diff --git a/CVE-2021/CVE-2021-472xx/CVE-2021-47253.json b/CVE-2021/CVE-2021-472xx/CVE-2021-47253.json index 97950e5bccb..7b12cb14a09 100644 --- a/CVE-2021/CVE-2021-472xx/CVE-2021-47253.json +++ b/CVE-2021/CVE-2021-472xx/CVE-2021-47253.json @@ -2,8 +2,8 @@ "id": "CVE-2021-47253", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-21T15:15:14.160", - "lastModified": "2024-11-21T06:35:43.807", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-30T18:59:10.807", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,129 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: corrige una posible p\u00e9rdida de memoria en DMUB hw_init [Por qu\u00e9] Al reanudar ejecutamos DMUB hw_init que asigna memoria: dm_resume->dm_dmub_hw_init->dc_dmub_srv_create->kzalloc Eso resulta en p\u00e9rdida de memoria en escenarios de suspensi\u00f3n/reanudaci\u00f3n. [C\u00f3mo] Asigne memoria para el contenedor DC a DMUB solo si no se asign\u00f3 antes. No es necesario reasignarlo al suspender/reanudar." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.10.45", + "matchCriteriaId": "F3B07383-4728-46BB-ACFD-99788C336A01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.12.12", + "matchCriteriaId": "958321CA-952B-461A-A590-F4096CB20E02" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*", + "matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*", + "matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*", + "matchCriteriaId": "DA610E30-717C-4700-9F77-A3C9244F3BFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*", + "matchCriteriaId": "1ECD33F5-85BE-430B-8F86-8D7BD560311D" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/9e8c2af010463197315fa54a6c17e74988b5259c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/aa000f828e60ac15d6340f606ec4a673966f5b0b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c5699e2d863f58221044efdc3fa712dd32d55cde", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9e8c2af010463197315fa54a6c17e74988b5259c", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/aa000f828e60ac15d6340f606ec4a673966f5b0b", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c5699e2d863f58221044efdc3fa712dd32d55cde", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10903.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10903.json index 352a36ae943..a9e24b651af 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10903.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10903.json @@ -2,7 +2,7 @@ "id": "CVE-2024-10903", "sourceIdentifier": "contact@wpscan.com", "published": "2024-12-26T06:15:05.397", - "lastModified": "2024-12-26T06:15:05.397", + "lastModified": "2024-12-30T18:15:06.253", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,11 +15,38 @@ "value": "El complemento Broken Link Checker WordPress anterior a 2.4.2 no valida las URL de los enlaces antes de realizarles una solicitud, lo que podr\u00eda permitir a los usuarios administradores realizar ataques SSRF, por ejemplo, en una instalaci\u00f3n multisitio." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ] + }, "references": [ { "url": "https://wpscan.com/vulnerability/39027390-ce01-4dd5-a979-426785aa7acb/", "source": "contact@wpscan.com" + }, + { + "url": "https://wpscan.com/vulnerability/39027390-ce01-4dd5-a979-426785aa7acb/", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11223.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11223.json index 965436257eb..c4eef40b6f7 100644 --- a/CVE-2024/CVE-2024-112xx/CVE-2024-11223.json +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11223.json @@ -2,7 +2,7 @@ "id": "CVE-2024-11223", "sourceIdentifier": "contact@wpscan.com", "published": "2024-12-26T06:15:05.617", - "lastModified": "2024-12-26T06:15:05.617", + "lastModified": "2024-12-30T18:15:08.090", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,11 +15,38 @@ "value": "El complemento WPForms de WordPress anterior a 1.9.2.3 no desinfecta ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ] + }, "references": [ { "url": "https://wpscan.com/vulnerability/82989909-9745-4c9a-abc7-c1adf8c2b047/", "source": "contact@wpscan.com" + }, + { + "url": "https://wpscan.com/vulnerability/82989909-9745-4c9a-abc7-c1adf8c2b047/", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12754.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12754.json new file mode 100644 index 00000000000..9450884f231 --- /dev/null +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12754.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-12754", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-12-30T17:15:07.127", + "lastModified": "2024-12-30T17:15:07.127", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the handling of background images. By creating a junction, an attacker can abuse the service to read arbitrary files. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-23940." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-59" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1711/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12828.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12828.json new file mode 100644 index 00000000000..cf2d2f994e6 --- /dev/null +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12828.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12828", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-12-30T17:15:07.717", + "lastModified": "2024-12-30T17:15:07.717", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. \n\nThe specific flaw exists within the handling of CGI requests. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22346." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/webmin/authentic-theme/commit/61e5b10227b50407e3c6ac494ffbd4385d1b59df", + "source": "zdi-disclosures@trendmicro.com" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1725/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12834.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12834.json new file mode 100644 index 00000000000..78c9ab69057 --- /dev/null +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12834.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-12834", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-12-30T17:15:07.857", + "lastModified": "2024-12-30T17:15:07.857", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of STP files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22414." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1722/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12835.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12835.json new file mode 100644 index 00000000000..c807455a03e --- /dev/null +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12835.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-12835", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-12-30T17:15:08.000", + "lastModified": "2024-12-30T17:15:08.000", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of ICS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22415." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1723/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12836.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12836.json new file mode 100644 index 00000000000..74167807a27 --- /dev/null +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12836.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-12836", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-12-30T17:15:08.137", + "lastModified": "2024-12-30T17:15:08.137", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of STP files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22450." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1724/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-130xx/CVE-2024-13021.json b/CVE-2024/CVE-2024-130xx/CVE-2024-13021.json index b996375b661..1bf1f75e842 100644 --- a/CVE-2024/CVE-2024-130xx/CVE-2024-13021.json +++ b/CVE-2024/CVE-2024-130xx/CVE-2024-13021.json @@ -2,7 +2,7 @@ "id": "CVE-2024-13021", "sourceIdentifier": "cna@vuldb.com", "published": "2024-12-29T20:15:05.043", - "lastModified": "2024-12-29T20:15:05.043", + "lastModified": "2024-12-30T18:15:08.877", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -107,7 +107,7 @@ "weaknesses": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -140,6 +140,10 @@ { "url": "https://www.sourcecodester.com/", "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/shaturo1337/POCs/blob/main/Stored%20XSS%20Vulnerability%20in%20Road%20Accident%20Map%20Marker.md", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-130xx/CVE-2024-13025.json b/CVE-2024/CVE-2024-130xx/CVE-2024-13025.json index 6d06053cd47..361ecd57f53 100644 --- a/CVE-2024/CVE-2024-130xx/CVE-2024-13025.json +++ b/CVE-2024/CVE-2024-130xx/CVE-2024-13025.json @@ -2,7 +2,7 @@ "id": "CVE-2024-13025", "sourceIdentifier": "cna@vuldb.com", "published": "2024-12-29T23:15:05.460", - "lastModified": "2024-12-29T23:15:05.460", + "lastModified": "2024-12-30T18:15:09.273", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -107,7 +107,7 @@ "weaknesses": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -136,6 +136,10 @@ { "url": "https://vuldb.com/?submit.471108", "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/shaturo1337/POCs/blob/main/SQL%20Injection%20in%20College%20Management%20System.md", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-130xx/CVE-2024-13038.json b/CVE-2024/CVE-2024-130xx/CVE-2024-13038.json index f9ce789cc01..f5a7b6af44e 100644 --- a/CVE-2024/CVE-2024-130xx/CVE-2024-13038.json +++ b/CVE-2024/CVE-2024-130xx/CVE-2024-13038.json @@ -2,7 +2,7 @@ "id": "CVE-2024-13038", "sourceIdentifier": "cna@vuldb.com", "published": "2024-12-30T04:15:05.387", - "lastModified": "2024-12-30T04:15:05.387", + "lastModified": "2024-12-30T17:15:08.473", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -107,7 +107,7 @@ "weaknesses": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -140,6 +140,10 @@ { "url": "https://vuldb.com/?submit.471675", "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/shaturo1337/POCs/blob/main/Blind%20SQL%20Injection%20in%20Simple%20Loan%20Management%20System.md", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-130xx/CVE-2024-13039.json b/CVE-2024/CVE-2024-130xx/CVE-2024-13039.json index 89965971625..452d46deda4 100644 --- a/CVE-2024/CVE-2024-130xx/CVE-2024-13039.json +++ b/CVE-2024/CVE-2024-130xx/CVE-2024-13039.json @@ -2,7 +2,7 @@ "id": "CVE-2024-13039", "sourceIdentifier": "cna@vuldb.com", "published": "2024-12-30T05:15:06.170", - "lastModified": "2024-12-30T05:15:06.170", + "lastModified": "2024-12-30T17:15:08.597", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -107,7 +107,7 @@ "weaknesses": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -140,6 +140,10 @@ { "url": "https://vuldb.com/?submit.471644", "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/Curious-L/-/issues/1", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-358xx/CVE-2024-35846.json b/CVE-2024/CVE-2024-358xx/CVE-2024-35846.json index 984ae051335..0778a99b961 100644 --- a/CVE-2024/CVE-2024-358xx/CVE-2024-35846.json +++ b/CVE-2024/CVE-2024-358xx/CVE-2024-35846.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35846", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-17T15:15:21.547", - "lastModified": "2024-11-21T09:21:02.143", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-30T17:39:04.807", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,114 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mm: zswap: corrige el bloqueo NULL del reductor con cgroup_disable=memory. Christian informa una deref NULL en zswap que dividi\u00f3 en dos hasta el reductor zswap. El problema tambi\u00e9n surgi\u00f3 en los rastreadores de errores de libguestfs [1] y Red Hat bugzilla [2]. El problema es que cuando memcg est\u00e1 deshabilitado con el indicador de tiempo de arranque, es posible que se llame al reductor zswap con sc->memcg == NULL. Esto est\u00e1 bien en muchos lugares, como en las operaciones de lruvec. Pero fallo en memcg_page_state(), que para empezar solo se usa debido a la contabilidad sin nodos de la memoria zswap de cgroup. Nhat detect\u00f3 que memcg puede ser NULL en el caso de que memcg est\u00e9 deshabilitado y luego tambi\u00e9n pude reproducir el fallo localmente. [1] https://github.com/libguestfs/libguestfs/issues/139 [2] https://bugzilla.redhat.com/show_bug.cgi?id=2275252" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.8", + "versionEndExcluding": "6.8.9", + "matchCriteriaId": "64BA8CD4-9CCF-4BC8-BF79-90FF62BA0FAA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", + "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", + "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*", + "matchCriteriaId": "52048DDA-FC5A-4363-95A0-A6357B4D7F8C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*", + "matchCriteriaId": "A06B2CCF-3F43-4FA9-8773-C83C3F5764B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*", + "matchCriteriaId": "F850DCEC-E08B-4317-A33B-D2DCF39F601B" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/682886ec69d22363819a83ddddd5d66cb5c791e1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b0fdabc908a7f81d12382c87ca9e46a9c2e14042", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/682886ec69d22363819a83ddddd5d66cb5c791e1", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b0fdabc908a7f81d12382c87ca9e46a9c2e14042", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-358xx/CVE-2024-35847.json b/CVE-2024/CVE-2024-358xx/CVE-2024-35847.json index a71f7df5314..d83decae23e 100644 --- a/CVE-2024/CVE-2024-358xx/CVE-2024-35847.json +++ b/CVE-2024/CVE-2024-358xx/CVE-2024-35847.