diff --git a/CVE-2021/CVE-2021-286xx/CVE-2021-28656.json b/CVE-2021/CVE-2021-286xx/CVE-2021-28656.json index 6ddd75519b6..e2a04f8fcac 100644 --- a/CVE-2021/CVE-2021-286xx/CVE-2021-28656.json +++ b/CVE-2021/CVE-2021-286xx/CVE-2021-28656.json @@ -2,8 +2,8 @@ "id": "CVE-2021-28656", "sourceIdentifier": "security@apache.org", "published": "2024-04-09T10:15:07.610", - "lastModified": "2024-11-21T06:00:02.420", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-05-05T20:49:50.420", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,22 +51,54 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*", + "versionEndIncluding": "0.9.0", + "matchCriteriaId": "26319B3A-B658-40AE-83DA-62FEDEA6D002" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/04/09/3", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.apache.org/thread/dttzkkv4qyn1rq2fdv1r94otb1osxztc", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/09/3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.apache.org/thread/dttzkkv4qyn1rq2fdv1r94otb1osxztc", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-215xx/CVE-2022-21546.json b/CVE-2022/CVE-2022-215xx/CVE-2022-21546.json index 1c677504794..49a2a61beea 100644 --- a/CVE-2022/CVE-2022-215xx/CVE-2022-21546.json +++ b/CVE-2022/CVE-2022-215xx/CVE-2022-21546.json @@ -2,13 +2,17 @@ "id": "CVE-2022-21546", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-05-02T22:15:15.290", - "lastModified": "2025-05-02T22:15:15.290", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In newer version of the SBC specs, we have a NDOB bit that indicates there is no data buffer that gets written out. If this bit is set using commands like \"sg_write_same --ndob\" we will crash in target_core_iblock/file's execute_write_same handlers when we go to access the se_cmd->t_data_sg because its NULL. CVSS 3.1 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "En versiones m\u00e1s recientes de las especificaciones de SBC, tenemos un bit NDOB que indica que no hay b\u00fafer de datos que se escriba. Si este bit se activa mediante comandos como \"sg_write_same --ndob\", se producir\u00e1 un fallo en los controladores \"execute_write_same\" de target_core_iblock/file al acceder a se_cmd->t_data_sg, ya que es nulo. Puntuaci\u00f3n base de CVSS 3.1: 7.7 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-23xx/CVE-2022-2387.json b/CVE-2022/CVE-2022-23xx/CVE-2022-2387.json index ff87bab28d0..609ad576016 100644 --- a/CVE-2022/CVE-2022-23xx/CVE-2022-2387.json +++ b/CVE-2022/CVE-2022-23xx/CVE-2022-2387.json @@ -2,7 +2,7 @@ "id": "CVE-2022-2387", "sourceIdentifier": "contact@wpscan.com", "published": "2022-11-07T10:15:11.413", - "lastModified": "2025-02-07T19:44:53.660", + "lastModified": "2025-05-05T21:15:45.570", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,13 +36,33 @@ }, "exploitabilityScore": 2.8, "impactScore": 1.4 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 } ] }, "weaknesses": [ { "source": "contact@wpscan.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-27xx/CVE-2022-2711.json b/CVE-2022/CVE-2022-27xx/CVE-2022-2711.json index 0db0881784c..f58f25139a3 100644 --- a/CVE-2022/CVE-2022-27xx/CVE-2022-2711.json +++ b/CVE-2022/CVE-2022-27xx/CVE-2022-2711.json @@ -2,7 +2,7 @@ "id": "CVE-2022-2711", "sourceIdentifier": "contact@wpscan.com", "published": "2022-11-07T10:15:11.480", - "lastModified": "2024-11-21T07:01:33.883", + "lastModified": "2025-05-05T21:15:46.147", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,13 +36,33 @@ }, "exploitabilityScore": 1.2, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 } ] }, "weaknesses": [ { "source": "contact@wpscan.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-38xx/CVE-2022-3872.json b/CVE-2022/CVE-2022-38xx/CVE-2022-3872.json index 2ef362d9943..811c6141b6c 100644 --- a/CVE-2022/CVE-2022-38xx/CVE-2022-3872.json +++ b/CVE-2022/CVE-2022-38xx/CVE-2022-3872.json @@ -2,7 +2,7 @@ "id": "CVE-2022-3872", "sourceIdentifier": "secalert@redhat.com", "published": "2022-11-07T21:15:09.610", - "lastModified": "2024-11-21T07:20:24.477", + "lastModified": "2025-05-05T21:15:46.473", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,13 +36,33 @@ }, "exploitabilityScore": 3.9, "impactScore": 4.0 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 } ] }, "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-423xx/CVE-2022-42316.json b/CVE-2022/CVE-2022-423xx/CVE-2022-42316.json index ffdcb84b8d4..0d589fae037 100644 --- a/CVE-2022/CVE-2022-423xx/CVE-2022-42316.json +++ b/CVE-2022/CVE-2022-423xx/CVE-2022-42316.json @@ -2,7 +2,7 @@ "id": "CVE-2022-42316", "sourceIdentifier": "security@xen.org", "published": "2022-11-01T13:15:11.607", - "lastModified": "2024-11-21T07:24:44.080", + "lastModified": "2025-05-05T20:15:18.057", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.0, "impactScore": 4.0 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 4.0 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-770" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-423xx/CVE-2022-42317.json b/CVE-2022/CVE-2022-423xx/CVE-2022-42317.json index e7b15c82166..b9325762a9a 100644 --- a/CVE-2022/CVE-2022-423xx/CVE-2022-42317.json +++ b/CVE-2022/CVE-2022-423xx/CVE-2022-42317.json @@ -2,7 +2,7 @@ "id": "CVE-2022-42317", "sourceIdentifier": "security@xen.org", "published": "2022-11-01T13:15:11.660", - "lastModified": "2024-11-21T07:24:44.213", + "lastModified": "2025-05-05T20:15:18.737", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.0, "impactScore": 4.0 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 4.0 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-770" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-423xx/CVE-2022-42327.json b/CVE-2022/CVE-2022-423xx/CVE-2022-42327.json index 97d093b75d8..9540007c5f1 100644 --- a/CVE-2022/CVE-2022-423xx/CVE-2022-42327.json +++ b/CVE-2022/CVE-2022-423xx/CVE-2022-42327.json @@ -2,7 +2,7 @@ "id": "CVE-2022-42327", "sourceIdentifier": "security@xen.org", "published": "2022-11-01T13:15:12.163", - "lastModified": "2024-11-21T07:24:45.573", + "lastModified": "2025-05-05T20:15:18.900", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.2 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-478xx/CVE-2022-47894.json b/CVE-2022/CVE-2022-478xx/CVE-2022-47894.json index 81f1a068b66..ac9a60fedad 100644 --- a/CVE-2022/CVE-2022-478xx/CVE-2022-47894.json +++ b/CVE-2022/CVE-2022-478xx/CVE-2022-47894.json @@ -2,8 +2,8 @@ "id": "CVE-2022-47894", "sourceIdentifier": "security@apache.org", "published": "2024-04-09T10:15:08.343", - "lastModified": "2025-02-13T17:15:49.627", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-05-05T20:48:37.760", + "vulnStatus": "Analyzed", "cveTags": [ { "sourceIdentifier": "security@apache.org", @@ -56,32 +56,81 @@ "value": "CWE-20" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.8.0", + "versionEndExcluding": "0.11.0", + "matchCriteriaId": "010D5072-43DC-42DF-A7BC-E193EC362190" + } + ] + } + ] } ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/04/09/4", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://github.com/apache/zeppelin/pull/4302", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://lists.apache.org/thread/csf4k73kkn3nx58pm0p2qrylbox4fvyy", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/09/4", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://github.com/apache/zeppelin/pull/4302", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://lists.apache.org/thread/csf4k73kkn3nx58pm0p2qrylbox4fvyy", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49932.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49932.json index 5c72be73ded..f50df9da062 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49932.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49932.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49932", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:22.070", - "lastModified": "2025-05-02T16:15:22.070", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: VMX: Do _all_ initialization before exposing /dev/kvm to userspace\n\nCall kvm_init() only after _all_ setup is complete, as kvm_init() exposes\n/dev/kvm to userspace and thus allows userspace to create VMs (and call\nother ioctls). E.g. KVM will encounter a NULL pointer when attempting to\nadd a vCPU to the per-CPU loaded_vmcss_on_cpu list if userspace is able to\ncreate a VM before vmx_init() configures said list.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000008\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0\n Oops: 0002 [#1] SMP\n CPU: 6 PID: 1143 Comm: stable Not tainted 6.0.0-rc7+ #988\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n RIP: 0010:vmx_vcpu_load_vmcs+0x68/0x230 [kvm_intel]\n \n vmx_vcpu_load+0x16/0x60 [kvm_intel]\n kvm_arch_vcpu_load+0x32/0x1f0 [kvm]\n vcpu_load+0x2f/0x40 [kvm]\n kvm_arch_vcpu_create+0x231/0x310 [kvm]\n kvm_vm_ioctl+0x79f/0xe10 [kvm]\n ? handle_mm_fault+0xb1/0x220\n __x64_sys_ioctl+0x80/0xb0\n do_syscall_64+0x2b/0x50\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n RIP: 0033:0x7f5a6b05743b\n \n Modules linked in: vhost_net vhost vhost_iotlb tap kvm_intel(+) kvm irqbypass" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: VMX: Inicializa _toda_ la instancia antes de exponer /dev/kvm al espacio de usuario. Llama a kvm_init() solo despu\u00e9s de que se complete la configuraci\u00f3n _toda_, ya que kvm_init() expone /dev/kvm al espacio de usuario y, por lo tanto, permite que este cree m\u00e1quinas virtuales (y llame a otras ioctl). Por ejemplo, KVM encontrar\u00e1 un puntero nulo al intentar agregar una vCPU a la lista por CPU load_vmcss_on_cpu si el espacio de usuario puede crear una m\u00e1quina virtual antes de que vmx_init() configure dicha lista. ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000008 #PF: acceso de escritura del supervisor en modo kernel #PF: error_code(0x0002) - p\u00e1gina no presente PGD 0 P4D 0 Oops: 0002 [#1] CPU SMP: 6 PID: 1143 Comm: estable No contaminado 6.0.0-rc7+ #988 Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:vmx_vcpu_load_vmcs+0x68/0x230 [kvm_intel] vmx_vcpu_load+0x16/0x60 [kvm_intel] kvm_arch_vcpu_load+0x32/0x1f0 [kvm] vcpu_load+0x2f/0x40 [kvm] kvm_arch_vcpu_create+0x231/0x310 [kvm] kvm_vm_ioctl+0x79f/0xe10 [kvm] ? handle_mm_fault+0xb1/0x220 __x64_sys_ioctl+0x80/0xb0 do_syscall_64+0x2b/0x50 entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7f5a6b05743b M\u00f3dulos vinculados en: vhost_net vhost vhost_iotlb tap kvm_intel(+) kvm irqbypass" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49933.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49933.json index 5b7f67dee2e..4cced6f1452 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49933.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49933.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49933", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:22.163", - "lastModified": "2025-05-02T16:15:22.163", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: VMX: Reset eVMCS controls in VP assist page during hardware disabling\n\nReset the eVMCS controls in the per-CPU VP assist page during hardware\ndisabling instead of waiting until kvm-intel's module exit. The controls\nare activated if and only if KVM creates a VM, i.e. don't need to be\nreset if hardware is never enabled.\n\nDoing the reset during hardware disabling will naturally fix a potential\nNULL pointer deref bug once KVM disables CPU hotplug while enabling and\ndisabling hardware (which is necessary to fix a variety of bugs). If the\nkernel is running as the root partition, the VP assist page is unmapped\nduring CPU hot unplug, and so KVM's clearing of the eVMCS controls needs\nto occur with CPU hot(un)plug disabled, otherwise KVM could attempt to\nwrite to a CPU's VP assist page after it's unmapped." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: VMX: Restablecer los controles eVMCS en la p\u00e1gina de asistencia de VP durante la deshabilitaci\u00f3n del hardware Restablezca los controles eVMCS en la p\u00e1gina de asistencia de VP por CPU durante la deshabilitaci\u00f3n del hardware en lugar de esperar hasta que salga el m\u00f3dulo de kvm-intel. Los controles se activan si y solo si KVM crea una VM, es decir, no necesitan restablecerse si el hardware nunca se habilita. Hacer el restablecimiento durante la deshabilitaci\u00f3n del hardware solucionar\u00e1 naturalmente un posible error de desreferencia de puntero NULL una vez que KVM deshabilite la conexi\u00f3n en caliente de la CPU mientras habilita y deshabilita el hardware (lo cual es necesario para solucionar una variedad de errores). Si el kernel se ejecuta como la partici\u00f3n ra\u00edz, la p\u00e1gina de asistencia de VP no se asigna durante la desconexi\u00f3n en caliente de la CPU y, por lo tanto, el borrado de los controles eVMCS por parte de KVM debe ocurrir con la (des)conexi\u00f3n en caliente de la CPU deshabilitada; de lo contrario, KVM podr\u00eda intentar escribir en la p\u00e1gina de asistencia de VP de una CPU despu\u00e9s de que se desasigne." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50379.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50379.json index 4981de644f7..8628c364079 100644 --- a/CVE-2023/CVE-2023-503xx/CVE-2023-50379.json +++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50379.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50379", "sourceIdentifier": "security@apache.org", "published": "2024-02-27T09:15:36.827", - "lastModified": "2025-02-13T18:15:50.790", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-05-05T21:01:27.150", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,22 +51,56 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:ambari:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.7.8", + "matchCriteriaId": "C18362CB-E929-4C5F-9526-B33DAA1719EB" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/02/27/1", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Third Party Advisory", + "Mailing List" + ] }, { "url": "https://lists.apache.org/thread/jglww6h6ngxpo1r6r5fx7ff7z29lnvv8", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Vendor Advisory", + "Mailing List" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/02/27/1", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory", + "Mailing List" + ] }, { "url": "https://lists.apache.org/thread/jglww6h6ngxpo1r6r5fx7ff7z29lnvv8", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory", + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51518.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51518.json index e7413804bec..845f0412649 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51518.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51518.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51518", "sourceIdentifier": "security@apache.org", "published": "2024-02-27T09:15:36.983", - "lastModified": "2024-11-21T08:38:17.540", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-05-05T21:01:52.963", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:james:3.7.5:*:*:*:*:*:*:*", + "matchCriteriaId": "40A5D89F-8F58-45CD-8AC6-9A6DCA6DEBF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:james:3.8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "30D1AC70-87D6-4FA1-A995-14AB73002CD3" + } + ] + } + ] + } + ], "references": [ { "url": "https://lists.apache.org/thread/wbdm61ch6l0kzjn6nnfmyqlng82qz0or", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Vendor Advisory", + "Mailing List" + ] }, { "url": "https://lists.apache.org/thread/wbdm61ch6l0kzjn6nnfmyqlng82qz0or", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory", + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51747.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51747.json index d89faf59edd..1392590aa54 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51747.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51747.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51747", "sourceIdentifier": "security@apache.org", "published": "2024-02-27T14:15:27.030", - "lastModified": "2025-02-13T18:15:53.470", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-05-05T21:02:14.223", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -65,38 +65,88 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:james:3.7.5:*:*:*:*:*:*:*", + "matchCriteriaId": "40A5D89F-8F58-45CD-8AC6-9A6DCA6DEBF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:james:3.8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "A6759186-CA76-4B74-8C89-6AB659477F43" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/02/27/4", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread/rxkwbkh9vgbl9rzx1fkllyk3krhgydko", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "https://postfix.org/smtp-smuggling.html", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Product" + ] }, { "url": "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Product" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/02/27/4", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread/rxkwbkh9vgbl9rzx1fkllyk3krhgydko", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "https://postfix.org/smtp-smuggling.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] }, { "url": "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53035.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53035.json index 93815c948ba..3c6e2ba8c90 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53035.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53035.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53035", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:22.627", - "lastModified": "2025-05-02T16:15:22.627", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()\n\nThe ioctl helper function nilfs_ioctl_wrap_copy(), which exchanges a\nmetadata array to/from user space, may copy uninitialized buffer regions\nto user space memory for read-only ioctl commands NILFS_IOCTL_GET_SUINFO\nand NILFS_IOCTL_GET_CPINFO.\n\nThis can occur when the element size of the user space metadata given by\nthe v_size member of the argument nilfs_argv structure is larger than the\nsize of the metadata element (nilfs_suinfo structure or nilfs_cpinfo\nstructure) on the file system side.\n\nKMSAN-enabled kernels detect this issue as follows:\n\n BUG: KMSAN: kernel-infoleak in instrument_copy_to_user\n include/linux/instrumented.h:121 [inline]\n BUG: KMSAN: kernel-infoleak in _copy_to_user+0xc0/0x100 lib/usercopy.c:33\n instrument_copy_to_user include/linux/instrumented.h:121 [inline]\n _copy_to_user+0xc0/0x100 lib/usercopy.c:33\n copy_to_user include/linux/uaccess.h:169 [inline]\n nilfs_ioctl_wrap_copy+0x6fa/0xc10 fs/nilfs2/ioctl.c:99\n nilfs_ioctl_get_info fs/nilfs2/ioctl.c:1173 [inline]\n nilfs_ioctl+0x2402/0x4450 fs/nilfs2/ioctl.c:1290\n nilfs_compat_ioctl+0x1b8/0x200 fs/nilfs2/ioctl.c:1343\n __do_compat_sys_ioctl fs/ioctl.c:968 [inline]\n __se_compat_sys_ioctl+0x7dd/0x1000 fs/ioctl.c:910\n __ia32_compat_sys_ioctl+0x93/0xd0 fs/ioctl.c:910\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\n Uninit was created at:\n __alloc_pages+0x9f6/0xe90 mm/page_alloc.c:5572\n alloc_pages+0xab0/0xd80 mm/mempolicy.c:2287\n __get_free_pages+0x34/0xc0 mm/page_alloc.c:5599\n nilfs_ioctl_wrap_copy+0x223/0xc10 fs/nilfs2/ioctl.c:74\n nilfs_ioctl_get_info fs/nilfs2/ioctl.c:1173 [inline]\n nilfs_ioctl+0x2402/0x4450 fs/nilfs2/ioctl.c:1290\n nilfs_compat_ioctl+0x1b8/0x200 fs/nilfs2/ioctl.c:1343\n __do_compat_sys_ioctl fs/ioctl.c:968 [inline]\n __se_compat_sys_ioctl+0x7dd/0x1000 fs/ioctl.c:910\n __ia32_compat_sys_ioctl+0x93/0xd0 fs/ioctl.c:910\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\n Bytes 16-127 of 3968 are uninitialized\n ...\n\nThis eliminates the leak issue by initializing the page allocated as\nbuffer using get_zeroed_page()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: correcci\u00f3n de una fuga de informaci\u00f3n del kernel en nilfs_ioctl_wrap_copy(). La funci\u00f3n auxiliar de ioctl nilfs_ioctl_wrap_copy(), que intercambia una matriz de metadatos hacia/desde el espacio de usuario, puede copiar regiones de b\u00fafer no inicializadas a la memoria del espacio de usuario para los comandos ioctl de solo lectura NILFS_IOCTL_GET_SUINFO y NILFS_IOCTL_GET_CPINFO. Esto puede ocurrir cuando el tama\u00f1o del elemento de los metadatos del espacio de usuario, indicado por el miembro v_size de la estructura del argumento nilfs_argv, es mayor que el tama\u00f1o del elemento de metadatos (estructura nilfs_suinfo o nilfs_cpinfo) en el sistema de archivos. Los kernels con KMSAN habilitado detectan este problema de la siguiente manera: ERROR: KMSAN: fuga de informaci\u00f3n del kernel en instrument_copy_to_user include/linux/instrumented.h:121 [en l\u00ednea] ERROR: KMSAN: fuga de informaci\u00f3n del kernel en _copy_to_user+0xc0/0x100 lib/usercopy.c:33 instrument_copy_to_user include/linux/instrumented.h:121 [en l\u00ednea] _copy_to_user+0xc0/0x100 lib/usercopy.c:33 copy_to_user include/linux/uaccess.h:169 [en l\u00ednea] nilfs_ioctl_wrap_copy+0x6fa/0xc10 fs/nilfs2/ioctl.c:99 nilfs_ioctl_get_info fs/nilfs2/ioctl.c:1173 [en l\u00ednea] nilfs_ioctl+0x2402/0x4450 fs/nilfs2/ioctl.c:1290 nilfs_compat_ioctl+0x1b8/0x200 fs/nilfs2/ioctl.c:1343 __do_compat_sys_ioctl fs/ioctl.c:968 [en l\u00ednea] __se_compat_sys_ioctl+0x7dd/0x1000 fs/ioctl.c:910 __ia32_compat_sys_ioctl+0x93/0xd0 fs/ioctl.c:910 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [en l\u00ednea] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Uninit se cre\u00f3 en: __alloc_pages+0x9f6/0xe90 mm/page_alloc.c:5572 alloc_pages+0xab0/0xd80 mm/mempolicy.c:2287 __get_free_pages+0x34/0xc0 mm/page_alloc.c:5599 nilfs_ioctl_wrap_copy+0x223/0xc10 fs/nilfs2/ioctl.c:74 nilfs_ioctl_get_info fs/nilfs2/ioctl.c:1173 [en l\u00ednea] nilfs_ioctl+0x2402/0x4450 fs/nilfs2/ioctl.c:1290 nilfs_compat_ioctl+0x1b8/0x200 fs/nilfs2/ioctl.c:1343 __do_compat_sys_ioctl fs/ioctl.c:968 [en l\u00ednea] __se_compat_sys_ioctl+0x7dd/0x1000 fs/ioctl.c:910 __ia32_compat_sys_ioctl+0x93/0xd0 fs/ioctl.c:910 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [en l\u00ednea] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Los bytes 16-127 de 3968 no est\u00e1n inicializados... Esto elimina el problema de p\u00e9rdida al inicializar la p\u00e1gina asignada como b\u00fafer usando get_zeroed_page()." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53036.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53036.json index 00220dff9f1..ec6d3c5c9e8 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53036.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53036.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53036", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:22.733", - "lastModified": "2025-05-02T16:15:22.733", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix call trace warning and hang when removing amdgpu device\n\nOn GPUs with RAS enabled, below call trace and hang are observed when\nshutting down device.\n\nv2: use DRM device unplugged flag instead of shutdown flag as the check to\nprevent memory wipe in shutdown stage.\n\n[ +0.000000] RIP: 0010:amdgpu_vram_mgr_fini+0x18d/0x1c0 [amdgpu]\n[ +0.000001] PKRU: 55555554\n[ +0.000001] Call Trace:\n[ +0.000001] \n[ +0.000002] amdgpu_ttm_fini+0x140/0x1c0 [amdgpu]\n[ +0.000183] amdgpu_bo_fini+0x27/0xa0 [amdgpu]\n[ +0.000184] gmc_v11_0_sw_fini+0x2b/0x40 [amdgpu]\n[ +0.000163] amdgpu_device_fini_sw+0xb6/0x510 [amdgpu]\n[ +0.000152] amdgpu_driver_release_kms+0x16/0x30 [amdgpu]\n[ +0.000090] drm_dev_release+0x28/0x50 [drm]\n[ +0.000016] devm_drm_dev_init_release+0x38/0x60 [drm]\n[ +0.000011] devm_action_release+0x15/0x20\n[ +0.000003] release_nodes+0x40/0xc0\n[ +0.000001] devres_release_all+0x9e/0xe0\n[ +0.000001] device_unbind_cleanup+0x12/0x80\n[ +0.000003] device_release_driver_internal+0xff/0x160\n[ +0.000001] driver_detach+0x4a/0x90\n[ +0.000001] bus_remove_driver+0x6c/0xf0\n[ +0.000001] driver_unregister+0x31/0x50\n[ +0.000001] pci_unregister_driver+0x40/0x90\n[ +0.000003] amdgpu_exit+0x15/0x120 [amdgpu]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: Se corrige la advertencia de seguimiento de llamadas y el bloqueo al quitar el dispositivo amdgpu. En las GPU con RAS habilitado, se observan el siguiente seguimiento de llamadas y bloqueo al apagar el dispositivo. v2: use el indicador de dispositivo DRM desconectado en lugar del indicador de apagado como verificaci\u00f3n para evitar el borrado de memoria en la etapa de apagado. [ +0.000000] RIP: 0010:amdgpu_vram_mgr_fini+0x18d/0x1c0 [amdgpu] [ +0.000001] PKRU: 55555554 [ +0.000001] Rastreo de llamadas: [ +0.000001] [ +0.000002] amdgpu_ttm_fini+0x140/0x1c0 [amdgpu] [ +0.000183] amdgpu_bo_fini+0x27/0xa0 [amdgpu] [ +0.000184] gmc_v11_0_sw_fini+0x2b/0x40 [amdgpu] [ +0.000163] amdgpu_device_fini_sw+0xb6/0x510 [amdgpu] [ +0.000152] amdgpu_driver_release_kms+0x16/0x30 [amdgpu] [ +0.000090] drm_dev_release+0x28/0x50 [drm] [ +0.000016] devm_drm_dev_init_release+0x38/0x60 [drm] [ +0.000011] devm_action_release+0x15/0x20 [ +0.000003] release_nodes+0x40/0xc0 [ +0.000001] devres_release_all+0x9e/0xe0 [ +0.000001] device_unbind_cleanup+0x12/0x80 [ +0.000003] device_release_driver_internal+0xff/0x160 [ +0.000001] driver_detach+0x4a/0x90 [ +0.000001] bus_remove_driver+0x6c/0xf0 [ +0.000001] driver_unregister+0x31/0x50 [ +0.000001] pci_unregister_driver+0x40/0x90 [ +0.000003] amdgpu_exit+0x15/0x120 [amdgpu] " } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53037.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53037.json index 03c47111fa8..96ac141bcc1 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53037.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53037.