Auto-Update: 2024-04-01T10:00:37.398324+00:00

2025-07-09 16:05:11 +00:00 · 2024-04-01 10:03:24 +00:00 · 2024-04-01 10:03:24 +00:00 · 0b3a301abd
commit 0b3a301abd
parent a1c88bea74
5 changed files with 81 additions and 17 deletions
--- a/CVE-2024/CVE-2024-250xx/CVE-2024-25080.json
+++ b/CVE-2024/CVE-2024-250xx/CVE-2024-25080.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2024-25080",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-04-01T09:15:50.930",
+  "lastModified": "2024-04-01T09:15:50.930",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attachment viewer."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://www.axigen.com/knowledgebase/Axigen-WebMail-XSS-Vulnerability-CVE-2024-25080-_401.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.axigen.com/mail-server/axigen-older-features/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-266xx/CVE-2024-26653.json
+++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26653.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2024-26653",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2024-04-01T09:15:51.010",
+  "lastModified": "2024-04-01T09:15:51.010",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: misc: ljca: Fix double free in error handling path\n\nWhen auxiliary_device_add() returns error and then calls\nauxiliary_device_uninit(), callback function ljca_auxdev_release\ncalls kfree(auxdev->dev.platform_data) to free the parameter data\nof the function ljca_new_client_device. The callers of\nljca_new_client_device shouldn't call kfree() again\nin the error handling path to free the platform data.\n\nFix this by cleaning up the redundant kfree() in all callers and\nadding kfree() the passed in platform_data on errors which happen\nbefore auxiliary_device_init() succeeds ."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/7c9631969287a5366bc8e39cd5abff154b35fb80",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-266xx/CVE-2024-26654.json
+++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26654.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2024-26654",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2024-04-01T09:15:51.063",
+  "lastModified": "2024-04-01T09:15:51.063",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: sh: aica: reorder cleanup operations to avoid UAF bugs\n\nThe dreamcastcard->timer could schedule the spu_dma_work and the\nspu_dma_work could also arm the dreamcastcard->timer.\n\nWhen the snd_pcm_substream is closing, the aica_channel will be\ndeallocated. But it could still be dereferenced in the worker\nthread. The reason is that del_timer() will return directly\nregardless of whether the timer handler is running or not and\nthe worker could be rescheduled in the timer handler. As a result,\nthe UAF bug will happen. The racy situation is shown below:\n\n      (Thread 1)                 |      (Thread 2)\nsnd_aicapcm_pcm_close()          |\n ...                             |  run_spu_dma() //worker\n                                 |    mod_timer()\n  flush_work()                   |\n  del_timer()                    |  aica_period_elapsed() //timer\n  kfree(dreamcastcard->channel)  |    schedule_work()\n                                 |  run_spu_dma() //worker\n  ...                            |    dreamcastcard->channel-> //USE\n\nIn order to mitigate this bug and other possible corner cases,\ncall mod_timer() conditionally in run_spu_dma(), then implement\nPCM sync_stop op to cancel both the timer and worker. The sync_stop\nop will be called from PCM core appropriately when needed."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/051e0840ffa8ab25554d6b14b62c9ab9e4901457",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-04-01T08:00:38.662233+00:00