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35847", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-17T15:15:21.620", - "lastModified": "2024-11-21T09:21:02.257", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-30T17:41:16.633", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,79 +15,269 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: irqchip/gic-v3-its: Evitar el double free en caso de error. La ruta de manejo de errores en its_vpe_irq_domain_alloc() provoca un double free cuando its_vpe_init() falla despu\u00e9s de asignar exitosamente al menos una interrupci\u00f3n. Esto sucede porque its_vpe_irq_domain_free() libera las interrupciones junto con el mapa de bits del \u00e1rea y la vprop_page y its_vpe_irq_domain_alloc() posteriormente libera nuevamente el mapa de bits del \u00e1rea y la vprop_page. Solucione este problema invocando incondicionalmente its_vpe_irq_domain_free() que maneja todos los casos correctamente y eliminando el mapa de bits/vprop_page que se libera de its_vpe_irq_domain_alloc()." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-415" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.14", + "versionEndExcluding": "4.19.313", + "matchCriteriaId": "CE409D27-D8FA-4B60-97C2-F08F2F83E6EF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.275", + "matchCriteriaId": "5FF6D8DE-C559-4586-86C8-2C6B4420A2C2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.216", + "matchCriteriaId": "A44ABF89-F1BD-4C9A-895D-7596650DCD27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.158", + "matchCriteriaId": "65D80EF6-76AF-4186-B680-55516EA42EED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.90", + "matchCriteriaId": "59CEDDCF-5C0D-4939-9CFE-2F4524892DD3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.30", + "matchCriteriaId": "84046DAF-73CF-429D-9BA4-05B658B377B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.8.9", + "matchCriteriaId": "5F9041E5-8358-4EF7-8F98-B812EDE49612" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", + "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", + "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*", + "matchCriteriaId": "52048DDA-FC5A-4363-95A0-A6357B4D7F8C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*", + "matchCriteriaId": "A06B2CCF-3F43-4FA9-8773-C83C3F5764B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*", + "matchCriteriaId": "F850DCEC-E08B-4317-A33B-D2DCF39F601B" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/03170e657f62c26834172742492a8cb8077ef792", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5b012f77abde89bf0be8a0547636184fea618137", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5dbdbe1133911ca7d8466bb86885adec32ad9438", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/aa44d21574751a7d6bca892eb8e0e9ac68372e52", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b72d2b1448b682844f995e660b77f2a1fabc1662", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c26591afd33adce296c022e3480dea4282b7ef91", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/dd681710ab77c8beafe2e263064cb1bd0e2d6ca9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f5417ff561b8ac9a7e53c747b8627a7ab58378ae", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/03170e657f62c26834172742492a8cb8077ef792", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5b012f77abde89bf0be8a0547636184fea618137", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5dbdbe1133911ca7d8466bb86885adec32ad9438", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/aa44d21574751a7d6bca892eb8e0e9ac68372e52", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b72d2b1448b682844f995e660b77f2a1fabc1662", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c26591afd33adce296c022e3480dea4282b7ef91", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/dd681710ab77c8beafe2e263064cb1bd0e2d6ca9", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f5417ff561b8ac9a7e53c747b8627a7ab58378ae", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-358xx/CVE-2024-35850.json b/CVE-2024/CVE-2024-358xx/CVE-2024-35850.json index 1e17ca11871..a75ab0e1806 100644 --- a/CVE-2024/CVE-2024-358xx/CVE-2024-35850.json +++ b/CVE-2024/CVE-2024-358xx/CVE-2024-35850.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35850", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-17T15:15:21.860", - "lastModified": "2024-11-21T09:21:02.670", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-30T17:42:02.767", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,135 @@ "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: Bluetooth: qca: corrige NULL-deref en configuraci\u00f3n sin serdev. Los controladores Qualcomm ROME se pueden registrar desde la disciplina de l\u00ednea Bluetooth y en este caso el puntero HCI UART serdev es NULL. Agregue la verificaci\u00f3n de sanidad que falta para evitar una desreferencia del puntero NULL cuando se llama a setup() para un controlador que no es serdev." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.30", + "matchCriteriaId": "84046DAF-73CF-429D-9BA4-05B658B377B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.8.9", + "matchCriteriaId": "5F9041E5-8358-4EF7-8F98-B812EDE49612" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", + "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", + "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*", + "matchCriteriaId": "52048DDA-FC5A-4363-95A0-A6357B4D7F8C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*", + "matchCriteriaId": "A06B2CCF-3F43-4FA9-8773-C83C3F5764B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*", + "matchCriteriaId": "F850DCEC-E08B-4317-A33B-D2DCF39F601B" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/67459f1a707aae6d590454de07956c2752e21ea4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7ddb9de6af0f1c71147785b12fd7c8ec3f06cc86", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bec4d4c6fa5c6526409f582e4f31144e20c86c21", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/67459f1a707aae6d590454de07956c2752e21ea4", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7ddb9de6af0f1c71147785b12fd7c8ec3f06cc86", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bec4d4c6fa5c6526409f582e4f31144e20c86c21", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-358xx/CVE-2024-35851.json b/CVE-2024/CVE-2024-358xx/CVE-2024-35851.json index b53be603bab..a0eee6d17a6 100644 --- a/CVE-2024/CVE-2024-358xx/CVE-2024-35851.json +++ b/CVE-2024/CVE-2024-358xx/CVE-2024-35851.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35851", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-17T15:15:21.963", - "lastModified": "2024-11-21T09:21:02.783", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-30T18:10:36.050", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,47 +15,177 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: qca: corrige NULL-deref en suspensi\u00f3n sin serdev. Los controladores Qualcomm ROME se pueden registrar desde la disciplina de l\u00ednea Bluetooth y en este caso el puntero HCI UART serdev es NULL. Agregue la verificaci\u00f3n de sanidad que falta para evitar una desreferencia del puntero NULL cuando se llama a wakeup() para un controlador que no es serdev durante la suspensi\u00f3n. Simplemente devuelva verdadero por ahora para restaurar el comportamiento original y solucionar el problema con los kernels anteriores a 6.2, que no tienen la confirmaci\u00f3n e9b3e5b8c657 (\"Bluetooth: hci_qca: solo asigna activaci\u00f3n con soporte de puerto serie\") que causa que el problema ya ocurra en el tiempo de configuraci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.13", + "versionEndExcluding": "5.15.158", + "matchCriteriaId": "455B5CF7-CA2E-4D45-87B0-103A28996A45" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.90", + "matchCriteriaId": "59CEDDCF-5C0D-4939-9CFE-2F4524892DD3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.30", + "matchCriteriaId": "84046DAF-73CF-429D-9BA4-05B658B377B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.8.9", + "matchCriteriaId": "5F9041E5-8358-4EF7-8F98-B812EDE49612" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", + "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", + "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*", + "matchCriteriaId": "52048DDA-FC5A-4363-95A0-A6357B4D7F8C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*", + "matchCriteriaId": "A06B2CCF-3F43-4FA9-8773-C83C3F5764B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*", + "matchCriteriaId": "F850DCEC-E08B-4317-A33B-D2DCF39F601B" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/52f9041deaca3fc5c40ef3b9cb943993ec7d2489", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6b47cdeb786c38e4174319218db3fa6d7b4bba88", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/73e87c0a49fda31d7b589edccf4c72e924411371", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b64092d2f108f0cd1d7fd7e176f5fb2a67a2f189", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e60502b907be350c518819297b565007a94c706d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/52f9041deaca3fc5c40ef3b9cb943993ec7d2489", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6b47cdeb786c38e4174319218db3fa6d7b4bba88", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/73e87c0a49fda31d7b589edccf4c72e924411371", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b64092d2f108f0cd1d7fd7e176f5fb2a67a2f189", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e60502b907be350c518819297b565007a94c706d", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-358xx/CVE-2024-35852.json b/CVE-2024/CVE-2024-358xx/CVE-2024-35852.json index db40c64c648..b9fb3d52f89 100644 --- a/CVE-2024/CVE-2024-358xx/CVE-2024-35852.json +++ b/CVE-2024/CVE-2024-358xx/CVE-2024-35852.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35852", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-17T15:15:22.073", - "lastModified": "2024-11-21T09:21:02.917", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-30T18:11:22.623", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,67 +15,226 @@ "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: mlxsw: espectro_acl_tcam: Corrige p\u00e9rdida de memoria al cancelar trabajo de rehash El trabajo retrasado de rehash se reprograma con retraso si el n\u00famero de cr\u00e9ditos al final del trabajo no es negativo como supuestamente significa que la migraci\u00f3n termin\u00f3. En caso contrario, se reprograma inmediatamente. Despu\u00e9s de \"mlxsw: espectro_acl_tcam: Corregir posible use after free durante la repetici\u00f3n\", lo anterior ya no es exacto ya que una cantidad no negativa de cr\u00e9ditos ya no es indicativo de la migraci\u00f3n que se est\u00e1 realizando. Tambi\u00e9n puede suceder si el trabajo encontr\u00f3 un error, en cuyo caso la migraci\u00f3n se reanudar\u00e1 la pr\u00f3xima vez que se programe el trabajo. La importancia de lo anterior es que es posible que el trabajo est\u00e9 pendiente y asociado con sugerencias que se asignaron cuando comenz\u00f3 la migraci\u00f3n. Esto lleva a que se filtren sugerencias [1] cuando el trabajo se cancela mientras est\u00e1 pendiente como parte del desmantelamiento de la regi\u00f3n ACL. Se soluciona liberando las sugerencias si las sugerencias est\u00e1n asociadas con un trabajo que se cancel\u00f3 mientras estaba pendiente. Culpe al compromiso original, ya que la dependencia de no tener un trabajo pendiente asociado con sugerencias es fr\u00e1gil. [1] objeto sin referencia 0xffff88810e7c3000 (tama\u00f1o 256): comm \"kworker/0:16\", pid 176, jiffies 4295460353 volcado hexadecimal (primeros 32 bytes): 00 30 95 11 81 88 ff ff 61 00 00 00 00 00 80 . 0......a....... 00 00 61 00 40 00 00 00 00 00 00 00 04 00 00 00 ..a.