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53037", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:22.827", - "lastModified": "2025-05-02T16:15:22.827", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Bad drive in topology results kernel crash\n\nWhen the SAS Transport Layer support is enabled and a device exposed to\nthe OS by the driver fails INQUIRY commands, the driver frees up the memory\nallocated for an internal HBA port data structure. However, in some places,\nthe reference to the freed memory is not cleared. When the firmware sends\nthe Device Info change event for the same device again, the freed memory is\naccessed and that leads to memory corruption and OS crash." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: mpi3mr: Una unidad defectuosa en la topolog\u00eda provoca un bloqueo del kernel. Cuando se habilita la compatibilidad con la capa de transporte SAS y un dispositivo expuesto al sistema operativo por el controlador no cumple con los comandos INQUIRY, el controlador libera la memoria asignada a una estructura de datos de puerto HBA interno. Sin embargo, en algunos lugares, la referencia a la memoria liberada no se borra. Cuando el firmware vuelve a enviar el evento de cambio de informaci\u00f3n del dispositivo para el mismo dispositivo, se accede a la memoria liberada, lo que provoca la corrupci\u00f3n de la memoria y el bloqueo del sistema operativo." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53038.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53038.json index d6537b0b2c7..44f63d0c259 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53038.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53038.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53038", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:22.920", - "lastModified": "2025-05-02T16:15:22.920", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()\n\nIf kzalloc() fails in lpfc_sli4_cgn_params_read(), then we rely on\nlpfc_read_object()'s routine to NULL check pdata.\n\nCurrently, an early return error is thrown from lpfc_read_object() to\nprotect us from NULL ptr dereference, but the errno code is -ENODEV.\n\nChange the errno code to a more appropriate -ENOMEM." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: lpfc: Comprobaci\u00f3n de kzalloc() en lpfc_sli4_cgn_params_read(). Si kzalloc() falla en lpfc_sli4_cgn_params_read(), dependemos de la rutina de lpfc_read_object() para comprobar si pdata es nulo. Actualmente, lpfc_read_object() genera un error de retorno anticipado para protegernos de la desreferencia de ptr nulo, pero el c\u00f3digo de error es -ENODEV. Cambie el c\u00f3digo de error a -ENOMEM, que es m\u00e1s apropiado." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53039.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53039.json index 6b761608558..f0bd660499d 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53039.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53039.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53039", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:23.017", - "lastModified": "2025-05-02T16:15:23.017", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: intel-ish-hid: ipc: Fix potential use-after-free in work function\n\nWhen a reset notify IPC message is received, the ISR schedules a work\nfunction and passes the ISHTP device to it via a global pointer\nishtp_dev. If ish_probe() fails, the devm-managed device resources\nincluding ishtp_dev are freed, but the work is not cancelled, causing a\nuse-after-free when the work function tries to access ishtp_dev. Use\ndevm_work_autocancel() instead, so that the work is automatically\ncancelled if probe fails." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: intel-ish-hid: ipc: Se corrige un posible fallo de use after free en la funci\u00f3n de trabajo. Cuando se recibe un mensaje de notificaci\u00f3n de reinicio de IPC, el ISR programa una funci\u00f3n de trabajo y le transfiere el dispositivo ISHTP mediante un puntero global ishtp_dev. Si ish_probe() falla, se liberan los recursos del dispositivo administrados por devm, incluyendo ishtp_dev, pero el trabajo no se cancela, lo que provoca un fallo de use after free cuando la funci\u00f3n de trabajo intenta acceder a ishtp_dev. En su lugar, utilice devm_work_autocancel() para que el trabajo se cancele autom\u00e1ticamente si falla la sonda." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53040.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53040.json index cd5e4b7c358..4c546679488 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53040.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53040.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53040", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:23.113", - "lastModified": "2025-05-02T16:15:23.113", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nca8210: fix mac_len negative array access\n\nThis patch fixes a buffer overflow access of skb->data if\nieee802154_hdr_peek_addrs() fails." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ca8210: corrige el acceso negativo a la matriz mac_len. Este parche corrige un acceso de desbordamiento de b\u00fafer de skb->data si falla ieee802154_hdr_peek_addrs()." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53041.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53041.json index e6fcfad7b3e..2eecbd16cef 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53041.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53041.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53041", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:23.220", - "lastModified": "2025-05-02T16:15:23.220", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Perform lockless command completion in abort path\n\nWhile adding and removing the controller, the following call trace was\nobserved:\n\nWARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dma_free_attrs+0x33/0x50\nCPU: 3 PID: 623596 Comm: sh Kdump: loaded Not tainted 5.14.0-96.el9.x86_64 #1\nRIP: 0010:dma_free_attrs+0x33/0x50\n\nCall Trace:\n qla2x00_async_sns_sp_done+0x107/0x1b0 [qla2xxx]\n qla2x00_abort_srb+0x8e/0x250 [qla2xxx]\n ? ql_dbg+0x70/0x100 [qla2xxx]\n __qla2x00_abort_all_cmds+0x108/0x190 [qla2xxx]\n qla2x00_abort_all_cmds+0x24/0x70 [qla2xxx]\n qla2x00_abort_isp_cleanup+0x305/0x3e0 [qla2xxx]\n qla2x00_remove_one+0x364/0x400 [qla2xxx]\n pci_device_remove+0x36/0xa0\n __device_release_driver+0x17a/0x230\n device_release_driver+0x24/0x30\n pci_stop_bus_device+0x68/0x90\n pci_stop_and_remove_bus_device_locked+0x16/0x30\n remove_store+0x75/0x90\n kernfs_fop_write_iter+0x11c/0x1b0\n new_sync_write+0x11f/0x1b0\n vfs_write+0x1eb/0x280\n ksys_write+0x5f/0xe0\n do_syscall_64+0x5c/0x80\n ? do_user_addr_fault+0x1d8/0x680\n ? do_syscall_64+0x69/0x80\n ? exc_page_fault+0x62/0x140\n ? asm_exc_page_fault+0x8/0x30\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe command was completed in the abort path during driver unload with a\nlock held, causing the warning in abort path. Hence complete the command\nwithout any lock held." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: qla2xxx: Realizar la finalizaci\u00f3n de comandos sin bloqueo en la ruta de aborto Al agregar y quitar el controlador, se observ\u00f3 el siguiente seguimiento de llamada: ADVERTENCIA: CPU: 3 PID: 623596 en kernel/dma/mapping.c:532 dma_free_attrs+0x33/0x50 CPU: 3 PID: 623596 Comm: sh Kdump: cargado No contaminado 5.14.0-96.el9.x86_64 #1 RIP: 0010:dma_free_attrs+0x33/0x50 Seguimiento de llamada: qla2x00_async_sns_sp_done+0x107/0x1b0 [qla2xxx] qla2x00_abort_srb+0x8e/0x250 [qla2xxx] ? ql_dbg+0x70/0x100 [qla2xxx] __qla2x00_abort_all_cmds+0x108/0x190 [qla2xxx] qla2x00_abort_all_cmds+0x24/0x70 [qla2xxx] qla2x00_abort_isp_cleanup+0x305/0x3e0 [qla2xxx] qla2x00_remove_one+0x364/0x400 [qla2xxx] pci_device_remove+0x36/0xa0 __device_release_driver+0x17a/0x230 device_release_driver+0x24/0x30 pci_stop_bus_device+0x68/0x90 pci_stop_and_remove_bus_device_locked+0x16/0x30 remove_store+0x75/0x90 kernfs_fop_write_iter+0x11c/0x1b0 new_sync_write+0x11f/0x1b0 vfs_write+0x1eb/0x280 ksys_write+0x5f/0xe0 do_syscall_64+0x5c/0x80 ? do_user_addr_fault+0x1d8/0x680 ? do_syscall_64+0x69/0x80 ? exc_page_fault+0x62/0x140 ? asm_exc_page_fault+0x8/0x30 entry_SYSCALL_64_after_hwframe+0x44/0xae. El comando se complet\u00f3 en la ruta de interrupci\u00f3n durante la descarga del controlador con un bloqueo, lo que provoc\u00f3 la advertencia en la ruta de interrupci\u00f3n. Por lo tanto, complete el comando sin ning\u00fan bloqueo." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53042.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53042.json index 1ca6e81efaa..78eb773d966 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53042.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53042.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53042", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:23.320", - "lastModified": "2025-05-02T16:15:23.320", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Do not set DRR on pipe Commit\n\n[WHY]\nWriting to DRR registers such as OTG_V_TOTAL_MIN on the same frame as a\npipe commit can cause underflow." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: No configure DRR en el commit de tuber\u00eda [POR QU\u00c9] Escribir en registros DRR como OTG_V_TOTAL_MIN en el mismo marco que una confirmaci\u00f3n de tuber\u00eda puede causar desbordamiento." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53043.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53043.json index 089622ec373..c721d1e5ae3 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53043.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53043.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53043", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:23.400", - "lastModified": "2025-05-02T16:15:23.400", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: dts: qcom: sc7280: Mark PCIe controller as cache coherent\n\nIf the controller is not marked as cache coherent, then kernel will\ntry to ensure coherency during dma-ops and that may cause data corruption.\nSo, mark the PCIe node as dma-coherent as the devices on PCIe bus are\ncache coherent." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64: dts: qcom: sc7280: Marcar el controlador PCIe como coherente con la cach\u00e9. Si el controlador no est\u00e1 marcado como coherente con la cach\u00e9, el kernel intentar\u00e1 asegurar la coherencia durante las operaciones DMA, lo que puede causar corrupci\u00f3n de datos. Por lo tanto, marque el nodo PCIe como coherente con la cach\u00e9, ya que los dispositivos en el bus PCIe s\u00ed lo son." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53044.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53044.json index 3f624299008..24c6b039071 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53044.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53044.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53044", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:23.490", - "lastModified": "2025-05-02T16:15:23.490", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm stats: check for and propagate alloc_percpu failure\n\nCheck alloc_precpu()'s return value and return an error from\ndm_stats_init() if it fails. Update alloc_dev() to fail if\ndm_stats_init() does.\n\nOtherwise, a NULL pointer dereference will occur in dm_stats_cleanup()\neven if dm-stats isn't being actively used." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm stats: comprobar y propagar el fallo de alloc_percpu. Comprueba el valor de retorno de alloc_precpu() y devuelve un error de dm_stats_init() si falla. Actualice alloc_dev() para que falle si dm_stats_init() falla. De lo contrario, se producir\u00e1 una desreferencia de puntero nulo en dm_stats_cleanup(), incluso si dm-stats no se est\u00e1 utilizando activamente." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53045.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53045.json index 2577b861cb9..774567b18a1 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53045.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53045.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53045", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:23.590", - "lastModified": "2025-05-02T16:15:23.590", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_audio: don't let userspace block driver unbind\n\nIn the unbind callback for f_uac1 and f_uac2, a call to snd_card_free()\nvia g_audio_cleanup() will disconnect the card and then wait for all\nresources to be released, which happens when the refcount falls to zero.\nSince userspace can keep the refcount incremented by not closing the\nrelevant file descriptor, the call to unbind may block indefinitely.\nThis can cause a deadlock during reboot, as evidenced by the following\nblocked task observed on my machine:\n\n task:reboot state:D stack:0 pid:2827 ppid:569 flags:0x0000000c\n Call trace:\n __switch_to+0xc8/0x140\n __schedule+0x2f0/0x7c0\n schedule+0x60/0xd0\n schedule_timeout+0x180/0x1d4\n wait_for_completion+0x78/0x180\n snd_card_free+0x90/0xa0\n g_audio_cleanup+0x2c/0x64\n afunc_unbind+0x28/0x60\n ...