+2024-04-01T10:00:37.398324+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-04-01T07:15:44.697000+00:00
+2024-04-01T09:15:51.063000+00:00
 ```

 ### Last Data Feed Release
@ -33,25 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-243533
+243536
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `3`

- [CVE-2016-15038](CVE-2016/CVE-2016-150xx/CVE-2016-15038.json) (`2024-04-01T06:15:07.410`)
+- [CVE-2024-25080](CVE-2024/CVE-2024-250xx/CVE-2024-25080.json) (`2024-04-01T09:15:50.930`)
+- [CVE-2024-26653](CVE-2024/CVE-2024-266xx/CVE-2024-26653.json) (`2024-04-01T09:15:51.010`)
+- [CVE-2024-26654](CVE-2024/CVE-2024-266xx/CVE-2024-26654.json) (`2024-04-01T09:15:51.063`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `5`
+Recently modified CVEs: `0`

- [CVE-2024-0569](CVE-2024/CVE-2024-05xx/CVE-2024-0569.json) (`2024-04-01T07:15:43.770`)
- [CVE-2024-0570](CVE-2024/CVE-2024-05xx/CVE-2024-0570.json) (`2024-04-01T07:15:44.220`)
- [CVE-2024-0942](CVE-2024/CVE-2024-09xx/CVE-2024-0942.json) (`2024-04-01T07:15:44.393`)
- [CVE-2024-0943](CVE-2024/CVE-2024-09xx/CVE-2024-0943.json) (`2024-04-01T07:15:44.570`)
- [CVE-2024-0944](CVE-2024/CVE-2024-09xx/CVE-2024-0944.json) (`2024-04-01T07:15:44.697`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -84896,7 +84896,7 @@ CVE-2016-15034,0,0,9f9f3048a0b0f11e3273f734d29a0b379d91e3862fb6da50895964f0e448e
 CVE-2016-15035,0,0,225f6867847fae30a314b4bc02edd6f934b1034a9440656fb04cd8d5901fc163,2024-02-29T01:17:45.180000
 CVE-2016-15036,0,0,e22fce1320d3aea2e172e136275a3d78e2d77577633a2459ebd8eadc28a78cce,2024-02-29T01:17:45.273000
 CVE-2016-15037,0,0,6c233260c7a504dec97027e1f8d0f36f3a408c825ea311bb6708d141711ab517,2024-02-29T01:17:45.357000
-CVE-2016-15038,1,1,123588b89bba949ecb715f0e009b5fdebcf290675849a9d640c833ae57277852,2024-04-01T06:15:07.410000
+CVE-2016-15038,0,0,123588b89bba949ecb715f0e009b5fdebcf290675849a9d640c833ae57277852,2024-04-01T06:15:07.410000
 CVE-2016-1504,0,0,e4a5917b190636ab893bfc336d7dce867e27774f351fdae2d20038ff8cc1cac6,2017-09-10T01:29:11.687000
 CVE-2016-1505,0,0,603189ae235a59230e4b76c2a9840be41f6129fa2273d823a3008d11b5c9719c,2016-11-28T19:59:55.070000
 CVE-2016-1513,0,0,d5c8130dd11ed8123fd26cdd3a19657509909f00f1eaa4a6cfd6e8ec49e54760,2017-09-01T01:29:04.507000
@ -238369,8 +238369,8 @@ CVE-2024-0565,0,0,4289f67bdd3b0f4d908bc28471c202ce9f1b0e6eda24bcf3bb7c9761f42241
 CVE-2024-0566,0,0,681abfc9b7e46c2ac8977fa82721f99415c45ed13e9d55c5c1afcf0cdcb8b495,2024-02-12T17:31:21.670000
 CVE-2024-0567,0,0,1e02444873c1fe10a496f7f22c004ec6553f166b1c2f1a8e061b54f1c92e9745,2024-03-05T11:15:08.783000
 CVE-2024-0568,0,0,d5e10765679dc87408e9afd357bef5ea79b4bd9fdde5134372f0a54d2826f684,2024-02-14T18:04:50.373000
-CVE-2024-0569,0,1,281153a160e0d4c9c9e8acc1849d1732a9d187ce7678987a1d966588d5a7650a,2024-04-01T07:15:43.770000
-CVE-2024-0570,0,1,9f91f8a58430764f55fcec3eddc297f045cea97b6373d74b7647cd5b2b7eea38,2024-04-01T07:15:44.220000
+CVE-2024-0569,0,0,281153a160e0d4c9c9e8acc1849d1732a9d187ce7678987a1d966588d5a7650a,2024-04-01T07:15:43.770000
+CVE-2024-0570,0,0,9f91f8a58430764f55fcec3eddc297f045cea97b6373d74b7647cd5b2b7eea38,2024-04-01T07:15:44.220000
 CVE-2024-0571,0,0,fac58a18923559916f55048ff4f63c833078d9ac714bfc08d0d7cb5ce2d1a617,2024-03-21T02:51:18.320000