@........... retroceso (crc 2544ddb9): [<00000000cf8cfab3>] kmalloc_trace+0x23f/0x2a0 [<000000004d9a1ad9>] objagg_hints_get+0x42/0x390 [<000000000b143cf3>] 0xca/0x400 [<0000000059bdb60a>] mlxsw_sp_acl_tcam_vregion_rehash_work+0x868/0x1160 [<00000000e81fd734>] proceso_one_work+ 0x59c/0xf20 [<00000000ceee9e81>] work_thread+0x799/0x12c0 [<00000000bda6fe39>] kthread+0x246/0x300 [<0000000070056d23>] ret_from_fork+0x34/0x70 [<0000 0000dea2b93e>] ret_from_fork_asm+0x1a/0x30" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.1", + "versionEndExcluding": "5.4.275", + "matchCriteriaId": "3F22F46B-3154-4E42-87AC-3DC5B9D9EA1C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.216", + "matchCriteriaId": "A44ABF89-F1BD-4C9A-895D-7596650DCD27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.158", + "matchCriteriaId": "65D80EF6-76AF-4186-B680-55516EA42EED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.90", + "matchCriteriaId": "59CEDDCF-5C0D-4939-9CFE-2F4524892DD3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.30", + "matchCriteriaId": "84046DAF-73CF-429D-9BA4-05B658B377B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.8.9", + "matchCriteriaId": "5F9041E5-8358-4EF7-8F98-B812EDE49612" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", + "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", + "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*", + "matchCriteriaId": "52048DDA-FC5A-4363-95A0-A6357B4D7F8C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*", + "matchCriteriaId": "A06B2CCF-3F43-4FA9-8773-C83C3F5764B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*", + "matchCriteriaId": "F850DCEC-E08B-4317-A33B-D2DCF39F601B" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/51cefc9da400b953fee749c9e5d26cd4a2b5d758", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5bfe7bf9656ed2633718388f12b7c38b86414a04", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/63d814d93c5cce4c18284adc810028f28dca493f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/857ed800133ffcfcee28582090b63b0cbb8ba59d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d72dd6fcd7886d0523afbab8b4a4b22d17addd7d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/de1aaefa75be9d0ec19c9a3e0e2f9696de20c6ab", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/fb4e2b70a7194b209fc7320bbf33b375f7114bd5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/51cefc9da400b953fee749c9e5d26cd4a2b5d758", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5bfe7bf9656ed2633718388f12b7c38b86414a04", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/63d814d93c5cce4c18284adc810028f28dca493f", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/857ed800133ffcfcee28582090b63b0cbb8ba59d", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d72dd6fcd7886d0523afbab8b4a4b22d17addd7d", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/de1aaefa75be9d0ec19c9a3e0e2f9696de20c6ab", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/fb4e2b70a7194b209fc7320bbf33b375f7114bd5", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-358xx/CVE-2024-35855.json b/CVE-2024/CVE-2024-358xx/CVE-2024-35855.json index b8c3473ea8d..33d38e2e710 100644 --- a/CVE-2024/CVE-2024-358xx/CVE-2024-35855.json +++ b/CVE-2024/CVE-2024-358xx/CVE-2024-35855.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35855", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-17T15:15:22.677", - "lastModified": "2024-11-21T09:21:03.530", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-30T18:11:57.997", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,67 +15,226 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mlxsw: spectrum_acl_tcam: corrige posible use after free durante la actualizaci\u00f3n de la actividad. El trabajo retrasado de la actualizaci\u00f3n de la actividad de la regla recorre peri\u00f3dicamente la lista de reglas configuradas y consulta su actividad desde el dispositivo. Como parte de esta tarea, accede a la entrada se\u00f1alada por 'ventry->entry', pero esta entrada puede cambiarse simult\u00e1neamente mediante el trabajo retrasado del rehash, lo que lleva a un use after free [1]. Para solucionarlo, cierre la ejecuci\u00f3n y realice la consulta de actividad en el mutex 'vregion->lock'. [1] ERROR: KASAN: slab-use-after-free en mlxsw_sp_acl_tcam_flower_rule_activity_get+0x121/0x140 Lectura del tama\u00f1o 8 en la direcci\u00f3n ffff8881054ed808 por tarea kworker/0:18/181 CPU: 0 PID: 181 Comm: kworker/0:18 Not tainted 6.9.0-rc2-custom-00781-gd5ab772d32f7 #2 Nombre del hardware: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 06/01/2019 Cola de trabajo: mlxsw_core mlxsw_sp_acl_rule_activity_update_work Seguimiento de llamadas: dump_stack_lvl+0xc 6/0x120 print_report+0xce /0x670 kasan_report+0xd7/0x110 mlxsw_sp_acl_tcam_flower_rule_activity_get+0x121/0x140 mlxsw_sp_acl_rule_activity_update_work+0x219/0x400 Process_one_work+0x8eb/0x19b0 worker_thread+0x6c9/0xf70 0x2c9/0x3b0 ret_from_fork+0x4d/0x80 ret_from_fork_asm+0x1a/0x30 Asignado por tarea 1039 : kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x8f/0xa0 __kmalloc+0x19c/0x360 mlxsw_sp_acl_tcam_entry_create+0x7b/0x1f0 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x 30d/0xb50 mlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300 process_one_work+0x8eb/0x19b0 worker_thread+0x6c9/0xf70 kthread+0x2c9/ 0x3b0 ret_from_fork+0x4d/0x80 ret_from_fork_asm+0x1a/0x30 Liberado por la tarea 1039: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 170 __kasan_slab_free+0x14/0x30 kfree+0xc1/0x290 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x3d7/ 0xb50 mlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300 process_one_work+0x8eb/0x19b0 worker_thread+0x6c9/0xf70 kthread+0x2c9/0x3b0 ret_from_fork+0x4d/0x80 ret_from_fork_asm+0x1a/0x 30" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.1", + "versionEndExcluding": "5.4.275", + "matchCriteriaId": "3F22F46B-3154-4E42-87AC-3DC5B9D9EA1C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.216", + "matchCriteriaId": "A44ABF89-F1BD-4C9A-895D-7596650DCD27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.158", + "matchCriteriaId": "65D80EF6-76AF-4186-B680-55516EA42EED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.90", + "matchCriteriaId": "59CEDDCF-5C0D-4939-9CFE-2F4524892DD3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.30", + "matchCriteriaId": "84046DAF-73CF-429D-9BA4-05B658B377B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.8.9", + "matchCriteriaId": "5F9041E5-8358-4EF7-8F98-B812EDE49612" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", + "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", + "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*", + "matchCriteriaId": "52048DDA-FC5A-4363-95A0-A6357B4D7F8C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*", + "matchCriteriaId": "A06B2CCF-3F43-4FA9-8773-C83C3F5764B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*", + "matchCriteriaId": "F850DCEC-E08B-4317-A33B-D2DCF39F601B" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/1b73f6e4ea770410a937a8db98f77e52594d23a0", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/79b5b4b18bc85b19d3a518483f9abbbe6d7b3ba4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b183b915beef818a25e3154d719ca015a1ae0770", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b996e8699da810e4c915841d6aaef761007f933a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c17976b42d546ee118ca300db559630ee96fb758", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e24d2487424779c02760ff50cd9021b8676e19ef", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/feabdac2057e863d0e140a2adf3d232eb4882db4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1b73f6e4ea770410a937a8db98f77e52594d23a0", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/79b5b4b18bc85b19d3a518483f9abbbe6d7b3ba4", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b183b915beef818a25e3154d719ca015a1ae0770", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b996e8699da810e4c915841d6aaef761007f933a", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c17976b42d546ee118ca300db559630ee96fb758", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e24d2487424779c02760ff50cd9021b8676e19ef", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/feabdac2057e863d0e140a2adf3d232eb4882db4", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-358xx/CVE-2024-35856.json b/CVE-2024/CVE-2024-358xx/CVE-2024-35856.json index 463aba39975..150fa7dcec5 100644 --- a/CVE-2024/CVE-2024-358xx/CVE-2024-35856.json +++ b/CVE-2024/CVE-2024-358xx/CVE-2024-35856.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35856", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-17T15:15:22.900", - "lastModified": "2024-11-21T09:21:03.643", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-30T18:12:11.003", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,135 @@ "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: btusb: mediatek: Correcci\u00f3n double free de skb en coredump hci_devcd_append() liberar\u00eda el skb en caso de error para que la persona que llama no tenga que liberarlo nuevamente, de lo contrario causar\u00eda el doble libre de skb. Reportado por: Dan Carpenter " } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-415" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.6", + "versionEndExcluding": "6.6.30", + "matchCriteriaId": "B4D9BC34-65C4-4ACE-ABEF-1029C09F30B3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.8.9", + "matchCriteriaId": "5F9041E5-8358-4EF7-8F98-B812EDE49612" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", + "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", + "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*", + "matchCriteriaId": "52048DDA-FC5A-4363-95A0-A6357B4D7F8C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*", + "matchCriteriaId": "A06B2CCF-3F43-4FA9-8773-C83C3F5764B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*", + "matchCriteriaId": "F850DCEC-E08B-4317-A33B-D2DCF39F601B" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/18bdb386a1a30e7a3d7732a98e45e69cf6b5710d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/80dfef128cb9f1b1ef67c0fe8c8deb4ea7ad30c1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e20093c741d8da9f6390dd45d75b779861547035", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/18bdb386a1a30e7a3d7732a98e45e69cf6b5710d", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/80dfef128cb9f1b1ef67c0fe8c8deb4ea7ad30c1", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e20093c741d8da9f6390dd45d75b779861547035", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-358xx/CVE-2024-35858.json b/CVE-2024/CVE-2024-358xx/CVE-2024-35858.json index 8abbaf050c2..d1dc768b16a 100644 --- a/CVE-2024/CVE-2024-358xx/CVE-2024-35858.json +++ b/CVE-2024/CVE-2024-358xx/CVE-2024-35858.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35858", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-17T15:15:23.313", - "lastModified": "2024-11-21T09:21:03.940", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-30T18:12:40.047", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,135 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: bcmasp: corrige la p\u00e9rdida de memoria al desactivar la interfaz. Al desactivar los anillos TX, los limpiamos pero nos olvidamos de recuperar los paquetes eliminados. Esto provoca una p\u00e9rdida de memoria ya que no liberamos los b\u00fafers asignados por dma. Esto tambi\u00e9n conduce a la corrupci\u00f3n del bloque de control de transmisi\u00f3n al desactivar la interfaz para la administraci\u00f3n de energ\u00eda." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.6", + "versionEndExcluding": "6.6.30", + "matchCriteriaId": "B4D9BC34-65C4-4ACE-ABEF-1029C09F30B3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.8.9", + "matchCriteriaId": "5F9041E5-8358-4EF7-8F98-B812EDE49612" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", + "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", + "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*", + "matchCriteriaId": "52048DDA-FC5A-4363-95A0-A6357B4D7F8C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*", + "matchCriteriaId": "A06B2CCF-3F43-4FA9-8773-C83C3F5764B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*", + "matchCriteriaId": "F850DCEC-E08B-4317-A33B-D2DCF39F601B" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/09040baf8779ad880e0e0d0ea10e57aa929ef3ab", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2389ad1990163d29cba5480d693b4c2e31cc545c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9f898fc2c31fbf0ac5ecd289f528a716464cb005", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/09040baf8779ad880e0e0d0ea10e57aa929ef3ab", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2389ad1990163d29cba5480d693b4c2e31cc545c", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9f898fc2c31fbf0ac5ecd289f528a716464cb005", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-358xx/CVE-2024-35866.json b/CVE-2024/CVE-2024-358xx/CVE-2024-35866.json index 2882e3ccaa5..389b55766d7 100644 --- a/CVE-2024/CVE-2024-358xx/CVE-2024-35866.json +++ b/CVE-2024/CVE-2024-358xx/CVE-2024-35866.