\n kernel_restart+0x4c/0xac\n __do_sys_reboot+0xcc/0x1ec\n __arm64_sys_reboot+0x28/0x30\n invoke_syscall+0x4c/0x110\n ...\n\nThe issue can also be observed by opening the card with arecord and\nthen stopping the process through the shell before unbinding:\n\n # arecord -D hw:UAC2Gadget -f S32_LE -c 2 -r 48000 /dev/null\n Recording WAVE '/dev/null' : Signed 32 bit Little Endian, Rate 48000 Hz, Stereo\n ^Z[1]+ Stopped arecord -D hw:UAC2Gadget -f S32_LE -c 2 -r 48000 /dev/null\n # echo gadget.0 > /sys/bus/gadget/drivers/configfs-gadget/unbind\n (observe that the unbind command never finishes)\n\nFix the problem by using snd_card_free_when_closed() instead, which will\nstill disconnect the card as desired, but defer the task of freeing the\nresources to the core once userspace closes its file descriptor." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: gadget: u_audio: no permitir que el espacio de usuario bloquee la desvinculaci\u00f3n del controlador. En la llamada de desvinculaci\u00f3n para f_uac1 y f_uac2, una llamada a snd_card_free() mediante g_audio_cleanup() desconectar\u00e1 la tarjeta y esperar\u00e1 a que se liberen todos los recursos, lo que ocurre cuando el recuento de referencias llega a cero. Dado que el espacio de usuario puede mantener el recuento de referencias incrementado al no cerrar el descriptor de archivo correspondiente, la llamada a desvinculaci\u00f3n podr\u00eda bloquearse indefinidamente. Esto puede causar un bloqueo durante el reinicio, como lo demuestra la siguiente tarea bloqueada observada en mi m\u00e1quina: task:reboot state:D stack:0 pid:2827 ppid:569 flags:0x0000000c Rastreo de llamadas: __switch_to+0xc8/0x140 __schedule+0x2f0/0x7c0 schedule+0x60/0xd0 schedule_timeout+0x180/0x1d4 wait_for_completion+0x78/0x180 snd_card_free+0x90/0xa0 g_audio_cleanup+0x2c/0x64 afunc_unbind+0x28/0x60 ... kernel_restart+0x4c/0xac __do_sys_reboot+0xcc/0x1ec __arm64_sys_reboot+0x28/0x30 invoke_syscall+0x4c/0x110 ... El problema tambi\u00e9n se puede observar al abrir la tarjeta con arecord y luego detener el proceso a trav\u00e9s del shell antes de desvincular: # arecord -D hw:UAC2Gadget -f S32_LE -c 2 -r 48000 /dev/null Recording WAVE '/dev/null' : Signed 32 bit Little Endian, Rate 48000 Hz, Stereo ^Z[1]+ Stopped arecord -D hw:UAC2Gadget -f S32_LE -c 2 -r 48000 /dev/null # echo gadget.0 > /sys/bus/gadget/drivers/configfs-gadget/unbind (observe que el comando de desvinculaci\u00f3n nunca finaliza) Corrija el problema usando snd_card_free_when_closed() en su lugar, que a\u00fan desconectar\u00e1 la tarjeta como se desea, pero pospondr\u00e1 la tarea de liberar los recursos al n\u00facleo una vez que el espacio de usuario cierre su descriptor de archivo." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53046.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53046.json index ddea5bcf53c..da936b82703 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53046.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53046.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53046", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:23.697", - "lastModified": "2025-05-02T16:15:23.697", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix race condition in hci_cmd_sync_clear\n\nThere is a potential race condition in hci_cmd_sync_work and\nhci_cmd_sync_clear, and could lead to use-after-free. For instance,\nhci_cmd_sync_work is added to the 'req_workqueue' after cancel_work_sync\nThe entry of 'cmd_sync_work_list' may be freed in hci_cmd_sync_clear, and\ncausing kernel panic when it is used in 'hci_cmd_sync_work'.\n\nHere's the call trace:\n\ndump_stack_lvl+0x49/0x63\nprint_report.cold+0x5e/0x5d3\n? hci_cmd_sync_work+0x282/0x320\nkasan_report+0xaa/0x120\n? hci_cmd_sync_work+0x282/0x320\n__asan_report_load8_noabort+0x14/0x20\nhci_cmd_sync_work+0x282/0x320\nprocess_one_work+0x77b/0x11c0\n? _raw_spin_lock_irq+0x8e/0xf0\nworker_thread+0x544/0x1180\n? poll_idle+0x1e0/0x1e0\nkthread+0x285/0x320\n? process_one_work+0x11c0/0x11c0\n? kthread_complete_and_exit+0x30/0x30\nret_from_fork+0x22/0x30\n\n\nAllocated by task 266:\nkasan_save_stack+0x26/0x50\n__kasan_kmalloc+0xae/0xe0\nkmem_cache_alloc_trace+0x191/0x350\nhci_cmd_sync_queue+0x97/0x2b0\nhci_update_passive_scan+0x176/0x1d0\nle_conn_complete_evt+0x1b5/0x1a00\nhci_le_conn_complete_evt+0x234/0x340\nhci_le_meta_evt+0x231/0x4e0\nhci_event_packet+0x4c5/0xf00\nhci_rx_work+0x37d/0x880\nprocess_one_work+0x77b/0x11c0\nworker_thread+0x544/0x1180\nkthread+0x285/0x320\nret_from_fork+0x22/0x30\n\nFreed by task 269:\nkasan_save_stack+0x26/0x50\nkasan_set_track+0x25/0x40\nkasan_set_free_info+0x24/0x40\n____kasan_slab_free+0x176/0x1c0\n__kasan_slab_free+0x12/0x20\nslab_free_freelist_hook+0x95/0x1a0\nkfree+0xba/0x2f0\nhci_cmd_sync_clear+0x14c/0x210\nhci_unregister_dev+0xff/0x440\nvhci_release+0x7b/0xf0\n__fput+0x1f3/0x970\n____fput+0xe/0x20\ntask_work_run+0xd4/0x160\ndo_exit+0x8b0/0x22a0\ndo_group_exit+0xba/0x2a0\nget_signal+0x1e4a/0x25b0\narch_do_signal_or_restart+0x93/0x1f80\nexit_to_user_mode_prepare+0xf5/0x1a0\nsyscall_exit_to_user_mode+0x26/0x50\nret_from_fork+0x15/0x30" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: Corregir condici\u00f3n de ejecuci\u00f3n en hci_cmd_sync_clear Existe una posible condici\u00f3n de ejecuci\u00f3n en hci_cmd_sync_work y hci_cmd_sync_clear, y podr\u00eda provocar un use-after-free. Por ejemplo, hci_cmd_sync_work se a\u00f1ade a 'req_workqueue' despu\u00e9s de cancel_work_sync La entrada de 'cmd_sync_work_list' puede liberarse en hci_cmd_sync_clear y provocar un p\u00e1nico del kernel cuando se utiliza en 'hci_cmd_sync_work'. Aqu\u00ed est\u00e1 el seguimiento de la llamada: dump_stack_lvl+0x49/0x63 print_report.cold+0x5e/0x5d3 ? hci_cmd_sync_work+0x282/0x320 kasan_report+0xaa/0x120 ? hci_cmd_sync_work+0x282/0x320 __asan_report_load8_noabort+0x14/0x20 hci_cmd_sync_work+0x282/0x320 process_one_work+0x77b/0x11c0 ? _raw_spin_lock_irq+0x8e/0xf0 worker_thread+0x544/0x1180 ? poll_idle+0x1e0/0x1e0 kthread+0x285/0x320 ? process_one_work+0x11c0/0x11c0 ? kthread_complete_and_exit+0x30/0x30 ret_from_fork+0x22/0x30 Allocated by task 266: kasan_save_stack+0x26/0x50 __kasan_kmalloc+0xae/0xe0 kmem_cache_alloc_trace+0x191/0x350 hci_cmd_sync_queue+0x97/0x2b0 hci_update_passive_scan+0x176/0x1d0 le_conn_complete_evt+0x1b5/0x1a00 hci_le_conn_complete_evt+0x234/0x340 hci_le_meta_evt+0x231/0x4e0 hci_event_packet+0x4c5/0xf00 hci_rx_work+0x37d/0x880 process_one_work+0x77b/0x11c0 worker_thread+0x544/0x1180 kthread+0x285/0x320 ret_from_fork+0x22/0x30 Freed by task 269: kasan_save_stack+0x26/0x50 kasan_set_track+0x25/0x40 kasan_set_free_info+0x24/0x40 ____kasan_slab_free+0x176/0x1c0 __kasan_slab_free+0x12/0x20 slab_free_freelist_hook+0x95/0x1a0 kfree+0xba/0x2f0 hci_cmd_sync_clear+0x14c/0x210 hci_unregister_dev+0xff/0x440 vhci_release+0x7b/0xf0 __fput+0x1f3/0x970 ____fput+0xe/0x20 task_work_run+0xd4/0x160 do_exit+0x8b0/0x22a0 do_group_exit+0xba/0x2a0 get_signal+0x1e4a/0x25b0 arch_do_signal_or_restart+0x93/0x1f80 exit_to_user_mode_prepare+0xf5/0x1a0 syscall_exit_to_user_mode+0x26/0x50 ret_from_fork+0x15/0x30 " } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53047.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53047.json index 74cbf4a9a90..201facf8800 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53047.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53047.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53047", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:23.790", - "lastModified": "2025-05-02T16:15:23.790", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: amdtee: fix race condition in amdtee_open_session\n\nThere is a potential race condition in amdtee_open_session that may\nlead to use-after-free. For instance, in amdtee_open_session() after\nsess->sess_mask is set, and before setting:\n\n sess->session_info[i] = session_info;\n\nif amdtee_close_session() closes this same session, then 'sess' data\nstructure will be released, causing kernel panic when 'sess' is\naccessed within amdtee_open_session().\n\nThe solution is to set the bit sess->sess_mask as the last step in\namdtee_open_session()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tee: amdtee: correcci\u00f3n de la condici\u00f3n de ejecuci\u00f3n en amdtee_open_session. Existe una posible condici\u00f3n de ejecuci\u00f3n en amdtee_open_session que podr\u00eda provocar un use-after-free. Por ejemplo, en amdtee_open_session(), despu\u00e9s de configurar sess->sess_mask y antes de configurar: sess->session_info[i] = session_info; si amdtee_close_session() cierra esta misma sesi\u00f3n, se liberar\u00e1 la estructura de datos 'sess', lo que provocar\u00e1 un p\u00e1nico del kernel al acceder a 'sess' dentro de amdtee_open_session(). La soluci\u00f3n es configurar el bit sess->sess_mask como \u00faltimo paso en amdtee_open_session()." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53048.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53048.json index f0077024041..30172dc8d58 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53048.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53048.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53048", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:23.897", - "lastModified": "2025-05-02T16:15:23.897", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tcpm: fix warning when handle discover_identity message\n\nSince both source and sink device can send discover_identity message in\nPD3, kernel may dump below warning:\n\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 169 at drivers/usb/typec/tcpm/tcpm.c:1446 tcpm_queue_vdm+0xe0/0xf0\nModules linked in:\nCPU: 0 PID: 169 Comm: 1-0050 Not tainted 6.1.1-00038-g6a3c36cf1da2-dirty #567\nHardware name: NXP i.MX8MPlus EVK board (DT)\npstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : tcpm_queue_vdm+0xe0/0xf0\nlr : tcpm_queue_vdm+0x2c/0xf0\nsp : ffff80000c19bcd0\nx29: ffff80000c19bcd0 x28: 0000000000000001 x27: ffff0000d11c8ab8\nx26: ffff0000d11cc000 x25: 0000000000000000 x24: 00000000ff008081\nx23: 0000000000000001 x22: 00000000ff00a081 x21: ffff80000c19bdbc\nx20: 0000000000000000 x19: ffff0000d11c8080 x18: ffffffffffffffff\nx17: 0000000000000000 x16: 0000000000000000 x15: ffff0000d716f580\nx14: 0000000000000001 x13: ffff0000d716f507 x12: 0000000000000001\nx11: 0000000000000000 x10: 0000000000000020 x9 : 00000000000ee098\nx8 : 00000000ffffffff x7 : 000000000000001c x6 : ffff0000d716f580\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\nx2 : ffff80000c19bdbc x1 : 00000000ff00a081 x0 : 0000000000000004\nCall trace:\ntcpm_queue_vdm+0xe0/0xf0\ntcpm_pd_rx_handler+0x340/0x1ab0\nkthread_worker_fn+0xcc/0x18c\nkthread+0x10c/0x110\nret_from_fork+0x10/0x20\n---[ end trace 0000000000000000 ]---\n\nBelow sequences may trigger this warning:\n\ntcpm_send_discover_work(work)\n tcpm_send_vdm(port, USB_SID_PD, CMD_DISCOVER_IDENT, NULL, 0);\n tcpm_queue_vdm(port, header, data, count);\n port->vdm_state = VDM_STATE_READY;\n\nvdm_state_machine_work(work);\n\t\t\t<-- received discover_identity from partner\n vdm_run_state_machine(port);\n port->vdm_state = VDM_STATE_SEND_MESSAGE;\n mod_vdm_delayed_work(port, x);\n\ntcpm_pd_rx_handler(work);\n tcpm_pd_data_request(port, msg);\n tcpm_handle_vdm_request(port, msg->payload, cnt);\n tcpm_queue_vdm(port, response[0], &response[1], rlen - 1);\n--> WARN_ON(port->vdm_state > VDM_STATE_DONE);\n\nFor this case, the state machine could still send out discover\nidentity message later if we skip current discover_identity message.\nSo we should handle the received message firstly and override the pending\ndiscover_identity message without warning in this case. Then, a delayed\nsend_discover work will send discover_identity message again." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: typec: tcpm: se corrige la advertencia al manejar el mensaje discover_identity Dado que tanto el dispositivo de origen como el receptor pueden enviar el mensaje discover_identity en PD3, el kernel puede mostrar la siguiente advertencia: ------------[ cortar aqu\u00ed ]------------ ADVERTENCIA: CPU: 0 PID: 169 en drivers/usb/typec/tcpm/tcpm.c:1446 tcpm_queue_vdm+0xe0/0xf0 M\u00f3dulos vinculados: CPU: 0 PID: 169 Comm: 1-0050 No contaminado 6.1.1-00038-g6a3c36cf1da2-dirty #567 Nombre del hardware: Placa NXP i.MX8MPlus EVK (DT) pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : tcpm_queue_vdm+0xe0/0xf0 lr : tcpm_queue_vdm+0x2c/0xf0 sp : ffff80000c19bcd0 x29: ffff80000c19bcd0 x28: 0000000000000001 x27: ffff0000d11c8ab8 x26: ffff0000d11cc000 x25: 0000000000000000 x24: 00000000ff008081 x23: 000000000000001 x22: 00000000ff00a081 x21: ffff80000c19bdbc x20: 0000000000000000 x19: ffff0000d11c8080 x18: ffffffffffffffff x17: 0000000000000000 x16: 0000000000000000 x15: ffff0000d716f580 x14: 0000000000000001 x13: ffff0000d716f507 x12: 000000000000001 x11: 000000000000000 x10: 000000000000020 x9 : 00000000000ee098 x8 : 00000000ffffffff x7 : 000000000000001c x6 : ffff0000d716f580 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000 x2 : ffff80000c19bdbc x1 : 00000000ff00a081 x0 : 0000000000000004 Rastreo de llamadas: tcpm_queue_vdm+0xe0/0xf0 tcpm_pd_rx_handler+0x340/0x1ab0 kthread_worker_fn+0xcc/0x18c kthread+0x10c/0x110 ret_from_fork+0x10/0x20 ---[ fin del seguimiento 000000000000000 ]--- Las siguientes secuencias pueden activar esta advertencia: tcpm_send_discover_work(trabajo) tcpm_send_vdm(puerto, USB_SID_PD, CMD_DISCOVER_IDENT, NULL, 0); tcpm_queue_vdm(puerto, encabezado, datos, recuento); puerto->vdm_state = VDM_STATE_READY; vdm_state_machine_work(trabajo); <-- se recibi\u00f3 discover_identity del socio vdm_run_state_machine(puerto); puerto->vdm_state = VDM_STATE_SEND_MESSAGE; mod_vdm_delayed_work(puerto, x); tcpm_pd_rx_handler(trabajo); tcpm_pd_data_request(port, msg); tcpm_handle_vdm_request(port, msg->payload, cnt); tcpm_queue_vdm(port, response[0], &response[1], rlen - 1); --> WARN_ON(port->vdm_state > VDM_STATE_DONE); En este caso, la m\u00e1quina de estados podr\u00eda enviar el mensaje de descubrimiento de identidad m\u00e1s tarde si omitimos el mensaje de descubrimiento de identidad actual. Por lo tanto, debemos procesar primero el mensaje recibido y anular el mensaje de descubrimiento de identidad pendiente sin previo aviso. Posteriormente, una operaci\u00f3n de env\u00edo de descubrimiento retrasado enviar\u00e1 el mensaje de descubrimiento de identidad nuevamente." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53049.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53049.json index d64187be035..b0854208ce8 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53049.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53049.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53049", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:23.990", - "lastModified": "2025-05-02T16:15:23.990", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: ucsi: Fix NULL pointer deref in ucsi_connector_change()\n\nWhen ucsi_init() fails, ucsi->connector is NULL, yet in case of\nucsi_acpi we may still get events which cause the ucs_acpi code to call\nucsi_connector_change(), which then derefs the NULL ucsi->connector\npointer.\n\nFix this by not setting ucsi->ntfy inside ucsi_init() until ucsi_init()\nhas succeeded, so that ucsi_connector_change() ignores the events\nbecause UCSI_ENABLE_NTFY_CONNECTOR_CHANGE is not set in the ntfy mask." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: ucsi: Se corrige la desreferencia del puntero nulo en ucsi_connector_change(). Cuando ucsi_init() falla, ucsi->connector es nulo; sin embargo, en el caso de ucsi_acpi, a\u00fan pueden aparecer eventos que provocan que el c\u00f3digo ucs_acpi llame a ucsi_connector_change(), que a su vez desreferencia el puntero nulo ucsi->connector. Para solucionar esto, no configure ucsi->ntfy dentro de ucsi_init() hasta que ucsi_init() se haya ejecutado correctamente, de modo que ucsi_connector_change() ignore los eventos, ya que UCSI_ENABLE_NTFY_CONNECTOR_CHANGE no est\u00e1 configurado en la m\u00e1scara ntfy." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53050.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53050.json index 4d606e55dca..f4328d604ba 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53050.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53050.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53050", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:24.093", - "lastModified": "2025-05-02T16:15:24.093", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Fix memory leak in margining\n\nMemory for the usb4->margining needs to be relased for the upstream port\nof the router as well, even though the debugfs directory gets released\nwith the router device removal. Fix this." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Thunderbolt: Se corrige la p\u00e9rdida de memoria en el margining. La memoria para usb4->margining tambi\u00e9n debe liberarse para el puerto ascendente del router, aunque el directorio debugfs se libera al eliminar el dispositivo del router. Se soluciona." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53051.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53051.json index 0f8fbcabcca..5bd18f87b0e 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53051.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53051.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53051", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:24.180", - "lastModified": "2025-05-02T16:15:24.180", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm crypt: add cond_resched() to dmcrypt_write()\n\nThe loop in dmcrypt_write may be running for unbounded amount of time,\nthus we need cond_resched() in it.\n\nThis commit fixes the following warning:\n\n[ 3391.153255][ C12] watchdog: BUG: soft lockup - CPU#12 stuck for 23s! [dmcrypt_write/2:2897]\n...\n[ 3391.387210][ C12] Call trace:\n[ 3391.390338][ C12] blk_attempt_bio_merge.part.6+0x38/0x158\n[ 3391.395970][ C12] blk_attempt_plug_merge+0xc0/0x1b0\n[ 3391.401085][ C12] blk_mq_submit_bio+0x398/0x550\n[ 3391.405856][ C12] submit_bio_noacct+0x308/0x380\n[ 3391.410630][ C12] dmcrypt_write+0x1e4/0x208 [dm_crypt]\n[ 3391.416005][ C12] kthread+0x130/0x138\n[ 3391.419911][ C12] ret_from_fork+0x10/0x18" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm crypt: a\u00f1adir cond_resched() a dmcrypt_write(). El bucle en dmcrypt_write podr\u00eda estar ejecut\u00e1ndose durante un tiempo ilimitado, por lo que necesitamos cond_resched(). Esta confirmaci\u00f3n corrige la siguiente advertencia: [3391.153255][C12] watchdog: BUG: soft lockup - CPU#12 atascada durante 23 s. [dmcrypt_write/2:2897] ... [3391.387210][C12] Rastreo de llamadas: [ 3391.390338][ C12] blk_attempt_bio_merge.part.6+0x38/0x158 [ 3391.395970][ C12] blk_attempt_plug_merge+0xc0/0x1b0 [ 3391.401085][ C12] blk_mq_submit_bio+0x398/0x550 [ 3391.405856][ C12] submit_bio_noacct+0x308/0x380 [ 3391.410630][ C12] dmcrypt_write+0x1e4/0x208 [dm_crypt] [ 3391.416005][ C12] kthread+0x130/0x138 [ 3391.419911][ C12] ret_from_fork+0x10/0x18 " } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53052.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53052.json index f32d51412a2..88ddffec7a0 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53052.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53052.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53052", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:24.283", - "lastModified": "2025-05-02T16:15:24.283", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix use-after-free bug in refresh_cache_worker()\n\nThe UAF bug occurred because we were putting DFS root sessions in\ncifs_umount() while DFS cache refresher was being executed.\n\nMake DFS root sessions have same lifetime as DFS tcons so we can avoid\nthe use-after-free bug is DFS cache refresher and other places that\nrequire IPCs to get new DFS referrals on. Also, get rid of mount\ngroup handling in DFS cache as we no longer need it.\n\nThis fixes below use-after-free bug catched by KASAN\n\n[ 379.946955] BUG: KASAN: use-after-free in __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.947642] Read of size 8 at addr ffff888018f57030 by task kworker/u4:3/56\n[ 379.948096]\n[ 379.948208] CPU: 0 PID: 56 Comm: kworker/u4:3 Not tainted 6.2.0-rc7-lku #23\n[ 379.948661] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS\nrel-1.16.0-0-gd239552-rebuilt.opensuse.org 04/01/2014\n[ 379.949368] Workqueue: cifs-dfscache refresh_cache_worker [cifs]\n[ 379.949942] Call Trace:\n[ 379.950113] \n[ 379.950260] dump_stack_lvl+0x50/0x67\n[ 379.950510] print_report+0x16a/0x48e\n[ 379.950759] ? __virt_addr_valid+0xd8/0x160\n[ 379.951040] ? __phys_addr+0x41/0x80\n[ 379.951285] kasan_report+0xdb/0x110\n[ 379.951533] ? __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.952056] ? __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.952585] __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.953096] ? __pfx___refresh_tcon.isra.0+0x10/0x10 [cifs]\n[ 379.953637] ? __pfx___mutex_lock+0x10/0x10\n[ 379.953915] ? lock_release+0xb6/0x720\n[ 379.954167] ? __pfx_lock_acquire+0x10/0x10\n[ 379.954443] ? refresh_cache_worker+0x34e/0x6d0 [cifs]\n[ 379.954960] ? __pfx_wb_workfn+0x10/0x10\n[ 379.955239] refresh_cache_worker+0x4ad/0x6d0 [cifs]\n[ 379.955755] ? __pfx_refresh_cache_worker+0x10/0x10 [cifs]\n[ 379.956323] ? __pfx_lock_acquired+0x10/0x10\n[ 379.956615] ? read_word_at_a_time+0xe/0x20\n[ 379.956898] ? lockdep_hardirqs_on_prepare+0x12/0x220\n[ 379.957235] process_one_work+0x535/0x990\n[ 379.957509] ? __pfx_process_one_work+0x10/0x10\n[ 379.957812] ? lock_acquired+0xb7/0x5f0\n[ 379.958069] ? __list_add_valid+0x37/0xd0\n[ 379.958341] ? __list_add_valid+0x37/0xd0\n[ 379.958611] worker_thread+0x8e/0x630\n[ 379.958861] ? __pfx_worker_thread+0x10/0x10\n[ 379.959148] kthread+0x17d/0x1b0\n[ 379.959369] ? __pfx_kthread+0x10/0x10\n[ 379.959630] ret_from_fork+0x2c/0x50\n[ 379.959879] " + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: se corrige el error de use-after-free en refresh_cache_worker(). El error de UAF se produjo porque se estaban asignando sesiones root de DFS en cifs_umount() mientras se ejecutaba el actualizador de cach\u00e9 DFS. Se ha establecido que las sesiones root de DFS tengan la misma duraci\u00f3n que las tcons de DFS para evitar el error de use-after-free en el actualizador de cach\u00e9 DFS y en otros lugares que requieren que los IPC obtengan nuevas referencias DFS. Adem\u00e1s, se ha eliminado la gesti\u00f3n de grupos de montaje en la cach\u00e9 DFS, ya que ya no es necesaria. Esto corrige el siguiente error de use-after-free detectado por KASAN [379.946955] ERROR: KASAN: use-after-free en __refresh_tcon.isra.0+0x10b/0xc10 [cifs] [379.947642] Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff888018f57030 por la tarea kworker/u4:3/56 [379.948096] [379.948208] CPU: 0 PID: 56 Comm: kworker/u4:3 No contaminado 6.2.0-rc7-lku #23 [379.948661] Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552-rebuilt.opensuse.org 01/04/2014 [ 379.949368] Cola de trabajo: cifs-dfscache refresh_cache_worker [cifs] [ 379.949942] Rastreo de llamadas: [ 379.950113] [ 379.950260] dump_stack_lvl+0x50/0x67 [ 379.950510] print_report+0x16a/0x48e [ 379.950759] ? __virt_addr_valid+0xd8/0x160 [ 379.951040] ? __phys_addr+0x41/0x80 [379.951285] kasan_report+0xdb/0x110 [379.951533] ? __refresh_tcon.isra.0+0x10b/0xc10 [cifs] [379.952056] ? __refresh_tcon.isra.0+0x10b/0xc10 [cifs] [379.952585] __refresh_tcon.isra.0+0x10b/0xc10 [cifs] [379.953096] ? __pfx___refresh_tcon.isra.0+0x10/0x10 [cifs] [379.953637] ? __pfx___mutex_lock+0x10/0x10 [ 379.953915] ? lock_release+0xb6/0x720 [ 379.954167] ? __pfx_lock_acquire+0x10/0x10 [ 379.954443] ? refresh_cache_worker+0x34e/0x6d0 [cifs] [ 379.954960] ? __pfx_wb_workfn+0x10/0x10 [ 379.955239] refresh_cache_worker+0x4ad/0x6d0 [cifs] [ 379.955755] ? __pfx_refresh_cache_worker+0x10/0x10 [cifs] [ 379.956323] ? __pfx_lock_acquired+0x10/0x10 [ 379.956615] ? read_word_at_a_time+0xe/0x20 [ 379.956898] ? lockdep_hardirqs_on_prepare+0x12/0x220 [ 379.957235] process_one_work+0x535/0x990 [ 379.957509] ? __pfx_process_one_work+0x10/0x10 [ 379.957812] ? bloqueo_adquirido+0xb7/0x5f0 [ 379.958069] ? __lista_add_valid+0x37/0xd0 [ 379.958341] ? __lista_add_valid+0x37/0xd0 [ 379.958611] subproceso_de_trabajo+0x8e/0x630 [ 379.958861] ? __pfx_subproceso_de_trabajo+0x10/0x10 [ 379.959148] kthread+0x17d/0x1b0 [ 379.959369] ? __pfx_kthread+0x10/0x10 [379.959630] ret_from_fork+0x2c/0x50 [379.959879] " } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53053.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53053.json index 205e777f0f1..8ee30ea498a 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53053.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53053.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53053", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:24.373", - "lastModified": "2025-05-02T16:15:24.373", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerspan: do not use skb_mac_header() in ndo_start_xmit()\n\nDrivers should not assume skb_mac_header(skb) == skb->data in their\nndo_start_xmit().