987D8C42" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.6", + "versionEndExcluding": "17.6.17", + "matchCriteriaId": "DB946EB4-95CC-42FC-9D47-445D7E1C3E38" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.8", + "versionEndExcluding": "17.8.12", + "matchCriteriaId": "65299FC5-169B-4642-B961-647EEE2DA0BD" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", + "matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", + "matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", + "matchCriteriaId": "D00F295B-6ECF-43C4-BD71-98F835CCDB0D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*", + "matchCriteriaId": "0A1BC97A-263E-4291-8AEF-02EE4E6031E9" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "matchCriteriaId": "0E2A7014-8078-4C40-91E3-ACA60A98AC68" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", + "matchCriteriaId": "AF6437F9-6631-49D3-A6C2-62329E278E31" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", + "matchCriteriaId": "3E4E76DC-838A-46D7-BC09-E2C149699050" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-396xx/CVE-2024-39666.json b/CVE-2024/CVE-2024-396xx/CVE-2024-39666.json index 7cd02a6118f..77b26dd1606 100644 --- a/CVE-2024/CVE-2024-396xx/CVE-2024-39666.json +++ b/CVE-2024/CVE-2024-396xx/CVE-2024-39666.json @@ -2,13 +2,17 @@ "id": "CVE-2024-39666", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T14:15:06.370", - "lastModified": "2024-08-18T14:15:06.370", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 9.1.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Automattic WooCommerce. Este problema afecta a WooCommerce: desde n/a hasta 9.1.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42260.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42260.json index ce3f40b7bbb..188c7a9b186 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42260.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42260.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42260", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:07.530", - "lastModified": "2024-08-17T09:15:07.530", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the performance extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit a546b7e4d73c23838d7e4d2c92882b3ca902d213)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/v3d: validar los identificadores pasados de drm syncobj en la extensi\u00f3n de rendimiento. Si el espacio de usuario proporciona un identificador desconocido o no v\u00e1lido en cualquier parte de la matriz de identificadores, el resto del controlador no lo manejar\u00e1 tan bien. Arr\u00e9glelo comprobando que el identificador se haya buscado correctamente o, de lo contrario, falle la extensi\u00f3n saltando al desenrollado existente. (cereza escogida del commit a546b7e4d73c23838d7e4d2c92882b3ca902d213)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42261.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42261.json index f8252593925..e481798405b 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42261.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42261.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42261", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:07.600", - "lastModified": "2024-08-17T09:15:07.600", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the timestamp extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit 8d1276d1b8f738c3afe1457d4dff5cc66fc848a3)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/v3d: validar los identificadores pasados de drm syncobj en la extensi\u00f3n de marca de tiempo. Si el espacio de usuario proporciona un identificador desconocido o no v\u00e1lido en cualquier parte de la matriz de identificadores, el resto del controlador no lo manejar\u00e1 tan bien. Arr\u00e9glelo comprobando que el identificador se haya buscado correctamente o, de lo contrario, falle la extensi\u00f3n saltando al desenrollado existente. (cereza escogida del commit 8d1276d1b8f738c3afe1457d4dff5cc66fc848a3)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42262.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42262.json index f68600da3d4..406cd2d1bad 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42262.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42262.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42262", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:07.680", - "lastModified": "2024-08-17T09:15:07.680", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix potential memory leak in the performance extension\n\nIf fetching of userspace memory fails during the main loop, all drm sync\nobjs looked up until that point will be leaked because of the missing\ndrm_syncobj_put.\n\nFix it by exporting and using a common cleanup helper.\n\n(cherry picked from commit 484de39fa5f5b7bd0c5f2e2c5265167250ef7501)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/v3d: corrige una posible p\u00e9rdida de memoria en la extensi\u00f3n de rendimiento. Si falla la recuperaci\u00f3n de la memoria del espacio de usuario durante el bucle principal, todos los objetos de sincronizaci\u00f3n de drm buscados hasta ese punto se filtrar\u00e1n debido a la falta drm_syncobj_put. Solucionarlo exportando y utilizando un asistente de limpieza com\u00fan. (cereza escogida del commit 484de39fa5f5b7bd0c5f2e2c5265167250ef7501)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42263.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42263.json index 5e0ce2f133a..b0cda433a43 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42263.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42263.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42263", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:07.770", - "lastModified": "2024-08-17T09:15:07.770", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix potential memory leak in the timestamp extension\n\nIf fetching of userspace memory fails during the main loop, all drm sync\nobjs looked up until that point will be leaked because of the missing\ndrm_syncobj_put.\n\nFix it by exporting and using a common cleanup helper.\n\n(cherry picked from commit 753ce4fea62182c77e1691ab4f9022008f25b62e)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/v3d: corrige una posible p\u00e9rdida de memoria en la extensi\u00f3n de marca de tiempo. Si falla la recuperaci\u00f3n de la memoria del espacio de usuario durante el bucle principal, todos los objetos de sincronizaci\u00f3n de drm buscados hasta ese punto se filtrar\u00e1n debido a la falta drm_syncobj_put. Solucionarlo exportando y utilizando un asistente de limpieza com\u00fan. (cereza escogida del commit 753ce4fea62182c77e1691ab4f9022008f25b62e)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42264.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42264.json index 641ee2cf977..0a0f9520be4 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42264.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42264.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42264", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:07.833", - "lastModified": "2024-08-17T09:15:07.833", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Prevent out of bounds access in performance query extensions\n\nCheck that the number of perfmons userspace is passing in the copy and\nreset extensions is not greater than the internal kernel storage where\nthe ids will be copied into.\n\n(cherry picked from commit f32b5128d2c440368b5bf3a7a356823e235caabb)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/v3d: evita el acceso fuera de los l\u00edmites en las extensiones de consulta de rendimiento. Verifique que la cantidad de espacio de usuario de perfmons que se pasa en las extensiones de copia y restablecimiento no sea mayor que el almacenamiento interno del kernel donde se encuentra el Los identificadores se copiar\u00e1n. (cereza escogida del commit f32b5128d2c440368b5bf3a7a356823e235caabb)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42265.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42265.json index f79494a3ad9..65f22d19b61 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42265.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42265.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42265", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:07.893", - "lastModified": "2024-08-19T05:15:07.163", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nprotect the fetch of ->fd[fd] in do_dup2() from mispredictions\n\nboth callers have verified that fd is not greater than ->max_fds;\nhowever, misprediction might end up with\n tofree = fdt->fd[fd];\nbeing speculatively executed. That's wrong for the same reasons\nwhy it's wrong in close_fd()/file_close_fd_locked(); the same\nsolution applies - array_index_nospec(fd, fdt->max_fds) could differ\nfrom fd only in case of speculative execution on mispredicted path." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: proteger la recuperaci\u00f3n de ->fd[fd] en do_dup2() de predicciones err\u00f3neas; ambos llamadores han verificado que fd no es mayor que ->max_fds; sin embargo, una predicci\u00f3n err\u00f3nea podr\u00eda terminar con tofree = fdt->fd[fd]; siendo ejecutado especulativamente. Eso est\u00e1 mal por las mismas razones por las que est\u00e1 mal en close_fd()/file_close_fd_locked(); se aplica la misma soluci\u00f3n: array_index_nospec(fd, fdt->max_fds) podr\u00eda diferir de fd solo en caso de ejecuci\u00f3n especulativa en una ruta mal prevista." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42266.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42266.json index 18ebc405ac2..52a28160a9b 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42266.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42266.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42266", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:07.967", - "lastModified": "2024-08-17T09:15:07.967", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: make cow_file_range_inline() honor locked_page on error\n\nThe btrfs buffered write path runs through __extent_writepage() which\nhas some tricky return value handling for writepage_delalloc().\nSpecifically, when that returns 1, we exit, but for other return values\nwe continue and end up calling btrfs_folio_end_all_writers(). If the\nfolio has been unlocked (note that we check the PageLocked bit at the\nstart of __extent_writepage()), this results in an assert panic like\nthis one from syzbot:\n\n BTRFS: error (device loop0 state EAL) in free_log_tree:3267: errno=-5 IO failure\n BTRFS warning (device loop0 state EAL): Skipping commit of aborted transaction.\n BTRFS: error (device loop0 state EAL) in cleanup_transaction:2018: errno=-5 IO failure\n assertion failed: folio_test_locked(folio), in fs/btrfs/subpage.c:871\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/subpage.c:871!\n Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\n CPU: 1 PID: 5090 Comm: syz-executor225 Not tainted\n 6.10.0-syzkaller-05505-gb1bc554e009e #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS\n Google 06/27/2024\n RIP: 0010:btrfs_folio_end_all_writers+0x55b/0x610 fs/btrfs/subpage.c:871\n Code: e9 d3 fb ff ff e8 25 22 c2 fd 48 c7 c7 c0 3c 0e 8c 48 c7 c6 80 3d\n 0e 8c 48 c7 c2 60 3c 0e 8c b9 67 03 00 00 e8 66 47 ad 07 90 <0f> 0b e8\n 6e 45 b0 07 4c 89 ff be 08 00 00 00 e8 21 12 25 fe 4c 89\n RSP: 0018:ffffc900033d72e0 EFLAGS: 00010246\n RAX: 0000000000000045 RBX: 00fff0000000402c RCX: 663b7a08c50a0a00\n RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\n RBP: ffffc900033d73b0 R08: ffffffff8176b98c R09: 1ffff9200067adfc\n R10: dffffc0000000000 R11: fffff5200067adfd R12: 0000000000000001\n R13: dffffc0000000000 R14: 0000000000000000 R15: ffffea0001cbee80\n FS: 0000000000000000(0000) GS:ffff8880b9500000(0000)\n knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f5f076012f8 CR3: 000000000e134000 CR4: 00000000003506f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \n __extent_writepage fs/btrfs/extent_io.c:1597 [inline]\n extent_write_cache_pages fs/btrfs/extent_io.c:2251 [inline]\n btrfs_writepages+0x14d7/0x2760 fs/btrfs/extent_io.c:2373\n do_writepages+0x359/0x870 mm/page-writeback.c:2656\n filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:397\n __filemap_fdatawrite_range mm/filemap.c:430 [inline]\n __filemap_fdatawrite mm/filemap.c:436 [inline]\n filemap_flush+0xdf/0x130 mm/filemap.c:463\n btrfs_release_file+0x117/0x130 fs/btrfs/file.c:1547\n __fput+0x24a/0x8a0 fs/file_table.c:422\n task_work_run+0x24f/0x310 kernel/task_work.c:222\n exit_task_work include/linux/task_work.h:40 [inline]\n do_exit+0xa2f/0x27f0 kernel/exit.c:877\n do_group_exit+0x207/0x2c0 kernel/exit.c:1026\n __do_sys_exit_group kernel/exit.c:1037 [inline]\n __se_sys_exit_group kernel/exit.c:1035 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1035\n x64_sys_call+0x2634/0x2640\n arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f5f075b70c9\n Code: Unable to access opcode bytes at\n 0x7f5f075b709f.\n\nI was hitting the same issue by doing hundreds of accelerated runs of\ngeneric/475, which also hits IO errors by design.\n\nI instrumented that reproducer with bpftrace and found that the\nundesirable folio_unlock was coming from the following callstack:\n\n folio_unlock+5\n __process_pages_contig+475\n cow_file_range_inline.constprop.0+230\n cow_file_range+803\n btrfs_run_delalloc_range+566\n writepage_delalloc+332\n __extent_writepage # inlined in my stacktrace, but I added it here\n extent_write_cache_pages+622\n\nLooking at the bisected-to pa\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: haga que cow_file_range_inline() respete la p\u00e1gina bloqueada en caso de error. La ruta de escritura almacenada en el b\u00fafer de btrfs pasa por __extent_writepage(), que tiene un manejo complicado del valor de retorno para writepage_delalloc(). Espec\u00edficamente, cuando eso devuelve 1, salimos, pero para otros valores de retorno continuamos y terminamos llamando a btrfs_folio_end_all_writers(). Si la publicaci\u00f3n se ha desbloqueado (tenga en cuenta que verificamos el bit PageLocked al inicio de __extent_writepage()), esto resulta en un p\u00e1nico de afirmaci\u00f3n como este de syzbot: BTRFS: error (device loop0 state EAL) in free_log_tree:3267: errno = -5 Fallo de E/S Advertencia BTRFS (estado EAL del bucle 0 del dispositivo): omitir El commit de la transacci\u00f3n abortada. BTRFS: error (EAL de estado de bucle 0 del dispositivo) en cleanup_transaction:2018: errno=-5 Error de aserci\u00f3n de E/S fallida: folio_test_locked(folio), en fs/btrfs/subpage.c:871 ------------ [cortar aqu\u00ed]------------ \u00a1ERROR del kernel en fs/btrfs/subpage.c:871! Vaya: c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 PID: 5090 Comm: syz-executor225 No est\u00e1 contaminado 6.10.0-syzkaller-05505-gb1bc554e009e #0 Nombre de hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 27/06/2024 RIP: 0010:btrfs_folio_end_all_writers+0x55b/0x610 fs/btrfs/subpage.c:871 C\u00f3digo: e9 d3 fb ff ff e8 25 22 c2 fd 48 c7 c7 c0 3c 0e 8c 48 c7 c6 80 3d 0e 8c 48 c7 c2 60 3c 0e 8c b9 67 03 00 00 e8 66 47 ad 07 90 <0f> 0b e8 6e 45 b0 07 4c 89 ff be 08 00 00 00 e8 21 12 25 fe 4c 89 RSP: 00033d72e0 EFLAGS: 00010246 RAX: 0000000000000045 RBX: 00fff0000000402c RCX: 663b7a08c50a0a00 RDX: 0000000000000000 RSI: 0000000080000000 RDI: 000000000 0000000 RBP: ffffc900033d73b0 R08: ffffffff8176b98c R09: 1ffff9200067adfc R10: dffffc0000000000 R11: fffff5200067adfd R12: 0000000000000001 R13: 0000000000 R14: 0000000000000000 R15: ffffea0001cbee80 FS: 0000000000000000( 0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f5f076012f8 CR3: e134000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas: __extent_writepage fs/btrfs/extent_io.c:1597 [en l\u00ednea] extend_write_cache_pages fs/btrfs/extent_io.c:2251 [en l\u00ednea] btrfs_writepages+0x14d7/0x2760 fs/btrfs/extent_io.c:2373 do_writepages+0x359/ 0x870 mm/page-writeback.c:2656 filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:397 __filemap_fdatawrite_range mm/filemap.c:430 [en l\u00ednea] __filemap_fdatawrite mm/filemap.c:436 [en l\u00ednea] filemap_flush+0xdf/0x130 mm /filemap.c:463 btrfs_release_file+0x117/0x130 fs/btrfs/file.c:1547 __fput+0x24a/0x8a0 fs/file_table.c:422 task_work_run+0x24f/0x310 kernel/task_work.c:222 exit_task_work include/linux/task_work .h:40 [en l\u00ednea] do_exit+0xa2f/0x27f0 kernel/exit.c:877 do_group_exit+0x207/0x2c0 kernel/exit.c:1026 __do_sys_exit_group kernel/exit.c:1037 [en l\u00ednea] __se_sys_exit_group kernel/exit.c:1035 [en l\u00ednea] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1035 x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f5f075b70c9 C\u00f3digo: No se puede acceder a los bytes del c\u00f3digo de operaci\u00f3n en 0x7f5f075b709f. Me encontr\u00e9 con el mismo problema al realizar cientos de ejecuciones aceleradas de generic/475, que tambi\u00e9n genera errores de IO por dise\u00f1o. Instrument\u00e9 ese reproductor con bpftrace y descubr\u00ed que el folio_unlock no deseado proven\u00eda de la siguiente pila de llamadas: folio_unlock+5 __process_pages_contig+475 cow_file_range_inline.constprop.0+230 cow_file_range+803 btrfs_run_delalloc_range+566 writepage_delalloc+332 __extent_writepage # ---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42267.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42267.json index 5cc1e593316..c5b8539b683 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42267.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42267.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42267", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:08.047", - "lastModified": "2024-08-19T05:15:07.247", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()\n\nHandle VM_FAULT_SIGSEGV in the page fault path so that we correctly\nkill the process and we don't BUG() the kernel." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: riscv/mm: Agregar manejo para VM_FAULT_SIGSEGV en mm_fault_error() Manejar VM_FAULT_SIGSEGV en la ruta de falla de la p\u00e1gina para que finalicemos correctamente el proceso y no emitamos ERRORES() en el kernel." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42268.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42268.json index be15f2706f4..48af494b345 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42268.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42268.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42268", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:08.110", - "lastModified": "2024-08-17T09:15:08.110", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix missing lock on sync reset reload\n\nOn sync reset reload work, when remote host updates devlink on reload\nactions performed on that host, it misses taking devlink lock before\ncalling devlink_remote_reload_actions_performed() which results in\ntriggering lock assert like the following:\n\nWARNING: CPU: 4 PID: 1164 at net/devlink/core.c:261 devl_assert_locked+0x3e/0x50\n\u2026\n CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted: G S W 6.10.0-rc2+ #116\n Hardware name: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 12/18/2015\n Workqueue: mlx5_fw_reset_events mlx5_sync_reset_reload_work [mlx5_core]\n RIP: 0010:devl_assert_locked+0x3e/0x50\n\u2026\n Call Trace:\n \n ? __warn+0xa4/0x210\n ? devl_assert_locked+0x3e/0x50\n ? report_bug+0x160/0x280\n ? handle_bug+0x3f/0x80\n ? exc_invalid_op+0x17/0x40\n ? asm_exc_invalid_op+0x1a/0x20\n ? devl_assert_locked+0x3e/0x50\n devlink_notify+0x88/0x2b0\n ? mlx5_attach_device+0x20c/0x230 [mlx5_core]\n ? __pfx_devlink_notify+0x10/0x10\n ? process_one_work+0x4b6/0xbb0\n process_one_work+0x4b6/0xbb0\n[\u2026]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net/mlx5: se corrigi\u00f3 el bloqueo faltante en la recarga de reinicio de sincronizaci\u00f3n. En el trabajo de recarga de reinicio de sincronizaci\u00f3n, cuando el host remoto actualiza devlink en las acciones de recarga realizadas en ese host, no toma el bloqueo de devlink antes de llamar a devlink_remote_reload_actions_performed. () lo que da como resultado la activaci\u00f3n de un bloqueo como el siguiente: ADVERTENCIA: CPU: 4 PID: 1164 en net/devlink/core.c:261 devl_assert_locked+0x3e/0x50 \u2026 CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted : GSW 6.10.0-rc2+ #116 Nombre del hardware: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 18/12/2015 Cola de trabajo: mlx5_fw_reset_events mlx5_sync_reset_reload_work [mlx5_core] RIP: devl_assert_locked+0x3e/0x50 \u2026 Seguimiento de llamadas: ? __advertir+0xa4/0x210 ? devl_assert_locked+0x3e/0x50? report_bug+0x160/0x280? handle_bug+0x3f/0x80? exc_invalid_op+0x17/0x40? asm_exc_invalid_op+0x1a/0x20? devl_assert_locked+0x3e/0x50 devlink_notify+0x88/0x2b0? mlx5_attach_device+0x20c/0x230 [mlx5_core] ? __pfx_devlink_notify+0x10/0x10? proceso_one_work+0x4b6/0xbb0 proceso_one_work+0x4b6/0xbb0 [\u2026]" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42269.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42269.json index a3faed74a79..2c1e029c13f 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42269.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42269.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42269", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:08.177", - "lastModified": "2024-08-19T05:15:07.323", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().\n\nip6table_nat_table_init() accesses net->gen->ptr[ip6table_nat_net_ops.id],\nbut the function is exposed to user space before the entry is allocated\nvia register_pernet_subsys().\n\nLet's call register_pernet_subsys() before xt_register_template()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: iptables: corrige el potencial null-ptr-deref en ip6table_nat_table_init(). ip6table_nat_table_init() accede a net->gen->ptr[ip6table_nat_net_ops.id], pero la funci\u00f3n est\u00e1 expuesta al espacio del usuario antes de que la entrada se asigne a trav\u00e9s de Register_pernet_subsys(). Llamemos a Register_pernet_subsys() antes de xt_register_template()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42270.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42270.json index 50716f7df5a..586c1599b5c 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42270.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42270.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42270", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:08.240", - "lastModified": "2024-08-19T05:15:07.393", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().\n\nWe had a report that iptables-restore sometimes triggered null-ptr-deref\nat boot time. [0]\n\nThe problem is that iptable_nat_table_init() is exposed to user space\nbefore the kernel fully initialises netns.\n\nIn the small race window, a user could call iptable_nat_table_init()\nthat accesses net_generic(net, iptable_nat_net_id), which is available\nonly after registering iptable_nat_net_ops.\n\nLet's call register_pernet_subsys() before xt_register_template().\n\n[0]:\nbpfilter: Loaded bpfilter_umh pid 11702\nStarted bpfilter\nBUG: kernel NULL pointer dereference, address: 0000000000000013\n PF: supervisor write access in kernel mode\n PF: error_code(0x0002) - not-present page\nPGD 0 P4D 0\nPREEMPT SMP NOPTI\nCPU: 2 PID: 11879 Comm: iptables-restor Not tainted 6.1.92-99.174.amzn2023.x86_64 #1\nHardware name: Amazon EC2 c6i.4xlarge/, BIOS 1.0 10/16/2017\nRIP: 0010:iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\nCode: 10 4c 89 f6 48 89 ef e8 0b 19 bb ff 41 89 c4 85 c0 75 38 41 83 c7 01 49 83 c6 28 41 83 ff 04 75 dc 48 8b 44 24 08 48 8b 0c 24 <48> 89 08 4c 89 ef e8 a2 3b a2 cf 48 83 c4 10 44 89 e0 5b 5d 41 5c\nRSP: 0018:ffffbef902843cd0 EFLAGS: 00010246\nRAX: 0000000000000013 RBX: ffff9f4b052caa20 RCX: ffff9f4b20988d80\nRDX: 0000000000000000 RSI: 0000000000000064 RDI: ffffffffc04201c0\nRBP: ffff9f4b29394000 R08: ffff9f4b07f77258 R09: ffff9f4b07f77240\nR10: 0000000000000000 R11: ffff9f4b09635388 R12: 0000000000000000\nR13: ffff9f4b1a3c6c00 R14: ffff9f4b20988e20 R15: 0000000000000004\nFS: 00007f6284340000(0000) GS:ffff9f51fe280000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000013 CR3: 00000001d10a6005 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? xt_find_table_lock (net/netfilter/x_tables.c:1259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? page_fault_oops (arch/x86/mm/fault.c:727)\n ? exc_page_fault (./arch/x86/include/asm/irqflags.h:40 ./arch/x86/include/asm/irqflags.h:75 arch/x86/mm/fault.c:1470 arch/x86/mm/fault.c:1518)\n ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:570)\n ? iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\n xt_find_table_lock (net/netfilter/x_tables.c:1259)\n xt_request_find_table_lock (net/netfilter/x_tables.c:1287)\n get_info (net/ipv4/netfilter/ip_tables.c:965)\n ? security_capable (security/security.c:809 (discriminator 13))\n ? ns_capable (kernel/capability.c:376 kernel/capability.c:397)\n ? do_ipt_get_ctl (net/ipv4/netfilter/ip_tables.c:1656)\n ? bpfilter_send_req (net/bpfilter/bpfilter_kern.c:52) bpfilter\n nf_getsockopt (net/netfilter/nf_sockopt.c:116)\n ip_getsockopt (net/ipv4/ip_sockglue.c:1827)\n __sys_getsockopt (net/socket.c:2327)\n __x64_sys_getsockopt (net/socket.c:2342 net/socket.c:2339 net/socket.c:2339)\n do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:81)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:121)\nRIP: 0033:0x7f62844685ee\nCode: 48 8b 0d 45 28 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 0a c3 66 0f 1f 84 00 00 00 00 00 48 8b 15 09\nRSP: 002b:00007ffd1f83d638 EFLAGS: 00000246 ORIG_RAX: 0000000000000037\nRAX: ffffffffffffffda RBX: 00007ffd1f83d680 RCX: 00007f62844685ee\nRDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004\nRBP: 0000000000000004 R08: 00007ffd1f83d670 R09: 0000558798ffa2a0\nR10: 00007ffd1f83d680 R11: 0000000000000246 R12: 00007ffd1f83e3b2\nR13: 00007f6284\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: netfilter: iptables: corrige null-ptr-deref en iptable_nat_table_init(). Recibimos un informe de que iptables-restore a veces activaba null-ptr-deref en el momento del arranque. [0] El problema es que iptable_nat_table_init() est\u00e1 expuesto al espacio del usuario antes de que el kernel inicialice completamente netns. En la ventana de ejecuci\u00f3n peque\u00f1a, un usuario podr\u00eda llamar a iptable_nat_table_init() que accede a net_generic(net, iptable_nat_net_id), que est\u00e1 disponible solo despu\u00e9s de registrar iptable_nat_net_ops. Llamemos a Register_pernet_subsys() antes de xt_register_template(). [0]: bpfilter: Bpfilter_umh pid 11702 iniciado bpfilter ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 0000000000000013 PF: acceso de escritura del supervisor en modo kernel PF: error_code(0x0002) - p\u00e1gina no presente PGD 0 P4D 0 PREEMPT SMP NOPTI CPU: 2 PID: 11879 Comm: iptables-restor No contaminado 6.1.92-99.174.amzn2023.x86_64 #1 Nombre del hardware: Amazon EC2 c6i.4xlarge/, BIOS 1.0 16/10/2017 RIP: 0010:iptable_nat_table_init (net/ipv4/netfilter /iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat C\u00f3digo: 10 4c 89 f6 48 89 ef e8 0b 19 bb ff 41 89 c4 85 c0 75 38 41 83 c7 01 49 83 c6 28 41 83 ff 04 75 pa 48 8b 44 24 08 48 8b 0c 24 <48> 89 08 4c 89 ef e8 a2 3b a2 cf 48 83 c4 10 44 89 e0 5b 5d 41 5c RSP: 0018:ffffbef902843cd0 EFLAGS: 00010246 RAX: 0000000000000013RBX: ffff9f4b052caa20 RCX: ffff9f4b20988d80 RDX: 0000000000000000 RSI: 0000000000000064 RDI: ffffffffc04201c0 RBP: ffff9f4b29394000 R08: ffff9f4b07f77 258 R09: ffff9f4b07f77240 R10: 00000000000000000 R11: ffff9f4b09635388 R12: 0000000000000000 R13: ffff9f4b1a3c6c00 R14: ffff9f4b20988e20 : 0000000000000004 FS: 00007f6284340000(0000) GS:ffff9f51fe280000( 0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000013 CR3: 00000001d10a6005 CR4: 00000000007 706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 00000000000000000 DR6: 00000000ffe0ff0 DR7: 0000000000000400 PK RU: 55555554 Seguimiento de llamadas: ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)? xt_find_table_lock (net/netfilter/x_tables.c:1259)? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)? page_fault_oops (arch/x86/mm/fault.c:727)? exc_page_fault (./arch/x86/include/asm/irqflags.h:40 ./arch/x86/include/asm/irqflags.h:75 arch/x86/mm/fault.c:1470 arch/x86/mm/fault .c:1518)? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:570)? iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat xt_find_table_lock (net/netfilter/x_tables.c:1259) xt_request_find_table_lock (net/netfilter/x_tables.c:1287) get_info (net/ipv4/netfilter/ip_tables.c:965)? security_capable (seguridad/seguridad.c:809 (discriminador 13))? ns_capable (kernel/capability.c:376 kernel/capability.c:397)? do_ipt_get_ctl (net/ipv4/netfilter/ip_tables.c:1656)? bpfilter_send_req (net/bpfilter/bpfilter_kern.c:52) bpfilter nf_getsockopt (net/netfilter/nf_sockopt.c:116) ip_getsockopt (net/ipv4/ip_sockglue.c:1827) __sys_getsockopt (net/socket.c:2327) _sys_getsockopt (neto /socket.c:2342 net/socket.c:2339 net/socket.c:2339) do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:81) Entry_SYSCALL_64_after_hwframe (arch/ x86/entry/entry_64.S:121) RIP: 0033:0x7f62844685ee C\u00f3digo: 48 8b 0d 45 28 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f 3 0f 1e fa 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 0a c3 66 0f 1f 84 00 00 00 00 00 48 8b 15 09 RSP: 002b:00007ffd1f83d638 EFLAGS: 46 ORIG_RAX: 0000000000000037 RAX: ffffffffffffffda RBX: 00007ffd1f83d680 RCX: 00007f62844685ee RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 00000000000000004 R08: 00007ffd1f83d670 : 0000558798ffa2a0 R10: 00007ffd1f83d680 R11: 0000000000000246 R12: 00007ffd1f83e3b2 R13: 00007f6284 ---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42271.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42271.json index c31c948a975..7fa0dbc6262 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42271.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42271.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42271", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:08.307", - "lastModified": "2024-08-19T05:15:07.460", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/iucv: fix use after free in iucv_sock_close()\n\niucv_sever_path() is called from process context and from bh context.\niucv->path is used as indicator whether somebody else is taking care of\nsevering the path (or it is already removed / never existed).\nThis needs to be done with atomic compare and swap, otherwise there is a\nsmall window where iucv_sock_close() will try to work with a path that has\nalready been severed and freed by iucv_callback_connrej() called by\niucv_tasklet_fn().\n\nExample:\n[452744.123844] Call Trace:\n[452744.123845] ([<0000001e87f03880>] 0x1e87f03880)\n[452744.123966] [<00000000d593001e>] iucv_path_sever+0x96/0x138\n[452744.124330] [<000003ff801ddbca>] iucv_sever_path+0xc2/0xd0 [af_iucv]\n[452744.124336] [<000003ff801e01b6>] iucv_sock_close+0xa6/0x310 [af_iucv]\n[452744.124341] [<000003ff801e08cc>] iucv_sock_release+0x3c/0xd0 [af_iucv]\n[452744.124345] [<00000000d574794e>] __sock_release+0x5e/0xe8\n[452744.124815] [<00000000d5747a0c>] sock_close+0x34/0x48\n[452744.124820] [<00000000d5421642>] __fput+0xba/0x268\n[452744.124826] [<00000000d51b382c>] task_work_run+0xbc/0xf0\n[452744.124832] [<00000000d5145710>] do_notify_resume+0x88/0x90\n[452744.124841] [<00000000d5978096>] system_call+0xe2/0x2c8\n[452744.125319] Last Breaking-Event-Address:\n[452744.125321] [<00000000d5930018>] iucv_path_sever+0x90/0x138\n[452744.125324]\n[452744.125325] Kernel panic - not syncing: Fatal exception in interrupt\n\nNote that bh_lock_sock() is not serializing the tasklet context against\nprocess context, because the check for sock_owned_by_user() and\ncorresponding handling is missing.\n\nIdeas for a future clean-up patch:\nA) Correct usage of bh_lock_sock() in tasklet context, as described in\nRe-enqueue, if needed. This may require adding return values to the\ntasklet functions and thus changes to all users of iucv.\n\nB) Change iucv tasklet into worker and use only lock_sock() in af_iucv." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/iucv: corrige el use after free en iucv_sock_close() iucv_sever_path() se llama desde el contexto del proceso y desde el contexto bh. iucv->path se utiliza como indicador de si alguien m\u00e1s se est\u00e1 encargando de cortar la ruta (o si ya se elimin\u00f3 o nunca existi\u00f3). Esto debe hacerse con comparaci\u00f3n e intercambio at\u00f3mico; de lo contrario, hay una peque\u00f1a ventana donde iucv_sock_close() intentar\u00e1 trabajar con una ruta que ya ha sido cortada y liberada por iucv_callback_connrej() llamada por iucv_tasklet_fn(). Ejemplo: [452744.123844] Seguimiento de llamadas: [452744.123845] ([<0000001e87f03880>] 0x1e87f03880) [452744.123966] [<00000000d593001e>] iucv_path_sever+0x96/0x13 8 [452744.124330] [<000003ff801ddbca>] iucv_sever_path+0xc2/0xd0 [af_iucv] [452744.124336 ] [<000003ff801e01b6>] iucv_sock_close+0xa6/0x310 [af_iucv] [452744.124341] [<000003ff801e08cc>] iucv_sock_release+0x3c/0xd0 [af_iucv] [452744.124345] 000000d574794e>] __sock_release+0x5e/0xe8 [452744.124815] [<00000000d5747a0c> ] sock_close+0x34/0x48 [452744.124820] [<00000000d5421642>] __fput+0xba/0x268 [452744.124826] [<00000000d51b382c>] task_work_run+0xbc/0xf0 [452744.1 24832] [<00000000d5145710>] do_notify_resume+0x88/0x90 [452744.124841] [< 00000000d5978096>] system_call+0xe2/0x2c8 [452744.125319] \u00daltima direcci\u00f3n del evento de \u00faltima hora: [452744.125321] [<00000000d5930018>] iucv_path_sever+0x90/0x138 [452744.125 324] [452744.125325] P\u00e1nico del kernel: no se sincroniza: excepci\u00f3n fatal en la interrupci\u00f3n. Tenga en cuenta que bh_lock_sock () no serializa el contexto del tasklet con respecto al contexto del proceso, porque falta la verificaci\u00f3n de sock_owned_by_user() y el manejo correspondiente. Ideas para un futuro parche de limpieza: A) Uso correcto de bh_lock_sock() en el contexto del tasklet, como se describe en Volver a poner en cola, si es necesario. Esto puede requerir agregar valores de retorno a las funciones del tasklet y, por lo tanto, cambios para todos los usuarios de iucv. B) Cambie el tasklet iucv a trabajador y use solo lock_sock() en af_iucv." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42272.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42272.json index 83d8eeb2487..99cf00dd1ad 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42272.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42272.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42272", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:08.370", - "lastModified": "2024-08-19T05:15:07.530", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: act_ct: take care of padding in struct zones_ht_key\n\nBlamed commit increased lookup key size from 2 bytes to 16 bytes,\nbecause zones_ht_key got a struct net pointer.\n\nMake sure rhashtable_lookup() is not using the padding bytes\nwhich are not initialized.\n\n BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 [inline]\n BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:607 [inline]\n BUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KMSAN: uninit-value in rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n BUG: KMSAN: uninit-value in tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\n rht_ptr_rcu include/linux/rhashtable.h:376 [inline]\n __rhashtable_lookup include/linux/rhashtable.h:607 [inline]\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\n tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408\n tcf_action_init_1+0x6cc/0xb30 net/sched/act_api.c:1425\n tcf_action_init+0x458/0xf00 net/sched/act_api.c:1488\n tcf_action_add net/sched/act_api.c:2061 [inline]\n tc_ctl_action+0x4be/0x19d0 net/sched/act_api.c:2118\n rtnetlink_rcv_msg+0x12fc/0x1410 net/core/rtnetlink.c:6647\n netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2550\n rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6665\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:745\n ____sys_sendmsg+0x877/0xb60 net/socket.c:2597\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2651\n __sys_sendmsg net/socket.c:2680 [inline]\n __do_sys_sendmsg net/socket.c:2689 [inline]\n __se_sys_sendmsg net/socket.c:2687 [inline]\n __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2687\n x64_sys_call+0x2dd6/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable key created at:\n tcf_ct_flow_table_get+0x4a/0x2260 net/sched/act_ct.c:324\n tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: sched: act_ct: cuida el relleno en struct zonas_ht_key El commit culpada aument\u00f3 el tama\u00f1o de la clave de b\u00fasqueda de 2 bytes a 16 bytes, porque zonas_ht_key obtuvo un puntero de red de estructura. Aseg\u00farese de que rhashtable_lookup() no est\u00e9 utilizando los bytes de relleno que no est\u00e1n inicializados. ERROR: KMSAN: valor uninit en rht_ptr_rcu include/linux/rhashtable.h:376 [en l\u00ednea] ERROR: KMSAN: valor uninit en __rhashtable_lookup include/linux/rhashtable.h:607 [en l\u00ednea] ERROR: KMSAN: valor uninit en rhashtable_lookup include/linux/rhashtable.h:646 [en l\u00ednea] ERROR: KMSAN: valor uninit en rhashtable_lookup_fast include/linux/rhashtable.h:672 [en l\u00ednea] ERROR: KMSAN: valor uninit en tcf_ct_flow_table_get+0x611/0x2260 net/sched /act_ct.c:329 rht_ptr_rcu include/linux/rhashtable.h:376 [en l\u00ednea] __rhashtable_lookup include/linux/rhashtable.h:607 [en l\u00ednea] rhashtable_lookup include/linux/rhashtable.h:646 [en l\u00ednea] rhashtable_lookup_fast include/linux/ rhashtable.h:672 [en l\u00ednea] tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329 tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408 tcf_action_init_1+0x6cc/0xb30 net/sched/act_api.c:1425 tcf_action_init+0x458/0xf00 net/sched/act_api.c:1488 tcf_action_add net/sched/act_api.c:2061 [en l\u00ednea] tc_ctl_action+0x4be/0x19d0 net/sched/act_api.c:2118 rtnetlink_rcv_msg+0x12fc/0x1410 net /n\u00facleo/ rtnetlink.c:6647 netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2550 rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6665 netlink_unicast_kernel net/netlink/af_netlink.c:1331 [en l\u00ednea] netlink_unicast+0xf52/ 0x1260 net/netlink/af_netlink.c:1357 netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1901 sock_sendmsg_nosec net/socket.c:730 [en l\u00ednea] __sock_sendmsg+0x30f/0x380 net/socket.c:745 ____sys_s mensaje final+0x877 /0xb60 net/socket.c:2597 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2651 __sys_sendmsg net/socket.c:2680 [en l\u00ednea] __do_sys_sendmsg net/socket.c:2689 [en l\u00ednea] __se_sys_sendmsg net/socket. c: 2687 [en l\u00ednea] __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2687 x64_sys_call+0x2dd6/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea ] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x77/0x7f Clave de variable local creada en: tcf_ct_flow_table_get+0x4a/0x2260 net/sched/act_ct.c:324 tcf_ct_init+0xa67/0x2890 net /programado /act_ct.c:1408" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42273.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42273.json index dafd02b9ba5..32ad1634610 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42273.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42273.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42273", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:08.450", - "lastModified": "2024-08-17T09:15:08.450", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid\n\nmkdir /mnt/test/comp\nf2fs_io setflags compression /mnt/test/comp\ndd if=/dev/zero of=/mnt/test/comp/testfile bs=16k count=1\ntruncate --size 13 /mnt/test/comp/testfile\n\nIn the above scenario, we can get a BUG_ON.\n kernel BUG at fs/f2fs/segment.c:3589!\n Call Trace:\n do_write_page+0x78/0x390 [f2fs]\n f2fs_outplace_write_data+0x62/0xb0 [f2fs]\n f2fs_do_write_data_page+0x275/0x740 [f2fs]\n f2fs_write_single_data_page+0x1dc/0x8f0 [f2fs]\n f2fs_write_multi_pages+0x1e5/0xae0 [f2fs]\n f2fs_write_cache_pages+0xab1/0xc60 [f2fs]\n f2fs_write_data_pages+0x2d8/0x330 [f2fs]\n do_writepages+0xcf/0x270\n __writeback_single_inode+0x44/0x350\n writeback_sb_inodes+0x242/0x530\n __writeback_inodes_wb+0x54/0xf0\n wb_writeback+0x192/0x310\n wb_workfn+0x30d/0x400\n\nThe reason is we gave CURSEG_ALL_DATA_ATGC to COMPR_ADDR where the\npage was set the gcing flag by set_cluster_dirty()." + }, + { + "lang": "es", + "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: f2fs: asigna CURSEG_ALL_DATA_ATGC si blkaddr es v\u00e1lido mkdir /mnt/test/comp f2fs_io setflags compresi\u00f3n /mnt/test/comp dd if=/dev/zero of=/mnt/test/ comp/testfile bs=16k count=1 truncate --size 13 /mnt/test/comp/testfile En el escenario anterior, podemos obtener un BUG_ON. \u00a1ERROR del kernel en fs/f2fs/segment.c:3589! Seguimiento de llamadas: do_write_page+0x78/0x390 [f2fs] f2fs_outplace_write_data+0x62/0xb0 [f2fs] f2fs_do_write_data_page+0x275/0x740 [f2fs] f2fs_write_single_data_page+0x1dc/0x8f0 [f2fs_write_multi_ p\u00e1ginas+0x1e5/0xae0 [f2fs] f2fs_write_cache_p\u00e1ginas+0xab1/0xc60 [f2fs ] f2fs_write_data_pages+0x2d8/0x330 [f2fs] do_writepages+0xcf/0x270 __writeback_single_inode+0x44/0x350 writeback_sb_inodes+0x242/0x530 __writeback_inodes_wb+0x54/0xf0 wb_writeback+0x192/0x3 10 wb_workfn+0x30d/0x400 La raz\u00f3n es que le dimos CURSEG_ALL_DATA_ATGC a COMPR_ADDR donde est\u00e1 la p\u00e1gina set_cluster_dirty() estableci\u00f3 la bandera gcing." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42274.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42274.json index f6d94f2f016..e063d264542 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42274.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42274.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42274", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:08.530", - "lastModified": "2024-08-19T05:15:07.610", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"ALSA: firewire-lib: operate for period elapse event in process context\"\n\nCommit 7ba5ca32fe6e (\"ALSA: firewire-lib: operate for period elapse event\nin process context\") removed the process context workqueue from\namdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove\nits overhead.\n\nWith RME Fireface 800, this lead to a regression since\nKernels 5.14.0, causing an AB/BA deadlock competition for the\nsubstream lock with eventual system freeze under ALSA operation:\n\nthread 0:\n * (lock A) acquire substream lock by\n\tsnd_pcm_stream_lock_irq() in\n\tsnd_pcm_status64()\n * (lock B) wait for tasklet to finish by calling\n \ttasklet_unlock_spin_wait() in\n\ttasklet_disable_in_atomic() in\n\tohci_flush_iso_completions() of ohci.c\n\nthread 1:\n * (lock B) enter tasklet\n * (lock A) attempt to acquire substream lock,\n \twaiting for it to be released:\n\tsnd_pcm_stream_lock_irqsave() in\n \tsnd_pcm_period_elapsed() in\n\tupdate_pcm_pointers() in\n\tprocess_ctx_payloads() in\n\tprocess_rx_packets() of amdtp-stream.c\n\n? tasklet_unlock_spin_wait\n \n \nohci_flush_iso_completions firewire_ohci\namdtp_domain_stream_pcm_pointer snd_firewire_lib\nsnd_pcm_update_hw_ptr0 snd_pcm\nsnd_pcm_status64 snd_pcm\n\n? native_queued_spin_lock_slowpath\n \n \n_raw_spin_lock_irqsave\nsnd_pcm_period_elapsed snd_pcm\nprocess_rx_packets snd_firewire_lib\nirq_target_callback snd_firewire_lib\nhandle_it_packet firewire_ohci\ncontext_tasklet firewire_ohci\n\nRestore the process context work queue to prevent deadlock\nAB/BA deadlock competition for ALSA substream lock of\nsnd_pcm_stream_lock_irq() in snd_pcm_status64()\nand snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed().\n\nrevert commit 7ba5ca32fe6e (\"ALSA: firewire-lib: operate for period\nelapse event in process context\")\n\nReplace inline description to prevent future deadlock." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Revertir \"ALSA: firewire-lib: operar durante el evento transcurrido en el contexto del proceso\" commit 7ba5ca32fe6e (\"ALSA: firewire-lib: operar durante el evento transcurrido en el contexto del proceso\") eliminada la cola de trabajo del contexto del proceso de amdtp_domain_stream_pcm_pointer() y update_pcm_pointers() para eliminar su sobrecarga. Con RME Fireface 800, esto condujo a una regresi\u00f3n desde Kernels 5.14.0, lo que provoc\u00f3 una competencia de punto muerto AB/BA para el bloqueo de substream con una eventual congelaci\u00f3n del sistema bajo la operaci\u00f3n ALSA: subproceso 0: * (bloqueo A) adquiere el bloqueo de substream mediante snd_pcm_stream_lock_irq() en snd_pcm_status64() * (bloqueo B) espere a que finalice el tasklet llamando a tasklet_unlock_spin_wait() en tasklet_disable_in_atomic() en ohci_flush_iso_completions() del subproceso 1 de ohci.c: * (bloqueo B) ingrese al tasklet * (bloqueo A) intente adquirir el subflujo bloquear, esperando a que se libere: snd_pcm_stream_lock_irqsave() en snd_pcm_period_elapsed() en update_pcm_pointers() en Process_ctx_payloads() en Process_rx_packets() de amdtp-stream.c? tasklet_unlock_spin_wait ohci_flush_iso_completions firewire_ohci amdtp_domain_stream_pcm_pointer snd_firewire_lib snd_pcm_update_hw_ptr0 snd_pcm snd_pcm_status64 snd_pcm ? nativo_queued_spin_lock_slowpath _raw_spin_lock_irqsave snd_pcm_period_elapsed snd_pcm Process_rx_packets snd_firewire_lib irq_target_callback snd_firewire_lib handle_it_packet firewire_ohci context_tasklet firewire_ohci Restaurar la cola de trabajo del contexto del proceso para evitar un punto muerto Competencia de punto muerto AB/BA para el bloqueo de subtransmisi\u00f3n ALSA de snd_pcm_stream_lock_irq() en snd_pcm_status64() y snd_pcm_stream_lock_irqsave() en snd_pcm_period_elapsed(). revertir el commit 7ba5ca32fe6e (\"ALSA: firewire-lib: operar durante el evento de per\u00edodo transcurrido en el contexto del proceso\") Reemplace la descripci\u00f3n en l\u00ednea para evitar futuros interbloqueos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42275.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42275.json index a497f223ae1..95f7ed47eb7 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42275.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42275.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42275", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:08.613", - "lastModified": "2024-08-17T09:15:08.613", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: Fix error code in drm_client_buffer_vmap_local()\n\nThis function accidentally returns zero/success on the failure path.\nIt leads to locking issues and an uninitialized *map_copy in the\ncaller." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/client: corrige el c\u00f3digo de error en drm_client_buffer_vmap_local() Esta funci\u00f3n devuelve accidentalmente cero/\u00e9xito en la ruta de error. Conduce a problemas de bloqueo y a un *map_copy no inicializado en la persona que llama." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42276.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42276.json index d57e0adc49b..2c289e49c28 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42276.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42276.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42276", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:08.673", - "lastModified": "2024-08-19T05:15:07.693", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: add missing condition check for existence of mapped data\n\nnvme_map_data() is called when request has physical segments, hence\nthe nvme_unmap_data() should have same condition to avoid dereference." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: nvme-pci: agrega condici\u00f3n faltante para verificar la existencia de datos mapeados. Se llama a nvme_map_data() cuando la solicitud tiene segmentos f\u00edsicos, por lo tanto, nvme_unmap_data() debe tener la misma condici\u00f3n para evitar la desreferencia." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42277.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42277.json index e38054b471a..c4be0c9521b 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42277.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42277.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42277", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:08.750", - "lastModified": "2024-08-19T05:15:07.803", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: sprd: Avoid NULL deref in sprd_iommu_hw_en\n\nIn sprd_iommu_cleanup() before calling function sprd_iommu_hw_en()\ndom->sdev is equal to NULL, which leads to null dereference.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu: sprd: Evite la deref NULL en sprd_iommu_hw_en En sprd_iommu_cleanup() antes de llamar a la funci\u00f3n sprd_iommu_hw_en() dom->sdev es igual a NULL, lo que conduce a una desreferencia nula. Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con SVACE." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42278.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42278.json index 84789bc9b23..bbbf419e45a 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42278.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42278.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42278", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:08.813", - "lastModified": "2024-08-17T09:15:08.813", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: TAS2781: Fix tasdev_load_calibrated_data()\n\nThis function has a reversed if statement so it's either a no-op or it\nleads to a NULL dereference." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ASoC: TAS2781: Fix tasdev_load_calibrated_data() Esta funci\u00f3n tiene una declaraci\u00f3n if invertida, por lo que no funciona o conduce a una desreferencia NULL." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42279.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42279.json index 2a881cfbca0..1a29ad6e18d 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42279.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42279.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42279", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:08.880", - "lastModified": "2024-08-17T09:15:08.880", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer\n\nWhile transmitting with rx_len == 0, the RX FIFO is not going to be\nemptied in the interrupt handler. A subsequent transfer could then\nread crap from the previous transfer out of the RX FIFO into the\nstart RX buffer. The core provides a register that will empty the RX and\nTX FIFOs, so do that before each transfer." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: microchip-core: aseg\u00farese de que los FIFO de TX y RX est\u00e9n vac\u00edos al inicio de una transferencia. Mientras se transmite con rx_len == 0, el FIFO de RX no se vaciar\u00e1 en la interrupci\u00f3n entrenador de animales. Una transferencia posterior podr\u00eda leer basura de la transferencia anterior desde el RX FIFO al b\u00fafer de inicio de RX. El n\u00facleo proporciona un registro que vaciar\u00e1 los FIFO RX y TX, as\u00ed que h\u00e1galo antes de cada transferencia." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42280.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42280.json index 1c9aff5d60c..0918ee8f3e1 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42280.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42280.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42280", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:08.943", - "lastModified": "2024-08-19T05:15:07.870", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: Fix a use after free in hfcmulti_tx()\n\nDon't dereference *sp after calling dev_kfree_skb(*sp)." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mISDN: corrige un use after free en hfcmulti_tx() No elimine la referencia a *sp despu\u00e9s de llamar a dev_kfree_skb(*sp)." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42281.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42281.json index f7c9d541945..601c63184be 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42281.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42281.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42281", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:09.013", - "lastModified": "2024-08-19T05:15:07.940", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a segment issue when downgrading gso_size\n\nLinearize the skb when downgrading gso_size because it may trigger a\nBUG_ON() later when the skb is segmented as described in [1,2]." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: soluciona un problema de segmento al degradar gso_size Lineariza el skb al degradar gso_size porque puede desencadenar un BUG_ON() m\u00e1s adelante cuando el skb se segmenta como se describe en [1,2]." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42282.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42282.json index ef72178d978..d24c1396658 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42282.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42282.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42282", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:09.090", - "lastModified": "2024-08-17T09:15:09.090", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mediatek: Fix potential NULL pointer dereference in dummy net_device handling\n\nMove the freeing of the dummy net_device from mtk_free_dev() to\nmtk_remove().\n\nPreviously, if alloc_netdev_dummy() failed in mtk_probe(),\neth->dummy_dev would be NULL. The error path would then call\nmtk_free_dev(), which in turn called free_netdev() assuming dummy_dev\nwas allocated (but it was not), potentially causing a NULL pointer\ndereference.\n\nBy moving free_netdev() to mtk_remove(), we ensure it's only called when\nmtk_probe() has succeeded and dummy_dev is fully allocated. This\naddresses a potential NULL pointer dereference detected by Smatch[1]." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: mediatek: corrige la posible desreferencia del puntero NULL en el manejo del net_device ficticio. Mueva la liberaci\u00f3n del net_device ficticio de mtk_free_dev() a mtk_remove(). Anteriormente, si alloc_netdev_dummy() fallaba en mtk_probe(), eth->dummy_dev ser\u00eda NULL. La ruta de error luego llamar\u00eda a mtk_free_dev(), que a su vez llamar\u00eda a free_netdev() suponiendo que dummy_dev estuviera asignado (pero no lo estaba), causando potencialmente una desreferencia del puntero NULL. Al mover free_netdev() a mtk_remove(), nos aseguramos de que solo se llame cuando mtk_probe() haya tenido \u00e9xito y dummy_dev est\u00e9 completamente asignado. Esto soluciona una posible desreferencia de puntero NULL detectada por Smatch[1]." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42283.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42283.json index de055e14dfa..84d1bed72dc 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42283.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42283.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42283", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:09.163", - "lastModified": "2024-08-19T05:15:08.010", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nexthop: Initialize all fields in dumped nexthops\n\nstruct nexthop_grp contains two reserved fields that are not initialized by\nnla_put_nh_group(), and carry garbage. This can be observed e.g. with\nstrace (edited for clarity):\n\n # ip nexthop add id 1 dev lo\n # ip nexthop add id 101 group 1\n # strace -e recvmsg ip nexthop get id 101\n ...\n recvmsg(... [{nla_len=12, nla_type=NHA_GROUP},\n [{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52\n\nThe fields are reserved and therefore not currently used. But as they are, they\nleak kernel memory, and the fact they are not just zero complicates repurposing\nof the fields for new ends. Initialize the full structure." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: nexthop: inicializa todos los campos en la estructura nexthops volcada. nexthop_grp contiene dos campos reservados que no son inicializados por nla_put_nh_group() y transporta basura. Esto se puede observar, por ejemplo, con strace (editado para mayor claridad): # ip nexthop add id 1 dev lo # ip nexthop add id 101 group 1 # strace -e recvmsg ip nexthop get id 101 ... recvmsg(... [{nla_len =12, nla_type=NHA_GROUP}, [{id=1, peso=0, resvd1=0x69, resvd2=0x67}]] ...) = 52 Los campos est\u00e1n reservados y, por lo tanto, no se utilizan actualmente. Pero tal como est\u00e1n, pierden memoria del n\u00facleo, y el hecho de que no sean simplemente cero complica la reutilizaci\u00f3n de los campos para nuevos fines. Inicialice la estructura completa." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42284.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42284.json index f1effdbc737..b950b023df6 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42284.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42284.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42284", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:09.233", - "lastModified": "2024-08-19T05:15:08.070", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Return non-zero value from tipc_udp_addr2str() on error\n\ntipc_udp_addr2str() should return non-zero value if the UDP media\naddress is invalid. Otherwise, a buffer overflow access can occur in\ntipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP\nmedia address." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tipc: Devuelve un valor distinto de cero desde tipc_udp_addr2str() en caso de error tipc_udp_addr2str() deber\u00eda devolver un valor distinto de cero si la direcci\u00f3n de medios UDP no es v\u00e1lida. De lo contrario, puede ocurrir un acceso de desbordamiento del b\u00fafer en tipc_media_addr_printf(). Solucione este problema devolviendo 1 en una direcci\u00f3n de medios UDP no v\u00e1lida." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42285.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42285.json index 0ed6116ec7e..98ca0b5ae31 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42285.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42285.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42285", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:09.300", - "lastModified": "2024-08-19T05:15:08.133", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix a use-after-free related to destroying CM IDs\n\niw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with\nan existing struct iw_cm_id (cm_id) as follows:\n\n conn_id->cm_id.iw = cm_id;\n cm_id->context = conn_id;\n cm_id->cm_handler = cma_iw_handler;\n\nrdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make\nsure that cm_work_handler() does not trigger a use-after-free by only\nfreeing of the struct rdma_id_private after all pending work has finished." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: RDMA/iwcm: corrige un use-after-free relacionado con la destrucci\u00f3n de ID de CM iw_conn_req_handler() asocia una nueva estructura rdma_id_private (conn_id) con una estructura iw_cm_id (cm_id) existente de la siguiente manera: conn_id->cm_id.iw = cm_id; cm_id->context = conn_id; cm_id->cm_handler = cma_iw_handler; rdma_destroy_id() libera tanto cm_id como struct rdma_id_private. Aseg\u00farese de que cm_work_handler() no active un use-after-free liberando solo la estructura rdma_id_private despu\u00e9s de que todo el trabajo pendiente haya finalizado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42286.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42286.json index bae6194d88b..27cacf9311a 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42286.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42286.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42286", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:09.380", - "lastModified": "2024-08-19T05:15:08.200", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: validate nvme_local_port correctly\n\nThe driver load failed with error message,\n\nqla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef\n\nand with a kernel crash,\n\n\tBUG: unable to handle kernel NULL pointer dereference at 0000000000000070\n\tWorkqueue: events_unbound qla_register_fcport_fn [qla2xxx]\n\tRIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc]\n\tRSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282\n\tRAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000\n\tRDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000\n\tRBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030\n\tR10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4\n\tR13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8\n\tFS: 0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000\n\tCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\tCR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0\n\tCall Trace:\n\tqla_nvme_register_remote+0xeb/0x1f0 [qla2xxx]\n\t? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx]\n\tqla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx]\n\tqla_register_fcport_fn+0x54/0xc0 [qla2xxx]\n\nExit the qla_nvme_register_remote() function when qla_nvme_register_hba()\nfails and correctly validate nvme_local_port." + }, + { + "lang": "es", + "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: scsi: qla2xxx: validar nvme_local_port correctamente La carga del controlador fall\u00f3 con mensaje de error, qla2xxx [0000:04:00.0]-ffff:0: Register_localport fall\u00f3: ret=ffffffef y con un kernel bloqueo, ERROR: no se puede manejar la desreferencia del puntero NULL del kernel en 0000000000000070 Cola de trabajo: events_unbound qla_register_fcport_fn [qla2xxx] RIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc] RSP: ffffaaa040eb3d98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 00000000000000000 RDX : ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000 RBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030 R10: 305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4 R13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8 FS: 0000000000000000(0000 ) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0 Seguimiento de llamadas: qla_nvme_register_remote+0xeb/0x1 f0 [qla2xxx] ? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx] qla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx] qla_register_fcport_fn+0x54/0xc0 [qla2xxx] Salga de la funci\u00f3n qla_nvme_register_remote() cuando qla_nvme_register_hba () falla y valida correctamente nvme_local_port." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42287.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42287.json index b79635917a6..42f82cd1f73 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42287.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42287.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42287", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:09.453", - "lastModified": "2024-08-19T05:15:08.277", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Complete command early within lock\n\nA crash was observed while performing NPIV and FW reset,\n\n BUG: kernel NULL pointer dereference, address: 000000000000001c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 1 PREEMPT_RT SMP NOPTI\n RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n RSP: 0018:ffffc90026f47b88 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000002\n RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8881041130d0\n RBP: ffff8881041130d0 R08: 0000000000000000 R09: 0000000000000034\n R10: ffffc90026f47c48 R11: 0000000000000031 R12: 0000000000000000\n R13: 0000000000000000 R14: ffff8881565e4a20 R15: 0000000000000000\n FS: 00007f4c69ed3d00(0000) GS:ffff889faac80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000001c CR3: 0000000288a50002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x16f/0x4a0\n ? do_user_addr_fault+0x174/0x7f0\n ? exc_page_fault+0x69/0x1a0\n ? asm_exc_page_fault+0x22/0x30\n ? dma_direct_unmap_sg+0x51/0x1e0\n ? preempt_count_sub+0x96/0xe0\n qla2xxx_qpair_sp_free_dma+0x29f/0x3b0 [qla2xxx]\n qla2xxx_qpair_sp_compl+0x60/0x80 [qla2xxx]\n __qla2x00_abort_all_cmds+0xa2/0x450 [qla2xxx]\n\nThe command completion was done early while aborting the commands in driver\nunload path but outside lock to avoid the WARN_ON condition of performing\ndma_free_attr within the lock. However this caused race condition while\ncommand completion via multiple paths causing system crash.\n\nHence complete the command early in unload path but within the lock to\navoid race condition." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: scsi: qla2xxx: comando completo temprano dentro del bloqueo Se observ\u00f3 un bloqueo al realizar el restablecimiento de NPIV y FW, ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 000000000000001c #PF: acceso de lectura del supervisor en el kernel modo #PF: error_code(0x0000) - p\u00e1gina no presente PGD 0 P4D 0 Ups: 0000 1 PREEMPT_RT SMP NOPTI RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0 RSP: 0018:ffffc90026f47b88 EFLAGS: 00010246 RAX: 000000000000000 RBX: 0000000000000021 RCX: 0000000000000002 RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8881041130d0 RBP: ffff8881041130d0 R08: 00000000000000000 R09: 0000000000000034 R10: ffffc90026f47c48 R11: 0000000000000031 R12: 0000000000000000 R13: 0000000000000000 R14: ffff8881565e4a20 R15: 0000000000000000 FS: 007f4c69ed3d00(0000) GS:ffff889faac80000(0000) knlGS: 0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000001c CR3: 0000000288a50002 CR4: 00000000007706e0 DR0: 000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffe0ff0 DR7: 0000000000000400 PKRU: 5555555 4 Seguimiento de llamadas: ? __die_body+0x1a/0x60 ? page_fault_oops+0x16f/0x4a0? do_user_addr_fault+0x174/0x7f0? exc_page_fault+0x69/0x1a0? asm_exc_page_fault+0x22/0x30? dma_direct_unmap_sg+0x51/0x1e0? preempt_count_sub+0x96/0xe0 qla2xxx_qpair_sp_free_dma+0x29f/0x3b0 [qla2xxx] qla2xxx_qpair_sp_compl+0x60/0x80 [qla2xxx] __qla2x00_abort_all_cmds+0xa2/0x450 [qla2xxx] La finalizaci\u00f3n del comando se realiz\u00f3 antes de tiempo al cancelar los comandos en la ruta de descarga del controlador pero fuera del bloqueo para evitar el WARN_ON condici\u00f3n de realizar dma_free_attr dentro de la cerradura. Sin embargo, esto provoc\u00f3 una condici\u00f3n de ejecuci\u00f3n mientras el comando se completaba a trav\u00e9s de m\u00faltiples rutas, lo que provoc\u00f3 un bloqueo del sistema. Por lo tanto, complete el comando temprano en la ruta de descarga pero dentro del bloqueo para evitar la condici\u00f3n de ejecuci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42288.