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35866", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-19T09:15:08.123", - "lastModified": "2024-11-21T09:21:05.010", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-30T17:35:00.177", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,119 @@ "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: corrige UAF potencial en cifs_dump_full_key() Omita las sesiones que se est\u00e1n eliminando (estado == SES_EXITING) para evitar UAF." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.6.26", + "matchCriteriaId": "FCC3C07F-B627-4030-9143-1DA48BBDB64D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.8.5", + "matchCriteriaId": "DBD6C99E-4250-4DFE-8447-FF2075939D10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", + "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", + "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/10e17ca4000ec34737bde002a13435c38ace2682", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3103163ccd3be4adcfa37e15608fb497be044113", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/58acd1f497162e7d282077f816faa519487be045", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/10e17ca4000ec34737bde002a13435c38ace2682", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3103163ccd3be4adcfa37e15608fb497be044113", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/58acd1f497162e7d282077f816faa519487be045", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-358xx/CVE-2024-35867.json b/CVE-2024/CVE-2024-358xx/CVE-2024-35867.json index 25b13a2cc9c..9fa8b3c0523 100644 --- a/CVE-2024/CVE-2024-358xx/CVE-2024-35867.json +++ b/CVE-2024/CVE-2024-358xx/CVE-2024-35867.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35867", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-19T09:15:08.197", - "lastModified": "2024-11-21T09:21:05.120", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-30T17:36:49.973", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,51 +15,161 @@ "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: corrige UAF potencial en cifs_stats_proc_show() Omita las sesiones que se est\u00e1n eliminando (estado == SES_EXITING) para evitar UAF." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.1.85", + "matchCriteriaId": "B62CF0EC-6C39-4DAD-A6CC-C31C3277A460" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.26", + "matchCriteriaId": "C520696A-A594-4FFC-A32D-12DA535CE911" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.8.5", + "matchCriteriaId": "DBD6C99E-4250-4DFE-8447-FF2075939D10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", + "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", + "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/0865ffefea197b437ba78b5dd8d8e256253efd65", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/16b7d785775eb03929766819415055e367398f49", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1e12f0d5c66f07c934041621351973a116fa13c7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c3cf8b74c57924c0985e49a1fdf02d3395111f39", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/29/2", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/30/1", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/30/2", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://git.kernel.org/stable/c/0865ffefea197b437ba78b5dd8d8e256253efd65", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/16b7d785775eb03929766819415055e367398f49", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1e12f0d5c66f07c934041621351973a116fa13c7", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c3cf8b74c57924c0985e49a1fdf02d3395111f39", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-358xx/CVE-2024-35868.json b/CVE-2024/CVE-2024-358xx/CVE-2024-35868.json index 8c5af380d83..d902ab30fde 100644 --- a/CVE-2024/CVE-2024-358xx/CVE-2024-35868.json +++ b/CVE-2024/CVE-2024-358xx/CVE-2024-35868.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35868", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-19T09:15:08.267", - "lastModified": "2024-11-21T09:21:05.247", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-30T17:37:00.887", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,140 @@ "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: corrige UAF potencial en cifs_stats_proc_write() Omita las sesiones que se est\u00e1n eliminando (estado == SES_EXITING) para evitar UAF." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.1.85", + "matchCriteriaId": "B62CF0EC-6C39-4DAD-A6CC-C31C3277A460" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.26", + "matchCriteriaId": "C520696A-A594-4FFC-A32D-12DA535CE911" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.8.5", + "matchCriteriaId": "DBD6C99E-4250-4DFE-8447-FF2075939D10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", + "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", + "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/5b5475ce69f02ecc1b13ea23106e5b89c690429b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8fefd166fcb368c5fcf48238e3f7c8af829e0a72", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cf03020c56d3ed28c4942280957a007b5e9544f7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d3da25c5ac84430f89875ca7485a3828150a7e0a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5b5475ce69f02ecc1b13ea23106e5b89c690429b", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8fefd166fcb368c5fcf48238e3f7c8af829e0a72", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cf03020c56d3ed28c4942280957a007b5e9544f7", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d3da25c5ac84430f89875ca7485a3828150a7e0a", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-358xx/CVE-2024-35874.json b/CVE-2024/CVE-2024-358xx/CVE-2024-35874.json index dce2a3ba4fe..1e08014670a 100644 --- a/CVE-2024/CVE-2024-358xx/CVE-2024-35874.json +++ b/CVE-2024/CVE-2024-358xx/CVE-2024-35874.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35874", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-19T09:15:08.767", - "lastModified": "2024-11-21T09:21:06.160", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-30T17:37:18.307", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,99 @@ "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: aio: corrige el ptr deref null en aio_complete() wakeup list_del_init_careful() debe ser el \u00faltimo acceso a la entrada de la cola de espera; efectivamente desbloquea el acceso. Anteriormente, Finish_wait() ve\u00eda el encabezado de la lista vac\u00eda y omit\u00eda tomar el bloqueo, y luego regresabamos, pero la ruta de finalizaci\u00f3n a\u00fan intentar\u00eda realizar la reactivaci\u00f3n despu\u00e9s de que se hubiera sobrescrito el puntero task_struct." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.8", + "versionEndExcluding": "6.8.5", + "matchCriteriaId": "7733C2C9-77AB-41F9-BE33-99FF60A64DBB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", + "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", + "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/9678bcc6234d83759fe091c197f5017a32b468da", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/caeb4b0a11b3393e43f7fa8e0a5a18462acc66bd", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9678bcc6234d83759fe091c197f5017a32b468da", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/caeb4b0a11b3393e43f7fa8e0a5a18462acc66bd", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-358xx/CVE-2024-35891.json b/CVE-2024/CVE-2024-358xx/CVE-2024-35891.json index 87c8a932ec7..b7ed43a31a7 100644 --- a/CVE-2024/CVE-2024-358xx/CVE-2024-35891.json +++ b/CVE-2024/CVE-2024-358xx/CVE-2024-35891.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35891", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-19T09:15:10.157", - "lastModified": "2024-11-21T09:21:08.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-30T17:07:18.617", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,141 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: phy: micrel: corrige una posible desreferencia del puntero null en lan8814_get_sig_rx() y lan8814_get_sig_tx() ptp_parse_header() puede devolver NULL como ptp_header debido a un tipo de paquete anormal o a un paquete da\u00f1ado. Corrija este error agregando ptp_header check. Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con SVACE." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.18", + "versionEndExcluding": "6.1.85", + "matchCriteriaId": "960181B5-7D91-47C6-A39C-7713DBE982AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.26", + "matchCriteriaId": "C520696A-A594-4FFC-A32D-12DA535CE911" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.8.5", + "matchCriteriaId": "DBD6C99E-4250-4DFE-8447-FF2075939D10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", + "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", + "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/10608161696c2768f53426642f78a42bcaaa53e8", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/49767b0df276f12e3e7184601e09ee7430e252dc", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/95c1016a2d92c4c28a9d1b6d09859c00b19c0ea4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/96c155943a703f0655c0c4cab540f67055960e91", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/10608161696c2768f53426642f78a42bcaaa53e8", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/49767b0df276f12e3e7184601e09ee7430e252dc", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/95c1016a2d92c4c28a9d1b6d09859c00b19c0ea4", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/96c155943a703f0655c0c4cab540f67055960e91", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-358xx/CVE-2024-35894.json b/CVE-2024/CVE-2024-358xx/CVE-2024-35894.json index 6841cb50c57..cdbb9ceb210 100644 --- a/CVE-2024/CVE-2024-358xx/CVE-2024-35894.json +++ b/CVE-2024/CVE-2024-358xx/CVE-2024-35894.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35894", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-19T09:15:10.397", - "lastModified": "2024-11-21T09:21:08.797", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-30T17:09:05.570", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,27 +15,106 @@ "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: mptcp: impide que BPF acceda a lowat desde un socket de subflujo. Alexei inform\u00f3 el siguiente s\u00edmbolo: ADVERTENCIA: CPU: 32 PID: 3276 en net/mptcp/subflow.c:1430 subflow_data_ready+0x147/0x1c0 M\u00f3dulos vinculados en: ficticio bpf_testmod(O) [\u00faltima descarga: bpf_test_no_cfi(O)] CPU: 32 PID: 3276 Comunicaciones: test_progs Contaminado: GO 6.8.0-12873-g2c43c33bfd23 Seguimiento de llamadas: mptcp_set_rcvlowat+0x79/0x1d0 sk_setsockopt+0x6c0/0x1540 __bpf_setsockopt+0x6f/0x90 ock_ops_setsockopt+0x3c/0x90 bpf_prog_509ce5db2c7f9981_bpf_test_sockopt_int+0xb4/0x11b bpf_prog_dce07e362d941d2b_bpf_test_socket_sockopt+0x12b /0x132 bpf_prog_348c9b5faaf10092_skops_sockopt+0x954/0xe86 __cgroup_bpf_run_filter_sock_ops+0xbc/0x250 tcp_connect+0x879/0x1160 tcp_v6_connect+0x50c/0x870 x129/0x280 __inet_stream_connect+0xce/0x370 inet_stream_connect+0x36/0x50 bpf_trampoline_6442491565+0x49/0xef inet_stream_connect+0x5/0x50 __sys_connect+0x63 /0x90 __x64_sys_connect+0x14/0x20 La causa principal del problema es que bpf permite acceder a proto_ops de nivel mptcp desde un alcance de subflujo tcp. Solucione el problema al detectar la llamada problem\u00e1tica y evitar cualquier acci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.8.5", + "matchCriteriaId": "DBD6C99E-4250-4DFE-8447-FF2075939D10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", + "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", + "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/3ffb1ab698376f09cc33101c07c1be229389fe29", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ee3c845787b621cfe82c2e52c513024a9d7a78f5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/fcf4692fa39e86a590c14a4af2de704e1d20a3b5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3ffb1ab698376f09cc33101c07c1be229389fe29", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/fcf4692fa39e86a590c14a4af2de704e1d20a3b5", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-358xx/CVE-2024-35895.json b/CVE-2024/CVE-2024-358xx/CVE-2024-35895.json index 0a63d83fc9f..028a353de52 100644 --- a/CVE-2024/CVE-2024-358xx/CVE-2024-35895.json +++ b/CVE-2024/CVE-2024-358xx/CVE-2024-35895.