 CVE-2024-0572,0,0,e5da15a3184fc5372825fd537815dedc610f7e266ab696e6c03f9be38374d86a,2024-03-21T02:51:18.430000
 CVE-2024-0573,0,0,f25b0a3eb4d3127bce0e06a1068497a7e6b1734edf38e4ae7f2f185098e320d7,2024-03-21T02:51:18.537000
@ -238664,9 +238664,9 @@ CVE-2024-0937,0,0,b3e504b6c849ac13a00df1f49738604c752b12b98a44b14628de6597b2d7ab
 CVE-2024-0938,0,0,918883de29177f32ba24da12c9f6d120366607f29708de8bf64f0ff14d72ea78,2024-03-21T02:51:28.473000
 CVE-2024-0939,0,0,64f42ff867f2ec17af0a7c21e7435a588da6d408e1e01867ba67b2b662eced9f,2024-03-21T02:51:28.567000
 CVE-2024-0941,0,0,d1fb86115c90f6dec1523ce97eb747dd8e0bf1ff33692c0b90f0c729ad595dfa,2024-03-21T02:51:28.657000
-CVE-2024-0942,0,1,5f1fa3cc013edf03eccbd9d7e8ff40119f6a0e5c9abac353af753e59c22b7076,2024-04-01T07:15:44.393000
-CVE-2024-0943,0,1,46fa0f40f5c7c237fba5fc62074ae993cf6caf36e871932e185ea40dbcf22d16,2024-04-01T07:15:44.570000
-CVE-2024-0944,0,1,d411ea553e21bd03d8a27fcceb6b61ba6cc7ad86962b27915b52b765c113e414,2024-04-01T07:15:44.697000
+CVE-2024-0942,0,0,5f1fa3cc013edf03eccbd9d7e8ff40119f6a0e5c9abac353af753e59c22b7076,2024-04-01T07:15:44.393000
+CVE-2024-0943,0,0,46fa0f40f5c7c237fba5fc62074ae993cf6caf36e871932e185ea40dbcf22d16,2024-04-01T07:15:44.570000
+CVE-2024-0944,0,0,d411ea553e21bd03d8a27fcceb6b61ba6cc7ad86962b27915b52b765c113e414,2024-04-01T07:15:44.697000
 CVE-2024-0945,0,0,243219178e236f74acca3eefe13130000ad05c1a5357ad1be801c8682bbef74a,2024-03-21T02:51:29.020000
 CVE-2024-0946,0,0,f38e0acfa5a62d09cd0d89e732ea527682b7fca9e815972ae04f4e3e1276501b,2024-03-21T02:51:29.117000
 CVE-2024-0948,0,0,0b7118776efc3790764234dd4b13ba383d5bf37d8bf445b3a5541d7e05e15f3c,2024-03-21T02:51:29.220000
@ -241502,6 +241502,7 @@ CVE-2024-25062,0,0,9596ed5cf07a8bc8469d4afc28fc727a431af7cff3b6b8e84435c301d9955
 CVE-2024-25063,0,0,8296c4ac18003d6d927b0c45a19a753add4384ce34fc59926d1f36a726ce4dbf,2024-03-04T22:45:02.117000
 CVE-2024-25064,0,0,e90e896eb449d7ccff000c59a6c6d8569d7a679ad8db09883eafe6b89f6c07ea,2024-03-04T22:43:15.337000
 CVE-2024-25065,0,0,8789f3e0c0f1a18215b02ec07e51d2392ffb2b6e5c0102b29d290a5bd7708b34,2024-02-29T13:49:29.390000
+CVE-2024-25080,1,1,310e7c0ecfc4864770112770daf885c4158d9562abb7aa8b35fd6e6f57180369,2024-04-01T09:15:50.930000
 CVE-2024-25081,0,0,c28ed534590feb1739659669df4a7c74247df29d1ac0d5daa9ed512959af803c,2024-03-23T03:15:11.330000
 CVE-2024-25082,0,0,0376e5832e39b19bc504b78433ebb158054a5715ce980118648e2b6c7f603eff,2024-03-23T03:15:11.393000
 CVE-2024-25083,0,0,0f4fc4d8ac3f523b7fe1019fa405e820bc046011ad52c3c323b831f9b2e08f24,2024-02-16T21:39:50.223000
@ -242278,6 +242279,8 @@ CVE-2024-26649,0,0,86aeb2fae965a4a5332ed6f99e853d97c707f8eddf2b6cb0afb03f1458efa
 CVE-2024-26650,0,0,a6462e36b1dd6f69ddd876eed038a048534eb12e06d7671796e4cb5890514076,2024-03-27T12:29:41.530000
 CVE-2024-26651,0,0,a2e5e1171fae5cd37adc9c273beac8339c77df92cf6c9b2119d65e36bb3ce0f0,2024-03-27T15:49:41.437000
 CVE-2024-26652,0,0,ccc590b218f45c6bb9fa7fed88041733bb926c9879d519c1ffc1f038a0a8e977,2024-03-27T15:49:41.437000
+CVE-2024-26653,1,1,e5d955108aa6606d5f423b1eee098fe0abe9581467daa9581ba06493cd5c249a,2024-04-01T09:15:51.010000
+CVE-2024-26654,1,1,00ce544232f99029ac0a688ab0a43f455e72f4bb3887d4faca16286f8f075c69,2024-04-01T09:15:51.063000
 CVE-2024-2668,0,0,d8e22e7bb795e8f8d48dc1ea67b8b3706e737c441fdb6e3cdf26dd6015682f9f,2024-03-21T02:52:41.070000
 CVE-2024-2669,0,0,4f5a2d5969b59448109cf022193bd2b7c88dc7ffa7ca03caa723fb0f374642a3,2024-03-21T02:52:41.157000
 CVE-2024-2670,0,0,51102bd696ec0a80433e00190a81242d0892d06afe5affb13dd51bd0c370ce65,2024-03-21T02:52:41.253000