\n\nUse skb_network_offset() and skb_transport_offset() which\nbetter describe what is needed in erspan_fb_xmit() and\nip6erspan_tunnel_xmit()\n\nsyzbot reported:\nWARNING: CPU: 0 PID: 5083 at include/linux/skbuff.h:2873 skb_mac_header include/linux/skbuff.h:2873 [inline]\nWARNING: CPU: 0 PID: 5083 at include/linux/skbuff.h:2873 ip6erspan_tunnel_xmit+0x1d9c/0x2d90 net/ipv6/ip6_gre.c:962\nModules linked in:\nCPU: 0 PID: 5083 Comm: syz-executor406 Not tainted 6.3.0-rc2-syzkaller-00866-gd4671cb96fa3 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023\nRIP: 0010:skb_mac_header include/linux/skbuff.h:2873 [inline]\nRIP: 0010:ip6erspan_tunnel_xmit+0x1d9c/0x2d90 net/ipv6/ip6_gre.c:962\nCode: 04 02 41 01 de 84 c0 74 08 3c 03 0f 8e 1c 0a 00 00 45 89 b4 24 c8 00 00 00 c6 85 77 fe ff ff 01 e9 33 e7 ff ff e8 b4 27 a1 f8 <0f> 0b e9 b6 e7 ff ff e8 a8 27 a1 f8 49 8d bf f0 0c 00 00 48 b8 00\nRSP: 0018:ffffc90003b2f830 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 000000000000ffff RCX: 0000000000000000\nRDX: ffff888021273a80 RSI: ffffffff88e1bd4c RDI: 0000000000000003\nRBP: ffffc90003b2f9d8 R08: 0000000000000003 R09: 000000000000ffff\nR10: 000000000000ffff R11: 0000000000000000 R12: ffff88802b28da00\nR13: 00000000000000d0 R14: ffff88807e25b6d0 R15: ffff888023408000\nFS: 0000555556a61300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055e5b11eb6e8 CR3: 0000000027c1b000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\n__netdev_start_xmit include/linux/netdevice.h:4900 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4914 [inline]\n__dev_direct_xmit+0x504/0x730 net/core/dev.c:4300\ndev_direct_xmit include/linux/netdevice.h:3088 [inline]\npacket_xmit+0x20a/0x390 net/packet/af_packet.c:285\npacket_snd net/packet/af_packet.c:3075 [inline]\npacket_sendmsg+0x31a0/0x5150 net/packet/af_packet.c:3107\nsock_sendmsg_nosec net/socket.c:724 [inline]\nsock_sendmsg+0xde/0x190 net/socket.c:747\n__sys_sendto+0x23a/0x340 net/socket.c:2142\n__do_sys_sendto net/socket.c:2154 [inline]\n__se_sys_sendto net/socket.c:2150 [inline]\n__x64_sys_sendto+0xe1/0x1b0 net/socket.c:2150\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7f123aaa1039\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffc15d12058 EFLAGS: 00000246 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f123aaa1039\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 0000000000000000 R08: 0000000020000040 R09: 0000000000000014\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007f123aa648c0\nR13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: erspan: no utilice skb_mac_header() en ndo_start_xmit() Los controladores no deben asumir que skb_mac_header(skb) == skb->data en su ndo_start_xmit(). Utilice skb_network_offset() y skb_transport_offset() que describen mejor lo que se necesita en erspan_fb_xmit() e ip6erspan_tunnel_xmit() syzbot inform\u00f3: ADVERTENCIA: CPU: 0 PID: 5083 en include/linux/skbuff.h:2873 skb_mac_header include/linux/skbuff.h:2873 [en l\u00ednea] ADVERTENCIA: CPU: 0 PID: 5083 en include/linux/skbuff.h:2873 ip6erspan_tunnel_xmit+0x1d9c/0x2d90 net/ipv6/ip6_gre.c:962 M\u00f3dulos vinculados: CPU: 0 PID: 5083 Comm: syz-executor406 No contaminado 6.3.0-rc2-syzkaller-00866-gd4671cb96fa3 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/03/2023 RIP: 0010:skb_mac_header include/linux/skbuff.h:2873 [en l\u00ednea] RIP: 0010:ip6erspan_tunnel_xmit+0x1d9c/0x2d90 net/ipv6/ip6_gre.c:962 C\u00f3digo: 04 02 41 01 de 84 c0 74 08 3c 03 0f 8e 1c 0a 00 00 45 89 b4 24 c8 00 00 00 c6 85 77 fe ff ff 01 e9 33 e7 ff ff e8 b4 27 a1 f8 <0f> 0b e9 b6 e7 ff ff e8 a8 27 a1 f8 49 8d bf f0 0c 00 00 48 b8 00 RSP: 0018:ffffc90003b2f830 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 000000000000ffff RCX: 0000000000000000 RDX: ffff888021273a80 RSI: ffffffff88e1bd4c RDI: 0000000000000003 RBP: ffffc90003b2f9d8 R08: 00000000000000003 R09: 000000000000ffff R10: 000000000000ffff R11: 0000000000000000 R12: ffff88802b28da00 R13: 00000000000000d0 R14: ffff88807e25b6d0 R15: ffff888023408000 FS: 0000555556a61300(0000) GS:ffff8880b9800000(0000) knlGS:000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055e5b11eb6e8 CR3: 0000000027c1b000 CR4: 000000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Rastreo de llamadas: __netdev_start_xmit include/linux/netdevice.h:4900 [en l\u00ednea] netdev_start_xmit include/linux/netdevice.h:4914 [en l\u00ednea] __dev_direct_xmit+0x504/0x730 net/core/dev.c:4300 dev_direct_xmit include/linux/netdevice.h:3088 [en l\u00ednea] packet_xmit+0x20a/0x390 net/packet/af_packet.c:285 packet_snd net/packet/af_packet.c:3075 [en l\u00ednea] packet_sendmsg+0x31a0/0x5150 net/packet/af_packet.c:3107 sock_sendmsg_nosec net/socket.c:724 [en l\u00ednea] sock_sendmsg+0xde/0x190 net/socket.c:747 __sys_sendto+0x23a/0x340 net/socket.c:2142 __do_sys_sendto net/socket.c:2154 [en l\u00ednea] __se_sys_sendto net/socket.c:2150 [en l\u00ednea] __x64_sys_sendto+0xe1/0x1b0 net/socket.c:2150 do_syscall_x64 arch/x86/entry/common.c:50 [en l\u00ednea] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f123aaa1039 C\u00f3digo: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffc15d12058 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 000000000000000 RCX: 00007f123aaa1039 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 0000000000000000 R08: 0000000020000040 R09: 0000000000000014 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f123aa648c0 R13: 431bde82d7b634db R14: 000000000000000 R15: 0000000000000000" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53054.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53054.json index 3dfb32560f4..d02a4b5d18e 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53054.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53054.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53054", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:24.483", - "lastModified": "2025-05-02T16:15:24.483", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc2: fix a devres leak in hw_enable upon suspend resume\n\nEach time the platform goes to low power, PM suspend / resume routines\ncall: __dwc2_lowlevel_hw_enable -> devm_add_action_or_reset().\nThis adds a new devres each time.\nThis may also happen at runtime, as dwc2_lowlevel_hw_enable() can be\ncalled from udc_start().\n\nThis can be seen with tracing:\n- echo 1 > /sys/kernel/debug/tracing/events/dev/devres_log/enable\n- go to low power\n- cat /sys/kernel/debug/tracing/trace\n\nA new \"ADD\" entry is found upon each low power cycle:\n... devres_log: 49000000.usb-otg ADD 82a13bba devm_action_release (8 bytes)\n... devres_log: 49000000.usb-otg ADD 49889daf devm_action_release (8 bytes)\n...\n\nA second issue is addressed here:\n- regulator_bulk_enable() is called upon each PM cycle (suspend/resume).\n- regulator_bulk_disable() never gets called.\n\nSo the reference count for these regulators constantly increase, by one\nupon each low power cycle, due to missing regulator_bulk_disable() call\nin __dwc2_lowlevel_hw_disable().\n\nThe original fix that introduced the devm_add_action_or_reset() call,\nfixed an issue during probe, that happens due to other errors in\ndwc2_driver_probe() -> dwc2_core_reset(). Then the probe fails without\ndisabling regulators, when dr_mode == USB_DR_MODE_PERIPHERAL.\n\nRather fix the error path: disable all the low level hardware in the\nerror path, by using the \"hsotg->ll_hw_enabled\" flag. Checking dr_mode\nhas been introduced to avoid a dual call to dwc2_lowlevel_hw_disable().\n\"ll_hw_enabled\" should achieve the same (and is used currently in the\nremove() routine)." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: dwc2: se corrige una fuga de devres en hw_enable al reanudar la suspensi\u00f3n. Cada vez que la plataforma pasa a bajo consumo, las rutinas de suspensi\u00f3n/reinicio de PM llaman a __dwc2_lowlevel_hw_enable -> devm_add_action_or_reset(). Esto agrega un nuevo devres cada vez. Esto tambi\u00e9n puede ocurrir en tiempo de ejecuci\u00f3n, ya que dwc2_lowlevel_hw_enable() puede llamarse desde udc_start(). Esto se puede ver con el seguimiento: - echo 1 > /sys/kernel/debug/tracing/events/dev/devres_log/enable - ir a bajo consumo - cat /sys/kernel/debug/tracing/trace Se encuentra una nueva entrada \"ADD\" en cada ciclo de bajo consumo: ... devres_log: 49000000.usb-otg ADD 82a13bba devm_action_release (8 bytes) ... devres_log: 49000000.usb-otg ADD 49889daf devm_action_release (8 bytes) ... Aqu\u00ed se aborda un segundo problema: - regulator_bulk_enable() se llama en cada ciclo de PM (suspender/reanudar). - regulator_bulk_disable() nunca se llama. Por lo tanto, el recuento de referencias para estos reguladores aumenta constantemente, en uno con cada ciclo de bajo consumo, debido a la falta de la llamada a regulator_bulk_disable() en __dwc2_lowlevel_hw_disable(). La correcci\u00f3n original, que introdujo la llamada a devm_add_action_or_reset(), solucion\u00f3 un problema durante el sondeo que se produce debido a otros errores en dwc2_driver_probe() -> dwc2_core_reset(). En ese caso, el sondeo falla sin deshabilitar los reguladores cuando dr_mode == USB_DR_MODE_PERIPHERAL. Mejor soluci\u00f3n: deshabilite todo el hardware de bajo nivel en la ruta de error mediante el indicador \"hsotg->ll_hw_enabled\". Se ha introducido la comprobaci\u00f3n de dr_mode para evitar una llamada dual a dwc2_lowlevel_hw_disable(). \"ll_hw_enabled\" deber\u00eda lograr el mismo efecto (y se utiliza actualmente en la rutina remove())." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53055.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53055.json index b10bcd7a452..16b9fb526fa 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53055.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53055.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53055", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:24.590", - "lastModified": "2025-05-02T16:15:24.590", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfscrypt: destroy keyring after security_sb_delete()\n\nfscrypt_destroy_keyring() must be called after all potentially-encrypted\ninodes were evicted; otherwise it cannot safely destroy the keyring.\nSince inodes that are in-use by the Landlock LSM don't get evicted until\nsecurity_sb_delete(), this means that fscrypt_destroy_keyring() must be\ncalled *after* security_sb_delete().\n\nThis fixes a WARN_ON followed by a NULL dereference, only possible if\nLandlock was being used on encrypted files." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fscrypt: destruir el anillo de claves despu\u00e9s de security_sb_delete(). fscrypt_destroy_keyring() debe llamarse despu\u00e9s de expulsar todos los inodos potencialmente cifrados; de lo contrario, no puede destruir el anillo de claves de forma segura. Dado que los inodos en uso por el LSM de Landlock no se expulsan hasta security_sb_delete(), esto significa que fscrypt_destroy_keyring() debe llamarse *despu\u00e9s* de security_sb_delete(). Esto corrige un WARN_ON seguido de una desreferencia a NULL, solo posible si Landlock se utilizaba en archivos cifrados." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53056.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53056.json index cf1824a1b14..adfe98de855 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53056.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53056.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53056", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:24.680", - "lastModified": "2025-05-02T16:15:24.680", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Synchronize the IOCB count to be in order\n\nA system hang was observed with the following call trace:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 15 PID: 86747 Comm: nvme Kdump: loaded Not tainted 6.2.0+ #1\nHardware name: Dell Inc. PowerEdge R6515/04F3CJ, BIOS 2.7.3 03/31/2022\nRIP: 0010:__wake_up_common+0x55/0x190\nCode: 41 f6 01 04 0f 85 b2 00 00 00 48 8b 43 08 4c 8d\n 40 e8 48 8d 43 08 48 89 04 24 48 89 c6\\\n 49 8d 40 18 48 39 c6 0f 84 e9 00 00 00 <49> 8b 40 18 89 6c 24 14 31\n ed 4c 8d 60 e8 41 8b 18 f6 c3 04 75 5d\nRSP: 0018:ffffb05a82afbba0 EFLAGS: 00010082\nRAX: 0000000000000000 RBX: ffff8f9b83a00018 RCX: 0000000000000000\nRDX: 0000000000000001 RSI: ffff8f9b83a00020 RDI: ffff8f9b83a00018\nRBP: 0000000000000001 R08: ffffffffffffffe8 R09: ffffb05a82afbbf8\nR10: 70735f7472617473 R11: 5f30307832616c71 R12: 0000000000000001\nR13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f815cf4c740(0000) GS:ffff8f9eeed80000(0000)\n\tknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 000000010633a000 CR4: 0000000000350ee0\nCall Trace:\n \n __wake_up_common_lock+0x83/0xd0\n qla_nvme_ls_req+0x21b/0x2b0 [qla2xxx]\n __nvme_fc_send_ls_req+0x1b5/0x350 [nvme_fc]\n nvme_fc_xmt_disconnect_assoc+0xca/0x110 [nvme_fc]\n nvme_fc_delete_association+0x1bf/0x220 [nvme_fc]\n ? nvme_remove_namespaces+0x9f/0x140 [nvme_core]\n nvme_do_delete_ctrl+0x5b/0xa0 [nvme_core]\n nvme_sysfs_delete+0x5f/0x70 [nvme_core]\n kernfs_fop_write_iter+0x12b/0x1c0\n vfs_write+0x2a3/0x3b0\n ksys_write+0x5f/0xe0\n do_syscall_64+0x5c/0x90\n ? syscall_exit_work+0x103/0x130\n ? syscall_exit_to_user_mode+0x12/0x30\n ? do_syscall_64+0x69/0x90\n ? exit_to_user_mode_loop+0xd0/0x130\n ? exit_to_user_mode_prepare+0xec/0x100\n ? syscall_exit_to_user_mode+0x12/0x30\n ? do_syscall_64+0x69/0x90\n ? syscall_exit_to_user_mode+0x12/0x30\n ? do_syscall_64+0x69/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n RIP: 0033:0x7f815cd3eb97\n\nThe IOCB counts are out of order and that would block any commands from\ngoing out and subsequently hang the system. Synchronize the IOCB count to\nbe in correct order." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: qla2xxx: Sincronizar el recuento de IOCB para que est\u00e9 en orden Se observ\u00f3 un bloqueo del sistema con el siguiente seguimiento de llamada: ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 15 PID: 86747 Comm: nvme Kdump: cargado No contaminado 6.2.0+ #1 Nombre del hardware: Dell Inc. PowerEdge R6515/04F3CJ, BIOS 2.7.3 31/03/2022 RIP: 0010:__wake_up_common+0x55/0x190 C\u00f3digo: 41 f6 01 04 0f 85 b2 00 00 00 48 8b 43 08 4c 8d 40 e8 48 8d 43 08 48 89 04 24 48 89 c6\\ 49 8d 40 18 48 39 c6 0f 84 e9 00 00 00 <49> 8b 40 18 89 6c 24 14 31 ed 4c 8d 60 e8 41 8b 18 f6 c3 04 75 5d RSP: 0018:ffffb05a82afbba0 EFLAGS: 00010082 RAX: 00000000000000000 RBX: ffff8f9b83a00018 RCX: 0000000000000000 RDX: 0000000000000001 RSI: ffff8f9b83a00020 RDI: ffff8f9b83a00018 RBP: 0000000000000001 R08: ffffffffffffffe8 R09: ffffb05a82afbbf8 R10: 70735f7472617473 R11: 5f30307832616c71 R12: 0000000000000001 R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f815cf4c740(0000) GS:ffff8f9eeed80000(0000) knlGS:000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000000 CR3: 000000010633a000 CR4: 0000000000350ee0 Rastreo de llamadas: __wake_up_common_lock+0x83/0xd0 qla_nvme_ls_req+0x21b/0x2b0 [qla2xxx] __nvme_fc_send_ls_req+0x1b5/0x350 [nvme_fc] nvme_fc_xmt_disconnect_assoc+0xca/0x110 [nvme_fc] nvme_fc_delete_association+0x1bf/0x220 [nvme_fc] ? nvme_remove_namespaces+0x9f/0x140 [n\u00facleo_nvme] nvme_do_delete_ctrl+0x5b/0xa0 [n\u00facleo_nvme] nvme_sysfs_delete+0x5f/0x70 [n\u00facleo_nvme] kernfs_fop_write_iter+0x12b/0x1c0 vfs_write+0x2a3/0x3b0 ksys_write+0x5f/0xe0 do_syscall_64+0x5c/0x90 ? syscall_exit_work+0x103/0x130 ? syscall_exit_to_user_mode+0x12/0x30 ? do_syscall_64+0x69/0x90 ? exit_to_user_mode_loop+0xd0/0x130 ? exit_to_user_mode_prepare+0xec/0x100 ? syscall_exit_to_user_mode+0x12/0x30 ? do_syscall_64+0x69/0x90 ? syscall_exit_to_user_mode+0x12/0x30 ? do_syscall_64+0x69/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f815cd3eb97 Los conteos de IOCB est\u00e1n desordenados, lo que impedir\u00eda la salida de cualquier comando y, posteriormente, bloquear\u00eda el sistema. Sincronice el conteo de IOCB para que est\u00e9 en el orden correcto." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53057.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53057.json index c59e3ce5f9a..15705cb194d 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53057.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53057.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53057", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:24.773", - "lastModified": "2025-05-02T16:15:24.773", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: HCI: Fix global-out-of-bounds\n\nTo loop a variable-length array, hci_init_stage_sync(stage) considers\nthat stage[i] is valid as long as stage[i-1].func is valid.\nThus, the last element of stage[].func should be intentionally invalid\nas hci_init0[], le_init2[], and others did.\nHowever, amp_init1[] and amp_init2[] have no invalid element, letting\nhci_init_stage_sync() keep accessing amp_init1[] over its valid range.\nThis patch fixes this by adding {} in the last of amp_init1[] and\namp_init2[].\n\n==================================================================\nBUG: KASAN: global-out-of-bounds in hci_dev_open_sync (\n/v6.2-bzimage/net/bluetooth/hci_sync.c:3154\n/v6.2-bzimage/net/bluetooth/hci_sync.c:3343\n/v6.2-bzimage/net/bluetooth/hci_sync.c:4418\n/v6.2-bzimage/net/bluetooth/hci_sync.c:4609\n/v6.2-bzimage/net/bluetooth/hci_sync.c:4689)\nRead of size 8 at addr ffffffffaed1ab70 by task kworker/u5:0/1032\nCPU: 0 PID: 1032 Comm: kworker/u5:0 Not tainted 6.2.0 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04\nWorkqueue: hci1 hci_power_on\nCall Trace:\n \ndump_stack_lvl (/v6.2-bzimage/lib/dump_stack.c:107 (discriminator 1))\nprint_report (/v6.2-bzimage/mm/kasan/report.c:307\n /v6.2-bzimage/mm/kasan/report.c:417)\n? hci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:3154\n /v6.2-bzimage/net/bluetooth/hci_sync.c:3343\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4418\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4609\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4689)\nkasan_report (/v6.2-bzimage/mm/kasan/report.c:184\n /v6.2-bzimage/mm/kasan/report.c:519)\n? hci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:3154\n /v6.2-bzimage/net/bluetooth/hci_sync.c:3343\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4418\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4609\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4689)\nhci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:3154\n /v6.2-bzimage/net/bluetooth/hci_sync.c:3343\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4418\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4609\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4689)\n? __pfx_hci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:4635)\n? mutex_lock (/v6.2-bzimage/./arch/x86/include/asm/atomic64_64.h:190\n /v6.2-bzimage/./include/linux/atomic/atomic-long.h:443\n /v6.2-bzimage/./include/linux/atomic/atomic-instrumented.h:1781\n /v6.2-bzimage/kernel/locking/mutex.c:171\n /v6.2-bzimage/kernel/locking/mutex.c:285)\n? __pfx_mutex_lock (/v6.2-bzimage/kernel/locking/mutex.c:282)\nhci_power_on (/v6.2-bzimage/net/bluetooth/hci_core.c:485\n /v6.2-bzimage/net/bluetooth/hci_core.c:984)\n? __pfx_hci_power_on (/v6.2-bzimage/net/bluetooth/hci_core.c:969)\n? read_word_at_a_time (/v6.2-bzimage/./include/asm-generic/rwonce.h:85)\n? strscpy (/v6.2-bzimage/./arch/x86/include/asm/word-at-a-time.h:62\n /v6.2-bzimage/lib/string.c:161)\nprocess_one_work (/v6.2-bzimage/kernel/workqueue.c:2294)\nworker_thread (/v6.2-bzimage/./include/linux/list.h:292\n /v6.2-bzimage/kernel/workqueue.c:2437)\n? __pfx_worker_thread (/v6.2-bzimage/kernel/workqueue.c:2379)\nkthread (/v6.2-bzimage/kernel/kthread.c:376)\n? __pfx_kthread (/v6.2-bzimage/kernel/kthread.c:331)\nret_from_fork (/v6.2-bzimage/arch/x86/entry/entry_64.S:314)\n \nThe buggy address belongs to the variable:\namp_init1+0x30/0x60\nThe buggy address belongs to the physical page:\npage:000000003a157ec6 refcount:1 mapcount:0 mapping:0000000000000000 ia\nflags: 0x200000000001000(reserved|node=0|zone=2)\nraw: 0200000000001000 ffffea0005054688 ffffea0005054688 000000000000000\nraw: 0000000000000000 0000000000000000 00000001ffffffff 000000000000000\npage dumped because: kasan: bad access detected\nMemory state around the buggy address:\n ffffffffaed1aa00: f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 00 00 00 00\n ffffffffaed1aa80: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 00\n>ffffffffaed1ab00: 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 f9 f9\n \n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: HCI: Correcci\u00f3n de un error global fuera de los l\u00edmites. Para repetir una matriz de longitud variable, hci_init_stage_sync(stage) considera que stage[i] es v\u00e1lido siempre que stage[i-1].func lo sea. Por lo tanto, el \u00faltimo elemento de stage[].func deber\u00eda ser intencionalmente inv\u00e1lido, como hicieron hci_init0[], le_init2[] y otros. Sin embargo, amp_init1[] y amp_init2[] no tienen ning\u00fan elemento inv\u00e1lido, lo que permite que hci_init_stage_sync() siga accediendo a amp_init1[] por encima de su rango v\u00e1lido. Este parche corrige esto a\u00f1adiendo {} al final de amp_init1[] y amp_init2[]. ====================================================================== ERROR: KASAN: global fuera de los l\u00edmites en hci_dev_open_sync ( /v6.2-bzimage/net/bluetooth/hci_sync.c:3154 /v6.2-bzimage/net/bluetooth/hci_sync.c:3343 /v6.2-bzimage/net/bluetooth/hci_sync.c:4418 /v6.2-bzimage/net/bluetooth/hci_sync.c:4609 /v6.2-bzimage/net/bluetooth/hci_sync.c:4689) Lectura de tama\u00f1o 8 en la direcci\u00f3n ffffffffaed1ab70 por tarea kworker/u5:0/1032 CPU: 0 PID: 1032 Comm: kworker/u5:0 No contaminado 6.2.0 #3 Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS 1.15.0-1 04 Cola de trabajo: hci1 hci_power_on Rastreo de llamadas: dump_stack_lvl (/v6.2-bzimage/lib/dump_stack.c:107 (discriminator 1)) print_report (/v6.2-bzimage/mm/kasan/report.c:307 /v6.2-bzimage/mm/kasan/report.c:417) ? hci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:3154 /v6.2-bzimage/net/bluetooth/hci_sync.c:3343 /v6.2-bzimage/net/bluetooth/hci_sync.c:4418 /v6.2-bzimage/net/bluetooth/hci_sync.c:4609 /v6.2-bzimage/net/bluetooth/hci_sync.c:4689) kasan_report (/v6.2-bzimage/mm/kasan/report.c:184 /v6.2-bzimage/mm/kasan/report.c:519) ? hci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:3154 /v6.2-bzimage/net/bluetooth/hci_sync.c:3343 /v6.2-bzimage/net/bluetooth/hci_sync.c:4418 /v6.2-bzimage/net/bluetooth/hci_sync.c:4609 /v6.2-bzimage/net/bluetooth/hci_sync.c:4689) hci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:3154 /v6.2-bzimage/net/bluetooth/hci_sync.c:3343 /v6.2-bzimage/net/bluetooth/hci_sync.c:4418 /v6.2-bzimage/net/bluetooth/hci_sync.c:4609 /v6.2-bzimage/net/bluetooth/hci_sync.c:4689) ? __pfx_hci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:4635) ? bloqueo mutex (/v6.2-bzimage/./arch/x86/include/asm/atomic64_64.h:190 /v6.2-bzimage/./include/linux/atomic/atomic-long.h:443 /v6.2-bzimage/./include/linux/atomic/atomic-instrumented.h:1781 /v6.2-bzimage/kernel/locking/mutex.c:171 /v6.2-bzimage/kernel/locking/mutex.c:285) ? __pfx_mutex_lock (/v6.2-bzimage/kernel/locking/mutex.c:282) hci_power_on (/v6.2-bzimage/net/bluetooth/hci_core.c:485 /v6.2-bzimage/net/bluetooth/hci_core.c:984) ? __pfx_hci_power_on (/v6.2-bzimage/net/bluetooth/hci_core.c:969) ? leer_palabra_a_la_vez (/v6.2-bzimage/./include/asm-generic/rwonce.h:85) ? strscpy (/v6.2-bzimage/./arch/x86/include/asm/word-at-a-time.h:62 /v6.2-bzimage/lib/string.c:161) process_one_work (/v6.2-bzimage/kernel/workqueue.c:2294) work_thread (/v6.2-bzimage/./include/linux/list.h:292 /v6.2-bzimage/kernel/workqueue.c:2437) ? __pfx_worker_thread (/v6.2-bzimage/kernel/workqueue.c:2379) kthread (/v6.2-bzimage/kernel/kthread.c:376) ? __pfx_kthread (/v6.2-bzimage/kernel/kthread.c:331) ret_from_fork (/v6.2-bzimage/arch/x86/entry/entry_64.S:314) La direcci\u00f3n con errores pertenece a la variable: amp_init1+0x30/0x60 La direcci\u00f3n con errores pertenece a la p\u00e1gina f\u00edsica: page:000000003a157ec6 refcount:1 mapcount:0 mapping:000000000000000 ia flags: 0x200000000001000(reserved|node=0|zone=2) raw: 0200000000001000 ffffea0005054688 ffffea0005054688 000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 p\u00e1gina volcada porque: kasan: mal acceso detectado Estado de la memoria alrededor de la direcci\u00f3n con errores: fffffffaed1aa00: f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 00 00 00 00 ffffffffaed1aa80: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 00 >ffffffffaed1ab00 ---truncado---" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53058.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53058.json index 66bdb9b78a6..176a0357265 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53058.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53058.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53058", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:24.867", - "lastModified": "2025-05-02T16:15:24.867", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: E-Switch, Fix an Oops in error handling code\n\nThe error handling dereferences \"vport\". There is nothing we can do if\nit is an error pointer except returning the error code." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: E-Switch. Se corrige un error en el c\u00f3digo de gesti\u00f3n de errores. El c\u00f3digo de gesti\u00f3n de errores desreferencia \"vport\". Si se trata de un puntero de error, no podemos hacer nada m\u00e1s que devolver el c\u00f3digo de error." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53059.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53059.json index 20a264ce969..b73067015d1 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53059.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53059.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53059", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:24.963", - "lastModified": "2025-05-02T16:15:24.963", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/chrome: cros_ec_chardev: fix kernel data leak from ioctl\n\nIt is possible to peep kernel page's data by providing larger `insize`\nin struct cros_ec_command[1] when invoking EC host commands.\n\nFix it by using zeroed memory.