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35895", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-19T09:15:10.477", - "lastModified": "2024-12-27T13:15:19.797", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-30T17:12:29.817", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,67 +15,226 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf, sockmap: Evitar el punto muerto de inversi\u00f3n de bloqueo en la eliminaci\u00f3n del mapa elem syzkaller comenz\u00f3 a usar corpus donde un programa de seguimiento BPF elimina elementos de un mapa sockmap/sockhash. Debido a que los programas de seguimiento BPF se pueden invocar desde cualquier contexto de interrupci\u00f3n, los bloqueos realizados durante una operaci\u00f3n map_delete_elem deben ser seguros. De lo contrario, es posible que se produzca un punto muerto debido a la inversi\u00f3n del bloqueo, como lo informa lockdep: CPU0 CPU1 ---- ---- lock(&htab->buckets[i].lock); local_irq_disable(); bloquear(&host->bloquear); lock(&htab->cubos[i].lock); bloqueo(&host->bloqueo); Los bloqueos en sockmap son dif\u00edciles de inseguro por dise\u00f1o. Esperamos que los elementos se eliminen de sockmap/sockhash solo en el contexto de la tarea (normal) con las interrupciones habilitadas o en el contexto de softirq. Detecta cu\u00e1ndo se invoca la operaci\u00f3n map_delete_elem desde un contexto que _no_ es hardirq-inseguro, es decir, las interrupciones est\u00e1n deshabilitadas y sale con un error. Tenga en cuenta que las actualizaciones de mapas no se ven afectadas por este problema. El verificador de BPF no permite actualizar sockmap/sockhash desde un programa de seguimiento de BPF en la actualidad." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-667" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.274", + "matchCriteriaId": "F45A0F3C-C16D-49C4-86D6-D021C3D4B834" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.215", + "matchCriteriaId": "9CD5894E-58E9-4B4A-B0F4-3E6BC134B8F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.154", + "matchCriteriaId": "577E212E-7E95-4A71-9B5C-F1D1A3AFFF46" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.85", + "matchCriteriaId": "325665BF-2409-49D9-B391-39AD4566FDBD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.26", + "matchCriteriaId": "C520696A-A594-4FFC-A32D-12DA535CE911" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.8.5", + "matchCriteriaId": "DBD6C99E-4250-4DFE-8447-FF2075939D10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", + "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", + "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/668b3074aa14829e2ac2759799537a93b60fef86", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6af057ccdd8e7619960aca1f0428339f213b31cd", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a44770fed86515eedb5a7c00b787f847ebb134a5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d1e73fb19a4c872d7a399ad3c66e8ca30e0875ec", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/dd54b48db0c822ae7b520bc80751f0a0a173ef75", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f7990498b05ac41f7d6a190dc0418ef1d21bf058", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ff91059932401894e6c86341915615c5eb0eca48", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/668b3074aa14829e2ac2759799537a93b60fef86", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6af057ccdd8e7619960aca1f0428339f213b31cd", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a44770fed86515eedb5a7c00b787f847ebb134a5", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d1e73fb19a4c872d7a399ad3c66e8ca30e0875ec", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/dd54b48db0c822ae7b520bc80751f0a0a173ef75", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f7990498b05ac41f7d6a190dc0418ef1d21bf058", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ff91059932401894e6c86341915615c5eb0eca48", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-358xx/CVE-2024-35896.json b/CVE-2024/CVE-2024-358xx/CVE-2024-35896.json index 860108734af..704fa3d9f61 100644 --- a/CVE-2024/CVE-2024-358xx/CVE-2024-35896.json +++ b/CVE-2024/CVE-2024-358xx/CVE-2024-35896.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35896", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-19T09:15:10.557", - "lastModified": "2024-11-21T09:21:09.050", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-12-30T17:35:35.940", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,59 +15,205 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: netfilter: validar la entrada del usuario para la longitud esperada. Recib\u00ed varios informes de syzbot que muestran errores antiguos expuestos por BPF despu\u00e9s de la confirmaci\u00f3n 20f2505fb436 (\"bpf: intente evitar kzalloc en cgroup/{s,g} etsockopt\") setsockopt() El argumento @optlen debe tenerse en cuenta antes de copiar datos. ERROR: KASAN: losa fuera de l\u00edmites en copy_from_sockptr_offset include/linux/sockptr.h:49 [en l\u00ednea] ERROR: KASAN: losa fuera de l\u00edmites en copy_from_sockptr include/linux/sockptr.h:55 [en l\u00ednea] ERROR: KASAN: losa fuera de los l\u00edmites en do_replace net/ipv4/netfilter/ip_tables.c:1111 [en l\u00ednea] ERROR: KASAN: losa fuera de los l\u00edmites en do_ipt_set_ctl+0x902/0x3dd0 net/ipv4/netfilter/ ip_tables.c:1627 Lectura del tama\u00f1o 96 en la direcci\u00f3n ffff88802cd73da0 mediante la tarea syz-executor.4/7238 CPU: 1 PID: 7238 Comm: syz-executor.4 No contaminado 6.9.0-rc2-next-20240403-syzkaller #0 Hardware nombre: Google Google Compute Engine/Google Compute Engine, BIOS Google 27/03/2024 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_address_description mm/ kasan/report.c:377 [en l\u00ednea] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 kasan_check_range+0x282/0x290 mm/kasan/generic.c :189 __asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105 copy_from_sockptr_offset include/linux/sockptr.h:49 [en l\u00ednea] copy_from_sockptr include/linux/sockptr.h:55 [en l\u00ednea] do_replace net/ipv4/netfilter/ip_tables .c:1111 [en l\u00ednea] do_ipt_set_ctl+0x902/0x3dd0 net/ipv4/netfilter/ip_tables.c:1627 nf_setsockopt+0x295/0x2c0 net/netfilter/nf_sockopt.c:101 do_sock_setsockopt+0x3af/0x720 net/socket.c:2 311 __sys_setsockopt +0x1ae/0x250 net/socket.c:2334 __do_sys_setsockopt net/socket.c:2343 [en l\u00ednea] __se_sys_setsockopt net/socket.c:2340 [en l\u00ednea] __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340 +0xfb/0x240 Entry_SYSCALL_64_after_hwframe+0x72/0x7a RIP: 0033:0x7fd22067dde9 C\u00f3digo: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fd21f9ff0c8 EFLAGS: 00000246 ORIG_RAX: 00000000000 00036 RAX: ffffffffffffffda RBX: 00007fd2207abf80 RCX: 00007fd22067dde9 RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00007fd2206ca47a R08: 0000000000000001 R09: 0000000000000000 R10: 0000000020000880 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007fd2207abf80 R15: 00007ffd2d0170d8 Asignado por la tarea 7238: kasan_save_stack mm/kasan/common. c:47 [en l\u00ednea] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:370 [en l\u00ednea] __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387 kasan_kmalloc include/ linux/kasan.h: 211 [en l\u00ednea] __do_kmalloc_node mm/slub.c: 4069 [inline] __kmalloc_noprof+0x200/0x410 mm/slub.c: 4082 kmalloc_noproof include/linux/slab.h: 664 [inline] __cgraGrempf_filup 47/ 0x1050 kernel/bpf/cgroup.c:1869 do_sock_setsockopt+0x6b4/0x720 net/socket.c:2293 __sys_setsockopt+0x1ae/0x250 net/socket.c:2334 __do_sys_setsockopt net/socket.c:2343 __se_sys _setsockopt net/socket. c:2340 [en l\u00ednea] __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340 do_syscall_64+0xfb/0x240 Entry_SYSCALL_64_after_hwframe+0x72/0x7a La direcci\u00f3n con errores pertenece al objeto en ffff88802cd73da0 que pertenece al cach\u00e9 kmalloc-8 de talla 8 el cochecito La direcci\u00f3n se encuentra a 0 bytes dentro de la regi\u00f3n asignada de 1 byte [ffff88802cd73da0, ffff88802cd73da1) La direcci\u00f3n con errores pertenece a la p\u00e1gina f\u00edsica: p\u00e1gina: refcount:1 mapcount:0 mapeo:00000000000000000 index:0xffff88802cd73020 pfn:0x2cd73 flags: 0xfff8000000 0000(nodo=0 |zone=1|lastcpupid=0xfff) tipo de p\u00e1gina: 0xfffffff(slab) raw: 00fff80000000000 ffff888015041280 dead000000000100 dead000000000122 raw: ffff88802cd73020 000000008080007f 00000001ffffefff 00" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.6.12", + "versionEndExcluding": "5.10.215", + "matchCriteriaId": "002799BC-F3A0-4FEA-8CE5-91A6FA0D1A6B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.154", + "matchCriteriaId": "577E212E-7E95-4A71-9B5C-F1D1A3AFFF46" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.85", + "matchCriteriaId": "325665BF-2409-49D9-B391-39AD4566FDBD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.26", + "matchCriteriaId": "C520696A-A594-4FFC-A32D-12DA535CE911" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.8.5", + "matchCriteriaId": "DBD6C99E-4250-4DFE-8447-FF2075939D10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", + "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", + "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/0c83842df40f86e529db6842231154772c20edcc", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0f038242b77ddfc505bf4163d4904c1abd2e74d6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/18aae2cb87e5faa9c5bd865260ceadac60d5a6c5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/440e948cf0eff32cfe322dcbca3f2525354b159b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/58f2bfb789e6bd3bc24a2c9c1580f3c67aec3018", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/81d51b9b7c95e791ba3c1a2dd77920a9d3b3f525", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0c83842df40f86e529db6842231154772c20edcc", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0f038242b77ddfc505bf4163d4904c1abd2e74d6", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/18aae2cb87e5faa9c5bd865260ceadac60d5a6c5", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/440e948cf0eff32cfe322dcbca3f2525354b159b", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/58f2bfb789e6bd3bc24a2c9c1580f3c67aec3018", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/81d51b9b7c95e791ba3c1a2dd77920a9d3b3f525", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46542.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46542.json new file mode 100644 index 00000000000..08a867c8b49 --- /dev/null +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46542.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-46542", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-30T18:15:09.557", + "lastModified": "2024-12-30T18:15:09.557", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Veritas / Arctera Data Insight before 7.1.1 allows Application Administrators to conduct SQL injection attacks." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.veritas.com/support/en_US/security/ARC24-001", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-522xx/CVE-2024-52294.json b/CVE-2024/CVE-2024-522xx/CVE-2024-52294.json new file mode 100644 index 00000000000..e4c1c57bb80 --- /dev/null +++ b/CVE-2024/CVE-2024-522xx/CVE-2024-52294.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-52294", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-30T17:15:09.467", + "lastModified": "2024-12-30T17:15:09.467", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Khoj is a self-hostable artificial intelligence app. Prior to version 1.29.10, an Insecure Direct Object Reference (IDOR) vulnerability in the update_subscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions by simply modifying the email parameter in the request. The vulnerability exists in the subscription endpoint at `/api/subscription`. The endpoint uses an email parameter as a direct reference to user subscriptions without verifying object ownership. While authentication is required, there is no authorization check to verify if the authenticated user owns the referenced subscription. The issue was fixed in version 1.29.10. Support for arbitrarily presenting an email for update has been deprecated." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/khoj-ai/khoj/commit/47d3c8c23597900af708bdc60aced3ae5d2064c1", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-hq4h-w933-jm6c", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-hq4h-w933-jm6c", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-565xx/CVE-2024-56516.json b/CVE-2024/CVE-2024-565xx/CVE-2024-56516.json new file mode 100644 index 00000000000..9d051eeb157 --- /dev/null +++ b/CVE-2024/CVE-2024-565xx/CVE-2024-56516.