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42288.json index 0686e6f31b3..299860588fd 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42288.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42288.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42288", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:09.523", - "lastModified": "2024-08-19T05:15:08.343", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix for possible memory corruption\n\nInit Control Block is dereferenced incorrectly. Correctly dereference ICB" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: qla2xxx: Correcci\u00f3n de posible corrupci\u00f3n de la memoria Init Control Block est\u00e1 desreferenciada incorrectamente. Desreferenciar correctamente ICB" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42289.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42289.json index 1ec7e7adefa..03deebf6c56 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42289.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42289.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42289", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:09.590", - "lastModified": "2024-08-19T05:15:08.403", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: During vport delete send async logout explicitly\n\nDuring vport delete, it is observed that during unload we hit a crash\nbecause of stale entries in outstanding command array. For all these stale\nI/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but\nI/Os could not complete while vport delete is in process of deleting.\n\n BUG: kernel NULL pointer dereference, address: 000000000000001c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n Workqueue: qla2xxx_wq qla_do_work [qla2xxx]\n RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001\n RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0\n RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8\n R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000\n R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0\n Call Trace:\n \n qla2xxx_qpair_sp_free_dma+0x417/0x4e0\n ? qla2xxx_qpair_sp_compl+0x10d/0x1a0\n ? qla2x00_status_entry+0x768/0x2830\n ? newidle_balance+0x2f0/0x430\n ? dequeue_entity+0x100/0x3c0\n ? qla24xx_process_response_queue+0x6a1/0x19e0\n ? __schedule+0x2d5/0x1140\n ? qla_do_work+0x47/0x60\n ? process_one_work+0x267/0x440\n ? process_one_work+0x440/0x440\n ? worker_thread+0x2d/0x3d0\n ? process_one_work+0x440/0x440\n ? kthread+0x156/0x180\n ? set_kthread_struct+0x50/0x50\n ? ret_from_fork+0x22/0x30\n \n\nSend out async logout explicitly for all the ports during vport delete." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: scsi: qla2xxx: durante la eliminaci\u00f3n de vport, env\u00ede el cierre de sesi\u00f3n as\u00edncrono expl\u00edcitamente. Durante la eliminaci\u00f3n de vport, se observa que durante la descarga sufrimos un bloqueo debido a entradas obsoletas en la matriz de comandos pendientes. Para todas estas entradas de E/S obsoletas, se emiti\u00f3 y cancel\u00f3 eh_abort (fast_fail_io = 2009h), pero las E/S no se pudieron completar mientras la eliminaci\u00f3n de vport estaba en proceso de eliminaci\u00f3n. ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 000000000000001c #PF: acceso de lectura del supervisor en modo kernel #PF: c\u00f3digo_error(0x0000) - p\u00e1gina no presente PGD 0 P4D 0 Vaya: 0000 [#1] Cola de trabajo PREEMPT SMP NOPTI: qla2xxx_wq qla_do_work [ qla2xxx] RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0 RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046 RAX: 00000000000000000 RBX: 0000000000000021 RCX: 0000000001 RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0 RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: 10: ffff8ce378aac8a0 R11 : ffffa1e1e150f9d8 R12: 0000000000000000 R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 00000000000000000 FS: 0000000000000000(0000) ffff8d217f000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000001c CR3: 0000002089acc000 0000000000350ee0 Seguimiento de llamadas: qla2xxx_qpair_sp_free_dma+0x417/0x4e0 ? qla2xxx_qpair_sp_compl+0x10d/0x1a0 ? qla2x00_status_entry+0x768/0x2830? newidle_balance+0x2f0/0x430? dequeue_entity+0x100/0x3c0? qla24xx_process_response_queue+0x6a1/0x19e0? __programaci\u00f3n+0x2d5/0x1140 ? qla_do_work+0x47/0x60 ? proceso_one_work+0x267/0x440? proceso_one_work+0x440/0x440? hilo_trabajador+0x2d/0x3d0? proceso_one_work+0x440/0x440? khilo+0x156/0x180? set_kthread_struct+0x50/0x50? ret_from_fork+0x22/0x30 Env\u00eda el cierre de sesi\u00f3n as\u00edncrono expl\u00edcitamente para todos los puertos durante la eliminaci\u00f3n de vport." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42290.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42290.json index 8635e594669..6760d2fa365 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42290.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42290.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42290", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:09.663", - "lastModified": "2024-08-19T05:15:08.467", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/imx-irqsteer: Handle runtime power management correctly\n\nThe power domain is automatically activated from clk_prepare(). However, on\ncertain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokes\nsleeping functions, which triggers the 'scheduling while atomic' bug in the\ncontext switch path during device probing:\n\n BUG: scheduling while atomic: kworker/u13:1/48/0x00000002\n Call trace:\n __schedule_bug+0x54/0x6c\n __schedule+0x7f0/0xa94\n schedule+0x5c/0xc4\n schedule_preempt_disabled+0x24/0x40\n __mutex_lock.constprop.0+0x2c0/0x540\n __mutex_lock_slowpath+0x14/0x20\n mutex_lock+0x48/0x54\n clk_prepare_lock+0x44/0xa0\n clk_prepare+0x20/0x44\n imx_irqsteer_resume+0x28/0xe0\n pm_generic_runtime_resume+0x2c/0x44\n __genpd_runtime_resume+0x30/0x80\n genpd_runtime_resume+0xc8/0x2c0\n __rpm_callback+0x48/0x1d8\n rpm_callback+0x6c/0x78\n rpm_resume+0x490/0x6b4\n __pm_runtime_resume+0x50/0x94\n irq_chip_pm_get+0x2c/0xa0\n __irq_do_set_handler+0x178/0x24c\n irq_set_chained_handler_and_data+0x60/0xa4\n mxc_gpio_probe+0x160/0x4b0\n\nCure this by implementing the irq_bus_lock/sync_unlock() interrupt chip\ncallbacks and handle power management in them as they are invoked from\nnon-atomic context.\n\n[ tglx: Rewrote change log, added Fixes tag ]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: irqchip/imx-irqsteer: manejar correctamente la administraci\u00f3n de energ\u00eda en tiempo de ejecuci\u00f3n. El dominio de energ\u00eda se activa autom\u00e1ticamente desde clk_prepare(). Sin embargo, en ciertas plataformas como i.MX8QM e i.MX8QXP, el manejo de encendido invoca funciones de suspensi\u00f3n, lo que desencadena el error de 'programaci\u00f3n mientras es at\u00f3mico' en la ruta de cambio de contexto durante la prueba del dispositivo: ERROR: programaci\u00f3n mientras es at\u00f3mico: kworker/u13 :1/48/0x00000002 Seguimiento de llamadas: __schedule_bug+0x54/0x6c __schedule+0x7f0/0xa94 Schedule+0x5c/0xc4 Schedule_preempt_disabled+0x24/0x40 __mutex_lock.constprop.0+0x2c0/0x540 __mutex_lock_slowpath+0x14/0 x20 mutex_lock+0x48/0x54 clk_prepare_lock+ 0x44/0xa0 clk_prepare+0x20/0x44 imx_irqsteer_resume+0x28/0xe0 pm_generic_runtime_resume+0x2c/0x44 __genpd_runtime_resume+0x30/0x80 genpd_runtime_resume+0xc8/0x2c0 __rpm_callback+0x48/0x1d8 rpm_callback+0x6c/0x78 rpm_resume+0x490/0x6b4 __pm_runtime_resume+0x50/0x94 irq_chip_pm_get+ 0x2c/0xa0 __irq_do_set_handler+0x178/0x24c irq_set_chained_handler_and_data+0x60/0xa4 mxc_gpio_probe+0x160/0x4b0 Solucione esto implementando las devoluciones de llamada del chip de interrupci\u00f3n irq_bus_lock/sync_unlock() y maneje la administraci\u00f3n de energ\u00eda en ellos a medida que se invocan desde un contexto no at\u00f3mico. [tglx: registro de cambios reescrito, etiqueta de correcciones agregada]" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42291.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42291.json index ef9be222499..0a1330f804d 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42291.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42291.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42291", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:09.730", - "lastModified": "2024-08-17T09:15:09.730", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add a per-VF limit on number of FDIR filters\n\nWhile the iavf driver adds a s/w limit (128) on the number of FDIR\nfilters that the VF can request, a malicious VF driver can request more\nthan that and exhaust the resources for other VFs.\n\nAdd a similar limit in ice." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ice: agregue un l\u00edmite por VF en la cantidad de filtros FDIR. Mientras que el controlador iavf agrega un l\u00edmite as/w (128) en la cantidad de filtros FDIR que el VF puede solicitar, se el controlador VF malicioso puede solicitar m\u00e1s que eso y agotar los recursos para otros VF. Agregue un l\u00edmite similar en hielo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42292.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42292.json index 3591a101be7..950db137487 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42292.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42292.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42292", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:09.797", - "lastModified": "2024-08-19T05:15:08.530", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkobject_uevent: Fix OOB access within zap_modalias_env()\n\nzap_modalias_env() wrongly calculates size of memory block to move, so\nwill cause OOB memory access issue if variable MODALIAS is not the last\none within its @env parameter, fixed by correcting size to memmove." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: kobject_uevent: corrige el acceso OOB dentro de zap_modalias_env() zap_modalias_env() calcula incorrectamente el tama\u00f1o del bloque de memoria a mover, por lo que causar\u00e1 un problema de acceso a la memoria OOB si la variable MODALIAS no es la \u00faltima dentro de su Par\u00e1metro @env, corregido corrigiendo el tama\u00f1o a memmove." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42293.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42293.json index 56dddd794d0..c49bbfff312 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42293.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42293.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42293", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:09.867", - "lastModified": "2024-08-17T09:15:09.867", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: mm: Fix lockless walks with static and dynamic page-table folding\n\nLina reports random oopsen originating from the fast GUP code when\n16K pages are used with 4-level page-tables, the fourth level being\nfolded at runtime due to lack of LPA2.\n\nIn this configuration, the generic implementation of\np4d_offset_lockless() will return a 'p4d_t *' corresponding to the\n'pgd_t' allocated on the stack of the caller, gup_fast_pgd_range().\nThis is normally fine, but when the fourth level of page-table is folded\nat runtime, pud_offset_lockless() will offset from the address of the\n'p4d_t' to calculate the address of the PUD in the same page-table page.\nThis results in a stray stack read when the 'p4d_t' has been allocated\non the stack and can send the walker into the weeds.\n\nFix the problem by providing our own definition of p4d_offset_lockless()\nwhen CONFIG_PGTABLE_LEVELS <= 4 which returns the real page-table\npointer rather than the address of the local stack variable." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64: mm: corrige recorridos sin bloqueo con plegado de tablas de p\u00e1ginas est\u00e1ticas y din\u00e1micas. Lina informa oopsen aleatorios que se originan en el c\u00f3digo GUP r\u00e1pido cuando se utilizan p\u00e1ginas de 16 KB con tablas de p\u00e1ginas de 4 niveles. el cuarto nivel se pliega en tiempo de ejecuci\u00f3n debido a la falta de LPA2. En esta configuraci\u00f3n, la implementaci\u00f3n gen\u00e9rica de p4d_offset_lockless() devolver\u00e1 un 'p4d_t *' correspondiente al 'pgd_t' asignado en la pila de la persona que llama, gup_fast_pgd_range(). Esto normalmente est\u00e1 bien, pero cuando el cuarto nivel de la tabla de p\u00e1ginas se pliega en tiempo de ejecuci\u00f3n, pud_offset_lockless() se desplazar\u00e1 de la direcci\u00f3n de 'p4d_t' para calcular la direcci\u00f3n del PUD en la misma p\u00e1gina de la tabla de p\u00e1ginas. Esto da como resultado una lectura de pila perdida cuando el 'p4d_t' se ha asignado en la pila y puede enviar al caminante hacia la maleza. Solucione el problema proporcionando nuestra propia definici\u00f3n de p4d_offset_lockless() cuando CONFIG_PGTABLE_LEVELS <= 4, que devuelve el puntero de la tabla de p\u00e1ginas real en lugar de la direcci\u00f3n de la variable de pila local." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42294.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42294.json index 0f67052328b..9390a3b9a55 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42294.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42294.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42294", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:09.947", - "lastModified": "2024-08-17T09:15:09.947", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix deadlock between sd_remove & sd_release\n\nOur test report the following hung task:\n\n[ 2538.459400] INFO: task \"kworker/0:0\":7 blocked for more than 188 seconds.\n[ 2538.459427] Call trace:\n[ 2538.459430] __switch_to+0x174/0x338\n[ 2538.459436] __schedule+0x628/0x9c4\n[ 2538.459442] schedule+0x7c/0xe8\n[ 2538.459447] schedule_preempt_disabled+0x24/0x40\n[ 2538.459453] __mutex_lock+0x3ec/0xf04\n[ 2538.459456] __mutex_lock_slowpath+0x14/0x24\n[ 2538.459459] mutex_lock+0x30/0xd8\n[ 2538.459462] del_gendisk+0xdc/0x350\n[ 2538.459466] sd_remove+0x30/0x60\n[ 2538.459470] device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459474] device_release_driver+0x18/0x28\n[ 2538.459478] bus_remove_device+0x15c/0x174\n[ 2538.459483] device_del+0x1d0/0x358\n[ 2538.459488] __scsi_remove_device+0xa8/0x198\n[ 2538.459493] scsi_forget_host+0x50/0x70\n[ 2538.459497] scsi_remove_host+0x80/0x180\n[ 2538.459502] usb_stor_disconnect+0x68/0xf4\n[ 2538.459506] usb_unbind_interface+0xd4/0x280\n[ 2538.459510] device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459514] device_release_driver+0x18/0x28\n[ 2538.459518] bus_remove_device+0x15c/0x174\n[ 2538.459523] device_del+0x1d0/0x358\n[ 2538.459528] usb_disable_device+0x84/0x194\n[ 2538.459532] usb_disconnect+0xec/0x300\n[ 2538.459537] hub_event+0xb80/0x1870\n[ 2538.459541] process_scheduled_works+0x248/0x4dc\n[ 2538.459545] worker_thread+0x244/0x334\n[ 2538.459549] kthread+0x114/0x1bc\n\n[ 2538.461001] INFO: task \"fsck.\":15415 blocked for more than 188 seconds.\n[ 2538.461014] Call trace:\n[ 2538.461016] __switch_to+0x174/0x338\n[ 2538.461021] __schedule+0x628/0x9c4\n[ 2538.461025] schedule+0x7c/0xe8\n[ 2538.461030] blk_queue_enter+0xc4/0x160\n[ 2538.461034] blk_mq_alloc_request+0x120/0x1d4\n[ 2538.461037] scsi_execute_cmd+0x7c/0x23c\n[ 2538.461040] ioctl_internal_command+0x5c/0x164\n[ 2538.461046] scsi_set_medium_removal+0x5c/0xb0\n[ 2538.461051] sd_release+0x50/0x94\n[ 2538.461054] blkdev_put+0x190/0x28c\n[ 2538.461058] blkdev_release+0x28/0x40\n[ 2538.461063] __fput+0xf8/0x2a8\n[ 2538.461066] __fput_sync+0x28/0x5c\n[ 2538.461070] __arm64_sys_close+0x84/0xe8\n[ 2538.461073] invoke_syscall+0x58/0x114\n[ 2538.461078] el0_svc_common+0xac/0xe0\n[ 2538.461082] do_el0_svc+0x1c/0x28\n[ 2538.461087] el0_svc+0x38/0x68\n[ 2538.461090] el0t_64_sync_handler+0x68/0xbc\n[ 2538.461093] el0t_64_sync+0x1a8/0x1ac\n\n T1:\t\t\t\tT2:\n sd_remove\n del_gendisk\n __blk_mark_disk_dead\n blk_freeze_queue_start\n ++q->mq_freeze_depth\n \t\t\t\tbdev_release\n \t\t\t\tmutex_lock(&disk->open_mutex)\n \t\t\t\tsd_release\n \t\t\t\tscsi_execute_cmd\n \t\t\t\tblk_queue_enter\n \t\t\t\twait_event(!q->mq_freeze_depth)\n mutex_lock(&disk->open_mutex)\n\nSCSI does not set GD_OWNS_QUEUE, so QUEUE_FLAG_DYING is not set in\nthis scenario. This is a classic ABBA deadlock. To fix the deadlock,\nmake sure we don't try to acquire disk->open_mutex after freezing\nthe queue." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: bloquear: soluciona el punto muerto entre sd_remove y sd_release Nuestra prueba informa la siguiente tarea colgada: [ 2538.459400] INFO: task \"kworker/0:0\":7 blocked for more than 188 seconds. [ 2538.459427] Call trace: [ 2538.459430] __switch_to+0x174/0x338 [ 2538.459436] __schedule+0x628/0x9c4 [ 2538.459442] schedule+0x7c/0xe8 [ 2538.459447] schedule_preempt_disabled+0x24/0x40 [ 2538.459453] __mutex_lock+0x3ec/0xf04 [ 2538.459456] __mutex_lock_slowpath+0x14/0x24 [ 2538.459459] mutex_lock+0x30/0xd8 [ 2538.459462] del_gendisk+0xdc/0x350 [ 2538.459466] sd_remove+0x30/0x60 [ 2538.459470] device_release_driver_internal+0x1c4/0x2c4 [ 2538.459474] device_release_driver+0x18/0x28 [ 2538.459478] bus_remove_device+0x15c/0x174 [ 2538.459483] device_del+0x1d0/0x358 [ 2538.459488] __scsi_remove_device+0xa8/0x198 [ 2538.459493] scsi_forget_host+0x50/0x70 [ 2538.459497] scsi_remove_host+0x80/0x180 [ 2538.459502] usb_stor_disconnect+0x68/0xf4 [ 2538.459506] usb_unbind_interface+0xd4/0x280 [ 2538.459510] device_release_driver_internal+0x1c4/0x2c4 [ 2538.459514] device_release_driver+0x18/0x28 [ 2538.459518] bus_remove_device+0x15c/0x174 [ 2538.459523] device_del+0x1d0/0x358 [ 2538.459528] usb_disable_device+0x84/0x194 [ 2538.459532] usb_disconnect+0xec/0x300 [ 2538.459537] hub_event+0xb80/0x1870 [ 2538.459541] process_scheduled_works+0x248/0x4dc [ 2538.459545] worker_thread+0x244/0x334 [ 2538.459549] kthread+0x114/0x1bc [ 2538.461001] INFO: task \"fsck.\":15415 blocked for more than 188 seconds. [ 2538.461014] Call trace: [ 2538.461016] __switch_to+0x174/0x338 [ 2538.461021] __schedule+0x628/0x9c4 [ 2538.461025] schedule+0x7c/0xe8 [ 2538.461030] blk_queue_enter+0xc4/0x160 [ 2538.461034] blk_mq_alloc_request+0x120/0x1d4 [ 2538.461037] scsi_execute_cmd+0x7c/0x23c [ 2538.461040] ioctl_internal_command+0x5c/0x164 [ 2538.461046] scsi_set_medium_removal+0x5c/0xb0 [ 2538.461051] sd_release+0x50/0x94 [ 2538.461054] blkdev_put+0x190/0x28c [ 2538.461058] blkdev_release+0x28/0x40 [ 2538.461063] __fput+0xf8/0x2a8 [ 2538.461066] __fput_sync+0x28/0x5c [ 2538.461070] __arm64_sys_close+0x84/0xe8 [ 2538.461073] invoke_syscall+0x58/0x114 [ 2538.461078] el0_svc_common+0xac/0xe0 [ 2538.461082] do_el0_svc+0x1c/0x28 [ 2538.461087] el0_svc+0x38/0x68 [ 2538.461090] el0t_64_sync_handler+0x68/0xbc [ 2538.461093] el0t_64_sync+0x1a8/0x1ac T1: T2: sd_remove del_gendisk __blk_mark_disk_dead blk_freeze_queue_start ++q->mq_freeze_depth bdev_release mutex_lock(&disk->open_mutex) sd_release scsi_execute_cmd blk_queue_enter wait_event(!q->mq_freeze_depth) mutex_lock(&disk->open_mutex) SCSI no configura GD_OWNS_QUEUE, por lo que QUEUE_FLAG_DYING no est\u00e1 configurado en este escenario. Este es un cl\u00e1sico punto muerto de ABBA. Para solucionar el punto muerto, aseg\u00farese de no intentar adquirir disco->open_mutex despu\u00e9s de congelar la cola." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42295.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42295.json index a8a70028848..2352033f795 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42295.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42295.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42295", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:10.017", - "lastModified": "2024-08-19T05:15:08.597", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: handle inconsistent state in nilfs_btnode_create_block()\n\nSyzbot reported that a buffer state inconsistency was detected in\nnilfs_btnode_create_block(), triggering a kernel bug.\n\nIt is not appropriate to treat this inconsistency as a bug; it can occur\nif the argument block address (the buffer index of the newly created\nblock) is a virtual block number and has been reallocated due to\ncorruption of the bitmap used to manage its allocation state.\n\nSo, modify nilfs_btnode_create_block() and its callers to treat it as a\npossible filesystem error, rather than triggering a kernel bug." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: nilfs2: maneja el estado inconsistente en nilfs_btnode_create_block() Syzbot inform\u00f3 que se detect\u00f3 una inconsistencia en el estado del b\u00fafer en nilfs_btnode_create_block(), lo que provoc\u00f3 un error en el kernel. No es apropiado tratar esta inconsistencia como un error; puede ocurrir si la direcci\u00f3n del bloque de argumentos (el \u00edndice del b\u00fafer del bloque reci\u00e9n creado) es un n\u00famero de bloque virtual y se ha reasignado debido a la corrupci\u00f3n del mapa de bits utilizado para administrar su estado de asignaci\u00f3n. Por lo tanto, modifique nilfs_btnode_create_block() y sus llamadores para tratarlo como un posible error del sistema de archivos, en lugar de desencadenar un error del kernel." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42296.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42296.json index 200ad37fe53..55708d8b9b1 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42296.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42296.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42296", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:10.080", - "lastModified": "2024-08-19T05:15:08.667", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix return value of f2fs_convert_inline_inode()\n\nIf device is readonly, make f2fs_convert_inline_inode()\nreturn EROFS instead of zero, otherwise it may trigger\npanic during writeback of inline inode's dirty page as\nbelow:\n\n f2fs_write_single_data_page+0xbb6/0x1e90 fs/f2fs/data.c:2888\n f2fs_write_cache_pages fs/f2fs/data.c:3187 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3342 [inline]\n f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3369\n do_writepages+0x359/0x870 mm/page-writeback.c:2634\n filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:397\n __filemap_fdatawrite_range mm/filemap.c:430 [inline]\n file_write_and_wait_range+0x1aa/0x290 mm/filemap.c:788\n f2fs_do_sync_file+0x68a/0x1ae0 fs/f2fs/file.c:276\n generic_write_sync include/linux/fs.h:2806 [inline]\n f2fs_file_write_iter+0x7bd/0x24e0 fs/f2fs/file.c:4977\n call_write_iter include/linux/fs.h:2114 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xa72/0xc90 fs/read_write.c:590\n ksys_write+0x1a0/0x2c0 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: corrige el valor de retorno de f2fs_convert_inline_inode() Si el dispositivo es de solo lectura, haga que f2fs_convert_inline_inode() devuelva EROFS en lugar de cero; de lo contrario, puede provocar p\u00e1nico durante la reescritura de la p\u00e1gina sucia del inodo en l\u00ednea como se muestra a continuaci\u00f3n : f2fs_write_single_data_page+0xbb6/0x1e90 fs/f2fs/data.c:2888 f2fs_write_cache_pages fs/f2fs/data.c:3187 [en l\u00ednea] __f2fs_write_data_pages fs/f2fs/data.c:3342 [en l\u00ednea] efe/0x3a90 fs/f2fs/ data.c:3369 do_writepages+0x359/0x870 mm/page-writeback.c:2634 filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:397 __filemap_fdatawrite_range mm/filemap.c:430 [en l\u00ednea] file_write_and_wait_range+0x1aa/0x290 mm/filemap .c:788 f2fs_do_sync_file+0x68a/0x1ae0 fs/f2fs/file.c:276 generic_write_sync include/linux/fs.h:2806 [en l\u00ednea] f2fs_file_write_iter+0x7bd/0x24e0 fs/f2fs/file.c:4977 call_write_iter include/linux/ fs.h:2114 [en l\u00ednea] new_sync_write fs/read_write.c:497 [en l\u00ednea] vfs_write+0xa72/0xc90 fs/read_write.c:590 ksys_write+0x1a0/0x2c0 fs/read_write.c:643 do_syscall_x64 arch/x86/entry/ common.c:52 [en l\u00ednea] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x77/0x7f" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42297.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42297.json index a40c0492de9..6f01f1ead77 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42297.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42297.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42297", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:10.147", - "lastModified": "2024-08-19T05:15:08.720", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to don't dirty inode for readonly filesystem\n\nsyzbot reports f2fs bug as below:\n\nkernel BUG at fs/f2fs/inode.c:933!\nRIP: 0010:f2fs_evict_inode+0x1576/0x1590 fs/f2fs/inode.c:933\nCall Trace:\n evict+0x2a4/0x620 fs/inode.c:664\n dispose_list fs/inode.c:697 [inline]\n evict_inodes+0x5f8/0x690 fs/inode.c:747\n generic_shutdown_super+0x9d/0x2c0 fs/super.c:675\n kill_block_super+0x44/0x90 fs/super.c:1667\n kill_f2fs_super+0x303/0x3b0 fs/f2fs/super.c:4894\n deactivate_locked_super+0xc1/0x130 fs/super.c:484\n cleanup_mnt+0x426/0x4c0 fs/namespace.c:1256\n task_work_run+0x24a/0x300 kernel/task_work.c:180\n ptrace_notify+0x2cd/0x380 kernel/signal.c:2399\n ptrace_report_syscall include/linux/ptrace.h:411 [inline]\n ptrace_report_syscall_exit include/linux/ptrace.h:473 [inline]\n syscall_exit_work kernel/entry/common.c:251 [inline]\n syscall_exit_to_user_mode_prepare kernel/entry/common.c:278 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]\n syscall_exit_to_user_mode+0x15c/0x280 kernel/entry/common.c:296\n do_syscall_64+0x50/0x110 arch/x86/entry/common.c:88\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nThe root cause is:\n- do_sys_open\n - f2fs_lookup\n - __f2fs_find_entry\n - f2fs_i_depth_write\n - f2fs_mark_inode_dirty_sync\n - f2fs_dirty_inode\n - set_inode_flag(inode, FI_DIRTY_INODE)\n\n- umount\n - kill_f2fs_super\n - kill_block_super\n - generic_shutdown_super\n - sync_filesystem\n : sb is readonly, skip sync_filesystem()\n - evict_inodes\n - iput\n - f2fs_evict_inode\n - f2fs_bug_on(sbi, is_inode_flag_set(inode, FI_DIRTY_INODE))\n : trigger kernel panic\n\nWhen we try to repair i_current_depth in readonly filesystem, let's\nskip dirty inode to avoid panic in later f2fs_evict_inode()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: f2fs: soluci\u00f3n para no ensuciar el inodo para el sistema de archivos de solo lectura syzbot informa el error de f2fs como se muestra a continuaci\u00f3n: \u00a1ERROR del kernel en fs/f2fs/inode.c:933! RIP: 0010:f2fs_evict_inode+0x1576/0x1590 fs/f2fs/inode.c:933 Seguimiento de llamadas: desalojar+0x2a4/0x620 fs/inode.c:664 dispose_list fs/inode.c:697 [en l\u00ednea] evict_inodes+0x5f8/0x690 fs /inode.c:747 generic_shutdown_super+0x9d/0x2c0 fs/super.c:675 kill_block_super+0x44/0x90 fs/super.c:1667 kill_f2fs_super+0x303/0x3b0 fs/f2fs/super.c:4894 desactivar_locked_super+0xc1/0x130 fs /super.c:484 cleanup_mnt+0x426/0x4c0 fs/namespace.c:1256 task_work_run+0x24a/0x300 kernel/task_work.c:180 ptrace_notify+0x2cd/0x380 kernel/signal.c:2399 ptrace_report_syscall include/linux/ptrace.h :411 [en l\u00ednea] ptrace_report_syscall_exit include/linux/ptrace.h:473 [en l\u00ednea] syscall_exit_work kernel/entry/common.c:251 [en l\u00ednea] syscall_exit_to_user_mode_prepare kernel/entry/common.c:278 [en l\u00ednea] __syscall_exit_to_user_mode_work kernel/entry/common .c:283 [inline] syscall_exit_to_user_mode+0x15c/0x280 kernel/entry/common.c:296 do_syscall_64+0x50/0x110 arch/x86/entry/common.c:88 entry_SYSCALL_64_after_hwframe+0x63/0x6b The root cause is: - do_sys_open - f2fs_lookup - __f2fs_find_entry - f2fs_i_ Depth_write - f2fs_mark_inode_dirty_sync - f2fs_dirty_inode - set_inode_flag(inode, FI_DIRTY_INODE) - umount - kill_f2fs_super - kill_block_super - generic_shutdown_super - sync_filesystem: sb es de solo lectura, omitir sync_file sistema() - evict_inodes - iput - f2fs_evict_inode - f2fs_bug_on(sbi, is_inode_flag_set(inodo, FI_DIRTY_INODE)): desencadena el p\u00e1nico en el kernel Cuando intentamos reparar i_current_ Depth en un sistema de archivos de solo lectura, omitamos el inodo sucio para evitar el p\u00e1nico en f2fs_evict_inode()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42298.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42298.json index eebf0ee2640..309728479f5 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42298.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42298.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42298", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:10.230", - "lastModified": "2024-08-17T09:15:10.230", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this returned\nvalue is not checked.\n\nFix this lack and check the returned value." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: fsl: fsl_qmc_audio: comprobar el valor devuelto de devm_kasprintf() devm_kasprintf() puede devolver un puntero NULL en caso de error, pero este valor devuelto no se comprueba. Solucione esta falta y verifique el valor devuelto." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42299.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42299.json index db9f553edd0..8a1212ea96f 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42299.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42299.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42299", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:10.293", - "lastModified": "2024-08-19T05:15:08.787", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Update log->page_{mask,bits} if log->page_size changed\n\nIf an NTFS file system is mounted to another system with different\nPAGE_SIZE from the original system, log->page_size will change in\nlog_replay(), but log->page_{mask,bits} don't change correspondingly.\nThis will cause a panic because \"u32 bytes = log->page_size - page_off\"\nwill get a negative value in the later read_log_page()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/ntfs3: Actualizar registro->p\u00e1gina_{m\u00e1scara,bits} si se cambia registro->tama\u00f1o_p\u00e1gina. Si un sistema de archivos NTFS est\u00e1 montado en otro sistema con PAGE_SIZE diferente al sistema original, log->page_size cambiar\u00e1 en log_replay(), pero log->page_{mask,bits} no cambia en consecuencia. Esto provocar\u00e1 p\u00e1nico porque \"u32 bytes = log->page_size - page_off\" obtendr\u00e1 un valor negativo en read_log_page() posterior." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42300.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42300.json index 46e57898148..4b81816ae3b 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42300.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42300.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42300", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:10.360", - "lastModified": "2024-08-17T09:15:10.360", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix race in z_erofs_get_gbuf()\n\nIn z_erofs_get_gbuf(), the current task may be migrated to another\nCPU between `z_erofs_gbuf_id()` and `spin_lock(&gbuf->lock)`.\n\nTherefore, z_erofs_put_gbuf() will trigger the following issue\nwhich was found by stress test:\n\n<2>[772156.434168] kernel BUG at fs/erofs/zutil.c:58!\n..\n<4>[772156.435007]\n<4>[772156.439237] CPU: 0 PID: 3078 Comm: stress Kdump: loaded Tainted: G E 6.10.0-rc7+ #2\n<4>[772156.439239] Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 1.0.0 01/01/2017\n<4>[772156.439241] pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\n<4>[772156.439243] pc : z_erofs_put_gbuf+0x64/0x70 [erofs]\n<4>[772156.439252] lr : z_erofs_lz4_decompress+0x600/0x6a0 [erofs]\n..\n<6>[772156.445958] stress (3127): drop_caches: 1\n<4>[772156.446120] Call trace:\n<4>[772156.446121] z_erofs_put_gbuf+0x64/0x70 [erofs]\n<4>[772156.446761] z_erofs_lz4_decompress+0x600/0x6a0 [erofs]\n<4>[772156.446897] z_erofs_decompress_queue+0x740/0xa10 [erofs]\n<4>[772156.447036] z_erofs_runqueue+0x428/0x8c0 [erofs]\n<4>[772156.447160] z_erofs_readahead+0x224/0x390 [erofs]\n.." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: erofs: corrige la ejecuci\u00f3n en z_erofs_get_gbuf() En z_erofs_get_gbuf(), la tarea actual se puede migrar a otra CPU entre `z_erofs_gbuf_id()` y `spin_lock(&gbuf->lock)` . Por lo tanto, z_erofs_put_gbuf() desencadenar\u00e1 el siguiente problema que se encontr\u00f3 en la prueba de estr\u00e9s: <2>[772156.434168] ERROR del kernel en fs/erofs/zutil.c:58. .. <4>[772156.435007] <4>[772156.439237] CPU: 0 PID: 3078 Comm: estr\u00e9s Kdump: cargado Contaminado: GE 6.10.0-rc7+ #2 <4>[772156.439239] Nombre de hardware: Alibaba Cloud Alibaba Cloud ECS , BIOS 1.0.0 01/01/2017 <4>[772156.439241] pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) <4>[772156.439243] pc: z_erofs_put_gbuf+0x64/0x70 [erofs] <4>[772156.439252] lr: z_erofs_lz4_decompress+0x600/0x6a0 [erofs] .. <6>[772156.445958] estr\u00e9s (3127): drop_caches: 1 <4>[772156.446120] Rastreo de llamadas: <4>[772156. 446121] z_erofs_put_gbuf+0x64/0x70 [erofs] <4>[772156.446761] z_erofs_lz4_decompress+0x600/0x6a0 [erofs] <4>[772156.446897] z_erofs_decompress_queue+0x740/0xa10 [erofs <4>[ 772156.447036] z_erofs_runqueue+0x428/0x8c0 [erofs] <4>[772156.447160] z_erofs_readahead+0x224/0x390 [erofs] .." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42301.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42301.json index 07ac9cda782..b5e6c07d9fa 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42301.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42301.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42301", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:10.423", - "lastModified": "2024-08-19T05:15:08.843", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndev/parport: fix the array out-of-bounds risk\n\nFixed array out-of-bounds issues caused by sprintf\nby replacing it with snprintf for safer data copying,\nensuring the destination buffer is not overflowed.\n\nBelow is the stack trace I encountered during the actual issue:\n\n[ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector:\nKernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport]\n[ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm:\nQThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2\n[ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp\n[ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYun\nPGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024\n[ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace:\n[ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0\n[ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20\n[ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c\n[ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc\n[ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38\n[ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: dev/parport: corrige el riesgo de que la matriz est\u00e9 fuera de los l\u00edmites. Se corrigieron los problemas de matriz fuera de los l\u00edmites causados por sprintf reemplaz\u00e1ndolo con snprintf para una copia de datos m\u00e1s segura, garantizando el b\u00fafer de destino no est\u00e1 desbordado. A continuaci\u00f3n se muestra el seguimiento de la pila que encontr\u00e9 durante el problema real: [66.575408s] [pid:5118,cpu4,QThread,4]P\u00e1nico en el kernel: no se sincroniza: stack-protector: la pila del kernel est\u00e1 da\u00f1ada en: do_hardware_base_addr+0xcc/0xd0 [parport ] [ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comunicaci\u00f3n: QThread contaminado: GSWO 5.10.97-arm64-desktop #7100.57021.2 [ 66.575439s] [pid:5118,cpu4, QThread,6]TGID: 5087 Comm: EFileApp [66.575439s] [pid:5118,cpu4,QThread,7]Nombre del hardware: HUAWEI HUAWEI QingYun PGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 29/04/2024 [66.575439 s] [pid:5118,cpu4,QThread,8]Rastreo de llamadas: [66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0 [66.575469s] [pid:5118,cpu4,QThread,0 ] show_stack+0x14/0x20 [ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c [ 66.575500s] [pid:5118,cpu4,QThread,2] p\u00e1nico+0x1d8/0x3bc [ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38 [66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport]" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42302.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42302.json index f0f491b6a13..a6702b85dee 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42302.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42302.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42302", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:10.487", - "lastModified": "2024-08-19T05:15:08.900", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/DPC: Fix use-after-free on concurrent DPC and hot-removal\n\nKeith reports a use-after-free when a DPC event occurs concurrently to\nhot-removal of the same portion of the hierarchy:\n\nThe dpc_handler() awaits readiness of the secondary bus below the\nDownstream Port where the DPC event occurred. To do so, it polls the\nconfig space of the first child device on the secondary bus. If that\nchild device is concurrently removed, accesses to its struct pci_dev\ncause the kernel to oops.\n\nThat's because pci_bridge_wait_for_secondary_bus() neglects to hold a\nreference on the child device. Before v6.3, the function was only\ncalled on resume from system sleep or on runtime resume. Holding a\nreference wasn't necessary back then because the pciehp IRQ thread\ncould never run concurrently. (On resume from system sleep, IRQs are\nnot enabled until after the resume_noirq phase. And runtime resume is\nalways awaited before a PCI device is removed.)\n\nHowever starting with v6.3, pci_bridge_wait_for_secondary_bus() is also\ncalled on a DPC event. Commit 53b54ad074de (\"PCI/DPC: Await readiness\nof secondary bus after reset\"), which introduced that, failed to\nappreciate that pci_bridge_wait_for_secondary_bus() now needs to hold a\nreference on the child device because dpc_handler() and pciehp may\nindeed run concurrently. The commit was backported to v5.10+ stable\nkernels, so that's the oldest one affected.\n\nAdd the missing reference acquisition.\n\nAbridged stack trace:\n\n BUG: unable to handle page fault for address: 00000000091400c0\n CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0\n RIP: pci_bus_read_config_dword+0x17/0x50\n pci_dev_wait()\n pci_bridge_wait_for_secondary_bus()\n dpc_reset_link()\n pcie_do_recovery()\n dpc_handler()" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI/DPC: corrige el use-after-free en DPC simult\u00e1neos y la eliminaci\u00f3n en caliente. Keith informa un use-after-free cuando ocurre un evento de DPC simult\u00e1neamente con la eliminaci\u00f3n en caliente del mismo. parte de la jerarqu\u00eda: dpc_handler() espera que el bus secundario est\u00e9 listo debajo del puerto descendente donde ocurri\u00f3 el evento DPC. Para hacerlo, sondea el espacio de configuraci\u00f3n del primer dispositivo secundario en el bus secundario. Si ese dispositivo secundario se elimina simult\u00e1neamente, los accesos a su estructura pci_dev hacen que el kernel falle. Esto se debe a que pci_bridge_wait_for_secondary_bus() no mantiene una referencia en el dispositivo secundario. Antes de v6.3, la funci\u00f3n solo se llamaba al reanudar desde la suspensi\u00f3n del sistema o al reanudar el tiempo de ejecuci\u00f3n. Mantener una referencia no era necesario en aquel entonces porque el subproceso pciehp IRQ nunca pod\u00eda ejecutarse al mismo tiempo. (Al reanudar desde la suspensi\u00f3n del sistema, las IRQ no se habilitan hasta despu\u00e9s de la fase resume_noirq. Y la reanudaci\u00f3n del tiempo de ejecuci\u00f3n siempre se espera antes de que se elimine un dispositivo PCI). Sin embargo, a partir de v6.3, pci_bridge_wait_for_secondary_bus() tambi\u00e9n se llama en un evento DPC. El commit 53b54ad074de (\"PCI/DPC: Esperar la preparaci\u00f3n del bus secundario despu\u00e9s del reinicio\"), que introdujo eso, no pudo apreciar que pci_bridge_wait_for_secundary_bus() ahora necesita mantener una referencia en el dispositivo secundario porque dpc_handler() y pciehp pueden ejecutarse simult\u00e1neamente. El commit fue respaldada a n\u00facleos estables v5.10+, por lo que ese es el m\u00e1s antiguo afectado. Agregue la adquisici\u00f3n de referencia que falta. Seguimiento de pila abreviado: ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: 00000000091400c0 CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0 RIP: pci_bus_read_config_dword+0x17/0x50 pci_dev_wait() pci_bridge_wait_for_secondary_bus() dpc_reset_link() _hacer_recuperaci\u00f3n () dpc_handler()" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42303.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42303.json index c78bce94b75..a591ecc3f93 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42303.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42303.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42303", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:10.560", - "lastModified": "2024-08-17T09:15:10.560", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-pxp: Fix ERR_PTR dereference in pxp_probe()\n\ndevm_regmap_init_mmio() can fail, add a check and bail out in case of\nerror." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: medios: imx-pxp: corrija la desreferencia de ERR_PTR en pxp_probe() devm_regmap_init_mmio() puede fallar, agregue una verificaci\u00f3n y rescate en caso de error." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42304.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42304.json index 72cb8ea68f0..f6ec6b0d9bd 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42304.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42304.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42304", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:10.617", - "lastModified": "2024-08-19T05:15:08.973", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: make sure the first directory block is not a hole\n\nThe syzbot constructs a directory that has no dirblock but is non-inline,\ni.e. the first directory block is a hole. And no errors are reported when\ncreating files in this directory in the following flow.\n\n ext4_mknod\n ...\n ext4_add_entry\n // Read block 0\n ext4_read_dirblock(dir, block, DIRENT)\n bh = ext4_bread(NULL, inode, block, 0)\n if (!bh && (type == INDEX || type == DIRENT_HTREE))\n // The first directory block is a hole\n // But type == DIRENT, so no error is reported.\n\nAfter that, we get a directory block without '.' and '..' but with a valid\ndentry. This may cause some code that relies on dot or dotdot (such as\nmake_indexed_dir()) to crash.\n\nTherefore when ext4_read_dirblock() finds that the first directory block\nis a hole report that the filesystem is corrupted and return an error to\navoid loading corrupted data from disk causing something bad." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: aseg\u00farese de que el primer bloque de directorio no sea un agujero. El syzbot construye un directorio que no tiene bloque de directorios pero que no est\u00e1 en l\u00ednea, es decir, el primer bloque de directorio es un agujero. Y no se informan errores al crear archivos en este directorio en el siguiente flujo. ext4_mknod ... ext4_add_entry // Leer bloque 0 ext4_read_dirblock(dir, block, DIRENT) bh = ext4_bread(NULL, inode, block, 0) if (!bh && (type == INDEX || type == DIRENT_HTREE)) // El primer bloque de directorio es un agujero // Pero escriba == DIRENT, por lo que no se informa ning\u00fan error. Despu\u00e9s de eso, obtenemos un bloque de directorio sin '.' y '..' pero con un dentry v\u00e1lido. Esto puede provocar que alg\u00fan c\u00f3digo que depende de punto o punto punto (como make_indexed_dir()) falle. Por lo tanto, cuando ext4_read_dirblock() encuentra que el primer bloque de directorio es un agujero, informa que el sistema de archivos est\u00e1 da\u00f1ado y devuelve un error para evitar cargar datos corruptos desde el disco y causar algo malo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42305.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42305.json index 7fe2d672bed..f9fdcb6b08e 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42305.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42305.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42305", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:10.690", - "lastModified": "2024-08-19T05:15:09.043", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: check dot and dotdot of dx_root before making dir indexed\n\nSyzbot reports a issue as follows:\n============================================\nBUG: unable to handle page fault for address: ffffed11022e24fe\nPGD 23ffee067 P4D 23ffee067 PUD 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 PID: 5079 Comm: syz-executor306 Not tainted 6.10.0-rc5-g55027e689933 #0\nCall Trace:\n \n make_indexed_dir+0xdaf/0x13c0 fs/ext4/namei.c:2341\n ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2451\n ext4_rename fs/ext4/namei.c:3936 [inline]\n ext4_rename2+0x26e5/0x4370 fs/ext4/namei.c:4214\n[...]\n============================================\n\nThe immediate cause of this problem is that there is only one valid dentry\nfor the block to be split during do_split, so split==0 results in out of\nbounds accesses to the map triggering the issue.\n\n do_split\n unsigned split\n dx_make_map\n count = 1\n split = count/2 = 0;\n continued = hash2 == map[split - 1].hash;\n ---> map[4294967295]\n\nThe maximum length of a filename is 255 and the minimum block size is 1024,\nso it is always guaranteed that the number of entries is greater than or\nequal to 2 when do_split() is called.\n\nBut syzbot's crafted image has no dot and dotdot in dir, and the dentry\ndistribution in dirblock is as follows:\n\n bus dentry1 hole dentry2 free\n|xx--|xx-------------|...............|xx-------------|...............|\n0 12 (8+248)=256 268 256 524 (8+256)=264 788 236 1024\n\nSo when renaming dentry1 increases its name_len length by 1, neither hole\nnor free is sufficient to hold the new dentry, and make_indexed_dir() is\ncalled.\n\nIn make_indexed_dir() it is assumed that the first two entries of the\ndirblock must be dot and dotdot, so bus and dentry1 are left in dx_root\nbecause they are treated as dot and dotdot, and only dentry2 is moved\nto the new leaf block. That's why count is equal to 1.\n\nTherefore add the ext4_check_dx_root() helper function to add more sanity\nchecks to dot and dotdot before starting the conversion to avoid the above\nissue." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: verifique el punto y el punto de dx_root antes de indexar el directorio Syzbot informa un problema de la siguiente manera: =================== ========================= ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: ffffed11022e24fe PGD 23ffee067 P4D 23ffee067 PUD 0 Ups: Ups: 0000 [#1 ] PREEMPT SMP KASAN PTI CPU: 0 PID: 5079 Comm: syz-executor306 No contaminado 6.10.0-rc5-g55027e689933 #0 Seguimiento de llamada: make_indexed_dir+0xdaf/0x13c0 fs/ext4/namei.c:2341 ext4_add_entry+0x222 un /0x25d0 fs/ext4/namei.c:2451 ext4_rename fs/ext4/namei.c:3936 [en l\u00ednea] text4_rename2+0x26e5/0x4370 fs/ext4/namei.c:4214 [...] ======= ====================================== La causa inmediata de este problema es que s\u00f3lo hay una v\u00e1lida dentry para que el bloque se divida durante do_split, por lo que split==0 da como resultado accesos fuera de los l\u00edmites al mapa que desencadenan el problema. do_split divisi\u00f3n sin signo dx_make_map recuento = 1 divisi\u00f3n = recuento/2 = 0; contin\u00faa = hash2 == mapa[dividido - 1].hash; ---> map[4294967295] La longitud m\u00e1xima de un nombre de archivo es 255 y el tama\u00f1o m\u00ednimo de bloque es 1024, por lo que siempre se garantiza que el n\u00famero de entradas sea mayor o igual a 2 cuando se llama a do_split(). Pero la imagen manipulada por syzbot no tiene punto ni puntopunto en el directorio, y la distribuci\u00f3n de dentry en dirblock es la siguiente: bus dentry1 agujero dentry2 gratis |xx--|xx-------------|... ............|xx-------------|...............| 0 12 (8+248)=256 268 256 524 (8+256)=264 788 236 1024 Entonces, cuando se cambia el nombre de dentry1 se aumenta la longitud de name_len en 1, ni el agujero ni el espacio libre son suficientes para contener el nuevo dentry, y make_indexed_dir() es llamado. En make_indexed_dir() se supone que las dos primeras entradas del bloque de directorios deben ser punto y puntopunto, por lo que bus y dentry1 se dejan en dx_root porque se tratan como punto y puntodot, y solo dentry2 se mueve al nuevo bloque de hoja. Es por eso que el recuento es igual a 1. Por lo tanto, agregue la funci\u00f3n auxiliar ext4_check_dx_root() para agregar m\u00e1s controles de cordura a los puntos y puntos antes de comenzar la conversi\u00f3n para evitar el problema anterior." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42306.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42306.json index f97dc2fecb2..0de84e9cce2 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42306.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42306.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42306", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:10.777", - "lastModified": "2024-08-19T05:15:09.113", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid using corrupted block bitmap buffer\n\nWhen the filesystem block bitmap is corrupted, we detect the corruption\nwhile loading the bitmap and fail the allocation with error. However the\nnext allocation from the same bitmap will notice the bitmap buffer is\nalready loaded and tries to allocate from the bitmap with mixed results\n(depending on the exact nature of the bitmap corruption). Fix the\nproblem by using BH_verified bit to indicate whether the bitmap is valid\nor not." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: udf: evite el uso del b\u00fafer de mapa de bits de bloque da\u00f1ado Cuando el mapa de bits de bloque del sistema de archivos est\u00e1 da\u00f1ado, detectamos la corrupci\u00f3n mientras cargamos el mapa de bits y fallamos la asignaci\u00f3n con error. Sin embargo, la siguiente asignaci\u00f3n del mismo mapa de bits notar\u00e1 que el b\u00fafer de mapa de bits ya est\u00e1 cargado e intentar\u00e1 realizar la asignaci\u00f3n desde el mapa de bits con resultados mixtos (dependiendo de la naturaleza exacta de la corrupci\u00f3n del mapa de bits). Solucione el problema utilizando el bit BH_verified para indicar si el mapa de bits es v\u00e1lido o no." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42307.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42307.json index 5b06f2c109b..10e5ff0b4cf 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42307.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42307.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42307", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:10.843", - "lastModified": "2024-08-17T09:15:10.843", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential null pointer use in destroy_workqueue in init_cifs error path\n\nDan Carpenter reported a Smack static checker warning:\n fs/smb/client/cifsfs.c:1981 init_cifs()\n error: we previously assumed 'serverclose_wq' could be null (see line 1895)\n\nThe patch which introduced the serverclose workqueue used the wrong\noredering in error paths in init_cifs() for freeing it on errors." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: cifs: corrige el posible uso de puntero nulo en destroy_workqueue en la ruta de error init_cifs Dan Carpenter inform\u00f3 una advertencia del verificador est\u00e1tico de Smack: fs/smb/client/cifsfs.c:1981 error init_cifs(): Anteriormente asumimos que 'serverclose_wq' podr\u00eda ser nulo (ver l\u00ednea 1895). El parche que introdujo la cola de trabajo serverclose utiliz\u00f3 un orden incorrecto en las rutas de error en init_cifs() para liberarlo de errores." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42308.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42308.json index 57e928675be..3fa70a03ffa 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42308.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42308.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42308", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:10.920", - "lastModified": "2024-08-19T05:15:09.180", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check for NULL pointer\n\n[why & how]\nNeed to make sure plane_state is initialized\nbefore accessing its members.\n\n(cherry picked from commit 295d91cbc700651782a60572f83c24861607b648)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/amd/display: Verifique el puntero NULL [por qu\u00e9 y c\u00f3mo] Es necesario asegurarse de que plane_state est\u00e9 inicializado antes de acceder a sus miembros. (cereza escogida del commit 295d91cbc700651782a60572f83c24861607b648)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42309.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42309.json index 52ba776feeb..8014b3d933e 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42309.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42309.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42309", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:10.987", - "lastModified": "2024-08-19T05:15:09.243", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes\n\nIn psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). Add a check to avoid npd." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/gma500: corrige la desreferencia del puntero nulo en psb_intel_lvds_get_modes En psb_intel_lvds_get_modes(), el valor de retorno de drm_mode_duplicate() se asigna al modo, lo que conducir\u00e1 a una posible desreferencia del puntero NULL en caso de falla de drm_mode_duplicate(). Agregue una marca para evitar npd." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42310.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42310.json index 5e66e5a6b3c..8cf86fd640e 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42310.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42310.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42310", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:11.067", - "lastModified": "2024-08-19T05:15:09.307", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes\n\nIn cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate()\nis assigned to mode, which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate(). Add a check to avoid npd." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/gma500: corrige la desreferencia del puntero nulo en cdv_intel_lvds_get_modes En cdv_intel_lvds_get_modes(), el valor de retorno de drm_mode_duplicate() se asigna al modo, lo que conducir\u00e1 a una desreferencia del puntero NULL en caso de falla de drm_mode_duplicate(). Agregue una marca para evitar npd." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42311.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42311.json index 6a969e48277..01535d22f12 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42311.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42311.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42311", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:11.147", - "lastModified": "2024-08-19T05:15:09.400", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()\n\nSyzbot reports uninitialized value access issue as below:\n\nloop0: detected capacity change from 0 to 64\n=====================================================\nBUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n d_revalidate fs/namei.c:862 [inline]\n lookup_fast+0x89e/0x8e0 fs/namei.c:1649\n walk_component fs/namei.c:2001 [inline]\n link_path_walk+0x817/0x1480 fs/namei.c:2332\n path_lookupat+0xd9/0x6f0 fs/namei.c:2485\n filename_lookup+0x22e/0x740 fs/namei.c:2515\n user_path_at_empty+0x8b/0x390 fs/namei.c:2924\n user_path_at include/linux/namei.h:57 [inline]\n do_mount fs/namespace.c:3689 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x66b/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nBUG: KMSAN: uninit-value in hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\nBUG: KMSAN: uninit-value in hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\n hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n block_read_full_folio+0x4ff/0x11b0 fs/buffer.c:2271\n hfs_read_folio+0x55/0x60 fs/hfs/inode.c:39\n filemap_read_folio+0x148/0x4f0 mm/filemap.c:2426\n do_read_cache_folio+0x7c8/0xd90 mm/filemap.c:3553\n do_read_cache_page mm/filemap.c:3595 [inline]\n read_cache_page+0xfb/0x2f0 mm/filemap.c:3604\n read_mapping_page include/linux/pagemap.h:755 [inline]\n hfs_btree_open+0x928/0x1ae0 fs/hfs/btree.c:78\n hfs_mdb_get+0x260c/0x3000 fs/hfs/mdb.c:204\n hfs_fill_super+0x1fb1/0x2790 fs/hfs/super.c:406\n mount_bdev+0x628/0x920 fs/super.c:1359\n hfs_mount+0xcd/0xe0 fs/hfs/super.c:456\n legacy_get_tree+0x167/0x2e0 fs/fs_context.c:610\n vfs_get_tree+0xdc/0x5d0 fs/super.c:1489\n do_new_mount+0x7a9/0x16f0 fs/namespace.c:3145\n path_mount+0xf98/0x26a0 fs/namespace.c:3475\n do_mount fs/namespace.c:3488 [inline]\n __do_sys_mount fs/namespace.c:3697 [inline]\n __se_sys_mount+0x919/0x9e0 fs/namespace.c:3674\n __ia32_sys_mount+0x15b/0x1b0 fs/namespace.c:3674\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\nUninit was created at:\n __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n alloc_slab_page mm/slub.c:2190 [inline]\n allocate_slab mm/slub.c:2354 [inline]\n new_slab+0x2d7/0x1400 mm/slub.c:2407\n ___slab_alloc+0x16b5/0x3970 mm/slub.c:3540\n __slab_alloc mm/slub.c:3625 [inline]\n __slab_alloc_node mm/slub.c:3678 [inline]\n slab_alloc_node mm/slub.c:3850 [inline]\n kmem_cache_alloc_lru+0x64d/0xb30 mm/slub.c:3879\n alloc_inode_sb include/linux/fs.h:3018 [inline]\n hfs_alloc_inode+0x5a/0xc0 fs/hfs/super.c:165\n alloc_inode+0x83/0x440 fs/inode.c:260\n new_inode_pseudo fs/inode.c:1005 [inline]\n new_inode+0x38/0x4f0 fs/inode.c:1031\n hfs_new_inode+0x61/0x1010 fs/hfs/inode.c:186\n hfs_mkdir+0x54/0x250 fs/hfs/dir.c:228\n vfs_mkdir+0x49a/0x700 fs/namei.c:4126\n do_mkdirat+0x529/0x810 fs/namei.c:4149\n __do_sys_mkdirat fs/namei.c:4164 [inline]\n __se_sys_mkdirat fs/namei.c:4162 [inline]\n __x64_sys_mkdirat+0xc8/0x120 fs/namei.c:4162\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nIt missed to initialize .tz_secondswest, .cached_start and .cached_blocks\nfields in struct hfs_inode_info after hfs_alloc_inode(), fix it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: hfs: correcci\u00f3n para inicializar campos de hfs_inode_info despu\u00e9s de hfs_alloc_inode() Syzbot informa un problema de acceso a valores no inicializados como se muestra a continuaci\u00f3n: loop0: cambio de capacidad detectado de 0 a 64 ======== ============================================== ERROR: KMSAN: uninit -valor en hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30 hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30 d_revalidate fs/namei.c:862 [en l\u00ednea] lookup_fast+0x89e/0x8e0 nombrei .c:1649 walk_component fs/namei.c:2001 [en l\u00ednea] link_path_walk+0x817/0x1480 fs/namei.c:2332 path_lookupat+0xd9/0x6f0 fs/namei.c:2485 filename_lookup+0x22e/0x740 fs/namei.c: 2515 user_path_at_empty+0x8b/0x390 fs/namei.c:2924 user_path_at include/linux/namei.h:57 [en l\u00ednea] do_mount fs/namespace.c:3689 [en l\u00ednea] __do_sys_mount fs/namespace.c:3898 [en l\u00ednea] __se_sys_mount+ 0x66b/0x810 fs/namespace.c:3875 __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common. c:83 Entry_SYSCALL_64_after_hwframe+0x63/0x6b ERROR: KMSAN: valor uninit en hfs_ext_read_extent fs/hfs/extent.c:196 [en l\u00ednea] ERROR: KMSAN: valor uninit en hfs_get_block+0x92d/0x1620 fs/hfs/extent.c: 366 hfs_ext_read_extent fs/hfs/extent.c:196 [en l\u00ednea] hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366 block_read_full_folio+0x4ff/0x11b0 fs/buffer.c:2271 hfs_read_folio+0x55/0x60 s/inodo .c:39 filemap_read_folio+0x148/0x4f0 mm/filemap.c:2426 do_read_cache_folio+0x7c8/0xd90 mm/filemap.c:3553 do_read_cache_page mm/filemap.c:3595 [en l\u00ednea] read_cache_page+0xfb/0x2f0 mm/filemap.c: 3604 read_mapping_page include/linux/pagemap.h:755 [en l\u00ednea] hfs_btree_open+0x928/0x1ae0 fs/hfs/btree.c:78 hfs_mdb_get+0x260c/0x3000 fs/hfs/mdb.c:204 hfs_fill_super+0x1fb1/0x2790 fs/ hfs /super.c:406 mount_bdev+0x628/0x920 fs/super.c:1359 hfs_mount+0xcd/0xe0 fs/hfs/super.c:456 Legacy_get_tree+0x167/0x2e0 fs/fs_context.c:610 vfs_get_tree+0xdc/0x5d0 fs /super.c:1489 do_new_mount+0x7a9/0x16f0 fs/namespace.c:3145 path_mount+0xf98/0x26a0 fs/namespace.c:3475 do_mount fs/namespace.c:3488 [en l\u00ednea] __do_sys_mount fs/namespace.c:3697 [ en l\u00ednea] __se_sys_mount+0x919/0x9e0 fs/namespace.c:3674 __ia32_sys_mount+0x15b/0x1b0 fs/namespace.c:3674 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [en l\u00ednea] 2/0x100 arco/x86/ Entry/common.c:178 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246 Entry_SYSENTER_compat_after_hwframe+0x70/0x82 Uninit se cre\u00f3 en: __alloc_pages +0x9a6/0xe00 mm/page_alloc.c:4590 __alloc_pages_node include/linux/gfp.h:238 [en l\u00ednea] alloc_pages_node include/linux/gfp.h:261 [en l\u00ednea] alloc_slab_page mm/slub.c:2190 [en l\u00ednea] allocate_slab mm /slub.c:2354 [en l\u00ednea] new_slab+0x2d7/0x1400 mm/slub.c:2407 ___slab_alloc+0x16b5/0x3970 mm/slub.c:3540 __slab_alloc mm/slub.c:3625 [en l\u00ednea] __slab_alloc_node mm/slub.c :3678 [en l\u00ednea] slab_alloc_node mm/slub.c:3850 [en l\u00ednea] kmem_cache_alloc_lru+0x64d/0xb30 mm/slub.c:3879 alloc_inode_sb include/linux/fs.h:3018 [en l\u00ednea] hfs_alloc_inode+0x5a/0xc0 fs/hfs/ super.c:165 alloc_inode+0x83/0x440 fs/inode.c:260 new_inode_pseudo fs/inode.c:1005 [en l\u00ednea] new_inode+0x38/0x4f0 fs/inode.c:1031 hfs_new_inode+0x61/0x1010 fs/hfs/inode .c:186 hfs_mkdir+0x54/0x250 fs/hfs/dir.c:228 vfs_mkdir+0x49a/0x700 fs/namei.c:4126 do_mkdirat+0x529/0x810 fs/namei.c:4149 __do_sys_mkdirat fs/namei.c:416 4 [en l\u00ednea] __se_sys_mkdirat fs/namei.c:4162 [en l\u00ednea] __x64_sys_mkdirat+0xc8/0x120 fs/namei.c:4162 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xcf/0x1e0 arch/x86 / Entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x63/0x6b No pudo inicializar los campos .tz_segundoswest, .cached_start y .cached_blocks en la estructura hfs_inode_info despu\u00e9s de hfs_alloc_inode(), solucionelo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42312.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42312.json index 6652f5c6226..0980e5291d5 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42312.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42312.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42312", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:11.240", - "lastModified": "2024-08-19T05:15:09.470", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsysctl: always initialize i_uid/i_gid\n\nAlways initialize i_uid/i_gid inside the sysfs core so set_ownership()\ncan safely skip setting them.\n\nCommit 5ec27ec735ba (\"fs/proc/proc_sysctl.c: fix the default values of\ni_uid/i_gid on /proc/sys inodes.\") added defaults for i_uid/i_gid when\nset_ownership() was not implemented. It also missed adjusting\nnet_ctl_set_ownership() to use the same default values in case the\ncomputation of a better value failed." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sysctl: inicializar siempre i_uid/i_gid Inicializar siempre i_uid/i_gid dentro del n\u00facleo sysfs para que set_ownership() pueda omitir su configuraci\u00f3n de forma segura. Commit 5ec27ec735ba (\"fs/proc/proc_sysctl.c: corrija los valores predeterminados de i_uid/i_gid en los inodos /proc/sys.\") agreg\u00f3 valores predeterminados para i_uid/i_gid cuando no se implement\u00f3 set_ownership(). Tambi\u00e9n omiti\u00f3 ajustar net_ctl_set_ownership() para usar los mismos valores predeterminados en caso de que fallara el c\u00e1lculo de un valor mejor." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42313.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42313.json index 70600dbdd0a..8158d533078 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42313.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42313.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42313", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:11.320", - "lastModified": "2024-08-19T05:15:09.537", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: fix use after free in vdec_close\n\nThere appears to be a possible use after free with vdec_close().\nThe firmware will add buffer release work to the work queue through\nHFI callbacks as a normal part of decoding. Randomly closing the\ndecoder device from userspace during normal decoding can incur\na read after free for inst.\n\nFix it by cancelling the work in vdec_close." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medios: venus: arreglar el use after free en vdec_close Parece haber un posible use after free con vdec_close(). El firmware agregar\u00e1 trabajo de liberaci\u00f3n de b\u00fafer a la cola de trabajos a trav\u00e9s de devoluciones de llamada HFI como parte normal de la decodificaci\u00f3n. Cerrar aleatoriamente el dispositivo decodificador desde el espacio de usuario durante la decodificaci\u00f3n normal puede generar una lectura despu\u00e9s de la liberaci\u00f3n por instante. Solucionarlo cancelando el trabajo en vdec_close." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42314.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42314.json index 189160a1fca..0302df01908 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42314.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42314.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42314", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:11.397", - "lastModified": "2024-08-17T09:15:11.397", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix extent map use-after-free when adding pages to compressed bio\n\nAt add_ra_bio_pages() we are accessing the extent map to calculate\n'add_size' after we dropped our reference on the extent map, resulting\nin a use-after-free. Fix this by computing 'add_size' before dropping our\nextent map reference." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: corrige el use after free el mapa de extensi\u00f3n al agregar p\u00e1ginas a una biograf\u00eda comprimida En add_ra_bio_pages() estamos accediendo al mapa de extensi\u00f3n para calcular 'add_size' despu\u00e9s de que eliminamos nuestra referencia en el mapa de extensi\u00f3n, lo que resulta en un use-after-free. Solucione este problema calculando 'add_size' antes de eliminar nuestra referencia del mapa de extensi\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42315.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42315.json index 52d955d99a6..885c66769c9 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42315.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42315.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42315", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:11.470", - "lastModified": "2024-08-17T09:15:11.470", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix potential deadlock on __exfat_get_dentry_set\n\nWhen accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array\nis allocated in __exfat_get_entry_set. The problem is that the bh-array is\nallocated with GFP_KERNEL. It does not make sense. In the following cases,\na deadlock for sbi->s_lock between the two processes may occur.\n\n CPU0 CPU1\n ---- ----\n kswapd\n balance_pgdat\n lock(fs_reclaim)\n exfat_iterate\n lock(&sbi->s_lock)\n exfat_readdir\n exfat_get_uniname_from_ext_entry\n exfat_get_dentry_set\n __exfat_get_dentry_set\n kmalloc_array\n ...\n lock(fs_reclaim)\n ...\n evict\n exfat_evict_inode\n lock(&sbi->s_lock)\n\nTo fix this, let's allocate bh-array with GFP_NOFS." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: exfat: corrige un posible punto muerto en __exfat_get_dentry_set Al acceder a un archivo con m\u00e1s entradas que ES_MAX_ENTRY_NUM, la matriz bh se asigna en __exfat_get_entry_set. El problema es que el bh-array est\u00e1 asignado con GFP_KERNEL. No tiene sentido. En los siguientes casos, puede ocurrir un punto muerto para sbi->s_lock entre los dos procesos. CPU0 CPU1 ---- ---- kswapd balance_pgdat lock(fs_reclaim) exfat_iterate lock(&sbi->s_lock) exfat_readdir exfat_get_uniname_from_ext_entry exfat_get_dentry_set __exfat_get_dentry_set kmalloc_array ... lock(fs_reclaim) ... desalojar exfat_evict_inode lock(&sbi->s_lock) para arreglar esto, asignemos bh-array con GFP_NOFS." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42316.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42316.json index cd5ae11fffc..e2fc09b1bc9 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42316.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42316.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42316", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:11.547", - "lastModified": "2024-08-17T09:15:11.547", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mglru: fix div-by-zero in vmpressure_calc_level()\n\nevict_folios() uses a second pass to reclaim folios that have gone through\npage writeback and become clean before it finishes the first pass, since\nfolio_rotate_reclaimable() cannot handle those folios due to the\nisolation.\n\nThe second pass tries to avoid potential double counting by deducting\nscan_control->nr_scanned. However, this can result in underflow of\nnr_scanned, under a condition where shrink_folio_list() does not increment\nnr_scanned, i.e., when folio_trylock() fails.\n\nThe underflow can cause the divisor, i.e., scale=scanned+reclaimed in\nvmpressure_calc_level(), to become zero, resulting in the following crash:\n\n [exception RIP: vmpressure_work_fn+101]\n process_one_work at ffffffffa3313f2b\n\nSince scan_control->nr_scanned has no established semantics, the potential\ndouble counting has minimal risks. Therefore, fix the problem by not\ndeducting scan_control->nr_scanned in evict_folios()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/mglru: corrige div-by-zero en vmpression_calc_level() evict_folios() utiliza una segunda pasada para recuperar las publicaciones que han pasado por la reescritura de p\u00e1ginas y quedan limpias antes de finalizar el primer pase, ya que folio_rotate_reclaimable() no puede manejar esos folios debido al aislamiento. El segundo paso intenta evitar un posible doble conteo deduciendo scan_control->nr_scanned. Sin embargo, esto puede resultar en un desbordamiento insuficiente de nr_scanned, bajo una condici\u00f3n en la que Shrink_folio_list() no incrementa nr_scanned, es decir, cuando falla folio_trylock(). El desbordamiento insuficiente puede causar que el divisor, es decir, escala=escaneado+reclamado en vmpression_calc_level(), se convierta en cero, lo que resulta en el siguiente bloqueo: [excepci\u00f3n RIP: vmpression_work_fn+101] Process_one_work en ffffffffa3313f2b Dado que scan_control->nr_scanned no tiene una sem\u00e1ntica establecida, la posible doble contabilizaci\u00f3n tiene riesgos m\u00ednimos. Por lo tanto, solucione el problema no deduciendo scan_control->nr_scanned en evict_folios()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42317.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42317.json index c4365d46faf..61d6edebf94 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42317.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42317.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42317", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:11.633", - "lastModified": "2024-08-17T09:15:11.633", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: avoid PMD-size page cache if needed\n\nxarray can't support arbitrary page cache size. the largest and supported\npage cache size is defined as MAX_PAGECACHE_ORDER by commit 099d90642a71\n(\"mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray\"). However,\nit's possible to have 512MB page cache in the huge memory's collapsing\npath on ARM64 system whose base page size is 64KB. 512MB page cache is\nbreaking the limitation and a warning is raised when the xarray entry is\nsplit as shown in the following example.\n\n[root@dhcp-10-26-1-207 ~]# cat /proc/1/smaps | grep KernelPageSize\nKernelPageSize: 64 kB\n[root@dhcp-10-26-1-207 ~]# cat /tmp/test.c\n :\nint main(int argc, char **argv)\n{\n\tconst char *filename = TEST_XFS_FILENAME;\n\tint fd = 0;\n\tvoid *buf = (void *)-1, *p;\n\tint pgsize = getpagesize();\n\tint ret = 0;\n\n\tif (pgsize != 0x10000) {\n\t\tfprintf(stdout, \"System with 64KB base page size is required!\\n\");\n\t\treturn -EPERM;\n\t}\n\n\tsystem(\"echo 0 > /sys/devices/virtual/bdi/253:0/read_ahead_kb\");\n\tsystem(\"echo 1 > /proc/sys/vm/drop_caches\");\n\n\t/* Open the xfs file */\n\tfd = open(filename, O_RDONLY);\n\tassert(fd > 0);\n\n\t/* Create VMA */\n\tbuf = mmap(NULL, TEST_MEM_SIZE, PROT_READ, MAP_SHARED, fd, 0);\n\tassert(buf != (void *)-1);\n\tfprintf(stdout, \"mapped buffer at 0x%p\\n\", buf);\n\n\t/* Populate VMA */\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_NOHUGEPAGE);\n\tassert(ret == 0);\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_READ);\n\tassert(ret == 0);\n\n\t/* Collapse VMA */\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE);\n\tassert(ret == 0);\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_COLLAPSE);\n\tif (ret) {\n\t\tfprintf(stdout, \"Error %d to madvise(MADV_COLLAPSE)\\n\", errno);\n\t\tgoto out;\n\t}\n\n\t/* Split xarray entry. Write permission is needed */\n\tmunmap(buf, TEST_MEM_SIZE);\n\tbuf = (void *)-1;\n\tclose(fd);\n\tfd = open(filename, O_RDWR);\n\tassert(fd > 0);\n\tfallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE,\n \t\t TEST_MEM_SIZE - pgsize, pgsize);\nout:\n\tif (buf != (void *)-1)\n\t\tmunmap(buf, TEST_MEM_SIZE);\n\tif (fd > 0)\n\t\tclose(fd);\n\n\treturn ret;\n}\n\n[root@dhcp-10-26-1-207 ~]# gcc /tmp/test.c -o /tmp/test\n[root@dhcp-10-26-1-207 ~]# /tmp/test\n ------------[ cut here ]------------\n WARNING: CPU: 25 PID: 7560 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128\n Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \\\n nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \\\n nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \\\n ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse \\\n xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 virtio_net \\\n sha1_ce net_failover virtio_blk virtio_console failover dimlib virtio_mmio\n CPU: 25 PID: 7560 Comm: test Kdump: loaded Not tainted 6.10.0-rc7-gavin+ #9\n Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024\n pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\n pc : xas_split_alloc+0xf8/0x128\n lr : split_huge_page_to_list_to_order+0x1c4/0x780\n sp : ffff8000ac32f660\n x29: ffff8000ac32f660 x28: ffff0000e0969eb0 x27: ffff8000ac32f6c0\n x26: 0000000000000c40 x25: ffff0000e0969eb0 x24: 000000000000000d\n x23: ffff8000ac32f6c0 x22: ffffffdfc0700000 x21: 0000000000000000\n x20: 0000000000000000 x19: ffffffdfc0700000 x18: 0000000000000000\n x17: 0000000000000000 x16: ffffd5f3708ffc70 x15: 0000000000000000\n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n x11: ffffffffffffffc0 x10: 0000000000000040 x9 : ffffd5f3708e692c\n x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff0000e0969eb8\n x5 : ffffd5f37289e378 x4 : 0000000000000000 x3 : 0000000000000c40\n x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000\n Call trace:\n xas_split_alloc+0xf8/0x128\n split_huge_page_to_list_to_order+0x1c4/0x780\n truncate_inode_partial_folio+0xdc/0x160\n truncate_inode_pages_range+0x1b4/0x4a8\n truncate_pagecache_range+0x84/0xa\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mm/huge_memory: evite el cach\u00e9 de p\u00e1ginas de tama\u00f1o PMD si es necesario. xarray no puede admitir un tama\u00f1o de cach\u00e9 de p\u00e1ginas arbitrario. el tama\u00f1o de cach\u00e9 de p\u00e1gina m\u00e1s grande y admitido se define como MAX_PAGECACHE_ORDER mediante el commit 099d90642a71 (\"mm/filemap: hacer que MAX_PAGECACHE_ORDER sea aceptable para xarray\"). Sin embargo, es posible tener una cach\u00e9 de p\u00e1gina de 512 MB en la ruta de colapso de la enorme memoria en un sistema ARM64 cuyo tama\u00f1o de p\u00e1gina base es de 64 KB. La cach\u00e9 de p\u00e1gina de 512 MB supera la limitaci\u00f3n y aparece una advertencia cuando la entrada de xarray se divide como se muestra en el siguiente ejemplo. [root@dhcp-10-26-1-207 ~]# cat /proc/1/smaps | grep KernelPageSize KernelPageSize: 64 kB [root@dhcp-10-26-1-207 ~]# cat /tmp/test.c : int main(int argc, char **argv) { const char *filename = TEST_XFS_FILENAME; intfd = 0; vac\u00edo *buf = (vac\u00edo *)-1, *p; int pgsize = getpagesize(); int ret = 0; if (pgsize != 0x10000) { fprintf(stdout, \"\u00a1Se requiere un sistema con un tama\u00f1o de p\u00e1gina base de 64 KB!\\n\"); devolver -EPERM; } system(\"echo 0 > /sys/devices/virtual/bdi/253:0/read_ahead_kb\"); sistema(\"echo 1 > /proc/sys/vm/drop_caches\"); /* Abrir el archivo xfs */ fd = open(nombre de archivo, O_RDONLY); afirmar(fd > 0); /* Crear VMA */ buf = mmap(NULL, TEST_MEM_SIZE, PROT_READ, MAP_SHARED, fd, 0); afirmar(buf != (void *)-1); fprintf(stdout, \"b\u00fafer asignado en 0x%p\\n\", buf); /* Completar VMA */ ret = madvise(buf, TEST_MEM_SIZE, MADV_NOHUGEPAGE); afirmar(ret == 0); ret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_READ); afirmar(ret == 0); /* Contraer VMA */ ret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE); afirmar(ret == 0); ret = madvise(buf, TEST_MEM_SIZE, MADV_COLLAPSE); if (ret) { fprintf(stdout, \"Error %d en madvise(MADV_COLLAPSE)\\n\", errno); salir; } /* Dividir entrada de matriz x. Se necesita permiso de escritura */ munmap(buf, TEST_MEM_SIZE); buf = (nulo *)-1; cerrar(fd); fd = open(nombre de archivo, O_RDWR); afirmar(fd > 0); fallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE, TEST_MEM_SIZE - tama\u00f1o de p\u00e1gina, tama\u00f1o de p\u00e1gina); salida: if (buf != (void *)-1) munmap(buf, TEST_MEM_SIZE); si (fd > 0) cerrar(fd); volver atr\u00e1s; } [root@dhcp-10-26-1-207 ~]# gcc /tmp/test.c -o /tmp/test [root@dhcp-10-26-1-207 ~]# /tmp/test -- ----------[ cortar aqu\u00ed ]------------ ADVERTENCIA: CPU: 25 PID: 7560 en lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 M\u00f3dulos vinculados en : nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \\ nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \\ nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \\ _set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse \\ xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 virtio_net \\ sha1_ce net_failover virtio_blk virtio_console failover dimlib virtio_mmio CPU: 25 PID: 7560 Comm : prueba Kdump: cargado No contaminado 6.10.0-rc7-gavin+ #9 Nombre del hardware: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 24/05/2024 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO + DIT -SSBS BTYPE=--) pc: xas_split_alloc+0xf8/0x128 lr: split_huge_page_to_list_to_order+0x1c4/0x780 sp: ffff8000ac32f660 x29: ffff8000ac32f660 x28: ffff0000e0969eb0 x27: 000ac32f6c0 x26: 0000000000000c40 x25: ffff0000e0969eb0 x24: 000000000000000d x23: ffff8000ac32f6c0 x22: ffffffdfc0700000 x21 : 0000000000000000 x20: 0000000000000000 x19: ffffffdfc0700000 x18: 0000000000000000 x17: 0000000000000000 x16: ffffd5f3708ffc70 x15: 000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: ffffffffffffffc0 x10: 0000000000000040 x9: 08e692c x8: 0000000000000003 x7: 0000000000000000 x6: ffff0000e0969eb8 x5: ffffd5f37289e378 x4: 0000000000000000 x3: 0000000000000c40 x2: 000000000000000d x1: 000000000000000c x0: 0000000000000000 Rastreo de llamadas: xas_split_alloc+0xf8/0x128 ---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42318.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42318.json index 31edc4e7506..5b0dd8dd93b 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42318.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42318.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42318", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:11.700", - "lastModified": "2024-08-19T05:15:09.597", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Don't lose track of restrictions on cred_transfer\n\nWhen a process' cred struct is replaced, this _almost_ always invokes\nthe cred_prepare LSM hook; but in one special case (when\nKEYCTL_SESSION_TO_PARENT updates the parent's credentials), the\ncred_transfer LSM hook is used instead. Landlock only implements the\ncred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes\nall information on Landlock restrictions to be lost.\n\nThis basically means that a process with the ability to use the fork()\nand keyctl() syscalls can get rid of all Landlock restrictions on\nitself.\n\nFix it by adding a cred_transfer hook that does the same thing as the\nexisting cred_prepare hook. (Implemented by having hook_cred_prepare()\ncall hook_cred_transfer() so that the two functions are less likely to\naccidentally diverge in the future.)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: landlock: no pierda de vista las restricciones en cred_transfer Cuando se reemplaza la estructura cred de un proceso, esto _almost_ always invoca el gancho LSM cred_prepare; pero en un caso especial (cuando KEYCTL_SESSION_TO_PARENT actualiza las credenciales de los padres), se utiliza el gancho LSM cred_transfer. Landlock solo implementa el gancho cred_prepare, no cred_transfer, por lo que KEYCTL_SESSION_TO_PARENT hace que se pierda toda la informaci\u00f3n sobre las restricciones de Landlock. B\u00e1sicamente, esto significa que un proceso con la capacidad de utilizar las llamadas al sistema fork() y keyctl() puede deshacerse de todas las restricciones de Landlock sobre s\u00ed mismo. Solucionelo agregando un gancho cred_transfer que haga lo mismo que el gancho cred_prepare existente. (Se implementa haciendo que hook_cred_prepare() llame a hook_cred_transfer() para que sea menos probable que las dos funciones diverjan accidentalmente en el futuro)." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42319.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42319.json index 9d73b2afefc..225ad97dd1b 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42319.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42319.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42319", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:11.767", - "lastModified": "2024-08-17T09:15:11.767", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()\n\nWhen mtk-cmdq unbinds, a WARN_ON message with condition\npm_runtime_get_sync() < 0 occurs.\n\nAccording to the call tracei below:\n cmdq_mbox_shutdown\n mbox_free_channel\n mbox_controller_unregister\n __devm_mbox_controller_unregister\n ...\n\nThe root cause can be deduced to be calling pm_runtime_get_sync() after\ncalling pm_runtime_disable() as observed below:\n1. CMDQ driver uses devm_mbox_controller_register() in cmdq_probe()\n to bind the cmdq device to the mbox_controller, so\n devm_mbox_controller_unregister() will automatically unregister\n the device bound to the mailbox controller when the device-managed\n resource is removed. That means devm_mbox_controller_unregister()\n and cmdq_mbox_shoutdown() will be called after cmdq_remove().\n2. CMDQ driver also uses devm_pm_runtime_enable() in cmdq_probe() after\n devm_mbox_controller_register(), so that devm_pm_runtime_disable()\n will be called after cmdq_remove(), but before\n devm_mbox_controller_unregister().\n\nTo fix this problem, cmdq_probe() needs to move\ndevm_mbox_controller_register() after devm_pm_runtime_enable() to make\ndevm_pm_runtime_disable() be called after\ndevm_mbox_controller_unregister()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: buz\u00f3n: mtk-cmdq: mover devm_mbox_controller_register() despu\u00e9s de devm_pm_runtime_enable() Cuando mtk-cmdq se desvincula, aparece un mensaje WARN_ON con la condici\u00f3n pm_runtime_get_sync() < 0. De acuerdo con el seguimiento de llamadas a continuaci\u00f3n: cmdq_mbox_shutdown mbox_free_channel mbox_controller_unregister __devm_mbox_controller_unregister ... Se puede deducir que la causa ra\u00edz es llamar a pm_runtime_get_sync() despu\u00e9s de llamar a pm_runtime_disable() como se observa a continuaci\u00f3n: 1. El controlador CMDQ usa devm_mbox_controller_register() en cmdq_probe() para vincular el cmdq al mbox_controller, por lo que devm_mbox_controller_unregister() cancelar\u00e1 autom\u00e1ticamente el registro del dispositivo vinculado al controlador del buz\u00f3n cuando se elimine el recurso administrado por el dispositivo. Eso significa que devm_mbox_controller_unregister() y cmdq_mbox_shoutdown() ser\u00e1n llamados despu\u00e9s de cmdq_remove(). 2. El controlador CMDQ tambi\u00e9n usa devm_pm_runtime_enable() en cmdq_probe() despu\u00e9s de devm_mbox_controller_register(), por lo que se llamar\u00e1 a devm_pm_runtime_disable() despu\u00e9s de cmdq_remove(), pero antes de devm_mbox_controller_unregister(). Para solucionar este problema, cmdq_probe() necesita mover devm_mbox_controller_register() despu\u00e9s de devm_pm_runtime_enable() para que se llame a devm_pm_runtime_disable() despu\u00e9s de devm_mbox_controller_unregister()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42320.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42320.json index 9486bd53e19..08c71fdc5ee 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42320.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42320.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42320", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:11.833", - "lastModified": "2024-08-17T09:15:11.833", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error checks in dasd_copy_pair_store()\n\ndasd_add_busid() can return an error via ERR_PTR() if an allocation\nfails. However, two callsites in dasd_copy_pair_store() do not check\nthe result, potentially resulting in a NULL pointer dereference. Fix\nthis by checking the result with IS_ERR() and returning the error up\nthe stack." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: s390/dasd: corrige comprobaciones de errores en dasd_copy_pair_store() dasd_add_busid() puede devolver un error a trav\u00e9s de ERR_PTR() si falla una asignaci\u00f3n. Sin embargo, dos sitios de llamada en dasd_copy_pair_store() no verifican el resultado, lo que podr\u00eda provocar una desreferencia del puntero NULL. Solucione este problema verificando el resultado con IS_ERR() y devolviendo el error en la pila." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42321.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42321.json index 9f26f7d8e64..b4712a9bcda 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42321.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42321.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42321", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:11.917", - "lastModified": "2024-08-17T09:15:11.917", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: flow_dissector: use DEBUG_NET_WARN_ON_ONCE\n\nThe following splat is easy to reproduce upstream as well as in -stable\nkernels. Florian Westphal provided the following commit:\n\n d1dab4f71d37 (\"net: add and use __skb_get_hash_symmetric_net\")\n\nbut this complementary fix has been also suggested by Willem de Bruijn\nand it can be easily backported to -stable kernel which consists in\nusing DEBUG_NET_WARN_ON_ONCE instead to silence the following splat\ngiven __skb_get_hash() is used by the nftables tracing infrastructure to\nto identify packets in traces.\n\n[69133.561393] ------------[ cut here ]------------\n[69133.561404] WARNING: CPU: 0 PID: 43576 at net/core/flow_dissector.c:1104 __skb_flow_dissect+0x134f/\n[...]\n[69133.561944] CPU: 0 PID: 43576 Comm: socat Not tainted 6.10.0-rc7+ #379\n[69133.561959] RIP: 0010:__skb_flow_dissect+0x134f/0x2ad0\n[69133.561970] Code: 83 f9 04 0f 84 b3 00 00 00 45 85 c9 0f 84 aa 00 00 00 41 83 f9 02 0f 84 81 fc ff\nff 44 0f b7 b4 24 80 00 00 00 e9 8b f9 ff ff <0f> 0b e9 20 f3 ff ff 41 f6 c6 20 0f 84 e4 ef ff ff 48 8d 7b 12 e8\n[69133.561979] RSP: 0018:ffffc90000006fc0 EFLAGS: 00010246\n[69133.561988] RAX: 0000000000000000 RBX: ffffffff82f33e20 RCX: ffffffff81ab7e19\n[69133.561994] RDX: dffffc0000000000 RSI: ffffc90000007388 RDI: ffff888103a1b418\n[69133.562001] RBP: ffffc90000007310 R08: 0000000000000000 R09: 0000000000000000\n[69133.562007] R10: ffffc90000007388 R11: ffffffff810cface R12: ffff888103a1b400\n[69133.562013] R13: 0000000000000000 R14: ffffffff82f33e2a R15: ffffffff82f33e28\n[69133.562020] FS: 00007f40f7131740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000\n[69133.562027] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[69133.562033] CR2: 00007f40f7346ee0 CR3: 000000015d200001 CR4: 00000000001706f0\n[69133.562040] Call Trace:\n[69133.562044] \n[69133.562049] ? __warn+0x9f/0x1a0\n[ 1211.841384] ? __skb_flow_dissect+0x107e/0x2860\n[...]\n[ 1211.841496] ? bpf_flow_dissect+0x160/0x160\n[ 1211.841753] __skb_get_hash+0x97/0x280\n[ 1211.841765] ? __skb_get_hash_symmetric+0x230/0x230\n[ 1211.841776] ? mod_find+0xbf/0xe0\n[ 1211.841786] ? get_stack_info_noinstr+0x12/0xe0\n[ 1211.841798] ? bpf_ksym_find+0x56/0xe0\n[ 1211.841807] ? __rcu_read_unlock+0x2a/0x70\n[ 1211.841819] nft_trace_init+0x1b9/0x1c0 [nf_tables]\n[ 1211.841895] ? nft_trace_notify+0x830/0x830 [nf_tables]\n[ 1211.841964] ? get_stack_info+0x2b/0x80\n[ 1211.841975] ? nft_do_chain_arp+0x80/0x80 [nf_tables]\n[ 1211.842044] nft_do_chain+0x79c/0x850 [nf_tables]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE El siguiente s\u00edmbolo es f\u00e1cil de reproducir tanto en n\u00facleos anteriores como en n\u00facleos estables. Florian Westphal proporcion\u00f3 la siguiente confirmaci\u00f3n: d1dab4f71d37 (\"net: add and use __skb_get_hash_metric_net\") pero Willem de Bruijn tambi\u00e9n sugiri\u00f3 esta soluci\u00f3n complementaria y se puede retroportar f\u00e1cilmente al kernel estable, que consiste en usar DEBUG_NET_WARN_ON_ONCE en lugar de silenciar lo siguiente splat dado __skb_get_hash() es utilizado por la infraestructura de seguimiento de nftables para identificar paquetes en los seguimientos. [69133.561393] ------------[ cortar aqu\u00ed ]------------ [69133.561404] ADVERTENCIA: CPU: 0 PID: 43576 en net/core/flow_dissector.c :1104 __skb_flow_dissect+0x134f/ [...] [69133.561944] CPU: 0 PID: 43576 Comm: socat No contaminado 6.10.0-rc7+ #379 [69133.561959] RIP: 0010:__skb_flow_dissect+0x134f/0x2ad0 133.561970] C\u00f3digo: 83 f9 04 0f 84 b3 00 00 00 45 85 c9 0f 84 aa 00 00 00 41 83 f9 02 0f 84 81 fc ff ff 44 0f b7 b4 24 80 00 00 00 e9 8b f9 ff ff <0f> 0b e9 20 ff ff 41 f6 c6 20 0f 84 e4 ef ff ff 48 8d 7b 12 e8 [69133.561979] RSP: 0018:ffffc90000006fc0 EFLAGS: 00010246 [69133.561988] RAX: 00000000000000000 RBX: ffffffff82f33e20 RCX: ffffffff81ab7e19 [69133.561994] RDX: dffffc0000000000 RSI: ffffc900000007388 RDI: ffff888103a1b418 [69133.562001] RBP: ffffc90000007310 R08: 0000000000000000 R09: 0000000000000000 [69133.562007] R10: ffffc90000007388 R11: fffffff810cface 2: ffff888103a1b400 [69133.562013] R13: 0000000000000000 R14: ffffffff82f33e2a R15: ffffffff82f33e28 [69133.562020] FS: 00007f40f7131740(000 0) GS:ffff888390800000(0000 ) knlGS:0000000000000000 [69133.562027] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [69133.562033] CR2: 00007f40f7346ee0 CR3: 5d200001 CR4: 00000000001706f0 [69133.562040] Seguimiento de llamadas: [69133.562044] [69133.562049] ? __advertir+0x9f/0x1a0 [ 1211.841384] ? __skb_flow_dissect+0x107e/0x2860 [...] [ 1211.841496] ? bpf_flow_dissect+0x160/0x160 [ 1211.841753] __skb_get_hash+0x97/0x280 [ 1211.841765] ? __skb_get_hash_metric+0x230/0x230 [1211.841776]? mod_find+0xbf/0xe0 [1211.841786]? get_stack_info_noinstr+0x12/0xe0 [1211.841798]? bpf_ksym_find+0x56/0xe0 [1211.841807]? __rcu_read_unlock+0x2a/0x70 [1211.841819] nft_trace_init+0x1b9/0x1c0 [nf_tables] [1211.841895]? nft_trace_notify+0x830/0x830 [nf_tables] [1211.841964]? get_stack_info+0x2b/0x80 [1211.841975]? nft_do_chain_arp+0x80/0x80 [nf_tables] [ 1211.842044] nft_do_chain+0x79c/0x850 [nf_tables]" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42322.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42322.json index 1b05479e4c4..73cda699e02 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42322.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42322.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42322", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T09:15:11.977", - "lastModified": "2024-08-17T09:15:11.977", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: properly dereference pe in ip_vs_add_service\n\nUse pe directly to resolve sparse warning:\n\n net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ipvs: desreferenciar correctamente pe en ip_vs_add_service Utilice pe directamente para resolver la advertencia dispersa: net/netfilter/ipvs/ip_vs_ctl.c:1471:27: advertencia: desreferencia de la expresi\u00f3n noderef" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-424xx/CVE-2024-42462.json b/CVE-2024/CVE-2024-424xx/CVE-2024-42462.json index aa5e61c8b23..2f9262cd89c 100644 --- a/CVE-2024/CVE-2024-424xx/CVE-2024-42462.json +++ b/CVE-2024/CVE-2024-424xx/CVE-2024-42462.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42462", "sourceIdentifier": "80f39f49-2521-4ee7-9e17-af5d55e8032f", "published": "2024-08-16T14:15:13.253", - "lastModified": "2024-08-16T14:15:13.253", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Bypass.This issue affects upKeeper Manager: through 5.1.9." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autenticaci\u00f3n incorrecta en el producto upKeeper Solutions, upKeeper Manager permite omitir la autenticaci\u00f3n. Este problema afecta a upKeeper Manager: hasta 5.1.9." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-424xx/CVE-2024-42463.json b/CVE-2024/CVE-2024-424xx/CVE-2024-42463.json index bb93c584e7a..b87b4c05973 100644 --- a/CVE-2024/CVE-2024-424xx/CVE-2024-42463.json +++ b/CVE-2024/CVE-2024-424xx/CVE-2024-42463.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42463", "sourceIdentifier": "80f39f49-2521-4ee7-9e17-af5d55e8032f", "published": "2024-08-16T14:15:13.650", - "lastModified": "2024-08-16T14:15:13.650", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9." + }, + { + "lang": "es", + "value": "Vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en el producto upKeeper Solutions, upKeeper Manager permite utilizar la confianza de REST en el recurso de System para obtener datos confidenciales. Este problema afecta a upKeeper Manager: hasta 5.1.9." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-424xx/CVE-2024-42464.json b/CVE-2024/CVE-2024-424xx/CVE-2024-42464.json index 36dc1f1e458..49943ab2207 100644 --- a/CVE-2024/CVE-2024-424xx/CVE-2024-42464.json +++ b/CVE-2024/CVE-2024-424xx/CVE-2024-42464.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42464", "sourceIdentifier": "80f39f49-2521-4ee7-9e17-af5d55e8032f", "published": "2024-08-16T14:15:13.933", - "lastModified": "2024-08-16T14:15:13.933", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9." + }, + { + "lang": "es", + "value": "Vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en el producto upKeeper Solutions, upKeeper Manager permite utilizar la confianza de REST en el recurso de System para obtener datos confidenciales. Este problema afecta a upKeeper Manager: hasta 5.1.9." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-424xx/CVE-2024-42465.json b/CVE-2024/CVE-2024-424xx/CVE-2024-42465.json index c33ae1ccfa7..73ddc45b596 100644 --- a/CVE-2024/CVE-2024-424xx/CVE-2024-42465.json +++ b/CVE-2024/CVE-2024-424xx/CVE-2024-42465.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42465", "sourceIdentifier": "80f39f49-2521-4ee7-9e17-af5d55e8032f", "published": "2024-08-16T14:15:14.133", - "lastModified": "2024-08-16T14:15:14.133", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9." + }, + { + "lang": "es", + "value": "Vulnerabilidad de restricci\u00f3n inadecuada de intentos de autenticaci\u00f3n excesivos en el producto upKeeper Solutions, upKeeper Manager, permite el abuso de autenticaci\u00f3n. Este problema afecta a upKeeper Manager: hasta 5.1.9." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-424xx/CVE-2024-42466.json b/CVE-2024/CVE-2024-424xx/CVE-2024-42466.json index 51afd27c372..af0129134c6 100644 --- a/CVE-2024/CVE-2024-424xx/CVE-2024-42466.json +++ b/CVE-2024/CVE-2024-424xx/CVE-2024-42466.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42466", "sourceIdentifier": "80f39f49-2521-4ee7-9e17-af5d55e8032f", "published": "2024-08-16T14:15:14.343", - "lastModified": "2024-08-16T14:15:14.343", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9." + }, + { + "lang": "es", + "value": "Vulnerabilidad de restricci\u00f3n inadecuada de intentos de autenticaci\u00f3n excesivos en el producto upKeeper Solutions, upKeeper Manager, permite el abuso de autenticaci\u00f3n. Este problema afecta a upKeeper Manager: hasta 5.1.9." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-424xx/CVE-2024-42472.json b/CVE-2024/CVE-2024-424xx/CVE-2024-42472.json index 6cce475c1b8..49bb3efdfd9 100644 --- a/CVE-2024/CVE-2024-424xx/CVE-2024-42472.json +++ b/CVE-2024/CVE-2024-424xx/CVE-2024-42472.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42472", "sourceIdentifier": "security-advisories@github.com", "published": "2024-08-15T19:15:19.233", - "lastModified": "2024-08-15T19:15:19.233", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-424xx/CVE-2024-42475.json b/CVE-2024/CVE-2024-424xx/CVE-2024-42475.json index 66a093dbd41..3840476fee7 100644 --- a/CVE-2024/CVE-2024-424xx/CVE-2024-42475.json +++ b/CVE-2024/CVE-2024-424xx/CVE-2024-42475.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42475", "sourceIdentifier": "security-advisories@github.com", "published": "2024-08-15T19:15:19.520", - "lastModified": "2024-08-15T19:15:19.520", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-424xx/CVE-2024-42476.json b/CVE-2024/CVE-2024-424xx/CVE-2024-42476.json index 1ba1ec9e385..ad406b4b59b 100644 --- a/CVE-2024/CVE-2024-424xx/CVE-2024-42476.json +++ b/CVE-2024/CVE-2024-424xx/CVE-2024-42476.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42476", "sourceIdentifier": "security-advisories@github.com", "published": "2024-08-15T19:15:19.753", - "lastModified": "2024-08-15T19:15:19.753", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-424xx/CVE-2024-42486.json b/CVE-2024/CVE-2024-424xx/CVE-2024-42486.json index d305d4b10d4..80067cce292 100644 --- a/CVE-2024/CVE-2024-424xx/CVE-2024-42486.json +++ b/CVE-2024/CVE-2024-424xx/CVE-2024-42486.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42486", "sourceIdentifier": "security-advisories@github.com", "published": "2024-08-16T15:15:28.777", - "lastModified": "2024-08-16T15:15:28.777", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway resources being able to access secrets for longer than intended, or to Routes having the ability to forward traffic to backends in other namespaces for longer than intended. This issue has been patched in Cilium v1.15.8 and v1.16.1. As a workaround, any modification of a related Gateway/HTTPRoute/GRPCRoute/TCPRoute CRD (for example, adding any label to any of these resources) will trigger a reconciliation of ReferenceGrants on an affected cluster." + }, + { + "lang": "es", + "value": "Cilium es una soluci\u00f3n de redes, observabilidad y seguridad con un plano de datos basado en eBPF. En las versiones de la rama 1.15.x anterior a la 1.15.8 y la rama 1.16.x anterior a la 1.16.1, los cambios de ReferenceGrant no se propagan correctamente en el controlador GatewayAPI de Cilium, lo que podr\u00eda llevar a que los recursos de Gateway puedan acceder a secretos durante m\u00e1s de previsto, o a Rutas que tienen la capacidad de reenviar tr\u00e1fico a servidores en otros espacios de nombres durante m\u00e1s tiempo del previsto. Este problema se solucion\u00f3 en Cilium v1.15.8 y v1.16.1. Como workaround, cualquier modificaci\u00f3n de un CRD de Gateway/HTTPRoute/GRPCRoute/TCPRoute relacionado (por ejemplo, agregar cualquier etiqueta a cualquiera de estos recursos) activar\u00e1 una conciliaci\u00f3n de ReferenceGrants en un cl\u00faster afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-424xx/CVE-2024-42487.json b/CVE-2024/CVE-2024-424xx/CVE-2024-42487.json index de50b850623..996027d3121 100644 --- a/CVE-2024/CVE-2024-424xx/CVE-2024-42487.json +++ b/CVE-2024/CVE-2024-424xx/CVE-2024-42487.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42487", "sourceIdentifier": "security-advisories@github.com", "published": "2024-08-15T21:15:16.997", - "lastModified": "2024-08-15T21:15:16.997", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-424xx/CVE-2024-42488.json b/CVE-2024/CVE-2024-424xx/CVE-2024-42488.json index 42497fb85ac..26cd0f595b9 100644 --- a/CVE-2024/CVE-2024-424xx/CVE-2024-42488.json +++ b/CVE-2024/CVE-2024-424xx/CVE-2024-42488.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42488", "sourceIdentifier": "security-advisories@github.com", "published": "2024-08-15T21:15:17.270", - "lastModified": "2024-08-15T21:15:17.270", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-426xx/CVE-2024-42634.json b/CVE-2024/CVE-2024-426xx/CVE-2024-42634.json index e44798b3162..035d82c8b2d 100644 --- a/CVE-2024/CVE-2024-426xx/CVE-2024-42634.json +++ b/CVE-2024/CVE-2024-426xx/CVE-2024-42634.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42634", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-16T16:15:06.670", - "lastModified": "2024-08-16T18:35:12.810", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en formWriteFacMac del binario httpd en Tenda AC9 v15.03.06.42. Como resultado, el atacante puede ejecutar comandos del sistema operativo con privilegios de superusuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-426xx/CVE-2024-42637.json b/CVE-2024/CVE-2024-426xx/CVE-2024-42637.json index 53191fcf816..75e8934f92d 100644 --- a/CVE-2024/CVE-2024-426xx/CVE-2024-42637.json +++ b/CVE-2024/CVE-2024-426xx/CVE-2024-42637.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42637", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-16T18:15:09.530", - "lastModified": "2024-08-16T21:35:12.787", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que H3C R3010 v100R002L02 conten\u00eda una vulnerabilidad de contrase\u00f1a codificada en /etc/shadow, que permite a los atacantes iniciar sesi\u00f3n como superusuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-426xx/CVE-2024-42638.json b/CVE-2024/CVE-2024-426xx/CVE-2024-42638.json index 631bdd0fe95..a151382d4ac 100644 --- a/CVE-2024/CVE-2024-426xx/CVE-2024-42638.json +++ b/CVE-2024/CVE-2024-426xx/CVE-2024-42638.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42638", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-16T18:15:09.810", - "lastModified": "2024-08-16T18:15:09.810", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que H3C Magic B1ST v100R012 contiene una vulnerabilidad de contrase\u00f1a codificada en /etc/shadow, que permite a los atacantes iniciar sesi\u00f3n como superusuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-426xx/CVE-2024-42639.json b/CVE-2024/CVE-2024-426xx/CVE-2024-42639.json index f954a016a46..501ca445b36 100644 --- a/CVE-2024/CVE-2024-426xx/CVE-2024-42639.json +++ b/CVE-2024/CVE-2024-426xx/CVE-2024-42639.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42639", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-16T18:15:10.067", - "lastModified": "2024-08-16T18:15:10.067", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que H3C GR1100-P v100R009 utiliza una contrase\u00f1a codificada en /etc/shadow, que permite a los atacantes iniciar sesi\u00f3n como superusuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-427xx/CVE-2024-42757.json b/CVE-2024/CVE-2024-427xx/CVE-2024-42757.json index 8c79cc2d14a..01c0afd5987 100644 --- a/CVE-2024/CVE-2024-427xx/CVE-2024-42757.json +++ b/CVE-2024/CVE-2024-427xx/CVE-2024-42757.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42757", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-15T19:15:19.977", - "lastModified": "2024-08-15T19:15:19.977", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-427xx/CVE-2024-42758.json b/CVE-2024/CVE-2024-427xx/CVE-2024-42758.json index a4df1c60ffc..8967e5c56aa 100644 --- a/CVE-2024/CVE-2024-427xx/CVE-2024-42758.json +++ b/CVE-2024/CVE-2024-427xx/CVE-2024-42758.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42758", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-16T18:15:10.400", - "lastModified": "2024-08-16T18:15:10.400", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Cross-site Scripting (XSS) vulnerability exists in version v2024-01-05 of the indexmenu plugin when is used and enabled in Dokuwiki (Open Source Wiki Engine). A malicious attacker can input XSS payloads for example when creating or editing existing page, to trigger the XSS on Dokuwiki, which is then stored in .txt file (due to nature of how Dokuwiki is designed), which presents stored XSS." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de Cross-Site Scripting (XSS) en la versi\u00f3n v2024-01-05 del complemento indexmenu cuando se usa y habilita en Dokuwiki (motor Wiki de c\u00f3digo abierto). Un atacante malicioso puede ingresar payload XSS, por ejemplo, al crear o editar una p\u00e1gina existente, para activar el XSS en Dokuwiki, que luego se almacena en un archivo .txt (debido a la naturaleza de c\u00f3mo est\u00e1 manipulado Dokuwiki), que presenta el XSS almacenado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-428xx/CVE-2024-42849.json b/CVE-2024/CVE-2024-428xx/CVE-2024-42849.json index 4ad95ce9f8b..19f67c0d6b9 100644 --- a/CVE-2024/CVE-2024-428xx/CVE-2024-42849.json +++ b/CVE-2024/CVE-2024-428xx/CVE-2024-42849.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42849", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-16T19:15:10.233", - "lastModified": "2024-08-16T20:35:17.050", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a denial of service via the password change function." + }, + { + "lang": "es", + "value": "Un problema en Silverpeas v.6.4.2 y anteriores permite a un atacante remoto provocar una denegaci\u00f3n de servicio a trav\u00e9s de la funci\u00f3n de cambio de contrase\u00f1a." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-428xx/CVE-2024-42850.json b/CVE-2024/CVE-2024-428xx/CVE-2024-42850.json index 167c50c6f57..7343f7ec782 100644 --- a/CVE-2024/CVE-2024-428xx/CVE-2024-42850.json +++ b/CVE-2024/CVE-2024-428xx/CVE-2024-42850.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42850", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-16T19:15:10.317", - "lastModified": "2024-08-16T19:15:10.317", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements." + }, + { + "lang": "es", + "value": "Un problema en la funci\u00f3n de cambio de contrase\u00f1a de Silverpeas v6.4.2 y versiones anteriores permite eludir los requisitos de complejidad de la contrase\u00f1a." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-429xx/CVE-2024-42994.json b/CVE-2024/CVE-2024-429xx/CVE-2024-42994.json index 643c6bf2c0e..9fc2c90f4d3 100644 --- a/CVE-2024/CVE-2024-429xx/CVE-2024-42994.json +++ b/CVE-2024/CVE-2024-429xx/CVE-2024-42994.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42994", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-16T17:15:15.153", - "lastModified": "2024-08-16T18:35:17.200", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "VTiger CRM <= 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the \"CompanyDetails\" operation of the \"MailManager\" module." + }, + { + "lang": "es", + "value": "VTiger CRM <= 8.1.0 no desinfecta adecuadamente la entrada del usuario antes de usarla en una declaraci\u00f3n SQL, lo que genera una inyecci\u00f3n de SQL en la operaci\u00f3n \"CompanyDetails\" del m\u00f3dulo \"MailManager\"." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-429xx/CVE-2024-42995.json b/CVE-2024/CVE-2024-429xx/CVE-2024-42995.json index 3c459b7dcf9..69d00623959 100644 --- a/CVE-2024/CVE-2024-429xx/CVE-2024-42995.json +++ b/CVE-2024/CVE-2024-429xx/CVE-2024-42995.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42995", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-16T17:15:15.273", - "lastModified": "2024-08-16T18:35:17.930", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the \"Migration\" administrative module to disable arbitrary modules." + }, + { + "lang": "es", + "value": "VTiger CRM <= 8.1.0 no verifica correctamente los privilegios de usuario. Un usuario con pocos privilegios puede interactuar directamente con el m\u00f3dulo administrativo \"Migraci\u00f3n\" para desactivar m\u00f3dulos arbitrarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-430xx/CVE-2024-43005.json b/CVE-2024/CVE-2024-430xx/CVE-2024-43005.json index e6b827ec5e9..11a7017c39a 100644 --- a/CVE-2024/CVE-2024-430xx/CVE-2024-43005.json +++ b/CVE-2024/CVE-2024-430xx/CVE-2024-43005.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43005", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-16T20:15:13.253", - "lastModified": "2024-08-16T20:15:13.253", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A reflected cross-site scripting (XSS) vulnerability in the component dl_liuyan_save.php of ZZCMS v2023 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en el componente dl_liuyan_save.php de ZZCMS v2023 permite a los atacantes ejecutar c\u00f3digo arbitrario en el contexto del navegador de un usuario mediante la inyecci\u00f3n de un payload manipulado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-430xx/CVE-2024-43006.json b/CVE-2024/CVE-2024-430xx/CVE-2024-43006.json index 34e9bb4a650..90bfb183b40 100644 --- a/CVE-2024/CVE-2024-430xx/CVE-2024-43006.json +++ b/CVE-2024/CVE-2024-430xx/CVE-2024-43006.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43006", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-16T20:15:13.333", - "lastModified": "2024-08-16T20:15:13.333", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A stored cross-site scripting (XSS) vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. An attacker can exploit this vulnerability by sending a specially crafted POST request to /user/ask_edit.php?action=add, which includes malicious JavaScript code in the 'content' parameter. When a user visits the ask/show_{newsid}.html page, the injected script is executed in the context of the user's browser, leading to potential theft of cookies, session tokens, or other sensitive information." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en ZZCMS2023 en el archivo Ask/show.php en la l\u00ednea 21. Un atacante puede explotar esta vulnerabilidad enviando una solicitud POST especialmente manipulada a /user/ask_edit.php?action=add. que incluye c\u00f3digo JavaScript malicioso en el par\u00e1metro 'contenido'. Cuando un usuario visita la p\u00e1gina Ask/show_{newsid}.html, el script inyectado se ejecuta en el contexto del navegador del usuario, lo que genera un posible robo de cookies, tokens de sesi\u00f3n u otra informaci\u00f3n confidencial." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-430xx/CVE-2024-43009.json b/CVE-2024/CVE-2024-430xx/CVE-2024-43009.json index 7f580113c18..516b960eb9f 100644 --- a/CVE-2024/CVE-2024-430xx/CVE-2024-43009.json +++ b/CVE-2024/CVE-2024-430xx/CVE-2024-43009.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43009", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-16T20:15:13.410", - "lastModified": "2024-08-16T20:15:13.410", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A reflected cross-site scripting (XSS) vulnerability exists in user/login.php at line 24 in ZZCMS 2023 and earlier. The application directly inserts the value of the HTTP_REFERER header into the HTML response without proper sanitization. An attacker can exploit this vulnerability by tricking a user into visiting a specially crafted URL, which includes a malicious Referer header. This can lead to the execution of arbitrary JavaScript code in the context of the victim's browser, potentially resulting in session hijacking, defacement, or other malicious activities." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en user/login.php en la l\u00ednea 24 en ZZCMS 2023 y versiones anteriores. La aplicaci\u00f3n inserta directamente el valor del encabezado HTTP_REFERER en la respuesta HTML sin una desinfecci\u00f3n adecuada. Un atacante puede aprovechar esta vulnerabilidad enga\u00f1ando a un usuario para que visite una URL especialmente manipulada, que incluye un encabezado Referer malicioso. Esto puede llevar a la ejecuci\u00f3n de c\u00f3digo JavaScript arbitrario en el contexto del navegador de la v\u00edctima, lo que podr\u00eda resultar en secuestro de sesi\u00f3n, alteraci\u00f3n u otras actividades maliciosas." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-430xx/CVE-2024-43011.json b/CVE-2024/CVE-2024-430xx/CVE-2024-43011.json index b733e299102..622d450a76a 100644 --- a/CVE-2024/CVE-2024-430xx/CVE-2024-43011.json +++ b/CVE-2024/CVE-2024-430xx/CVE-2024-43011.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43011", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-16T20:15:13.497", - "lastModified": "2024-08-16T20:15:13.497", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An arbitrary file deletion vulnerability exists in the admin/del.php file at line 62 in ZZCMS 2023 and earlier. Due to insufficient validation and sanitization of user input for file paths, an attacker can exploit this vulnerability by using directory traversal techniques to delete arbitrary files on the server. This can lead to the deletion of critical files, potentially disrupting the normal operation of the system." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de eliminaci\u00f3n arbitraria de archivos en el archivo admin/del.php en la l\u00ednea 62 en ZZCMS 2023 y versiones anteriores. Debido a una validaci\u00f3n y desinfecci\u00f3n insuficientes de la entrada del usuario para las rutas de los archivos, un atacante puede aprovechar esta vulnerabilidad utilizando t\u00e9cnicas de recorrido de directorio para eliminar archivos arbitrarios en el servidor. Esto puede provocar la eliminaci\u00f3n de archivos cr\u00edticos, lo que podr\u00eda alterar el funcionamiento normal del sistema." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-430xx/CVE-2024-43042.json b/CVE-2024/CVE-2024-430xx/CVE-2024-43042.json index 90678d5c20a..115918e9102 100644 --- a/CVE-2024/CVE-2024-430xx/CVE-2024-43042.json +++ b/CVE-2024/CVE-2024-430xx/CVE-2024-43042.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43042", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-16T20:15:13.573", - "lastModified": "2024-08-16T20:15:13.573", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack." + }, + { + "lang": "es", + "value": "Pluck CMS 4.7.18 no restringe los intentos fallidos de inicio de sesi\u00f3n, lo que permite a los atacantes ejecutar un ataque de fuerza bruta." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-431xx/CVE-2024-43145.json b/CVE-2024/CVE-2024-431xx/CVE-2024-43145.json index dacdee50daa..6c59e719670 100644 --- a/CVE-2024/CVE-2024-431xx/CVE-2024-43145.json +++ b/CVE-2024/CVE-2024-431xx/CVE-2024-43145.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43145", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T22:15:07.880", - "lastModified": "2024-08-18T22:15:07.880", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AyeCode Ltd GeoDirectory.This issue affects GeoDirectory: from n/a through 2.3.61." + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en AyeCode Ltd GeoDirectory. Este problema afecta a GeoDirectory: desde n/a hasta 2.3.61." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-432xx/CVE-2024-43207.json b/CVE-2024/CVE-2024-432xx/CVE-2024-43207.json index de7e6d8c8eb..5859009e214 100644 --- a/CVE-2024/CVE-2024-432xx/CVE-2024-43207.json +++ b/CVE-2024/CVE-2024-432xx/CVE-2024-43207.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43207", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T22:15:08.090", - "lastModified": "2024-08-18T22:15:08.090", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Valiano Unite Gallery Lite.This issue affects Unite Gallery Lite: from n/a through 1.7.62." + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Valiano Unite Gallery Lite. Este problema afecta a Unite Gallery Lite: desde n/a hasta 1.7.62." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-432xx/CVE-2024-43238.json b/CVE-2024/CVE-2024-432xx/CVE-2024-43238.json index 72fa7d78989..614f6ac874e 100644 --- a/CVE-2024/CVE-2024-432xx/CVE-2024-43238.json +++ b/CVE-2024/CVE-2024-432xx/CVE-2024-43238.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43238", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T14:15:06.583", - "lastModified": "2024-08-18T14:15:06.583", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs weMail allows Reflected XSS.This issue affects weMail: from n/a through 1.14.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en weDevs weMail permite el XSS reflejado. Este problema afecta a weMail: desde n/a hasta 1.14.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-432xx/CVE-2024-43239.json b/CVE-2024/CVE-2024-432xx/CVE-2024-43239.json index e1899a6f170..54768f506dd 100644 --- a/CVE-2024/CVE-2024-432xx/CVE-2024-43239.json +++ b/CVE-2024/CVE-2024-432xx/CVE-2024-43239.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43239", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T22:15:08.277", - "lastModified": "2024-08-18T22:15:08.277", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in Masteriyo Masteriyo - LMS.This issue affects Masteriyo - LMS: from n/a through 1.11.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en Masteriyo Masteriyo - LMS. Este problema afecta a Masteriyo - LMS: desde n/a hasta 1.11.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-432xx/CVE-2024-43241.json b/CVE-2024/CVE-2024-432xx/CVE-2024-43241.json index 7ebd2fb6dad..448c0efece7 100644 --- a/CVE-2024/CVE-2024-432xx/CVE-2024-43241.json +++ b/CVE-2024/CVE-2024-432xx/CVE-2024-43241.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43241", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T22:15:08.483", - "lastModified": "2024-08-18T22:15:08.483", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in azzaroco Ultimate Membership Pro allows Reflected XSS.This issue affects Ultimate Membership Pro: from n/a through 12.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en azzaroco Ultimate Membership Pro permite XSS Reflejado. Este problema afecta a Ultimate Membership Pro: desde n/a hasta 12.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-432xx/CVE-2024-43244.json b/CVE-2024/CVE-2024-432xx/CVE-2024-43244.json index 53b4eafcdd4..286ca06f0ed 100644 --- a/CVE-2024/CVE-2024-432xx/CVE-2024-43244.json +++ b/CVE-2024/CVE-2024-432xx/CVE-2024-43244.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43244", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T22:15:08.680", - "lastModified": "2024-08-18T22:15:08.680", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS.This issue affects Houzez: from n/a through 3.2.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en temas favoritos. Houzez permite el XSS reflejado. Este problema afecta a Houzez: desde n/a hasta 3.2.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-432xx/CVE-2024-43246.json b/CVE-2024/CVE-2024-432xx/CVE-2024-43246.json index 0d16f98bbc2..3c614c124ed 100644 --- a/CVE-2024/CVE-2024-432xx/CVE-2024-43246.json +++ b/CVE-2024/CVE-2024-432xx/CVE-2024-43246.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43246", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T22:15:08.877", - "lastModified": "2024-08-18T22:15:08.877", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in creativeon WHMpress allows Reflected XSS.This issue affects WHMpress: from n/a through 6.2-revision-5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en creativeon WHMpress permite XSS Reflejado. Este problema afecta a WHMpress: desde n/a hasta 6.2-revisi\u00f3n-5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-432xx/CVE-2024-43262.json b/CVE-2024/CVE-2024-432xx/CVE-2024-43262.json index 8e879be7c58..11b80d17514 100644 --- a/CVE-2024/CVE-2024-432xx/CVE-2024-43262.json +++ b/CVE-2024/CVE-2024-432xx/CVE-2024-43262.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43262", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T22:15:09.070", - "lastModified": "2024-08-18T22:15:09.070", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in webriti Busiprof allows Stored XSS.This issue affects Busiprof: from n/a through 2.4.8." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en webriti Busiprof permite XSS Almacenado. Este problema afecta a Busiprof: desde n/a hasta 2.4.8." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-432xx/CVE-2024-43263.json b/CVE-2024/CVE-2024-432xx/CVE-2024-43263.json index ea358bc9638..6782751aa94 100644 --- a/CVE-2024/CVE-2024-432xx/CVE-2024-43263.json +++ b/CVE-2024/CVE-2024-432xx/CVE-2024-43263.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43263", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T22:15:09.270", - "lastModified": "2024-08-18T22:15:09.270", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Visual Composer Visual Composer Starter allows Stored XSS.This issue affects Visual Composer Starter: from n/a through 3.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Visual Composer Visual Composer Starter permite XSS Almacenado. Este problema afecta a Visual Composer Starter: desde n/a hasta 3.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-432xx/CVE-2024-43266.json b/CVE-2024/CVE-2024-432xx/CVE-2024-43266.json index f43f339241a..804ae654a63 100644 --- a/CVE-2024/CVE-2024-432xx/CVE-2024-43266.json +++ b/CVE-2024/CVE-2024-432xx/CVE-2024-43266.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43266", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T22:15:09.463", - "lastModified": "2024-08-18T22:15:09.463", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in WP Job Portal.This issue affects WP Job Portal: from n/a through 2.1.6." + }, + { + "lang": "es", + "value": "Vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en WP Job Portal. Este problema afecta a WP Job Portal: desde n/a hasta 2.1.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-432xx/CVE-2024-43267.json b/CVE-2024/CVE-2024-432xx/CVE-2024-43267.json index 77b996d0b67..34293a0a42d 100644 --- a/CVE-2024/CVE-2024-432xx/CVE-2024-43267.json +++ b/CVE-2024/CVE-2024-432xx/CVE-2024-43267.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43267", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T22:15:09.663", - "lastModified": "2024-08-18T22:15:09.663", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Qamar Sheeraz, Nasir Ahmad, GenialSouls Mega Addons For Elementor allows Stored XSS.This issue affects Mega Addons For Elementor: from n/a through 1.9." + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Qamar Sheeraz, Nasir Ahmad, GenialSouls Mega Addons para Elementor permite XSS Almacenado. Este problema afecta a Mega Addons para Elementor: desde n/a hasta 1.9." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-432xx/CVE-2024-43276.json b/CVE-2024/CVE-2024-432xx/CVE-2024-43276.json index 99b68b3e93f..7015433c339 100644 --- a/CVE-2024/CVE-2024-432xx/CVE-2024-43276.json +++ b/CVE-2024/CVE-2024-432xx/CVE-2024-43276.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43276", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T14:15:06.787", - "lastModified": "2024-08-18T14:15:06.787", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Svetoslav Marinov (Slavi) Child Theme Creator allows Reflected XSS.This issue affects Child Theme Creator: from n/a through 1.5.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Svetoslav Marinov (Slavi) Child Theme Creator permite XSS Reflejado. Este problema afecta a Child Theme Creator: desde n/a hasta 1.5.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-432xx/CVE-2024-43278.json b/CVE-2024/CVE-2024-432xx/CVE-2024-43278.json index b3af497e87e..8e02d9d67cd 100644 --- a/CVE-2024/CVE-2024-432xx/CVE-2024-43278.json +++ b/CVE-2024/CVE-2024-432xx/CVE-2024-43278.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43278", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T22:15:09.860", - "lastModified": "2024-08-18T22:15:09.860", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Phi Phan Meta Field Block allows Stored XSS.This issue affects Meta Field Block: from n/a through 1.2.13." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Phi Phan Meta Field Block permite XSS Almacenado. Este problema afecta a Meta Field Block: desde n/a hasta 1.2.13." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-432xx/CVE-2024-43279.json b/CVE-2024/CVE-2024-432xx/CVE-2024-43279.json index cb058b23578..1d463fc986e 100644 --- a/CVE-2024/CVE-2024-432xx/CVE-2024-43279.json +++ b/CVE-2024/CVE-2024-432xx/CVE-2024-43279.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43279", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T22:15:10.060", - "lastModified": "2024-08-18T22:15:10.060", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.8." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Tribulant Newsletters permite el XSS reflejado. Este problema afecta a Newsletters: desde n/a hasta 4.9.8." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-432xx/CVE-2024-43282.json b/CVE-2024/CVE-2024-432xx/CVE-2024-43282.json index 22651f91603..07f2b6ba9d1 100644 --- a/CVE-2024/CVE-2024-432xx/CVE-2024-43282.json +++ b/CVE-2024/CVE-2024-432xx/CVE-2024-43282.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43282", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T22:15:10.250", - "lastModified": "2024-08-18T22:15:10.250", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2." + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Themeum Tutor LMS. Este problema afecta a Tutor LMS: desde n/a hasta 2.7.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-432xx/CVE-2024-43284.json b/CVE-2024/CVE-2024-432xx/CVE-2024-43284.json index 74e0bbae2e3..2ce63e7d6c1 100644 --- a/CVE-2024/CVE-2024-432xx/CVE-2024-43284.json +++ b/CVE-2024/CVE-2024-432xx/CVE-2024-43284.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43284", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T22:15:10.440", - "lastModified": "2024-08-18T22:15:10.440", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Stored XSS.This issue affects WP Travel Gutenberg Blocks: from n/a through 3.5.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en WP Travel WP Travel Gutenberg Blocks permite XSS Almacenado. Este problema afecta a WP Travel Gutenberg Blocks: desde n/a hasta 3.5.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-432xx/CVE-2024-43286.json b/CVE-2024/CVE-2024-432xx/CVE-2024-43286.json index e8c6a769dea..b99f08e2290 100644 --- a/CVE-2024/CVE-2024-432xx/CVE-2024-43286.json +++ b/CVE-2024/CVE-2024-432xx/CVE-2024-43286.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43286", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T22:15:10.637", - "lastModified": "2024-08-18T22:15:10.637", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.3.19." + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en el complemento Squirrly SEO de Squirrly SEO. Este problema afecta a SEO Plugin by Squirrly SEO: desde n/a hasta 12.3.19." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-432xx/CVE-2024-43288.json b/CVE-2024/CVE-2024-432xx/CVE-2024-43288.json index 330859df0d7..8a8c49f30ab 100644 --- a/CVE-2024/CVE-2024-432xx/CVE-2024-43288.json +++ b/CVE-2024/CVE-2024-432xx/CVE-2024-43288.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43288", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T22:15:10.833", - "lastModified": "2024-08-18T22:15:10.833", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en gVectors Team wpForo Forum. Este problema afecta a wpForo Forum: desde n/a hasta 2.3.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-432xx/CVE-2024-43291.json b/CVE-2024/CVE-2024-432xx/CVE-2024-43291.json index 345fecd2652..16fc5ff9e17 100644 --- a/CVE-2024/CVE-2024-432xx/CVE-2024-43291.json +++ b/CVE-2024/CVE-2024-432xx/CVE-2024-43291.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43291", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T22:15:11.023", - "lastModified": "2024-08-18T22:15:11.023", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder allows Stored XSS.This issue affects Void Contact Form 7 Widget For Elementor Page Builder: from n/a through 2.4.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en voidCoders El widget Void Contact Form 7 para Elementor Page Builder permite XSS Almacenado. Este problema afecta a Void Contact Form 7 Widget For Elementor Page Builder: desde n/ a hasta 2.4.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-432xx/CVE-2024-43292.json b/CVE-2024/CVE-2024-432xx/CVE-2024-43292.json index ea666f302b0..5a3cbf28cf9 100644 --- a/CVE-2024/CVE-2024-432xx/CVE-2024-43292.json +++ b/CVE-2024/CVE-2024-432xx/CVE-2024-43292.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43292", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T22:15:11.213", - "lastModified": "2024-08-18T22:15:11.213", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets for WooCommerce: from n/a through 1.4.16." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce permiten XSS almacenado. Este problema afecta a lEnvo's Elementor Templates & Widgets for WooCommerce: desde n/a hasta 1.4. 16." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-432xx/CVE-2024-43294.json b/CVE-2024/CVE-2024-432xx/CVE-2024-43294.json index 80c2a9639f4..7f1bda376cd 100644 --- a/CVE-2024/CVE-2024-432xx/CVE-2024-43294.json +++ b/CVE-2024/CVE-2024-432xx/CVE-2024-43294.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43294", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T22:15:11.443", - "lastModified": "2024-08-18T22:15:11.443", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BoldThemes Bold Timeline Lite allows Stored XSS.This issue affects Bold Timeline Lite: from n/a through 1.2.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en BoldThemes Bold Timeline Lite permite XSS Almacenado. Este problema afecta a Bold Timeline Lite: desde n/a hasta 1.2.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43303.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43303.json index bce55a95b57..a6c48011a59 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43303.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43303.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43303", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T21:15:03.647", - "lastModified": "2024-08-18T21:15:03.647", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in videousermanuals.Com White Label CMS allows Reflected XSS.This issue affects White Label CMS: from n/a through 2.7.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en videousermanuals.Com White Label CMS permite XSS Reflejado. Este problema afecta a White Label CMS: desde n/a hasta 2.7.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43304.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43304.json index c776beb68d5..10baa926966 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43304.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43304.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43304", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T21:15:03.860", - "lastModified": "2024-08-18T21:15:03.860", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cool Plugins Cryptocurrency Widgets \u2013 Price Ticker & Coins List allows Reflected XSS.This issue affects Cryptocurrency Widgets \u2013 Price Ticker & Coins List: from n/a through 2.8.0." + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Cool Plugins Cryptocurrency Widgets \u2013 Price Ticker & Coins List permiten XSS reflejado. Este problema afecta a Cryptocurrency Widgets \u2013 Price Ticker & Coins List: de n/a hasta 2.8.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43305.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43305.json index 101ae4b8ac9..844d4f899d6 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43305.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43305.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43305", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T15:15:03.320", - "lastModified": "2024-08-18T15:15:03.320", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Code Amp Custom Layouts \u2013 Post + Product grids made easy allows Stored XSS.This issue affects Custom Layouts \u2013 Post + Product grids made easy: from n/a through 1.4.11." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Code Amp Custom Layouts \u2013 Post + Product grids made easy permiten XSS Almacenado. Este problema afecta a Custom Layouts \u2013 Post + Product grids made easy: desde n /a hasta 1.4.11." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43306.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43306.json index 726ba5d0386..ab555d46603 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43306.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43306.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43306", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T15:15:03.523", - "lastModified": "2024-08-18T15:15:03.523", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP-Lister Lite for eBay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.6.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en WP-Lister Lite para eBay permite el XSS reflejado. Este problema afecta a WP-Lister Lite para eBay: desde n/a hasta 3.6.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43307.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43307.json index 1b6d1a07e9c..65de8df6685 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43307.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43307.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43307", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T15:15:03.720", - "lastModified": "2024-08-18T15:15:03.720", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gordon B\u00f6hme, Antonio Leutsch Structured Content allows Stored XSS.This issue affects Structured Content: from n/a through 1.6.2." + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Gordon B\u00f6hme, Antonio Leutsch Structured Content permite XSS Almacenado. Este problema afecta a Structured Content: desde n/a hasta 1.6.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43308.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43308.json index 8ff288f2d6e..d265546256f 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43308.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43308.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43308", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T15:15:03.920", - "lastModified": "2024-08-18T15:15:03.920", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gutentor Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor allows Stored XSS.This issue affects Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor: from n/a through 3.3.5." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Gutentor Gutentor - Gutenberg Blocks - Page Builder para Gutenberg Editor permite XSS Almacenado. Este problema afecta a Gutentor - Gutenberg Blocks - Page Builder para Gutenberg Editor: de n/a hasta 3.3.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43309.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43309.json index 12abbd5bdf3..f252a524883 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43309.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43309.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43309", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T15:15:04.110", - "lastModified": "2024-08-18T15:15:04.110", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Socio WP Telegram Widget and Join Link allows Stored XSS.This issue affects WP Telegram Widget and Join Link: from n/a through 2.1.27." + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en WP Socio WP Telegram Widget y Join Link permite XSS Almacenado. Este problema afecta el WP Telegram Widget y Join Link: desde n/a hasta 2.1.27 ." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43313.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43313.json index 17737395b42..fbab37b4136 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43313.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43313.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43313", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T15:15:04.310", - "lastModified": "2024-08-18T15:15:04.310", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FormFacade allows Reflected XSS.This issue affects FormFacade: from n/a through 1.3.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en FormFacade permite el XSS reflejado. Este problema afecta a FormFacade: desde n/a hasta 1.3.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43315.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43315.json index 034fb16770a..1b366e66a17 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43315.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43315.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43315", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T22:15:11.650", - "lastModified": "2024-08-18T22:15:11.650", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in Checkout Plugins Stripe Payments For WooCommerce by Checkout.This issue affects Stripe Payments For WooCommerce by Checkout: from n/a through 1.9.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en complementos de pago Stripe Payments para WooCommerce by Checkout. Este problema afecta a Stripe Payments For WooCommerce by Checkout: desde n/a hasta 1.9.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43318.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43318.json index 4c289129620..41f956cd124 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43318.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43318.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43318", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T15:15:04.500", - "lastModified": "2024-08-18T15:15:04.500", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E2Pdf.Com allows Stored XSS.This issue affects e2pdf: from n/a through 1.25.05." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en E2Pdf.Com permite XSS Almacenado. Este problema afecta a e2pdf: desde n/a hasta 1.25.05." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43320.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43320.json index a967abb0af6..42d482df96f 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43320.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43320.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43320", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T15:15:04.693", - "lastModified": "2024-08-18T15:15:04.693", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through 3.9." + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer permiten XSS Almacenado. Este problema afecta a Livemesh Addons for WPBakery Page Builder: desde n /a hasta 3.9." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43321.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43321.json index cf1d298cdf5..557ce37d19a 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43321.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43321.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43321", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T15:15:04.897", - "lastModified": "2024-08-18T15:15:04.897", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Stored XSS.This issue affects Team Showcase: from n/a through 1.22.23." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en PickPlugins Team Showcase permite XSS Almacenado. Este problema afecta a Team Showcase: desde n/a hasta 1.22.23." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43322.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43322.json index 7755aa98db3..c73c423ae94 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43322.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43322.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43322", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T22:15:11.840", - "lastModified": "2024-08-18T22:15:11.840", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.100." + }, + { + "lang": "es", + "value": "Vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en Dylan James Zephyr Project Manager. Este problema afecta a Zephyr Project Manager: desde n/a hasta 3.3.100." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43324.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43324.json index 19e6c49dcf6..cafaec1ee48 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43324.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43324.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43324", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T14:15:06.990", - "lastModified": "2024-08-18T14:15:06.990", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CleverSoft Clever Addons for Elementor allows Stored XSS.This issue affects Clever Addons for Elementor: from n/a through 2.2.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en CleverSoft Clever Addons para Elementor permite XSS Almacenado. Este problema afecta a Clever Addons para Elementor: desde n/a hasta 2.2.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43327.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43327.json index 4bf121e2b23..342aca7d0aa 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43327.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43327.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43327", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T14:15:07.197", - "lastModified": "2024-08-18T14:15:07.197", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Boone Gorges Invite Anyone allows Reflected XSS.This issue affects Invite Anyone: from n/a through 1.4.7." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Boone Gorges Invite Anyone permite XSS reflejado. Este problema afecta a Invite Anyone: desde n/a hasta 1.4.7." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43329.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43329.json index c14d20bd86b..9c0659512c3 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43329.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43329.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43329", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T14:15:07.400", - "lastModified": "2024-08-18T14:15:07.400", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Chill Allegiant allegiant allows Stored XSS.This issue affects Allegiant: from n/a through 1.2.7." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en WP Chill Allegiant allegiant permite XSS Almacenado. Este problema afecta a Allegiant: desde n/a hasta 1.2.7." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43330.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43330.json index 664912f3690..167e8daf83a 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43330.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43330.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43330", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T14:15:07.597", - "lastModified": "2024-08-18T14:15:07.597", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in IdeaBox Creations PowerPack for Beaver Builder allows Reflected XSS.This issue affects PowerPack for Beaver Builder: from n/a before 2.37.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en IdeaBox Creations PowerPack para Beaver Builder permite el XSS reflejado. Este problema afecta a PowerPack para Beaver Builder: desde n/a antes de 2.37.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43335.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43335.json index a186d930a82..068368ebf22 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43335.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43335.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43335", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T14:15:07.800", - "lastModified": "2024-08-18T14:15:07.800", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks \u2013 WordPress Gutenberg Blocks allows Stored XSS.This issue affects Responsive Blocks \u2013 WordPress Gutenberg Blocks: from n/a through 1.8.8." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en CyberChimps Responsive Blocks \u2013 WordPress Gutenberg Blocks permiten XSS almacenado. Este problema afecta a Responsive Blocks \u2013 WordPress Gutenberg Blocks: desde n/a hasta 1.8.8." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43342.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43342.json index 8133e9390e8..b33330a36d7 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43342.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43342.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43342", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T14:15:07.993", - "lastModified": "2024-08-18T14:15:07.993", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1.6.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en BdThemes Ultimate Store Kit Elementor Addons permite XSS Almacenado. Este problema afecta a Ultimate Store Kit Elementor Addons: desde n/a hasta 1.6.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43344.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43344.json index 72141cc08d1..48b7f0de53b 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43344.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43344.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43344", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T14:15:08.190", - "lastModified": "2024-08-18T14:15:08.190", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Icegram allows Stored XSS.This issue affects Icegram: from n/a through 3.1.25." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Icegram permite XSS Almacenado. Este problema afecta a Icegram: desde n/a hasta 3.1.25." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43346.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43346.json index ab96167a8a7..1716cc188fd 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43346.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43346.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43346", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T14:15:08.403", - "lastModified": "2024-08-18T14:15:08.403", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wow-Company Modal Window allows Stored XSS.This issue affects Modal Window: from n/a through 6.0.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Wow-Company Modal Window permite XSS Almacenado. Este problema afecta a Modal Window: desde n/a hasta 6.0.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43347.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43347.json index 350576eec13..7b7f4b4ccdb 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43347.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43347.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43347", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T14:15:08.597", - "lastModified": "2024-08-18T14:15:08.597", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VirusTran Button contact VR allows Stored XSS.This issue affects Button contact VR: from n/a through 4.7.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en VirusTran Button contact VR permite XSS Almacenado. Este problema afecta a Button contact VR: desde n/a hasta 4.7.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43348.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43348.json index 963ccbf36c4..be6ae8a83ad 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43348.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43348.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43348", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T14:15:08.793", - "lastModified": "2024-08-18T14:15:08.793", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Iznyn Purity Of Soul allows Reflected XSS.This issue affects Purity Of Soul: from n/a through 1.9." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Iznyn Purity Of Soul permite el XSS reflejado. Este problema afecta a Purity Of Soul: desde n/a hasta 1.9." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43349.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43349.json index 8dc007cf5c5..7100dc812fb 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43349.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43349.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43349", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T14:15:08.993", - "lastModified": "2024-08-18T14:15:08.993", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AREOI All Bootstrap Blocks allows Stored XSS.This issue affects All Bootstrap Blocks: from n/a through 1.3.19." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en AREOI All Bootstrap Blocks permite XSS Almacenado. Este problema afecta a All Bootstrap Blocks: desde n/a hasta 1.3.19." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43350.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43350.json index c777804e2b8..4c595f8c950 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43350.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43350.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43350", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T22:15:12.033", - "lastModified": "2024-08-18T22:15:12.033", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in Propovoice Propovoice CRM.This issue affects Propovoice CRM: from n/a through 1.7.6.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en Propovoice Propovoice CRM. Este problema afecta a Propovoice CRM: desde n/a hasta 1.7.6.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43351.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43351.json index f39b990650f..f43ddfa83d9 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43351.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43351.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43351", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T14:15:09.187", - "lastModified": "2024-08-18T14:15:09.187", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Bravada bravada allows Stored XSS.This issue affects Bravada: from n/a through 1.1.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en CryoutCreations Bravada bravada permite XSS Almacenado. Este problema afecta a Bravada: desde n/a hasta 1.1.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43352.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43352.json index f63003973fe..8cf1312f070 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43352.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43352.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43352", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T14:15:09.380", - "lastModified": "2024-08-18T14:15:09.380", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Organic Themes GivingPress Lite allows Stored XSS.This issue affects GivingPress Lite: from n/a through 1.8.6." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en temas org\u00e1nicos GivingPress Lite permite XSS Almacenado. Este problema afecta a GivingPress Lite: desde n/a hasta 1.8.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43353.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43353.json index 24f473c3d30..8898f12009f 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43353.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43353.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43353", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T13:15:03.637", - "lastModified": "2024-08-18T13:15:03.637", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in myCred allows Stored XSS.This issue affects myCred: from n/a through 2.7.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en myCred permite XSS Almacenado. Este problema afecta a myCred: desde n/a hasta 2.7.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43357.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43357.json index 5404fee5adb..1889683b0fa 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43357.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43357.json @@ -2,8 +2,8 @@ "id": "CVE-2024-43357", "sourceIdentifier": "security-advisories@github.com", "published": "2024-08-15T19:15:20.107", - "lastModified": "2024-08-15T19:15:20.107", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43366.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43366.json index 23a512fbbb1..75c235f361c 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43366.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43366.json @@ -2,8 +2,8 @@ "id": "CVE-2024-43366", "sourceIdentifier": "security-advisories@github.com", "published": "2024-08-15T21:15:17.520", - "lastModified": "2024-08-15T21:15:17.520", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43367.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43367.json index 89c9058ee9b..7b2071d69f0 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43367.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43367.json @@ -2,8 +2,8 @@ "id": "CVE-2024-43367", "sourceIdentifier": "security-advisories@github.com", "published": "2024-08-15T21:15:17.777", - "lastModified": "2024-08-15T21:15:17.777", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43369.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43369.json index 6d9a16d51e1..48d58985b56 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43369.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43369.json @@ -2,8 +2,8 @@ "id": "CVE-2024-43369", "sourceIdentifier": "security-advisories@github.com", "published": "2024-08-16T02:15:16.600", - "lastModified": "2024-08-16T02:15:16.600", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43370.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43370.json index 7fdfe0bafe2..6b965e2a08f 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43370.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43370.json @@ -2,8 +2,8 @@ "id": "CVE-2024-43370", "sourceIdentifier": "security-advisories@github.com", "published": "2024-08-16T02:15:17.487", - "lastModified": "2024-08-16T02:15:17.487", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43374.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43374.json index ea4c431e630..63e4ced1886 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43374.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43374.json @@ -2,8 +2,8 @@ "id": "CVE-2024-43374", "sourceIdentifier": "security-advisories@github.com", "published": "2024-08-16T02:15:17.687", - "lastModified": "2024-08-16T02:15:17.687", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43378.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43378.json index eb7c9bfcf69..1a55cb8d865 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43378.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43378.json @@ -2,8 +2,8 @@ "id": "CVE-2024-43378", "sourceIdentifier": "security-advisories@github.com", "published": "2024-08-16T02:15:17.877", - "lastModified": "2024-08-16T02:15:17.877", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43381.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43381.json index 3d7750190c6..f6b94bda22a 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43381.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43381.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43381", "sourceIdentifier": "security-advisories@github.com", "published": "2024-08-16T15:15:29.000", - "lastModified": "2024-08-16T15:15:29.000", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads to the execution of malicious scripts in the reNgine's dashboard view when any user views the scan results. The XSS payload is directly fetched from the DNS record of the remote target domain. Consequently, an attacker can execute the attack without requiring any additional input from the target or the reNgine user. A patch is available and expected to be part of version 2.1.3." + }, + { + "lang": "es", + "value": "reNgine es un framework de reconocimiento automatizado para aplicaciones web. Las versiones 2.1.2 y anteriores son susceptibles a ataques de Cross-Site Scripting (XSS) Almacenado. Esta vulnerabilidad ocurre al escanear un dominio, y si el registro DNS del dominio de destino contiene un payload XSS, conduce a la ejecuci\u00f3n de scripts maliciosos en la vista del panel de reNgine cuando cualquier usuario ve los resultados del escaneo. El payload XSS se obtiene directamente del registro DNS del dominio de destino remoto. En consecuencia, un atacante puede ejecutar el ataque sin requerir ninguna entrada adicional por parte del objetivo o del usuario de reNgine. Hay un parche disponible y se espera que forme parte de la versi\u00f3n 2.1.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43395.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43395.json index 974bcb460bf..52a65234e18 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43395.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43395.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43395", "sourceIdentifier": "security-advisories@github.com", "published": "2024-08-16T21:15:06.530", - "lastModified": "2024-08-16T21:15:06.530", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "CraftOS-PC 2 is a rewrite of the desktop port of CraftOS from the popular Minecraft mod ComputerCraft using C++ and a modified version of PUC Lua, as well as SDL for drawing. Prior to version 2.8.3, users of CraftOS-PC 2 on Windows can escape the computer folder and access files anywhere without permission or notice by obfuscating `..`s to bypass the internal check preventing parent directory traversal. Version 2.8.3 contains a patch for this issue." + }, + { + "lang": "es", + "value": "CraftOS-PC 2 es una reescritura del puerto de escritorio de CraftOS del popular mod de Minecraft ComputerCraft usando C++ y una versi\u00f3n modificada de PUC Lua, as\u00ed como SDL para dibujar. Antes de la versi\u00f3n 2.8.3, los usuarios de CraftOS-PC 2 en Windows pod\u00edan escapar de la carpeta de la computadora y acceder a archivos en cualquier lugar sin permiso o aviso al ofuscar `..`s para evitar la verificaci\u00f3n interna que evitaba el directory traversal principal. La versi\u00f3n 2.8.3 contiene un parche para este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43472.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43472.json index 06d95ee32a9..19c63da04a8 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43472.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43472.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43472", "sourceIdentifier": "secure@microsoft.com", "published": "2024-08-16T20:15:13.673", - "lastModified": "2024-08-16T20:15:13.673", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Microsoft Edge (basado en Chromium)" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43807.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43807.json index 6e789d54dd9..cf026294031 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43807.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43807.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43807", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-08-16T15:15:29.197", - "lastModified": "2024-08-16T15:15:29.197", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page" + }, + { + "lang": "es", + "value": "En JetBrains TeamCity antes de 2024.07.1, m\u00faltiples XSS almacenados en la p\u00e1gina Nubes" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43808.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43808.json index 2fcb7d10544..916e3ed9a51 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43808.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43808.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43808", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-08-16T15:15:29.417", - "lastModified": "2024-08-16T15:15:29.417", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin" + }, + { + "lang": "es", + "value": "En JetBrains TeamCity antes de 2024.07.1, el XSS propio era posible en el complemento HashiCorp Vault" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43809.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43809.json index 9753fe0401d..e6cc0c8bd2a 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43809.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43809.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43809", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-08-16T15:15:29.597", - "lastModified": "2024-08-16T15:15:29.597", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page" + }, + { + "lang": "es", + "value": "En JetBrains TeamCity antes de 2024.07.1 un XSS reflejado era posible en la p\u00e1gina agentPushPreset" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43810.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43810.json index 996a7dcf8e3..1c7e8d90400 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43810.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43810.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43810", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-08-16T15:15:29.790", - "lastModified": "2024-08-16T15:15:29.790", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin" + }, + { + "lang": "es", + "value": "En JetBrains TeamCity antes de 2024.07.1 un XSS reflejado era posible en el complemento AWS Core" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43815.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43815.json index b163e5bad52..1be13fe8cce 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43815.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43815.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43815", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:07.870", - "lastModified": "2024-08-17T10:15:07.870", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: mxs-dcp - Ensure payload is zero when using key slot\n\nWe could leak stack memory through the payload field when running\nAES with a key from one of the hardware's key slots. Fix this by\nensuring the payload field is set to 0 in such cases.\n\nThis does not affect the common use case when the key is supplied\nfrom main memory via the descriptor payload." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: crypto: mxs-dcp: aseg\u00farese de que el payload sea cero cuando se usa la ranura de clave. Podr\u00edamos perder memoria de pila a trav\u00e9s del campo de payload cuando ejecutamos AES con una clave de una de las ranuras de clave del hardware. Solucione este problema asegur\u00e1ndose de que el campo de payload est\u00e9 establecido en 0 en tales casos. Esto no afecta el caso de uso com\u00fan cuando la clave se suministra desde la memoria principal a trav\u00e9s de el payload del descriptor." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43816.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43816.json index e5547137c9d..54452c77083 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43816.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43816.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43816", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:07.950", - "lastModified": "2024-08-17T10:15:07.950", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages\n\nOn big endian architectures, it is possible to run into a memory out of\nbounds pointer dereference when FCP targets are zoned.\n\nIn lpfc_prep_embed_io, the memcpy(ptr, fcp_cmnd, sgl->sge_len) is\nreferencing a little endian formatted sgl->sge_len value. So, the memcpy\ncan cause big endian systems to crash.\n\nRedefine the *sgl ptr as a struct sli4_sge_le to make it clear that we are\nreferring to a little endian formatted data structure. And, update the\nroutine with proper le32_to_cpu macro usages." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: lpfc: Revisar la rutina lpfc_prep_embed_io con usos de macro endian adecuados. En arquitecturas big endian, es posible ejecutar una desreferencia de puntero de memoria fuera de los l\u00edmites cuando los objetivos FCP est\u00e1n divididos en zonas. En lpfc_prep_embed_io, memcpy(ptr, fcp_cmnd, sgl->sge_len) hace referencia a un valor sgl->sge_len con formato little endian. Por lo tanto, memcpy puede provocar que los sistemas big endian colapsen. Redefina *sgl ptr como una estructura sli4_sge_le para dejar claro que nos referimos a una estructura de datos con formato little endian. Y actualice la rutina con usos adecuados de la macro le32_to_cpu." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43817.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43817.json index 2f3aa22c144..425d1c57bf8 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43817.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43817.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43817", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:08.010", - "lastModified": "2024-08-19T05:15:09.660", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: missing check virtio\n\nTwo missing check in virtio_net_hdr_to_skb() allowed syzbot\nto crash kernels again\n\n1. After the skb_segment function the buffer may become non-linear\n(nr_frags != 0), but since the SKBTX_SHARED_FRAG flag is not set anywhere\nthe __skb_linearize function will not be executed, then the buffer will\nremain non-linear. Then the condition (offset >= skb_headlen(skb))\nbecomes true, which causes WARN_ON_ONCE in skb_checksum_help.\n\n2. The struct sk_buff and struct virtio_net_hdr members must be\nmathematically related.\n(gso_size) must be greater than (needed) otherwise WARN_ON_ONCE.\n(remainder) must be greater than (needed) otherwise WARN_ON_ONCE.\n(remainder) may be 0 if division is without remainder.\n\noffset+2 (4191) > skb_headlen() (1116)\nWARNING: CPU: 1 PID: 5084 at net/core/dev.c:3303 skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303\nModules linked in:\nCPU: 1 PID: 5084 Comm: syz-executor336 Not tainted 6.7.0-rc3-syzkaller-00014-gdf60cee26a2e #0\nHardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023\nRIP: 0010:skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303\nCode: 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 52 01 00 00 44 89 e2 2b 53 74 4c 89 ee 48 c7 c7 40 57 e9 8b e8 af 8f dd f8 90 <0f> 0b 90 90 e9 87 fe ff ff e8 40 0f 6e f9 e9 4b fa ff ff 48 89 ef\nRSP: 0018:ffffc90003a9f338 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888025125780 RCX: ffffffff814db209\nRDX: ffff888015393b80 RSI: ffffffff814db216 RDI: 0000000000000001\nRBP: ffff8880251257f4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 000000000000045c\nR13: 000000000000105f R14: ffff8880251257f0 R15: 000000000000105d\nFS: 0000555555c24380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000002000f000 CR3: 0000000023151000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n ip_do_fragment+0xa1b/0x18b0 net/ipv4/ip_output.c:777\n ip_fragment.constprop.0+0x161/0x230 net/ipv4/ip_output.c:584\n ip_finish_output_gso net/ipv4/ip_output.c:286 [inline]\n __ip_finish_output net/ipv4/ip_output.c:308 [inline]\n __ip_finish_output+0x49c/0x650 net/ipv4/ip_output.c:295\n ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip_output+0x13b/0x2a0 net/ipv4/ip_output.c:433\n dst_output include/net/dst.h:451 [inline]\n ip_local_out+0xaf/0x1a0 net/ipv4/ip_output.c:129\n iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82\n ipip6_tunnel_xmit net/ipv6/sit.c:1034 [inline]\n sit_tunnel_xmit+0xed2/0x28f0 net/ipv6/sit.c:1076\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3545 [inline]\n dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3561\n __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4346\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n packet_xmit+0x257/0x380 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3087 [inline]\n packet_sendmsg+0x24ca/0x5240 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0xd5/0x180 net/socket.c:745\n __sys_sendto+0x255/0x340 net/socket.c:2190\n __do_sys_sendto net/socket.c:2202 [inline]\n __se_sys_sendto net/socket.c:2198 [inline]\n __x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: falta de verificaci\u00f3n virtio Dos comprobaciones faltantes en virtio_net_hdr_to_skb() permitieron a syzbot bloquear los kernels nuevamente 1. Despu\u00e9s de la funci\u00f3n skb_segment, el b\u00fafer puede volverse no lineal (nr_frags! = 0), pero como el indicador SKBTX_SHARED_FRAG no est\u00e1 configurado en ning\u00fan lugar, la funci\u00f3n __skb_linearize no se ejecutar\u00e1, entonces el b\u00fafer permanecer\u00e1 no lineal. Entonces la condici\u00f3n (offset >= skb_headlen(skb)) se vuelve verdadera, lo que provoca WARN_ON_ONCE en skb_checksum_help. 2. Los miembros de struct sk_buff y struct virtio_net_hdr deben estar relacionados matem\u00e1ticamente. (gso_size) debe ser mayor que (necesario); de lo contrario, WARN_ON_ONCE. (resto) debe ser mayor que (necesario); de lo contrario, WARN_ON_ONCE. (resto) puede ser 0 si la divisi\u00f3n no tiene resto. offset+2 (4191) > skb_headlen() (1116) ADVERTENCIA: CPU: 1 PID: 5084 en net/core/dev.c:3303 skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303 M\u00f3dulos vinculados en: CPU : 1 PID: 5084 Comm: syz-executor336 No contaminado 6.7.0-rc3-syzkaller-00014-gdf60cee26a2e #0 Nombre del hardware: Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2023 RIP: 0010:skb_checksum_help+0x5e2 /0x740 net/core/dev.c:3303 C\u00f3digo: 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 52 01 00 00 44 89 e2 2b 53 74 4c 89 ee 48 c7 c7 40 57 e9 8b e8 af 8f dd f8 90 <0f> 0b 90 90 e9 87 fe ff ff e8 40 0f 6e f9 e9 4b fa ff ff 48 89 ef RSP: 0018:ffffc90003a9f338 EFLAGS: 00010286 RAX: RBX: ffff888025125780 RCX: ffffffff814db209 RDX: ffff888015393b80 RSI : ffffffff814db216 RDI: 0000000000000001 RBP: ffff8880251257f4 R08: 0000000000000001 R09: 00000000000000000 R10: 0000000000000000 R11: 000000000001 R12: 000000000000045c R13: 000000000000105f R14: ffff8880251257f0 R15: 000000000000105d FS: 0000555555c24380(0000) 8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000002000f000 CR3: 0000000023151000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 00000 00000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas: ip_do_fragment+0xa1b/0x18b0 net/ipv4 /ip_output.c:777 ip_fragment.constprop.0+0x161/0x230 net/ipv4/ip_output.c:584 ip_finish_output_gso net/ipv4/ip_output.c:286 [en l\u00ednea] __ip_finish_output net/ipv4/ip_output.c:308 [en l\u00ednea] __ip_finish_output+0x49c/0x650 net/ipv4/ip_output.c:295 ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323 NF_HOOK_COND include/linux/netfilter.h:303 [en l\u00ednea] ip_output+0x13b/0x2a0 net/ipv4/ ip_output.c:433 dst_output include/net/dst.h:451 [en l\u00ednea] ip_local_out+0xaf/0x1a0 net/ipv4/ip_output.c:129 iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82 ipip6_tunnel_xmit net/ipv6 /sit.c:1034 [en l\u00ednea] sit_tunnel_xmit+0xed2/0x28f0 net/ipv6/sit.c:1076 __netdev_start_xmit include/linux/netdevice.h:4940 [en l\u00ednea] netdev_start_xmit include/linux/netdevice.h:4954 [en l\u00ednea] xmit_one net/core/dev.c:3545 [en l\u00ednea] dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3561 __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4346 dev_queue_xmit include/linux/netdevice.h:3134 [en l\u00ednea] paquete_xmit+0x257/0x380 net/packet/af_packet.c:276 paquete_snd net/packet/af_packet.c:3087 [en l\u00ednea] paquete_sendmsg+0x24ca/0x5240 net/packet/af_packet.c:3119 sock_sendmsg_nosec net/socket.c :730 [en l\u00ednea] __sock_sendmsg+0xd5/0x180 net/socket.c:745 __sys_sendto+0x255/0x340 net/socket.c:2190 __do_sys_sendto net/socket.c:2202 [en l\u00ednea] __se_sys_sendto net/socket.c:2198 [en l\u00ednea ] __x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198 do_syscall_x64 arch/x86/entry/common.c:51 [en l\u00ednea] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82 Entry_SYSCALL_64_after_hwframe+0x63/ 0x6b encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con Syzkaller" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43818.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43818.json index 74749090af1..4ce814d67ae 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43818.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43818.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43818", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:08.080", - "lastModified": "2024-08-17T10:15:08.080", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: Adjust error handling in case of absent codec device\n\nacpi_get_first_physical_node() can return NULL in several cases (no such\ndevice, ACPI table error, reference count drop to 0, etc).\nExisting check just emit error message, but doesn't perform return.\nThen this NULL pointer is passed to devm_acpi_dev_add_driver_gpios()\nwhere it is dereferenced.\n\nAdjust this error handling by adding error code return.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: amd: ajustar el manejo de errores en caso de ausencia del dispositivo c\u00f3dec acpi_get_first_physical_node() puede devolver NULL en varios casos (no existe tal dispositivo, error en la tabla ACPI, recuento de referencias cae a 0, etc. ). La verificaci\u00f3n existente simplemente emite un mensaje de error, pero no realiza devoluci\u00f3n. Luego, este puntero NULL se pasa a devm_acpi_dev_add_driver_gpios() donde se elimina la referencia. Ajuste este manejo de errores agregando un retorno de c\u00f3digo de error. Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con SVACE." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43819.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43819.json index 7a42b23e7b1..0756e8b3462 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43819.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43819.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43819", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:08.147", - "lastModified": "2024-08-17T10:15:08.147", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkvm: s390: Reject memory region operations for ucontrol VMs\n\nThis change rejects the KVM_SET_USER_MEMORY_REGION and\nKVM_SET_USER_MEMORY_REGION2 ioctls when called on a ucontrol VM.\nThis is necessary since ucontrol VMs have kvm->arch.gmap set to 0 and\nwould thus result in a null pointer dereference further in.\nMemory management needs to be performed in userspace and using the\nioctls KVM_S390_UCAS_MAP and KVM_S390_UCAS_UNMAP.\n\nAlso improve s390 specific documentation for KVM_SET_USER_MEMORY_REGION\nand KVM_SET_USER_MEMORY_REGION2.\n\n[frankja@linux.ibm.com: commit message spelling fix, subject prefix fix]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: kvm: s390: Rechazar operaciones de regi\u00f3n de memoria para VM de ucontrol Este cambio rechaza los ioctls KVM_SET_USER_MEMORY_REGION y KVM_SET_USER_MEMORY_REGION2 cuando se llama en una VM de ucontrol. Esto es necesario ya que las m\u00e1quinas virtuales ucontrol tienen kvm->arch.gmap establecido en 0 y, por lo tanto, dar\u00eda como resultado una desreferencia de puntero nulo m\u00e1s adelante. La administraci\u00f3n de la memoria debe realizarse en el espacio de usuario y utilizando los ioctls KVM_S390_UCAS_MAP y KVM_S390_UCAS_UNMAP. Mejore tambi\u00e9n la documentaci\u00f3n espec\u00edfica de s390 para KVM_SET_USER_MEMORY_REGION y KVM_SET_USER_MEMORY_REGION2. [frankja@linux.ibm.com: confirmaci\u00f3n de correcci\u00f3n ortogr\u00e1fica del mensaje, correcci\u00f3n del prefijo del asunto]" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43820.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43820.json index 0e63f3f7c6b..f34ecf76f2a 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43820.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43820.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43820", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:08.207", - "lastModified": "2024-08-17T10:15:08.207", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume\n\nrm-raid devices will occasionally trigger the following warning when\nbeing resumed after a table load because DM_RECOVERY_RUNNING is set:\n\nWARNING: CPU: 7 PID: 5660 at drivers/md/dm-raid.c:4105 raid_resume+0xee/0x100 [dm_raid]\n\nThe failing check is:\nWARN_ON_ONCE(test_bit(MD_RECOVERY_RUNNING, &mddev->recovery));\n\nThis check is designed to make sure that the sync thread isn't\nregistered, but md_check_recovery can set MD_RECOVERY_RUNNING without\nthe sync_thread ever getting registered. Instead of checking if\nMD_RECOVERY_RUNNING is set, check if sync_thread is non-NULL." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm-raid: corrige la verificaci\u00f3n WARN_ON_ONCE para sync_thread en raid_resume Los dispositivos rm-raid ocasionalmente activar\u00e1n la siguiente advertencia cuando se reanude despu\u00e9s de una carga de tabla porque DM_RECOVERY_RUNNING est\u00e1 configurado: ADVERTENCIA: CPU: 7 PID: 5660 en drivers/md/dm-raid.c:4105 raid_resume+0xee/0x100 [dm_raid] La verificaci\u00f3n fallida es: WARN_ON_ONCE(test_bit(MD_RECOVERY_RUNNING, &mddev->recovery)); Esta verificaci\u00f3n est\u00e1 manipulada para garantizar que el hilo de sincronizaci\u00f3n no est\u00e9 registrado, pero md_check_recovery puede configurar MD_RECOVERY_RUNNING sin que sync_thread se registre. En lugar de verificar si MD_RECOVERY_RUNNING est\u00e1 configurado, verifique si sync_thread no es NULL." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43821.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43821.json index 58eb86533ad..e2adcc20e11 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43821.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43821.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43821", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:08.277", - "lastModified": "2024-08-17T10:15:08.277", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix a possible null pointer dereference\n\nIn function lpfc_xcvr_data_show, the memory allocation with kmalloc might\nfail, thereby making rdp_context a null pointer. In the following context\nand functions that use this pointer, there are dereferencing operations,\nleading to null pointer dereference.\n\nTo fix this issue, a null pointer check should be added. If it is null,\nuse scnprintf to notify the user and return len." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: lpfc: corrige una posible desreferencia de puntero nulo En la funci\u00f3n lpfc_xcvr_data_show, la asignaci\u00f3n de memoria con kmalloc podr\u00eda fallar, convirtiendo as\u00ed a rdp_context en un puntero nulo. En el siguiente contexto y funciones que utilizan este puntero, hay operaciones de desreferenciaci\u00f3n que conducen a una desreferencia del puntero nulo. Para solucionar este problema, se debe agregar una verificaci\u00f3n de puntero nulo. Si es nulo, use scnprintf para notificar al usuario y devolver len." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43822.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43822.json index 66cb2080955..accbeedb9b3 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43822.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43822.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43822", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:08.340", - "lastModified": "2024-08-17T10:15:08.340", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoc: PCM6240: Return directly after a failed devm_kzalloc() in pcmdevice_i2c_probe()\n\nThe value \u201c-ENOMEM\u201d was assigned to the local variable \u201cret\u201d\nin one if branch after a devm_kzalloc() call failed at the beginning.\nThis error code will trigger then a pcmdevice_remove() call with a passed\nnull pointer so that an undesirable dereference will be performed.\nThus return the appropriate error code directly." + }, + { + "lang": "es", + "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ASoc: PCM6240: Retorno directamente despu\u00e9s de un devm_kzalloc() fallido en pcmdevice_i2c_probe() Se asign\u00f3 el valor \u201c-ENOMEM\u201d a la variable local \u201cret\u201d en una rama if despu\u00e9s de un devm_kzalloc () la llamada fall\u00f3 al principio. Este c\u00f3digo de error activar\u00e1 una llamada pcmdevice_remove() con un puntero nulo pasado, de modo que se realizar\u00e1 una desreferencia no deseada. Por lo tanto, devuelva el c\u00f3digo de error apropiado directamente." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43823.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43823.json index f68877b77dc..e2c3ae13e01 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43823.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43823.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43823", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:08.400", - "lastModified": "2024-08-17T10:15:08.400", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()\n\nIf IORESOURCE_MEM is not provided in Device Tree due to\nany error, resource_list_first_type() will return NULL and\npci_parse_request_of_pci_ranges() will just emit a warning.\n\nThis will cause a NULL pointer dereference. Fix this bug by adding NULL\nreturn check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI: keystone: corrige la desreferencia del puntero NULL en caso de error DT en ks_pcie_setup_rc_app_regs() Si no se proporciona IORESOURCE_MEM en el \u00e1rbol de dispositivos debido a alg\u00fan error, Resource_list_first_type() devolver\u00e1 NULL y pci_parse_request_of_pci_ranges () simplemente emitir\u00e1 una advertencia. Esto provocar\u00e1 una desreferencia del puntero NULL. Corrija este error agregando una verificaci\u00f3n de devoluci\u00f3n NULL. Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con SVACE." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43824.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43824.json index d852a85242a..79ae8b2fb34 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43824.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43824.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43824", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:08.477", - "lastModified": "2024-08-17T10:15:08.477", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init()\n\nInstead of getting the epc_features from pci_epc_get_features() API, use\nthe cached pci_epf_test::epc_features value to avoid the NULL check. Since\nthe NULL check is already performed in pci_epf_test_bind(), having one more\ncheck in pci_epf_test_core_init() is redundant and it is not possible to\nhit the NULL pointer dereference.\n\nAlso with commit a01e7214bef9 (\"PCI: endpoint: Remove \"core_init_notifier\"\nflag\"), 'epc_features' got dereferenced without the NULL check, leading to\nthe following false positive Smatch warning:\n\n drivers/pci/endpoint/functions/pci-epf-test.c:784 pci_epf_test_core_init() error: we previously assumed 'epc_features' could be null (see line 747)\n\nThus, remove the redundant NULL check and also use the epc_features::\n{msix_capable/msi_capable} flags directly to avoid local variables.\n\n[kwilczynski: commit log]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI: endpoint: pci-epf-test: utilice 'epc_features' en cach\u00e9 en pci_epf_test_core_init() En lugar de obtener epc_features de la API pci_epc_get_features(), utilice pci_epf_test en cach\u00e9:: Valor epc_features para evitar la verificaci\u00f3n NULL. Dado que la verificaci\u00f3n NULL ya se realiza en pci_epf_test_bind(), tener una verificaci\u00f3n m\u00e1s en pci_epf_test_core_init() es redundante y no es posible alcanzar la desreferencia del puntero NULL. Adem\u00e1s, con el commit a01e7214bef9 (\"PCI: endpoint: Remove \"core_init_notifier\" flag\"), se elimin\u00f3 la referencia a 'epc_features' sin la verificaci\u00f3n NULL, lo que gener\u00f3 la siguiente advertencia de falso positivo Smatch: drivers/pci/endpoint/functions/pci-epf-test .c:784 Error de pci_epf_test_core_init(): anteriormente asumimos que 'epc_features' podr\u00eda ser nulo (consulte la l\u00ednea 747). Por lo tanto, elimine la verificaci\u00f3n NULL redundante y tambi\u00e9n use los indicadores epc_features:: {msix_capable/msi_capable} directamente para evitar variables locales. [kwilczynski: registro de confirmaci\u00f3n]" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43825.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43825.json index 1af5dec3959..dbb57afc89e 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43825.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43825.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43825", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:08.533", - "lastModified": "2024-08-17T10:15:08.533", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: Fix the sorting functionality in iio_gts_build_avail_time_table\n\nThe sorting in iio_gts_build_avail_time_table is not working as intended.\nIt could result in an out-of-bounds access when the time is zero.\n\nHere are more details:\n\n1. When the gts->itime_table[i].time_us is zero, e.g., the time\nsequence is `3, 0, 1`, the inner for-loop will not terminate and do\nout-of-bound writes. This is because once `times[j] > new`, the value\n`new` will be added in the current position and the `times[j]` will be\nmoved to `j+1` position, which makes the if-condition always hold.\nMeanwhile, idx will be added one, making the loop keep running without\ntermination and out-of-bound write.\n2. If none of the gts->itime_table[i].time_us is zero, the elements\nwill just be copied without being sorted as described in the comment\n\"Sort times from all tables to one and remove duplicates\".\n\nFor more details, please refer to\nhttps://lore.kernel.org/all/6dd0d822-046c-4dd2-9532-79d7ab96ec05@gmail.com." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: iio: corrigi\u00f3 la funcionalidad de clasificaci\u00f3n en iio_gts_build_avail_time_table La clasificaci\u00f3n en iio_gts_build_avail_time_table no funciona seg\u00fan lo previsto. Podr\u00eda resultar en un acceso fuera de los l\u00edmites cuando el tiempo sea cero. Aqu\u00ed hay m\u00e1s detalles: 1. Cuando gts->itime_table[i].time_us es cero, por ejemplo, la secuencia de tiempo es `3, 0, 1`, el bucle for interno no terminar\u00e1 y funcionar\u00e1 fuera de l\u00edmite. Esto se debe a que una vez `times[j] > new`, el valor `new` se agregar\u00e1 en la posici\u00f3n actual y `times[j]` se mover\u00e1 a la posici\u00f3n `j+1`, lo que hace que la condici\u00f3n if aguanta siempre. Mientras tanto, se agregar\u00e1 uno a idx, lo que har\u00e1 que el bucle siga ejecut\u00e1ndose sin terminaci\u00f3n ni escritura fuera de los l\u00edmites. 2. Si ninguno de los gts->itime_table[i].time_us es cero, los elementos simplemente se copiar\u00e1n sin ordenarse como se describe en el comentario \"Ordenar tiempos de todas las tablas a una y eliminar duplicados\". Para obtener m\u00e1s detalles, consulte https://lore.kernel.org/all/6dd0d822-046c-4dd2-9532-79d7ab96ec05@gmail.com." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43826.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43826.json index a67815e2244..ed6e515e727 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43826.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43826.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43826", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:08.593", - "lastModified": "2024-08-17T10:15:08.593", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: pass explicit offset/count to trace events\n\nnfs_folio_length is unsafe to use without having the folio locked and a\ncheck for a NULL ->f_mapping that protects against truncations and can\nlead to kernel crashes. E.g. when running xfstests generic/065 with\nall nfs trace points enabled.\n\nFollow the model of the XFS trace points and pass in an expl\u0456cit offset\nand length. This has the additional benefit that these values can\nbe more accurate as some of the users touch partial folio ranges." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: pass explicit offset/count to trace events\n\nnfs_folio_length is unsafe to use without having the folio locked and a\ncheck for a NULL ->f_mapping that protects against truncations and can\nlead to kernel crashes. E.g. when running xfstests generic/065 with\nall nfs trace points enabled.\n\nFollow the model of the XFS trace points and pass in an expl?cit offset\nand length. This has the additional benefit that these values can\nbe more accurate as some of the users touch partial folio ranges." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfs: pasar compensaci\u00f3n/recuento expl\u00edcito para rastrear eventos nfs_folio_length no es seguro de usar sin tener el folio bloqueado y una verificaci\u00f3n de NULL ->f_mapping que protege contra truncamientos y puede llevar al kernel accidentes. Por ejemplo, cuando se ejecuta xfstests generic/065 con todos los puntos de seguimiento nfs habilitados. Siga el modelo de los puntos de seguimiento XFS y pase un desplazamiento y una longitud expl\u00edcitos. Esto tiene el beneficio adicional de que estos valores pueden ser m\u00e1s precisos ya que algunos de los usuarios tocan rangos de folios parciales." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43827.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43827.json index b1ba79b3112..b05e761bf88 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43827.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43827.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43827", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:08.653", - "lastModified": "2024-08-17T10:15:08.653", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check before access structs\n\nIn enable_phantom_plane, we should better check null pointer before\naccessing various structs." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: agregar verificaci\u00f3n nula antes de acceder a las estructuras. En enable_phantom_plane, ser\u00eda mejor verificar el puntero nulo antes de acceder a varias estructuras." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43828.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43828.json index dbb1c097bc9..1942c29eab7 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43828.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43828.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43828", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:08.720", - "lastModified": "2024-08-19T05:15:09.720", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix infinite loop when replaying fast_commit\n\nWhen doing fast_commit replay an infinite loop may occur due to an\nuninitialized extent_status struct. ext4_ext_determine_insert_hole() does\nnot detect the replay and calls ext4_es_find_extent_range(), which will\nreturn immediately without initializing the 'es' variable.\n\nBecause 'es' contains garbage, an integer overflow may happen causing an\ninfinite loop in this function, easily reproducible using fstest generic/039.\n\nThis commit fixes this issue by unconditionally initializing the structure\nin function ext4_es_find_extent_range().\n\nThanks to Zhang Yi, for figuring out the real problem!" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ext4: corrige el bucle infinito al reproducir fast_commit Al realizar la reproducci\u00f3n fast_commit, puede ocurrir un bucle infinito debido a una estructura extend_status no inicializada. ext4_ext_determine_insert_hole() no detecta la repetici\u00f3n y llama a ext4_es_find_extent_range(), que regresar\u00e1 inmediatamente sin inicializar la variable 'es'. Debido a que 'es' contiene basura, puede ocurrir un desbordamiento de enteros causando un bucle infinito en esta funci\u00f3n, f\u00e1cilmente reproducible usando fstest generic/039. Esta confirmaci\u00f3n soluciona este problema inicializando incondicionalmente la estructura en la funci\u00f3n ext4_es_find_extent_range(). \u00a1Gracias a Zhang Yi por descubrir el verdadero problema!" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43829.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43829.json index f825927389a..6f651948f1a 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43829.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43829.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43829", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:08.787", - "lastModified": "2024-08-19T05:15:09.787", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/qxl: Add check for drm_cvt_mode\n\nAdd check for the return value of drm_cvt_mode() and return the error if\nit fails in order to avoid NULL pointer dereference." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/qxl: Agregar verificaci\u00f3n para drm_cvt_mode Agregar verificaci\u00f3n para el valor de retorno de drm_cvt_mode() y devolver el error si falla para evitar la desreferencia del puntero NULL." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43830.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43830.json index fc5edf9728f..4e877d575a7 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43830.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43830.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43830", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:08.857", - "lastModified": "2024-08-19T05:15:09.850", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nleds: trigger: Unregister sysfs attributes before calling deactivate()\n\nTriggers which have trigger specific sysfs attributes typically store\nrelated data in trigger-data allocated by the activate() callback and\nfreed by the deactivate() callback.\n\nCalling device_remove_groups() after calling deactivate() leaves a window\nwhere the sysfs attributes show/store functions could be called after\ndeactivation and then operate on the just freed trigger-data.\n\nMove the device_remove_groups() call to before deactivate() to close\nthis race window.\n\nThis also makes the deactivation path properly do things in reverse order\nof the activation path which calls the activate() callback before calling\ndevice_add_groups()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: leds: trigger: Anular el registro de los atributos sysfs antes de llamar a desactivar() Los activadores que tienen atributos sysfs espec\u00edficos del activador normalmente almacenan datos relacionados en datos de activaci\u00f3n asignados por la devoluci\u00f3n de llamada enable() y liberados por el desactivar() devoluci\u00f3n de llamada. Llamar a device_remove_groups() despu\u00e9s de llamar a deactivate() deja una ventana donde los atributos sysfs muestran/almacenan funciones que se pueden llamar despu\u00e9s de la desactivaci\u00f3n y luego operar con los datos de activaci\u00f3n reci\u00e9n liberados. Mueva la llamada device_remove_groups() antes de desactivar() para cerrar esta ventana de ejecuci\u00f3n. Esto tambi\u00e9n hace que la ruta de desactivaci\u00f3n haga las cosas correctamente en orden inverso a la ruta de activaci\u00f3n que llama a la devoluci\u00f3n de llamada enable() antes de llamar a device_add_groups()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43831.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43831.json index 1635a22e8ce..3c9c7d930aa 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43831.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43831.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43831", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:08.917", - "lastModified": "2024-08-17T10:15:08.917", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Handle invalid decoder vsi\n\nHandle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi\nis valid for future use." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: media: mediatek: vcodec: Manejar un decodificador vsi no v\u00e1lido Maneje un decodificador vsi no v\u00e1lido en vpu_dec_init para garantizar que el decodificador vsi sea v\u00e1lido para uso futuro." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43832.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43832.json index 1bfa04046ef..750eb1e6eaa 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43832.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43832.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43832", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:08.980", - "lastModified": "2024-08-17T10:15:08.980", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/uv: Don't call folio_wait_writeback() without a folio reference\n\nfolio_wait_writeback() requires that no spinlocks are held and that\na folio reference is held, as documented. After we dropped the PTL, the\nfolio could get freed concurrently. So grab a temporary reference." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: s390/uv: No llamar a folio_wait_writeback() sin una referencia de folio folio_wait_writeback() requiere que no se mantengan bloqueos de giro y que se mantenga una referencia de folio, como est\u00e1 documentado. Despu\u00e9s de que eliminemos el PTL, el folio podr\u00eda liberarse al mismo tiempo. As\u00ed que toma una referencia temporal." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43833.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43833.json index ac3c6c8d90b..e2b622acb36 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43833.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43833.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43833", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:09.040", - "lastModified": "2024-08-17T10:15:09.040", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l: async: Fix NULL pointer dereference in adding ancillary links\n\nIn v4l2_async_create_ancillary_links(), ancillary links are created for\nlens and flash sub-devices. These are sub-device to sub-device links and\nif the async notifier is related to a V4L2 device, the source sub-device\nof the ancillary link is NULL, leading to a NULL pointer dereference.\nCheck the notifier's sd field is non-NULL in\nv4l2_async_create_ancillary_links().\n\n[Sakari Ailus: Reword the subject and commit messages slightly.]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: media: v4l: async: corrige la desreferencia del puntero NULL al agregar enlaces auxiliares En v4l2_async_create_ancillary_links(), se crean enlaces auxiliares para subdispositivos de lentes y flash. Estos son enlaces de subdispositivo a subdispositivo y si el notificador as\u00edncrono est\u00e1 relacionado con un dispositivo V4L2, el subdispositivo de origen del enlace auxiliar es NULL, lo que lleva a una desreferencia del puntero NULL. Verifique que el campo sd del notificador no sea NULL en v4l2_async_create_ancillary_links(). [Sakari Ailus: Reformule el asunto y confirme ligeramente los mensajes.]" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43834.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43834.json index 2fdda483e73..bf64a710b24 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43834.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43834.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43834", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:09.113", - "lastModified": "2024-08-19T05:15:09.910", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: fix invalid wait context of page_pool_destroy()\n\nIf the driver uses a page pool, it creates a page pool with\npage_pool_create().\nThe reference count of page pool is 1 as default.\nA page pool will be destroyed only when a reference count reaches 0.\npage_pool_destroy() is used to destroy page pool, it decreases a\nreference count.\nWhen a page pool is destroyed, ->disconnect() is called, which is\nmem_allocator_disconnect().\nThis function internally acquires mutex_lock().\n\nIf the driver uses XDP, it registers a memory model with\nxdp_rxq_info_reg_mem_model().\nThe xdp_rxq_info_reg_mem_model() internally increases a page pool\nreference count if a memory model is a page pool.\nNow the reference count is 2.\n\nTo destroy a page pool, the driver should call both page_pool_destroy()\nand xdp_unreg_mem_model().\nThe xdp_unreg_mem_model() internally calls page_pool_destroy().\nOnly page_pool_destroy() decreases a reference count.\n\nIf a driver calls page_pool_destroy() then xdp_unreg_mem_model(), we\nwill face an invalid wait context warning.\nBecause xdp_unreg_mem_model() calls page_pool_destroy() with\nrcu_read_lock().\nThe page_pool_destroy() internally acquires mutex_lock().\n\nSplat looks like:\n=============================\n[ BUG: Invalid wait context ]\n6.10.0-rc6+ #4 Tainted: G W\n-----------------------------\nethtool/1806 is trying to lock:\nffffffff90387b90 (mem_id_lock){+.+.}-{4:4}, at: mem_allocator_disconnect+0x73/0x150\nother info that might help us debug this:\ncontext-{5:5}\n3 locks held by ethtool/1806:\nstack backtrace:\nCPU: 0 PID: 1806 Comm: ethtool Tainted: G W 6.10.0-rc6+ #4 f916f41f172891c800f2fed\nHardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021\nCall Trace:\n\ndump_stack_lvl+0x7e/0xc0\n__lock_acquire+0x1681/0x4de0\n? _printk+0x64/0xe0\n? __pfx_mark_lock.part.0+0x10/0x10\n? __pfx___lock_acquire+0x10/0x10\nlock_acquire+0x1b3/0x580\n? mem_allocator_disconnect+0x73/0x150\n? __wake_up_klogd.part.0+0x16/0xc0\n? __pfx_lock_acquire+0x10/0x10\n? dump_stack_lvl+0x91/0xc0\n__mutex_lock+0x15c/0x1690\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_prb_read_valid+0x10/0x10\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_llist_add_batch+0x10/0x10\n? console_unlock+0x193/0x1b0\n? lockdep_hardirqs_on+0xbe/0x140\n? __pfx___mutex_lock+0x10/0x10\n? tick_nohz_tick_stopped+0x16/0x90\n? __irq_work_queue_local+0x1e5/0x330\n? irq_work_queue+0x39/0x50\n? __wake_up_klogd.part.0+0x79/0xc0\n? mem_allocator_disconnect+0x73/0x150\nmem_allocator_disconnect+0x73/0x150\n? __pfx_mem_allocator_disconnect+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? rcu_is_watching+0x11/0xb0\npage_pool_release+0x36e/0x6d0\npage_pool_destroy+0xd7/0x440\nxdp_unreg_mem_model+0x1a7/0x2a0\n? __pfx_xdp_unreg_mem_model+0x10/0x10\n? kfree+0x125/0x370\n? bnxt_free_ring.isra.0+0x2eb/0x500\n? bnxt_free_mem+0x5ac/0x2500\nxdp_rxq_info_unreg+0x4a/0xd0\nbnxt_free_mem+0x1356/0x2500\nbnxt_close_nic+0xf0/0x3b0\n? __pfx_bnxt_close_nic+0x10/0x10\n? ethnl_parse_bit+0x2c6/0x6d0\n? __pfx___nla_validate_parse+0x10/0x10\n? __pfx_ethnl_parse_bit+0x10/0x10\nbnxt_set_features+0x2a8/0x3e0\n__netdev_update_features+0x4dc/0x1370\n? ethnl_parse_bitset+0x4ff/0x750\n? __pfx_ethnl_parse_bitset+0x10/0x10\n? __pfx___netdev_update_features+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? _raw_spin_unlock_irqrestore+0x42/0x70\n? __pm_runtime_resume+0x7d/0x110\nethnl_set_features+0x32d/0xa20\n\nTo fix this problem, it uses rhashtable_lookup_fast() instead of\nrhashtable_lookup() with rcu_read_lock().\nUsing xa without rcu_read_lock() here is safe.\nxa is freed by __xdp_mem_allocator_rcu_free() and this is called by\ncall_rcu() of mem_xa_remove().\nThe mem_xa_remove() is called by page_pool_destroy() if a reference\ncount reaches 0.\nThe xa is already protected by the reference count mechanism well in the\ncontrol plane.\nSo removing rcu_read_lock() for page_pool_destroy() is safe." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xdp: corrige el contexto de espera no v\u00e1lido de page_pool_destroy() Si el controlador utiliza un grupo de p\u00e1ginas, crea un grupo de p\u00e1ginas con page_pool_create(). El recuento de referencias del grupo de p\u00e1ginas es 1 de forma predeterminada. Un grupo de p\u00e1ginas se destruir\u00e1 solo cuando el recuento de referencias llegue a 0. page_pool_destroy() se utiliza para destruir el grupo de p\u00e1ginas, disminuye el recuento de referencias. Cuando se destruye un grupo de p\u00e1ginas, se llama a ->disconnect(), que es mem_allocator_disconnect(). Esta funci\u00f3n adquiere internamente mutex_lock(). Si el controlador usa XDP, registra un modelo de memoria con xdp_rxq_info_reg_mem_model(). xdp_rxq_info_reg_mem_model() aumenta internamente el recuento de referencias del grupo de p\u00e1ginas si un modelo de memoria es un grupo de p\u00e1ginas. Ahora el recuento de referencias es 2. Para destruir un grupo de p\u00e1ginas, el controlador debe llamar tanto a page_pool_destroy() como a xdp_unreg_mem_model(). xdp_unreg_mem_model() llama internamente a page_pool_destroy(). Solo page_pool_destroy() disminuye el recuento de referencias. Si un controlador llama a page_pool_destroy() y luego a xdp_unreg_mem_model(), nos enfrentaremos a una advertencia de contexto de espera no v\u00e1lido. Porque xdp_unreg_mem_model() llama a page_pool_destroy() con rcu_read_lock(). Page_pool_destroy() adquiere internamente mutex_lock(). Splat se ve as\u00ed: ============================= [ERROR: Contexto de espera no v\u00e1lido] 6.10.0-rc6+ #4 Contaminado: GW ----------------------- ethtool/1806 est\u00e1 intentando bloquear: ffffffff90387b90 (mem_id_lock){+.+.}-{4 :4}, en: mem_allocator_disconnect+0x73/0x150 otra informaci\u00f3n que podr\u00eda ayudarnos a depurar esto: contexto-{5:5} 3 bloqueos mantenidos por ethtool/1806: seguimiento de pila: CPU: 0 PID: 1806 Comm: ethtool Tainted: GW 6.10.0-rc6+ #4 f916f41f172891c800f2fed Nombre del hardware: Nombre del producto del sistema ASUS/PRIME Z690-P D4, BIOS 0603 01/11/2021 Seguimiento de llamadas: dump_stack_lvl+0x7e/0xc0 __lock_acquire+0x1681/0x4de0 ? _printk+0x64/0xe0 ? __pfx_mark_lock.part.0+0x10/0x10 ? __pfx___lock_acquire+0x10/0x10 lock_acquire+0x1b3/0x580 ? mem_allocator_disconnect+0x73/0x150? __wake_up_klogd.part.0+0x16/0xc0 ? __pfx_lock_acquire+0x10/0x10? dump_stack_lvl+0x91/0xc0 __mutex_lock+0x15c/0x1690 ? mem_allocator_disconnect+0x73/0x150? __pfx_prb_read_valid+0x10/0x10 ? mem_allocator_disconnect+0x73/0x150? __pfx_llist_add_batch+0x10/0x10? console_unlock+0x193/0x1b0? lockdep_hardirqs_on+0xbe/0x140? __pfx___mutex_lock+0x10/0x10 ? tick_nohz_tick_stopped+0x16/0x90? __irq_work_queue_local+0x1e5/0x330 ? irq_work_queue+0x39/0x50? __wake_up_klogd.part.0+0x79/0xc0 ? mem_allocator_disconnect+0x73/0x150 mem_allocator_disconnect+0x73/0x150? __pfx_mem_allocator_disconnect+0x10/0x10? mark_held_locks+0xa5/0xf0? rcu_is_watching+0x11/0xb0 page_pool_release+0x36e/0x6d0 page_pool_destroy+0xd7/0x440 xdp_unreg_mem_model+0x1a7/0x2a0 ? __pfx_xdp_unreg_mem_model+0x10/0x10 ? kgratis+0x125/0x370 ? bnxt_free_ring.isra.0+0x2eb/0x500 ? bnxt_free_mem+0x5ac/0x2500 xdp_rxq_info_unreg+0x4a/0xd0 bnxt_free_mem+0x1356/0x2500 bnxt_close_nic+0xf0/0x3b0 ? __pfx_bnxt_close_nic+0x10/0x10 ? ethnl_parse_bit+0x2c6/0x6d0? __pfx___nla_validate_parse+0x10/0x10 ? __pfx_ethnl_parse_bit+0x10/0x10 bnxt_set_features+0x2a8/0x3e0 __netdev_update_features+0x4dc/0x1370 ? ethnl_parse_bitset+0x4ff/0x750? __pfx_ethnl_parse_bitset+0x10/0x10? __pfx___netdev_update_features+0x10/0x10? mark_held_locks+0xa5/0xf0? _raw_spin_unlock_irqrestore+0x42/0x70? __pm_runtime_resume+0x7d/0x110 ethnl_set_features+0x32d/0xa20 Para solucionar este problema, utiliza rhashtable_lookup_fast() en lugar de rhashtable_lookup() con rcu_read_lock(). Usar xa sin rcu_read_lock() aqu\u00ed es seguro. xa es liberado por __xdp_mem_allocator_rcu_free() y esto es llamado por call_rcu() de mem_xa_remove(). page_pool_destroy() llama a mem_xa_remove() si un recuento de referencias llega a 0. ----truncado-----" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43835.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43835.json index aeb2649afde..0b6b96fe322 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43835.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43835.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43835", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:09.183", - "lastModified": "2024-08-17T10:15:09.183", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: Fix napi_skb_cache_put warning\n\nAfter the commit bdacf3e34945 (\"net: Use nested-BH locking for\nnapi_alloc_cache.\") was merged, the following warning began to appear:\n\n\t WARNING: CPU: 5 PID: 1 at net/core/skbuff.c:1451 napi_skb_cache_put+0x82/0x4b0\n\n\t __warn+0x12f/0x340\n\t napi_skb_cache_put+0x82/0x4b0\n\t napi_skb_cache_put+0x82/0x4b0\n\t report_bug+0x165/0x370\n\t handle_bug+0x3d/0x80\n\t exc_invalid_op+0x1a/0x50\n\t asm_exc_invalid_op+0x1a/0x20\n\t __free_old_xmit+0x1c8/0x510\n\t napi_skb_cache_put+0x82/0x4b0\n\t __free_old_xmit+0x1c8/0x510\n\t __free_old_xmit+0x1c8/0x510\n\t __pfx___free_old_xmit+0x10/0x10\n\nThe issue arises because virtio is assuming it's running in NAPI context\neven when it's not, such as in the netpoll case.\n\nTo resolve this, modify virtnet_poll_tx() to only set NAPI when budget\nis available. Same for virtnet_poll_cleantx(), which always assumed that\nit was in a NAPI context." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: virtio_net: corrige la advertencia de napi_skb_cache_put Despu\u00e9s de que se fusion\u00f3 el commit bdacf3e34945 (\"net: Use bloqueo de BH anidado para napi_alloc_cache.\"), comenz\u00f3 a aparecer la siguiente advertencia: ADVERTENCIA: CPU: 5 PID: 1 en net/core/skbuff.c:1451 napi_skb_cache_put+0x82/0x4b0 __warn+0x12f/0x340 napi_skb_cache_put+0x82/0x4b0 napi_skb_cache_put+0x82/0x4b0 report_bug+0x165/0x370 x80 exc_invalid_op+0x1a/0x50 asm_exc_invalid_op+ 0x1a/0x20 __free_old_xmit+0x1c8/0x510 napi_skb_cache_put+0x82/0x4b0 __free_old_xmit+0x1c8/0x510 __free_old_xmit+0x1c8/0x510 __pfx___free_old_xmit+0x10/0x10 El problema surge porque virtio asumiendo que se est\u00e1 ejecutando en el contexto NAPI incluso cuando no lo es, como en netpoll caso. Para resolver esto, modifique virtnet_poll_tx() para configurar NAPI solo cuando haya presupuesto disponible. Lo mismo ocurre con virtnet_poll_cleantx(), que siempre asumi\u00f3 que estaba en un contexto NAPI." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43836.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43836.json index 78b378f1a64..042de10dbf1 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43836.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43836.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43836", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:09.250", - "lastModified": "2024-08-17T10:15:09.250", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethtool: pse-pd: Fix possible null-deref\n\nFix a possible null dereference when a PSE supports both c33 and PoDL, but\nonly one of the netlink attributes is specified. The c33 or PoDL PSE\ncapabilities are already validated in the ethnl_set_pse_validate() call." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ethtool: pse-pd: Arreglar posible null-deref Arreglar una posible desreferencia nula cuando un PSE soporta tanto c33 como PoDL, pero solo se especifica uno de los atributos netlink. Las capacidades de c33 o PoDL PSE ya est\u00e1n validadas en la llamada ethnl_set_pse_validate()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43837.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43837.json index 1a63ab41277..119d7b93215 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43837.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43837.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43837", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:09.320", - "lastModified": "2024-08-17T10:15:09.320", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT\n\nWhen loading a EXT program without specifying `attr->attach_prog_fd`,\nthe `prog->aux->dst_prog` will be null. At this time, calling\nresolve_prog_type() anywhere will result in a null pointer dereference.\n\nExample stack trace:\n\n[ 8.107863] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004\n[ 8.108262] Mem abort info:\n[ 8.108384] ESR = 0x0000000096000004\n[ 8.108547] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 8.108722] SET = 0, FnV = 0\n[ 8.108827] EA = 0, S1PTW = 0\n[ 8.108939] FSC = 0x04: level 0 translation fault\n[ 8.109102] Data abort info:\n[ 8.109203] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 8.109399] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 8.109614] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 8.109836] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101354000\n[ 8.110011] [0000000000000004] pgd=0000000000000000, p4d=0000000000000000\n[ 8.112624] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 8.112783] Modules linked in:\n[ 8.113120] CPU: 0 PID: 99 Comm: may_access_dire Not tainted 6.10.0-rc3-next-20240613-dirty #1\n[ 8.113230] Hardware name: linux,dummy-virt (DT)\n[ 8.113390] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 8.113429] pc : may_access_direct_pkt_data+0x24/0xa0\n[ 8.113746] lr : add_subprog_and_kfunc+0x634/0x8e8\n[ 8.113798] sp : ffff80008283b9f0\n[ 8.113813] x29: ffff80008283b9f0 x28: ffff800082795048 x27: 0000000000000001\n[ 8.113881] x26: ffff0000c0bb2600 x25: 0000000000000000 x24: 0000000000000000\n[ 8.113897] x23: ffff0000c1134000 x22: 000000000001864f x21: ffff0000c1138000\n[ 8.113912] x20: 0000000000000001 x19: ffff0000c12b8000 x18: ffffffffffffffff\n[ 8.113929] x17: 0000000000000000 x16: 0000000000000000 x15: 0720072007200720\n[ 8.113944] x14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720\n[ 8.113958] x11: 0720072007200720 x10: 0000000000f9fca4 x9 : ffff80008021f4e4\n[ 8.113991] x8 : 0101010101010101 x7 : 746f72705f6d656d x6 : 000000001e0e0f5f\n[ 8.114006] x5 : 000000000001864f x4 : ffff0000c12b8000 x3 : 000000000000001c\n[ 8.114020] x2 : 0000000000000002 x1 : 0000000000000000 x0 : 0000000000000000\n[ 8.114126] Call trace:\n[ 8.114159] may_access_direct_pkt_data+0x24/0xa0\n[ 8.114202] bpf_check+0x3bc/0x28c0\n[ 8.114214] bpf_prog_load+0x658/0xa58\n[ 8.114227] __sys_bpf+0xc50/0x2250\n[ 8.114240] __arm64_sys_bpf+0x28/0x40\n[ 8.114254] invoke_syscall.constprop.0+0x54/0xf0\n[ 8.114273] do_el0_svc+0x4c/0xd8\n[ 8.114289] el0_svc+0x3c/0x140\n[ 8.114305] el0t_64_sync_handler+0x134/0x150\n[ 8.114331] el0t_64_sync+0x168/0x170\n[ 8.114477] Code: 7100707f 54000081 f9401c00 f9403800 (b9400403)\n[ 8.118672] ---[ end trace 0000000000000000 ]---\n\nOne way to fix it is by forcing `attach_prog_fd` non-empty when\nbpf_prog_load(). But this will lead to `libbpf_probe_bpf_prog_type`\nAPI broken which use verifier log to probe prog type and will log\nnothing if we reject invalid EXT prog before bpf_check().\n\nAnother way is by adding null check in resolve_prog_type().\n\nThe issue was introduced by commit 4a9c7bbe2ed4 (\"bpf: Resolve to\nprog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT\") which wanted\nto correct type resolution for BPF_PROG_TYPE_TRACING programs. Before\nthat, the type resolution of BPF_PROG_TYPE_EXT prog actually follows\nthe logic below:\n\n prog->aux->dst_prog ? prog->aux->dst_prog->type : prog->type;\n\nIt implies that when EXT program is not yet attached to `dst_prog`,\nthe prog type should be EXT itself. This code worked fine in the past.\nSo just keep using it.\n\nFix this by returning `prog->type` for BPF_PROG_TYPE_EXT if `dst_prog`\nis not present in resolve_prog_type()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: Se corrigi\u00f3 la desreferencia del puntero nulo en resolve_prog_type() para BPF_PROG_TYPE_EXT Al cargar un programa EXT sin especificar `attr->attach_prog_fd`, el `prog->aux->dst_prog` ser\u00e1 nulo. En este momento, llamar a resolve_prog_type() en cualquier lugar dar\u00e1 como resultado una desreferencia del puntero nulo. Ejemplo de seguimiento de pila: [8.107863] No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000004 [8.108262] Informaci\u00f3n de cancelaci\u00f3n de memoria: [8.108384] ESR = 0x0000000096000004 [8.108547] EC = 0x25: DABT (EL actual), IL = 32 bits [8.108722 ] SET = 0, FnV = 0 [8.108827] EA = 0, S1PTW = 0 [8.108939] FSC = 0x04: error de traducci\u00f3n de nivel 0 [8.109102] Informaci\u00f3n de cancelaci\u00f3n de datos: [8.109203] ISV = 0, ISS = 0x00000004, ISS2 = 00 [ 8.109399] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 8.109614] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 8.109836] tabla de p\u00e1ginas de usuario: p\u00e1ginas de 4k, VA de 48 bits, pgdp=0000000101354000 [8.110011] [00000000000000004] pgd=0000000000000000, p4d=0000000000000000 [8.112624] Error interno: Vaya: 0000000096000 004 [#1] PREEMPT SMP [8.112783] M\u00f3dulos vinculados en: [8.113120] CPU: 0 PID: 99 Comm: may_access_dire No contaminado 6.10.0-rc3-next-20240613-dirty #1 [8.113230] Nombre de hardware: linux,dummy-virt (DT) [8.113390] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE= --) [8.113429] pc: may_access_direct_pkt_data+0x24/0xa0 [8.113746] lr: add_subprog_and_kfunc+0x634/0x8e8 [8.113798] sp: ffff80008283b9f0 [8.113813] x29: 83b9f0 x28: ffff800082795048 x27: 00000000000000001 [ 8.113881] x26: ffff0000c0bb2600 x25: 0000000000000000 x24: 0000000000000000 [8.113897] x23: ffff0000c1134000 x22: 000000000001864f x21: ffff0000c1138000 [8.113912] x20: 0000000000000001 x19: ffff0000c12b8000 x18: ffffffffffffffff [ 8.113929] x17: 0000000000000000 x16: 00000000000000000 x15: 0720072007200720 [ 8.113944] x14: 20072007200720 x13: 0720072007200720 x12: 0720072007200720 [8.113958] x11: 0720072007200720 x10: 0000000000f9fca4 x9: ffff80008021f4e4 [8.113991] x8: 0101010101010101 x7: 46f72705f6d656d x6: 000000001e0e0f5f [8.114006] x5: 000000000001864f x4: ffff0000c12b8000 x3: 000000000000001c [8.114020] x2: 00000000002 x1: 0000000000000000 x0: 0000000000000000 [ 8.114126] Seguimiento de llamadas: [8.114159] may_access_direct_pkt_data+0x24/0xa0 [8.114202] bpf_check+0x3bc/0x28c0 [8.114214] bpf_prog_load+0x658/0xa58 [8.114227] xc50/0x2250 [8.114240] __arm64_sys_bpf+0x28/0x40 [8.114254] invoke_syscall. constprop.0+0x54/0xf0 [8.114273] do_el0_svc+0x4c/0xd8 [8.114289] el0_svc+0x3c/0x140 [8.114305] el0t_64_sync_handler+0x134/0x150 [8.114331] _sync+0x168/0x170 [8.114477] C\u00f3digo: 7100707f 54000081 f9401c00 f9403800 (b9400403 ) [8.118672] ---[ end trace 0000000000000000 ]--- Una forma de solucionarlo es forzando que `attach_prog_fd` no est\u00e9 vac\u00edo cuando bpf_prog_load(). Pero esto provocar\u00e1 que se rompa la API `libbpf_probe_bpf_prog_type`, que utiliza el registro del verificador para sondear el tipo de programa y no registrar\u00e1 nada si rechazamos el programa EXT no v\u00e1lido antes de bpf_check(). Otra forma es agregando una verificaci\u00f3n nula en resolve_prog_type(). El problema fue introducido por el commit 4a9c7bbe2ed4 (\"bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT\") que quer\u00eda corregir la resoluci\u00f3n de tipos para los programas BPF_PROG_TYPE_TRACING. Antes de eso, la resoluci\u00f3n de tipo del programa BPF_PROG_TYPE_EXT en realidad sigue la siguiente l\u00f3gica: prog->aux->dst_prog ? prog->aux->dst_prog->tipo : prog->tipo; Implica que cuando el programa EXT a\u00fan no est\u00e1 adjunto a `dst_prog`, el tipo de programa debe ser EXT. Este c\u00f3digo funcion\u00f3 bien en el pasado. As\u00ed que sigue us\u00e1ndolo. Solucione este problema devolviendo `prog->type` para BPF_PROG_TYPE_EXT si `dst_prog` no est\u00e1 presente en resolve_prog_type()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43838.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43838.json index 1a39ddf2426..be1f854a309 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43838.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43838.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43838", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:09.390", - "lastModified": "2024-08-17T10:15:09.390", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix overflow check in adjust_jmp_off()\n\nadjust_jmp_off() incorrectly used the insn->imm field for all overflow check,\nwhich is incorrect as that should only be done or the BPF_JMP32 | BPF_JA case,\nnot the general jump instruction case. Fix it by using insn->off for overflow\ncheck in the general case." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: bpf: corrigi\u00f3 la verificaci\u00f3n de desbordamiento en ajustar_jmp_off() ajuste_jmp_off() us\u00f3 incorrectamente el campo insn->imm para toda la verificaci\u00f3n de desbordamiento, lo cual es incorrecto ya que eso solo debe hacerse o el BPF_JMP32 | Caso BPF_JA, no el caso de instrucci\u00f3n de salto general. Solucionelo usando insn->off para verificar el desbordamiento en el caso general." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43839.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43839.json index 2cf22c95982..631b6670201 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43839.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43839.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43839", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:09.447", - "lastModified": "2024-08-19T05:15:09.980", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbna: adjust 'name' buf size of bna_tcb and bna_ccb structures\n\nTo have enough space to write all possible sprintf() args. Currently\n'name' size is 16, but the first '%s' specifier may already need at\nleast 16 characters, since 'bnad->netdev->name' is used there.\n\nFor '%d' specifiers, assume that they require:\n * 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8\n * 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_RXP_PER_RX\n is 16\n\nAnd replace sprintf with snprintf.\n\nDetected using the static analysis tool - Svace." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bna: ajuste el tama\u00f1o del buf 'nombre' de las estructuras bna_tcb y bna_ccb para tener suficiente espacio para escribir todos los argumentos posibles de sprintf(). Actualmente el tama\u00f1o de 'nombre' es 16, pero es posible que el primer especificador '%s' ya necesite al menos 16 caracteres, ya que all\u00ed se usa 'bnad->netdev->name'. Para los especificadores '%d', supongamos que requieren: * 1 car\u00e1cter para la suma 'tx_id + tx_info->tcb[i]->id', BNAD_MAX_TXQ_PER_TX es 8 * 2 caracteres para 'rx_id + rx_info->rx_ctrl[i]. ccb->id', BNAD_MAX_RXP_PER_RX es 16 y reemplace sprintf con snprintf. Detectado utilizando la herramienta de an\u00e1lisis est\u00e1tico - Svace." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43840.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43840.json index ba64529fbb7..b1e887fcc8e 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43840.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43840.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43840", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:09.517", - "lastModified": "2024-08-17T10:15:09.517", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG\n\nWhen BPF_TRAMP_F_CALL_ORIG is set, the trampoline calls\n__bpf_tramp_enter() and __bpf_tramp_exit() functions, passing them\nthe struct bpf_tramp_image *im pointer as an argument in R0.\n\nThe trampoline generation code uses emit_addr_mov_i64() to emit\ninstructions for moving the bpf_tramp_image address into R0, but\nemit_addr_mov_i64() assumes the address to be in the vmalloc() space\nand uses only 48 bits. Because bpf_tramp_image is allocated using\nkzalloc(), its address can use more than 48-bits, in this case the\ntrampoline will pass an invalid address to __bpf_tramp_enter/exit()\ncausing a kernel crash.\n\nFix this by using emit_a64_mov_i64() in place of emit_addr_mov_i64()\nas it can work with addresses that are greater than 48-bits." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf, arm64: Reparar trampol\u00edn para BPF_TRAMP_F_CALL_ORIG Cuando BPF_TRAMP_F_CALL_ORIG est\u00e1 configurado, el trampol\u00edn llama a las funciones __bpf_tramp_enter() y __bpf_tramp_exit(), pas\u00e1ndoles el puntero struct bpf_tramp_image *im como argumento en R0 . El c\u00f3digo de generaci\u00f3n de trampol\u00edn usa emit_addr_mov_i64() para emitir instrucciones para mover la direcci\u00f3n bpf_tramp_image a R0, pero emit_addr_mov_i64() asume que la direcci\u00f3n est\u00e1 en el espacio vmalloc() y usa solo 48 bits. Debido a que bpf_tramp_image se asigna usando kzalloc(), su direcci\u00f3n puede usar m\u00e1s de 48 bits, en este caso el trampol\u00edn pasar\u00e1 una direcci\u00f3n no v\u00e1lida a __bpf_tramp_enter/exit() provocando un bloqueo del kernel. Solucione este problema utilizando emit_a64_mov_i64() en lugar de emit_addr_mov_i64(), ya que puede funcionar con direcciones superiores a 48 bits." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43841.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43841.json index a32291f1c9d..203698656ac 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43841.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43841.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43841", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:09.580", - "lastModified": "2024-08-19T05:15:10.050", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: virt_wifi: avoid reporting connection success with wrong SSID\n\nWhen user issues a connection with a different SSID than the one\nvirt_wifi has advertised, the __cfg80211_connect_result() will\ntrigger the warning: WARN_ON(bss_not_found).\n\nThe issue is because the connection code in virt_wifi does not\ncheck the SSID from user space (it only checks the BSSID), and\nvirt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS\neven if the SSID is different from the one virt_wifi has advertised.\nEventually cfg80211 won't be able to find the cfg80211_bss and generate\nthe warning.\n\nFixed it by checking the SSID (from user space) in the connection code." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: virt_wifi: evita informar el \u00e9xito de la conexi\u00f3n con un SSID incorrecto Cuando el usuario emite una conexi\u00f3n con un SSID diferente al que virt_wifi ha anunciado, __cfg80211_connect_result() activar\u00e1 la advertencia: WARN_ON( bss_not_found). El problema se debe a que el c\u00f3digo de conexi\u00f3n en virt_wifi no verifica el SSID desde el espacio del usuario (solo verifica el BSSID), y virt_wifi llamar\u00e1 a cfg80211_connect_result() con WLAN_STATUS_SUCCESS incluso si el SSID es diferente del que virt_wifi ha anunciado. Eventualmente, cfg80211 no podr\u00e1 encontrar cfg80211_bss y generar la advertencia. Se solucion\u00f3 verificando el SSID (del espacio de usuario) en el c\u00f3digo de conexi\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43842.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43842.json index 046cb171cd0..f701650f782 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43842.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43842.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43842", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:09.647", - "lastModified": "2024-08-17T10:15:09.647", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()\n\nIn rtw89_sta_info_get_iter() 'status->he_gi' is compared to array size.\nBut then 'rate->he_gi' is used as array index instead of 'status->he_gi'.\nThis can lead to go beyond array boundaries in case of 'rate->he_gi' is\nnot equal to 'status->he_gi' and is bigger than array size. Looks like\n\"copy-paste\" mistake.\n\nFix this mistake by replacing 'rate->he_gi' with 'status->he_gi'.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: rtw89: corrige el error de \u00edndice de matriz en rtw89_sta_info_get_iter() En rtw89_sta_info_get_iter() 'status->he_gi' se compara con el tama\u00f1o de la matriz. Pero luego se usa 'rate->he_gi' como \u00edndice de matriz en lugar de 'status->he_gi'. Esto puede llevar a ir m\u00e1s all\u00e1 de los l\u00edmites de la matriz en caso de que 'rate->he_gi' no sea igual a 'status->he_gi' y sea mayor que el tama\u00f1o de la matriz. Parece un error de \"copiar y pegar\". Corrija este error reemplazando 'rate->he_gi' con 'status->he_gi'. Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con SVACE." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43843.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43843.json index 8aacbf2ebdf..e6b6c9da064 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43843.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43843.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43843", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:09.707", - "lastModified": "2024-08-17T10:15:09.707", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv, bpf: Fix out-of-bounds issue when preparing trampoline image\n\nWe get the size of the trampoline image during the dry run phase and\nallocate memory based on that size. The allocated image will then be\npopulated with instructions during the real patch phase. But after\ncommit 26ef208c209a (\"bpf: Use arch_bpf_trampoline_size\"), the `im`\nargument is inconsistent in the dry run and real patch phase. This may\ncause emit_imm in RV64 to generate a different number of instructions\nwhen generating the 'im' address, potentially causing out-of-bounds\nissues. Let's emit the maximum number of instructions for the \"im\"\naddress during dry run to fix this problem." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: riscv, bpf: soluciona el problema de fuera de los l\u00edmites al preparar la imagen del trampol\u00edn. Obtenemos el tama\u00f1o de la imagen del trampol\u00edn durante la fase de ejecuci\u00f3n en seco y asignamos memoria en funci\u00f3n de ese tama\u00f1o. La imagen asignada se completar\u00e1 con instrucciones durante la fase de parche real. Pero despu\u00e9s del commit 26ef208c209a (\"bpf: Use arch_bpf_trampoline_size\"), el argumento `im` es inconsistente en la fase de prueba y de parche real. Esto puede hacer que emit_imm en RV64 genere una cantidad diferente de instrucciones al generar la direcci\u00f3n 'im', lo que podr\u00eda causar problemas fuera de los l\u00edmites. Emitamos la cantidad m\u00e1xima de instrucciones para la direcci\u00f3n \"im\" durante el ensayo para solucionar este problema." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43844.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43844.json index 762cb786fca..6fc479a2cac 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43844.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43844.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43844", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:09.763", - "lastModified": "2024-08-17T10:15:09.763", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: wow: fix GTK offload H2C skbuff issue\n\nWe mistakenly put skb too large and that may exceed skb->end.\nTherefore, we fix it.\n\nskbuff: skb_over_panic: text:ffffffffc09e9a9d len:416 put:204 head:ffff8fba04eca780 data:ffff8fba04eca7e0 tail:0x200 end:0x140 dev:\n------------[ cut here ]------------\nkernel BUG at net/core/skbuff.c:192!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 4747 Comm: kworker/u4:44 Tainted: G O 6.6.30-02659-gc18865c4dfbd #1 86547039b47e46935493f615ee31d0b2d711d35e\nHardware name: HP Meep/Meep, BIOS Google_Meep.11297.262.0 03/18/2021\nWorkqueue: events_unbound async_run_entry_fn\nRIP: 0010:skb_panic+0x5d/0x60\nCode: c6 63 8b 8f bb 4c 0f 45 f6 48 c7 c7 4d 89 8b bb 48 89 ce 44 89 d1 41 56 53 41 53 ff b0 c8 00 00 00 e8 27 5f 23 00 48 83 c4 20 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44\nRSP: 0018:ffffaa700144bad0 EFLAGS: 00010282\nRAX: 0000000000000089 RBX: 0000000000000140 RCX: 14432c5aad26c900\nRDX: 0000000000000000 RSI: 00000000ffffdfff RDI: 0000000000000001\nRBP: ffffaa700144bae0 R08: 0000000000000000 R09: ffffaa700144b920\nR10: 00000000ffffdfff R11: ffffffffbc28fbc0 R12: ffff8fba4e57a010\nR13: 0000000000000000 R14: ffffffffbb8f8b63 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffff8fba7bd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007999c4ad1000 CR3: 000000015503a000 CR4: 0000000000350ee0\nCall Trace:\n \n ? __die_body+0x1f/0x70\n ? die+0x3d/0x60\n ? do_trap+0xa4/0x110\n ? skb_panic+0x5d/0x60\n ? do_error_trap+0x6d/0x90\n ? skb_panic+0x5d/0x60\n ? handle_invalid_op+0x30/0x40\n ? skb_panic+0x5d/0x60\n ? exc_invalid_op+0x3c/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? skb_panic+0x5d/0x60\n skb_put+0x49/0x50\n rtw89_fw_h2c_wow_gtk_ofld+0xbd/0x220 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_wow_resume+0x31f/0x540 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_ops_resume+0x2b/0xa0 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n ieee80211_reconfig+0x84/0x13e0 [mac80211 818a894e3b77da6298269c59ed7cdff065a4ed52]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? dev_printk_emit+0x51/0x70\n ? _dev_info+0x6e/0x90\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n wiphy_resume+0x89/0x180 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n dpm_run_callback+0x3c/0x140\n device_resume+0x1f9/0x3c0\n ? __pfx_dpm_watchdog_handler+0x10/0x10\n async_resume+0x1d/0x30\n async_run_entry_fn+0x29/0xd0\n process_scheduled_works+0x1d8/0x3d0\n worker_thread+0x1fc/0x2f0\n kthread+0xed/0x110\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x38/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n \nModules linked in: ccm 8021q r8153_ecm cdc_ether usbnet r8152 mii dm_integrity async_xor xor async_tx lz4 lz4_compress zstd zstd_compress zram zsmalloc uinput rfcomm cmac algif_hash rtw89_8922ae(O) algif_skcipher rtw89_8922a(O) af_alg rtw89_pci(O) rtw89_core(O) btusb(O) snd_soc_sst_bxt_da7219_max98357a btbcm(O) snd_soc_hdac_hdmi btintel(O) snd_soc_intel_hda_dsp_common snd_sof_probes btrtl(O) btmtk(O) snd_hda_codec_hdmi snd_soc_dmic uvcvideo videobuf2_vmalloc uvc videobuf2_memops videobuf2_v4l2 videobuf2_common snd_sof_pci_intel_apl snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_intel_hda soundwire_intel soundwire_generic_allocation snd_sof_intel_hda_mlink soundwire_cadence snd_sof_pci snd_sof_xtensa_dsp mac80211 snd_soc_acpi_intel_match snd_soc_acpi snd_sof snd_sof_utils soundwire_bus snd_soc_max98357a snd_soc_avs snd_soc_hda_codec snd_hda_ext_core snd_intel_dspcfg snd_intel_sdw_acpi snd_soc_da7219 snd_hda_codec snd_hwdep snd_hda_core veth ip6table_nat xt_MASQUERADE xt_cgroup fuse bluetooth ecdh_generic\n cfg80211 ecc\ngsmi: Log Shutdown \n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: rtw89: wow: soluciona el problema de skbuff de H2C de descarga GTK. Por error pusimos skb demasiado grande y eso puede exceder skb->end. Por eso lo arreglamos. skbuff: skb_over_panic: text:ffffffffc09e9a9d len:416 put:204 head:ffff8fba04eca780 data:ffff8fba04eca7e0 tail:0x200 end:0x140 dev: ------------[ cortar aqu\u00ed ]---- -------- \u00a1ERROR del kernel en net/core/skbuff.c:192! c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] PREEMPT SMP PTI CPU: 1 PID: 4747 Comm: kworker/u4:44 Contaminado: GO 6.6.30-02659-gc18865c4dfbd #1 86547039b47e46935493f615ee31d0b2d711d35e Nombre de hardware: HP Me ep/Meep, BIOS Google_Meep.11297.262. 0 18/03/2021 Cola de trabajo: events_unbound async_run_entry_fn RIP: 0010:skb_panic+0x5d/0x60 C\u00f3digo: c6 63 8b 8f bb 4c 0f 45 f6 48 c7 c7 4d 89 8b bb 48 89 ce 44 89 d1 41 53 41 53 y siguientes b0 c8 00 00 00 e8 27 5f 23 00 48 83 c4 20 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 RSP 0018:ffffaa700144ba d0 EFLAGS: 00010282 RAX: 0000000000000089 RBX: 0000000000000140 RCX: 14432c5aad26c900 RDX: 0000000000000000 RSI: 00000000ffffdfff RDI: 0000000000000001 RBP: ffffaa700144bae0 R08: 00000000 R09: ffffaa700144b920 R10: 00000000ffffdfff R11: ffffffffbc28fbc0 R12: ffff8fba4e57a010 R13: 00000000000000000 R14: ffffffffbb8f8b63 R15: 00000000000 FS: 0000000000000000(0000) GS:ffff8fba7bd00000( 0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007999c4ad1000 CR3: 000000015503a000 CR4: 000000000035 0ee0 Seguimiento de llamadas: ? __die_body+0x1f/0x70 ? morir+0x3d/0x60? do_trap+0xa4/0x110? skb_panic+0x5d/0x60? do_error_trap+0x6d/0x90? skb_panic+0x5d/0x60? handle_invalid_op+0x30/0x40? skb_panic+0x5d/0x60? exc_invalid_op+0x3c/0x50? asm_exc_invalid_op+0x16/0x20? skb_panic+0x5d/0x60 skb_put+0x49/0x50 rtw89_fw_h2c_wow_gtk_ofld+0xbd/0x220 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5] 1f/0x540 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5] rtw89_ops_resume+0x2b/0xa0 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5] _reconfig+0x84/0x13e0 [mac80211 818a894e3b77da6298269c59ed7cdff065a4ed52] ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]? dev_printk_emit+0x51/0x70? _dev_info+0x6e/0x90? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d] wiphy_resume+0x89/0x180 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae23 3b59d] ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d] dpm_run_callback+0x3c/0x140 device_resume+0x1f9/0x3c0 ? __pfx_dpm_watchdog_handler+0x10/0x10 async_resume+0x1d/0x30 async_run_entry_fn+0x29/0xd0 Process_scheduled_works+0x1d8/0x3d0 trabajador_thread+0x1fc/0x2f0 kthread+0xed/0x110 ? __pfx_worker_thread+0x10/0x10? __pfx_kthread+0x10/0x10 ret_from_fork+0x38/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 M\u00f3dulos vinculados en: ccm 8021q r8153_ecm cdc_ether usbnet r8152 mii dm_integrity async_xor xor async_tx lz4 lz4_compress zstd zstd_compress zram zsmalloc u entrada rfcomm cmac algif_hash rtw89_8922ae(O) algif_skcipher rtw89_8922a(O) af_alg rtw89_pci (O) rtw89_core(O) btusb(O) snd_soc_sst_bxt_da7219_max98357a btbcm(O) snd_soc_hdac_hdmi btintel(O) snd_soc_intel_hda_dsp_common snd_sof_probes btrtl(O) btmtk(O) c_hdmi snd_soc_dmic uvcvideo videobuf2_vmalloc uvc videobuf2_memops videobuf2_v4l2 videobuf2_common snd_sof_pci_intel_apl snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_intel_hda soundwire_intel soundwire_generic_allocation snd_ sof_intel_hda_mlink soundwire_cadence snd_sof_pci snd_sof_xtensa_dsp mac80211 snd_soc_acpi_intel_match snd_soc_acpi snd_sof snd_sof_utils soundwire_bus snd_soc_max98357a snd_soc_avs snd_soc_hda_codec snd_hda_ext_core snd_intel_dspcfg snd_intel_sdw_acpi snd_soc_da72 19 snd_hda_codec snd_hwdep snd_hda_core veth ip6table_nat xt_MASQUERADE xt_cgroup fuse bluetooth ecdh_generic cfg80211 ecc gsmi: Apagado de registro ---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43845.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43845.json index 4cc3cc937fe..38a1255b8af 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43845.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43845.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43845", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:09.837", - "lastModified": "2024-08-17T10:15:09.837", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix bogus checksum computation in udf_rename()\n\nSyzbot reports uninitialized memory access in udf_rename() when updating\nchecksum of '..' directory entry of a moved directory. This is indeed\ntrue as we pass on-stack diriter.fi to the udf_update_tag() and because\nthat has only struct fileIdentDesc included in it and not the impUse or\nname fields, the checksumming function is going to checksum random stack\ncontents beyond the end of the structure. This is actually harmless\nbecause the following udf_fiiter_write_fi() will recompute the checksum\nfrom on-disk buffers where everything is properly included. So all that\nis needed is just removing the bogus calculation." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: udf: corrige el c\u00e1lculo falso de la suma de comprobaci\u00f3n en udf_rename() Syzbot informa acceso a memoria no inicializada en udf_rename() al actualizar la suma de comprobaci\u00f3n de la entrada del directorio '..' de un directorio movido. De hecho, esto es cierto cuando pasamos diriter.fi en la pila a udf_update_tag() y debido a que solo tiene la estructura fileIdentDesc incluida y no los campos impUse o nombre, la funci\u00f3n de suma de verificaci\u00f3n sumar\u00e1 los contenidos aleatorios de la pila m\u00e1s all\u00e1 del final de la estructura. En realidad, esto es inofensivo porque el siguiente udf_fiiter_write_fi() volver\u00e1 a calcular la suma de comprobaci\u00f3n de los b\u00faferes en el disco donde todo est\u00e1 incluido correctamente. As\u00ed que todo lo que se necesita es simplemente eliminar el c\u00e1lculo falso." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43846.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43846.json index 8e9389522b2..a3591f14452 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43846.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43846.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43846", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:09.900", - "lastModified": "2024-08-19T05:15:10.110", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib: objagg: Fix general protection fault\n\nThe library supports aggregation of objects into other objects only if\nthe parent object does not have a parent itself. That is, nesting is not\nsupported.\n\nAggregation happens in two cases: Without and with hints, where hints\nare a pre-computed recommendation on how to aggregate the provided\nobjects.\n\nNesting is not possible in the first case due to a check that prevents\nit, but in the second case there is no check because the assumption is\nthat nesting cannot happen when creating objects based on hints. The\nviolation of this assumption leads to various warnings and eventually to\na general protection fault [1].\n\nBefore fixing the root cause, error out when nesting happens and warn.\n\n[1]\ngeneral protection fault, probably for non-canonical address 0xdead000000000d90: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 1083 Comm: kworker/1:9 Tainted: G W 6.9.0-rc6-custom-gd9b4f1cca7fb #7\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:mlxsw_sp_acl_erp_bf_insert+0x25/0x80\n[...]\nCall Trace:\n \n mlxsw_sp_acl_atcam_entry_add+0x256/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n ret_from_fork_asm+0x1a/0x30\n " + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: lib: objagg: soluciona un fallo de protecci\u00f3n general. La librer\u00eda admite la agregaci\u00f3n de objetos en otros objetos s\u00f3lo si el objeto principal no tiene un padre en s\u00ed. Es decir, no se admite el anidamiento. La agregaci\u00f3n ocurre en dos casos: sin y con sugerencias, donde las sugerencias son una recomendaci\u00f3n calculada previamente sobre c\u00f3mo agregar los objetos proporcionados. El anidamiento no es posible en el primer caso debido a una verificaci\u00f3n que lo impide, pero en el segundo caso no hay verificaci\u00f3n porque se supone que el anidamiento no puede ocurrir cuando se crean objetos basados en sugerencias. La violaci\u00f3n de este supuesto conduce a diversas advertencias y eventualmente a un fallo de protecci\u00f3n general [1]. Antes de solucionar la causa ra\u00edz, elimine el error cuando se produzca el anidamiento y advierta. [1] falla de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0xdead000000000d90: 0000 [#1] CPU PREEMPT SMP PTI: 1 PID: 1083 Comm: kworker/1:9 Tainted: GW 6.9.0-rc6-custom-gd9b4f1cca7fb #7 Nombre del hardware: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 06/01/2019 Cola de trabajo: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work RIP: 0010:mlxsw_sp_acl_erp_bf_insert+0x25/0x80 [...] Rastreo de llamadas: acl_atcam_entry_add+0x256/0x3c0 mlxsw_sp_acl_tcam_entry_create+0x5e /0xa0 mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270 mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510 Process_one_work+0x151/0x370 trabajador_thread+0x2cb/0x3e0 kthread+0xd0/0x100 x34/0x50 ret_from_fork_asm+0x1a/0x30 " } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43847.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43847.json index 6a5c2af96e9..b2dc66d6031 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43847.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43847.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43847", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:09.963", - "lastModified": "2024-08-17T10:15:09.963", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix invalid memory access while processing fragmented packets\n\nThe monitor ring and the reo reinject ring share the same ring mask index.\nWhen the driver receives an interrupt for the reo reinject ring, the\nmonitor ring is also processed, leading to invalid memory access. Since\nmonitor support is not yet enabled in ath12k, the ring mask for the monitor\nring should be removed.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: ath12k: corrige el acceso no v\u00e1lido a la memoria mientras se procesan paquetes fragmentados. El anillo de monitor y el anillo de reinyecci\u00f3n de reo comparten el mismo \u00edndice de m\u00e1scara de anillo. Cuando el controlador recibe una interrupci\u00f3n para el anillo de reinyecci\u00f3n de reo, el anillo del monitor tambi\u00e9n se procesa, lo que genera un acceso no v\u00e1lido a la memoria. Dado que la compatibilidad con el monitor a\u00fan no est\u00e1 habilitada en ath12k, se debe quitar la m\u00e1scara del anillo del monitor. Probado en: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43848.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43848.json index 950527696eb..42f05475ca3 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43848.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43848.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43848", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:10.023", - "lastModified": "2024-08-17T10:15:10.023", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix TTLM teardown work\n\nThe worker calculates the wrong sdata pointer, so if it ever\nruns, it'll crash. Fix that." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: wifi: mac80211: arreglar el trabajo de desmontaje de TTLM El trabajador calcula el puntero sdata incorrecto, por lo que si alguna vez se ejecuta, fallar\u00e1. Arregla eso." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43849.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43849.json index fd135b24367..de47c63f5fe 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43849.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43849.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43849", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:10.093", - "lastModified": "2024-08-19T05:15:10.170", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pdr: protect locator_addr with the main mutex\n\nIf the service locator server is restarted fast enough, the PDR can\nrewrite locator_addr fields concurrently. Protect them by placing\nmodification of those fields under the main pdr->lock." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: soc: qcom: pdr: protege locator_addr con el mutex principal Si el servidor del localizador de servicios se reinicia lo suficientemente r\u00e1pido, el PDR puede reescribir los campos locator_addr simult\u00e1neamente. Prot\u00e9jalos colocando la modificaci\u00f3n de esos campos bajo el pdr->lock principal." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43850.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43850.json index bf625946968..fd3dbf18c21 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43850.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43850.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43850", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:10.157", - "lastModified": "2024-08-17T10:15:10.157", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove\n\nThe following warning is seen during bwmon_remove due to refcount\nimbalance, fix this by releasing the OPPs after use.\n\nLogs:\nWARNING: at drivers/opp/core.c:1640 _opp_table_kref_release+0x150/0x158\nHardware name: Qualcomm Technologies, Inc. X1E80100 CRD (DT)\n...\nCall trace:\n_opp_table_kref_release+0x150/0x158\ndev_pm_opp_remove_table+0x100/0x1b4\ndevm_pm_opp_of_table_release+0x10/0x1c\ndevm_action_release+0x14/0x20\ndevres_release_all+0xa4/0x104\ndevice_unbind_cleanup+0x18/0x60\ndevice_release_driver_internal+0x1ec/0x228\ndriver_detach+0x50/0x98\nbus_remove_driver+0x6c/0xbc\ndriver_unregister+0x30/0x60\nplatform_driver_unregister+0x14/0x20\nbwmon_driver_exit+0x18/0x524 [icc_bwmon]\n__arm64_sys_delete_module+0x184/0x264\ninvoke_syscall+0x48/0x118\nel0_svc_common.constprop.0+0xc8/0xe8\ndo_el0_svc+0x20/0x2c\nel0_svc+0x34/0xdc\nel0t_64_sync_handler+0x13c/0x158\nel0t_64_sync+0x190/0x194\n--[ end trace 0000000000000000 ]---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: soc: qcom: icc-bwmon: corrige el desequilibrio de recuento visto durante bwmon_remove La siguiente advertencia se ve durante bwmon_remove debido a un desequilibrio de recuento; solucione esto liberando los OPP despu\u00e9s de su uso. Registros: ADVERTENCIA: en drivers/opp/core.c:1640 _opp_table_kref_release+0x150/0x158 Nombre del hardware: Qualcomm Technologies, Inc. X1E80100 CRD (DT) ... Seguimiento de llamadas: _opp_table_kref_release+0x150/0x158 dev_pm_opp_remove_table+0x100/0x1b4 devm_pm_ opp_of_table_release+ 0x10/0x1c devm_action_release+0x14/0x20 devres_release_all+0xa4/0x104 dispositivo_unbind_cleanup+0x18/0x60 dispositivo_release_driver_internal+0x1ec/0x228 driver_detach+0x50/0x98 bus_remove_driver+0x6c/0xbc driver_unregister+0x30 /0x60 plataforma_driver_unregister+0x14/0x20 bwmon_driver_exit+0x18/0x524 [icc_bwmon ] __arm64_sys_delete_module+0x184/0x264 invoke_syscall+0x48/0x118 el0_svc_common.constprop.0+0xc8/0xe8 do_el0_svc+0x20/0x2c el0_svc+0x34/0xdc el0t_64_sync_handler+0x13 c/0x158 el0t_64_sync+0x190/0x194 --[ final de seguimiento 0000000000000000 ]---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43851.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43851.json index b7a66908b32..db5b915f9e7 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43851.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43851.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43851", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:10.230", - "lastModified": "2024-08-17T10:15:10.230", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: xilinx: rename cpu_number1 to dummy_cpu_number\n\nThe per cpu variable cpu_number1 is passed to xlnx_event_handler as\nargument \"dev_id\", but it is not used in this function. So drop the\ninitialization of this variable and rename it to dummy_cpu_number.\nThis patch is to fix the following call trace when the kernel option\nCONFIG_DEBUG_ATOMIC_SLEEP is enabled:\n\nBUG: sleeping function called from invalid context at include/linux/sched/mm.h:274\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper/0\n preempt_count: 1, expected: 0\n CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.1.0 #53\n Hardware name: Xilinx Versal vmk180 Eval board rev1.1 (QSPI) (DT)\n Call trace:\n dump_backtrace+0xd0/0xe0\n show_stack+0x18/0x40\n dump_stack_lvl+0x7c/0xa0\n dump_stack+0x18/0x34\n __might_resched+0x10c/0x140\n __might_sleep+0x4c/0xa0\n __kmem_cache_alloc_node+0xf4/0x168\n kmalloc_trace+0x28/0x38\n __request_percpu_irq+0x74/0x138\n xlnx_event_manager_probe+0xf8/0x298\n platform_probe+0x68/0xd8" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: soc: xilinx: cambiar el nombre de cpu_number1 a dummy_cpu_number La variable por CPU cpu_number1 se pasa a xlnx_event_handler como argumento \"dev_id\", pero no se utiliza en esta funci\u00f3n. As\u00ed que elimine la inicializaci\u00f3n de esta variable y c\u00e1mbiele el nombre a dummy_cpu_number. Este parche es para corregir el siguiente seguimiento de llamadas cuando la opci\u00f3n del kernel CONFIG_DEBUG_ATOMIC_SLEEP est\u00e1 habilitada: ERROR: funci\u00f3n de suspensi\u00f3n llamada desde un contexto no v\u00e1lido en include/linux/sched/mm.h:274 in_atomic(): 1, irqs_disabled(): 0, non_block : 0, pid: 1, nombre: swapper/0 preempt_count: 1, esperado: 0 CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.1.0 #53 Nombre de hardware: Xilinx Versal vmk180 Placa de evaluaci\u00f3n rev1.1 (QSPI ) (DT) Seguimiento de llamadas: dump_backtrace+0xd0/0xe0 show_stack+0x18/0x40 dump_stack_lvl+0x7c/0xa0 dump_stack+0x18/0x34 __might_resched+0x10c/0x140 __might_sleep+0x4c/0xa0 __kmem_cache_alloc_node+0xf4/ 0x168 kmalloc_trace+0x28/0x38 __request_percpu_irq+0x74 /0x138 xlnx_event_manager_probe+0xf8/0x298 plataforma_probe+0x68/0xd8" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43852.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43852.json index 2b5e0dab322..0a134b4e9fa 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43852.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43852.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43852", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:10.310", - "lastModified": "2024-08-17T10:15:10.310", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (ltc2991) re-order conditions to fix off by one bug\n\nLTC2991_T_INT_CH_NR is 4. The st->temp_en[] array has LTC2991_MAX_CHANNEL\n(4) elements. Thus if \"channel\" is equal to LTC2991_T_INT_CH_NR then we\nhave read one element beyond the end of the array. Flip the conditions\naround so that we check if \"channel\" is valid before using it as an array\nindex." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: hwmon: (ltc2991) condiciones de reordenamiento para corregir un error LTC2991_T_INT_CH_NR es 4. La matriz st->temp_en[] tiene elementos LTC2991_MAX_CHANNEL (4). Por lo tanto, si \"canal\" es igual a LTC2991_T_INT_CH_NR entonces hemos le\u00eddo un elemento m\u00e1s all\u00e1 del final de la matriz. Cambie las condiciones para verificar si \"canal\" es v\u00e1lido antes de usarlo como \u00edndice de matriz." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43853.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43853.json index 701edb7e5d4..c5549be05e2 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43853.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43853.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43853", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:10.383", - "lastModified": "2024-08-17T10:15:10.383", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: Prevent UAF in proc_cpuset_show()\n\nAn UAF can happen when /proc/cpuset is read as reported in [1].\n\nThis can be reproduced by the following methods:\n1.add an mdelay(1000) before acquiring the cgroup_lock In the\n cgroup_path_ns function.\n2.$cat /proc//cpuset repeatly.\n3.$mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset/\n$umount /sys/fs/cgroup/cpuset/ repeatly.\n\nThe race that cause this bug can be shown as below:\n\n(umount)\t\t|\t(cat /proc//cpuset)\ncss_release\t\t|\tproc_cpuset_show\ncss_release_work_fn\t|\tcss = task_get_css(tsk, cpuset_cgrp_id);\ncss_free_rwork_fn\t|\tcgroup_path_ns(css->cgroup, ...);\ncgroup_destroy_root\t|\tmutex_lock(&cgroup_mutex);\nrebind_subsystems\t|\ncgroup_free_root \t|\n\t\t\t|\t// cgrp was freed, UAF\n\t\t\t|\tcgroup_path_ns_locked(cgrp,..);\n\nWhen the cpuset is initialized, the root node top_cpuset.css.cgrp\nwill point to &cgrp_dfl_root.cgrp. In cgroup v1, the mount operation will\nallocate cgroup_root, and top_cpuset.css.cgrp will point to the allocated\n&cgroup_root.cgrp. When the umount operation is executed,\ntop_cpuset.css.cgrp will be rebound to &cgrp_dfl_root.cgrp.\n\nThe problem is that when rebinding to cgrp_dfl_root, there are cases\nwhere the cgroup_root allocated by setting up the root for cgroup v1\nis cached. This could lead to a Use-After-Free (UAF) if it is\nsubsequently freed. The descendant cgroups of cgroup v1 can only be\nfreed after the css is released. However, the css of the root will never\nbe released, yet the cgroup_root should be freed when it is unmounted.\nThis means that obtaining a reference to the css of the root does\nnot guarantee that css.cgrp->root will not be freed.\n\nFix this problem by using rcu_read_lock in proc_cpuset_show().\nAs cgroup_root is kfree_rcu after commit d23b5c577715\n(\"cgroup: Make operations on the cgroup root_list RCU safe\"),\ncss->cgroup won't be freed during the critical section.\nTo call cgroup_path_ns_locked, css_set_lock is needed, so it is safe to\nreplace task_get_css with task_css.\n\n[1] https://syzkaller.appspot.com/bug?extid=9b1ff7be974a403aa4cd" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cgroup/cpuset: Prevenir UAF en proc_cpuset_show() Puede ocurrir un UAF cuando se lee /proc/cpuset como se informa en [1]. Esto se puede reproducir mediante los siguientes m\u00e9todos: 1.Agregue un mdelay(1000) antes de adquirir cgroup_lock en la funci\u00f3n cgroup_path_ns. 2.$cat /proc//cpuset repetidamente. 3.$mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset/ $umount /sys/fs/cgroup/cpuset/ repetidamente. La ejecuci\u00f3n que causa este error se puede mostrar a continuaci\u00f3n: (umount) | (cat /proc//cpuset) css_release | proc_cpuset_show css_release_work_fn | css = task_get_css(tsk, cpuset_cgrp_id); css_free_rwork_fn | cgroup_path_ns(css->cgroup, ...); cgroup_destroy_root | mutex_lock(&cgroup_mutex); rebind_subsistemas | cgroup_free_root | | // cgrp fue liberado, UAF | cgroup_path_ns_locked(cgrp,..); Cuando se inicializa cpuset, el nodo ra\u00edz top_cpuset.css.cgrp apuntar\u00e1 a &cgrp_dfl_root.cgrp. En cgroup v1, la operaci\u00f3n de montaje asignar\u00e1 cgroup_root y top_cpuset.css.cgrp apuntar\u00e1 al &cgroup_root.cgrp asignado. Cuando se ejecuta la operaci\u00f3n desmontaje, top_cpuset.css.cgrp se rebotar\u00e1 en &cgrp_dfl_root.cgrp. El problema es que al volver a vincular a cgrp_dfl_root, hay casos en los que el cgroup_root asignado al configurar la ra\u00edz para cgroup v1 se almacena en cach\u00e9. Esto podr\u00eda dar lugar a un use-after-free (UAF) si se libera posteriormente. Los cgroups descendientes de cgroup v1 solo se pueden liberar despu\u00e9s de que se publique el CSS. Sin embargo, el CSS de la ra\u00edz nunca se liberar\u00e1, pero cgroup_root debe liberarse cuando se desmonta. Esto significa que obtener una referencia al CSS de la ra\u00edz no garantiza que css.cgrp->root no se libere. Solucione este problema usando rcu_read_lock en proc_cpuset_show(). Como cgroup_root es kfree_rcu despu\u00e9s del commit d23b5c577715 (\"cgroup: hacer que las operaciones en la RCU cgroup root_list sean seguras\"), css->cgroup no se liberar\u00e1 durante la secci\u00f3n cr\u00edtica. Para llamar a cgroup_path_ns_locked, se necesita css_set_lock, por lo que es seguro reemplazar task_get_css con task_css. [1] https://syzkaller.appspot.com/bug?extid=9b1ff7be974a403aa4cd" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43854.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43854.json index f85fed7e195..8edcee78051 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43854.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43854.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43854", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:10.447", - "lastModified": "2024-08-19T05:15:10.217", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: initialize integrity buffer to zero before writing it to media\n\nMetadata added by bio_integrity_prep is using plain kmalloc, which leads\nto random kernel memory being written media. For PI metadata this is\nlimited to the app tag that isn't used by kernel generated metadata,\nbut for non-PI metadata the entire buffer leaks kernel memory.\n\nFix this by adding the __GFP_ZERO flag to allocations for writes." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: bloque: inicializa el b\u00fafer de integridad a cero antes de escribirlo en el medio. Los metadatos agregados por bio_integrity_prep utilizan kmalloc simple, lo que lleva a que la memoria del kernel se escriba en el medio de forma aleatoria. Para los metadatos de PI, esto se limita a la etiqueta de la aplicaci\u00f3n que no es utilizada por los metadatos generados por el kernel, pero para los metadatos que no son de PI, todo el b\u00fafer pierde memoria del kernel. Solucione este problema agregando el indicador __GFP_ZERO a las asignaciones para escrituras." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43855.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43855.json index f3b301e0ee5..8cc9587bb04 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43855.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43855.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43855", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:10.527", - "lastModified": "2024-08-17T10:15:10.527", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix deadlock between mddev_suspend and flush bio\n\nDeadlock occurs when mddev is being suspended while some flush bio is in\nprogress. It is a complex issue.\n\nT1. the first flush is at the ending stage, it clears 'mddev->flush_bio'\n and tries to submit data, but is blocked because mddev is suspended\n by T4.\nT2. the second flush sets 'mddev->flush_bio', and attempts to queue\n md_submit_flush_data(), which is already running (T1) and won't\n execute again if on the same CPU as T1.\nT3. the third flush inc active_io and tries to flush, but is blocked because\n 'mddev->flush_bio' is not NULL (set by T2).\nT4. mddev_suspend() is called and waits for active_io dec to 0 which is inc\n by T3.\n\n T1\t\tT2\t\tT3\t\tT4\n (flush 1)\t(flush 2)\t(third 3)\t(suspend)\n md_submit_flush_data\n mddev->flush_bio = NULL;\n .\n .\t \tmd_flush_request\n .\t \t mddev->flush_bio = bio\n .\t \t queue submit_flushes\n .\t\t .\n .\t\t .\t\tmd_handle_request\n .\t\t .\t\t active_io + 1\n .\t\t .\t\t md_flush_request\n .\t\t .\t\t wait !mddev->flush_bio\n .\t\t .\n .\t\t .\t\t\t\tmddev_suspend\n .\t\t .\t\t\t\t wait !active_io\n .\t\t .\n .\t\t submit_flushes\n .\t\t queue_work md_submit_flush_data\n .\t\t //md_submit_flush_data is already running (T1)\n .\n md_handle_request\n wait resume\n\nThe root issue is non-atomic inc/dec of active_io during flush process.\nactive_io is dec before md_submit_flush_data is queued, and inc soon\nafter md_submit_flush_data() run.\n md_flush_request\n active_io + 1\n submit_flushes\n active_io - 1\n md_submit_flush_data\n md_handle_request\n active_io + 1\n make_request\n active_io - 1\n\nIf active_io is dec after md_handle_request() instead of within\nsubmit_flushes(), make_request() can be called directly intead of\nmd_handle_request() in md_submit_flush_data(), and active_io will\nonly inc and dec once in the whole flush process. Deadlock will be\nfixed.\n\nAdditionally, the only difference between fixing the issue and before is\nthat there is no return error handling of make_request(). But after\nprevious patch cleaned md_write_start(), make_requst() only return error\nin raid5_make_request() by dm-raid, see commit 41425f96d7aa (\"dm-raid456,\nmd/raid456: fix a deadlock for dm-raid456 while io concurrent with\nreshape)\". Since dm always splits data and flush operation into two\nseparate io, io size of flush submitted by dm always is 0, make_request()\nwill not be called in md_submit_flush_data(). To prevent future\nmodifications from introducing issues, add WARN_ON to ensure\nmake_request() no error is returned in this context." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: md: corrige el punto muerto entre mddev_suspend y purgar bio. El punto muerto ocurre cuando mddev se suspende mientras se realiza alg\u00fan purga de biograf\u00eda. Es una cuesti\u00f3n compleja. T1. la primera descarga est\u00e1 en la etapa final, borra 'mddev->flush_bio' e intenta enviar datos, pero se bloquea porque T4 suspende mddev. T2. la segunda descarga establece 'mddev->flush_bio' e intenta poner en cola md_submit_flush_data(), que ya se est\u00e1 ejecutando (T1) y no se ejecutar\u00e1 nuevamente si est\u00e1 en la misma CPU que T1. T3. el tercer enjuague incluye active_io e intenta descargar, pero se bloquea porque 'mddev->flush_bio' no es NULL (establecido por T2). T4. Se llama a mddev_suspend() y espera que active_io dec a 0, que es incrementado por T3. T1 T2 T3 T4 (flush 1) (flush 2) (tercero 3) (suspender) md_submit_flush_data mddev->flush_bio = NULL; . . md_flush_request. mddev->flush_bio = biograf\u00eda. cola submit_flushes . . . . md_handle_request. . activo_io + 1. . md_flush_request. . \u00a1espera! mddev->flush_bio. . . . mddev_suspend. . \u00a1espera! active_io. . . enviar_flushes. queue_work md_submit_flush_data. //md_submit_flush_data ya se est\u00e1 ejecutando (T1). md_handle_request espera reanudar la ra\u00edz del problema es el aumento/disminuci\u00f3n no at\u00f3mico de active_io durante el proceso de descarga. active_io disminuye antes de que md_submit_flush_data se ponga en cola y se inc poco despu\u00e9s de ejecutar md_submit_flush_data(). md_flush_request active_io + 1 submit_flushes active_io - 1 md_submit_flush_data md_handle_request active_io + 1 make_request active_io - 1 Si active_io se dec despu\u00e9s de md_handle_request() en lugar de dentro de submit_flushes(), se puede llamar a make_request() directamente en lugar de md_handle_request() en md_submit_flush_data(), y active_io solo aumentar\u00e1 y disminuir\u00e1 una vez durante todo el proceso de descarga. Se solucionar\u00e1 el punto muerto. Adem\u00e1s, la \u00fanica diferencia entre solucionar el problema y antes es que no hay manejo de errores de devoluci\u00f3n de make_request(). Pero despu\u00e9s de que el parche anterior limpi\u00f3 md_write_start(), make_requst() solo devuelve un error en raid5_make_request() por dm-raid, consulte el commit 41425f96d7aa (\"dm-raid456, md/raid456: solucione un punto muerto para dm-raid456 mientras io concurre con reshape) \". Dado que dm siempre divide los datos y la operaci\u00f3n de descarga en dos io separados, el tama\u00f1o de io de descarga enviado por dm siempre es 0, no se llamar\u00e1 a make_request() en md_submit_flush_data(). Para evitar que modificaciones futuras introduzcan problemas, agregue WARN_ON para garantizar que make_request() no se devuelva ning\u00fan error en este contexto." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43856.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43856.json index 38a18161d11..6a38b2390e6 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43856.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43856.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43856", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:10.613", - "lastModified": "2024-08-19T05:15:10.280", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma: fix call order in dmam_free_coherent\n\ndmam_free_coherent() frees a DMA allocation, which makes the\nfreed vaddr available for reuse, then calls devres_destroy()\nto remove and free the data structure used to track the DMA\nallocation. Between the two calls, it is possible for a\nconcurrent task to make an allocation with the same vaddr\nand add it to the devres list.\n\nIf this happens, there will be two entries in the devres list\nwith the same vaddr and devres_destroy() can free the wrong\nentry, triggering the WARN_ON() in dmam_match.\n\nFix by destroying the devres entry before freeing the DMA\nallocation.\n\n kokonut //net/encryption\n http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: dma: corrige el orden de llamadas en dmam_free_coherent dmam_free_coherent() libera una asignaci\u00f3n de DMA, lo que hace que el vaddr liberado est\u00e9 disponible para su reutilizaci\u00f3n, luego llama a devres_destroy() para eliminar y liberar la estructura de datos utilizada para realizar un seguimiento de la asignaci\u00f3n de DMA. Entre las dos llamadas, es posible que una tarea simult\u00e1nea realice una asignaci\u00f3n con el mismo vaddr y lo agregue a la lista de devres. Si esto sucede, habr\u00e1 dos entradas en la lista devres con el mismo vaddr y devres_destroy() puede liberar la entrada incorrecta, activando WARN_ON() en dmam_match. Para solucionarlo, destruya la entrada devres antes de liberar la asignaci\u00f3n de DMA. kokonut //net/encryption http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43857.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43857.json index f414b9f9c85..c679993b931 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43857.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43857.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43857", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:10.687", - "lastModified": "2024-08-17T10:15:10.687", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix null reference error when checking end of zone\n\nThis patch fixes a potentially null pointer being accessed by\nis_end_zone_blkaddr() that checks the last block of a zone\nwhen f2fs is mounted as a single device." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: corrige el error de referencia nula al comprobar el final de la zona. Este parche corrige un puntero potencialmente nulo al que accede is_end_zone_blkaddr() que comprueba el \u00faltimo bloque de una zona cuando f2fs est\u00e1 montado como dispositivo \u00fanico." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43858.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43858.json index fbc6e03a8e8..9499db1bc56 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43858.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43858.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43858", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:10.750", - "lastModified": "2024-08-19T05:15:10.343", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix array-index-out-of-bounds in diFree" + }, + { + "lang": "es", + "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: jfs: Reparar array-index-out-of-bounds en diFree" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43859.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43859.json index ef2dedda13a..02ed1435c05 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43859.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43859.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43859", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:10.817", - "lastModified": "2024-08-17T10:15:10.817", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to truncate preallocated blocks in f2fs_file_open()\n\nchenyuwen reports a f2fs bug as below:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000011\n fscrypt_set_bio_crypt_ctx+0x78/0x1e8\n f2fs_grab_read_bio+0x78/0x208\n f2fs_submit_page_read+0x44/0x154\n f2fs_get_read_data_page+0x288/0x5f4\n f2fs_get_lock_data_page+0x60/0x190\n truncate_partial_data_page+0x108/0x4fc\n f2fs_do_truncate_blocks+0x344/0x5f0\n f2fs_truncate_blocks+0x6c/0x134\n f2fs_truncate+0xd8/0x200\n f2fs_iget+0x20c/0x5ac\n do_garbage_collect+0x5d0/0xf6c\n f2fs_gc+0x22c/0x6a4\n f2fs_disable_checkpoint+0xc8/0x310\n f2fs_fill_super+0x14bc/0x1764\n mount_bdev+0x1b4/0x21c\n f2fs_mount+0x20/0x30\n legacy_get_tree+0x50/0xbc\n vfs_get_tree+0x5c/0x1b0\n do_new_mount+0x298/0x4cc\n path_mount+0x33c/0x5fc\n __arm64_sys_mount+0xcc/0x15c\n invoke_syscall+0x60/0x150\n el0_svc_common+0xb8/0xf8\n do_el0_svc+0x28/0xa0\n el0_svc+0x24/0x84\n el0t_64_sync_handler+0x88/0xec\n\nIt is because inode.i_crypt_info is not initialized during below path:\n- mount\n - f2fs_fill_super\n - f2fs_disable_checkpoint\n - f2fs_gc\n - f2fs_iget\n - f2fs_truncate\n\nSo, let's relocate truncation of preallocated blocks to f2fs_file_open(),\nafter fscrypt_file_open()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: F2FS: Correcto para truncar los bloques preallocados en F2FS_FILE_OPEN () Chenyuwen informa un error F2FS a continuaci\u00f3n: Ineable para manejar el kernel nulo dreference en la direcci\u00f3n virtual 000000000011 FSCRYPT_SET_BIO_CRYPT_ POTER_ GACT/0X1 ab_read_bio+0x78 /0x208 f2fs_submit_page_read+0x44/0x154 f2fs_get_read_data_page+0x288/0x5f4 f2fs_get_lock_data_page+0x60/0x190 truncate_partial_data_page+0x108/0x4fc f2fs_do_truncate_blocks+0x344/0x5f0 f2fs_truncate_blocks+0x6c/0x134 f2fs_truncate+0xd8/0x200 f2fs_iget+0x20c/0x5ac do_garbage_collect+0x5d0/0xf6c f2fs_gc+0x22c /0x6a4 f2fs_disable_checkpoint+0xc8/0x310 f2fs_fill_super+0x14bc/0x1764 mount_bdev+0x1b4/0x21c f2fs_mount+0x20/0x30 Legacy_get_tree+0x50/0xbc vfs_get_tree+0x5c/0x1b0 8/0x4cc path_mount+0x33c/0x5fc __arm64_sys_mount+0xcc/0x15c invoke_syscall+0x60 /0x150 el0_svc_common+0xb8/0xf8 do_el0_svc+0x28/0xa0 el0_svc+0x24/0x84 el0t_64_sync_handler+0x88/0xec Es porque inode.i_crypt_info no se inicializa durante la siguiente ruta: - mount - f2fs_fill_super - f2fs_disable_checkpoint - fs_gc - f2fs_iget - f2fs_truncate Entonces, reubique el truncamiento de bloques preasignados a f2fs_file_open(), despu\u00e9s de fscrypt_file_open()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43860.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43860.json index c53c68c7eb7..b636cc8ce1b 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43860.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43860.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43860", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:10.887", - "lastModified": "2024-08-19T05:15:10.400", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: imx_rproc: Skip over memory region when node value is NULL\n\nIn imx_rproc_addr_init() \"nph = of_count_phandle_with_args()\" just counts\nnumber of phandles. But phandles may be empty. So of_parse_phandle() in\nthe parsing loop (0 < a < nph) may return NULL which is later dereferenced.\nAdjust this issue by adding NULL-return check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[Fixed title to fit within the prescribed 70-75 charcters]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: remoteproc: imx_rproc: omitir la regi\u00f3n de memoria cuando el valor del nodo es NULL En imx_rproc_addr_init() \"nph = of_count_phandle_with_args()\" solo cuenta el n\u00famero de phandles. Pero los phandles pueden estar vac\u00edos. Por lo tanto, of_parse_phandle() en el bucle de an\u00e1lisis (0 < a < nph) puede devolver NULL, que luego se desreferencia. Ajuste este problema agregando una verificaci\u00f3n de retorno NULL. Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con SVACE. [T\u00edtulo fijo para que se ajuste a los 70-75 caracteres prescritos]" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-440xx/CVE-2024-44067.json b/CVE-2024/CVE-2024-440xx/CVE-2024-44067.json index a49250eb2c1..f989a825821 100644 --- a/CVE-2024/CVE-2024-440xx/CVE-2024-44067.json +++ b/CVE-2024/CVE-2024-440xx/CVE-2024-44067.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44067", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-19T01:15:13.410", - "lastModified": "2024-08-19T01:15:13.410", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The T-Head XuanTie C910 CPU in the TH1520 SoC and the T-Head XuanTie C920 CPU in the SOPHON SG2042 have instructions that allow unprivileged attackers to write to arbitrary physical memory locations, aka GhostWrite." + }, + { + "lang": "es", + "value": "La CPU T-Head XuanTie C910 en el SoC TH1520 y la CPU T-Head XuanTie C920 en SOPHON SG2042 tienen instrucciones que permiten a atacantes sin privilegios escribir en ubicaciones de memoria f\u00edsica arbitrarias, tambi\u00e9n conocido como GhostWrite." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-440xx/CVE-2024-44069.json b/CVE-2024/CVE-2024-440xx/CVE-2024-44069.json index 5524501b21f..00a5cfd7821 100644 --- a/CVE-2024/CVE-2024-440xx/CVE-2024-44069.json +++ b/CVE-2024/CVE-2024-440xx/CVE-2024-44069.json @@ -2,8 +2,8 @@ "id": "CVE-2024-44069", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-19T02:15:04.437", - "lastModified": "2024-08-19T02:15:04.437", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "cve@mitre.org", @@ -16,6 +16,10 @@ { "lang": "en", "value": "Pi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= calls to change the temperature units of the web dashboard. NOTE: the supplier reportedly does \"not consider the bug a security issue\" but the specific motivation for letting arbitrary persons change the value (Celsius, Fahrenheit, or Kelvin), seen by the device owner, is unclear." + }, + { + "lang": "es", + "value": "Pi-hole anterior a 6 permite llamadas admin/api.php?setTempUnit= no autenticadas para cambiar las unidades de temperatura del panel web. NOTA: seg\u00fan se informa, el proveedor \"no considera el error como un problema de seguridad\", pero la motivaci\u00f3n espec\u00edfica para permitir que personas arbitrarias cambien el valor (Celsius, Fahrenheit o Kelvin), visto por el propietario del dispositivo, no est\u00e1 clara." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-440xx/CVE-2024-44070.json b/CVE-2024/CVE-2024-440xx/CVE-2024-44070.json index d75cc00995e..f3fbdffe535 100644 --- a/CVE-2024/CVE-2024-440xx/CVE-2024-44070.json +++ b/CVE-2024/CVE-2024-440xx/CVE-2024-44070.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44070", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-19T02:15:04.643", - "lastModified": "2024-08-19T02:15:04.643", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en FRRouting (FRR) hasta 10.1. bgp_attr_encap en bgpd/bgp_attr.c no verifica la longitud real restante del flujo antes de tomar el valor TLV." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-440xx/CVE-2024-44073.json b/CVE-2024/CVE-2024-440xx/CVE-2024-44073.json index 3223f736ee4..ad253648b0c 100644 --- a/CVE-2024/CVE-2024-440xx/CVE-2024-44073.json +++ b/CVE-2024/CVE-2024-440xx/CVE-2024-44073.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44073", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-19T03:15:03.790", - "lastModified": "2024-08-19T03:15:03.790", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Miniscript (aka rust-miniscript) library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth." + }, + { + "lang": "es", + "value": "La librer\u00eda Miniscript (tambi\u00e9n conocida como rust-miniscript) anterior a 12.2.0 para Rust permite el consumo de pila porque no realiza un seguimiento adecuado de la profundidad del \u00e1rbol." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-440xx/CVE-2024-44076.json b/CVE-2024/CVE-2024-440xx/CVE-2024-44076.json index dc86bb8f128..e22542172c7 100644 --- a/CVE-2024/CVE-2024-440xx/CVE-2024-44076.json +++ b/CVE-2024/CVE-2024-440xx/CVE-2024-44076.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44076", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-19T03:15:03.883", - "lastModified": "2024-08-19T03:15:03.883", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access." + }, + { + "lang": "es", + "value": "En Microcks anterior a 1.10.0, los endpoints POST /api/import y POST /api/export permiten el acceso a no administradores." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-440xx/CVE-2024-44083.json b/CVE-2024/CVE-2024-440xx/CVE-2024-44083.json index c4a24606709..f6dcfea07c7 100644 --- a/CVE-2024/CVE-2024-440xx/CVE-2024-44083.json +++ b/CVE-2024/CVE-2024-440xx/CVE-2024-44083.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44083", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-19T04:15:04.760", - "lastModified": "2024-08-19T04:15:04.760", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that has many jumps linked, and the final jump corresponds to the payload from where the actual entry point will be invoked. NOTE: in many use cases, this is an inconvenience but not a security issue." + }, + { + "lang": "es", + "value": "ida64.dll en Hex-Rays IDA Pro hasta 8.4 falla cuando hay una secci\u00f3n que tiene muchos saltos vinculados, y el salto final corresponde al payload desde donde se invocar\u00e1 el punto de entrada real. NOTA: en muchos casos de uso, esto es un inconveniente pero no un problema de seguridad." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-47xx/CVE-2024-4763.json b/CVE-2024/CVE-2024-47xx/CVE-2024-4763.json index 26b1f6bb26e..fda193f1b6c 100644 --- a/CVE-2024/CVE-2024-47xx/CVE-2024-4763.json +++ b/CVE-2024/CVE-2024-47xx/CVE-2024-4763.json @@ -2,13 +2,17 @@ "id": "CVE-2024-4763", "sourceIdentifier": "psirt@lenovo.com", "published": "2024-08-16T15:15:30.563", - "lastModified": "2024-08-16T15:15:30.563", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An insecure driver vulnerability was reported in\u00a0Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM)\n\n that could allow a local attacker to escalate privileges to kernel." + }, + { + "lang": "es", + "value": "Se inform\u00f3 una vulnerabilidad de controlador inseguro en Lenovo Display Control Center (LDCC) y Lenovo Accessories and Display Manager (LADM) que podr\u00eda permitir a un atacante local escalar privilegios al kernel." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-47xx/CVE-2024-4781.json b/CVE-2024/CVE-2024-47xx/CVE-2024-4781.json index dc201753604..c4b244decb7 100644 --- a/CVE-2024/CVE-2024-47xx/CVE-2024-4781.json +++ b/CVE-2024/CVE-2024-47xx/CVE-2024-4781.json @@ -2,13 +2,17 @@ "id": "CVE-2024-4781", "sourceIdentifier": "psirt@lenovo.com", "published": "2024-08-16T15:15:30.783", - "lastModified": "2024-08-16T15:15:30.783", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to crash printer communications until the system is rebooted." + }, + { + "lang": "es", + "value": "Se inform\u00f3 una vulnerabilidad de denegaci\u00f3n de servicio en algunas impresoras Lenovo que podr\u00eda permitir que un atacante no autenticado en una red compartida bloquee las comunicaciones de la impresora hasta que se reinicie el sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-47xx/CVE-2024-4782.json b/CVE-2024/CVE-2024-47xx/CVE-2024-4782.json index 007d6d3a816..e2e28b8b04b 100644 --- a/CVE-2024/CVE-2024-47xx/CVE-2024-4782.json +++ b/CVE-2024/CVE-2024-47xx/CVE-2024-4782.json @@ -2,13 +2,17 @@ "id": "CVE-2024-4782", "sourceIdentifier": "psirt@lenovo.com", "published": "2024-08-16T15:15:30.967", - "lastModified": "2024-08-16T15:15:30.967", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to disrupt the printer's functionality until a manual system reboot occurs." + }, + { + "lang": "es", + "value": "Se inform\u00f3 una vulnerabilidad de denegaci\u00f3n de servicio en algunas impresoras Lenovo que podr\u00eda permitir que un atacante no autenticado en una red compartida interrumpa la funcionalidad de la impresora hasta que se produzca un reinicio manual del sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5209.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5209.json index a47c2a1fa4e..5235e63a69e 100644 --- a/CVE-2024/CVE-2024-52xx/CVE-2024-5209.json +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5209.json @@ -2,13 +2,17 @@ "id": "CVE-2024-5209", "sourceIdentifier": "psirt@lenovo.com", "published": "2024-08-16T15:15:31.150", - "lastModified": "2024-08-16T15:15:31.150", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printing capabilities until the system is rebooted." + }, + { + "lang": "es", + "value": "Se inform\u00f3 una vulnerabilidad de denegaci\u00f3n de servicio en algunas impresoras Lenovo que podr\u00eda permitir que un atacante no autenticado en una red compartida niegue las capacidades de impresi\u00f3n hasta que se reinicie el sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5210.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5210.json index 276de6c35ec..69f7606d55a 100644 --- a/CVE-2024/CVE-2024-52xx/CVE-2024-5210.json +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5210.json @@ -2,13 +2,17 @@ "id": "CVE-2024-5210", "sourceIdentifier": "psirt@lenovo.com", "published": "2024-08-16T15:15:31.337", - "lastModified": "2024-08-16T15:15:31.337", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to prevent printer services from being reachable until the system is rebooted." + }, + { + "lang": "es", + "value": "Se inform\u00f3 una vulnerabilidad de denegaci\u00f3n de servicio en algunas impresoras Lenovo que podr\u00eda permitir que un atacante no autenticado en una red compartida impida que se pueda acceder a los servicios de la impresora hasta que se reinicie el sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-60xx/CVE-2024-6004.json b/CVE-2024/CVE-2024-60xx/CVE-2024-6004.json index 8f0d8d9658e..8fe51f3ba3b 100644 --- a/CVE-2024/CVE-2024-60xx/CVE-2024-6004.json +++ b/CVE-2024/CVE-2024-60xx/CVE-2024-6004.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6004", "sourceIdentifier": "psirt@lenovo.com", "published": "2024-08-16T15:15:31.527", - "lastModified": "2024-08-16T15:15:31.527", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printer connections until the system is rebooted." + }, + { + "lang": "es", + "value": "Se inform\u00f3 una vulnerabilidad de denegaci\u00f3n de servicio en algunas impresoras Lenovo que podr\u00eda permitir que un atacante no autenticado en una red compartida niegue las conexiones de la impresora hasta que se reinicie el sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-60xx/CVE-2024-6098.json b/CVE-2024/CVE-2024-60xx/CVE-2024-6098.json index 51bddc3ce1a..abfbca5c5d7 100644 --- a/CVE-2024/CVE-2024-60xx/CVE-2024-6098.json +++ b/CVE-2024/CVE-2024-60xx/CVE-2024-6098.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6098", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-08-16T15:15:31.737", - "lastModified": "2024-08-16T15:15:31.737", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "When performing an online tag generation to devices which communicate \nusing the ControlLogix protocol, a machine-in-the-middle, or a device \nthat is not configured correctly, could deliver a response leading to \nunrestricted or unregulated resource allocation. This could cause a \ndenial-of-service condition and crash the Kepware application. By \ndefault, these functions are turned off, yet they remain accessible for \nusers who recognize and require their advantages." + }, + { + "lang": "es", + "value": "Al realizar una generaci\u00f3n de etiquetas en l\u00ednea para dispositivos que se comunican mediante el protocolo ControlLogix, una m\u00e1quina intermedia o un dispositivo que no est\u00e9 configurado correctamente podr\u00eda entregar una respuesta que conduzca a una asignaci\u00f3n de recursos sin restricciones o sin regulaci\u00f3n. Esto podr\u00eda provocar una condici\u00f3n de denegaci\u00f3n de servicio y bloquear la aplicaci\u00f3n Kepware. De forma predeterminada, estas funciones est\u00e1n desactivadas, pero siguen siendo accesibles para los usuarios que reconocen y requieren sus ventajas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-62xx/CVE-2024-6221.json b/CVE-2024/CVE-2024-62xx/CVE-2024-6221.json index 3f055c01e13..1704dae69d1 100644 --- a/CVE-2024/CVE-2024-62xx/CVE-2024-6221.json +++ b/CVE-2024/CVE-2024-62xx/CVE-2024-6221.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6221", "sourceIdentifier": "security@huntr.dev", "published": "2024-08-18T19:15:04.730", - "lastModified": "2024-08-18T19:15:04.730", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en corydolphin/flask-cors versi\u00f3n 4.0.1 permite que el encabezado CORS `Access-Control-Allow-Private-Network` se establezca en verdadero de forma predeterminada, sin ninguna opci\u00f3n de configuraci\u00f3n. Este comportamiento puede exponer los recursos de la red privada a un acceso externo no autorizado, lo que genera importantes riesgos de seguridad, como violaciones de datos, acceso no autorizado a informaci\u00f3n confidencial y posibles intrusiones en la red." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-63xx/CVE-2024-6330.json b/CVE-2024/CVE-2024-63xx/CVE-2024-6330.json index fd05f7db7b6..4e4f76c9a0d 100644 --- a/CVE-2024/CVE-2024-63xx/CVE-2024-6330.json +++ b/CVE-2024/CVE-2024-63xx/CVE-2024-6330.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6330", "sourceIdentifier": "contact@wpscan.com", "published": "2024-08-19T06:15:05.690", - "lastModified": "2024-08-19T06:15:05.690", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution." + }, + { + "lang": "es", + "value": "El complemento GEO my WP WordPress anterior a 4.5.0.2 no impide que atacantes no autenticados incluyan archivos arbitrarios en el contexto de ejecuci\u00f3n de PHP, lo que conduce a la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-64xx/CVE-2024-6451.json b/CVE-2024/CVE-2024-64xx/CVE-2024-6451.json index 92d5caba6eb..24842c2def0 100644 --- a/CVE-2024/CVE-2024-64xx/CVE-2024-6451.json +++ b/CVE-2024/CVE-2024-64xx/CVE-2024-6451.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6451", "sourceIdentifier": "contact@wpscan.com", "published": "2024-08-19T06:15:05.880", - "lastModified": "2024-08-19T06:15:05.880", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "AI Engine < 2.4.3 is susceptible to remote-code-execution (RCE) via Log Poisoning. The AI Engine WordPress plugin before 2.5.1 fails to validate the file extension of \"logs_path\", allowing Administrators to change log filetypes from .log to .php." + }, + { + "lang": "es", + "value": "AI Engine < 2.4.3 es susceptible a la ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s del envenenamiento de registros. El complemento AI Engine WordPress anterior a 2.5.1 no valida la extensi\u00f3n de archivo \"logs_path\", lo que permite a los administradores cambiar los tipos de archivos de registro de .log a .php." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-64xx/CVE-2024-6456.json b/CVE-2024/CVE-2024-64xx/CVE-2024-6456.json index afcae242206..67820ebb435 100644 --- a/CVE-2024/CVE-2024-64xx/CVE-2024-6456.json +++ b/CVE-2024/CVE-2024-64xx/CVE-2024-6456.json @@ -2,8 +2,8 @@ "id": "CVE-2024-6456", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-08-15T21:15:18.047", - "lastModified": "2024-08-15T21:15:18.047", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-64xx/CVE-2024-6459.json b/CVE-2024/CVE-2024-64xx/CVE-2024-6459.json index cc011336b89..bfba8d0347e 100644 --- a/CVE-2024/CVE-2024-64xx/CVE-2024-6459.json +++ b/CVE-2024/CVE-2024-64xx/CVE-2024-6459.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6459", "sourceIdentifier": "contact@wpscan.com", "published": "2024-08-17T06:15:03.973", - "lastModified": "2024-08-17T06:15:03.973", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The News Element Elementor Blog Magazine WordPress plugin before 1.0.6 is vulnerable to Local File Inclusion via the template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files." + }, + { + "lang": "es", + "value": "El complemento News Element Elementor Blog Magazine de WordPress anterior a 1.0.6 es vulnerable a la inclusi\u00f3n de archivos locales a trav\u00e9s del par\u00e1metro de plantilla. Esto hace posible que un atacante no autenticado incluya y ejecute archivos PHP en el servidor, permitiendo la ejecuci\u00f3n de cualquier c\u00f3digo PHP en esos archivos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-64xx/CVE-2024-6460.json b/CVE-2024/CVE-2024-64xx/CVE-2024-6460.json index faa6729452c..52f58d467dc 100644 --- a/CVE-2024/CVE-2024-64xx/CVE-2024-6460.json +++ b/CVE-2024/CVE-2024-64xx/CVE-2024-6460.json @@ -2,8 +2,8 @@ "id": "CVE-2024-6460", "sourceIdentifier": "contact@wpscan.com", "published": "2024-08-16T06:15:04.170", - "lastModified": "2024-08-16T06:15:04.170", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-65xx/CVE-2024-6500.json b/CVE-2024/CVE-2024-65xx/CVE-2024-6500.json index 7f63a632304..815559c9bb0 100644 --- a/CVE-2024/CVE-2024-65xx/CVE-2024-6500.json +++ b/CVE-2024/CVE-2024-65xx/CVE-2024-6500.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6500", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-17T03:15:10.983", - "lastModified": "2024-08-17T03:15:10.983", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'parse_request' function in all versions up to, and including, 1.4.0 (for InPost for WooCommerce) as well as 1.4.4 (for InPost PL). This makes it possible for unauthenticated attackers to read and delete arbitrary files on Windows servers. On Linux servers, only files within the WordPress install will be deleted, but all files can be read." + }, + { + "lang": "es", + "value": "El complemento InPost para WooCommerce y el complemento InPost PL para WordPress son vulnerables al acceso no autorizado y a la eliminaci\u00f3n de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'parse_request' en todas las versiones hasta la 1.4.0 incluida (para InPost para WooCommerce) as\u00ed como 1.4.4 (para InPost PL). Esto hace posible que atacantes no autenticados lean y eliminen archivos arbitrarios en servidores Windows. En los servidores Linux, solo se eliminar\u00e1n los archivos dentro de la instalaci\u00f3n de WordPress, pero se podr\u00e1n leer todos los archivos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-67xx/CVE-2024-6731.json b/CVE-2024/CVE-2024-67xx/CVE-2024-6731.json index e0563b3f1b1..32e7c803d26 100644 --- a/CVE-2024/CVE-2024-67xx/CVE-2024-6731.json +++ b/CVE-2024/CVE-2024-67xx/CVE-2024-6731.json @@ -2,8 +2,8 @@ "id": "CVE-2024-6731", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-14T22:15:02.937", - "lastModified": "2024-08-06T11:16:07.010", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-08-19T13:27:46.773", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -120,22 +140,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oretnom23:student_study_center_desk_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "1DD3233D-01A2-4779-9E48-F3495A5E56D1" + } + ] + } + ] + } + ], "references": [ { "url": "https://reports-kunull.vercel.app/CVEs/2024/CVE-2024-6731", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.271449", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.271449", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.374362", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-67xx/CVE-2024-6732.json b/CVE-2024/CVE-2024-67xx/CVE-2024-6732.json index 3304dad641d..9c904661164 100644 --- a/CVE-2024/CVE-2024-67xx/CVE-2024-6732.json +++ b/CVE-2024/CVE-2024-67xx/CVE-2024-6732.json @@ -2,8 +2,8 @@ "id": "CVE-2024-6732", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-14T23:15:01.973", - "lastModified": "2024-08-06T11:16:07.173", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-08-19T13:30:45.700", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -120,22 +140,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oretnom23:student_study_center_desk_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "1DD3233D-01A2-4779-9E48-F3495A5E56D1" + } + ] + } + ] + } + ], "references": [ { "url": "https://reports-kunull.vercel.app/CVEs/2024/CVE-2024-6732", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.271450", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.271450", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.374370", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-68xx/CVE-2024-6843.json b/CVE-2024/CVE-2024-68xx/CVE-2024-6843.json index cd7033fa8f4..03a66c31ce5 100644 --- a/CVE-2024/CVE-2024-68xx/CVE-2024-6843.json +++ b/CVE-2024/CVE-2024-68xx/CVE-2024-6843.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6843", "sourceIdentifier": "contact@wpscan.com", "published": "2024-08-19T06:15:06.043", - "lastModified": "2024-08-19T06:15:06.043", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not sanitise and escape user inputs, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins" + }, + { + "lang": "es", + "value": "El Chatbot con el complemento ChatGPT de WordPress anterior a 2.4.5 no desinfecta ni escapa a las entradas de los usuarios, lo que podr\u00eda permitir a usuarios no autenticados realizar ataques de Cross-Site Scripting Almacenado contra administradores." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7136.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7136.json index 30313d360ba..c6e177582a3 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7136.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7136.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7136", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-16T11:15:04.027", - "lastModified": "2024-08-16T11:15:04.027", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7144.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7144.json index 229c0f3b86c..13a115dcfb1 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7144.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7144.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7144", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-16T14:15:14.690", - "lastModified": "2024-08-16T14:15:14.690", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'slide_id' parameters in all versions up to, and including, 2.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento JetElements para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de los par\u00e1metros 'id' y 'slide_id' en todas las versiones hasta la 2.6.20 incluida debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de Colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7145.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7145.json index 3fb974e2044..1e3b210bec8 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7145.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7145.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7145", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-16T14:15:15.187", - "lastModified": "2024-08-16T14:15:15.187", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The JetElements plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.20 via the 'progress_type' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included." + }, + { + "lang": "es", + "value": "El complemento JetElements para WordPress es vulnerable a la inclusi\u00f3n de archivos locales en todas las versiones hasta la 2.6.20 incluida a trav\u00e9s del par\u00e1metro 'progress_type'. Esto hace posible que atacantes autenticados, con acceso de nivel Colaborador y superior, incluyan y ejecuten archivos arbitrarios en el servidor, permitiendo la ejecuci\u00f3n de cualquier c\u00f3digo PHP en esos archivos. Esto se puede utilizar para eludir los controles de acceso, obtener datos confidenciales o lograr la ejecuci\u00f3n de c\u00f3digo en los casos en que se puedan cargar e incluir im\u00e1genes y otros tipos de archivos \"seguros\"." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7146.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7146.json index c48ea30ce00..a7e711acd04 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7146.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7146.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7146", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-16T11:15:04.230", - "lastModified": "2024-08-16T11:15:04.230", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7147.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7147.json index f3852f8ae26..4592fd3db45 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7147.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7147.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7147", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-16T11:15:04.423", - "lastModified": "2024-08-16T11:15:04.423", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-73xx/CVE-2024-7301.json b/CVE-2024/CVE-2024-73xx/CVE-2024-7301.json index 3db04ab8792..0a4cba429ed 100644 --- a/CVE-2024/CVE-2024-73xx/CVE-2024-7301.json +++ b/CVE-2024/CVE-2024-73xx/CVE-2024-7301.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7301", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-16T05:15:12.177", - "lastModified": "2024-08-16T05:15:12.177", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-74xx/CVE-2024-7422.json b/CVE-2024/CVE-2024-74xx/CVE-2024-7422.json index 6408ee4c4b1..b9a89758760 100644 --- a/CVE-2024/CVE-2024-74xx/CVE-2024-7422.json +++ b/CVE-2024/CVE-2024-74xx/CVE-2024-7422.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7422", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-16T04:15:07.497", - "lastModified": "2024-08-16T04:15:07.497", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-75xx/CVE-2024-7501.json b/CVE-2024/CVE-2024-75xx/CVE-2024-7501.json index a48f6016a89..bce9959ab06 100644 --- a/CVE-2024/CVE-2024-75xx/CVE-2024-7501.json +++ b/CVE-2024/CVE-2024-75xx/CVE-2024-7501.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7501", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-16T07:15:05.003", - "lastModified": "2024-08-16T07:15:05.003", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-76xx/CVE-2024-7630.json b/CVE-2024/CVE-2024-76xx/CVE-2024-7630.json index 520ec0bdf68..5d465314b68 100644 --- a/CVE-2024/CVE-2024-76xx/CVE-2024-7630.json +++ b/CVE-2024/CVE-2024-76xx/CVE-2024-7630.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7630", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-16T03:15:10.093", - "lastModified": "2024-08-16T03:15:10.093", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-76xx/CVE-2024-7646.json b/CVE-2024/CVE-2024-76xx/CVE-2024-7646.json index 0349ede5024..13158f2d320 100644 --- a/CVE-2024/CVE-2024-76xx/CVE-2024-7646.json +++ b/CVE-2024/CVE-2024-76xx/CVE-2024-7646.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7646", "sourceIdentifier": "jordan@liggitt.net", "published": "2024-08-16T18:15:10.970", - "lastModified": "2024-08-16T18:15:10.970", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema de seguridad en ingress-nginx donde un actor con permiso para crear objetos de Ingress (en el grupo API `networking.k8s.io` o `extensions`) puede omitir la validaci\u00f3n de anotaciones para inyectar comandos arbitrarios y obtener las credenciales del controlador ingress-nginx. En la configuraci\u00f3n predeterminada, esa credencial tiene acceso a todos los secretos del cl\u00faster." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-77xx/CVE-2024-7703.json b/CVE-2024/CVE-2024-77xx/CVE-2024-7703.json index f15b672ef43..33d11d4e156 100644 --- a/CVE-2024/CVE-2024-77xx/CVE-2024-7703.json +++ b/CVE-2024/CVE-2024-77xx/CVE-2024-7703.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7703", "sourceIdentifier": "security@wordfence.com", "published": "2024-08-17T12:15:04.530", - "lastModified": "2024-08-17T12:15:04.530", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.0.37 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + }, + { + "lang": "es", + "value": "El complemento ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de cargas de archivos SVG en todas las versiones hasta la 4.0.37 incluida debido a una desinfecci\u00f3n de entrada insuficiente y salida que se escapa. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda al archivo SVG." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7838.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7838.json index eec85f5aa5b..c11d2029e6a 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7838.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7838.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7838", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-15T20:15:18.457", - "lastModified": "2024-08-15T20:15:18.457", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7839.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7839.json index a77c06fea96..278031bb37f 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7839.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7839.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7839", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-15T21:15:18.237", - "lastModified": "2024-08-15T21:15:18.237", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7841.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7841.json index 331d819184b..8224c87d9df 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7841.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7841.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7841", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-15T22:15:07.020", - "lastModified": "2024-08-15T22:15:07.020", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7842.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7842.json index ded8828d0d8..0056208f613 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7842.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7842.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7842", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-15T22:15:07.310", - "lastModified": "2024-08-15T22:15:07.310", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7843.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7843.json index 003656eaea7..ce6e4b02eac 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7843.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7843.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7843", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-15T23:15:10.453", - "lastModified": "2024-08-15T23:15:10.453", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7844.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7844.json index b67bc515f0d..840bf2bdb79 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7844.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7844.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7844", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-15T23:15:10.740", - "lastModified": "2024-08-15T23:15:10.740", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7845.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7845.json index fdea5b7a714..8884d2a7f10 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7845.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7845.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7845", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-16T02:15:18.080", - "lastModified": "2024-08-16T02:15:18.080", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7849.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7849.json index d712ce8c470..c7e75cfaef9 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7849.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7849.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7849", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-16T02:15:18.420", - "lastModified": "2024-08-16T02:15:18.420", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "cna@vuldb.com", diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7851.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7851.json index c16a7af8120..426a00774d4 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7851.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7851.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7851", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-16T02:15:18.720", - "lastModified": "2024-08-16T02:15:18.720", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7852.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7852.json index 3a9863767d7..8ff87feb8a2 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7852.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7852.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7852", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-16T02:15:18.960", - "lastModified": "2024-08-16T02:15:18.960", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7853.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7853.json index 3161fec865c..9f4dfd23075 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7853.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7853.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7853", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-16T02:15:19.217", - "lastModified": "2024-08-16T02:15:19.217", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7866.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7866.json index 4e896c02cbd..82efb1f75f8 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7866.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7866.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7866", "sourceIdentifier": "xpdf@xpdfreader.com", "published": "2024-08-15T20:15:18.793", - "lastModified": "2024-08-15T20:15:18.793", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7867.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7867.json index de0f2895094..6deef647c8a 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7867.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7867.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7867", "sourceIdentifier": "xpdf@xpdfreader.com", "published": "2024-08-15T20:15:18.967", - "lastModified": "2024-08-15T20:15:18.967", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7868.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7868.json index 661ae489941..c194626a7d2 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7868.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7868.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7868", "sourceIdentifier": "xpdf@xpdfreader.com", "published": "2024-08-15T21:15:18.530", - "lastModified": "2024-08-15T21:15:18.530", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7886.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7886.json index 3fa40ce98c6..16a48f95075 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7886.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7886.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7886", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-16T22:15:04.267", - "lastModified": "2024-08-17T08:15:06.513", - "vulnStatus": "Received", + "lastModified": "2024-08-19T13:00:23.117", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "cna@vuldb.com", @@ -16,6 +16,10 @@ { "lang": "en", "value": "A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5.15075 and classified as critical. Affected by this vulnerability is an unknown functionality in the library 7zxa.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The real existence of this vulnerability is still doubted at the moment. NOTE: The vendor explains that a system must be breached before exploiting this issue." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en Scooter Software Beyond Compare hasta 3.3.5.15075 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida en la librer\u00eda 7zxa.dll es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a una ruta de b\u00fasqueda incontrolada. Atacar localmente es un requisito. Por el momento todav\u00eda se duda de la existencia real de esta vulnerabilidad. NOTA: El proveedor explica que se debe vulnerar un sistema antes de explotar este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7887.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7887.json index b588022d5f8..4d07638fe8e 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7887.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7887.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7887", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-17T09:15:12.040", - "lastModified": "2024-08-17T09:15:12.040", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in LimeSurvey 6.3.0-231016 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php of the component File Upload. The manipulation of the argument size leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en LimeSurvey 6.3.0-231016 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /index.php del componente File Upload es afectada por esta vulnerabilidad. La manipulaci\u00f3n del tama\u00f1o del argumento conduce a la denegaci\u00f3n de servicio. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7896.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7896.json index c4eec7c54bd..c9eb7d8f8e5 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7896.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7896.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7896", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-17T14:15:12.303", - "lastModified": "2024-08-17T14:15:12.303", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability was found in Tosei Online Store Management System \u30cd\u30c3\u30c8\u5e97\u8217\u7ba1\u7406\u30b7\u30b9\u30c6\u30e0 4.02/4.03/4.04. It has been rated as critical. Affected by this issue is some unknown functionality of the file /cgi-bin/p1_ftpserver.php. The manipulation of the argument adr_txt leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + "value": "A vulnerability was found in Tosei Online Store Management System ??????????? 4.02/4.03/4.04. It has been rated as critical. Affected by this issue is some unknown functionality of the file /cgi-bin/p1_ftpserver.php. The manipulation of the argument adr_txt leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Tosei Online Store Management System 4.02/4.03/4.04. Ha sido calificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /cgi-bin/p1_ftpserver.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento adr_txt conduce a la inyecci\u00f3n de comandos. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7897.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7897.json index 8448efa99ee..d379a900ad7 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7897.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7897.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7897", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-17T15:15:11.597", - "lastModified": "2024-08-17T15:15:11.597", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability classified as critical has been found in Tosei Online Store Management System \u30cd\u30c3\u30c8\u5e97\u8217\u7ba1\u7406\u30b7\u30b9\u30c6\u30e0 4.02/4.03/4.04. This affects an unknown part of the file /cgi-bin/tosei_kikai.php. The manipulation of the argument kikaibangou leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + "value": "A vulnerability classified as critical has been found in Tosei Online Store Management System ??????????? 4.02/4.03/4.04. This affects an unknown part of the file /cgi-bin/tosei_kikai.php. The manipulation of the argument kikaibangou leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en Tosei Online Store Management System 4.02/4.03/4.04 y clasificada como cr\u00edtica. Esto afecta a una parte desconocida del archivo /cgi-bin/tosei_kikai.php. La manipulaci\u00f3n del argumento kikaibangou conduce a la inyecci\u00f3n de comandos. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7898.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7898.json index bddf9e4674b..a891f1bd2e4 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7898.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7898.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7898", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-17T18:15:04.250", - "lastModified": "2024-08-17T18:15:04.250", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability classified as critical was found in Tosei Online Store Management System \u30cd\u30c3\u30c8\u5e97\u8217\u7ba1\u7406\u30b7\u30b9\u30c6\u30e0 4.02/4.03/4.04. This vulnerability affects unknown code of the component Backend. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + "value": "A vulnerability classified as critical was found in Tosei Online Store Management System ??????????? 4.02/4.03/4.04. This vulnerability affects unknown code of the component Backend. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en Tosei Online Store Management System 4.02/4.03/4.04 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del componente Backend. La manipulaci\u00f3n conduce al uso de credenciales predeterminadas. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7899.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7899.json index e319c910f6c..7c498ff57cc 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7899.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7899.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7899", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-17T19:15:03.267", - "lastModified": "2024-08-17T19:15:03.267", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in InnoCMS 0.3.1. This issue affects some unknown processing of the file /panel/pages/1/edit of the component Backend. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en InnoCMS 0.3.1 y clasificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo /panel/pages/1/edit del componente Backend. La manipulaci\u00f3n conduce a la inyecci\u00f3n de c\u00f3digo. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-79xx/CVE-2024-7900.json b/CVE-2024/CVE-2024-79xx/CVE-2024-7900.json index 0bd1e95e664..74288abb30e 100644 --- a/CVE-2024/CVE-2024-79xx/CVE-2024-7900.json +++ b/CVE-2024/CVE-2024-79xx/CVE-2024-7900.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7900", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-17T20:15:04.303", - "lastModified": "2024-08-17T20:15:04.303", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, was found in xiaohe4966 TpMeCMS 1.3.3.2. Affected is an unknown function of the file /h.php/general/config?ref=addtabs of the component Basic Configuration Handler. The manipulation of the argument Site Name/Beian/Contact address/copyright/technical support leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en xiaohe4966 TpMeCMS 1.3.3.2 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /h.php/general/config?ref=addtabs del componente Basic Configuration Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento Nombre del sitio/Beian/Direcci\u00f3n de contacto/derechos de autor/soporte t\u00e9cnico conduce a Cross-Site Scripting. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-79xx/CVE-2024-7901.json b/CVE-2024/CVE-2024-79xx/CVE-2024-7901.json index 63a18584e22..0f71077f490 100644 --- a/CVE-2024/CVE-2024-79xx/CVE-2024-7901.json +++ b/CVE-2024/CVE-2024-79xx/CVE-2024-7901.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7901", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-17T21:15:03.773", - "lastModified": "2024-08-17T21:15:03.773", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in Scada-LTS 2.7.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/app.shtm#/alarms/Scada of the component Message Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en Scada-LTS 2.7.8 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /Scada-LTS/app.shtm#/alarms/Scada del componente Message Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a Cross-Site Scripting. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-79xx/CVE-2024-7902.json b/CVE-2024/CVE-2024-79xx/CVE-2024-7902.json index c6738ba7d55..273e1f45265 100644 --- a/CVE-2024/CVE-2024-79xx/CVE-2024-7902.json +++ b/CVE-2024/CVE-2024-79xx/CVE-2024-7902.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7902", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-17T22:15:04.190", - "lastModified": "2024-08-17T22:15:04.190", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in pkp ojs up to 3.4.0-6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login/signOut. The manipulation of the argument source with the input .example.com leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en pkp ojs hasta 3.4.0-6 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /login/signOut es afectada por este problema. La manipulaci\u00f3n del argumento fuente con la entrada .example.com conduce a una redirecci\u00f3n abierta. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-79xx/CVE-2024-7903.json b/CVE-2024/CVE-2024-79xx/CVE-2024-7903.json index f1d131a2052..db33f1ba169 100644 --- a/CVE-2024/CVE-2024-79xx/CVE-2024-7903.json +++ b/CVE-2024/CVE-2024-79xx/CVE-2024-7903.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7903", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-18T07:15:03.763", - "lastModified": "2024-08-18T07:15:03.763", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in DedeBIZ 6.3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/media_add.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en DedeBIZ 6.3.0. Ha sido declarada cr\u00edtica. Una funci\u00f3n desconocida del archivo admin/media_add.php del componente File Extension Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento upfile1 conduce a una carga sin restricciones. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-79xx/CVE-2024-7904.json b/CVE-2024/CVE-2024-79xx/CVE-2024-7904.json index 6829283f424..fd79f156b97 100644 --- a/CVE-2024/CVE-2024-79xx/CVE-2024-7904.json +++ b/CVE-2024/CVE-2024-79xx/CVE-2024-7904.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7904", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-18T09:15:04.973", - "lastModified": "2024-08-18T09:15:04.973", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in DedeBIZ 6.3.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/file_manage_control.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en DedeBIZ 6.3.0. Ha sido calificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo admin/file_manage_control.php del componente File Extension Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento upfile1 conduce a una carga sin restricciones. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-79xx/CVE-2024-7905.json b/CVE-2024/CVE-2024-79xx/CVE-2024-7905.json index dd6d10a4bc7..d8588f4c2ff 100644 --- a/CVE-2024/CVE-2024-79xx/CVE-2024-7905.json +++ b/CVE-2024/CVE-2024-79xx/CVE-2024-7905.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7905", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-18T12:15:04.397", - "lastModified": "2024-08-18T12:15:04.397", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in DedeBIZ 6.3.0. This affects the function AdminUpload of the file admin/archives_do.php. The manipulation of the argument litpic leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en DedeBIZ 6.3.0 y clasificada como cr\u00edtica. Esto afecta a la funci\u00f3n AdminUpload del archivo admin/archives_do.php. La manipulaci\u00f3n del argumento litpic conduce a una carga sin restricciones. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-79xx/CVE-2024-7906.json b/CVE-2024/CVE-2024-79xx/CVE-2024-7906.json index 0f98bd966f9..bd352ccf21b 100644 --- a/CVE-2024/CVE-2024-79xx/CVE-2024-7906.json +++ b/CVE-2024/CVE-2024-79xx/CVE-2024-7906.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7906", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-18T14:15:09.593", - "lastModified": "2024-08-18T14:15:09.593", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in DedeBIZ 6.3.0. This vulnerability affects the function get_mime_type of the file /admin/dialog/select_images_post.php of the component Attachment Settings. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en DedeBIZ 6.3.0 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta la funci\u00f3n get_mime_type del archivo /admin/dialog/select_images_post.php del componente Attachment Settings. La manipulaci\u00f3n del argumento upload conduce a una carga sin restricciones. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-79xx/CVE-2024-7907.json b/CVE-2024/CVE-2024-79xx/CVE-2024-7907.json index 578738028d0..4ef0a019f5d 100644 --- a/CVE-2024/CVE-2024-79xx/CVE-2024-7907.json +++ b/CVE-2024/CVE-2024-79xx/CVE-2024-7907.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7907", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-18T16:15:04.193", - "lastModified": "2024-08-18T16:15:04.193", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en TOTOLINK X6000R 9.4.0cu.852_20230719 y clasificada como cr\u00edtica. Este problema afecta la funci\u00f3n setSyslogCfg del archivo /cgi-bin/cstecgi.cgi. La manipulaci\u00f3n del argumento rtLogServer conduce a la inyecci\u00f3n de comandos. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-79xx/CVE-2024-7908.json b/CVE-2024/CVE-2024-79xx/CVE-2024-7908.json index 055c5d42703..edd7dc1618d 100644 --- a/CVE-2024/CVE-2024-79xx/CVE-2024-7908.json +++ b/CVE-2024/CVE-2024-79xx/CVE-2024-7908.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7908", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-18T17:15:03.557", - "lastModified": "2024-08-18T17:15:03.557", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en TOTOLINK EX1200L 9.3.5u.6146_B20201023 y clasificada como cr\u00edtica. La funci\u00f3n setDefResponse del fichero /www/cgi-bin/cstecgi.cgi es afectada por la vulnerabilidad. La manipulaci\u00f3n del argumento IpAddress provoca un desbordamiento del b\u00fafer basado en pila. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-79xx/CVE-2024-7909.json b/CVE-2024/CVE-2024-79xx/CVE-2024-7909.json index b8386c6f277..b04b8004baf 100644 --- a/CVE-2024/CVE-2024-79xx/CVE-2024-7909.json +++ b/CVE-2024/CVE-2024-79xx/CVE-2024-7909.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7909", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-18T18:15:04.290", - "lastModified": "2024-08-18T18:15:04.290", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en TOTOLINK EX1200L 9.3.5u.6146_B20201023 y clasificada como cr\u00edtica. La funci\u00f3n setLanguageCfg del archivo /www/cgi-bin/cstecgi.cgi es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento langType provoca un desbordamiento del b\u00fafer basado en pila. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-79xx/CVE-2024-7910.json b/CVE-2024/CVE-2024-79xx/CVE-2024-7910.json index f1ee465eba2..25335cbdacf 100644 --- a/CVE-2024/CVE-2024-79xx/CVE-2024-7910.json +++ b/CVE-2024/CVE-2024-79xx/CVE-2024-7910.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7910", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-18T19:15:05.003", - "lastModified": "2024-08-18T19:15:05.003", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php of the component Profile Photo Update Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en CodeAstro Online Railway Reservation System 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /admin/emp-profile-avatar.php del componente Profile Photo Update Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a una carga sin restricciones. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-79xx/CVE-2024-7911.json b/CVE-2024/CVE-2024-79xx/CVE-2024-7911.json index 06e32e9ca58..d8709cdff11 100644 --- a/CVE-2024/CVE-2024-79xx/CVE-2024-7911.json +++ b/CVE-2024/CVE-2024-79xx/CVE-2024-7911.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7911", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-18T20:15:04.260", - "lastModified": "2024-08-18T20:15:04.260", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. This affects an unknown part of the file /simple-online-bidding-system/bidding/index.php. The manipulation of the argument page leads to file inclusion. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester Simple Online Bidding System 1.0. Ha sido clasificada como cr\u00edtica. Esto afecta a una parte desconocida del archivo /simple-online-bidding-system/bidding/index.php. La manipulaci\u00f3n de la p\u00e1gina de argumentos conduce a la inclusi\u00f3n del archivo. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-79xx/CVE-2024-7912.json b/CVE-2024/CVE-2024-79xx/CVE-2024-7912.json index 4f8c30002bb..f47604eb4ae 100644 --- a/CVE-2024/CVE-2024-79xx/CVE-2024-7912.json +++ b/CVE-2024/CVE-2024-79xx/CVE-2024-7912.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7912", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-18T22:15:12.223", - "lastModified": "2024-08-18T22:15:12.223", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in CodeAstro Online Railway Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/assets/. The manipulation leads to exposure of information through directory listing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en CodeAstro Online Railway Reservation System 1.0. Ha sido declarada problem\u00e1tica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /admin/assets/. La manipulaci\u00f3n conduce a la exposici\u00f3n de informaci\u00f3n a trav\u00e9s de listados de directorios. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-79xx/CVE-2024-7913.json b/CVE-2024/CVE-2024-79xx/CVE-2024-7913.json index beca70214d5..4958f5a915b 100644 --- a/CVE-2024/CVE-2024-79xx/CVE-2024-7913.json +++ b/CVE-2024/CVE-2024-79xx/CVE-2024-7913.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7913", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-18T22:15:12.480", - "lastModified": "2024-08-18T22:15:12.480", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in itsourcecode Billing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /addclient1.php. The manipulation of the argument lname/fname/mi/address/contact/meterReader leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en itsourcecode Billing System 1.0. Ha sido calificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo /addclient1.php. La manipulaci\u00f3n del argumento lname/fname/mi/address/contact/meterReader conduce a la inyecci\u00f3n de SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-79xx/CVE-2024-7914.json b/CVE-2024/CVE-2024-79xx/CVE-2024-7914.json index ac305bd726e..e888f5a90f2 100644 --- a/CVE-2024/CVE-2024-79xx/CVE-2024-7914.json +++ b/CVE-2024/CVE-2024-79xx/CVE-2024-7914.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7914", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-18T22:15:12.737", - "lastModified": "2024-08-18T22:15:12.737", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic has been found in SourceCodester Yoga Class Registration System 1.0. Affected is an unknown function of the file /php-ycrs/classes/SystemSettings.php. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en SourceCodester Yoga Class Registration System 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /php-ycrs/classes/SystemSettings.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento direcci\u00f3n conduce a Cross-Site Scripting. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-79xx/CVE-2024-7916.json b/CVE-2024/CVE-2024-79xx/CVE-2024-7916.json index f6d8a06c63d..70f38d46a5b 100644 --- a/CVE-2024/CVE-2024-79xx/CVE-2024-7916.json +++ b/CVE-2024/CVE-2024-79xx/CVE-2024-7916.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7916", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-18T23:15:03.780", - "lastModified": "2024-08-18T23:15:03.780", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic was found in nafisulbari/itsourcecode Insurance Management System 1.0. Affected by this vulnerability is an unknown functionality of the file addNominee.php of the component Add Nominee Page. The manipulation of the argument Nominee-Client ID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en nafisulbari/itsourcecode Insurance Management System 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo addNominee.php del componente Add Nominee Page es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento Nominee-Client ID conduce a Cross-Site Scripting. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-79xx/CVE-2024-7917.json b/CVE-2024/CVE-2024-79xx/CVE-2024-7917.json index 3818a1696d4..12b5af7d6da 100644 --- a/CVE-2024/CVE-2024-79xx/CVE-2024-7917.json +++ b/CVE-2024/CVE-2024-79xx/CVE-2024-7917.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7917", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-18T23:15:04.047", - "lastModified": "2024-08-18T23:15:04.047", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument site_favicon leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en DouPHP 1.7 Release 20220822 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /admin/system.php del componente Favicon Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento site_favicon conduce a una carga sin restricciones. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-79xx/CVE-2024-7919.json b/CVE-2024/CVE-2024-79xx/CVE-2024-7919.json index 563531b1c81..39f48c3d022 100644 --- a/CVE-2024/CVE-2024-79xx/CVE-2024-7919.json +++ b/CVE-2024/CVE-2024-79xx/CVE-2024-7919.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7919", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-19T00:15:04.310", - "lastModified": "2024-08-19T00:15:04.310", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. This issue affects some unknown processing of the file /report/ParkChargeRecord/GetDataList. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 hasta 20240805 y clasificada como cr\u00edtica. Este problema afecta a un procesamiento desconocido del archivo /report/ParkChargeRecord/GetDataList. La manipulaci\u00f3n conduce a controles de acceso inadecuados. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-79xx/CVE-2024-7920.json b/CVE-2024/CVE-2024-79xx/CVE-2024-7920.json index f57ecec9657..f8f093d45f9 100644 --- a/CVE-2024/CVE-2024-79xx/CVE-2024-7920.json +++ b/CVE-2024/CVE-2024-79xx/CVE-2024-7920.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7920", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-19T00:15:04.570", - "lastModified": "2024-08-19T00:15:04.570", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, was found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. Affected is an unknown function of the file /Report/ParkCommon/GetParkInThroughDeivces. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 hasta 20240805 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /Report/ParkCommon/GetParkInThroughDeivces es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a controles de acceso inadecuados. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-79xx/CVE-2024-7921.json b/CVE-2024/CVE-2024-79xx/CVE-2024-7921.json index 53499120349..780ced9515c 100644 --- a/CVE-2024/CVE-2024-79xx/CVE-2024-7921.json +++ b/CVE-2024/CVE-2024-79xx/CVE-2024-7921.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7921", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-19T03:15:03.967", - "lastModified": "2024-08-19T03:15:03.967", - "vulnStatus": "Received", + "lastModified": "2024-08-19T12:59:59.177", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /report/ParkOutRecord/GetDataList. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 hasta 20240805 y clasificada como problem\u00e1tica. Una funcionalidad desconocida del archivo /report/ParkOutRecord/GetDataList es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a controles de acceso inadecuados. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/README.md b/README.md index e103de893f1..54f87abcf93 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-08-19T10:00:16.886277+00:00 +2024-08-19T14:00:19.612838+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-08-19T09:15:04.283000+00:00 +2024-08-19T13:53:27.237000+00:00 ``` ### Last Data Feed Release @@ -38,16 +38,39 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `0` -- [CVE-2024-42675](CVE-2024/CVE-2024-426xx/CVE-2024-42675.json) (`2024-08-19T09:15:04.283`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `322` -- [CVE-2024-25582](CVE-2024/CVE-2024-255xx/CVE-2024-25582.json) (`2024-08-19T08:15:06.977`) +- [CVE-2024-7887](CVE-2024/CVE-2024-78xx/CVE-2024-7887.json) (`2024-08-19T12:59:59.177`) +- [CVE-2024-7896](CVE-2024/CVE-2024-78xx/CVE-2024-7896.json) (`2024-08-19T12:59:59.177`) +- [CVE-2024-7897](CVE-2024/CVE-2024-78xx/CVE-2024-7897.json) (`2024-08-19T12:59:59.177`) +- [CVE-2024-7898](CVE-2024/CVE-2024-78xx/CVE-2024-7898.json) (`2024-08-19T12:59:59.177`) +- [CVE-2024-7899](CVE-2024/CVE-2024-78xx/CVE-2024-7899.json) (`2024-08-19T12:59:59.177`) +- [CVE-2024-7900](CVE-2024/CVE-2024-79xx/CVE-2024-7900.json) (`2024-08-19T12:59:59.177`) +- [CVE-2024-7901](CVE-2024/CVE-2024-79xx/CVE-2024-7901.json) (`2024-08-19T12:59:59.177`) +- [CVE-2024-7902](CVE-2024/CVE-2024-79xx/CVE-2024-7902.json) (`2024-08-19T12:59:59.177`) +- [CVE-2024-7903](CVE-2024/CVE-2024-79xx/CVE-2024-7903.json) (`2024-08-19T12:59:59.177`) +- [CVE-2024-7904](CVE-2024/CVE-2024-79xx/CVE-2024-7904.json) (`2024-08-19T12:59:59.177`) +- [CVE-2024-7905](CVE-2024/CVE-2024-79xx/CVE-2024-7905.json) (`2024-08-19T12:59:59.177`) +- [CVE-2024-7906](CVE-2024/CVE-2024-79xx/CVE-2024-7906.json) (`2024-08-19T12:59:59.177`) +- [CVE-2024-7907](CVE-2024/CVE-2024-79xx/CVE-2024-7907.json) (`2024-08-19T12:59:59.177`) +- [CVE-2024-7908](CVE-2024/CVE-2024-79xx/CVE-2024-7908.json) (`2024-08-19T12:59:59.177`) +- [CVE-2024-7909](CVE-2024/CVE-2024-79xx/CVE-2024-7909.json) (`2024-08-19T12:59:59.177`) +- [CVE-2024-7910](CVE-2024/CVE-2024-79xx/CVE-2024-7910.json) (`2024-08-19T12:59:59.177`) +- [CVE-2024-7911](CVE-2024/CVE-2024-79xx/CVE-2024-7911.json) (`2024-08-19T12:59:59.177`) +- [CVE-2024-7912](CVE-2024/CVE-2024-79xx/CVE-2024-7912.json) (`2024-08-19T12:59:59.177`) +- [CVE-2024-7913](CVE-2024/CVE-2024-79xx/CVE-2024-7913.json) (`2024-08-19T12:59:59.177`) +- [CVE-2024-7914](CVE-2024/CVE-2024-79xx/CVE-2024-7914.json) (`2024-08-19T12:59:59.177`) +- [CVE-2024-7916](CVE-2024/CVE-2024-79xx/CVE-2024-7916.json) (`2024-08-19T12:59:59.177`) +- [CVE-2024-7917](CVE-2024/CVE-2024-79xx/CVE-2024-7917.json) (`2024-08-19T12:59:59.177`) +- [CVE-2024-7919](CVE-2024/CVE-2024-79xx/CVE-2024-7919.json) (`2024-08-19T12:59:59.177`) +- [CVE-2024-7920](CVE-2024/CVE-2024-79xx/CVE-2024-7920.json) (`2024-08-19T12:59:59.177`) +- [CVE-2024-7921](CVE-2024/CVE-2024-79xx/CVE-2024-7921.json) (`2024-08-19T12:59:59.177`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 00ebab688ed..d73e8615322 100644 --- a/_state.csv +++ b/_state.csv @@ -189105,7 +189105,7 @@ CVE-2022-1747,0,0,bafa5286a3494dd30b7fb882a00a0054ddc541eda9b16acbd255fa32e7fc8f CVE-2022-1748,0,0,9df97bde137dc4b46943a8a2305876d3589d355a4d2ec5d1e31f1fe75fadeeb2,2022-08-19T12:37:30.193000 CVE-2022-1749,0,0,bfca574a5bbc687200f1987d319d8606072dc3b1402f9c5cc06797de211631ac,2023-11-07T03:42:10.207000 CVE-2022-1750,0,0,a5e78d8fa2a4d9c9c15997691e2d6c3667c16a2ee8307fec39636869ba5accf8,2023-11-07T03:42:10.540000 -CVE-2022-1751,0,0,3642c4fdacf9f230954d9ecb0d483398e87eda189a254c834273e48ea2abf997,2024-08-17T08:15:04.550000 +CVE-2022-1751,0,1,6694f75e5776168365ec69b1f13fd03e55048fb9d1d240205efabad824c598db,2024-08-19T13:00:23.117000 CVE-2022-1752,0,0,c1d4b1bf0b200c4638ed25476cfe447e56a911a0358f47319a64769b57af5634,2022-05-26T16:07:43.420000 CVE-2022-1753,0,0,83f18625c58eecde33f31db42ee2da387e9c1833fcc4a41c80cbe2db87654e6f,2022-05-25T18:05:02.210000 CVE-2022-1754,0,0,b0ee839b017669398cf5ba5687a0b4b5b3dabcc1aa650bf8ad667f3206f68d83,2022-05-26T20:05:28.413000 @@ -200703,7 +200703,7 @@ CVE-2022-33159,0,0,09a6d779ef2e921e906741d69945a5716b4aa63c927464d64d0cc321c8c2b CVE-2022-3316,0,0,0e352ce0dc79277646c38d84f177d0d41bf6a8506e72acb1afb6e4cdb4e789e9,2023-08-08T14:22:24.967000 CVE-2022-33160,0,0,4524e302e986f2f11251ec9420ef9a332e5b897db2b323b489b3697e20151940,2023-10-10T19:33:22.613000 CVE-2022-33161,0,0,9b564272eda8422bcfdb9e610ed785f83a39fd4e9f350f5a12254c1413af8489,2023-10-18T20:32:01.117000 -CVE-2022-33162,0,0,296e50c8ee1c426c66403c3c0c72b87bef5e0cf7de9c86bbca8244694b25b616,2024-08-16T19:15:06.213000 +CVE-2022-33162,0,1,33699f00cc6b3028b686a148e0d58e23c447469f304d61a21d56e6f9994d992b,2024-08-19T13:00:23.117000 CVE-2022-33163,0,0,b61f3ea147baa21e6ebf2ff08a6d967daea38661c6a0960dc98920da3d5f205f,2023-06-21T01:21:30.867000 CVE-2022-33164,0,0,dbaf77514b572a2cfd8228382e6c957006b84e1d6ae63a3e84231dd2ca0b472b,2023-09-12T19:32:37.400000 CVE-2022-33165,0,0,e7688469b7d6da31601d151e4c0adf399b51978b7602bb1f42ecf3e3278543da,2023-10-18T20:34:14.447000 @@ -201162,7 +201162,7 @@ CVE-2022-33986,0,0,b73806fd6214ccbe22c050867f0f8bc8416991d60b33ae72b2e29dbd355db CVE-2022-33987,0,0,6ba4eaffba81d7b64000b8f1b479a86619716014614cfa7a5311bf2021cafeb1,2022-06-28T16:15:31.270000 CVE-2022-33988,0,0,69dfcc014caa76cd327269141e2b02134adee4ef60f5f9f5094eea582df01db9,2022-08-17T21:05:17.970000 CVE-2022-33989,0,0,b780074098c3da37829ee5c071dbb29131ee5500cc32de82906be641db3d344a,2022-08-18T16:53:15.373000 -CVE-2022-3399,0,0,2b6b5e9c53899e75220574c82f348cbdf535de00d2ebf6e6cce62005397ef044,2024-08-16T03:15:09.627000 +CVE-2022-3399,0,1,5297f02b1ce2cc963fe08724fa698c8bd31234acfc763a646b355dda8b600b29,2024-08-19T13:00:23.117000 CVE-2022-33990,0,0,86964e8ef84b8a7b82e7c133d303ead83e4c0d56eaefbdaa57d614afd993fb4a,2022-08-18T16:54:32.357000 CVE-2022-33991,0,0,2b7ffb54165ff5994d07f65e5f00bd0e333c3f31fa13fbf4bbcc5aebc88cc389,2022-08-18T16:46:11.837000 CVE-2022-33992,0,0,493ae6c84e67968b47ab6a7d3bac6cf9f966bb4de056cf28ef7a4925f8282f52,2022-08-18T17:32:05.233000 @@ -209855,7 +209855,7 @@ CVE-2022-45307,0,0,1c75b856042ed58ad1e0059604b1883fb7c284f3053ac7cc7a7a9ea393bac CVE-2022-4531,0,0,83c9dea44857e2b3d5707eadb09615962b28f3408f88a3269d03262a57cdbf59,2023-11-07T03:58:05.790000 CVE-2022-45313,0,0,3bc77202e6a5789fac1103ba04dc8e1d47e78007a411f1344f4c97c4f82a8ed5,2023-02-03T19:54:40.713000 CVE-2022-45315,0,0,5b18cc99d9bdb1a2d4416fc75b91be9bf28bf95462a2044db270d8987fb0873f,2023-02-03T19:49:04.590000 -CVE-2022-4532,0,0,8a5dc9364560ee810be99cfb1ef41c8797558d05308dcfcb4ab01e15c6aef512,2024-08-17T08:15:04.887000 +CVE-2022-4532,0,1,f1f6ec4a223ae44ad98a8719a48248a9f16403a9e46a513101ef83741c86ded0,2024-08-19T13:00:23.117000 CVE-2022-45320,0,0,86332dd85b2cfbe963629398e0cf08bee0d12d85c646f1ab6ad9a2add7bda84e,2024-02-20T19:50:53.960000 CVE-2022-45326,0,0,fe6a2e80df3508e3c963b0fb62f4bbda18000e14d7327c7cdf358306d46dda13,2022-12-08T16:34:51.260000 CVE-2022-45328,0,0,ba18c1e472ebe99fbb3cd9ab39fc2adf0e31fdeca86523f982b6d9dc58b6709e,2022-12-01T23:22:07.887000 @@ -213126,7 +213126,7 @@ CVE-2023-0710,0,0,fc71262cd59137de875ae82ba05b70e7c9c7d27b31d5606d1c76af7f52c08a CVE-2023-0711,0,0,a1418739382d7bde17b9c9d179327f4aa3dff8c1044468876d9de991d4aa25d3,2023-11-07T04:01:17.437000 CVE-2023-0712,0,0,326358a288151c3f5e0a92abd950742a03362ea426f1858b5445a7480f85c9cc,2023-11-07T04:01:17.660000 CVE-2023-0713,0,0,76011df7b45740b9aa65706ee2efca0fafdc58b68b4839ae7abd5622a9348933,2023-11-07T04:01:17.897000 -CVE-2023-0714,0,0,551aa239844338fda71d69646d07517989015b21a62b2ae233789abeea4ef108,2024-08-17T10:15:06.147000 +CVE-2023-0714,0,1,9d2837e7523ce259c3c543a7044e46c6d24a8150ce34eccf42f66c765354695f,2024-08-19T12:59:59.177000 CVE-2023-0715,0,0,87b3681cf19880c423fe67be6ed53ae14cb7c713a5bdc9dfb13cf15619bc2184,2023-11-07T04:01:18.133000 CVE-2023-0716,0,0,cc8df86f4a9bc60a687b2a96322af3b2df284fdfb3abaadc3de286c09c4e027b,2023-11-07T04:01:18.370000 CVE-2023-0717,0,0,32ac51a487ccfcb6f3e12a577bdc42d2bd2fa6fea0e302d9d445c5bd2122ecb2,2023-11-07T04:01:18.610000 @@ -213966,7 +213966,7 @@ CVE-2023-1598,0,0,1c1495006b9de8d8864ccf44820f14678e8ea7082f6a8ea6a9d5f0c0420b6b CVE-2023-1601,0,0,a197800a04fa354c0ee69bef1506beb9a7e709637011ceb8dd0f1bac1ab0a423,2023-11-07T04:04:16.583000 CVE-2023-1602,0,0,35d5c875de0e847f783b4dac031f79ad871a25cc2a7489b6adfd241e7d96116a,2023-11-07T04:04:16.930000 CVE-2023-1603,0,0,860914cd50b94eabebc47267e522646fa6003b85e7f22e7d16e0c36504552693,2023-11-07T04:04:17.163000 -CVE-2023-1604,0,0,ba5bc2d70af7ab43c8833efaf44fa8d8a0a5d0c2e162e00ef5140c37d9d5b02a,2024-08-17T08:15:05.090000 +CVE-2023-1604,0,1,ac226e116fc7da6d12f8288037028793e3a8590fb607e2df46413ed591073371,2024-08-19T13:00:23.117000 CVE-2023-1605,0,0,fcabbf26d7d0db52d0fea03cd81a7a98aae03e1d6c097c4b09729112bb17664e,2023-03-27T16:50:07.540000 CVE-2023-1606,0,0,08cb7b9f327706ea0640fb1221365f0d147eb32d7717bd66c995078783bda3c1,2024-05-17T02:18:16.250000 CVE-2023-1607,0,0,59f745dd897c89e58b1dedbcff50f3f34e22bee430e0febee2dd4e5fc60a0277,2024-05-17T02:18:16.363000 @@ -225625,13 +225625,13 @@ CVE-2023-34062,0,0,23b49789fc99b3a90b878fc2a221bb655e99729acf0498141299a72aa3181 CVE-2023-34063,0,0,55378ce49286eef30c7d0762b56a47accf9196242e001218a247dcbbe7e05de1,2024-01-25T16:22:30.063000 CVE-2023-34064,0,0,5b6c84fd5a5a707691a7e0cb119196e47beb8273bb23711df2a51e8c4ede8def,2023-12-18T19:05:13.560000 CVE-2023-3407,0,0,b5091992742ffd4758915d15e1f052386dc245324095cd354c58e1b245c224cf,2023-11-07T04:18:42.190000 -CVE-2023-3408,0,0,4fc929ef50eee37ca505237cf85d52b3a46a06be9ca3187fd3ae6ebebfed5918,2024-08-17T09:15:06.420000 +CVE-2023-3408,0,1,193cb91e7e055ff2c93a29d43fcfed0fe45a5232cb405a3d57f1f5a1b981dc45,2024-08-19T13:00:23.117000 CVE-2023-34085,0,0,4e0176862f189b8d490f4d6c14a6b06edcc5baa987c2f3186a032bc064db85ed,2023-10-31T15:19:06.623000 CVE-2023-34086,0,0,ec127660c3a844fcef85225c3eae626eb02d80fcfbdd431c26f7186a78f71420,2023-11-07T04:15:28.970000 CVE-2023-34087,0,0,0ca98264eaef85d7f16152b63bbd2190ff8c963e93456841deb385dec094b37a,2024-04-09T21:15:08.193000 CVE-2023-34088,0,0,e217740624213412291e8ac16471601a9f39dd697bee5fbd775e7b63b4996bd9,2023-06-08T01:43:01.050000 CVE-2023-34089,0,0,bb90c4ff565553929058a6c5d3453cebb2203658fb65d87b16cfbc3b147e5742,2023-07-21T17:16:36.897000 -CVE-2023-3409,0,0,fe60141c2cef9525439914676ba1d39c115698bc95ff67b08de0b6c3fe21b026,2024-08-17T09:15:06.790000 +CVE-2023-3409,0,1,16301d3169bd7d309dc001a6f70d163aba0ef6078f5dc7b121f3a3a161a36bba,2024-08-19T13:00:23.117000 CVE-2023-34090,0,0,a2430aade141392f0badee6d281f985c924ab8b206219174f295370c4f4b1a3b,2023-07-19T00:48:21.297000 CVE-2023-34091,0,0,73ec0ea051fb6a07d0405c6820aa8326f900a365b7eca85fbc1bcbd6ae439dfa,2023-06-09T15:18:11.957000 CVE-2023-34092,0,0,dd10739e5ec1356dbe9482fe7bdd14e2f8714713fd2b99d968003fbee92af197,2023-06-09T16:03:07.037000 @@ -225706,7 +225706,7 @@ CVE-2023-34156,0,0,361646aa2d04d92372e5aa6931a49ce3d3814ed937de7aaff12f079256ecf CVE-2023-34157,0,0,ab458927849880eb23789db52be81ff28caf418ea577f8736ce905cdee85466f,2023-06-26T17:49:44.913000 CVE-2023-34158,0,0,c0a5e458697586fc87ea0037b8f6f271f0edc7fef2b7943c112445c664e9570b,2023-06-27T17:24:46.150000 CVE-2023-34159,0,0,8d2bf204f1093ed7eac20086a13d400716b7a9ca563d675cbe580ada05b2fa4b,2023-06-27T16:49:25.560000 -CVE-2023-3416,0,0,a3bd3a668483907efdea9fde549d80ae7ae20df5efac45387aa556a884f7d943,2024-08-17T10:15:07.383000 +CVE-2023-3416,0,1,a3e874be4affa909714a89914e1784fbd6d8a2164476fa11de7a704e3d52a0cc,2024-08-19T12:59:59.177000 CVE-2023-34160,0,0,f0dabd8ffaaef9cb2a392e8d9d50d048d123b7df9381d127e4f0daa9399f88a5,2023-06-27T17:21:54.847000 CVE-2023-34161,0,0,bc639bd85fda2e5e706fe2f81ab64e96b1f2f278bc55b5164ae8fbd82548868a,2023-06-27T17:20:04.787000 CVE-2023-34162,0,0,803b91ebebd8206aae17131735891a538f8782a4a9257d2bdf1741148cc0d55d,2023-06-27T17:19:36.387000 @@ -225739,7 +225739,7 @@ CVE-2023-34186,0,0,c601dee59d899685f4dac19bfea3727b06f03a27cdd0c5191a1823bf6439e CVE-2023-34187,0,0,b30d3a29f02d088f2a343a02dc8816c3ac4f2ba6ee34c5e343a68b83e34759b6,2023-08-31T21:02:52.107000 CVE-2023-34188,0,0,01175c77514202c3e82378761747d0f87086971fab1640482ef765cb32978b91,2023-09-06T17:15:50.190000 CVE-2023-34189,0,0,852069858a43c3b830dd45f0d9f89b339d989703c15bd2112166348e71f45a18,2023-08-02T18:51:03.527000 -CVE-2023-3419,0,0,28807846078f456e3e07430f3b06a53eb65ef5d18e352a6cfdaad50dc2e5820c,2024-08-17T10:15:07.633000 +CVE-2023-3419,0,1,dc2398e0d232c730deb43c680eb3a3837a602d0fa3030139e39cb20d21ad8852,2024-08-19T12:59:59.177000 CVE-2023-34192,0,0,85d981e01ef8ef1e0680768bc42005fded3d3ef3dece16cd8a3b1675004ee8a0,2023-07-12T23:08:32.340000 CVE-2023-34193,0,0,c5d535d9495369da6279fcf3fb8da0f00647a74dd484c1b255c3ebe7c8f6a0c4,2023-07-12T23:13:27.507000 CVE-2023-34194,0,0,1a3c07999d3a36c510bbde6565d2311ece29330ff7105b560648c31e8d154314,2024-01-12T03:15:08.950000 @@ -230221,8 +230221,8 @@ CVE-2023-40235,0,0,72105b9c559b1ddc2ad9f13c18ab13a9fa55a22727500e92992c4e0f4ec55 CVE-2023-40236,0,0,14f71801e1dfdcd9b355f3adbfa06238032294610f81b46a111266eb7777a93e,2023-12-29T18:39:44.950000 CVE-2023-40238,0,0,8cd9a6ac9959ba296d215977c1b87d1d771afcf7aab5c34be210430f1271dda5,2024-01-05T18:15:29.060000 CVE-2023-40239,0,0,aa0e89bb1e96bd5e8e2f363b3dde8360217f94f32277b47a1c6e77ce38b58a84,2023-09-07T16:26:26.913000 -CVE-2023-4024,0,0,912bbccc5244809995024289db84e273cd4afeb7f397de3e5b516d55f33342d6,2024-08-17T08:15:05.300000 -CVE-2023-4025,0,0,7e495539bd25b758a259169ea68d03d93ad27eefca23ed46ea52af496ccd4e4b,2024-08-17T08:15:05.500000 +CVE-2023-4024,0,1,8b527ef8d077fbb0e500e3ca07ee111bf71b07633714b2466fdffc55fe2754fb,2024-08-19T13:00:23.117000 +CVE-2023-4025,0,1,b2b0365977676536606768ca44b0505351e1c2f076c8fcb1931f17fddb8a018e,2024-08-19T13:00:23.117000 CVE-2023-40250,0,0,e7ce0448e3779d770797cca3047b64ac1d7604cdc050879a2952ebbea5fc57b1,2024-01-18T20:24:35.633000 CVE-2023-40251,0,0,e47d373aa9704daf646bd928a2cc0678149d495cfca9b7abbd3818e5c74903f1,2023-08-29T02:15:08.277000 CVE-2023-40252,0,0,27897e9f2fd3e9374d607e66dbdfb25f185ac2f919ae5207dfb1a7fd5974c153,2023-08-29T02:15:08.503000 @@ -230238,7 +230238,7 @@ CVE-2023-40264,0,0,f7a83c86b7c4bdbb55bbbd88d882459ecf055d59ca4c58a5bc50d5b8349b6 CVE-2023-40265,0,0,b59c543cc5b09af03e01ed9b9f3f9838d7903e246783bb57b9f4b1acf6f0f4cf,2024-02-15T16:00:56.367000 CVE-2023-40266,0,0,8a54bbbbfd159b9c6bdc998a626464ca6764bb6d908665f4cc16e35354912fcf,2024-02-15T16:00:49.647000 CVE-2023-40267,0,0,56572919214891c41bf23bf9a2a8facbc146568509a54758466f00ffb956e391,2023-11-07T04:20:10.150000 -CVE-2023-4027,0,0,15c8039e0b5d6c36339a154f67558f2b5434eb3555dc0e0d25ec93bba01be00e,2024-08-17T08:15:05.703000 +CVE-2023-4027,0,1,fb66a31c9a4cd6308be644fd0e01717dc478a7c559b261e3a3d753f6d441267c,2024-08-19T13:00:23.117000 CVE-2023-40270,0,0,bfe775aa3824e231981669c54daa4b3626fdef3730529a7294f128db1bc3f6b9,2023-11-07T04:20:11.150000 CVE-2023-40271,0,0,6b7cac9f3aa7106de89543b184fd87ed595daa98acee7e01c87cb1a2e5f2240d,2023-09-13T02:27:16.427000 CVE-2023-40272,0,0,dc2163a711fa92f8bca2bd6cb8aeefb8d5caede053b4827a4026ffd948affedb,2023-08-24T17:00:07.203000 @@ -233567,7 +233567,7 @@ CVE-2023-45066,0,0,d6c4e8b6c8b2e1bac7675016363e8e25d32bbad9b32534c2d6249ff3f0045 CVE-2023-45067,0,0,5d97623a4100b7d0e00752e506f64a139ac52192a9ab8be70afcd683faf209d7,2023-10-25T17:22:34.010000 CVE-2023-45068,0,0,bcde9760ebbda802f167ff6cedb2179d52cc93c258a8b4b45024759955a2268a,2023-10-16T12:56:22.313000 CVE-2023-45069,0,0,a9eec7499abdfdee457d527a01b8e3c6debfeb291c7b43b4330189f834e6b3d4,2023-11-10T04:17:41.553000 -CVE-2023-4507,0,0,026f0edfbc2392f92f37d3e57639c97280f64d3116977baabe6bb573304d359b,2024-08-17T08:15:05.893000 +CVE-2023-4507,0,1,0a1a67181278cea0c418a813937e7730aabde4831f0c25125dda260b241f1aca,2024-08-19T13:00:23.117000 CVE-2023-45070,0,0,c26ffa13be35d248c0e1832b2ac48bd698fc60d0353f1948516d8c16750dfc46,2023-10-25T13:41:05.087000 CVE-2023-45071,0,0,88b8b2e754e5c29013e26508076b4e0110f2b03ad3733108b49fa5d3fa273501,2023-10-25T13:42:31.590000 CVE-2023-45072,0,0,d85032bde0e818aa28bd2a89dc434e6e9612bce975bfeacc171a30489f46d888,2023-10-25T01:23:28.640000 @@ -234253,7 +234253,7 @@ CVE-2023-46025,0,0,41c174447714a4adb49a251a1012506fc8ddf50176de8ae93c1dda84fa29e CVE-2023-46026,0,0,a40cd6f903cb53931660e7a3b944a815a6c3a2359ce9e5488db5b9e6d7bc85b7,2023-11-17T15:32:51.837000 CVE-2023-4603,0,0,711972d0a23c9679b02e58cf615df1197d91a4f3021cf35a6ee55d6bb877b797,2023-11-17T16:21:24.260000 CVE-2023-46033,0,0,5b5fba7bfee847846705992b6896ce0ec26ea7d61c2e5359fa01e63798570ffe,2024-08-02T21:15:48.740000 -CVE-2023-4604,0,0,49d2ab72d043ffb4b4bb8c184399734eb3208095a0b512e0cbc29b3659337220,2024-08-17T08:15:06.097000 +CVE-2023-4604,0,1,fc153bab57340f9d6628e36c2ec3d215a28aa363ae942e2b73ea64f85f224168,2024-08-19T13:00:23.117000 CVE-2023-46040,0,0,6eff75a2812c317a80847f611adb0ea2b165227205b9790d775b06619e979ce0,2023-11-08T02:48:09.133000 CVE-2023-46042,0,0,b6d495a936dc07be63ad36740d8e9766ee2bd3ae6c4a8ef73b985512f02df521,2023-10-25T15:20:17.570000 CVE-2023-46045,0,0,0e8abce2cbeee2bf608426602c7398443e9d61c9d45f545bf4f725e8132500eb,2024-03-21T02:49:19.427000 @@ -235214,7 +235214,7 @@ CVE-2023-4728,0,0,462f401991468f894d0ec4a55630279e56d89f6ab848290fc983d738d901ca CVE-2023-47282,0,0,8665c3cbb25e2795a74c32b46946c120e821aa6fc7cfe00e8166e449e7fb5d1d,2024-07-03T01:42:12.093000 CVE-2023-47283,0,0,8db33bd11e918a07400e84b7b8d4eb29512b9346b66d81374c1d9c48b021c95c,2023-11-22T00:05:40.857000 CVE-2023-4729,0,0,6ea560d336752c6a04e22c43ae51e76f83f631c9a0c6e119a81fe0f814550aec,2024-03-12T12:40:13.500000 -CVE-2023-4730,0,0,5b22eee600e1196346e82136c45b29b4e2a8c56375b99f3649309a40ebb372c6,2024-08-17T08:15:06.297000 +CVE-2023-4730,0,1,2b1378950efd8c8f953e15926e8cbca71db1c6ca9d01b42c8fe55bde2bc43c24,2024-08-19T13:00:23.117000 CVE-2023-47304,0,0,7848b55d0144c33568c97dc80f5c6967de2ed56ebb7cdf7fe68e2642598f4b46,2023-12-11T15:37:02.707000 CVE-2023-47307,0,0,45911642a90c07b4ace6c9592e45e015565cd3054a32b54567e4fcec790f171e,2023-12-06T19:29:24.250000 CVE-2023-47308,0,0,2f7dabe660f1d813c209edd4a0cfe31a0e73c2c17800b142f9e36486554777f5,2023-11-21T20:14:36.287000 @@ -235504,7 +235504,7 @@ CVE-2023-4772,0,0,a5b93b502ddd01f9ee27674c836bf711ac9d02f44090fbc833b759d04d7de8 CVE-2023-47722,0,0,4f8feb65ac7241c12bbfc6f420a659b6dc9261f80cca7593f7d59fc3078ebf18,2023-12-12T21:04:18.177000 CVE-2023-47726,0,0,ceb40283504932a4e91f9e28d60424f146c7ffbecdb57c926139775e8d80827a,2024-06-20T12:44:01.637000 CVE-2023-47727,0,0,1611cf4537a23d5fbfc3a2499faf292e60ac118492bebcff86e1854dfc9ea8f7,2024-05-02T18:00:37.360000 -CVE-2023-47728,0,0,fe568b7e69e2437d64901b59915932bbbcf3b453bb9f639b114fbae215a2390e,2024-08-16T20:15:09.780000 +CVE-2023-47728,0,1,2e2847523f9e85f680d7dd44fd7df885c3070c82cdbeab6426daa892fe818662,2024-08-19T13:00:23.117000 CVE-2023-4773,0,0,01f0d277e96ad9628dd6920885ad7b499f840100cbeefdbe3a242a19aa900bdd,2023-11-07T04:22:57.903000 CVE-2023-47731,0,0,bdb6aabed94397db2521c199a558a02d451711e75ae9322b4498e9bbac095b67,2024-04-24T13:39:42.883000 CVE-2023-4774,0,0,18865190999a54b58dcf753cd88068601ff8cb29b163a504c848eb5e82d8b2e4,2023-11-07T04:22:58.080000 @@ -239193,7 +239193,7 @@ CVE-2023-52885,0,0,bf364685107e55e770da1015b2b20f820b2146198fe7433439069c5b8fe9f CVE-2023-52886,0,0,c0f7ffc4b4733226d4691afd6753bdd5f0e8d9d99822dcd9469cd60c70566a43,2024-07-16T13:43:58.773000 CVE-2023-52887,0,0,cb846ee4e76e369153e430accd03bef53983c1edb90492817231cbcbd98213a5,2024-07-29T16:21:52.517000 CVE-2023-52888,0,0,22b49aaad0de331d634875ed02b1dd2b64a739107c93a24ad94d1777a415da3c,2024-07-30T13:32:45.943000 -CVE-2023-52889,0,0,48a66428cb7e2b2b7c7a13828ab4aa41aa7a2bdf14073f531e39e419409bea1b,2024-08-19T05:15:05.943000 +CVE-2023-52889,0,1,bf6772b9a6b09c0aa782d71426107afa4010d55458a6c82fa2dc2fd6f54bad70,2024-08-19T13:00:23.117000 CVE-2023-5289,0,0,85a0656428a156af531ef9ce48391ff960ba4c2a8af32298a7386854e98b6d86,2023-10-02T18:13:04.227000 CVE-2023-52890,0,0,98d004bfa32a49234fd94c1d29c092368def9b12c09abef3185e148025b433c1,2024-06-13T18:36:09.010000 CVE-2023-52891,0,0,5e151a4d8c6f84e3d9dd04a36315448ea54aacacf0306d24e88a33c5bc6a9764,2024-07-09T18:19:14.047000 @@ -239401,7 +239401,7 @@ CVE-2023-5498,0,0,ad10fd66ccdd65635c75e985037f078ef3abfd75d4e4f042e85904be3e1d36 CVE-2023-5499,0,0,bc341529426b6bc0e9dd12cb79263ad7ba410642a228bc2a5635c1016503a909,2023-12-19T15:15:08.913000 CVE-2023-5500,0,0,94d18d2c438bc7177f3d4dc59e8c52f930e35fe60adbbcb8e5df69fdd4993e21,2023-12-13T21:54:04.667000 CVE-2023-5504,0,0,feb7d66a85276af03391d4cde881608a47e60f620e15c602708788efc6d92bd9,2024-01-17T19:50:57.557000 -CVE-2023-5505,0,0,6aadc935eea2f1d913f57c5c118a73e68b2ccabe08e6ec87293c78971a640132,2024-08-17T09:15:07.160000 +CVE-2023-5505,0,1,38872bb56a5a1952306156c9efc22f8ad198a604b1003ef91a14594eba901213,2024-08-19T13:00:23.117000 CVE-2023-5506,0,0,4a819ffee45ee7d761f4f48a0852d93918b97febe8e9988a52dc77f7e084536b,2023-11-14T18:29:39.297000 CVE-2023-5507,0,0,babac9ce1d7a5676d7781f32fbf531871fe6bb6a58782c9834b6906354d8bfe0,2023-11-14T18:18:29.137000 CVE-2023-5509,0,0,3887752b6e302dbb0c9b2a6040c35baff21a350d14464ea60fa6849c96153106,2023-11-27T16:32:16.477000 @@ -240773,7 +240773,7 @@ CVE-2023-7045,0,0,56f72b8799718b9a57c25f98da5738945d9d62f196c72ae2e5b5400f5c5f90 CVE-2023-7046,0,0,1325b623fc707ac674099e6d171e788fc0b1271e372288eb5bdf13523bf4b8ca,2024-04-10T13:24:00.070000 CVE-2023-7047,0,0,df412ac3889a701032edbec4023d6825e5fec0bc08c785aea05e4842aa327410,2024-01-04T18:37:04.157000 CVE-2023-7048,0,0,083baa3f6965f5009fe64187caefcf38bee2f72058b5af742496e5b61251d78e,2024-01-17T22:32:55.657000 -CVE-2023-7049,0,0,3aa20f601026feee64e6f3acf04b1282e1f68e8ef3bf9e044180605803602e2c,2024-08-16T03:15:09.887000 +CVE-2023-7049,0,1,d1a1bd4afe9a5ad3f4e40bc7a2a260ca6671c9e46632ad87c5a02d99799583f5,2024-08-19T13:00:23.117000 CVE-2023-7050,0,0,4bac6368bd056bdc5019cf32a62705315940d90e07b309dce57a8f7c89dab9f8,2024-05-17T02:34:05.373000 CVE-2023-7051,0,0,b8788206b16eeac2e6b6ec8dad7522a48e5f8adb781565bd9e4c184f5f83713b,2024-05-17T02:34:06.490000 CVE-2023-7052,0,0,60b16bacd9aaaea9beebec67ac2450cdfe6c1fa660e825b82aa03b6c05c78d4c,2024-05-17T02:34:06.593000 @@ -243962,7 +243962,7 @@ CVE-2024-21746,0,0,71b367edf262d30b7091359190b87e54a7e9349e34c251cedb156f5314341 CVE-2024-21747,0,0,cc2bc1e14d3097f2a1e3dc28d52ecd9537e1bd47ae59862aa7a5dd138ea1e45b,2024-01-11T18:45:06.960000 CVE-2024-21748,0,0,2a197de0adbf993ed118e27e797a4f0c8754f47a7d945195f996e2582711721f,2024-07-17T19:59:28.060000 CVE-2024-21749,0,0,5487855d4429da4fac08226224f1538028a7a5ac2df658cc224a0e240622cf41,2024-02-29T13:49:47.277000 -CVE-2024-2175,0,0,9e9e3edd6492c4dbac5ff0accd7cd503db38ed345fbfa9a1783a57a68a56f8a9,2024-08-16T15:15:27.940000 +CVE-2024-2175,0,1,e25106a44fdb025eeacb5d45a3528175fd9b5c4474d6e05002e4ccb474d65bca,2024-08-19T13:00:23.117000 CVE-2024-21750,0,0,77ee2ee926eafbd02beff6a52a22a1b4fb591f80299b5d5a917971a11bfe423d,2024-02-03T00:41:15.460000 CVE-2024-21751,0,0,55d06ade7b40f70a88f44c4672adccf43ead813dee575220c2752c77b1d36f34,2024-06-10T12:40:41.360000 CVE-2024-21752,0,0,1c3f8b9711eb134dc24ac607b805147df44f1f88998d9833be077b129a214185,2024-02-29T13:49:29.390000 @@ -244305,9 +244305,9 @@ CVE-2024-22211,0,0,c4cf3af5d26943f668cc855d646959db403c118d8b84d54656462b09ba506 CVE-2024-22212,0,0,86dd221ab156a07a087f5a87a5c4457da42d8ef98a105e46fbc7675b62db1e0c,2024-01-26T14:58:18.877000 CVE-2024-22213,0,0,d89d1bcc1024fa43e4eb255fe1da4898df98a0204835a8aab97986ad487a980d,2024-01-25T15:10:41.767000 CVE-2024-22216,0,0,4d4df2ecd199aa7618581804013bbe1e953dec7e554571ec3898fac4c64e9d2a,2024-02-15T20:09:29.663000 -CVE-2024-22217,0,0,e9728c2be6c86c317402c111109cdffa3ba00ce00c25059c8a04ba4fea6a516c,2024-08-15T18:15:19.090000 -CVE-2024-22218,0,0,a947247855c6479699dfc0135a80095eb8950a03b3ca475da8810439e93b584d,2024-08-15T19:35:05.533000 -CVE-2024-22219,0,0,d56abdcf42dc825c27e919bd967c7a5572c9d6364844b2a36f8278cb21a3efc8,2024-08-15T18:15:19.290000 +CVE-2024-22217,0,1,efeff8a61ce5eec295d77307c66eb2e8058ec26847d7270526961b6e3c0af923,2024-08-19T13:00:23.117000 +CVE-2024-22218,0,1,803acdddb5a13426e90ae4cd1826dd9ea4a7cb915a128bae351c036e85dd5ae5,2024-08-19T13:00:23.117000 +CVE-2024-22219,0,1,0e5962449a9619bf26f4a1346c452bee56f2668b5c0b1d2d16653f318914a508,2024-08-19T13:00:23.117000 CVE-2024-2222,0,0,11625875cef37d942ee187e2a94de316442ea87eebee9bbcb3de8eb5e07a3e6e,2024-04-10T13:23:38.787000 CVE-2024-22220,0,0,e0b3c07a0f10db72074be82e1806c7e64ff7ce617eafb3be6d3de0ce93866b95,2024-02-22T19:07:27.197000 CVE-2024-22221,0,0,e19edd26a1c4c3dbc422242510974e3878733456edd7e30a89f97b0340db2a37,2024-02-16T13:40:34.093000 @@ -244844,7 +244844,7 @@ CVE-2024-23157,0,0,11b0d8091c8fa8dd11dadbcf1fbb903ad812d8f095800e3ccd96bef2996bf CVE-2024-23158,0,0,7c083896ae118c56bbbf5e942c8384ee2397bcd81ab6e0a549fde13b2ebb526d,2024-07-03T01:47:36.407000 CVE-2024-23159,0,0,4caf10c46ce8846c250a24031e5b623ee32b37adaf5a74b6dad704236bf3795e,2024-07-03T01:47:36.637000 CVE-2024-2316,0,0,b886d554fbb39a8ab156ebbf04afa7dff2abe542e80901fe75a178728a777e10,2024-05-17T02:38:09.927000 -CVE-2024-23168,0,0,e64deaa5ee134e7c0b2b48a4aec2053362c531e23ece779c6ae5c05eb7d54f34,2024-08-15T21:35:03.230000 +CVE-2024-23168,0,1,6aa4882ac31311673d7105c255a4a4ab30277fc82315f262184f5cb226bf109c,2024-08-19T13:00:23.117000 CVE-2024-2317,0,0,8e30ab648286b0ea978301e5a5beda2d9abdf16065d34269cbb1824bfad23955,2024-05-17T02:38:10.027000 CVE-2024-23170,0,0,2d2c8288a6a12ddbc7a1710ba6e09b64e14fe785fb79b86b20a944c1ecfef869,2024-02-22T03:15:08.297000 CVE-2024-23171,0,0,f88bf803a0c4fbc4509407858b9247c6d4fbb766b717bcd811063458329b2ee7,2024-01-18T20:23:45.707000 @@ -246090,7 +246090,7 @@ CVE-2024-25003,0,0,f6c2eafae72b0051e89114af6c6fcddf635670371dbae7c3314ffc7707849 CVE-2024-25004,0,0,b1eaa30b45a2beac602111a556e73283df1fde1d2d56447f15cd2e12b3d43fc3,2024-02-14T20:15:45.980000 CVE-2024-25006,0,0,5b722f2e87bb2f2cd1327a954681e67bfe99d5442b01159ab458f524449bcffe,2024-08-01T13:47:32.460000 CVE-2024-25007,0,0,8168166db4b2b463b1c077994d5d41f318578553eda571604b31f6006eab6cd4,2024-04-29T19:48:09.017000 -CVE-2024-25008,0,0,8eac4ec800604225dd48050d0e2c37811d692a314968b07c7079957b5b104ab6,2024-08-16T10:15:04.823000 +CVE-2024-25008,0,1,edae19780623ecb3fe0e59b27c808259dfd74c0b079a788dd904812d074243f7,2024-08-19T13:00:23.117000 CVE-2024-2501,0,0,6ce26352b8e14756a33573972eeb4c8a06096eee07ab0fb0ebb1c9238a943b1a,2024-04-10T13:23:38.787000 CVE-2024-25015,0,0,4c1212c8f769823bd4e7049fb129f848dc20c143fc1cc72b02abca5f7451e069,2024-05-01T19:50:25.633000 CVE-2024-25016,0,0,0e9311458b59df4142779e7a8b1d9bd170deea1a4bb4a555b03bbf822c263b92,2024-03-04T13:58:23.447000 @@ -246423,7 +246423,7 @@ CVE-2024-25579,0,0,3ce7817b4efbfe814fc7f2f138ef6147015c649f3e26a4e4549fa91634105 CVE-2024-2558,0,0,4df4f161b02ab0ee082928d86d735f9684058e2b58c51335b3ee6abb912b22ce,2024-05-17T02:38:18.947000 CVE-2024-25580,0,0,d25d9f73e9fc463223909f23338d50734f85395c9d208e28fc6abf197ca8cc67,2024-03-27T12:29:30.307000 CVE-2024-25581,0,0,7b661193358cc282ffdeeb44cff665ab8564f25632f9671f041e9f50015c108f,2024-06-10T18:15:27.650000 -CVE-2024-25582,0,1,d3e73f7cb2eabd6ec408979ad7162703b1ae91d44c49abf52a978eed2fbe3687,2024-08-19T08:15:06.977000 +CVE-2024-25582,0,1,62d9159e0b1a2860275799366d4e29ceadc17aa10726dd8de14b9c6e306d70ce,2024-08-19T12:59:59.177000 CVE-2024-25583,0,0,6e3f5afaa55d00544b0a17a1114934680c9d4fc2071988d62cf80e5688bf7955,2024-05-01T17:15:29.917000 CVE-2024-2559,0,0,642c1f03947aacfb3c18bcf4d539f5f80f1fa8009f630aa1b6518220561e974a,2024-05-17T02:38:19.053000 CVE-2024-25591,0,0,e315c0ed01e598ec7e003ff81cc81e0d8a90e92647ce95f4238660e2e3cb63e0,2024-03-17T22:38:29.433000 @@ -246469,7 +246469,7 @@ CVE-2024-25629,0,0,ddcad0078b57ad6a983c41f65309abceb6903dae44fc54a92c56dcc31e42c CVE-2024-2563,0,0,f27f9483fb5da6088dc2485a49b6aec5dfafca82d3498b35d814764d5e89ddd9,2024-05-17T02:38:19.417000 CVE-2024-25630,0,0,306917c09bdc07e4318e88be00444c17dbe2150b8da032a761ce6c8a24ea3cf0,2024-02-20T19:50:53.960000 CVE-2024-25631,0,0,4f2bd06a701d340628585c4bae77dca605819fa4840f39cbd3a6e9a77b48a46d,2024-02-20T19:50:53.960000 -CVE-2024-25633,0,0,466752ba0832073d998c4875f62cc83d66758765ebf04aac3d37c347d66d1e9c,2024-08-15T19:15:18.213000 +CVE-2024-25633,0,1,0e3d9a987151d3c9dc66097af901d9499e1578b59f9bb9dcb559f9f214097e63,2024-08-19T13:00:23.117000 CVE-2024-25634,0,0,a6c0976398d76132e45109770c34649b9cd1b53574ce636d0b3d3dba0d5b6a39,2024-02-20T19:50:53.960000 CVE-2024-25635,0,0,0396aede9a718a4992e7575bb30a0d211bf1d85759070350344147d63377b4eb,2024-02-20T19:50:53.960000 CVE-2024-25636,0,0,4e6fd7db5d6991432a0fc47bea99f1bd82ebb492967965ed027d0a8cefe8402e,2024-02-20T19:50:53.960000 @@ -246580,7 +246580,7 @@ CVE-2024-25830,0,0,71ac0259693b1e35aa4a4da1b197118a1a7a2d7250e15b0af091ae1d4d2ba CVE-2024-25831,0,0,865d67a5eaea9aeb6dc34380b2f9339c6f4454b68228f5e0e1f349028c509484,2024-02-29T13:49:29.390000 CVE-2024-25832,0,0,a4448e0b7fded4d69ae19d5a812394b0dfee60300a31f6c0311dd994464f2ea8,2024-02-29T13:49:29.390000 CVE-2024-25833,0,0,9eade8ddd8e62f218449388bdffade4502b4ad7ecc9d7d4bee08e23a205616da,2024-02-29T13:49:29.390000 -CVE-2024-25837,0,0,16f9dccff3b547e3cd7adb253446e4d0aaa58270f5ed756b7bdb6e46f088daf5,2024-08-16T18:15:08.907000 +CVE-2024-25837,0,1,ad7d9c7c2df86362ce1fb90c6e14af3076a01961d6031fa4b4699cf7d18f98dc,2024-08-19T13:00:23.117000 CVE-2024-25839,0,0,b292ed69a69a89261805c11d0ab816be1464bb7d24dcdc630e86eded8b8dd6c4,2024-03-04T13:58:23.447000 CVE-2024-2584,0,0,dd550e2c3dd90cf91d2a8279de69803860a7180796c6bc877e47cf73e9bebe16,2024-03-18T19:40:00.173000 CVE-2024-25840,0,0,0ec9234af1bcd2e4f8f49d2790368c3158903e7d9ad6bfc706120341ee9e28f6,2024-02-28T14:06:45.783000 @@ -248132,11 +248132,11 @@ CVE-2024-27717,0,0,24b56efd365305b6bc14b31a5e0ebd3ded5b43adf71ab9f369b01e76538e6 CVE-2024-27718,0,0,348ef178d7c72ea2bf9561abf13cadc3c1ef45743840695e6b53f9dba8489836,2024-03-05T13:41:01.900000 CVE-2024-27719,0,0,cc91452d4b82f581b97b47b20481d35d29255b9662a7f1b32120fdd873effa3d,2024-03-28T20:53:20.813000 CVE-2024-2772,0,0,4f628774d2d7059c1b5e8149bfb8c52f3d89a27d409bd2ff21a4dab1c3e0c74d,2024-05-20T13:00:34.807000 -CVE-2024-27728,0,0,28ec26f68e2f5dfc785d100e9ac3598ab3bf964bcf122dc6374dc4c8b2823a02,2024-08-15T19:15:18.477000 -CVE-2024-27729,0,0,9d07a41ce6d0bf0e77109b35e2319cf3f28be66a619c120517b7383e6d570046,2024-08-15T19:15:18.573000 +CVE-2024-27728,0,1,e7c0d38189c2eea4ecdc9bcd1a30d0a17ffaaa0a038630a46e173de341693113,2024-08-19T13:00:23.117000 +CVE-2024-27729,0,1,ebfc21812e929fc7a4596a0d8e7f868174feb579c24c8114e70bb1b1da144d44,2024-08-19T13:00:23.117000 CVE-2024-2773,0,0,33c85832b0bc105a89445abc4897cecb571d3be80bbcd7cdf96b1db070b9a733,2024-05-17T02:38:29.487000 -CVE-2024-27730,0,0,12847aa86fe1ac70d87265d0b4758314d0c5ea3a5710aebdf2b0c7adafade873,2024-08-16T16:35:06.563000 -CVE-2024-27731,0,0,62bbf67d9363552707afc44deff91f5e8cb3b7767afd8de1e18e7353ea4b1d67,2024-08-16T18:35:09.407000 +CVE-2024-27730,0,1,82b96d0d6f0f9b69196bf99ad3fe2d0ba16b7f0a2b1ba49b6b00d0024d7b68bc,2024-08-19T13:00:23.117000 +CVE-2024-27731,0,1,39540f54488b2cd9d6b926f43bbb09e055458695dd05a9252673e688d8667c7e,2024-08-19T13:00:23.117000 CVE-2024-27733,0,0,f76bf300f1cfa0de74d17f1145877f7fe4a3d69ea3dede66e09a54e795dd7256,2024-03-08T14:02:57.420000 CVE-2024-27734,0,0,bf6aeaba46a01a9b67c56dd711450d0582ae90b1d0bd0418b821f57fcd663b2a,2024-03-01T22:22:25.913000 CVE-2024-2774,0,0,e66d8123d132aac12382a6e2ac593a72a85e469f411c6020b7cc9170c2075820,2024-05-17T02:38:29.590000 @@ -250630,7 +250630,7 @@ CVE-2024-31327,0,0,6cb945d11f8664a0277f1157bd8eac8d374886bfe8f127c66f41c26468520 CVE-2024-3133,0,0,a5199a1ff93b7f0b9b2c8f7c4014dbfb416c9e59a9d9caab3f26a064ce40a24e,2024-06-07T19:15:24.213000 CVE-2024-31331,0,0,d63ee06c884fadbebb4e0ffd30f7de42c6d5483b78b8ccdaba35e5ffeb309e42,2024-07-12T16:11:33.867000 CVE-2024-31332,0,0,fe533958eb1f5014a983744e26d4dc56008592fb4b2dc96ebd425a317d9ee5f4,2024-07-11T15:05:41.733000 -CVE-2024-31333,0,0,dff3c0848f2c560893a0af75ea057ea93ab7ac2846c297e0e5fb7e6350eba960,2024-08-16T15:35:05.893000 +CVE-2024-31333,0,1,fffa52c47c5b8e1c2bcdc9fe3c080f43dd069e7ef7813f142892cae434fbd8ff,2024-08-19T13:00:23.117000 CVE-2024-31334,0,0,69828e729ce39e0f18173fda19e01cf9f4d39333d7345a58dacf94a302bbacd6,2024-07-11T15:05:41.960000 CVE-2024-31335,0,0,3a5c3c43b9344b158e79d76d5bd0e2d36d3e7822b50bec9afc211045c26c9812,2024-08-01T13:50:52.347000 CVE-2024-31339,0,0,cd4c96aade7176a5aa7427f1e13d7eb03c1e703de2eb92c3c6c97472cece1e5c,2024-07-12T16:11:34.910000 @@ -251202,7 +251202,7 @@ CVE-2024-32228,0,0,62135ad7292b6c8516771101f61c85ec84993fd54c5e6a300cda88351ea85 CVE-2024-32229,0,0,46cfde26330a35dd5af3aef05c7164d23baa98664713e164e4ba017a64475da0,2024-07-08T14:18:28.213000 CVE-2024-3223,0,0,ea7ad0974e81e86878848176b870b25d4ede66377ba0daa6f895cdaeb06d9607,2024-05-17T02:39:47.627000 CVE-2024-32230,0,0,9362b2b797a006bddcc5169710b996c1bae5f306510d2ae9a0e823f8d5efd51f,2024-07-02T12:09:16.907000 -CVE-2024-32231,0,0,6fb2f5b7105b91eaf8798c3c11152ae0fd77d7073c2a387354091c5641a47196,2024-08-15T18:15:19.507000 +CVE-2024-32231,0,1,e3ff33887d60df14bdea85ccf477fb1420b52bde0ed776b8984f5e679a5e1a71,2024-08-19T13:00:23.117000 CVE-2024-32236,0,0,d5871b893c68bbd3751dce630253c79d1c30665f824c9666c275163dd9ec41ce,2024-07-03T01:55:55.017000 CVE-2024-32238,0,0,2e383d4cf27763d4a2e4c78aa0cd5794584e416efc1aa13fdb576cfd26ca2359,2024-07-03T01:55:55.820000 CVE-2024-3224,0,0,5cb76873d21890ad6afc0804dc7e9ce4b6d28fdd7bfda362c8cc03368f50e1a6,2024-05-17T02:39:47.717000 @@ -252945,19 +252945,19 @@ CVE-2024-34723,0,0,9ee1e9ea0079333d8123e1479d0c1b548d28a892d3601137f6e64ded9880a CVE-2024-34724,0,0,0452aa45e04971f6e547ee694d42ca35f85625c1031b931eba0ca8059efefaef,2024-07-12T16:11:39.470000 CVE-2024-34725,0,0,71c51510eb6c519ede5c0bd5b935ecb821799239014d1b6c0035512d0bff6cbf,2024-08-01T13:52:25.887000 CVE-2024-34726,0,0,148667699b7fd62da52cb8a62c1c3c6fd756ca900c40298f1823e1d94f76998b,2024-07-11T15:05:45.340000 -CVE-2024-34727,0,0,2f3e599c1fa16c0282d72791526d602a20f13366ec16cb79d2a977deeeefe965,2024-08-15T22:15:06.190000 +CVE-2024-34727,0,1,70d15f7b68b79d73c498d6326966ce90eeb6f741885254ee538460eca7008fc1,2024-08-19T13:00:23.117000 CVE-2024-3473,0,0,174ffd5ba26767424b634a780ad377f8ae33849c44036babd665d0b98ce27738,2024-05-02T18:00:37.360000 -CVE-2024-34731,0,0,db99553d52ef10862db59395def4b447bf82c534bc82ff690124fb7e9aeaf33e,2024-08-16T15:35:07.050000 -CVE-2024-34734,0,0,2401da04401bc478efc817cf70bc2539da268544cddb84ea1022fb7b735e1a9a,2024-08-16T15:35:08.043000 -CVE-2024-34736,0,0,6994f995ba9fb197bff5c04d4ebadb91fdb4bded767607d06616cda17015d056,2024-08-15T22:15:06.400000 -CVE-2024-34737,0,0,47d73555cd102e0f18e45ab95ac3a6e267c7cd75e08fe880be1adf2bf0c8e2dd,2024-08-16T15:35:09.367000 -CVE-2024-34738,0,0,9bffb660d4578c23873bea39f77d81a9f59f5b4d9ddbe82ebb52e5c5dcb4a003,2024-08-16T15:35:09.537000 -CVE-2024-34739,0,0,29b4a468c9ec4e299c008f2fd536080f64baded03c66ae4ec0774f333537b18a,2024-08-16T15:35:09.703000 +CVE-2024-34731,0,1,c2796903b18972c85283f94e39f216adab1245ab24ab7429de75a096f2bef3ba,2024-08-19T13:00:23.117000 +CVE-2024-34734,0,1,889d7cdea2a82a0f6a204d9bb0c40732ce31288993c2c8f191f18be876975fbf,2024-08-19T13:00:23.117000 +CVE-2024-34736,0,1,af7fdcabef2746a86c0f80295ca02f0456c75246f9b931e1983da2058f718a9f,2024-08-19T13:00:23.117000 +CVE-2024-34737,0,1,8a32b951cb912392f48b43bbae36eebc622522d304125ad1990c6adfae52defd,2024-08-19T13:00:23.117000 +CVE-2024-34738,0,1,cabf58b36133aa62c93cf33c152bee953c7fc9fc19123e817a90962fd3ea12ad,2024-08-19T13:00:23.117000 +CVE-2024-34739,0,1,f6e54c0f32331bd01c690dd8be038509007e00bfc399df14c98e74d18ccd50bd,2024-08-19T13:00:23.117000 CVE-2024-3474,0,0,f8fe69ded09f8f3335cb0a291c0ff93be246183a89b6f2a9db60adabf1ff9a0d,2024-05-02T13:27:25.103000 -CVE-2024-34740,0,0,7e6b7caee11d6bb2f72419f850600f936ccab908481703a9ea744b4d892dfa36,2024-08-16T14:35:02.640000 -CVE-2024-34741,0,0,9743d0fcf2b344299b6d8e57c3e5c047679ef45dcdbcc16f464446bb088cce71,2024-08-16T16:35:12.133000 -CVE-2024-34742,0,0,459d2a2649b367015d15bcc7501813fc733562c2af2a7696be374e55b2d6541c,2024-08-15T22:15:06.890000 -CVE-2024-34743,0,0,61e0c5ee43c1078ff2b2152887e93ce9d75c5eaec14950ee3e0e3a7fb3e2bd49,2024-08-15T22:15:06.957000 +CVE-2024-34740,0,1,cd68171e55105c9a184cdc72c371579137a9ca2bcc91416cae3d7556d14ecb22,2024-08-19T13:00:23.117000 +CVE-2024-34741,0,1,92c683bbe77a7f293c2037090a232d821770d81c7905215e3ef6319cf6b5adba,2024-08-19T13:00:23.117000 +CVE-2024-34742,0,1,ae7622882d0f2f3d011507be8bcb7493359b0ef6aaca92f56d7280395d35123c,2024-08-19T13:00:23.117000 +CVE-2024-34743,0,1,3118d41c71c2ea3e5e00148205742c3f777858f414c40c423c790d2599a98ff8,2024-08-19T13:00:23.117000 CVE-2024-34749,0,0,048a4718a6adf63bcc95dd588dc6297f930a23113bd2619e190eb8b7852c3de9,2024-08-02T03:15:45.390000 CVE-2024-3475,0,0,3d68cde343ddcb97ac984b733d2ae7662c97a24c514b9a563c1c306f42f1759f,2024-05-02T13:27:25.103000 CVE-2024-34750,0,0,c670e390c383fbaa0e17449b121645c068a83500fff53e2ba8ec3633bed5a922,2024-07-09T16:22:37.120000 @@ -253462,7 +253462,7 @@ CVE-2024-35682,0,0,e3065bea188f47617d60d5ec78ff5563173441e56553fbc4305bfb9f6b8b0 CVE-2024-35683,0,0,35d7e7c403c9e1a0af5b15ee529f21dfe95dd77d68bca956781c650575c54c30,2024-06-13T18:36:45.417000 CVE-2024-35684,0,0,73ceea3685cab6d12bcc00b1be64bf260bc52647423fb13caa461de77b765285,2024-07-18T19:15:49.853000 CVE-2024-35685,0,0,139851b07c410dda78a8d072ad9e34deae44fbd00bd025834cea54049b4e0532,2024-06-11T13:54:12.057000 -CVE-2024-35686,0,0,5a22997601b50761f662ad642396d132d431daba7441c3116de73d15cc2238dc,2024-08-18T22:15:07.647000 +CVE-2024-35686,0,1,32ff2e600a9d8926049897296d1d6fe8809b6a2e4221afcb5a5a74815a856c9b,2024-08-19T12:59:59.177000 CVE-2024-35687,0,0,79fce35ccd3e930bc208091f41ac29961dccd33e15189a2e1b06f3b46062b830,2024-07-18T19:12:50.843000 CVE-2024-35688,0,0,3002fd4b3fe5cc02b7654ca7bf43c572c5d7c5d95678447c325fe6a4dfea431c,2024-07-18T19:11:38.683000 CVE-2024-35689,0,0,a84697d9194d9eaca216c47abe16f4656da4cd35d0aca0020ad4375947ea31e4,2024-07-18T19:11:09.873000 @@ -253659,7 +253659,7 @@ CVE-2024-35866,0,0,d0cc46812d56583865578aa7a7be2bec064126c2ec11cb3bbce2698115126 CVE-2024-35867,0,0,68386f3591f3f188a7476fa5855f8ac1dc116de9bd02ee457a082f6580699d33,2024-06-10T18:15:35.320000 CVE-2024-35868,0,0,631a0c47c7e0f65d439b8d71d6b3955aaa25bc09ab742cc924c15db6f46c8b06,2024-05-20T13:00:04.957000 CVE-2024-35869,0,0,630ed395e8d0f836b200232a6be2974e06759cee7a4d75dd11d6f714bebe5b1a,2024-07-03T02:02:21.027000 -CVE-2024-3587,0,0,09ea7902f9bd8f5c9ceed069fa4e7b40ce3a36e8a7015ff3f393e8af5f041f35,2024-07-16T13:43:58.773000 +CVE-2024-3587,0,1,90fb50de1157dee517c913ab8b3894d23ac0be4d57446c7e9ca8f44255b589c5,2024-08-19T13:34:17.217000 CVE-2024-35870,0,0,5a4167864efc3408c5c38cf8552b084d6c8e10c92910519cd2e6cedd908441ad,2024-05-20T13:00:04.957000 CVE-2024-35871,0,0,56b9e1c7cf8cc227a53238857c6c657b9eb9a1a650e2c064780cac494ab192c4,2024-06-25T22:15:31.897000 CVE-2024-35872,0,0,a0f59ba2a5d815fbc998062ea3a953e4acbf876ea21309bca7a7ecb80bc6c92e,2024-05-20T13:00:04.957000 @@ -255141,7 +255141,7 @@ CVE-2024-38078,0,0,9212754170cb9f68079ed96ed4f778680bb299e2182df91eb9921f2162a8e CVE-2024-38079,0,0,cc77807b9bff64f874a9a3a465038ff584cd27415cfd11977ad7c622d6fe02d3,2024-07-12T16:25:40.860000 CVE-2024-3808,0,0,daebc38f28018f470d095c611a797b48d3de3196e64f610b1b2c2cf5ab2e2da5,2024-05-14T16:11:39.510000 CVE-2024-38080,0,0,0b30162da9e985ccc862a1722fa27f1aee2c43036f0821b6ab829416dc832b5a,2024-07-10T14:04:22.217000 -CVE-2024-38081,0,0,9ec7a791a53b6047ba6a281b8f0ff49e361c538c20891eaddfbbb18457d24c69,2024-07-09T18:18:38.713000 +CVE-2024-38081,0,1,92d8718f575e659d0dd3924100d79765bc9e84273def23dc74e822327be4417f,2024-08-19T13:53:27.237000 CVE-2024-38082,0,0,23c6f123e64a1a12cf5b02d5d58cddce4aac695b84d4f46ea5b094849b0d14e3,2024-08-07T16:21:22.157000 CVE-2024-38083,0,0,3c2469ed2c873a64c64841f8f046f5b40612bd2c08b8213d90aa91d1b11e6c5b,2024-08-07T16:39:28.940000 CVE-2024-38084,0,0,93b36fb5773c86aa7598a5e01d52bf9fb3b5fd024105ba9a2e726961c6b4e128,2024-08-16T20:54:25.520000 @@ -256127,7 +256127,7 @@ CVE-2024-39661,0,0,3f1668a68073bea87fcbf672ceb545c5a59db448343e0d059e706cf687088 CVE-2024-39662,0,0,ecb8cd04dc8c581f4fd22cff35dcfdcc1a520a4f1c785762e812b3c3e81a9d07,2024-08-02T12:59:43.990000 CVE-2024-39663,0,0,5485eaa9a0e5d035b45ebfad60ac233472860db52699a29a8033be0ed950f5c1,2024-08-02T12:59:43.990000 CVE-2024-39665,0,0,09032edffccd86a516bf404f98ff59a6b17bdff21bd482e1c39e1f40936a2fc5,2024-08-02T12:59:43.990000 -CVE-2024-39666,0,0,b3f5ddc4d98a342e6d0b5dae1d643cb7e9b63458cf23dee0d7a3de18c21f76db,2024-08-18T14:15:06.370000 +CVE-2024-39666,0,1,2d74731055b1802e66cb9880637b8ec2f4b01b3ccc50d23530357b4d0b70fed0,2024-08-19T12:59:59.177000 CVE-2024-39667,0,0,483e2b41258c01952d1dfafe22eec63feafc1e77df76287d6f99eb2cf4ad80bc,2024-08-02T12:59:43.990000 CVE-2024-39668,0,0,f12715ae868c1f9b453d75a4c5a1e62f3252bb0d334eacbb04bc073b1c1987fc,2024-08-02T12:59:43.990000 CVE-2024-39669,0,0,56d6b274e749be30b1ff4d12ff6c858882279f47b773d710e8ac61d1e37bcfa3,2024-07-03T02:05:50.580000 @@ -257396,72 +257396,72 @@ CVE-2024-42257,0,0,069b5a4e96675c66db46a639aa141686ff5530ef6ed9e06efaaa21582e67a CVE-2024-42258,0,0,6b21eaebf58128d72e1ceab7d48900d2d3972b04dba8579ddc705c6be6f5d3cd,2024-08-14T14:15:27.727000 CVE-2024-42259,0,0,f93e0601d2226a89c3f393c0fb74976f6259698e4053ee9039b786e4caa1f7f0,2024-08-19T05:15:07.053000 CVE-2024-4226,0,0,5a1ca6b12b6f72b0f4206f29fce66dc2868959ed888bfbcbc74131b5725a94eb,2024-04-30T13:11:16.690000 -CVE-2024-42260,0,0,73f522d23dbdcca67e55822b4ddcaecdb9a15be9ee9fb8c9a0fe4cea11fc7479,2024-08-17T09:15:07.530000 -CVE-2024-42261,0,0,84eb54991e951744c7546079f154425cc157a758e4ad9896f52c4c0296206b88,2024-08-17T09:15:07.600000 -CVE-2024-42262,0,0,c2e991f6609c1428331d9dccc2427bcf37cc0f5e5b3ed48bd378da854ed470f1,2024-08-17T09:15:07.680000 -CVE-2024-42263,0,0,bd2d4eca23c48e156fe97677265b9301805d915a25c735074312544b8a5a62a4,2024-08-17T09:15:07.770000 -CVE-2024-42264,0,0,ce72590bac8bce7457173889c516ee25e198e0613bb147064cb9d823926080e7,2024-08-17T09:15:07.833000 -CVE-2024-42265,0,0,4da48647e0a6408d6308528a5422336b0232a34c46c53bd5ceeaa0b17c5eb52c,2024-08-19T05:15:07.163000 -CVE-2024-42266,0,0,d61d42f269653f06f2361a8350edc5d5d331091fe409b4adf27fae0ce0dc1d8e,2024-08-17T09:15:07.967000 -CVE-2024-42267,0,0,99602b91aebf3d3db58e87082c9d1ea2556b03d848847c2703efb969d82ea759,2024-08-19T05:15:07.247000 -CVE-2024-42268,0,0,d6ae5dd64b2de5cc7f455d5034e466dc8505d96d494dcd486640a03aaa2284be,2024-08-17T09:15:08.110000 -CVE-2024-42269,0,0,8ce18844645146a7354c45763529fd80e2089352f89f0eccbbf2f0c03de11d8d,2024-08-19T05:15:07.323000 -CVE-2024-42270,0,0,4b1b65640203e5e45b1df078c57c5bbf0000a09733789afaffb3f59bfc31bd33,2024-08-19T05:15:07.393000 -CVE-2024-42271,0,0,2338019cc42c32d37713166eec75d4b85d40a97cfda3b8bb74587721440843d2,2024-08-19T05:15:07.460000 -CVE-2024-42272,0,0,f5726c5f3cdc01b325b426e878d54a73d4c5db1f32f92f4563a841cdb5d4f32b,2024-08-19T05:15:07.530000 -CVE-2024-42273,0,0,f37e34e5d838cd6ef9205e4afd7dee90fc0247b19a493436798ec46b45776708,2024-08-17T09:15:08.450000 -CVE-2024-42274,0,0,66ee7c211bf5de951e6a709a94dcfa5f87f62af3ab7490a645d1b40150f30500,2024-08-19T05:15:07.610000 -CVE-2024-42275,0,0,75f5a05b52340e053e57018121c2af00a07bcfcba63420816ca8028c07bef433,2024-08-17T09:15:08.613000 -CVE-2024-42276,0,0,068fdec225503b370f994946b545ec99a31c3ba09e130a660805cf5aeb45c558,2024-08-19T05:15:07.693000 -CVE-2024-42277,0,0,3e842403f15522152fc5ef8a47ff9c1df0f8334ce977e88f9358d0aeb5618438,2024-08-19T05:15:07.803000 -CVE-2024-42278,0,0,20462a5cc1e229b3e5a64db8864f0eabd2f75e66fc5ad241eaa710dc54644e77,2024-08-17T09:15:08.813000 -CVE-2024-42279,0,0,627260882090a97983352e783eb18b0267fd44b4b61e03f75f3207a2ac8cb141,2024-08-17T09:15:08.880000 +CVE-2024-42260,0,1,eb52125b7ac8aa328b971df28fae3672970357ac79f1958c3b76d2a4939b79fc,2024-08-19T12:59:59.177000 +CVE-2024-42261,0,1,72fe870a41ca864453ed4788fd4a91439d6c4b246a2a5f09a56b04af1e7ecbf8,2024-08-19T12:59:59.177000 +CVE-2024-42262,0,1,e87f7760375a43aae7b90d4890ce66a1629fae71857f676486868ed3f7c0212b,2024-08-19T12:59:59.177000 +CVE-2024-42263,0,1,87403f4ca816f23380b6f0d8c6c03c3a7456f3f5da5ff3a53adb775af2384f66,2024-08-19T12:59:59.177000 +CVE-2024-42264,0,1,f800640e5c5b569c4b183e1d3aec25dc561d0e0348589b3fe5445e893ded35b8,2024-08-19T12:59:59.177000 +CVE-2024-42265,0,1,dc9a1e67a9f4810f2841027c6483efefd3f1789eb7007a2fd693f56892bd11a5,2024-08-19T12:59:59.177000 +CVE-2024-42266,0,1,e3773d6d9416557898775f8e251bb3caface8cb0ca7f14ef02f46bb386d50723,2024-08-19T12:59:59.177000 +CVE-2024-42267,0,1,881474d04f014e3df273462be8ded36c9d57a485e542f49fb9e4732784ec7797,2024-08-19T12:59:59.177000 +CVE-2024-42268,0,1,e7a31f976a7847b9c8526c3b58bad6401c7f2e4167e3005ddcb1d89aa985260d,2024-08-19T12:59:59.177000 +CVE-2024-42269,0,1,79dd98ec7169036a70ebf9febcb127e37078ee5dcac6cc05d064ed3371b97e49,2024-08-19T12:59:59.177000 +CVE-2024-42270,0,1,7d3f1ef7781c4f320b876c17de2b54772efc04aa2fdfbec5c4b526e573acea3a,2024-08-19T12:59:59.177000 +CVE-2024-42271,0,1,36be35f0adb4136e64a78007fcb0f96eb08dd4ab645f747913dd24f1cc34c303,2024-08-19T12:59:59.177000 +CVE-2024-42272,0,1,e9fd13caa415324a90840fcf36b4a7f856aa001c7dd930380894db0c2ee1562f,2024-08-19T12:59:59.177000 +CVE-2024-42273,0,1,89c3e5fcb30a2aae5aa3d49a5c5b01333443b5f3eb420974b5dde59246bd10b4,2024-08-19T12:59:59.177000 +CVE-2024-42274,0,1,41adbee025c5f4a53a652bf0a753c3ea42a40dbdd574998956145692ea179777,2024-08-19T12:59:59.177000 +CVE-2024-42275,0,1,1d4b2e93b72816cd6a71a64e9e12e8f0ea317c294fa31038a9062c70cd86a8ff,2024-08-19T12:59:59.177000 +CVE-2024-42276,0,1,1cf69353aae1f5622016d0abc7d910b7648f9f601915d22e1d47d592ff1edcb4,2024-08-19T12:59:59.177000 +CVE-2024-42277,0,1,8964821886d92d4c7cd084cccaf11087d8c57034b3e13ea164eafeffbe449d22,2024-08-19T12:59:59.177000 +CVE-2024-42278,0,1,801b233b4b9b90755c1b46b52beda140cb180ecbb2dc9426544b6b86aae6ba8e,2024-08-19T12:59:59.177000 +CVE-2024-42279,0,1,4072eea42cb14ef4445f722c9302e69097aa69e91098ddb0b91b0bf4f0001b6d,2024-08-19T12:59:59.177000 CVE-2024-4228,0,0,22331e972270e81a8a4d9238da77e1f1eab8644e20c13e517da1e3ed609f3be8,2024-06-27T12:47:19.847000 -CVE-2024-42280,0,0,95cee2fdd4995eebfecb8eab59bfeab216adfedbc157752034cf44d2132aae97,2024-08-19T05:15:07.870000 -CVE-2024-42281,0,0,f5f20e0066ddf07e696c44f3b9e6538a987c9430d1dfcf4edb6711c6a79a5a34,2024-08-19T05:15:07.940000 -CVE-2024-42282,0,0,d3e18207026e541167da7f9cb4d58ddeaa2610634212c29909ba0018542ba3b3,2024-08-17T09:15:09.090000 -CVE-2024-42283,0,0,f02ff6de67e5fcbdb4acdf8bddb14007a8579d3a5715435fd1cfc2f49790a65f,2024-08-19T05:15:08.010000 -CVE-2024-42284,0,0,769173d6fe3298b63d43df06b1c50290b73a794a992503ebc231ebee85649893,2024-08-19T05:15:08.070000 -CVE-2024-42285,0,0,2191b0fe1ffb1a787a3c936af41c23dbc4229c0a712a0f2342998e4529db175d,2024-08-19T05:15:08.133000 -CVE-2024-42286,0,0,18e2ca4a4fb6c6c15f3c4dfad615fded5afca7e3d60ff1858386839093b4e802,2024-08-19T05:15:08.200000 -CVE-2024-42287,0,0,b27c058555cff1714299f148d2dbf45da28aaabb53b5a9f61144d902a5a00285,2024-08-19T05:15:08.277000 -CVE-2024-42288,0,0,f79c440a241a55c4624fc9f432f8c0264ce61881329d619b35af6802e68d6d86,2024-08-19T05:15:08.343000 -CVE-2024-42289,0,0,290f0831b1ecfb6af1a81c7a35922f1ea9c4bee3b27690d9947e1c22265c46c8,2024-08-19T05:15:08.403000 -CVE-2024-42290,0,0,e0ebc952e1ce14318ae2dfb3baa88c086523e8a57a497a8d320a5f23ca68976e,2024-08-19T05:15:08.467000 -CVE-2024-42291,0,0,cdff693a313559c7a1ef3c166e90df7ee5dc33e0cfdd777e35ba9eef436b30ca,2024-08-17T09:15:09.730000 -CVE-2024-42292,0,0,1af73268236219ebfba622b1941760742989b8bcebc65beb499fb22e1fcf4ef5,2024-08-19T05:15:08.530000 -CVE-2024-42293,0,0,89666f05561fb4eab085548c0385358e8f1fca94df5b4637b0f32593c2e895da,2024-08-17T09:15:09.867000 -CVE-2024-42294,0,0,bf820bb68924d280988e62607d01ba17c789d99be98efefea25cbe6487cac561,2024-08-17T09:15:09.947000 -CVE-2024-42295,0,0,4d0820bd5da8e50daa8032d169ff0efe8ab29f1ea1a173a6aebab0fee6d0e1f9,2024-08-19T05:15:08.597000 -CVE-2024-42296,0,0,9f4f74c3816c26d9ebaadec9785c36ad9258720f84cad0a4e09e751fca4ee8ab,2024-08-19T05:15:08.667000 -CVE-2024-42297,0,0,19e26e40526656e2fac42aa437a0a502351c946de7d201882f8b04c01d4e069f,2024-08-19T05:15:08.720000 -CVE-2024-42298,0,0,ded811e43bb8f04ba5fea2c3629ad01f651e9a8521c904c8e12ebae0c707e4b7,2024-08-17T09:15:10.230000 -CVE-2024-42299,0,0,dda41d855d075d4a7e429117769d441b8453574ce2af04542a6d584f6ca6323a,2024-08-19T05:15:08.787000 -CVE-2024-42300,0,0,981cd21d44a900a9d4d9532f94dbb584ede689307d948265b6f2542825889514,2024-08-17T09:15:10.360000 -CVE-2024-42301,0,0,899f627c1f991f513c5317d5ae5329984a5829119e922641586bdec034bb4e71,2024-08-19T05:15:08.843000 -CVE-2024-42302,0,0,f7857b3cae16fe61da236ecf99f85aa1ec10ad805187c2accf59a69d39b1867b,2024-08-19T05:15:08.900000 -CVE-2024-42303,0,0,10e707ce6f068abf275f64a2e0ecbd405571726eb6185b3f9c587f385cf21b26,2024-08-17T09:15:10.560000 -CVE-2024-42304,0,0,2efa7da970175a973d94e9366a8baf9985b8ffe393a19bf6ff716ca547e299cf,2024-08-19T05:15:08.973000 -CVE-2024-42305,0,0,eacafb60e0c792cff44e854f5cdf7b74c531feaae5c425f89db43907e0039246,2024-08-19T05:15:09.043000 -CVE-2024-42306,0,0,26328942ee4c71461a5f0b979ad1aded16b6d9f5c6ac2b32079a1f51d3c7f4a7,2024-08-19T05:15:09.113000 -CVE-2024-42307,0,0,8302c270c0bbed1a819acf6e9a3a3ce017d61b4b2956b79e7e869125e590f511,2024-08-17T09:15:10.843000 -CVE-2024-42308,0,0,46bca6502cfd29518f944e6eb300f5178524c9c4395cdeb877d3842524fc9752,2024-08-19T05:15:09.180000 -CVE-2024-42309,0,0,246a3bf9495aeba6a301dd101b5dd4d05a256631c8161174abb77640e9970e0c,2024-08-19T05:15:09.243000 +CVE-2024-42280,0,1,6193de04bf7bd8f71c084599f52dc112addf7361b5e9e28ba30a70409cc12ba4,2024-08-19T12:59:59.177000 +CVE-2024-42281,0,1,65c759fec937bf57f102ba761a6aed942da5c28968f8447a080bd52fb87900dd,2024-08-19T12:59:59.177000 +CVE-2024-42282,0,1,94bde3182133fa7bba94c7d20e8f49b9cff34865a692fee3b4e2333658a73457,2024-08-19T12:59:59.177000 +CVE-2024-42283,0,1,59daaf404d8269eda7418321a34de2b2638a01aa85bbdf7372dc5d1162d75cdb,2024-08-19T12:59:59.177000 +CVE-2024-42284,0,1,aeb2995908895a6b615320fcee675dd048840a7a8a7425ece974e166554e1178,2024-08-19T12:59:59.177000 +CVE-2024-42285,0,1,3c29632960c057492b24e517abcc326d632b5b40f596652e033aab7d7ad33c84,2024-08-19T12:59:59.177000 +CVE-2024-42286,0,1,24061156d805ced1339b1724f8564154074076c09f5e325f327fdc585683f93a,2024-08-19T12:59:59.177000 +CVE-2024-42287,0,1,ab99cb2182c9d6159d40449c7d07218d1774759ae812acadb1ae409447b25c10,2024-08-19T12:59:59.177000 +CVE-2024-42288,0,1,0473e6d533869d02183417e6ce6ab07ac8e6bd7cacb1e11495e5002891b0aae2,2024-08-19T12:59:59.177000 +CVE-2024-42289,0,1,cfe283d951c108ff98e5103d44cbfe5e3199d1997008b40b8fbd57fde9f2c743,2024-08-19T12:59:59.177000 +CVE-2024-42290,0,1,d27aca27562195d04490643fa18705d7b7ed22675306a86b123d07597c93e3ce,2024-08-19T12:59:59.177000 +CVE-2024-42291,0,1,72aa73e566f0b3c5cb157f1659781e489a73109e53174d8bea3ddc4964e85fe8,2024-08-19T12:59:59.177000 +CVE-2024-42292,0,1,8310aa9a5630623a5a144ae735b237b95b640aed6f25022423101f353e6f84b0,2024-08-19T12:59:59.177000 +CVE-2024-42293,0,1,7cf92cea47cf0aeade81c478f71bad3f09bbe1b4ba14510e43dd89a0a6440ef3,2024-08-19T12:59:59.177000 +CVE-2024-42294,0,1,2798532a99d81325e7009874f45b9da6165ddd9c2b3e4a1fb8285929b41003e0,2024-08-19T12:59:59.177000 +CVE-2024-42295,0,1,f0cd0e6a993b87e3204ed117d3bdfa9958e49bdcdf9632bb8d42fdd57196683b,2024-08-19T12:59:59.177000 +CVE-2024-42296,0,1,6f0a4e19d0af7904c42d2fd48012f42857e020384d64582beaccc791074f5639,2024-08-19T12:59:59.177000 +CVE-2024-42297,0,1,c6a17cd20eb476c36e74835def3dec9425eca068ceb110058bb8cda346565ec4,2024-08-19T12:59:59.177000 +CVE-2024-42298,0,1,847a234781753fbc78128bf1a1b0230495d1dd37b0db004081592c3547d5f698,2024-08-19T12:59:59.177000 +CVE-2024-42299,0,1,1d9a7f76ca05044914ea6b23419a3afe5dfacda94e0276680ead40f3cc253bdb,2024-08-19T12:59:59.177000 +CVE-2024-42300,0,1,0085a0d67ebb00a2eb0fdee834d161b381fb524f015d1781780f7c3f00257248,2024-08-19T12:59:59.177000 +CVE-2024-42301,0,1,caead8f13ad2ac1c26e142953e2d6cde5414964ad9183de15221008c4358bcd5,2024-08-19T12:59:59.177000 +CVE-2024-42302,0,1,0b3683b86953ebdcb232a1db472077e3496a1972c8f177a4a7086b5fe39dc5d1,2024-08-19T12:59:59.177000 +CVE-2024-42303,0,1,dcf78b75f0f625f0e1e5df3b0bc433e9d8484bdabfad7ed343c7012b7aaaf44f,2024-08-19T12:59:59.177000 +CVE-2024-42304,0,1,d173e622eb62d973d07785876ea39085958d8e911790210e06238340260b1d9a,2024-08-19T12:59:59.177000 +CVE-2024-42305,0,1,2a0027efaf18337e14a39532daab3b0d02ba1e240704105fd7925f4d1b755c9a,2024-08-19T12:59:59.177000 +CVE-2024-42306,0,1,ecd4db3e8cdd17b10ea08b2eca0729317a2688c0bef58523ae201bb7d84633e3,2024-08-19T12:59:59.177000 +CVE-2024-42307,0,1,021c1bf3b0b2f8d64c924e06216b8a74c38217276f58a374fe838603733c4495,2024-08-19T12:59:59.177000 +CVE-2024-42308,0,1,2a36ea46f924932ba8b403ffa81309ed7322f08858d89457f1ac73d7be8c21fe,2024-08-19T12:59:59.177000 +CVE-2024-42309,0,1,f3857da62a239a8937a6a8f660f19b33121ce903bc957d8a2a5fc7bd82bd8d6c,2024-08-19T12:59:59.177000 CVE-2024-4231,0,0,c87a42b4dfede9046d13b34e260c0c7ec4e51f68f0fbfb8755010b78e39f405d,2024-08-01T13:59:28.843000 -CVE-2024-42310,0,0,9eb59e34fb030e579c4019ec7d9c954d791d06fa25b2df88a8af064d33489957,2024-08-19T05:15:09.307000 -CVE-2024-42311,0,0,dd93a081546e6478d7efe308709915f08a94b08fe0e0f30d6145c0ac908fe312,2024-08-19T05:15:09.400000 -CVE-2024-42312,0,0,33ff9401c31bc2848a53c76833beb51477b86e744810b7f500d247f8dd834b17,2024-08-19T05:15:09.470000 -CVE-2024-42313,0,0,149c192ddf1d194d19b60d84fbe3a4f68c59539d92fb56cc2dfd28fad43cd72a,2024-08-19T05:15:09.537000 -CVE-2024-42314,0,0,fae79bc6a62aebb94341bd0a34a4ffafb0c7b9e0b8c9de278d5a78cf72fd6fd5,2024-08-17T09:15:11.397000 -CVE-2024-42315,0,0,90ee9ee787d775411337eb3e919a718f1333926233a58c375d402d02c9e4c0c9,2024-08-17T09:15:11.470000 -CVE-2024-42316,0,0,0316f29b9e5674024065f15a396c2f0f43f9d0fd7a88eb256049471822787f1c,2024-08-17T09:15:11.547000 -CVE-2024-42317,0,0,a165dce7f440276c020fbc7ed30fbfa07302c8b51e501fa3b5401c398a7adb57,2024-08-17T09:15:11.633000 -CVE-2024-42318,0,0,5407e1065e2317be659491a0aa5e3f4e76ddafb0a88e422329e3bade9b6fbf83,2024-08-19T05:15:09.597000 -CVE-2024-42319,0,0,97b1d3ea5f63680e439731ebd74b0ad556f44f1414e1d4d3c15cefe3c1a3ca43,2024-08-17T09:15:11.767000 +CVE-2024-42310,0,1,7629386c3f41aa6a34e41a6c5d349fabbd9abea6dcdeef93571adcc63039d396,2024-08-19T12:59:59.177000 +CVE-2024-42311,0,1,ee026ffaa3435a8fee00e98fff3782a46b4f2eff532aed7bff974de91275ee18,2024-08-19T12:59:59.177000 +CVE-2024-42312,0,1,8419f66ad6ae63296361d79f9dacef9b878e08f5aec63988a53ec2b285c951e4,2024-08-19T12:59:59.177000 +CVE-2024-42313,0,1,f319d0057aa3cd90f1188c53e50e737fae9be2ccf322f07044c4d422a41859d3,2024-08-19T12:59:59.177000 +CVE-2024-42314,0,1,8aa67462e0e9b4d4dc4529a08e1d3b792177e1111a519ed972296122b97281bc,2024-08-19T12:59:59.177000 +CVE-2024-42315,0,1,d39e1c5a9741e4f497363cf7739f163883ad331987a363bf39fee0df15c4e5be,2024-08-19T12:59:59.177000 +CVE-2024-42316,0,1,0239a008a917b126c59698068cd78dd2d230edc6a30bd25f3a9ffde53fc4420a,2024-08-19T12:59:59.177000 +CVE-2024-42317,0,1,44f472938e0f5464917f6f6f19a154afd8a7d285193dd7544e55d6415831a573,2024-08-19T12:59:59.177000 +CVE-2024-42318,0,1,9010727792eb410d1e9ad3b39440509d19383e8fe33f90305bb640c17c956a4b,2024-08-19T12:59:59.177000 +CVE-2024-42319,0,1,eb5fc32e810c02d0e4bc3b0d9ebaf0ea35abaefd35cea63e1339820db2a46ad1,2024-08-19T12:59:59.177000 CVE-2024-4232,0,0,d86181ca34c980ccca9d603012d25d1fd9d02a5c899c7483f16d67878d54942c,2024-07-03T02:07:15.740000 -CVE-2024-42320,0,0,96d235ed83f196d3f890c63e30dba1ba25169caa48eb2246ebc6d5c788ad4506,2024-08-17T09:15:11.833000 -CVE-2024-42321,0,0,a4cefc053d872d76f367405d84e5d117d88eefba44ad2da7dc889be6f7e80764,2024-08-17T09:15:11.917000 -CVE-2024-42322,0,0,24993fd95d508c4b214b4780d56aca3b438fdd58c500bfcc3d1c5efb98797837,2024-08-17T09:15:11.977000 +CVE-2024-42320,0,1,3bb9745120c3e683aefbafbca3ae9140002adac221663a12333f744da45f1bbd,2024-08-19T12:59:59.177000 +CVE-2024-42321,0,1,1716db5db6c984bf2ebbd691b80440a9181fa253c6bc8c5d00954d830484e312,2024-08-19T12:59:59.177000 +CVE-2024-42322,0,1,2accb2a45b605eba549de2a0c83236102f9dab689f1b61dc800f0c45a0f92db4,2024-08-19T12:59:59.177000 CVE-2024-4233,0,0,e3336c43dd885f8db6271cd8e49f7796169d1b724e733d53d39e8dcd56cab238,2024-05-08T17:05:24.083000 CVE-2024-4234,0,0,18c98986f4d0c323ca7a76881b57d07f11d740fced15b647da44016411c790ed,2024-04-26T15:32:22.523000 CVE-2024-42347,0,0,9d56c3d6f460e2251d08d50a3e874b7efeb364cadb050367418d1be0b31e15cb,2024-08-12T18:52:08.163000 @@ -257521,21 +257521,21 @@ CVE-2024-42459,0,0,1b31e68c1b4d33528b48a03fd6d9767f75dade645a7a5642b37f7704ee8ff CVE-2024-4246,0,0,d1ecb5c9b82db83c5f960ba668d8749b982008f4e59e30cf96ab22ab0b209b32,2024-06-04T19:20:33.790000 CVE-2024-42460,0,0,7cc8f5c50a101241ded3ad554de6ff811573b60cf374e61565e85a5cfdefc0e9,2024-08-02T16:35:53.760000 CVE-2024-42461,0,0,bba68fac1714eca06b2f70a5c715b9fe71087992bafdb6d29066928e025c5f76,2024-08-16T16:51:40.270000 -CVE-2024-42462,0,0,bd842e4078213663fb9634d032edf846d5a7dcdcf5e81621d6a22c94c7d85215,2024-08-16T14:15:13.253000 -CVE-2024-42463,0,0,a938019478eeaf319f9b08147b37054c25ff2382e54c40bd90ca30afae7c0b7f,2024-08-16T14:15:13.650000 -CVE-2024-42464,0,0,3e63a708074ce366f3461fc42631850434e6ccbd81b25ac91329e1979960a870,2024-08-16T14:15:13.933000 -CVE-2024-42465,0,0,1c0b6edc320d8750d70e421efe32a64e97e1bb73fcf59fbb24c5bad282598f4e,2024-08-16T14:15:14.133000 -CVE-2024-42466,0,0,d86a0ebc4dcb18aca1621b0b7b556b13b3a067e20f4525c591e0df9bbf718bc2,2024-08-16T14:15:14.343000 +CVE-2024-42462,0,1,cbc92a3b2e6229c73a9cedad30c5a98da1136b9ddfb3349db7b9c0774a2a2c02,2024-08-19T13:00:23.117000 +CVE-2024-42463,0,1,3a3f8514ffc2803fbbce851a5fa1bcbc5b37ac5147524f9e5090c6185a99b8a1,2024-08-19T13:00:23.117000 +CVE-2024-42464,0,1,5f9d9d0322fe8e339a1eb4caeac5456ac178cc281c6a3bac74720a508e3f7333,2024-08-19T13:00:23.117000 +CVE-2024-42465,0,1,0eeb5a126ac35cca72d597299dd5958085bf2b24a7d706055eea902cd758ca18,2024-08-19T13:00:23.117000 +CVE-2024-42466,0,1,5ab3a4959b343b59b3e69dc108d87b5be592ad1689a15a2970ce19fb68295c95,2024-08-19T13:00:23.117000 CVE-2024-42467,0,0,14877d641df7f7a9f60fe4fc26388b44826c59b4f02e218ee8f98b04267a611f,2024-08-12T13:41:36.517000 CVE-2024-42468,0,0,033280315ca6f5a0cbf1b6dc455b3524de5d7b93006897795d2f3d517b6c1598,2024-08-12T13:41:36.517000 CVE-2024-42469,0,0,759817e61db1bc4a4e676c0e280b1150c33148b42f7cb711bc7b54940c443d04,2024-08-12T13:41:36.517000 CVE-2024-4247,0,0,e85864e661a2b1d9942e48a3c52bc53fc949e702c33b68de4ade6b9cd86f67dd,2024-06-04T19:20:33.897000 CVE-2024-42470,0,0,80c27758030ad470af1fe592af809b43c23e5b02b7ad3caf74ea2d70586698c7,2024-08-12T13:41:36.517000 -CVE-2024-42472,0,0,ee6d3fa68187c694d98e1ab6b624cf986198cc0918c53d1cbad9776fbca9f434,2024-08-15T19:15:19.233000 +CVE-2024-42472,0,1,7ab57564efdc72933310d3a5f9856c0205ef1bb0a8b6f4b7c4270b076011eb97,2024-08-19T13:00:23.117000 CVE-2024-42473,0,0,4c7c671ee00009c6a5c03d538a956eb7febcd1530231ce4a9c79893c5aea342c,2024-08-12T13:41:36.517000 CVE-2024-42474,0,0,8bdabf0a099aefc7c5946b1cf60e652841fbf036714db582cc2880ddd6217050,2024-08-12T18:57:17.383000 -CVE-2024-42475,0,0,afe0da89382efa89a796c2b96a24cea57660d3a859070901100b23a815df5a4f,2024-08-15T19:15:19.520000 -CVE-2024-42476,0,0,96f7fe8477cf86f6d3ec8c6a0d235a19463f944cdd9b22e1bcb4ece6bdff62c0,2024-08-15T19:15:19.753000 +CVE-2024-42475,0,1,0bea3f4f89f8bc03bac4d639b5f5fdd2b60e43250279ee60d6b04aa71867108c,2024-08-19T13:00:23.117000 +CVE-2024-42476,0,1,f1465443e6b3e51dab23ffd8341536a4d0a88fd0eab640af90824ca752825643,2024-08-19T13:00:23.117000 CVE-2024-42477,0,0,fcae5018af2bef05676d648639d61eec426950973c911608bb1d16f397cf37dd,2024-08-15T14:02:23.130000 CVE-2024-42478,0,0,cdf48197e3348474fc63d3659602086723564e2de2d520434b1a86401eda413e,2024-08-15T14:03:32.867000 CVE-2024-42479,0,0,919a4727e7b8c44b8fb7de183faba90f9bbe38a8002d5847cf0037ef02b3958f,2024-08-15T14:03:53.203000 @@ -257544,9 +257544,9 @@ CVE-2024-42480,0,0,a493fdcfd2cab0bed771f4294216832fdd84bd63bcd8976ed48629d61d56d CVE-2024-42481,0,0,f17bd96b5dbaec9cba44d498d9c9262bc86fc96c852d5e4344475a0f54baa696,2024-08-12T18:57:29.247000 CVE-2024-42482,0,0,ee38da65f82c804eaedcf134ace0faf2e2bb9182856f5a242f4e6a9a1c05ab47,2024-08-12T18:57:17.383000 CVE-2024-42485,0,0,b09b549a640b11a354d44b9475923cc6fe2bb8793f6b86eac9ba8078a1b1156d,2024-08-12T18:57:17.383000 -CVE-2024-42486,0,0,0cf9b72eb06e426c9ae9c3be7c0a8751b5c461e1fe82a33b1cb1479b5f7e9ef5,2024-08-16T15:15:28.777000 -CVE-2024-42487,0,0,dde9f22585c141349578cb26373e47e0dd325811988a5e0b7e05e16eb1c6e527,2024-08-15T21:15:16.997000 -CVE-2024-42488,0,0,8f0e65664c2a6dbec7ae5a47cd6c8abf0a7bf344648f9eb27415d81897f6ec19,2024-08-15T21:15:17.270000 +CVE-2024-42486,0,1,a989fdd89a78984e53108438ae1d4599e890f4b44bbe2719c613b74d6b8f2b23,2024-08-19T13:00:23.117000 +CVE-2024-42487,0,1,2efeb3a744823d93cb77dca921c5d1e1876bd604d6d9b9e3d12e2ec5d005b3d2,2024-08-19T13:00:23.117000 +CVE-2024-42488,0,1,d4b28d6f7587a9892f3e1f2f60f322ad605b2174a3099ed0ae0224cdeca7655d,2024-08-19T13:00:23.117000 CVE-2024-42489,0,0,cdd86cc62ae99e91c414cd210e2840035f1a515c38caae18a4e22c79cdb0af72,2024-08-12T18:57:17.383000 CVE-2024-4249,0,0,20dbadf05c38d413ed14f5d424310da5ffa119a0ccbbcb5b690e0c54ceac344f,2024-06-04T19:20:34.093000 CVE-2024-42493,0,0,f6b5486c33bc66cf003608659d12007760e6f11e14f162d8f0f6b524c3d0cd10,2024-08-08T18:55:19.180000 @@ -257578,15 +257578,15 @@ CVE-2024-4263,0,0,ca3576d1d67e220dba5bd29258a281021ffe39453fa0c4f20e91ad0ccbfbb4 CVE-2024-42630,0,0,4fff96f7d5cfbd5e5589e0968506019fde3792b2edc6b60a8aaf8334fc6488be,2024-08-13T15:35:22.433000 CVE-2024-42631,0,0,1f47f8877d49e8628a42d74c73cac60b8f382fa6d5b7f60da5c7487aa880aef0,2024-08-13T19:35:12.050000 CVE-2024-42632,0,0,6db2b07353e1fe8433bb94ce7c82367301221ecd513a59df2e5f1960150683fd,2024-08-13T15:35:23.410000 -CVE-2024-42634,0,0,b1b6cfe2ac8d3248e82e818ae3726754b2a8ab75b30a61414304d67f2030e21a,2024-08-16T18:35:12.810000 -CVE-2024-42637,0,0,1e9746bd98ffad66b2deae26cdacb6fa66f0b7e7f1ff8eb1ff87df697fcb0175,2024-08-16T21:35:12.787000 -CVE-2024-42638,0,0,8159490722b2f4ce8f42746a6314f7821a9fccb5592443237a1e8d3304bb24aa,2024-08-16T18:15:09.810000 -CVE-2024-42639,0,0,804adb7f0943f514bdaf901615d1a6e9c0b8febea5cd4d04f11253be4963ea64,2024-08-16T18:15:10.067000 +CVE-2024-42634,0,1,6658d1cc4139c37b2ef0667c6ab1d67862bb441366a987a8fc3849f65e0dd18f,2024-08-19T13:00:23.117000 +CVE-2024-42637,0,1,91efd00f3a0c93af0bfc6d360416502bb044589161185dddb1564bcf24f65c8f,2024-08-19T13:00:23.117000 +CVE-2024-42638,0,1,f8a971101f7cdf9fa56d822dabf1a1d2d2e6eccbd0431f9555d3577ca133854c,2024-08-19T13:00:23.117000 +CVE-2024-42639,0,1,49d80c0291e506622496e3e7404299f1bb919735e3c40b74a1c228c47facef4d,2024-08-19T13:00:23.117000 CVE-2024-4264,0,0,aceade487dcdf82d5a23a178a070b3c07d4cce69337175854977fa24341a320c,2024-05-20T13:00:34.807000 CVE-2024-4265,0,0,674cb78ce8c95e07c05495b52772b5d4a079c608362a6e67c2dfb567e6b8517a,2024-05-02T18:00:37.360000 CVE-2024-4266,0,0,4e57f554a9a502210e7298e86f8a93b4c9fd8085f966eca22533475a40566a21,2024-06-11T13:54:12.057000 CVE-2024-4267,0,0,b21b1be134b642d147ee55ecb619e0382fab4366c661a291e53904c7941658dd,2024-05-24T01:15:30.977000 -CVE-2024-42675,1,1,92c6b6457955ed616d1577d62ebea7dcf172d2ecdd66922f34ded7a7ee2d3b6e,2024-08-19T09:15:04.283000 +CVE-2024-42675,0,0,92c6b6457955ed616d1577d62ebea7dcf172d2ecdd66922f34ded7a7ee2d3b6e,2024-08-19T09:15:04.283000 CVE-2024-42676,0,0,903de489b767e6e70df06446721c35501fc695b15db3b6110b69435fd605d638,2024-08-15T17:34:07.033000 CVE-2024-42677,0,0,bd923508aae67948aff406a304a54aaf18578381d4ab1ca872bd3e736afb1411,2024-08-15T17:34:07.033000 CVE-2024-42678,0,0,9dbe99433d59aa89bbada7e91e9acb63bd7eb7d9f0c5b0c1d41b5cbe3f2983cf,2024-08-15T17:34:07.033000 @@ -257613,16 +257613,16 @@ CVE-2024-42745,0,0,d2f467113cda4cc30e7255dcf19a80218eafc314dce633f11469c2e4a02ca CVE-2024-42747,0,0,4d1c99e860bf6905b5d644799ef0c78895a722730457e9c7bd1d214b39f83bc6,2024-08-13T17:35:04.540000 CVE-2024-42748,0,0,52e6e14746af30f6f3124891b89bbdbe775ebb6c4232d3347332f267006d05fd,2024-08-13T17:08:53.510000 CVE-2024-4275,0,0,c229bc373f94c5248df137d0b0d9ca9d61bf79f845040a419335cc081cba5e27,2024-05-14T16:11:39.510000 -CVE-2024-42757,0,0,e8ffebe384aeef6e94c26fffd5c4dadabf8ffbe3eb827a1eb3f7d3a71e6f0341,2024-08-15T19:15:19.977000 -CVE-2024-42758,0,0,83d20d88fd40e1e74e1393438bac210d768977c72cb8fe11a2d9ebb44bf261bf,2024-08-16T18:15:10.400000 +CVE-2024-42757,0,1,95625a6e50c27ce340e8acfc982700097d9fc83730e49a1ee849ddb378ae13da,2024-08-19T13:00:23.117000 +CVE-2024-42758,0,1,43df8a39b9dbcdf4f537585c16c590478cb9162ec0afd1108014fcf9544ca38a,2024-08-19T13:00:23.117000 CVE-2024-4277,0,0,ec975a6ab8cd435ccab2b915965095df8c992e1e8e765cf73bc6d545aa3b1e0a,2024-05-14T16:11:39.510000 CVE-2024-4279,0,0,dfbad3c4052d0097199e5a57f42abb52975c0de3af4475a04c90870b0d97f015,2024-05-16T13:03:05.353000 CVE-2024-4280,0,0,f46c38f13eff52b4d020fb374e18f92e6528a4bade2042627b2165ccf7b62772,2024-05-14T16:11:39.510000 CVE-2024-4281,0,0,cb48c26c252b1c83fb4810210335ce05e1fcbd94e5804419418b4f73b9d5c028,2024-05-08T13:15:00.690000 CVE-2024-4284,0,0,4fbe27a80563712e41b6422ac48754a31c657da862cab89b959335ecaf13d90e,2024-05-20T13:00:04.957000 CVE-2024-42843,0,0,455790904ae51cac3db25b73b70849c5736972d9b0ddadf5316976a6304eb594,2024-08-15T17:34:07.033000 -CVE-2024-42849,0,0,9a88ac35c37f0e3806f6dd0b6d327d5720f565d97c0ccc7d46252a05bca6517e,2024-08-16T20:35:17.050000 -CVE-2024-42850,0,0,28614507876416394e9bb0f0b670cc75cf3ffa7b986b96793de9e27cdcba1433,2024-08-16T19:15:10.317000 +CVE-2024-42849,0,1,476a8b05abd0e5119b7af3cdc63ecacc25e4b753be03084352759f8b34a540b8,2024-08-19T13:00:23.117000 +CVE-2024-42850,0,1,a41c0c6ac0f4510c69190938467fe4e74260f2aca58a09a464fab2c1ef91b0b7,2024-08-19T13:00:23.117000 