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2024-56516", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-30T17:15:09.687", + "lastModified": "2024-12-30T17:15:09.687", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API format. In versions up to and including 1.0.1, MD5 is used to hash passwords before sending them to the backend. MD5 is a cryptographically broken hashing algorithm and is no longer considered secure for password storage or transmission. It is vulnerable to collision attacks and can be easily cracked using modern hardware, exposing user credentials to potential compromise. As of time of publication, a replacement for MD5 has not been committed to the free-one-api GitHub repository." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-328" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/RockChinQ/free-one-api/blob/4d6ee42ffbb224b95be32c26cabc28d54d01bf78/web/src/main.js#L15", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/RockChinQ/free-one-api/security/advisories/GHSA-36cc-58vm-wm4h", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-565xx/CVE-2024-56517.json b/CVE-2024/CVE-2024-565xx/CVE-2024-56517.json new file mode 100644 index 00000000000..74fdb50aabd --- /dev/null +++ b/CVE-2024/CVE-2024-565xx/CVE-2024-56517.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-56517", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-30T17:15:09.840", + "lastModified": "2024-12-30T17:15:09.840", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "LGSL (Live Game Server List) provides online status lists for online video games. Versions up to and including 6.2.1 contain a reflected cross-site scripting vulnerability in the `Referer` HTTP header. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the HTML response without proper sanitization. When crafted malicious input is provided in the `Referer` header, it is echoed back into an HTML attribute in the application\u2019s response. Commit 7ecb839df9358d21f64cdbff5b2536af25a77de1 contains a patch for the issue." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/tltneon/lgsl/blob/master/lgsl_files/lgsl_list.php#L20-L24", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/tltneon/lgsl/commit/7ecb839df9358d21f64cdbff5b2536af25a77de1", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/tltneon/lgsl/security/advisories/GHSA-ggwq-xc72-33r3", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-567xx/CVE-2024-56733.json b/CVE-2024/CVE-2024-567xx/CVE-2024-56733.json new file mode 100644 index 00000000000..27483394d3c --- /dev/null +++ b/CVE-2024/CVE-2024-567xx/CVE-2024-56733.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56733", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-30T17:15:09.990", + "lastModified": "2024-12-30T17:15:09.990", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token is replaced and invalidated upon logout, if an attacker manages to capture the session cookie before this process, they can use the token to gain unauthorized access to the user's session until the token expires or is manually cleared. This vulnerability hinges on the attacker's ability to access the session cookie during an active session, either through a man-in-the-middle attack, by exploiting another vulnerability like XSS, or via direct access to the victim's device. Although there is no direct resolution to this vulnerability, it is recommended to always use the latest version of Password Pusher to best mitigate risk. If self-hosting, ensure Password Pusher is hosted exclusively over SSL connections to encrypt traffic and prevent session cookies from being intercepted in transit. Additionally, implement best practices in local security to safeguard user systems, browsers, and data against unauthorized access." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.5, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-384" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/pglombardo/PasswordPusher/security/advisories/GHSA-4fwj-m62q-pp47", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-567xx/CVE-2024-56734.json b/CVE-2024/CVE-2024-567xx/CVE-2024-56734.json new file mode 100644 index 00000000000..15a0d4802d4 --- /dev/null +++ b/CVE-2024/CVE-2024-567xx/CVE-2024-56734.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2024-56734", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-12-30T17:15:10.133", + "lastModified": "2024-12-30T17:15:10.133", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Better Auth is an authentication library for TypeScript. An open redirect vulnerability has been identified in the verify email endpoint of all versions of Better Auth prior to v1.1.6, potentially allowing attackers to redirect users to malicious websites. This issue affects users relying on email verification links generated by the library. The verify email callback endpoint accepts a `callbackURL` parameter. Unlike other verification methods, email verification only uses JWT to verify and redirect without proper validation of the target domain. The origin checker is bypassed in this scenario because it only checks for `POST` requests. An attacker can manipulate this parameter to redirect users to arbitrary URLs controlled by the attacker. Version 1.1.6 contains a patch for the issue." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.9, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "HIGH", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/better-auth/better-auth/commit/deb3d73aea90d0468d92723f4511542b593e522f", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/better-auth/better-auth/security/advisories/GHSA-8jhw-6pjj-8723", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 053a0f9d336..b6409b2ad24 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-30T17:00:22.637383+00:00 +2024-12-30T19:00:27.598572+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-30T16:15:11.920000+00:00 +2024-12-30T18:59:10.807000+00:00 ``` ### Last Data Feed Release @@ -33,33 +33,53 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -275172 +275183 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `11` -- [CVE-2024-50701](CVE-2024/CVE-2024-507xx/CVE-2024-50701.json) (`2024-12-30T15:15:10.430`) -- [CVE-2024-50702](CVE-2024/CVE-2024-507xx/CVE-2024-50702.json) (`2024-12-30T15:15:10.567`) -- [CVE-2024-50703](CVE-2024/CVE-2024-507xx/CVE-2024-50703.json) (`2024-12-30T15:15:10.693`) +- [CVE-2024-12754](CVE-2024/CVE-2024-127xx/CVE-2024-12754.json) (`2024-12-30T17:15:07.127`) +- [CVE-2024-12828](CVE-2024/CVE-2024-128xx/CVE-2024-12828.json) (`2024-12-30T17:15:07.717`) +- [CVE-2024-12834](CVE-2024/CVE-2024-128xx/CVE-2024-12834.json) (`2024-12-30T17:15:07.857`) +- [CVE-2024-12835](CVE-2024/CVE-2024-128xx/CVE-2024-12835.json) (`2024-12-30T17:15:08.000`) +- [CVE-2024-12836](CVE-2024/CVE-2024-128xx/CVE-2024-12836.json) (`2024-12-30T17:15:08.137`) +- [CVE-2024-46542](CVE-2024/CVE-2024-465xx/CVE-2024-46542.json) (`2024-12-30T18:15:09.557`) +- [CVE-2024-52294](CVE-2024/CVE-2024-522xx/CVE-2024-52294.json) (`2024-12-30T17:15:09.467`) +- [CVE-2024-56516](CVE-2024/CVE-2024-565xx/CVE-2024-56516.json) (`2024-12-30T17:15:09.687`) +- [CVE-2024-56517](CVE-2024/CVE-2024-565xx/CVE-2024-56517.json) (`2024-12-30T17:15:09.840`) +- [CVE-2024-56733](CVE-2024/CVE-2024-567xx/CVE-2024-56733.json) (`2024-12-30T17:15:09.990`) +- [CVE-2024-56734](CVE-2024/CVE-2024-567xx/CVE-2024-56734.json) (`2024-12-30T17:15:10.133`) ### CVEs modified in the last Commit -Recently modified CVEs: `11` +Recently modified CVEs: `23` -- [CVE-2022-31640](CVE-2022/CVE-2022-316xx/CVE-2022-31640.json) (`2024-12-30T16:15:06.100`) -- [CVE-2022-31641](CVE-2022/CVE-2022-316xx/CVE-2022-31641.json) (`2024-12-30T16:15:08.253`) -- [CVE-2022-31642](CVE-2022/CVE-2022-316xx/CVE-2022-31642.json) (`2024-12-30T16:15:08.893`) -- [CVE-2022-31644](CVE-2022/CVE-2022-316xx/CVE-2022-31644.json) (`2024-12-30T16:15:09.530`) -- [CVE-2022-31645](CVE-2022/CVE-2022-316xx/CVE-2022-31645.json) (`2024-12-30T16:15:10.130`) -- [CVE-2022-31646](CVE-2022/CVE-2022-316xx/CVE-2022-31646.json) (`2024-12-30T15:15:06.637`) -- [CVE-2023-35149](CVE-2023/CVE-2023-351xx/CVE-2023-35149.json) (`2024-12-30T16:15:11.097`) -- [CVE-2024-12967](CVE-2024/CVE-2024-129xx/CVE-2024-12967.json) (`2024-12-30T15:15:08.143`) -- [CVE-2024-12986](CVE-2024/CVE-2024-129xx/CVE-2024-12986.json) (`2024-12-30T15:15:08.390`) -- [CVE-2024-35862](CVE-2024/CVE-2024-358xx/CVE-2024-35862.json) (`2024-12-30T15:00:09.317`) -- [CVE-2024-56522](CVE-2024/CVE-2024-565xx/CVE-2024-56522.json) (`2024-12-30T16:15:11.920`) +- [CVE-2021-47253](CVE-2021/CVE-2021-472xx/CVE-2021-47253.json) (`2024-12-30T18:59:10.807`) +- [CVE-2024-10903](CVE-2024/CVE-2024-109xx/CVE-2024-10903.json) (`2024-12-30T18:15:06.253`) +- [CVE-2024-11223](CVE-2024/CVE-2024-112xx/CVE-2024-11223.json) (`2024-12-30T18:15:08.090`) +- [CVE-2024-13021](CVE-2024/CVE-2024-130xx/CVE-2024-13021.json) (`2024-12-30T18:15:08.877`) +- [CVE-2024-13025](CVE-2024/CVE-2024-130xx/CVE-2024-13025.json) (`2024-12-30T18:15:09.273`) +- [CVE-2024-13038](CVE-2024/CVE-2024-130xx/CVE-2024-13038.json) (`2024-12-30T17:15:08.473`) +- [CVE-2024-13039](CVE-2024/CVE-2024-130xx/CVE-2024-13039.json) (`2024-12-30T17:15:08.597`) +- [CVE-2024-35846](CVE-2024/CVE-2024-358xx/CVE-2024-35846.json) (`2024-12-30T17:39:04.807`) +- [CVE-2024-35847](CVE-2024/CVE-2024-358xx/CVE-2024-35847.json) (`2024-12-30T17:41:16.633`) +- [CVE-2024-35850](CVE-2024/CVE-2024-358xx/CVE-2024-35850.json) (`2024-12-30T17:42:02.767`) +- [CVE-2024-35851](CVE-2024/CVE-2024-358xx/CVE-2024-35851.json) (`2024-12-30T18:10:36.050`) +- [CVE-2024-35852](CVE-2024/CVE-2024-358xx/CVE-2024-35852.json) (`2024-12-30T18:11:22.623`) +- [CVE-2024-35855](CVE-2024/CVE-2024-358xx/CVE-2024-35855.json) (`2024-12-30T18:11:57.997`) +- [CVE-2024-35856](CVE-2024/CVE-2024-358xx/CVE-2024-35856.json) (`2024-12-30T18:12:11.003`) +- [CVE-2024-35858](CVE-2024/CVE-2024-358xx/CVE-2024-35858.json) (`2024-12-30T18:12:40.047`) +- [CVE-2024-35866](CVE-2024/CVE-2024-358xx/CVE-2024-35866.json) (`2024-12-30T17:35:00.177`) +- [CVE-2024-35867](CVE-2024/CVE-2024-358xx/CVE-2024-35867.json) (`2024-12-30T17:36:49.973`) +- [CVE-2024-35868](CVE-2024/CVE-2024-358xx/CVE-2024-35868.json) (`2024-12-30T17:37:00.887`) +- [CVE-2024-35874](CVE-2024/CVE-2024-358xx/CVE-2024-35874.json) (`2024-12-30T17:37:18.307`) +- [CVE-2024-35891](CVE-2024/CVE-2024-358xx/CVE-2024-35891.json) (`2024-12-30T17:07:18.617`) +- [CVE-2024-35894](CVE-2024/CVE-2024-358xx/CVE-2024-35894.json) (`2024-12-30T17:09:05.570`) +- [CVE-2024-35895](CVE-2024/CVE-2024-358xx/CVE-2024-35895.json) (`2024-12-30T17:12:29.817`) +- [CVE-2024-35896](CVE-2024/CVE-2024-358xx/CVE-2024-35896.json) (`2024-12-30T17:35:35.940`) ## Download and Usage diff --git a/_state.csv b/_state.csv index e9e70e32205..ef7bfa20d98 100644 --- a/_state.csv +++ b/_state.csv @@ -187440,7 +187440,7 @@ CVE-2021-47249,0,0,f9a6bc9ecd2b8dc9b5687638b894d4bbdef04fe768174b0c3d7f5556528f9 CVE-2021-47250,0,0,f676c191f733fd3ce6e94fa46c8f09423009bcad69975a226187b0c200458b72,2024-11-21T06:35:43.443000 CVE-2021-47251,0,0,910383b3bb8c00e34855fcda8c3ec1d6bd52252a19036ebff555cedb288a9861,2024-11-21T06:35:43.570000 CVE-2021-47252,0,0,8f2ae53195e1d344dcddbea9cafebc6f137c371b83b1765850464be0bba730c1,2024-11-21T06:35:43.683000 -CVE-2021-47253,0,0,d22a2ab32baa0e0507e7beac8d5549b0a1c9c309c54f58263b3a9314058a8770,2024-11-21T06:35:43.807000 +CVE-2021-47253,0,1,9bc677a4b5d13cd8fd06f4b9374a9aa62a3778e7b12c1d5302b8dc1a583e0856,2024-12-30T18:59:10.807000 CVE-2021-47254,0,0,6fe70480f164ca2acf94053fec55c31f639aaa36f5787b5158dd37649c0ccc4f,2024-11-21T06:35:43.917000 CVE-2021-47255,0,0,ab70f22d16c8786e854f11454b2eea8afe54254c834b2d2bd6063c66081a9479,2024-11-21T06:35:44.037000 CVE-2021-47256,0,0,0f51de379b692c2d0a857a25782e52c1e5499b2d759e9b9b493c9ede6fbb425a,2024-11-21T06:35:44.143000 @@ -199836,13 +199836,13 @@ CVE-2022-31636,0,0,3dde94b5af6733fb77f8357055347d897ee2984f52a5eb2f297bff7574e2b CVE-2022-31637,0,0,7e118aefb900f1b8771bfb03c3f88a05095e573d84c8f798deca45c7a537e9d6,2024-11-21T07:04:55.353000 CVE-2022-31638,0,0,2059d84d26545dd04336453f64b35e323c5ddc67e0fdd01032a49e7d96e0e32b,2024-11-21T07:04:55.950000 CVE-2022-31639,0,0,2db9867db165c9710bd5f24a4058d245249a75be5ab8aab9a798192b24a8bc65,2024-11-21T07:04:56.547000 -CVE-2022-31640,0,1,f11ab96742ffed0fb0a866e562fccf8c44d323795437840f01b1c6fa62caafe8,2024-12-30T16:15:06.100000 -CVE-2022-31641,0,1,19b2fb0e0f951485c4ce9094635fe73b00e4bc17b8e05ad62063edc0869672a9,2024-12-30T16:15:08.253000 -CVE-2022-31642,0,1,bff5cf87808677159fc9a6eb9ac18eb2800300e0308ae0d505b80b1cf22db0b8,2024-12-30T16:15:08.893000 +CVE-2022-31640,0,0,f11ab96742ffed0fb0a866e562fccf8c44d323795437840f01b1c6fa62caafe8,2024-12-30T16:15:06.100000 +CVE-2022-31641,0,0,19b2fb0e0f951485c4ce9094635fe73b00e4bc17b8e05ad62063edc0869672a9,2024-12-30T16:15:08.253000 +CVE-2022-31642,0,0,bff5cf87808677159fc9a6eb9ac18eb2800300e0308ae0d505b80b1cf22db0b8,2024-12-30T16:15:08.893000 CVE-2022-31643,0,0,fa151018684c6953f65551b56a139dc61374f7ada3432debb6b95888226f8cf1,2024-11-21T07:05:00.397000 -CVE-2022-31644,0,1,d2f1b7ae6d968ce9af9272f45757253f626b70e3243e9918d28b589a4ed2702d,2024-12-30T16:15:09.530000 -CVE-2022-31645,0,1,6b86f17d92883acc5c3abbb67b419eb61386e37b9ab3a1471447601d2947bf99,2024-12-30T16:15:10.130000 -CVE-2022-31646,0,1,995785360bc01cd17d07f522fdbaaa941afdaafaa0ddeb6d1e5740ab63223713,2024-12-30T15:15:06.637000 +CVE-2022-31644,0,0,d2f1b7ae6d968ce9af9272f45757253f626b70e3243e9918d28b589a4ed2702d,2024-12-30T16:15:09.530000 +CVE-2022-31645,0,0,6b86f17d92883acc5c3abbb67b419eb61386e37b9ab3a1471447601d2947bf99,2024-12-30T16:15:10.130000 +CVE-2022-31646,0,0,995785360bc01cd17d07f522fdbaaa941afdaafaa0ddeb6d1e5740ab63223713,2024-12-30T15:15:06.637000 CVE-2022-31647,0,0,686a0c7255434abb33926aae8f59dfa7c9274563a0096c9e0644efa512bf620d,2024-11-21T07:05:02.257000 CVE-2022-31648,0,0,344ed376a4cfa12222e8b7aecf75bd89b2d9d6886b929fc17ec8e6e7b5447d92,2024-11-21T07:05:02.450000 CVE-2022-31649,0,0,f63981d3365b98465059d41e02f9513486e43c621f49a87e2c3ed4c211bfcf49,2024-11-21T07:05:02.637000 @@ -227238,7 +227238,7 @@ CVE-2023-35145,0,0,1a86cee39ac4e4407c4314d5b2e1552e4baaf436309a563e839ead9ccfcda CVE-2023-35146,0,0,44a63ad040fd2edfccf8b6f97433b38f373080f85f689126729db827ad535a71,2024-11-21T08:08:01.803000 CVE-2023-35147,0,0,233b4938779d512532f422e30243b34ce634214a9f795e026d2cfb954c4c9d83,2024-11-21T08:08:01.930000 CVE-2023-35148,0,0,f8e216cbe98b2f220d321401798e26f42833a9b49e6fbdce4af0c486619ddf05,2024-11-21T08:08:02.047000 -CVE-2023-35149,0,1,55df5d32cebf1e44be6bb756e411e1e6672b4e82fde779c5a3dcde946aa755db,2024-12-30T16:15:11.097000 +CVE-2023-35149,0,0,55df5d32cebf1e44be6bb756e411e1e6672b4e82fde779c5a3dcde946aa755db,2024-12-30T16:15:11.097000 CVE-2023-3515,0,0,35dd4df8483f4213f98d9836b0fc238555087f3031c5695b66fd64b78ece979b,2024-11-21T08:17:26.130000 CVE-2023-35150,0,0,65b755d7ced4323ca0a24d92979a2dbd96132af8a1df7aaf083274d3763cc197,2024-11-21T08:08:02.300000 CVE-2023-35151,0,0,cedc948a948a15c9fc98f318f978208ed5642808a6da0b0532a1276bd30cb9a7,2024-11-21T08:08:02.453000 @@ -243838,7 +243838,7 @@ CVE-2024-10898,0,0,d9a5fb3426672bd932cc2ebb845531319083e29bf1e7e7f09eeff58772f4f CVE-2024-10899,0,0,3278ed9055fdf20d3bd937513eb10691156bd1e9c65996b252cdb3333f0a4c29,2024-11-26T21:01:21.643000 CVE-2024-1090,0,0,25394912143750ca3ffe33d94e93f357a3dc60f87581aca09b64a7b29ccebdf4,2024-12-27T15:41:41.897000 CVE-2024-10900,0,0,5438023601d5947725ce57a2b51b24b31a697395c49ac1553534945223b38a58,2024-11-29T20:58:31.967000 -CVE-2024-10903,0,0,b048cf9032aa628ec8fdf50d1a6a74ed5579a3ad5e274d3b91c9d9d1aa7bbbd6,2024-12-26T06:15:05.397000 +CVE-2024-10903,0,1,4b83af475b2ee1b428df17dee5389cac414e31e1e9acd0596c2e9a6f9d70e177,2024-12-30T18:15:06.253000 CVE-2024-10905,0,0,98e243c9c6d3626765a0f5bec050b58ca35d0a0d124978428fd582cb710fa7ee,2024-12-06T18:15:22.207000 CVE-2024-10909,0,0,8a3e5be040021a81e0e5e83c9e95ad90e5ace916bf19a03e529e43ec6a7f9976,2024-12-06T10:15:05.107000 CVE-2024-1091,0,0,d045bb00be6b727b8446a1313ae1a5f17faa5a6975f018f9a79f0e7c5bff1bb0,2024-12-27T15:45:27.200000 @@ -244088,7 +244088,7 @@ CVE-2024-11217,0,0,ed759533e03aa35e8c0da432c074a17d944b8c610b5fc002d28480855d6fc CVE-2024-11219,0,0,e0425cf1f1ca40cc6d95ef04e03e17b5776d09d72a88fcf5abbcb2ac00f59570,2024-11-27T06:15:18.110000 CVE-2024-1122,0,0,4a647161edb6d6dbac08921722ee9f0f3f3f764af2a44d6cd56ac17a7d3d92e5,2024-11-21T08:49:50.943000 CVE-2024-11220,0,0,5638e4c56cecb636c7b9e9af730cca60f5085a7f9cf6e6a192a2c97c73abab40,2024-12-06T18:15:22.407000 -CVE-2024-11223,0,0,ab0dbe78cd7ea825dd57a60a07cb329c1c9ff1f4931e44127b31a1df544b27ba,2024-12-26T06:15:05.617000 +CVE-2024-11223,0,1,d75d95a61775726397d8c97460b74fd5ed2ab0335df998c9281fea9bc6ff2b7b,2024-12-30T18:15:08.090000 CVE-2024-11224,0,0,2cdc35f700571377d770dfe6d7a5c097f3055ab07c10acabf750a1174f4e07dd,2024-11-19T21:57:32.967000 CVE-2024-11225,0,0,49e01dccad3ee4a4adc9a23405324c84c815ee3ae2fa63f77a3607812451f386,2024-11-22T06:15:19.283000 CVE-2024-11227,0,0,4429f46befcca636641488313efda0ce9e85d610d1a8222594e7b609e2557ec7,2024-11-23T10:15:04.083000 @@ -245096,6 +245096,7 @@ CVE-2024-12744,0,0,db2cef6174f0f203336fd1a602951ac160bef125d0730a8230a23f49ec8a8 CVE-2024-12745,0,0,d39132eefd07723f30fb227ef12fb8aaf3a83b250d0f3b28d89ab1e076f94541,2024-12-26T15:15:06.527000 CVE-2024-12746,0,0,df5c191123ddac7611e41b52ec167446638f37d1f7bfb5919f7163608ca92308,2024-12-26T15:15:06.650000 CVE-2024-1275,0,0,55e303d499b7cd70146b064f11442ebd0ad45cafbb26b305d69871c04faa255a,2024-11-21T08:50:12.913000 +CVE-2024-12754,1,1,cc49a740b9b02282be04809e0ec9e9f9181e846c2c42209dd24ca5d17558bc72,2024-12-30T17:15:07.127000 CVE-2024-1276,0,0,342e07ea1475f57185158b84be14279572eebbc1b91e4c07c491730599e6701d,2024-11-21T08:50:13.050000 CVE-2024-1277,0,0,fdccc6e1d66b4b759fea691d8a9a7ad4f8cc0afd5b2fb224e654b3bd9de12942,2024-11-21T08:50:13.170000 CVE-2024-12771,0,0,adaa7480d8738512efdcfd2f9f87c67eebbb8482c06b61f78400b2b84e02b742,2024-12-21T07:15:09.997000 @@ -245118,11 +245119,15 @@ CVE-2024-12798,0,0,b22bdeb2b26785654d91d487c4f06e7b2dd400c4d39acc123e4464236a6ce CVE-2024-12801,0,0,b51e57fd4685baecb02f8ee1865a503e8f152614c2fcdb897096f0c66b52c6b2,2024-12-19T17:15:08.930000 CVE-2024-12814,0,0,9d88ed8035fdc2fe3c6fe32e0accb8f4976205d682521fcc6260cfe967c9dc43,2024-12-24T07:15:10.800000 CVE-2024-1282,0,0,e6b07825f0f3597687613e3a6164d0e157f6f527c33c61eb8d90ec07193bdec2,2024-11-21T08:50:13.520000 +CVE-2024-12828,1,1,28c200a13b14baa13804e935d3333b64f6d1e673d0788df4553ec7bcec7ebadb,2024-12-30T17:15:07.717000 CVE-2024-12829,0,0,257aa5df9a65e5a26a5dfff61b975b444549e902804125a56862b419688fda02,2024-12-20T01:15:05.737000 CVE-2024-1283,0,0,b1c9571efecc70819ed9018aef1b79e079809dddea59c76e732d84247ac1db52,2024-11-21T08:50:13.640000 CVE-2024-12830,0,0,d470cb6fc3fe8e8aa0a6c4cc1287ddbc0c157e9dcd1c9d995dc3b5da98b62d5f,2024-12-20T01:15:06.537000 CVE-2024-12831,0,0,ee990a01207fe908765da10e76490fce24db7a9bcc474453114918459a915730,2024-12-20T01:15:06.670000 CVE-2024-12832,0,0,c36c4dbfbed5d52ec77f535bcad057707bcb3f30150d33c83f565d39d6ff7c5f,2024-12-20T01:15:06.793000 +CVE-2024-12834,1,1,42c1eae502d28c98db195f540a9c8f4947fcef6a936ce9383d090aeedf31e01d,2024-12-30T17:15:07.857000 +CVE-2024-12835,1,1,456551b469a3e0837a51a7b87cad89a81e52a63efb0e82cd825df7f15bc00b7a,2024-12-30T17:15:08 +CVE-2024-12836,1,1,947a6526b2f3576c89b08ea6819418230607e057855f6bcd272df393ac987473,2024-12-30T17:15:08.137000 CVE-2024-1284,0,0,2e71db4897104f6683ee75152cd91e2f417b7912ff1c292da5c27be659017dd1,2024-11-21T08:50:13.780000 CVE-2024-12840,0,0,e7528a4b68539dcba75aad0835821b79ed34f43bac74e1052c7303bbe2f9c53b,2024-12-20T16:15:23.417000 CVE-2024-12841,0,0,c738525065181f5fd675eaeda283796811d753e1465fe11eed1df9a607acfd7a,2024-12-20T19:15:06.097000 @@ -245205,7 +245210,7 @@ CVE-2024-12963,0,0,57f82207620016a08e0cb80b0791f36983b5234c758838adbd8c3ad91e56b CVE-2024-12964,0,0,d513e19faa5f3847ffc26f78baf6678142a42a5a46d88fa1ccbe6fd4373f497d,2024-12-27T17:15:07.477000 CVE-2024-12965,0,0,0f5c2540cdb5ac873ce2cfe31073cd5dedecd4e0bfda6d5a77312d614a188bf7,2024-12-27T17:15:07.593000 CVE-2024-12966,0,0,2b9f12982839474c2e9bdcaa35313f34a8e49674ee4c820004a347386206e514,2024-12-27T17:15:07.733000 -CVE-2024-12967,0,1,373940667d19816c3418d961d099af60d3af6231ff28cd91d7af64f003be34e3,2024-12-30T15:15:08.143000 +CVE-2024-12967,0,0,373940667d19816c3418d961d099af60d3af6231ff28cd91d7af64f003be34e3,2024-12-30T15:15:08.143000 CVE-2024-12968,0,0,0365cfa50aed25aedb7b14e0121254d6a1ab1fc0b7f758bc56f083b331d8bb13,2024-12-27T17:15:07.867000 CVE-2024-12969,0,0,11cb52c0f3a8d2b5e3f9f455e34a756b2b5e55ad686d92ced4ed9827b4f944c8,2024-12-27T17:15:07.993000 CVE-2024-1297,0,0,2270a35f58f01dfb2d035ead28d39deb5680170c865c1d2b9c2476f9e60aaf13,2024-11-21T08:50:15.770000 @@ -245220,7 +245225,7 @@ CVE-2024-12982,0,0,893f77442fc90837f9fe8793b451cee087a15ccc8805ad197e0839b6fe5fa CVE-2024-12983,0,0,660e4511105a84d2089d110a972b11b03704d82ea07b70bce67e29a844922ccc,2024-12-27T16:15:23.683000 CVE-2024-12984,0,0,2c297c29fb447d1430461a9ec66143a0de7d14670d4c271bfba67150b1a1dbab,2024-12-27T15:15:11.957000 CVE-2024-12985,0,0,2bdd786ff99684e2940fbb368bbbfcd24bd850484328bf10ddf8e8613423ca24,2024-12-27T16:15:23.807000 -CVE-2024-12986,0,1,9fe6763e6eaae8601cf98cfafc9a1a86fa65061195b84f986c70f384863d74a7,2024-12-30T15:15:08.390000 +CVE-2024-12986,0,0,9fe6763e6eaae8601cf98cfafc9a1a86fa65061195b84f986c70f384863d74a7,2024-12-30T15:15:08.390000 CVE-2024-12987,0,0,c34eb558d4755dfea413aff63fb504ec6d0dd703cae8adfb47244c5b6d7c7934,2024-12-27T21:15:07.510000 CVE-2024-12988,0,0,d49ef682e5362e9795b8ee2b72556738a81fba0241a7492ab219be161b1a2c53,2024-12-27T19:15:08.260000 CVE-2024-12989,0,0,2bcfe5274c1815d529b34a7951b77a117c72887b42dca93dbd01b232b34b8745,2024-12-27T18:15:24.777000 @@ -245253,11 +245258,11 @@ CVE-2024-13018,0,0,083b5e4e2fa86246983f0fd476b84784f9dac25dcba6ed963c92124634ebb CVE-2024-13019,0,0,618d68837dff8847c83ac8da5f6bf61151a37eacb8552c1b36b157fc0963ce39,2024-12-29T19:15:06.097000 CVE-2024-1302,0,0,50e21539c22b43b4db748f33a4680786d0cd3b39c9a7a5fc858bc75c33660782,2024-11-21T08:50:16.467000 CVE-2024-13020,0,0,2916e522cf2b8d14142afa8629cb0d2116b3867d136a09d1c87f4d9b5a62f928,2024-12-29T19:15:07.273000 -CVE-2024-13021,0,0,521ad71af2c0629838bea435a2fcdf80dc49a418cbb2c1adaa365efc2f54aa2c,2024-12-29T20:15:05.043000 +CVE-2024-13021,0,1,db94a67fd5023220dfcd097aa849d00631aaccd25e2ab01bcc8f620ec54fee4a,2024-12-30T18:15:08.877000 CVE-2024-13022,0,0,31946f46234a2f885529fc55fb9df522feaa7112e2244bd255db91f99134c814,2024-12-29T20:15:05.980000 CVE-2024-13023,0,0,a6002ae756a126843e0244f11dec8062c69ff459b14d4771d8dead00e17d6b47,2024-12-29T21:15:06.020000 CVE-2024-13024,0,0,e340e51a3df794ede6df3c6be7e441d083b7ba4e9dc9e86eed36ca28aec27427,2024-12-29T21:15:06.220000 -CVE-2024-13025,0,0,a87750376ff6243f001740c9bce13c9b5fe6fd7c08ed899ff608efcb535952c9,2024-12-29T23:15:05.460000 +CVE-2024-13025,0,1,6867582f47f172a3b53dbcaf1c90af96cf474ce9f490e0420f40da6fbd24221d,2024-12-30T18:15:09.273000 CVE-2024-13028,0,0,9c7c8ebb025b45a51d90b3c21686bdb8a4bd0ad2279542d46cda94901b741f1b,2024-12-29T23:15:06.030000 CVE-2024-13029,0,0,b5072dc5bc09f8cacb09ffc8e511fa77cd763986efcaa6d43b5f9a8ec7809208,2024-12-30T00:15:04.837000 CVE-2024-1303,0,0,922ad92b627c1129d744b1f80cb5c88d28598a22649a8dddf52c9956281bb86f,2024-11-21T08:50:16.593000 @@ -245269,8 +245274,8 @@ CVE-2024-13034,0,0,69cb0d3f29c23b4b7fc920d34536c6278d7de06cd50576381c7ac05e3dd5f CVE-2024-13035,0,0,e1f689ff483053555ac9885351229a7477a3d6f2684d5e5ad5f1d1e5180870f4,2024-12-30T03:15:06.413000 CVE-2024-13036,0,0,cc787097d94873a8d64f651dd3d62e36330079400cb1055ccbea025c43303e77,2024-12-30T03:15:06.580000 CVE-2024-13037,0,0,ad1a2687fd8ca034a4ba7eb450dd7b7cb6ce76af79e47f53a4dcc006981f21de,2024-12-30T04:15:05.200000 -CVE-2024-13038,0,0,cbf9071eca24ba5f5babd558a8179f543c51ae52d32abf3e80b13bda8d856ec3,2024-12-30T04:15:05.387000 -CVE-2024-13039,0,0,b01215443cbf3b546fae19ca4360b2d76399675e646f86704febf42b9d5e60db,2024-12-30T05:15:06.170000 +CVE-2024-13038,0,1,4583c4724ce1695329d04a091cf334038675ae1fc4b89e1e9c52332e7b115d63,2024-12-30T17:15:08.473000 +CVE-2024-13039,0,1,5fcf5529e0f60e939c342e8ff9bcb8e9371ea109f210669df3b0c791fd94ef0a,2024-12-30T17:15:08.597000 CVE-2024-1304,0,0,7f3d377d10786bd7b29e3437adfa1f791151a43db698785def3901d685804d14,2024-11-21T08:50:16.717000 CVE-2024-1305,0,0,61bd2e20ff0aa394ece1e84d5d848dafdcba1e6f1c6375393ac194bd0f52a153,2024-11-21T08:50:16.840000 CVE-2024-1306,0,0,0542247252f536db3d3f5f372f6b06cf8f9322e7de2b3d2f5040c13d3f80547b,2024-11-21T08:50:17.053000 @@ -257868,37 +257873,37 @@ CVE-2024-35842,0,0,21799788b8cabbdbe91ce360d73547600eac3d87cf8b3a9121a26fc502f4f CVE-2024-35843,0,0,cee4d8898f6914b8a5b7084ed783fb99cdcb67df53f69204c30554d92d2abafa,2024-11-21T09:21:01.610000 CVE-2024-35844,0,0,e455f18abaea3dc4d1db31120c214fd99fdb8338e5af324899cc254293b36b90,2024-11-21T09:21:01.800000 CVE-2024-35845,0,0,44b3b895cd6d2bea6a3e16b3eca058f25b779ab6e6011e6d3e2a1d44c3a51b33,2024-11-21T09:21:01.927000 -CVE-2024-35846,0,0,7f282f22638f58964faf6d58ce0ee68af6e0e4beaf7d761a8dd61c057b90f9cd,2024-11-21T09:21:02.143000 -CVE-2024-35847,0,0,e7d1b392d3689dff94d0f98d884b943772ff3187f182b1aa88751e9a94730c7d,2024-11-21T09:21:02.257000 +CVE-2024-35846,0,1,101b63b47715dfcd1937f81d7256a8b1f132c1f3deb04357825f0a420f5f983a,2024-12-30T17:39:04.807000 +CVE-2024-35847,0,1,c19f8b9d9e4e40da285a56f7c18b34eb12c16e10c0279d23a4a26aa6f00f9b02,2024-12-30T17:41:16.633000 CVE-2024-35848,0,0,e9417d782de3122a29e67db81cddb3ed4f28d7595ee031c686c61d6bf64985bc,2024-11-21T09:21:02.400000 CVE-2024-35849,0,0,2f6a4f53ef5872b81302925b1ba7c2122deb0c6f8fdd55122c6692944d083e1b,2024-11-21T09:21:02.527000 CVE-2024-3585,0,0,894aef8c5de424b4c5d49a8c6c0e86b182b8c577f8d117c3cb6bff919e3e5349,2024-11-21T09:29:55.827000 -CVE-2024-35850,0,0,828e1084af82896da504defd8bc2367369f7a0d3d16f9955e5bb0933f7a4ab81,2024-11-21T09:21:02.670000 -CVE-2024-35851,0,0,31431da2aaafef151a3048e9a134c9f3a5f88d52940ac6bcc46f9c6b1faafd79,2024-11-21T09:21:02.783000 -CVE-2024-35852,0,0,ae4ccb6ff55e6132ec36de24d210d265a8701a85806f0beda0196b8a5f07ff76,2024-11-21T09:21:02.917000 +CVE-2024-35850,0,1,12722b1120f71a5eb5d7518257aed463cb126b32302f1674085f355595dc5fd9,2024-12-30T17:42:02.767000 +CVE-2024-35851,0,1,cfaa8771ba8102c5f82be86956f3138ef358159ff5b710b057e85eada5fbb5da,2024-12-30T18:10:36.050000 +CVE-2024-35852,0,1,c173be03d86fa74cfa1d5b5940bc1a7fde8e91c95a66d24ca15faea02b348cb3,2024-12-30T18:11:22.623000 CVE-2024-35853,0,0,cb559653e153f56ec99fbf74401ade5a2e266d653108c3b3983e672957445419,2024-11-21T09:21:03.077000 CVE-2024-35854,0,0,3e7741be6b13224b614012cd2016f3866786b72041d898782a56d23756e44fe8,2024-11-21T09:21:03.313000 -CVE-2024-35855,0,0,7a6faf3fcaecb6b661ac7ec41702f837a2e1537874669c3061dc3c21e26e76dc,2024-11-21T09:21:03.530000 -CVE-2024-35856,0,0,7a750785ddda031f0c2c2133f5be715df274a80681442602c160152b367e46b8,2024-11-21T09:21:03.643000 +CVE-2024-35855,0,1,af6ad0f1f53c67284472bddd127f352a74fa2ced2e6dfece16be9ab2f083d3f3,2024-12-30T18:11:57.997000 +CVE-2024-35856,0,1,e2e6b1d9aa7dbc7ef1fd324e4a35cf2800c22c475926267639c988e223fd2d72,2024-12-30T18:12:11.003000 CVE-2024-35857,0,0,9a8493f8933ae7958584ba04394475c5875746737f5a6103bce569ea317574a6,2024-11-21T09:21:03.753000 -CVE-2024-35858,0,0,835d4c6bf85ca7e777257ca004d86a711bd336e3900f92516acf3e6905a95467,2024-11-21T09:21:03.940000 +CVE-2024-35858,0,1,d92789fb602aeebaae2afc6d75c5ab61d0f2045dcfdcb9aa6facab039d3d87f1,2024-12-30T18:12:40.047000 CVE-2024-35859,0,0,090dc5bf02e7c7d608c72cf966d6235f0f902fd4d32b75455323662e70ffeb00,2024-11-21T09:21:04.043000 CVE-2024-35860,0,0,c5798de33a4d522c0a7519af72aed3025e7d3ee6c474d15bcff6cc1547c4e999,2024-11-21T09:21:04.220000 CVE-2024-35861,0,0,7bda632b0af7fb912c1fc80a6b51e401a9c4f2c781ca02e4240d4b9ba6044d7a,2024-12-30T14:57:32.627000 -CVE-2024-35862,0,1,c3e67a013d1c51ddc061c7d30dc247c7cf7c410ac824d19ddc4ec43799fe8b49,2024-12-30T15:00:09.317000 +CVE-2024-35862,0,0,c3e67a013d1c51ddc061c7d30dc247c7cf7c410ac824d19ddc4ec43799fe8b49,2024-12-30T15:00:09.317000 CVE-2024-35863,0,0,b81c5679910d1847fbf7862e8247b87fbb3204b0718f830872294595c3959792,2024-12-30T14:58:23.177000 CVE-2024-35864,0,0,31226063ea69d29e428d6ad9d6921f8854f38c9e5b1a81fdb73fb251b4513c60,2024-12-30T14:58:03.057000 CVE-2024-35865,0,0,cf6f175d533ee10d6f54c3ebcfdb93d935e02aa77be3f7308461df9f59e1e2eb,2024-11-21T09:21:04.827000 -CVE-2024-35866,0,0,c17b7eb7d18b16ffbff97a229ebf9264a87c8ae22c90d5977022f079fb65a342,2024-11-21T09:21:05.010000 -CVE-2024-35867,0,0,c342e7d3df1be6823e978f1d318831dc21f55a15f922a36a4b4a54348d830895,2024-11-21T09:21:05.120000 -CVE-2024-35868,0,0,2e33ca17a2a10f1b2c66f872b7b0c9878cb3e8e880ae1aab87f41e4f8019bbcb,2024-11-21T09:21:05.247000 +CVE-2024-35866,0,1,abcc613c29138ad93e4484ed4178e50c40819975904876187d18e6849d25e00c,2024-12-30T17:35:00.177000 +CVE-2024-35867,0,1,8e95fb505b7b53669d48ce83b635c337b6e7aff7fd795842c6e2773bdc0f852d,2024-12-30T17:36:49.973000 +CVE-2024-35868,0,1,e8b95ad6bcd307204263d2d8707c5b297bc3637fd97a489fe51ccf8435e7faa9,2024-12-30T17:37:00.887000 CVE-2024-35869,0,0,9e772bd1e5376287508f6583e2db244b20584459ba81d52dde963845ce612bb5,2024-11-21T09:21:05.373000 CVE-2024-3587,0,0,d796127fe00036180574bc0acf0ef97c6e42b5586ad9b2a144bef2e5bc673425,2024-11-21T09:29:55.960000 CVE-2024-35870,0,0,e01caf0034f5c573ded3dc4c9863e56440e0d15b6ca4477633a9ab58bc063bfc,2024-12-19T19:15:06.820000 CVE-2024-35871,0,0,62c73a2b71b01d2d57ed37cbe47d0adce8debd2269edbe6ac03bbceb9a016f1e,2024-11-21T09:21:05.780000 CVE-2024-35872,0,0,f484ec88c2f57c80229210904c6ec0cfee742498945d8a4724f47902ecde9e63,2024-11-21T09:21:05.920000 CVE-2024-35873,0,0,5659988900f7f8a163916c98d92e289e3f0a1be264b1c80106a7972ef9e5fa89,2024-11-21T09:21:06.037000 -CVE-2024-35874,0,0,1272462bf352485f1972e5919c9c70774c89b0fce1fa46b139d0273bb1b95a09,2024-11-21T09:21:06.160000 +CVE-2024-35874,0,1,6a07e6874b5d577b8208e72670a65096d30bbd6262dfde26a08df4cdd46686ee,2024-12-30T17:37:18.307000 CVE-2024-35875,0,0,4fcfb904ece0da9a34e2cf7857e4f24c0ea2ada20782e80c356408630e976ae9,2024-11-21T09:21:06.273000 CVE-2024-35876,0,0,21d4e04307171f23eb20581ae687ed873b8b572985d4124c23ec05853b41f51c,2024-05-23T14:15:09.830000 CVE-2024-35877,0,0,47f91ecb3b8685cd3beea9e61cc4aaa83dbbb710cacf7a3c1584914c9a987a69,2024-11-21T09:21:06.417000 @@ -257916,12 +257921,12 @@ CVE-2024-35887,0,0,2bec1c5bc4c530b3d141e18ebb957d75fe0d25760ef9db20f954509ce0ed4 CVE-2024-35888,0,0,6bf0ec8c17367dc341ce782cd402aac605c61aacc6e47d6a8eda07b899880bc7,2024-11-21T09:21:07.963000 CVE-2024-35889,0,0,3faf32e7c6fe80946cbcf92f7ac750cbb9f8e1ab9e4f1fbf1e83203da8d9952f,2024-11-21T09:21:08.173000 CVE-2024-35890,0,0,b48c0adaf3ad6503b6bc1a56362fe63c2fde4acbc88f69296d9596a816c20388,2024-11-21T09:21:08.290000 -CVE-2024-35891,0,0,793ce9a7581fc1f9655e8a3bbe05ad39139c5e534fa600787c206ef13a85db1a,2024-11-21T09:21:08.410000 +CVE-2024-35891,0,1,885f68d54afe493b940360469ba789a1bf06796f950be8c3e2597b6e4d1c8051,2024-12-30T17:07:18.617000 CVE-2024-35892,0,0,69a045f4582c781dfa4942d8e2e4da93d09d9d5ba8e90e9166c3822ae028e3d9,2024-11-21T09:21:08.533000 CVE-2024-35893,0,0,4a1d265eb79d94b0c1d5d35b602a251fd1d2908be4bb19174906ebb9036b62f0,2024-11-21T09:21:08.660000 -CVE-2024-35894,0,0,e07697653aa4d238ff91c6dd5508d412935ed89d3765995364bfebd17cd5688b,2024-11-21T09:21:08.797000 -CVE-2024-35895,0,0,e26dca18be3d61a22a73f11baae4a23a2f94059dcf5b8b2ea938dd3b22ad5c2f,2024-12-27T13:15:19.797000 -CVE-2024-35896,0,0,ba73434c305e835934f4d1d052fec72c6128b328d43b5c492991e413e8e0288b,2024-11-21T09:21:09.050000 +CVE-2024-35894,0,1,d592ddaff67a21402bfa035a261e094b1a052f83477a4787a2065c63bf3ec895,2024-12-30T17:09:05.570000 +CVE-2024-35895,0,1,c018cf47702f32fa7c01b5f49cfa8a67a520bd4738b435c3a53610d90bd10732,2024-12-30T17:12:29.817000 +CVE-2024-35896,0,1,636f09e80c279bf656f939a3415a57cf0758915fa2b8b8b0ab7d92a2e979e562,2024-12-30T17:35:35.940000 CVE-2024-35897,0,0,0516a56c89d43cf4bf0e00a483ae8808e72493de016922add00ab07985299ae2,2024-11-21T09:21:09.183000 CVE-2024-35898,0,0,2b19af62e4da32f554d6bf40a3b42f6e30dee8f2419aa52b6846f1820743e701,2024-11-21T09:21:09.313000 CVE-2024-35899,0,0,11a2b23cf941f9839b39efc317ac13f10c84ba39dab1cd8d40a7557ebbc83814,2024-11-21T09:21:09.523000 @@ -265377,6 +265382,7 @@ CVE-2024-46538,0,0,36ab03c909d91ed67f1af19450c3d6e48453f6f51660df666d70bd09393db CVE-2024-46539,0,0,ae91e2d70102a1f16abd97afb097daba74795893f1a3d024416684e8f573e136,2024-10-10T12:56:30.817000 CVE-2024-4654,0,0,3ba1a7fb0c9b6d7f54909c48e7df48bad4f328f4a19665a74071d60aed80ba01,2024-11-21T09:43:18.787000 CVE-2024-46540,0,0,5c4d8363d4bde694b44e99e56f90b2898aba08a12423dcef920dec1f4e57f71e,2024-10-04T13:51:25.567000 +CVE-2024-46542,1,1,f7059bcdf3899b66efcf9da1696d9768b721594a66924474a7a79598b2874adf,2024-12-30T18:15:09.557000 CVE-2024-46544,0,0,18fdd73b046b2ee0cd6f9e6a9d70043cfeda335681c354a0d0e609ab48ccce27,2024-11-21T09:38:43.193000 CVE-2024-46547,0,0,86eb89be00821f13d31344ba6fcc2c24d55708d9a9aae2e9fadfe4852acc82dd,2024-12-11T16:15:11.573000 CVE-2024-46548,0,0,ecfe181e9afdc259eed5f8be096dc10a92316fd358c5fa43e082d2e50cbd68ce,2024-10-04T13:51:25.567000 @@ -268447,9 +268453,9 @@ CVE-2024-50672,0,0,a506f4d2b4e62571040ff3dd4b935bbaea397a7aabe2668687c8152c3cc15 CVE-2024-50677,0,0,41d5addef3c1d4fcaf4d23ee7f34aa0575b53eb368f3af05bd4b5c5da2166101,2024-12-06T17:15:10.180000 CVE-2024-5069,0,0,ad719aec2191fa4733004e376bcb495f235c4247fa2915a6912d571066c414e6,2024-11-21T09:46:53.973000 CVE-2024-50699,0,0,b7bfb9ce8d871e66c8bc846d040c669e65be2a2e4a5ca2c2838499d7e02651cc,2024-12-11T16:15:12.720000 -CVE-2024-50701,1,1,8a425dcfc4eae8298f28fabf6b33fe72be02546da5f5ac786e872bfaa5711eae,2024-12-30T16:15:11.387000 -CVE-2024-50702,1,1,2571d2b76c3720865aadb0aca0493774cd9be2477d44e0732f58f6a3463bf26b,2024-12-30T16:15:11.550000 -CVE-2024-50703,1,1,3ca543686c5a223cd6a966e24a4095e2a8fb771b46dd2bf6c556fada9156fae6,2024-12-30T16:15:11.713000 +CVE-2024-50701,0,0,8a425dcfc4eae8298f28fabf6b33fe72be02546da5f5ac786e872bfaa5711eae,2024-12-30T16:15:11.387000 +CVE-2024-50702,0,0,2571d2b76c3720865aadb0aca0493774cd9be2477d44e0732f58f6a3463bf26b,2024-12-30T16:15:11.550000 +CVE-2024-50703,0,0,3ca543686c5a223cd6a966e24a4095e2a8fb771b46dd2bf6c556fada9156fae6,2024-12-30T16:15:11.713000 CVE-2024-5071,0,0,6dfa056d4abe7e6b37a7311009a7ee0087dcbc392285cd9b9ee51e94d1bed9a4,2024-11-21T09:46:54.120000 CVE-2024-50713,0,0,ef6222df7fefcdb4ff0c05dd5195e429baad1ae292e8f58093855db0cd9cdceb,2024-12-27T21:15:07.837000 CVE-2024-50714,0,0,16a84fabc05c17c54dc3f6c81da670e09dd8653b1c5c6f9870ff04492fd544cd,2024-12-28T18:15:08.193000 @@ -269316,6 +269322,7 @@ CVE-2024-5229,0,0,63153433f9d0f04fca69495bce1a183063fdaf2e1bafea11f69a4b454a7347 CVE-2024-52291,0,0,67366554fa12fc5f80ea7a37ab4efbcf755b65176915cc467a885e5d178f478a,2024-11-19T18:06:42.973000 CVE-2024-52292,0,0,98ff7782d74c8a880b21aa3925ef392e3d7f9afb5fb086d700b2918ea0d38572,2024-11-19T18:27:21.567000 CVE-2024-52293,0,0,48995c1833d437873320d2a00d4716843128fee61b180655a95bba4546c3a839,2024-11-19T17:51:39.460000 +CVE-2024-52294,1,1,dae835dc1a3f0b470fc75df7d6a6195197f58544ab8b18be85a4fbb5ed6f9de0,2024-12-30T17:15:09.467000 CVE-2024-52295,0,0,e730c6e09fd9fd9e28e10b0ed526a93e0a22272d88079810e21b865a0086f60a,2024-11-21T15:15:32.900000 CVE-2024-52296,0,0,b562f18595b8ca53024157f705b18f7c73f8b643fe6d08b20dc5b815792285b0,2024-11-13T17:01:58.603000 CVE-2024-52297,0,0,5528a19c9c06652e4abd378b7e62659078889b6d0c1cac57d71cfe9d52fe1e73,2024-11-13T17:01:58.603000 @@ -271257,11 +271264,13 @@ CVE-2024-56509,0,0,9eaeae1f7b8c8e75d17552f014dec0e2f8e3eb274c4a7605543f4a62406c3 CVE-2024-5651,0,0,1b52d2c21baa1eebb0031be2e17eaf5cabf9f1b7ab486745a4d7c4c1e8ed2d60,2024-08-30T14:15:16.820000 CVE-2024-56510,0,0,455df6502629948cebf0de2208b49dba0ad1ef07f23a212f1e45f8c101d4f935,2024-12-26T21:15:06.743000 CVE-2024-56512,0,0,fb4379c8a390a1b759f4166891b605054b948310a82def3157334ebd2bad532f,2024-12-28T17:15:07.967000 +CVE-2024-56516,1,1,e289a49884350d8e97e9919ccb1e372d3094ed3378a92522ef92eda6cf2f092f,2024-12-30T17:15:09.687000 +CVE-2024-56517,1,1,65c6507911433d4cc6f529fa655b3eded381be11e52e2d7cbe5b07f95e44efda,2024-12-30T17:15:09.840000 CVE-2024-56519,0,0,ba6a49ecaaf54f8458a0d69c5d70c7a58a8b2dfa4fff4d4173a1ded6a5dca02f,2024-12-27T05:15:07.677000 CVE-2024-5652,0,0,1dda3b28a95a3027cca32754d8e2a9cb8bd181dca86e7b0a455abcf575817afc,2024-11-21T09:48:05.750000 CVE-2024-56520,0,0,d5cf08096a86ee5091a69d63f922a02ae7d505f736e95f2dafa31155ab9b2521,2024-12-27T05:15:07.837000 CVE-2024-56521,0,0,6c08543a38146e5fc1fde79ac98f99bec226bbcb111f67da05a8800cf78ac8d9,2024-12-27T05:15:07.977000 -CVE-2024-56522,0,1,c0719b044dbc0fcdc0d4eaed012a8c95725e84ecda329fba60f601478e6101fc,2024-12-30T16:15:11.920000 +CVE-2024-56522,0,0,c0719b044dbc0fcdc0d4eaed012a8c95725e84ecda329fba60f601478e6101fc,2024-12-30T16:15:11.920000 CVE-2024-56527,0,0,bc553a98c63c830a826f605f9380ce4cabbc6f74db77f93c30b7ece0efc5737f,2024-12-28T19:15:07.800000 CVE-2024-5653,0,0,6a43b27cee3d2293652e8e6e2ccb4fc0236822263be85c5365c247a4f0b2a7b5,2024-11-21T09:48:05.873000 CVE-2024-56531,0,0,29081dacccdc16bd19c2c0276ad13d26d67c523fb953bef36fddd8fa7ad7aad5,2024-12-27T14:15:32.503000 @@ -271484,6 +271493,8 @@ CVE-2024-56729,0,0,e8d0bcd62c0fa625da9b73039367afc32a9ac21f2bc943be1fd0e28592a75 CVE-2024-5673,0,0,f8b3774ce465f722b68e8727929e95d8d546e4b203a41a4244c7e4dffeee7a73,2024-11-21T09:48:08.057000 CVE-2024-56730,0,0,8c0489a2be6826ac090f4c7143c5a1ce20538326cb249c1bf4efa4ce53c3426d,2024-12-29T12:15:07.130000 CVE-2024-56732,0,0,287b71ca5ec03d5825a19e7eb68f3eaf02e994b222dd83ad368ff3860bd04893,2024-12-28T17:15:08.190000 +CVE-2024-56733,1,1,bb7ab60192d128c5924c9681713573d2d6ee23c38f0427411ab8458f0d80d941,2024-12-30T17:15:09.990000 +CVE-2024-56734,1,1,2497b230c6d0aecf91aef170893b52e8572cbc936227f00c99e840956d0d53ab,2024-12-30T17:15:10.133000 CVE-2024-56737,0,0,c5b53d74a7d8becee9d7686cadbd97c81361cafe48dbaf7f17677fffdb74d569,2024-12-29T07:15:06 CVE-2024-56738,0,0,dbe898f2fe3f1be88a29cc27198d8199547b6c9a324db196d7c00718a50e331e,2024-12-29T07:15:06.183000 CVE-2024-56739,0,0,76854638c5197df86d13e9907fc31b51cb0725dcb6db0a6b52c0c727fdee40a6,2024-12-29T12:15:07.240000