CVE-2024-4286,0,0,4b983e074dfcf6df9bba7e92a07b4865c0022e26c41bba4144154cfeae541d31,2024-05-28T12:39:28.377000 CVE-2024-4287,0,0,e4eaa9cc0eedd48e962bf47bbdeb2988e2d50ccd6011525ef3609c758b0c263c,2024-05-20T15:17:54.513000 CVE-2024-4288,0,0,98dba4b61502f5abd6b75fde706ee82a9bae31a5b0be7db458ed8cfdf0d8bfc6,2024-05-16T13:03:05.353000 @@ -257671,18 +257671,18 @@ CVE-2024-42985,0,0,fd3e2b3b518908e52ebda25c2cfe8cc913346bb2192127a6006d7d26017d6 CVE-2024-42986,0,0,729f44b69d8ed274bedf72a20b1cd0e83d0be1662a818f8ffd16806b1da8caa0,2024-08-16T13:26:43.100000 CVE-2024-42987,0,0,be14eefacd9f282e13e394cb1aeefe62ea3c84389f7783546c46d3192df9881f,2024-08-16T13:26:27.123000 CVE-2024-4299,0,0,2eb1fe754d25d4fca4f14435247c4dce7f2aa132c3677595429d39db730cdde4,2024-07-03T21:15:04.313000 -CVE-2024-42994,0,0,295dae91474f9535d789452704b8c40ca586a2c89b6a720f0e60f2508c5571a9,2024-08-16T18:35:17.200000 -CVE-2024-42995,0,0,3bbc9e98b4daad8505041fd6d10324435f6e7725c5e3393e20ba1b778ef45717,2024-08-16T18:35:17.930000 +CVE-2024-42994,0,1,46088bee324f9fb8a88606d17f14c9f666ebd59ae6a0d59deea5611547b28ba5,2024-08-19T13:00:23.117000 +CVE-2024-42995,0,1,5fe3b52ce312f2adad41265b1d44f25534179e7b5138e6f382ca4cb8e97a4739,2024-08-19T13:00:23.117000 CVE-2024-4300,0,0,9683d559686bc261042c0ad86aeb3d06ca0ebb649bc8d0eaba9f4d32c108bd00,2024-04-29T12:42:03.667000 -CVE-2024-43005,0,0,244334acfcadf5cd00134eabfc1409bebc0359f884f6047e832e692758379e36,2024-08-16T20:15:13.253000 -CVE-2024-43006,0,0,86c44a31b2243e46e17ef99267b8c7f224c851aabe8910002ff8d134bfe6ac7d,2024-08-16T20:15:13.333000 -CVE-2024-43009,0,0,7b6847c1882b7f6961638e9fd403a52af7ff0fde1908087f7a41281db30415e1,2024-08-16T20:15:13.410000 +CVE-2024-43005,0,1,0bc697e46ea36091b4586c782816e9f833af1c66afe6c5abdba939a146d8ac86,2024-08-19T13:00:23.117000 +CVE-2024-43006,0,1,6fa449db44d1ea8c22889f4e6b623cfcac6d8f62a203c093e2dd4c404ff568c8,2024-08-19T13:00:23.117000 +CVE-2024-43009,0,1,7c9a02beb9141b4a4a3a97bd92232f6b2f07a31ee7cb9ec7ede41003795ef08e,2024-08-19T13:00:23.117000 CVE-2024-4301,0,0,218172685a71d9dc14b7de60ac62731c757d7801c2c506799e72286e245e5cdd,2024-04-29T12:42:03.667000 -CVE-2024-43011,0,0,8d3f3aff1fe06fcc58bd2d22f3b377d42e2f74966b4cc6c8961c87f6f03a6de2,2024-08-16T20:15:13.497000 +CVE-2024-43011,0,1,95cea6fc55bbe82bbab2af80ba15a629e36d7e3182de8fed91df181cfbc4b338,2024-08-19T13:00:23.117000 CVE-2024-4302,0,0,3989b291497fea424d341ee8d50afc238ccc795cfb4606a4430491f615d9ea6b,2024-04-29T12:42:03.667000 CVE-2024-4303,0,0,83a712aebf2d4281174fc319c5a3b5ed1f6b2a8b7c1590974611c884faeb0657,2024-04-29T12:42:03.667000 CVE-2024-4304,0,0,cc036c021f3a6e70e19e6533fc0c5b7e8e9615d68f40d67450c876ce97ebcd8f,2024-04-29T12:42:03.667000 -CVE-2024-43042,0,0,4cf19128dfe0d8fe66fa57b3f9dc5f699e5a078ec15a1bc95f7ce46531326301,2024-08-16T20:15:13.573000 +CVE-2024-43042,0,1,b853bda14fa02964a16c19d1896f72364ccfb9e1c7f5c0faac2a5ae6d185d191,2024-08-19T13:00:23.117000 CVE-2024-43044,0,0,0f847f7b25552f59db6fe108bc5868ae7095ef3bf92eb01d14caa8a1c32e542a,2024-08-16T17:19:30.643000 CVE-2024-43045,0,0,0dfb92f72f0dbde6ae96c501ce5cc9672bcd5c0db43f23e4e6beeb976b582ca3,2024-08-16T17:21:26.803000 CVE-2024-4305,0,0,3d3b1d1c5c813e5fa60e1eff1163926298ea6a7612f6966e2cad8be591d14008,2024-08-01T13:59:30.377000 @@ -257715,7 +257715,7 @@ CVE-2024-43139,0,0,c74c0f3dde7756ee6f145dfa944df2bddeeb719e29cd3b22fb911239d7691 CVE-2024-4314,0,0,5b91c731cc96c112e4837604681a355586cd629f1c71449572dfc7eb6fafd4a6,2024-05-14T16:11:39.510000 CVE-2024-43140,0,0,879ec5b84127dbdf3b24e5badc8e43666af405516e082469bf8472d96501dd05,2024-08-13T12:58:25.437000 CVE-2024-43141,0,0,f29f7de7eae578d120c59b0305acaad325acb97a127ccd6d6289a33a71c747b6,2024-08-13T12:58:25.437000 -CVE-2024-43145,0,0,626b2434bf7c98382edbf5d19da1780ec1f4cf5ac5b687b7f2c3064e36c4e62d,2024-08-18T22:15:07.880000 +CVE-2024-43145,0,1,7ccb83b884d8dc58ceb4932d45768a752924d5c2938e5a3f671a778aaba995f8,2024-08-19T12:59:59.177000 CVE-2024-43147,0,0,667e4e165f9113b4fe4ef729d1c96bbd751ca2d031ec283022e85cfd98eae7e3,2024-08-13T12:58:25.437000 CVE-2024-43148,0,0,cff5965efef0a90e2b87f245b5b8084669061ce4646f39e1c94e0f70b2166d42,2024-08-13T12:58:25.437000 CVE-2024-43149,0,0,b80bf672b131435d7d08c3c95203fc8f832a533dd6a8944c2404b2b39520a185,2024-08-13T12:58:25.437000 @@ -257739,7 +257739,7 @@ CVE-2024-4318,0,0,7b0a62dc8691f5e6f2210e7e19a78c6d4d5c9f053f662e7593a96cdc8c097a CVE-2024-4319,0,0,7ca0245a01df3d5ced472265b32f90c6f6a22a37af3715d5589379ecac1f6a24,2024-06-11T13:54:12.057000 CVE-2024-43199,0,0,94150f8459e19abf18625a946d8a507867275817cd3d9928084030fcb7fa8330,2024-08-12T12:59:48.253000 CVE-2024-4320,0,0,f21f873c3bfeb896c071276000f6bbe2ae4420d2f2c3184178334c98a666705b,2024-06-07T14:56:05.647000 -CVE-2024-43207,0,0,91d93de5dd1d58805ae0590e5e02570650503a555bce54070ed3eac1e39bab86,2024-08-18T22:15:08.090000 +CVE-2024-43207,0,1,e22c5710770b6cfc075b06ecdaad97a6d82c458382d84efdd62d5cddbde66f6b,2024-08-19T12:59:59.177000 CVE-2024-4321,0,0,9cab2a859d144dd765da27aaa03d49bb12083c0b11abfa900a9b065f4ea718e1,2024-05-16T13:03:05.353000 CVE-2024-43210,0,0,38b1ddd569737ddf84a414c75c09c54bffe5570d779b3b2b7d84160c7c88ff6c,2024-08-13T12:58:25.437000 CVE-2024-43213,0,0,6c696e57f95479918ef25ca22ce88cf027f14ad7abeabc2f23e004d6693a5cce,2024-08-13T12:58:25.437000 @@ -257755,83 +257755,83 @@ CVE-2024-43227,0,0,ad1f6a93845342802a80b9924c653d05f8aded241d8c4fe476abc24eaae6f CVE-2024-4323,0,0,8795dbc0ef00377d638f97794032c86e045103be19a16a47714b9d0a60088551,2024-05-20T13:00:04.957000 CVE-2024-43231,0,0,576ae207e6ba8489a6ff51c30718ab9a1cd372eb2df3fcba4d400349b580379a,2024-08-13T12:58:25.437000 CVE-2024-43233,0,0,1b4af7770e832b42b8de9434c8175a113ca03ccd398ae87b3d3135806048f23d,2024-08-13T12:58:25.437000 -CVE-2024-43238,0,0,ce7255c1c134cad6a5254a06b54b5fe5157846bb5f240a12571bb3e78a220737,2024-08-18T14:15:06.583000 -CVE-2024-43239,0,0,eb3d06e5266756c8e723bf89f7eb98268e48f59d9a2bbbae6b37943f22110832,2024-08-18T22:15:08.277000 +CVE-2024-43238,0,1,c8521e7625c83e605f0b6621da252175bd1f21854b9854934939807c71b6a24b,2024-08-19T12:59:59.177000 +CVE-2024-43239,0,1,79d51d8573e5ae7ca3d4a994fc625c6641954aca391d8556cc284fe714bd5440,2024-08-19T12:59:59.177000 CVE-2024-4324,0,0,fc63521759a8641132ed78ae3099f2b2ca0952db3d329b9ead7b1b38a39cf68e,2024-05-02T18:00:37.360000 -CVE-2024-43241,0,0,58e119d7c91bcfe70091388c719f5f6d49c22bdff966f7ad359b7aa21dd27d30,2024-08-18T22:15:08.483000 -CVE-2024-43244,0,0,b5bcdee1af48c322705de80f8ad924be53950898dd0fcfd72025a3e57eb67cd1,2024-08-18T22:15:08.680000 -CVE-2024-43246,0,0,746f4e3e6c9730295f477b49797010f3909c4c25d3cbdd007bf6a8e138df92fb,2024-08-18T22:15:08.877000 +CVE-2024-43241,0,1,c39932a6e0a58bfac7ae4f1cf6af814f732177d07f4a962afc92645b7cabd135,2024-08-19T12:59:59.177000 +CVE-2024-43244,0,1,1886195ce7a92c6294c50cae518f93eff0f2be660d6ad12e641d6bae1e37edd4,2024-08-19T12:59:59.177000 +CVE-2024-43246,0,1,44a65a28ca2af5cc21ed79f6503fa68b6cded6fd3bf6e91f921a120c96c44499,2024-08-19T12:59:59.177000 CVE-2024-4325,0,0,76d9bad54216516dac1d03211c486bb781521a024ebba7e9a0e98047a78d0bf5,2024-06-07T14:56:05.647000 CVE-2024-4326,0,0,d965aff3554882d9e9e5ba1861fcd18121a605b5a6347dc41a19bd090bda9a65,2024-05-16T13:03:05.353000 -CVE-2024-43262,0,0,a3edb00027179f42d4fcbfd9c96894d5928f9ee7109ba22cb763ba61ec5855eb,2024-08-18T22:15:09.070000 -CVE-2024-43263,0,0,6745202447f500bb018ddc19e880a3f06051ec288db459126c9bc09d40d6ce59,2024-08-18T22:15:09.270000 -CVE-2024-43266,0,0,3d83a3a3a7ff679dfaeae7b56317aed88af2911851514fe321c09d05daa8db2d,2024-08-18T22:15:09.463000 -CVE-2024-43267,0,0,4537cc3d3ecf4084e01314fa888f95140e8f7f1b5acb9d4c74dc8f33abe1eeeb,2024-08-18T22:15:09.663000 +CVE-2024-43262,0,1,ee2d00bd7b26cdad642ada4c4b2d7bc02c0ccfbce8aef1634bfd7f75ad8dd06b,2024-08-19T12:59:59.177000 +CVE-2024-43263,0,1,cf9b7583314454065255b112c0283ce49c3cc8a3b709e9840e4d308ff741cc3e,2024-08-19T12:59:59.177000 +CVE-2024-43266,0,1,751fa9ab2a13f701be885e7a1662c496db49511ced127e99a8ff80c20e1ffede,2024-08-19T12:59:59.177000 +CVE-2024-43267,0,1,5b844fafa4776837e860aa27df30c3483f35542b577634e0b86bc9628cc0c001,2024-08-19T12:59:59.177000 CVE-2024-4327,0,0,9a5f942b6958d2271ac79f44a3dfa6f019a91702ea5bf4b7c110b804ce763bfb,2024-05-17T02:40:22.673000 CVE-2024-43275,0,0,78ead3cb089aaf7c18ceb1d81053b0c408f631313f8368c9da5d02a09209ccb7,2024-08-15T13:01:10.150000 -CVE-2024-43276,0,0,1327b07b07996c9ea2c2148b4a57bbf83cde40df49695242a6b4d52226e84136,2024-08-18T14:15:06.787000 -CVE-2024-43278,0,0,2af49c25a30a9dba5ec086ad36ef14db6f90327451a6dff37da3c0c38b6f941b,2024-08-18T22:15:09.860000 -CVE-2024-43279,0,0,47b4ca584f9cae457549b0ca00f096f7c240bc293649736bfda12c48a6e5ee97,2024-08-18T22:15:10.060000 +CVE-2024-43276,0,1,009413fe653f24508bf0520a9c733be017d63124458beaa10db3152efbfa2eeb,2024-08-19T12:59:59.177000 +CVE-2024-43278,0,1,ce315fd6df2c7c03732ec4666e0eb8df6d4b7eb3d4a28c76f708a96fbe277c0a,2024-08-19T12:59:59.177000 +CVE-2024-43279,0,1,e987096db9ded741b69a195b2928ea4cd7001885008ed57560d4daa954a47390,2024-08-19T12:59:59.177000 CVE-2024-4328,0,0,243566e1cc6bca4cb71823d7b7f30591e3ccaa89bb4c9ba718cf8de1f025e822,2024-06-12T19:33:00.527000 -CVE-2024-43282,0,0,5f54f98543c20de255eac387764c66857cadfb4b5393222d5a74bb7e7f400ac1,2024-08-18T22:15:10.250000 -CVE-2024-43284,0,0,48093a5b579e3c127053a188dde7bd8fa914aeb3037699805e2d23f48ecc341a,2024-08-18T22:15:10.440000 -CVE-2024-43286,0,0,08961bfff07dbc16743176b1132c8a5ad7a5c76f7be3d67c745e5a19d9a700eb,2024-08-18T22:15:10.637000 -CVE-2024-43288,0,0,2b443b5d152e79372d1cc3f4de544528d2b7b4aaa48b29a5f770adb95cc794a5,2024-08-18T22:15:10.833000 +CVE-2024-43282,0,1,51a1b7b60973a964536d725b46eb7f27a1885c2e782a5c2cec51a4dab10a1bb5,2024-08-19T12:59:59.177000 +CVE-2024-43284,0,1,9ec27cbbaa1c9c776151f787875b1a5263af16803ae4108b77758144ff0ef781,2024-08-19T12:59:59.177000 +CVE-2024-43286,0,1,8d445c08837bc0d69bb39f698d927b03a1da9d91e0d6c24aee947cb16e9db230,2024-08-19T12:59:59.177000 +CVE-2024-43288,0,1,cb601481b4f7f99c135ef7b3e4ee49c8b3bc97950f1eeb07b9266e26ebe0290d,2024-08-19T12:59:59.177000 CVE-2024-4329,0,0,915fdd462793e35dddcb6a188ef6774a9ebc56a526b1b0698bddaf3c23ba3b77,2024-05-14T16:11:39.510000 -CVE-2024-43291,0,0,2a9e2e85570880614837bb539af3a7dc9cee96cc84aecaaeaea465622f89a7e6,2024-08-18T22:15:11.023000 -CVE-2024-43292,0,0,c8ba7d51783bc736b61011d0094bed3835aba478c902bb0e881c059fc1c4920f,2024-08-18T22:15:11.213000 -CVE-2024-43294,0,0,83b694cd8d87cd0899cbd8be12f8343e27c3fd053694cae359dfee882f10a26f,2024-08-18T22:15:11.443000 +CVE-2024-43291,0,1,fb50f3403a5239357eaa4233d35fbbdf0287b954bbd3c034bc45e3a17c6909ae,2024-08-19T12:59:59.177000 +CVE-2024-43292,0,1,a73011f291a9642d1b2f2b537dc2970614132291a2af4b6cb40910bb0d866545,2024-08-19T12:59:59.177000 +CVE-2024-43294,0,1,115da993f44036adfff3784c8efce939e5d53bb4f7ab07ebab66e86a98521dda,2024-08-19T12:59:59.177000 CVE-2024-4330,0,0,fc15b5e6e8f2f0c0d6f88562ddea62a293dcb49ee86f17536355ec11fc8680c3,2024-05-30T18:19:11.743000 -CVE-2024-43303,0,0,519b513483e722de876e8c5cc38a1fdc3c50dad8a8e6e2e6d61c6e45bbc333cf,2024-08-18T21:15:03.647000 -CVE-2024-43304,0,0,33c756a9b95351263e96765f2269c64aca0a7c8286663f51a1cc9408dc987899,2024-08-18T21:15:03.860000 -CVE-2024-43305,0,0,9fd98bb7d48477ddbf9f1b10a6ec28752b423d821908baff2191f5d92b81ba9f,2024-08-18T15:15:03.320000 -CVE-2024-43306,0,0,c162cc879c38af0ff6ff430290e806b67f6106e77f71856ef233366846e5edda,2024-08-18T15:15:03.523000 -CVE-2024-43307,0,0,28f6bcbe7ef6126b298409cdbb1de3962dd527765ec65de7dfbaa9be794b5105,2024-08-18T15:15:03.720000 -CVE-2024-43308,0,0,cc1218affded6df6733cd6e6243d85a9b7c149caac0e64148014f977b1b2dd4a,2024-08-18T15:15:03.920000 -CVE-2024-43309,0,0,6a6641f301d22a4a49ef14bd4948e4eb2ad8fdc01b0b78446732e53b57213ee2,2024-08-18T15:15:04.110000 +CVE-2024-43303,0,1,11d9501682f62a268ea8fd6f03971205e43f433af8e58b9f115735076a0f4308,2024-08-19T12:59:59.177000 +CVE-2024-43304,0,1,0198c9c448bd60be5feef590d21005c81d3809f24efdc4b5ed5165051bdc5338,2024-08-19T12:59:59.177000 +CVE-2024-43305,0,1,6bccf6d377d1be8be62035a992eba5e29974b8b5e3f639507282b3c5fef7f322,2024-08-19T12:59:59.177000 +CVE-2024-43306,0,1,750952469de85379e535e7fe36ecde4cfe7585cff9fc420db3ff5b1672090ebd,2024-08-19T12:59:59.177000 +CVE-2024-43307,0,1,756435dd685e6ec1730a305e988ba2e01786ffce6cef7ad1c53c4b8372b4d97c,2024-08-19T12:59:59.177000 +CVE-2024-43308,0,1,69d0620714881b9844f3cfb48d168468350ec94f18e61edc0e6e8e74a91b1458,2024-08-19T12:59:59.177000 +CVE-2024-43309,0,1,ae9ffc5777a2ca9fc1d6ae36a20dcccfb7bd846279b2270069c08a95bc60ba1f,2024-08-19T12:59:59.177000 CVE-2024-4331,0,0,f83a1d11dfb2c744e38bc97e75352f54247538f697e111d3b125724e343ab75a,2024-07-03T02:07:25.070000 -CVE-2024-43313,0,0,9f016e11abc51c162cbb68def428d2301e20425131f0ceed6a98db33d449ccf2,2024-08-18T15:15:04.310000 -CVE-2024-43315,0,0,c630cd9516c386f346984650ea73ad7cfac83df9c8cc80312438bc3ea6b29117,2024-08-18T22:15:11.650000 -CVE-2024-43318,0,0,b3eec787ca00cc1277ca41c66d7b3f354b16e0d89114bb90efb1de3f373dbe4f,2024-08-18T15:15:04.500000 +CVE-2024-43313,0,1,c53c97bdb9b1fa19aab2af1cb1b43fa0465e27a5f29b44731ef613ebedef081d,2024-08-19T12:59:59.177000 +CVE-2024-43315,0,1,e6014d85dffd349f3b2ce7320cc3098b6f662e4bd5c45fdcd4617c84b6eaae10,2024-08-19T12:59:59.177000 +CVE-2024-43318,0,1,79a8e26aa72eb11eb023e3b493d059563983e38893c3fe6e33721b1cd776d8b8,2024-08-19T12:59:59.177000 CVE-2024-4332,0,0,229e2a44f62342d9fecf4d77bd1ae1368633da9c89a437515cafc4b1ffcbd9b7,2024-06-03T19:23:17.807000 -CVE-2024-43320,0,0,951d5aa8f8321f3bbb08736a83f3b5bb2eb023b49c477596a49570897ee3b4bb,2024-08-18T15:15:04.693000 -CVE-2024-43321,0,0,412b667b57584a1a850b6b935ee963a15ff05a90781256cbfb41b1fb974714dc,2024-08-18T15:15:04.897000 -CVE-2024-43322,0,0,aa26f929bd945a2d78f2846549dcfd61fada59d5663006cd7849ed1ed1978082,2024-08-18T22:15:11.840000 -CVE-2024-43324,0,0,76cf3f26ac0f3fd153a1ce482effef994d5f8372f2b8fa48c7537ba455385109,2024-08-18T14:15:06.990000 -CVE-2024-43327,0,0,f0dc6fa187f7a0536637007cafd249bc2c6e88cf46e7662b6ca51a2214d0052c,2024-08-18T14:15:07.197000 -CVE-2024-43329,0,0,f2dddc3cc1cf66278244805f602d67f1c448cec8f86f9a645594d7c450004cef,2024-08-18T14:15:07.400000 +CVE-2024-43320,0,1,ccee38afc2a835bb009830c4531368282e9727bc0052e4d4c17d31bfd55ad002,2024-08-19T12:59:59.177000 +CVE-2024-43321,0,1,bb703b2de13a267b8724635b0dde06893a82d0524de00aebee7a6b84161b8d61,2024-08-19T12:59:59.177000 +CVE-2024-43322,0,1,e2ca647ab771c590c5e49dd4792b17cb2a82d2c1efaab05806782389dbebd2e3,2024-08-19T12:59:59.177000 +CVE-2024-43324,0,1,33fee068f1fdc9b6c272e60c8c07be2143ad8b3f7322d5fc2bc8d91bb1530540,2024-08-19T12:59:59.177000 +CVE-2024-43327,0,1,a8f936582a6b445f01bc77c962aca7769e9a1c49bc866607b819b7c4fd48f5ab,2024-08-19T12:59:59.177000 +CVE-2024-43329,0,1,26a74de26b02346cc9aef959a49d84425cfcd1e61c70d1d7eb5550839aec98ac,2024-08-19T12:59:59.177000 CVE-2024-4333,0,0,640575820e0b30891814a5a9385bc808a4cb1fa6f8846116192c877d2f9953e9,2024-05-14T19:17:55.627000 -CVE-2024-43330,0,0,7e47c2a279e2683674ab70552afd1bcfa18cc6856f2ad2a818324110dbeab033,2024-08-18T14:15:07.597000 -CVE-2024-43335,0,0,55eacbeda747cb7454ab956a8321dde1266597c0e3f4481d03e079f6fb2d8295,2024-08-18T14:15:07.800000 +CVE-2024-43330,0,1,18c9cc1b418e02c0186c70603a33b75d4945832a6fdc2ddcfc149e88ac786f4b,2024-08-19T12:59:59.177000 +CVE-2024-43335,0,1,dde6dc17375e74f502f7f2bfa9005d811d4652c2ebc27ff9b5ef0997127127d2,2024-08-19T12:59:59.177000 CVE-2024-4334,0,0,0bbc9e9de57a0c229384d6d19ec0f1942ba088838a67e65a09daa4455a2054dd,2024-05-02T18:00:37.360000 -CVE-2024-43342,0,0,ae1a497fc2d01bf8409c86a604ef92224e6ccab6dd8913dd2dda626fcfe4abaf,2024-08-18T14:15:07.993000 -CVE-2024-43344,0,0,7ffe4867fdbe319aecf111ed8029276c6b365d160c505a31c1f7d2effa73da4b,2024-08-18T14:15:08.190000 -CVE-2024-43346,0,0,d7da79348dadc4e619c70198aef0979e758a09b67eb9d9ca3d45f76a9eba2d36,2024-08-18T14:15:08.403000 -CVE-2024-43347,0,0,151804af95c9ae28497f46dd877847b750672a82239dc83fdae21aa765b4eaae,2024-08-18T14:15:08.597000 -CVE-2024-43348,0,0,6a37677082f2247ee5c2620ee069bb780a9e39d79f9379f6908d0805a34f2cee,2024-08-18T14:15:08.793000 -CVE-2024-43349,0,0,90d696d5b6e861a834162335ad7d1b0695397514fe0b751b2c66b44a72e77f51,2024-08-18T14:15:08.993000 +CVE-2024-43342,0,1,ee642e0e72d4e0e4ec6b9a91be938e0b4b5b569cf7ce0c2f528a0acbf756353e,2024-08-19T12:59:59.177000 +CVE-2024-43344,0,1,379496d95a40a85d8ca980cbd671a249672d41d04bb66c9b9dcaac6246ede174,2024-08-19T12:59:59.177000 +CVE-2024-43346,0,1,570d0cbe7918a4fb4c0a3bd9c07365439742f024e036e2f65c29c7f9160e1fea,2024-08-19T12:59:59.177000 +CVE-2024-43347,0,1,a069bfc58b83fe59c8005c1de81afd5aa4891713ad4051f4fc9cde4e734ceceb,2024-08-19T12:59:59.177000 +CVE-2024-43348,0,1,4e587a486ab64b74f27c7a0d66471182d7fcb8dfc3a2efb9e38ff5b79c569ce9,2024-08-19T12:59:59.177000 +CVE-2024-43349,0,1,06b772947d444ef80f4eebad48cd8113ab45f503715ce1c55a2701d628acb186,2024-08-19T12:59:59.177000 CVE-2024-4335,0,0,0ca058a6a5d3d4471e4538114fc6d3ccf52ed0e69923cf2c5461b8aef31c87bc,2024-05-14T16:11:39.510000 -CVE-2024-43350,0,0,677f68079ec597fb14b85e77dac056665f60bc48ecf2a4416ac2f2c5b917f7c9,2024-08-18T22:15:12.033000 -CVE-2024-43351,0,0,9f14d9d85581aedf9e6daae162bb0a2a0f46734d33ad2208e90c8bb2eee02bd3,2024-08-18T14:15:09.187000 -CVE-2024-43352,0,0,e83e0c41595f85fcfebebb84fc3a271a645f1df8a676f95c21b46f5a73ce6fa6,2024-08-18T14:15:09.380000 -CVE-2024-43353,0,0,b36e57f698bbcecaaa53e730e555a16c07221c30e4dda17b92fa02b775f2b264,2024-08-18T13:15:03.637000 -CVE-2024-43357,0,0,5dc27b73f336cd5e6c70fedf39032f4547faea9efaaa946c66076ebffd733738,2024-08-15T19:15:20.107000 +CVE-2024-43350,0,1,9cb5938cb418224b70fa131bbeefb55bb31a9bddc4e871598a5180ebb034018a,2024-08-19T12:59:59.177000 +CVE-2024-43351,0,1,4f1a44dd0b092b1cbc40294ea3c1e20ba66e414acc7c7ec139aec5d1c68e6c14,2024-08-19T12:59:59.177000 +CVE-2024-43352,0,1,07311db07e42253e292f873208eb8f7da45aad78c36050ff71f1c14b42155a03,2024-08-19T12:59:59.177000 +CVE-2024-43353,0,1,63ba11fd8c07de3459ae027affa4265b156cbb90703f59d7d8cf9f7e3e549de4,2024-08-19T12:59:59.177000 +CVE-2024-43357,0,1,843c188c76220c12bbff3ab3d1983437698ada4d60a6933ff05615bf550f6a01,2024-08-19T13:00:23.117000 CVE-2024-43358,0,0,fbf8fe905c3ca9abb9115b42cc5614eccd0cebf28f3e14adb9347834e27ffc3a,2024-08-13T12:58:25.437000 CVE-2024-43359,0,0,65d4fabedd6480e45a35d791ca8acdefa39599f7f2c5dac0d8096fc11d685101,2024-08-13T12:58:25.437000 CVE-2024-4336,0,0,c134d6edc5435f42ac06617edd246079dd96557f1185ced7c01e0aea0bd59b88,2024-04-30T13:11:16.690000 CVE-2024-43360,0,0,5e83697ea820bba28f28ac74c16eaa49368718cf4d29d0f4eeaac44e95899ac3,2024-08-13T12:58:25.437000 -CVE-2024-43366,0,0,29cca8ed4bdc3738d0d064c0921ebf43750ba54e835910fcc4f27b3d39e5ed3e,2024-08-15T21:15:17.520000 -CVE-2024-43367,0,0,caf34c737569c0251c5d54070b44aa70e0ddda47b2aa433dbb39c5b5ffe953a0,2024-08-15T21:15:17.777000 +CVE-2024-43366,0,1,de6db1b3bc9ce504b8d633688260dcdea4ccbb17239ccaa495574500a051bc60,2024-08-19T13:00:23.117000 +CVE-2024-43367,0,1,0f8409cf79e678cffdb4974928d567f1e40ad1650bdffb611ca3860d13e991c5,2024-08-19T13:00:23.117000 CVE-2024-43368,0,0,1d00a2d97832bca557e0027710c3b9dd305a4196742f053b6b5599e12fe83219,2024-08-15T13:01:10.150000 -CVE-2024-43369,0,0,87bb44d805f6a6686d77e704fac08c18dbdc8041f03c048bc6a0eb38fabb1df6,2024-08-16T02:15:16.600000 +CVE-2024-43369,0,1,3f715b9274c2b9674573124fd01c9f3a8a848640345dd0ef56c5a08f4595beba,2024-08-19T13:00:23.117000 CVE-2024-4337,0,0,87f9a4f489ef032776e3da435c02385147be0cf8fdf2fdcc393190f8f887eca5,2024-04-30T13:11:16.690000 -CVE-2024-43370,0,0,3c2956f1b4347b03f712f9c040435258a425976c0ef326c4ad6b1d476277746e,2024-08-16T02:15:17.487000 +CVE-2024-43370,0,1,63a4b6e00d1567d9d6f653490e2b73cb49023bb731b98d8f0b3fa5d3f581b5b7,2024-08-19T13:00:23.117000 CVE-2024-43373,0,0,db91654b81ea063be92db1e222d81162a2c449df0cbfa02fb41874b948a4c8f0,2024-08-16T21:46:08.440000 -CVE-2024-43374,0,0,1aafe5041d26909c022024c9f81e3fc5a6a44ec192f105a617baa93cb911fd41,2024-08-16T02:15:17.687000 -CVE-2024-43378,0,0,04a6e47d02e9f004b537c4b04a7acc1651b521c9ea9debdd80fd269eb8bdf684,2024-08-16T02:15:17.877000 -CVE-2024-43381,0,0,8ad255b17aef678316f5fdfb44e36b31d5b5d1db82172614569592481d1fec5a,2024-08-16T15:15:29 +CVE-2024-43374,0,1,985df10ab42e21b923c86b553c9d031d32672b2cc13ac7d069fd0fa1d25bd2e8,2024-08-19T13:00:23.117000 +CVE-2024-43378,0,1,b201eb55fcf5e1b333e5fc1b76defa675188abfea665e05ed68f738cfa202d67,2024-08-19T13:00:23.117000 +CVE-2024-43381,0,1,a01674578db7c1648bbba4f532305ea57cf2109d65478c5f7b839cc278dc42fc,2024-08-19T13:00:23.117000 CVE-2024-4339,0,0,240ed7230e0a6e458ae0cd6534f1dc024d6c16f3537e0357643e823e6aa09596,2024-05-14T16:11:39.510000 -CVE-2024-43395,0,0,6a3eb224e5992beb60ef88ee08020478595d552091b486acff326a08aad4c394,2024-08-16T21:15:06.530000 +CVE-2024-43395,0,1,e2392bf6475b12db51f31adf2ecd9f40f62cf7ccf326ac732a93b8b209786a49,2024-08-19T13:00:23.117000 CVE-2024-4340,0,0,47279ef0860b5c8c8bd0a3697c64eecb43c1be11e1b93224b8fe23143c960d81,2024-04-30T17:52:35.057000 CVE-2024-4341,0,0,60a5b39ccdef4d059dc8073670ab0aea750a7880bf4e71543025f3d18b32ff1e,2024-07-08T15:49:22.437000 CVE-2024-4342,0,0,2403af0b003f5953a3d2a1b74bf46d64f4a354bc628b01d2ea5f60de4a4002c6,2024-06-03T14:46:24.250000 @@ -257839,7 +257839,7 @@ CVE-2024-4344,0,0,0e21345ffbddb43f0000901c1c1f7a4c33b525c68a381cd32a35ab8e755aa5 CVE-2024-4345,0,0,991a52fb88968c952c460a76f59f283c0ad80fedc25d9533338fbc3b0d515f60,2024-05-07T13:39:32.710000 CVE-2024-4346,0,0,9d7617b39f85e35f3b425bc36c01c8cc51c24d84e65ff0d34bf4ea7488f000ec,2024-05-07T13:39:32.710000 CVE-2024-4347,0,0,f9a9185c34e13435315e8c5679dcdbef88eacdd68a031d012b94daf573ce3f3f,2024-05-24T01:15:30.977000 -CVE-2024-43472,0,0,b147603bd6c6be3ab688458345b331d2dcd99e7e67c70e39b9c2df0934f37e63,2024-08-16T20:15:13.673000 +CVE-2024-43472,0,1,5e8b1f10b1ac66b87fc99a4bc40fd92adf2d19366f98cc60bf0ef2a8a8249713,2024-08-19T13:00:23.117000 CVE-2024-4348,0,0,6e86bc5560fea8dde0d2ebca4133582cb5d1167a5aec18ad6c6b9b23741c69df,2024-06-04T19:20:36.223000 CVE-2024-4349,0,0,a8b03025f36b8713c52951e7ebcf312d165d904bb8cd188665520ff04ec5e58b,2024-06-04T19:20:36.340000 CVE-2024-4350,0,0,d55d15841827a93d7de9d28a2b139074634bf4da74d239b69f87daf5bdc1c2f7,2024-08-12T13:41:36.517000 @@ -257872,62 +257872,62 @@ CVE-2024-4376,0,0,7b257e3003fee7879c886112d028b58d973966a06334b732b2628be71d9e1e CVE-2024-4377,0,0,1f0bc109d8a6e47162fe7e13cb7db22957e997f770c56ad1361c99539d4a2fb0,2024-07-17T02:53:06.217000 CVE-2024-4378,0,0,09f9e04bae659373b82712486e7efa4baa3211e21ee904b68f572ef978953753,2024-05-24T01:15:30.977000 CVE-2024-4379,0,0,21c1593ccdc9c542b9ca9b0ba403ad32afbc0c98a6b0c8f514039e188e2373a7,2024-05-31T13:01:46.727000 -CVE-2024-43807,0,0,611e8f9d418d5e15c9aad30fc27b0390a7fb66137bd3721a251de12fedfbc97f,2024-08-16T15:15:29.197000 -CVE-2024-43808,0,0,912c71bb8d20eed572e047dbdccd61a20f88b88c5959aeeb01551f889a13eba5,2024-08-16T15:15:29.417000 -CVE-2024-43809,0,0,9a8fcf3055cb9d3106aa11467282a4b8b63ce20177d8ae1a833fcaed5c48e04e,2024-08-16T15:15:29.597000 +CVE-2024-43807,0,1,6e6fa4dfa6862a115bd3cd96a871e98e950bfd1543152be878dc67af9063275f,2024-08-19T13:00:23.117000 +CVE-2024-43808,0,1,e9d191c3599f81399f15ebc7d9e2685d9965db3ad8147f19c205fdd0569f4700,2024-08-19T13:00:23.117000 +CVE-2024-43809,0,1,24e24292b82566d970dc3a2c519e7b57fbe1e7cb5c9f76616b12d0810db14c6e,2024-08-19T13:00:23.117000 CVE-2024-4381,0,0,acf3a4021017fa63457aceda91db3b255168337a90160e11d4caaf0dc88c06d3,2024-07-17T02:54:24.913000 -CVE-2024-43810,0,0,941aa7336cebfaaf308b83fc9f3bc3224ab24e66cccdb855bf3e66ffde8aa6bc,2024-08-16T15:15:29.790000 -CVE-2024-43815,0,0,5958e611758ec405d6a7d92ed6f6567564a20fe85fea62419dcb3df4272beca7,2024-08-17T10:15:07.870000 -CVE-2024-43816,0,0,3e0adcf5dc7087bfdd5bac4ce8c268b2e308a1f74ecd22e1efe6dacf09cb795b,2024-08-17T10:15:07.950000 -CVE-2024-43817,0,0,ccaf9a59cecfca6b0798f37dcb6219a28becaeaf0bf85235a3fc920e7dc898d5,2024-08-19T05:15:09.660000 -CVE-2024-43818,0,0,31dea6e0403c1cde69477abea4de848c87c459c99a62de9b3e48224730c923c2,2024-08-17T10:15:08.080000 -CVE-2024-43819,0,0,40d627814ed160551993bed82f5e84130d38a8141b1ea14e04f82d0a7ace1668,2024-08-17T10:15:08.147000 +CVE-2024-43810,0,1,3720192ade5f2e892f662f63e93f6e776a25b414c6c29d36759006f54ff8a7bd,2024-08-19T13:00:23.117000 +CVE-2024-43815,0,1,982a00e3a03355b9c82b813d4044e6da96d5259d4a40715b1b2b57e8056ddfef,2024-08-19T12:59:59.177000 +CVE-2024-43816,0,1,44d0571961b52b51ae89fc464c69e8f5e9bafc93420d249ab2ac48cf3e8eb3af,2024-08-19T12:59:59.177000 +CVE-2024-43817,0,1,7d65ded527da72f977763f6595da9be484a0a5a4216969a1232f7957de06d139,2024-08-19T12:59:59.177000 +CVE-2024-43818,0,1,83cac0799a026d8544557e9b23cf554d5a66711aca7ae8ae8b300ef10837e3a0,2024-08-19T12:59:59.177000 +CVE-2024-43819,0,1,d15033913c5bb4ebe99c395c97c6703f437ff76e1605e677f5d08919026013d2,2024-08-19T12:59:59.177000 CVE-2024-4382,0,0,f0af8887b52c70037c2b23db1dd5fba9df47b870975ecf7200df960162cfbaf4,2024-07-17T02:56:01.750000 -CVE-2024-43820,0,0,8fdc28f421c8cbb54fa92866ac213af7ef0be38cc9d80d3cb1b5e0eaa0365a60,2024-08-17T10:15:08.207000 -CVE-2024-43821,0,0,0d6c4b7da0a5aaf1c16e93b0ac761c15279ac7f9f2c50789cc5aed0cb9a6f086,2024-08-17T10:15:08.277000 -CVE-2024-43822,0,0,d215543ace06d98a50c34bef1221089fbaa58881871aa08fd38112316b9832d2,2024-08-17T10:15:08.340000 -CVE-2024-43823,0,0,ba48baa3d8332db5d9e0ea3b7e20709e7b28e647b084435ede163d5c026a37fb,2024-08-17T10:15:08.400000 -CVE-2024-43824,0,0,d2fd4d0dcd31e120fec951bc7b422c9ab2b83a92f06d8f37020cf2fc551ea207,2024-08-17T10:15:08.477000 -CVE-2024-43825,0,0,45be5249eb053271f384acb23e0a820e4bd499120090bb0674651c6c2a464fcd,2024-08-17T10:15:08.533000 -CVE-2024-43826,0,0,b7dc63f6a60f3b29f8a86b4069ca26fc269023545dd065822af150a6d938ef81,2024-08-17T10:15:08.593000 -CVE-2024-43827,0,0,5bba8cb844beec3855d91be66e351c977bb5dd6ea09e17df303914501d7c10cf,2024-08-17T10:15:08.653000 -CVE-2024-43828,0,0,94fcbe9c4f03a7a0c45106cc0ad674f528ff9d2513bebb99404f26087ec97d82,2024-08-19T05:15:09.720000 -CVE-2024-43829,0,0,f9564e3348cbafc5d00fcc040edc043f3ff4b3765841d4f73b06f1c42cae38d9,2024-08-19T05:15:09.787000 +CVE-2024-43820,0,1,e42a9e25f8870accab8ab9292be15932a2243b27a055b186da94f91a1ed606d5,2024-08-19T12:59:59.177000 +CVE-2024-43821,0,1,8328e7a1502ff050602473c4d8460432e32f9467a9c0cfbe24447cc6b1e6e934,2024-08-19T12:59:59.177000 +CVE-2024-43822,0,1,c628f9870aefcd36e1ba9555967bd6eb65fed17a0653518da8d078b1ff121659,2024-08-19T12:59:59.177000 +CVE-2024-43823,0,1,837a6fcb2f5cc1abe93e21a7395cdba7996a394841dba5c6d7a4bcb70a67301e,2024-08-19T12:59:59.177000 +CVE-2024-43824,0,1,3e6d9611c9c00713f2825d42dd41c9169c00e57ef1735c1ac7eade065567c6d8,2024-08-19T12:59:59.177000 +CVE-2024-43825,0,1,130af7d96288110e02aee1e7600bdbf8c5cd66dfe2f98ab074c672e68f4722cd,2024-08-19T12:59:59.177000 +CVE-2024-43826,0,1,a71e01ef1f7bf0e81ff2e96aa2e3536879a0a625a8e0f17873ad3f06283b51ad,2024-08-19T12:59:59.177000 +CVE-2024-43827,0,1,cf65368434e7a2b682a9d717038e50932b650d5aee79f4ae380ff9863f20dec9,2024-08-19T12:59:59.177000 +CVE-2024-43828,0,1,7969df769811aea8d83499a81c83fb6921e17e2bc505af8cdf542c1791f85ec1,2024-08-19T12:59:59.177000 +CVE-2024-43829,0,1,cb6e8b0f01b87b3f7e043e1ec20f970771e88fee11f056198306c40048ba4acc,2024-08-19T12:59:59.177000 CVE-2024-4383,0,0,79a386b1175f996c5232e33e8542f544a0804b6992fb3e16e7f612c169e16a45,2024-05-14T16:11:39.510000 -CVE-2024-43830,0,0,fa435c40b59047664d4ca2aaa01d40bdf21e05a0be15a37f1020796545109269,2024-08-19T05:15:09.850000 -CVE-2024-43831,0,0,a3743c2c205eb8a11aaf0f268517a984f492921d87e9998b3593d3835defc5ae,2024-08-17T10:15:08.917000 -CVE-2024-43832,0,0,c1d6d2ca6da5878045c7ca147cdde6da7670b690e97e735cddac302e174627cb,2024-08-17T10:15:08.980000 -CVE-2024-43833,0,0,5877ba9a91d7fb740663a4f997d23eba7a9fb89ad069fd5537422e749e834a99,2024-08-17T10:15:09.040000 -CVE-2024-43834,0,0,0da987762a18a29a2e226cba6319df3e3b47d02f8f9a6cb2c2ae5c1b8dcf6efc,2024-08-19T05:15:09.910000 -CVE-2024-43835,0,0,fb59125e4183c198af97c7f9b3ca9dee26d8ca6bc869971810652bba668380c0,2024-08-17T10:15:09.183000 -CVE-2024-43836,0,0,d14a67068e9e2e2e7a1794762ff0c1262574ab2d4aa8fa2d8c242ff06c33f64d,2024-08-17T10:15:09.250000 -CVE-2024-43837,0,0,86c4079e911a1b54d98552a37d0c033ee50a7eb97398191b562c8792915f2336,2024-08-17T10:15:09.320000 -CVE-2024-43838,0,0,939b82e1e9859006575b6d49abeefa47e2c09f3e6cb3085a86020f3183912a86,2024-08-17T10:15:09.390000 -CVE-2024-43839,0,0,528e1fdf1ab4595f02d8f81fbd29571ee71b66fc07c61979ba5bfe8686fb2142,2024-08-19T05:15:09.980000 +CVE-2024-43830,0,1,0c202a646bcfaaaa39d2cb27400c7552b5186a7ed520c033e84fbd5365796f5a,2024-08-19T12:59:59.177000 +CVE-2024-43831,0,1,d2d2b5793f8c890b4b992408f65959bbc46269161bd855b4336fdc8262090039,2024-08-19T12:59:59.177000 +CVE-2024-43832,0,1,15442ca051ab0155fadf84dac6604a0024bcf8cf7f43b8779d15dbd2c77cba17,2024-08-19T12:59:59.177000 +CVE-2024-43833,0,1,3623983768678ca1b7e3f00acbdb47e103a563cf9e4c20db4939639c491abcae,2024-08-19T12:59:59.177000 +CVE-2024-43834,0,1,76e2d6369e7d6ad23c4c79e5f16adb028cca8d18769694b501fae11b3f998575,2024-08-19T12:59:59.177000 +CVE-2024-43835,0,1,311ffd76c4938846026877fe43e10ffa3dcd91fe42160a62635c5b77934d0f9c,2024-08-19T12:59:59.177000 +CVE-2024-43836,0,1,e40f27d7c22c42b777214dacc18f4f4a4afb5940ec1e235e66db76610b2d41d9,2024-08-19T12:59:59.177000 +CVE-2024-43837,0,1,c031af4d870b7a85a7d24b59c46c59d5e784335aad5a9d79633dbb431212f88e,2024-08-19T12:59:59.177000 +CVE-2024-43838,0,1,aea18ddc95b4597b8fcc9d42c5f12cf2294cab2381941209a829361028b9d783,2024-08-19T12:59:59.177000 +CVE-2024-43839,0,1,8837353b52a881be05b25b7fd8ffdec6b5f99540c518bf74d996a0bee6721fa2,2024-08-19T12:59:59.177000 CVE-2024-4384,0,0,9e6f6b1cee0183a069a2a4eaff8415209b35f5a05fd8cbbb389885858a6f3133,2024-07-17T03:01:34.710000 -CVE-2024-43840,0,0,03fd9b8dfbac09a14143993860859fc6545bdd64240be2f208556889fbb1cbae,2024-08-17T10:15:09.517000 -CVE-2024-43841,0,0,011261b18e5b958b132f3bbe9887aa9307647312a422b86f293311035a9e1cf1,2024-08-19T05:15:10.050000 -CVE-2024-43842,0,0,007b9bcaf653ce329918730fd89468a2b2c59a2d7815db62c10aab61559a1d29,2024-08-17T10:15:09.647000 -CVE-2024-43843,0,0,47523823371a4d78c13100329a6afb408e131c45ff0fca8712331af66bb8c689,2024-08-17T10:15:09.707000 -CVE-2024-43844,0,0,1d3d5113926c9ef2ddd54ab8a8d8a055d5fb3270ca5027901dfc7ab6abe3a186,2024-08-17T10:15:09.763000 -CVE-2024-43845,0,0,acb52478527e75cbf18f204697d48e2be9bc575a93923db51517782d1012305f,2024-08-17T10:15:09.837000 -CVE-2024-43846,0,0,f6c18a47bf06afbddfad4ab0121f123ad3d8f1ba8cbba5265c5dd3b342763982,2024-08-19T05:15:10.110000 -CVE-2024-43847,0,0,aac0dfd1c3413ef5d79f159437e3cca3508de9988a5f5d42df472265c39a5aed,2024-08-17T10:15:09.963000 -CVE-2024-43848,0,0,212116d47b7220aeb2e4a642c8b55b4ca0e6100750b1a68da5db676665550522,2024-08-17T10:15:10.023000 -CVE-2024-43849,0,0,e7d2719f00eaf4882d3079c1602df62e1bc6f1063c79747a4d07094727173e71,2024-08-19T05:15:10.170000 +CVE-2024-43840,0,1,23c960f08c72e92672042c1b393c21288af5920aee8a16c3fbfc5fa814adb315,2024-08-19T12:59:59.177000 +CVE-2024-43841,0,1,e1a2c38a635a3f723bb13f01d4b145d0059affd305089e3a07adc4eba6ffd3eb,2024-08-19T12:59:59.177000 +CVE-2024-43842,0,1,a9e92e9fe7d83f2bbbf14ffa788f7191f8705535edb6aa37b190042b46301c8a,2024-08-19T12:59:59.177000 +CVE-2024-43843,0,1,a0131aafc1fe810a712c7a36d5efccca41cdcb3c562b11e8dec7755521d56b27,2024-08-19T12:59:59.177000 +CVE-2024-43844,0,1,a0d50b71edd9141ff92598003e1617be5ffa1f51ed6945e4adfc2aef19f1831c,2024-08-19T12:59:59.177000 +CVE-2024-43845,0,1,b81153317e67ba7655f1e8ab3354e74cc099ea35dc466dacb5e6813a988621de,2024-08-19T12:59:59.177000 +CVE-2024-43846,0,1,336ca6ce5d381bc8197cb8ae52aec5d82cb25fe9302c78389787b6ba92216525,2024-08-19T12:59:59.177000 +CVE-2024-43847,0,1,835246f4f393ea975e0a8495b92ecf4d0f17d69854486c3d470ee96289075a6e,2024-08-19T12:59:59.177000 +CVE-2024-43848,0,1,f1a2b4dd4e81d797bfb09af1eb3c38201e05560605d293e2d1b82a973cb40d73,2024-08-19T12:59:59.177000 +CVE-2024-43849,0,1,4e7441e23902fce37752729b14d7b654ff080b4dff9f1f8570b222a7a4400bc3,2024-08-19T12:59:59.177000 CVE-2024-4385,0,0,77dea89143b3a0633a6b8d90c0521dc82338402099ab7a378f8d43e8fe04ecd2,2024-05-16T13:03:05.353000 -CVE-2024-43850,0,0,7a2f9699d5445927391bec0628c955389dcfc09fca785f3b70a9f5c416b2b251,2024-08-17T10:15:10.157000 -CVE-2024-43851,0,0,fcba62b3d70bebd0a060f24f77b51cdefd254c1420b50bb9ba3e8fbeeb2b07f4,2024-08-17T10:15:10.230000 -CVE-2024-43852,0,0,7042edc62b21263c2c3df8d3649a0cb5260d317e2661baa642df623c19c1ba83,2024-08-17T10:15:10.310000 -CVE-2024-43853,0,0,01e23a3cef051e9294f0d3be787cd5c13027b1d953b37d0a24b8797d0b3e1746,2024-08-17T10:15:10.383000 -CVE-2024-43854,0,0,0dd9ebc2522d0798da42e1e125070833eb44a4654693ce69e1fca671c69978ac,2024-08-19T05:15:10.217000 -CVE-2024-43855,0,0,af3d5a954c3988b4b8ee6878f8507f2562c34463641f7634739e642094d2f0de,2024-08-17T10:15:10.527000 -CVE-2024-43856,0,0,acbc266f5c38d64aa89ef5c719e1541b7b0d4a0f25cf8cdf7d18f5ff54939ef6,2024-08-19T05:15:10.280000 -CVE-2024-43857,0,0,ba91fda923ebae8d6423ede0c03ebb4b81c7abd1bffff97d1a141c0ef3d4e0cc,2024-08-17T10:15:10.687000 -CVE-2024-43858,0,0,ed647ca3f6c14d5d4e1203bb6017ce5e484e73841094a1c7541a52d1a43b8d27,2024-08-19T05:15:10.343000 -CVE-2024-43859,0,0,83bfeca2da8fdb47dd46df68ca4383f413227622da7a471e4b8209f5a070f922,2024-08-17T10:15:10.817000 +CVE-2024-43850,0,1,af5a8e5c81d2d7083cc2063dd97b917fab8a477ad546922bdeb0b7cb165eb7d7,2024-08-19T12:59:59.177000 +CVE-2024-43851,0,1,6b377a11182d300738f6cb3fcaa1aa4d6b0f57bbe7852e35522a14ee29006899,2024-08-19T12:59:59.177000 +CVE-2024-43852,0,1,1d9625b3fe6f96a7b296c4d1d18c588e4934690a2f38be7c895536d73d442e76,2024-08-19T12:59:59.177000 +CVE-2024-43853,0,1,a19fb14377c7f24b756633650bd958b6ae843b7b6d8ad25c4d37bcd34b5bda34,2024-08-19T12:59:59.177000 +CVE-2024-43854,0,1,bfd585f1c370eaecf2bb935c34690deac5522a5908f7d4c85b08d25eb0247bd2,2024-08-19T12:59:59.177000 +CVE-2024-43855,0,1,a9b8211410258f4ffe87936e444a57fe6490500086ef370c1971203a7afdbfa5,2024-08-19T12:59:59.177000 +CVE-2024-43856,0,1,fab4f725e5b2de51e970479f70c02584de7e4545aff52946b15484a07327fa35,2024-08-19T12:59:59.177000 +CVE-2024-43857,0,1,3aa0fb2c08cbc6f19d63bea60ecd0d0f6f6d707a2c686c62895296204e029743,2024-08-19T12:59:59.177000 +CVE-2024-43858,0,1,0a0385cf9d0c0fc9eaa0d371a3762bcf312c0ca0ce4acfe991bb8d771b07e26f,2024-08-19T12:59:59.177000 +CVE-2024-43859,0,1,9712b932918a4c9b01b9c17486755a7d630a29290c2554f3a970daffc82e20d5,2024-08-19T12:59:59.177000 CVE-2024-4386,0,0,731d04018d6299c9e1d8f7a212148a53db39578a94a703a0b90337f63dd3089f,2024-05-14T16:11:39.510000 -CVE-2024-43860,0,0,21736409e1bf7ee117416129853da30144952b7c986c6ad62fba88109b0ff831,2024-08-19T05:15:10.400000 +CVE-2024-43860,0,1,491920f1c1ab45942801557921424048533e33d83993551563440b271ac0e9b2,2024-08-19T12:59:59.177000 CVE-2024-4387,0,0,e174205a853415a731f22788a3c678b3fe9a7067078ee3c331ab7c9e4e787abd,2024-06-11T10:15:13.637000 CVE-2024-4388,0,0,4ca48ea0d089cba19e1c949c534ac5647f38f1d5d242799ab5ca49dfb89ed80c,2024-07-03T02:07:30.200000 CVE-2024-4389,0,0,ea54671e2f1f297a2bfa11e14d812b86fa7a7f36f3487a0625bc52be81ee66b3,2024-08-14T13:00:37.107000 @@ -257944,12 +257944,12 @@ CVE-2024-4403,0,0,07b387e13ed3d47c920433d5f499100d4d5e53ffefe1712d98753a4da5408f CVE-2024-4404,0,0,3ae3ea086edb9bd484931090d5df4b9ee138a4bfd155faf3c535f115da6a15de,2024-06-17T12:42:04.623000 CVE-2024-4405,0,0,45cc63f187ac8ca241b3f6f4ea8115546cfb9789c95e5b84e970d2850f40bb92,2024-05-02T18:00:37.360000 CVE-2024-4406,0,0,4d2edf89174eefb11c1e35948c69459d7b4d6dd1a09c10eb7a0704c1561ef984,2024-05-02T18:00:37.360000 -CVE-2024-44067,0,0,cbf338879c41aaaddf30e8703c4159557720ab48233af527412dd8b5a890c066,2024-08-19T01:15:13.410000 -CVE-2024-44069,0,0,6d676e6026c852947723ec0df8523c17909d90c628a1a9b7f3f31c09f151a3ad,2024-08-19T02:15:04.437000 -CVE-2024-44070,0,0,fec241a8bc709af31200474ac21f878657df675c0496926cf8a1ca03e173cb2b,2024-08-19T02:15:04.643000 -CVE-2024-44073,0,0,024052ef35dbab410ad6dcc2e1419830acd90075934fe01015ce91485393c9cc,2024-08-19T03:15:03.790000 -CVE-2024-44076,0,0,a6ccd467ba648dc89322002b80e30df66f9d5df0c456bf69adbcebb9cb869aaf,2024-08-19T03:15:03.883000 -CVE-2024-44083,0,0,40d9068e6467d38481e106eb4d10ae0b7b4ff56b1560d344fca50dc1ca7a24df,2024-08-19T04:15:04.760000 +CVE-2024-44067,0,1,678a49e827d8c81068d540949e6cf271b2d80721514584afb1689799a89b6393,2024-08-19T12:59:59.177000 +CVE-2024-44069,0,1,2eb956dd06d71bb925b0fe816cbe078cd7c5c9a8647e07e8d081256cc543fa9f,2024-08-19T12:59:59.177000 +CVE-2024-44070,0,1,2bc8de687612ae3b9a8e8ae6b5aa923874665cdf749880ee2ac700153b29547c,2024-08-19T12:59:59.177000 +CVE-2024-44073,0,1,a0168bab6b2fc8cdc2cdbd9e0c651e338c773869c4d49563b614716d8087553b,2024-08-19T12:59:59.177000 +CVE-2024-44076,0,1,fa29e44a0ea0cccaa0512534ba9b3bf0089670a60346d1f55e9c1390e9d3ff73,2024-08-19T12:59:59.177000 +CVE-2024-44083,0,1,5127d6d46a2ff2816af1c5630433b3f673be83fb70283fe5f47f58527911ab99,2024-08-19T12:59:59.177000 CVE-2024-4409,0,0,ef601ae22761768812ec6eb133885b7a6b08c5417903a944100f49b603e1172f,2024-05-24T13:03:11.993000 CVE-2024-4410,0,0,ca43b98286a78ab63b5139b50b93fc074ee9aec4c16e78097aa3514c43622322,2024-07-29T14:12:08.783000 CVE-2024-4411,0,0,9d1b27ccac7555d95c6be5f4488ca4d9772a0570efc26fe6a3f3d131fd0aea06,2024-05-14T16:11:39.510000 @@ -258268,7 +258268,7 @@ CVE-2024-4758,0,0,725af37997323245576176c0490558b45926193602683436c3054da7348723 CVE-2024-4759,0,0,88e594c7c898a4e82a1a8532a1f049d1a9fe25baf60278988c21dabe64f2896b,2024-07-03T02:08:02.923000 CVE-2024-4760,0,0,68ac2eabdd1ace978fad05fc48c22bb964a87e93631e50aa97e53cb7b4952d59,2024-05-16T15:44:44.683000 CVE-2024-4761,0,0,490aec64931f999440aa7ba804cefb45baa762d4b1b18a12f1a0ce61a5d54b49,2024-08-14T17:06:52.260000 -CVE-2024-4763,0,0,6636f17cd3a0c4133c37d5ed7e2fab0443c459d266364d8c96c024b20b18973f,2024-08-16T15:15:30.563000 +CVE-2024-4763,0,1,674813a6ab24bd703f885b42dfe132f3057b83ab6d40519e0af01ad0b69a7ece,2024-08-19T13:00:23.117000 CVE-2024-4764,0,0,d4513c07467374a5b389bb93120fcb2ac353ef34ecf409f85646dd7a83574a17,2024-07-03T02:08:04.193000 CVE-2024-4765,0,0,8a392c26e3db622097fdbc028abf6a874c53118cfa805a98650695a7c92a19e0,2024-05-14T19:17:55.627000 CVE-2024-4766,0,0,2055f7e2ec48f00fc79991c0efa64507537f075393b9abe23a04ed1e0c30396e,2024-05-14T19:17:55.627000 @@ -258286,8 +258286,8 @@ CVE-2024-4777,0,0,96d0d896ebb105a32ed437e794c8fc4ba926ad921436ba17bdb49a1a49737b CVE-2024-4778,0,0,e3020a287fa6ceae8ff9c78434f10af4d17cf4058dd5bf80208c921b6bc68bef,2024-07-03T02:08:09.053000 CVE-2024-4779,0,0,7a9d6158e8d260b03b3581dd37b23bd10d59ba6243714ad236ba79968e8d9b16,2024-05-24T01:15:30.977000 CVE-2024-4780,0,0,4aec24b958d50bff73d14c7bd2f67b2a9793d4893d5ddbdba18f0fb02ea18cc9,2024-07-16T13:43:58.773000 -CVE-2024-4781,0,0,b694f46118d4cccc5c5bcdb3d30f110d4d06f54bef2c3bd5967fb05b14fef8a8,2024-08-16T15:15:30.783000 -CVE-2024-4782,0,0,18e9f0fb9ad043cb162fddc8d4b5d979fca1582ad25f7d3183bf4fb975a4dc81,2024-08-16T15:15:30.967000 +CVE-2024-4781,0,1,75b4bbbeaedf32c6df964ae89a5896455d04ecbdf24f849877528cd42d17cfaf,2024-08-19T13:00:23.117000 +CVE-2024-4782,0,1,37dcdb14f7d23ae467b62646ac8eb504448e2a7781e3c175892c72dc54d3aebf,2024-08-19T13:00:23.117000 CVE-2024-4783,0,0,413c0436e6758a988a0c847533b21e34b17a9d936626eba8cda1a5d1f87e0181,2024-05-24T01:15:30.977000 CVE-2024-4784,0,0,9aaebc683fa580787b3fd96a509a375fe0be341d6b1720ff572edca3637a16b2,2024-08-08T13:04:18.753000 CVE-2024-4786,0,0,bbc8c5b9b549878acd4ee1e5896d7add0ba995b55e84e619083dd37cca26f8f1,2024-07-29T14:12:08.783000 @@ -258648,8 +258648,8 @@ CVE-2024-5205,0,0,4921ed356d4f56252ffbf3c608cb3301846a77ee8cc9c08ec7f0a543467e38 CVE-2024-5206,0,0,1edbf7ffa84186215d61e0a6ea0414ae2bae29f22b2d9bacc791d12b11ca4436,2024-06-17T19:15:59.190000 CVE-2024-5207,0,0,181dd5a561a1ca6cee33a4a5369908472f122edb94b0d0fa7d6cd5b5e2958e5a,2024-05-30T13:15:41.297000 CVE-2024-5208,0,0,1cccb0861be6781d1738a6540c67013b2ca290af7bc911f2a2acee7d44fa67ac,2024-06-20T12:44:01.637000 -CVE-2024-5209,0,0,a68bca98dfe872b23aaa0a9014ede2a53549ec319bf752a6f798da9369698c69,2024-08-16T15:15:31.150000 -CVE-2024-5210,0,0,0c9453286818a64466348ad4ea2fe1c9bda56f0c4d89e3d6bd52256cf7397211,2024-08-16T15:15:31.337000 +CVE-2024-5209,0,1,7531866dc2069833de5cded2977d100fe13c1eac0700fc84557e1bd601c0dcd0,2024-08-19T13:00:23.117000 +CVE-2024-5210,0,1,573e35f227eabc9e8da1d5a4ec5c123d22f983494acc77bb8e423c30a6d4c28b,2024-08-19T13:00:23.117000 CVE-2024-5211,0,0,98a88a37609463fc748729234fb7fa88ed6b19a9a862440dab2a89ae616c7fd0,2024-06-13T18:36:09.010000 CVE-2024-5213,0,0,d0914ed8289e640566cb58700956c5d2665253a06d0896526d4a9160af504e00,2024-07-17T14:36:39.397000 CVE-2024-5214,0,0,63d7572dfe3fc62d2b94f5bd6d323fcf441de42b521ffae91ecf8348de5e238f,2024-06-03T19:15:09.360000 @@ -259284,7 +259284,7 @@ CVE-2024-5996,0,0,ab938dbc15262bb65cf82c58e85d96d3d9a41bba3218e574f8e961fd3a4906 CVE-2024-5997,0,0,f617c2b08e97b588522e326e884bd8b2d7e5f36631694be3e5e4c23ccbcfc0bd,2024-07-19T13:01:44.567000 CVE-2024-6000,0,0,4ab86aa4bce235d1120437fd5cb3b34fb6bdae181005ebaa070e8c0afe83cf87,2024-06-17T12:42:04.623000 CVE-2024-6003,0,0,14279c0384813c4cf50ab75a79953f2b0469d9bedd7f76c2b6cebfd90962fd14,2024-06-17T16:15:16.027000 -CVE-2024-6004,0,0,7ebd9046422c77bdfb40b7ec5eac36784e20ab47d0f1e37aeb7d86e4bdd1a2a4,2024-08-16T15:15:31.527000 +CVE-2024-6004,0,1,4b0764617f658896fbb875974633cf86b65018a4f2f72789370b5c7f05c7592f,2024-08-19T13:00:23.117000 CVE-2024-6005,0,0,4d74c6c4a521a164f63a9fe529c141dc8da0592a0575e27e0e62d822beb9b877,2024-06-17T12:42:04.623000 CVE-2024-6006,0,0,da8e313e14db96255e115f081c2f199aa734bf4f3a245ddcbe0fc940a6272d5f,2024-06-17T15:15:52.693000 CVE-2024-6007,0,0,168f29713bfc3d324900731ff252d7ac39dc3f3059397dc39713b17d5dee00d3,2024-06-17T12:42:04.623000 @@ -259357,7 +259357,7 @@ CVE-2024-6090,0,0,97ec0efad50117bd537daa7e8cf0d79ae16e3a9835d40dc90b67ac25a55b7e CVE-2024-6094,0,0,c88417a3a0b84de6c71136c141990a312384401ffa03a26b016fd58bc4fbac2f,2024-08-01T14:00:11.220000 CVE-2024-6095,0,0,1bbfd7c9b87c44d08a43ff0a5e8179e2c5df6e66e4cde292cf2d451628bbb0a8,2024-07-09T17:41:10.523000 CVE-2024-6096,0,0,6b5f1375532be5fbd8f0909be12e0ecac09c21eb2b2624e229274d814c555540,2024-07-26T12:57:36.633000 -CVE-2024-6098,0,0,932d25e2016531c902cfc4db6b2a32ff7be61dd1665ae909731e83ee7ccd342c,2024-08-16T15:15:31.737000 +CVE-2024-6098,0,1,1e4b831acb54559fe2b2c3035d21285846ee1f7c1168caf02f0b4b909cceaf4f,2024-08-19T13:00:23.117000 CVE-2024-6099,0,0,122ce35d776bcd880891466a825515ec577be2ec80ec19c4510dcdd6af223974,2024-07-02T18:08:53.233000 CVE-2024-6100,0,0,22a1633b125d31ae1c260507b63f1a44d0021fa11eedbf918d3886af2f39e630,2024-07-03T02:09:40.497000 CVE-2024-6101,0,0,aeaca54f07e7b493faae55d17ed3267b0a1d9b8a80e43a682711cd93d1a2da27,2024-07-03T02:09:41.493000 @@ -259459,7 +259459,7 @@ CVE-2024-6216,0,0,99a638bb9b091862ee1125e5c2af18142e9f2a446dc1f5e54add6d69d774b8 CVE-2024-6217,0,0,caeef107ec037a20535b69bf461e75c9da91ce4fd887edb01336f60c235444b1,2024-06-21T11:22:01.687000 CVE-2024-6218,0,0,3cb8a30d4ddfe61bdea61d401bfb5f7d243e9ab40309c0377a9f4fcd89ff6826,2024-06-21T15:15:16.547000 CVE-2024-6220,0,0,e02b2d21f9831e678f98a588025ea8ceab0b9f96191557805441514ff6bc987f,2024-08-01T22:15:41.733000 -CVE-2024-6221,0,0,8fba60b4802892a345055663e47a1fd23179e2012b478980c78407ae56d15866,2024-08-18T19:15:04.730000 +CVE-2024-6221,0,1,dc65ef041dae60cf7595b1de1cd31ca86c9f7ebaffd41a10bea2c716c8b47d0e,2024-08-19T12:59:59.177000 CVE-2024-6222,0,0,7da69ce6fbc5989cf8dc00c0967cc47c0670f03447330ea36d4de40ed4ce08ae,2024-07-12T17:05:39.070000 CVE-2024-6223,0,0,c2a5a51fdbbd77355d74c750a6e6733ae6781c6b296fb53463ed7d53ba9a3395,2024-08-01T14:00:15.830000 CVE-2024-6224,0,0,254379a5da630d5f422fd8da5211494e4e22117328ba82ab9e812041fec1026b,2024-08-01T14:00:16.047000 @@ -259549,7 +259549,7 @@ CVE-2024-6326,0,0,e689387b2cb49e7365da7fd7c751e52e0ede20a7a6c6966f5f5b92a6b53089 CVE-2024-6327,0,0,2921f8f8780ecccf64e99daaa57d4495895350cac37fbdf3fcfbbaadf3869269,2024-07-26T13:03:00.473000 CVE-2024-6328,0,0,1dc9c3c4a448080717651ebabfb2fc281b4a1c036cabba31a96124b6cb4e8cbc,2024-07-12T12:49:07.030000 CVE-2024-6329,0,0,0297471d5ff859b5002d32cf7c9376114df7d0652dd734345b853093c75ae3a1,2024-08-08T13:04:18.753000 -CVE-2024-6330,0,0,290b4958cab66760f3b7435523e1e4e10307ca3b367ebacb02d7097124c74cae,2024-08-19T06:15:05.690000 +CVE-2024-6330,0,1,4e0233210ceed91695e8175c0428f180ff0965f48095d2fe213a5b80a92a13ab,2024-08-19T12:59:59.177000 CVE-2024-6331,0,0,c6787bd55270acc7343ac6783b2d9d688cd57b7e4b276e49ad54dc36ae42c1b9,2024-08-05T12:41:45.957000 CVE-2024-6334,0,0,3daf0dfe09252e7765ca30c739cfcc033a43a657c17c0275e173ac670504522a,2024-07-09T18:19:14.047000 CVE-2024-6336,0,0,1df5fc72f07b093cfd11ea9b65ef147e8130715026fca7ff47fd924988f45532,2024-07-17T13:34:20.520000 @@ -259628,15 +259628,15 @@ CVE-2024-6439,0,0,17c8c0dedf84f798cc0f5ae1eb12bcfee8d03a9530b75eee07a6ecb983f8a0 CVE-2024-6440,0,0,2c5be04f311531a7679fd469afc24458b735968d4c5b698cdcf03804f39d3eef,2024-07-02T17:58:15.410000 CVE-2024-6441,0,0,15383e1684ea64dc1d374e71fe60467b8bfc18bde94b0e73415ebe68688c2118,2024-07-02T17:44:45.700000 CVE-2024-6447,0,0,45fe1e3b45bb9052a54143ac6931092e1b37ff897cd56aa11e3df59780bc06cb,2024-07-11T13:05:54.930000 -CVE-2024-6451,0,0,b7d5f4eb2dc19b07dbaef069008f6cdeda420fb09cb9f07970603ef466200ad4,2024-08-19T06:15:05.880000 +CVE-2024-6451,0,1,8f438dba21ecd66d0db10ad42ba08c2904504204a3b35d266f19efae5f5cea85,2024-08-19T12:59:59.177000 CVE-2024-6452,0,0,c694c1bdf54902e69172121aae2a54d0747cfc16750499c01d3cf3c9c6ef3263,2024-07-03T12:53:24.977000 CVE-2024-6453,0,0,a31f9b2d11e920ef5820d5943bd943df178bc2e27d100b648bd1b922afad8eca,2024-07-03T12:53:24.977000 CVE-2024-6455,0,0,8630ebc1a98e741e91f009e85126d02bca9a8a2c6f3c48f74f4c74c8c868f369,2024-07-19T13:01:44.567000 -CVE-2024-6456,0,0,3b85f03d8ff729a76ef3f897b1dd367ff7067b2241738c9a2f02c7e40d887954,2024-08-15T21:15:18.047000 +CVE-2024-6456,0,1,985d91070de732475e9817d5c1cb8157cd7895c8a1c97541c28eeac31792dc6e,2024-08-19T13:00:23.117000 CVE-2024-6457,0,0,2021b397e47ab38cda013de2c201fe3ea53b49570246fbb65269f60be90e5ab4,2024-07-16T13:43:58.773000 CVE-2024-6458,0,0,e6f4f9a699790cfa92517dafe90bcdba32232615fceb305817a9ccda94d06fc4,2024-07-29T14:12:08.783000 -CVE-2024-6459,0,0,d2770b33ac5e947624192efaddcbbb8708539429e3c81b79f973eb81a732ce34,2024-08-17T06:15:03.973000 -CVE-2024-6460,0,0,17c62d4c4109835c13fdc73e6f433044bb5701f3cc346fbb621f420f2ffcddf3,2024-08-16T06:15:04.170000 +CVE-2024-6459,0,1,06c32140b382c3e01dc42c2173fd1ab4e0f89b156db0633d82f3173dc4401e40,2024-08-19T13:00:23.117000 +CVE-2024-6460,0,1,aa1365ea3f1b64a07aa53fdb94d7cf210617578210b39b97119cca96a7806adf,2024-08-19T13:00:23.117000 CVE-2024-6461,0,0,86a214d0c7bd3f57cea37cd567b01f1a0e55f8d4342f6c7c46fd15b8942c8d90,2024-07-03T21:15:04.580000 CVE-2024-6463,0,0,f8d7d80ca565804c0caafdbc8214fe1eca7dc83d43861affc813af07365c0cc0,2024-07-03T21:15:04.640000 CVE-2024-6464,0,0,8fab89d1b3aef32a257cf0d7fb909cce6ac18d5ef8dc898bb9f0cc6c52356cbf,2024-07-03T21:15:04.697000 @@ -259662,7 +259662,7 @@ CVE-2024-6495,0,0,b5144ce6ead337054723bddaa938cbde5875226dc2ad6f1282d875ef6548d9 CVE-2024-6496,0,0,4f2145d6969061de095037c65c4c02c00a89d2331ecd0d31a6eacfc030927f42,2024-08-07T14:35:07.403000 CVE-2024-6497,0,0,b980a8afca3367d307f1b8ae084c1de1478e48fcb0a6d42a16be67c3823c34b0,2024-07-22T13:00:31.330000 CVE-2024-6498,0,0,630981d31a800e5a325158bdb522b2e1db688d536ea57caaef1013f6348f0ce8,2024-08-05T12:41:45.957000 -CVE-2024-6500,0,0,87cb7f5d004334b4fb54249da61a85cf463f5033fb2f629afb5c8437ce9fde87,2024-08-17T03:15:10.983000 +CVE-2024-6500,0,1,d6e17cf29259cccc059c07e88e123ff08e9fd8308cfe5e11844bc5a9a1491c18,2024-08-19T13:00:23.117000 CVE-2024-6501,0,0,45d58d6fcd90c3b83531e796541078a549af17f7a81eb1fbfe7d6944aa2bc8ac,2024-07-11T13:06:13.187000 CVE-2024-6504,0,0,8b12236aeea36b8f50ca52878af23b200b8eec2ab40fe418832b1f4c4c6b95f9,2024-07-18T12:28:43.707000 CVE-2024-6505,0,0,b8708084cd092b6ca88acb18ad5e80f748f8e2829ec040b8958bfe3c1fee2cd6,2024-07-08T15:41:17.883000 @@ -259810,8 +259810,8 @@ CVE-2024-6727,0,0,9d08fdd347dc87a0df3a4e157904c3068a4121c1538981e1be169dd75a3fc0 CVE-2024-6728,0,0,9abe0a9570ded71226f4ac9c9c5189516c258bbe0afa1c3fa1605041ef7aae25,2024-07-15T13:00:34.853000 CVE-2024-6729,0,0,bcb767224deb16bf2afeb05fe1225bef68f4362bc8d1b39fa14ddbd884997e94,2024-08-06T12:15:52.700000 CVE-2024-6730,0,0,ef30d2eb7f24b640da190afcbc16e385d73ab8dd33302ee9e560c4fd64a066a0,2024-07-15T13:00:34.853000 -CVE-2024-6731,0,0,f0807e19d19d905b1a46bd4da072cafd05ed34c189c6e89e764381537abb5e7e,2024-08-06T11:16:07.010000 -CVE-2024-6732,0,0,fd8538c706ee9164fb4be7fa07ad3cc51f1358578e8d38fb2e03c51dc9e23b67,2024-08-06T11:16:07.173000 +CVE-2024-6731,0,1,c1f0bd3c11a2c8c6e666a080ff8caef145c9222128333d693bdc36ce4aafa4b2,2024-08-19T13:27:46.773000 +CVE-2024-6732,0,1,4b564e3077773ce9465e3e7f1c3de207d911b9bdb780e0e7ab4cd3d37dda245b,2024-08-19T13:30:45.700000 CVE-2024-6733,0,0,1b04f2a709cdab12e496472fe8c4597be3b3870fbebfd571deb5174547921171,2024-07-15T13:00:34.853000 CVE-2024-6734,0,0,0a4d5157f965a1beb7690dae2ab7ddd7e581de25c672768a22ec0cb6f90751f1,2024-07-15T13:00:34.853000 CVE-2024-6735,0,0,059e185c563aef15f572ef487105ca72ddd015a4f1b263acddae12242bbda14e,2024-07-15T13:00:34.853000 @@ -259873,7 +259873,7 @@ CVE-2024-6830,0,0,66325e33317c6fde8b929b285667c5104c4ae04492532b5067560968ff36e7 CVE-2024-6833,0,0,b0ea48d29166f6347ac218b4f9f93d3f7fc599fd932b64c35cfa55e5a1a94672,2024-07-18T12:28:43.707000 CVE-2024-6834,0,0,23e85f57c9b7230818a4425261a24fd150d79ea72676d6bce04d47efdd69630e,2024-08-01T14:00:44.750000 CVE-2024-6836,0,0,94c1bcaa18f7036265464de8eba36ccdaae9b63d5d20f60a8cc42904bb485160,2024-07-29T20:20:30.867000 -CVE-2024-6843,0,0,7fdaa7b5fd7f406afba0e333f68a3e69a8460333a1c67b4bfb7716f57cfb7879,2024-08-19T06:15:06.043000 +CVE-2024-6843,0,1,8fef894e2384f8645515841961e4072de1d777c867ccea5d4b735ba4242f90ae,2024-08-19T12:59:59.177000 CVE-2024-6848,0,0,e171c12c58967922126feefb09977b436bb9e206684562a37899ca6ed3e35d20,2024-07-22T13:00:31.330000 CVE-2024-6865,0,0,cb8e3c3258edaecfb2408f04adfa69a3419179f287cf4fd0248689bfb8e952c7,2024-08-05T14:15:34.847000 CVE-2024-6869,0,0,cc765e0741eb808a23e90ee3171ba570febcbdba6db7038c79938ac8aebc9baa,2024-08-08T13:04:18.753000 @@ -260021,12 +260021,12 @@ CVE-2024-7123,0,0,9cd56c5d21be01850838f11a2df252558cd6c9b176bc2485ad2b1b549f072a CVE-2024-7127,0,0,6b292748e8421eae2ee17ad044bc14a6084b68762b6284b02f94a1dd672b3c81,2024-07-30T13:32:45.943000 CVE-2024-7128,0,0,22b40e3236f05da8de2b73f629340b5796a3b45429dedc50864bf862ccb583f9,2024-07-29T14:12:08.783000 CVE-2024-7135,0,0,31437d1db396166831d3abd18bbeb77eef50ad11110b9df0f25d86e90a9b1fe1,2024-07-31T12:57:02.300000 -CVE-2024-7136,0,0,0ad66288428d718aec2e3f098e6e037f32c583c773e9c66fb1b22c163331c37b,2024-08-16T11:15:04.027000 +CVE-2024-7136,0,1,8aada0541fe051e5634e6d0e6056d54d479250830cd49e1b32d308af5a5c28dc,2024-08-19T13:00:23.117000 CVE-2024-7143,0,0,444409226f2889debaa1b6cea63b846cc438f1a41258f2e601b106b9c83baf18,2024-08-07T19:09:46.290000 -CVE-2024-7144,0,0,956345c30ac91703cc6247a06908da0b5850fed46bf6b704798f3fbd677362a9,2024-08-16T14:15:14.690000 -CVE-2024-7145,0,0,8008e4f01c2164733d1a7678bcf08be4de0dc8b1ace04bc419ca0832fa2e5456,2024-08-16T14:15:15.187000 -CVE-2024-7146,0,0,98e7feeff6b9540cb8ef33cbd924b9c6b5382b8ffb229b070c3d59e46710467d,2024-08-16T11:15:04.230000 -CVE-2024-7147,0,0,25a2551577bf2ff9e0ee13fa7c6e048a893e4216beb8bb4e8ed94704fa47c0a8,2024-08-16T11:15:04.423000 +CVE-2024-7144,0,1,300c6e33851049d0401e0c2f4f85e593dd9cc8f73321eee94789dbd125199b69,2024-08-19T13:00:23.117000 +CVE-2024-7145,0,1,54ef0987fae1455e93efc40b82f127c6960dc169a1fe0fab8236292c8c2d39b3,2024-08-19T13:00:23.117000 +CVE-2024-7146,0,1,0d097eb41f121dd3c78bcb7ece20b3c3122f8d7908fd573306f5f8009daac9d3,2024-08-19T13:00:23.117000 +CVE-2024-7147,0,1,d64b7d45d4df4fda891fe044ed5ed11da3adfb67eec103504ae2ce9a34185836,2024-08-19T13:00:23.117000 CVE-2024-7150,0,0,c7aa662c62f137fc9f5e7c2c4fa11d684ce4d74402782286c7770e7f6bcc041e,2024-08-08T13:04:18.753000 CVE-2024-7151,0,0,27748e77ac666f37b5ea95444b5871c2d624c12d124d7b3d9588f7bd43672a12,2024-07-29T14:12:08.783000 CVE-2024-7152,0,0,dcb2ef4ff482b2e3310b87257a8cfd0ded02bb0f2f9cc18d404e9808150d9dbb,2024-07-29T14:12:08.783000 @@ -260139,7 +260139,7 @@ CVE-2024-7291,0,0,298cd3a818c66e9bf797d2d090f42649293656283b8daab213f19385b28931 CVE-2024-7297,0,0,cb4ca8684118dc46d1f9724d628f899c3458badae695854f058e1eba8efe7ce6,2024-07-31T12:57:02.300000 CVE-2024-7299,0,0,18b86413af481c73d022a0c4ed8ac3628863652a0dcfb13bf199bbb5e4db4366,2024-07-31T16:15:05.217000 CVE-2024-7300,0,0,a2e066ea38ffd4d283558ac9c550384947d588019ed19b0e0b6c2becc0799ae9,2024-07-31T14:15:08.080000 -CVE-2024-7301,0,0,9ac2e1746052b94580955159156b6fbb9fefd09fd91be4972b7d29f9faee985a,2024-08-16T05:15:12.177000 +CVE-2024-7301,0,1,6b622cf82f175e4420a14e0711b01cd703c5db56ffca3c66c2a47c7fdd329e04,2024-08-19T13:00:23.117000 CVE-2024-7302,0,0,3e3978a555cf8f7617492d06d41673a59c5323c552cb9b37b079247ec7c0af88,2024-08-01T12:42:36.933000 CVE-2024-7303,0,0,9520f852975600abd145b384cdd7bd5ee8f54af62f4a78fc6dcf9ca25a845304,2024-08-12T16:47:04.740000 CVE-2024-7306,0,0,3c865c91ac7fc6c8c32a68429064dd89f6391277f467a5bdc571f15092dbadd4,2024-08-12T16:33:51.090000 @@ -260219,7 +260219,7 @@ CVE-2024-7413,0,0,cc9a3132dbf30c713a640687e195177085da2f3a67f589d16f765a82cdaabb CVE-2024-7414,0,0,ec5a655568a866725caccc407e481351f1a5df496455996ee3102ef3dac59f70,2024-08-12T13:41:36.517000 CVE-2024-7416,0,0,67a9ab6c88d18462429964f1183d705aa9fe2b8f49f4e7e013c20651e7dbf059,2024-08-12T13:41:36.517000 CVE-2024-7420,0,0,212201dc70782f8f787a94c9803febdbce3768abc9739a3b9300a43932a4c1b3,2024-08-15T13:01:10.150000 -CVE-2024-7422,0,0,29b418d80adce5ca7a6a097f7b70d025d47af8c580a8c2fa7bb4cb6ce25a127a,2024-08-16T04:15:07.497000 +CVE-2024-7422,0,1,36692ebd2df61833999819382a06fe94bffc446bd5a7ed95f5ad6f2f1be17d62,2024-08-19T13:00:23.117000 CVE-2024-7436,0,0,4e5f8b4434de8d3be7545b252fde74866f6d1e15f143f31c26845d516524cae6,2024-08-05T12:41:45.957000 CVE-2024-7437,0,0,6536d7f97d7ad58b67ec8c23497b1bab63383020d43415bc5b4c83af23e0fa6d,2024-08-12T13:38:43.060000 CVE-2024-7438,0,0,e0751aac5a1208089fd3136e155c05769dcef78130a2d9c6fdc04c87ca92fb9a,2024-08-12T13:38:43.203000 @@ -260265,7 +260265,7 @@ CVE-2024-7497,0,0,171d6206f3c6dadbebd8902a7e0a0a1774e2796713d12e03c39eb365b5f7df CVE-2024-7498,0,0,34558512fcd1426a2a2d148e9d2625ea3cd75c20501206f3df3d025acddc8114,2024-08-06T16:30:24.547000 CVE-2024-7499,0,0,6a02f27fcba04de10769d0a3eb8df3330f0153ea641827dd4e7a8cea71e560a6,2024-08-06T16:30:24.547000 CVE-2024-7500,0,0,931897362fb2ba79107882fb00e70aa09beff68614f848f39093ae56ae63e032,2024-08-06T16:30:24.547000 -CVE-2024-7501,0,0,7e5305dad5efb3f3b9e49bd9ee97763938cc6c7229e62dcf3d5ae08895a6666f,2024-08-16T07:15:05.003000 +CVE-2024-7501,0,1,2fd4188d1999778b891385946f595754b20c012f67cab248f9517d628952073d,2024-08-19T13:00:23.117000 CVE-2024-7502,0,0,400715e8cd7f13a2a067bad8525237ee0b427d91f26288ec69911983b1e213dc,2024-08-12T18:50:46.897000 CVE-2024-7503,0,0,28eccc62ac1116ed3903389dc35db9d701a089493abe0a5b58ce715f71d06e9d,2024-08-12T13:41:36.517000 CVE-2024-7505,0,0,aecd8f77bf4729577cedcf26eddaf42651063906380e7519311f6a7e624532e3,2024-08-06T16:30:24.547000 @@ -260339,7 +260339,7 @@ CVE-2024-7621,0,0,07161284faa2eb0637370b6ff462e631787a37850cefb6ac5fa6750545dd70 CVE-2024-7624,0,0,c87cdcd90fb34d1c79e4bedcfe521cd45a7c97d88fc176665ac59544b2fffb63,2024-08-15T13:01:10.150000 CVE-2024-7625,0,0,cf7951ec684c41cac7f2f6e12b1507a1eac20d5a4914135abea68670c2031228,2024-08-15T13:01:10.150000 CVE-2024-7628,0,0,13c6e75993fc4e0ea638854e2c037e11703f2e05b1bb0a7d2173b121da5472cd,2024-08-15T13:01:10.150000 -CVE-2024-7630,0,0,2f42e84646c6bf431d59866f8a2e85d23dc023bc3c4e84d846ed0dde8c370839,2024-08-16T03:15:10.093000 +CVE-2024-7630,0,1,418e383b03350a1fa5d21be50b8eebc36b3c165fb7c794a3b77aa7313e9af0aa,2024-08-19T13:00:23.117000 CVE-2024-7633,0,0,3b1df1487eb71af2061753f656e2660f3fdd60b89404cd84fa2c01a4dff29ee6,2024-08-12T13:38:45.690000 CVE-2024-7635,0,0,77137333cb856f76f03e4b50e0e5dbce5cc99fa466aafebf6530d8cfb2e96fdd,2024-08-15T18:12:33.270000 CVE-2024-7636,0,0,81414365f80fa57b345628baccc97b68e4a32475a3dd61fce01a599a3ee31eee,2024-08-15T18:13:23.327000 @@ -260352,7 +260352,7 @@ CVE-2024-7642,0,0,7529ae7f3e258c0bacf9321b53a5a8cb22d41a7a410253e46b217922db56c3 CVE-2024-7643,0,0,561f361e340de6652f3552e8a31740bd4d6ceba659a82983fde2458aeab94c1a,2024-08-15T18:18:22.827000 CVE-2024-7644,0,0,af133dd73ba0f9ae2c852b6a18dbacddae25120427cf0e48515211be4d6d6b46,2024-08-15T18:19:11.080000 CVE-2024-7645,0,0,5907fa67844d9e7166c08ec4cacd3d4b0081da6e8a85d6ebbe1b0401ec39e9c0,2024-08-15T17:43:58.627000 -CVE-2024-7646,0,0,9fcfffd01f6fd4b3b46d0e819526e15ce71dd924d160eb431d0a08a97dbcc0c9,2024-08-16T18:15:10.970000 +CVE-2024-7646,0,1,0e47e4757200b360ac0ac2cd875beb2809de05dd15d4a2274662b759af795194,2024-08-19T13:00:23.117000 CVE-2024-7648,0,0,2049ae7cbf0cab301bb3d8a4c000a0971cbb2a1bb7b1a04dd9face1c419d935f,2024-08-12T13:41:36.517000 CVE-2024-7649,0,0,3d0b3905ac20943345a47479273aed49759614ef3fae3b2688335294d499ed3d,2024-08-12T13:41:36.517000 CVE-2024-7657,0,0,b71ee6cae903ac873f30f4d097ac987c873f0095983bc9620eda1ffab659d5b8,2024-08-15T17:48:20.920000 @@ -260382,7 +260382,7 @@ CVE-2024-7693,0,0,f2cd1103366bcfd179be09779784b86ac2f98679921c4f629dd8dbd0c14eef CVE-2024-7694,0,0,7ad6784b26040f06619a4364e66ebaeeebc13317865a5794a53c5e6dcb080aaf,2024-08-12T13:41:36.517000 CVE-2024-7697,0,0,86f38a2ec81d6dd175dacb6d02f5a3a1a354fb4dfe19ab907d3389b4bd3a3025,2024-08-12T15:35:07.293000 CVE-2024-7700,0,0,3e081f65a743f7c2243d16cda14609415c7128fbdf01790b4350a9589b48c796,2024-08-12T18:57:17.383000 -CVE-2024-7703,0,0,2f57a91d773961f3bfd393db77d4588d9eccec118cfbd30c9160b240e919a3ca,2024-08-17T12:15:04.530000 +CVE-2024-7703,0,1,4fed134c1a88e3f28368f1aeb0423ea22cd742b65dcb7d77a318829e8e6bb6ba,2024-08-19T12:59:59.177000 CVE-2024-7704,0,0,e58413fccd16c05c85207978d3387c57f50b93fb7a427c48c6f401c695307c8f,2024-08-13T12:58:25.437000 CVE-2024-7705,0,0,ba2446d549e3c4265501aacae0f49b053f84e0be1e1ff6443743a7ef69ec83bb,2024-08-13T12:58:25.437000 CVE-2024-7706,0,0,34691e01382f75dab77331457a35200e30d6d542602059394c4cb51de28ec4d5,2024-08-13T12:58:25.437000 @@ -260430,43 +260430,43 @@ CVE-2024-7830,0,0,aecb53ebfd191520b119aaf0f7b625954609768446e132bf583298cf7e78a8 CVE-2024-7831,0,0,06a5ef48758a8ea0a3ac5881dbf010524be5d68b8a3bd1febf7a6780bcb7bcb0,2024-08-15T16:15:25.957000 CVE-2024-7832,0,0,b86e1440383f016c3ac1706697a7ad1775af2e15aaaab3d7ca77ffa5fa2e299b,2024-08-15T17:34:07.033000 CVE-2024-7833,0,0,2034a55664b274a63d452fe844ade8fd93b76c11f3b2d6fca6641456083a3f64,2024-08-15T17:34:07.033000 -CVE-2024-7838,0,0,9b07b20e210a630cba50b722662c6a9edd600d5e3ca64f87bd69d57661f984b0,2024-08-15T20:15:18.457000 -CVE-2024-7839,0,0,d033e19cc68ba3b089fe080a6a9e744b34369fbf864bbfdfc3c7777f34b6c5b7,2024-08-15T21:15:18.237000 -CVE-2024-7841,0,0,2855c6980b0ecbec940abda9d856b71d7fd38b290a9ec96c2c9cc292e9def45b,2024-08-15T22:15:07.020000 -CVE-2024-7842,0,0,c63ab5ac616ae94cb73861ec3d6203ebb93ed544eae916de7fad591ccd64dd3a,2024-08-15T22:15:07.310000 -CVE-2024-7843,0,0,543689aff43990bdaa01cd7032f42e592832fa266ca8f16e8a4114e1693de417,2024-08-15T23:15:10.453000 -CVE-2024-7844,0,0,f17c5601438944895b303be1e692ebd0a06173e694083247d3d403dfaac2ebc0,2024-08-15T23:15:10.740000 -CVE-2024-7845,0,0,9a6c5341b6109b5fa32cd3134ab527402d213d1f6d5ac6ee3c193d7823b46443,2024-08-16T02:15:18.080000 -CVE-2024-7849,0,0,07f311c99dca4554a0481cc55ff285a5dcafaa40dff0719629e1165cf3ea11a6,2024-08-16T02:15:18.420000 -CVE-2024-7851,0,0,d74634ca101687d84531d2cdfb75dd2bb3a0b2c8085fbb79528b8bbefa22e417,2024-08-16T02:15:18.720000 -CVE-2024-7852,0,0,54daba48eba8cddcd2205c3cafafd9a7b3fff366613d27f842bc7dceac14e86c,2024-08-16T02:15:18.960000 -CVE-2024-7853,0,0,79f7563cce3b3e9e676c8909ec094ed5cb76250550591685449d31cf3d80f615,2024-08-16T02:15:19.217000 -CVE-2024-7866,0,0,e64c80b966fd34c36717ad8ea88602c3ad1128d8f98a453f3b8eeb5e6422267c,2024-08-15T20:15:18.793000 -CVE-2024-7867,0,0,a054fc9fd5e33a112bc4f8435f1233a41ebd3e0d5aa68d90a197777cc9328347,2024-08-15T20:15:18.967000 -CVE-2024-7868,0,0,851903f1b84a5db55d6f005f66d13843eb35bd7844d42a2b2aa7d8bcc7c3f2ed,2024-08-15T21:15:18.530000 -CVE-2024-7886,0,0,45f54d90a7aa89ae9a274103c6e9a744cb42d24d027ba685f689100664718925,2024-08-17T08:15:06.513000 -CVE-2024-7887,0,0,0cc8732c4631d2aa1a6367f7c1a5d02dc864e1739975805f280194214c7ebaec,2024-08-17T09:15:12.040000 -CVE-2024-7896,0,0,8e4ea2098e3a6b050dd1ab8f1485d7b75133c03c52a21b4e5b7e25b9976771e9,2024-08-17T14:15:12.303000 -CVE-2024-7897,0,0,9c3039999c360ddeb6ba4aa231bf58e21f5293186239d7c2342deff2fa25127c,2024-08-17T15:15:11.597000 -CVE-2024-7898,0,0,a78115dd883ace956fc88dcecf8d6593b449a658f458ff010ff03a6f0f76f5b7,2024-08-17T18:15:04.250000 -CVE-2024-7899,0,0,530727c41b9957ce297abe8d82a7e2a4f6db0921c14d3c8add46e5f25fc34255,2024-08-17T19:15:03.267000 -CVE-2024-7900,0,0,854584c170ab28081d54315529d53510804f522211e9a4a31ffb01a22fa7465a,2024-08-17T20:15:04.303000 -CVE-2024-7901,0,0,618a2039f51cbbbc0d5c3ddaa5027b5967637dce6171bdd0d5691af36c86bc29,2024-08-17T21:15:03.773000 -CVE-2024-7902,0,0,cbd573e84ca67ff2b53cf8a42d7d83afc92757983fa6b70e4db7dd6cd063dfb8,2024-08-17T22:15:04.190000 -CVE-2024-7903,0,0,8d7843d16187b57c0ec430196d9a14825eadb602191eca2998b1f5041ce037b8,2024-08-18T07:15:03.763000 -CVE-2024-7904,0,0,c57b9b0a7afe4ddf2b389d6f0877116812f1d85f16981e375bb4bc54849ca0fc,2024-08-18T09:15:04.973000 -CVE-2024-7905,0,0,83bd74ff7f9a0d327aa4b77d2021933a8729049dacae0baa5dce168c40c2a131,2024-08-18T12:15:04.397000 -CVE-2024-7906,0,0,7b5af4f9a5ce556bb7ea2828ad0737ab7becadf15cc6307b3c18c76423443d69,2024-08-18T14:15:09.593000 -CVE-2024-7907,0,0,5bd33617054e621be930cb2c35c92b8532c16eb2e040b69ae37e2ca570c5a262,2024-08-18T16:15:04.193000 -CVE-2024-7908,0,0,133a52c6ebfb4ea2c1f15ca6a2d6f8c429c4c93fd4d765a6aecaafe6d76bfecb,2024-08-18T17:15:03.557000 -CVE-2024-7909,0,0,15ed970d3c5bd799326dadec69a0260bcf483327873a398cf1647a5dfde46cd9,2024-08-18T18:15:04.290000 -CVE-2024-7910,0,0,ca5afb1cb656577865c0466038bc9fbbe19513240326cee97766752e4b67f30e,2024-08-18T19:15:05.003000 -CVE-2024-7911,0,0,29bc2e1d3c2f679a026cf5addc4bd652ca6c6f74f0de43a212e31351b68eb5e9,2024-08-18T20:15:04.260000 -CVE-2024-7912,0,0,28e91949464341969be22cc5a7160eb7f609c0f446037628cc09a48db9b999b0,2024-08-18T22:15:12.223000 -CVE-2024-7913,0,0,553a11741d443f553fe263cbec7577dc08e9c057f22cb110d971cb9b1a2ae28b,2024-08-18T22:15:12.480000 -CVE-2024-7914,0,0,08fe806ec42c620b812e207c98df7ee04a63e0692534482aa64c33a7eb26ea71,2024-08-18T22:15:12.737000 -CVE-2024-7916,0,0,6d34b0bd172e96a1475b506a90dffbc217f42556fa54e261bdb4257c11df69d2,2024-08-18T23:15:03.780000 -CVE-2024-7917,0,0,a07c4036ed843a9ce8a234f70e0aa3853fd710edff91c384ddb42010efd8817a,2024-08-18T23:15:04.047000 -CVE-2024-7919,0,0,cd9e5313783786802dead92f74ac972e6a2a0002aa0e90c01072530244a659d5,2024-08-19T00:15:04.310000 -CVE-2024-7920,0,0,5a649028abea7e5b9cb23486b6e504409ddf07a2069247d7cc24cc9502166467,2024-08-19T00:15:04.570000 -CVE-2024-7921,0,0,5928cdd1d16dbfb31c71085802850dcb6a9a20e0d6122d2c40342511457ae15a,2024-08-19T03:15:03.967000 +CVE-2024-7838,0,1,08896d0dd5f0d271651ed959479ababcf3678bab2f6de38319217dbebd9121c3,2024-08-19T13:00:23.117000 +CVE-2024-7839,0,1,94790d44c57f3d6cda88c2d05a1aec9fac8c3738af92c1bbde24c4a763e8b732,2024-08-19T13:00:23.117000 +CVE-2024-7841,0,1,009f80811a7e510b5a67a297d5581e736005de8d0fd00ac7dc1232d79672e30e,2024-08-19T13:00:23.117000 +CVE-2024-7842,0,1,376595f98e03b5d55dfdd820fd73054da72fc5ca1bcda372d5b4d14b620e4f87,2024-08-19T13:00:23.117000 +CVE-2024-7843,0,1,b225e3e73de15f6d60b8901f2783f6fa1e04b6e464a4da789732b7d24dd9ea31,2024-08-19T13:00:23.117000 +CVE-2024-7844,0,1,a978525f7c5338c00fd1e65328954b310b11e6a4623886307ceb80e753c2f492,2024-08-19T13:00:23.117000 +CVE-2024-7845,0,1,a27541ca47acd484f46c609f3698b7013802437eb8a6a96b9ef6a93b64b0256f,2024-08-19T13:00:23.117000 +CVE-2024-7849,0,1,e63d24df06d5f4555672e0892a25c4e5c95ca031f7861c25398c177add1bd8f5,2024-08-19T13:00:23.117000 +CVE-2024-7851,0,1,a3f499a96b03d0001447f268138d29dda5356c0889ebe13c4e09da447417c59f,2024-08-19T13:00:23.117000 +CVE-2024-7852,0,1,d81b5371e4f0add1d395c3b1194a942c6ec099c1cdc2d46560d4b57bf5d930b7,2024-08-19T13:00:23.117000 +CVE-2024-7853,0,1,602b79ace26812f03f94bfc9d8a0781cb4744715aed03debdd7aa8ad39738b45,2024-08-19T13:00:23.117000 +CVE-2024-7866,0,1,f8b3dfc8563b58969eadd75f82a5aab5fe4262d9aa63a419e384dd127fa7904a,2024-08-19T13:00:23.117000 +CVE-2024-7867,0,1,6a317fb9db8a508202f8841173e6c3d2bd77edc707a891aff0fcaf7f472e0f1b,2024-08-19T13:00:23.117000 +CVE-2024-7868,0,1,426aac72107d4f020c4b4c2ec1e49b6873953f44556989351b1605a1e98035d8,2024-08-19T13:00:23.117000 +CVE-2024-7886,0,1,b8c1f856b8479c6982faa8a2fc4a6d8b2480e045b8b096d9bd3b8640a06eb6f3,2024-08-19T13:00:23.117000 +CVE-2024-7887,0,1,ba2ac28c88e5c856e9fa78c00b11f37e0df98a3508bf609dc9edbaa04a8fdb8e,2024-08-19T12:59:59.177000 +CVE-2024-7896,0,1,e115ee70676449319da75f2ec90030d6786cbf959d60ae46c6eca0a5bfa70596,2024-08-19T12:59:59.177000 +CVE-2024-7897,0,1,34d7e13cac3c9857b59ba7f201d48e9ca9f7753e6abc912af86d1673c9b46517,2024-08-19T12:59:59.177000 +CVE-2024-7898,0,1,9b53511a874443e63e9fd6e28d865409c6f4ae01d19ad61fe805be2ebbff7c7d,2024-08-19T12:59:59.177000 +CVE-2024-7899,0,1,eae1357abf47e41c71af7e92c424ab9c792614c8de4efe8ea4e3fa4fd0ad24e8,2024-08-19T12:59:59.177000 +CVE-2024-7900,0,1,80f124872895e5bd3ab8b707b60991c4a83751766ca4ab41aca3042ca240f062,2024-08-19T12:59:59.177000 +CVE-2024-7901,0,1,09187ffe5f954d2e257aeae071de03c7cc013cd8318011f8801c2a33e42759b0,2024-08-19T12:59:59.177000 +CVE-2024-7902,0,1,d9317e94e681e5fc5d081bdb330e47fde6ed15e7a874dabef3b76a04912c9983,2024-08-19T12:59:59.177000 +CVE-2024-7903,0,1,65c75a540b1b29079982843aeb23d97ba8ab7149bfb3184abe8ee63d1aa7fdf6,2024-08-19T12:59:59.177000 +CVE-2024-7904,0,1,00b92af797fcf7243beef8cf467d3a4a50194d2f529bd582708c05ea102b2d8d,2024-08-19T12:59:59.177000 +CVE-2024-7905,0,1,6de58aadea45ceeb00cc6fb61fbda9d7e7d95e6ea77af9889eb16144c4609628,2024-08-19T12:59:59.177000 +CVE-2024-7906,0,1,5925ebd1a52432bd63b3f19ac1ead0d4887664fec659899d48bbaa77d66a321d,2024-08-19T12:59:59.177000 +CVE-2024-7907,0,1,a46fb17a22e049c9f8086001d3b237cc91336e6b31d48c1d648b6b54427137df,2024-08-19T12:59:59.177000 +CVE-2024-7908,0,1,12734ffdf3f625da7309d68c372ef230abaa16a785542b05a428d828372adf5b,2024-08-19T12:59:59.177000 +CVE-2024-7909,0,1,52eda1c6c71f08f62c60acd660b7ad69a9a36f7b4ed2e75cab8ac7841280a9d6,2024-08-19T12:59:59.177000 +CVE-2024-7910,0,1,e3b835723e9c9e3266c0dcb29284e7f0f2687c7d4e617116a92dc28c5689994a,2024-08-19T12:59:59.177000 +CVE-2024-7911,0,1,af7147b4a7f81aa5c808bf816c3387e1915a0295fff50b816fcead3dd261cd80,2024-08-19T12:59:59.177000 +CVE-2024-7912,0,1,da795387d3b00a50cc5ced490764bdb979268e983dd16584c57cd54da862182b,2024-08-19T12:59:59.177000 +CVE-2024-7913,0,1,28ec0d977d3173b82e1caebf71309a649f36298b171b967761fbc48e7b39b4aa,2024-08-19T12:59:59.177000 +CVE-2024-7914,0,1,a84614efd41d028a75577887e14194c2926a9cd9cf458846d591ec3a5a1475af,2024-08-19T12:59:59.177000 +CVE-2024-7916,0,1,cd8976783d2078b1d7553acb748a0124156db02ede21116d7f974c5bc201c436,2024-08-19T12:59:59.177000 +CVE-2024-7917,0,1,eee101cab94721701b8799ab6e3327ea4308628e86850d2bd714ca62d0b6ed31,2024-08-19T12:59:59.177000 +CVE-2024-7919,0,1,f2bb5e312b080254029100aad55ac0e116f106f8875406ee9eda26e8584e5716,2024-08-19T12:59:59.177000 +CVE-2024-7920,0,1,c41e33ff5de5a36152bea0a48597e7ee27df39730a99a7d96b4832bf67ef32a2,2024-08-19T12:59:59.177000 +CVE-2024-7921,0,1,373fc8493a42dec9024075bfa6d26cd35595f3ee4bbd93f8a4d782f94f96ad56,2024-08-19T12:59:59.177000