\n\n[1]: https://elixir.bootlin.com/linux/v6.2/source/include/linux/platform_data/cros_ec_proto.h#L74" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: platform/chrome: cros_ec_chardev: se corrige la fuga de datos del kernel desde ioctl. Es posible acceder a los datos de la p\u00e1gina del kernel proporcionando un valor `insize` mayor en la estructura cros_ec_command[1] al invocar comandos del host EC. Se corrige utilizando memoria a cero. [1]: https://elixir.bootlin.com/linux/v6.2/source/include/linux/platform_data/cros_ec_proto.h#L74" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53060.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53060.json index 9182378770b..23803d0e46c 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53060.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53060.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53060", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:25.060", - "lastModified": "2025-05-02T16:15:25.060", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: revert rtnl_lock() that causes deadlock\n\nThe commit 6faee3d4ee8b (\"igb: Add lock to avoid data race\") adds\nrtnl_lock to eliminate a false data race shown below\n\n (FREE from device detaching) | (USE from netdev core)\nigb_remove | igb_ndo_get_vf_config\n igb_disable_sriov | vf >= adapter->vfs_allocated_count?\n kfree(adapter->vf_data) |\n adapter->vfs_allocated_count = 0 |\n | memcpy(... adapter->vf_data[vf]\n\nThe above race will never happen and the extra rtnl_lock causes deadlock\nbelow\n\n[ 141.420169] \n[ 141.420672] __schedule+0x2dd/0x840\n[ 141.421427] schedule+0x50/0xc0\n[ 141.422041] schedule_preempt_disabled+0x11/0x20\n[ 141.422678] __mutex_lock.isra.13+0x431/0x6b0\n[ 141.423324] unregister_netdev+0xe/0x20\n[ 141.423578] igbvf_remove+0x45/0xe0 [igbvf]\n[ 141.423791] pci_device_remove+0x36/0xb0\n[ 141.423990] device_release_driver_internal+0xc1/0x160\n[ 141.424270] pci_stop_bus_device+0x6d/0x90\n[ 141.424507] pci_stop_and_remove_bus_device+0xe/0x20\n[ 141.424789] pci_iov_remove_virtfn+0xba/0x120\n[ 141.425452] sriov_disable+0x2f/0xf0\n[ 141.425679] igb_disable_sriov+0x4e/0x100 [igb]\n[ 141.426353] igb_remove+0xa0/0x130 [igb]\n[ 141.426599] pci_device_remove+0x36/0xb0\n[ 141.426796] device_release_driver_internal+0xc1/0x160\n[ 141.427060] driver_detach+0x44/0x90\n[ 141.427253] bus_remove_driver+0x55/0xe0\n[ 141.427477] pci_unregister_driver+0x2a/0xa0\n[ 141.428296] __x64_sys_delete_module+0x141/0x2b0\n[ 141.429126] ? mntput_no_expire+0x4a/0x240\n[ 141.429363] ? syscall_trace_enter.isra.19+0x126/0x1a0\n[ 141.429653] do_syscall_64+0x5b/0x80\n[ 141.429847] ? exit_to_user_mode_prepare+0x14d/0x1c0\n[ 141.430109] ? syscall_exit_to_user_mode+0x12/0x30\n[ 141.430849] ? do_syscall_64+0x67/0x80\n[ 141.431083] ? syscall_exit_to_user_mode_prepare+0x183/0x1b0\n[ 141.431770] ? syscall_exit_to_user_mode+0x12/0x30\n[ 141.432482] ? do_syscall_64+0x67/0x80\n[ 141.432714] ? exc_page_fault+0x64/0x140\n[ 141.432911] entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nSince the igb_disable_sriov() will call pci_disable_sriov() before\nreleasing any resources, the netdev core will synchronize the cleanup to\navoid any races. This patch removes the useless rtnl_(un)lock to guarantee\ncorrectness." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: igb: revertir rtnl_lock() que causa un bloqueo el commit 6faee3d4ee8b (\"igb: Agregar bloqueo para evitar ejecuci\u00f3n de datos\") agrega rtnl_lock para eliminar una ejecuci\u00f3n de datos falsa que se muestra a continuaci\u00f3n (GRATIS de la desconexi\u00f3n del dispositivo) | (USO desde el n\u00facleo netdev) igb_remove | igb_ndo_get_vf_config igb_disable_sriov | vf >= adapter->vfs_allocated_count? kfree(adapter->vf_data) | adapter->vfs_allocated_count = 0 | | memcpy(... adapter->vf_data[vf] La ejecuci\u00f3n anterior nunca ocurrir\u00e1 y el rtnl_lock adicional provoca un bloqueo a continuaci\u00f3n [ 141.420169] [ 141.420672] __schedule+0x2dd/0x840 [ 141.421427] schedule+0x50/0xc0 [ 141.422041] schedule_preempt_disabled+0x11/0x20 [ 141.422678] __mutex_lock.isra.13+0x431/0x6b0 [ 141.423324] unregister_netdev+0xe/0x20 [ 141.423578] igbvf_remove+0x45/0xe0 [igbvf] [ 141.423791] pci_device_remove+0x36/0xb0 [ 141.423990] device_release_driver_internal+0xc1/0x160 [ 141.424270] pci_stop_bus_device+0x6d/0x90 [ 141.424507] pci_stop_and_remove_bus_device+0xe/0x20 [ 141.424789] pci_iov_remove_virtfn+0xba/0x120 [ 141.425452] sriov_disable+0x2f/0xf0 [ 141.425679] igb_disable_sriov+0x4e/0x100 [igb] [ 141.426353] igb_remove+0xa0/0x130 [igb] [ 141.426599] pci_device_remove+0x36/0xb0 [ 141.426796] device_release_driver_internal+0xc1/0x160 [ 141.427060] driver_detach+0x44/0x90 [ 141.427253] bus_remove_driver+0x55/0xe0 [ 141.427477] pci_unregister_driver+0x2a/0xa0 [ 141.428296] __x64_sys_delete_module+0x141/0x2b0 [ 141.429126] ? mntput_no_expire+0x4a/0x240 [ 141.429363] ? syscall_trace_enter.isra.19+0x126/0x1a0 [ 141.429653] ? do_syscall_64+0x5b/0x80 [ 141.429847] ? salir_al_modo_usuario_prepare+0x14d/0x1c0 [ 141.430109] ? syscall_salir_al_modo_usuario+0x12/0x30 [ 141.430849] ? do_syscall_64+0x67/0x80 [ 141.431083] ? syscall_exit_to_user_mode_prepare+0x183/0x1b0 [141.431770] ? syscall_exit_to_user_mode+0x12/0x30 [141.432482] ? do_syscall_64+0x67/0x80 [141.432714] ? exc_page_fault+0x64/0x140 [141.432911] entry_SYSCALL_64_after_hwframe+0x72/0xdc. Dado que igb_disable_sriov() llamar\u00e1 a pci_disable_sriov() antes de liberar recursos, el n\u00facleo netdev sincronizar\u00e1 la limpieza para evitar ejecuci\u00f3ns. Este parche elimina el bloqueo rtnl_(un)lock innecesario para garantizar la correcci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53061.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53061.json index 12c2da78f2b..e11a641fde9 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53061.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53061.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53061", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:25.163", - "lastModified": "2025-05-02T16:15:25.163", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix possible refcount leak in smb2_open()\n\nReference count of acls will leak when memory allocation fails. Fix this\nby adding the missing posix_acl_release()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: se corrige una posible fuga de recuento de referencias en smb2_open(). El recuento de referencias de las ACL se filtra cuando falla la asignaci\u00f3n de memoria. Se soluciona a\u00f1adiendo la funci\u00f3n posix_acl_release() que faltaba." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53062.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53062.json index 6be1b606038..ddb8918b881 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53062.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53062.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53062", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:25.257", - "lastModified": "2025-05-02T16:15:25.257", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: smsc95xx: Limit packet length to skb->len\n\nPacket length retrieved from descriptor may be larger than\nthe actual socket buffer length. In such case the cloned\nskb passed up the network stack will leak kernel memory contents." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: usb: smsc95xx: Limitar la longitud del paquete a skb->len. La longitud del paquete obtenida del descriptor puede ser mayor que la longitud real del b\u00fafer del socket. En tal caso, el skb clonado que se pasa a la pila de red filtrar\u00e1 el contenido de la memoria del kernel." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53063.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53063.json index 4d8a5f2ba75..9c8bcc660ca 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53063.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53063.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53063", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:25.377", - "lastModified": "2025-05-02T16:15:25.377", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work\n\nIn btsdio_probe, &data->work was bound with btsdio_work.In\nbtsdio_send_frame, it was started by schedule_work.\n\nIf we call btsdio_remove with an unfinished job, there may\nbe a race condition and cause UAF bug on hdev." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: btsdio: se corrige el error \"use after free\" en btsdio_remove debido a un trabajo inacabado. En btsdio_probe, &data->work estaba enlazado con btsdio_work. En btsdio_send_frame, se inici\u00f3 mediante schedule_work. Si se llama a btsdio_remove con un trabajo inacabado, podr\u00eda producirse una condici\u00f3n de ejecuci\u00f3n y causar un error de UAF en hdev." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53064.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53064.json index fbee9dc0b1a..cf05d8a825f 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53064.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53064.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53064", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:25.480", - "lastModified": "2025-05-02T16:15:25.480", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: fix hang on reboot with ice\n\nWhen a system with E810 with existing VFs gets rebooted the following\nhang may be observed.\n\n Pid 1 is hung in iavf_remove(), part of a network driver:\n PID: 1 TASK: ffff965400e5a340 CPU: 24 COMMAND: \"systemd-shutdow\"\n #0 [ffffaad04005fa50] __schedule at ffffffff8b3239cb\n #1 [ffffaad04005fae8] schedule at ffffffff8b323e2d\n #2 [ffffaad04005fb00] schedule_hrtimeout_range_clock at ffffffff8b32cebc\n #3 [ffffaad04005fb80] usleep_range_state at ffffffff8b32c930\n #4 [ffffaad04005fbb0] iavf_remove at ffffffffc12b9b4c [iavf]\n #5 [ffffaad04005fbf0] pci_device_remove at ffffffff8add7513\n #6 [ffffaad04005fc10] device_release_driver_internal at ffffffff8af08baa\n #7 [ffffaad04005fc40] pci_stop_bus_device at ffffffff8adcc5fc\n #8 [ffffaad04005fc60] pci_stop_and_remove_bus_device at ffffffff8adcc81e\n #9 [ffffaad04005fc70] pci_iov_remove_virtfn at ffffffff8adf9429\n #10 [ffffaad04005fca8] sriov_disable at ffffffff8adf98e4\n #11 [ffffaad04005fcc8] ice_free_vfs at ffffffffc04bb2c8 [ice]\n #12 [ffffaad04005fd10] ice_remove at ffffffffc04778fe [ice]\n #13 [ffffaad04005fd38] ice_shutdown at ffffffffc0477946 [ice]\n #14 [ffffaad04005fd50] pci_device_shutdown at ffffffff8add58f1\n #15 [ffffaad04005fd70] device_shutdown at ffffffff8af05386\n #16 [ffffaad04005fd98] kernel_restart at ffffffff8a92a870\n #17 [ffffaad04005fda8] __do_sys_reboot at ffffffff8a92abd6\n #18 [ffffaad04005fee0] do_syscall_64 at ffffffff8b317159\n #19 [ffffaad04005ff08] __context_tracking_enter at ffffffff8b31b6fc\n #20 [ffffaad04005ff18] syscall_exit_to_user_mode at ffffffff8b31b50d\n #21 [ffffaad04005ff28] do_syscall_64 at ffffffff8b317169\n #22 [ffffaad04005ff50] entry_SYSCALL_64_after_hwframe at ffffffff8b40009b\n RIP: 00007f1baa5c13d7 RSP: 00007fffbcc55a98 RFLAGS: 00000202\n RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1baa5c13d7\n RDX: 0000000001234567 RSI: 0000000028121969 RDI: 00000000fee1dead\n RBP: 00007fffbcc55ca0 R8: 0000000000000000 R9: 00007fffbcc54e90\n R10: 00007fffbcc55050 R11: 0000000000000202 R12: 0000000000000005\n R13: 0000000000000000 R14: 00007fffbcc55af0 R15: 0000000000000000\n ORIG_RAX: 00000000000000a9 CS: 0033 SS: 002b\n\nDuring reboot all drivers PM shutdown callbacks are invoked.\nIn iavf_shutdown() the adapter state is changed to __IAVF_REMOVE.\nIn ice_shutdown() the call chain above is executed, which at some point\ncalls iavf_remove(). However iavf_remove() expects the VF to be in one\nof the states __IAVF_RUNNING, __IAVF_DOWN or __IAVF_INIT_FAILED. If\nthat's not the case it sleeps forever.\nSo if iavf_shutdown() gets invoked before iavf_remove() the system will\nhang indefinitely because the adapter is already in state __IAVF_REMOVE.\n\nFix this by returning from iavf_remove() if the state is __IAVF_REMOVE,\nas we already went through iavf_shutdown()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iavf: se corrige el bloqueo al reiniciar con hielo Cuando se reinicia un sistema con E810 con VF existentes, se puede observar el siguiente bloqueo. El Pid 1 est\u00e1 colgado en iavf_remove(), parte de un controlador de red: PID: 1 TAREA: ffff965400e5a340 CPU: 24 COMANDO: \"systemd-shutdow\" #0 [ffffaad04005fa50] __schedule en ffffffff8b3239cb #1 [ffffaad04005fae8] schedule en ffffffff8b323e2d #2 [ffffaad04005fb00] schedule_hrtimeout_range_clock en ffffffff8b32cebc #3 [ffffaad04005fb80] usleep_range_state en ffffffff8b32c930 #4 [ffffaad04005fbb0] iavf_remove en ffffffffc12b9b4c [iavf] #5 [ffffaad04005fbf0] pci_device_remove en ffffffff8add7513 #6 [ffffaad04005fc10] device_release_driver_internal en ffffffff8af08baa #7 [ffffaad04005fc40] pci_stop_bus_device en ffffffff8adcc5fc #8 [ffffaad04005fc60] pci_stop_and_remove_bus_device en ffffffff8adcc81e #9 [ffffaad04005fc70] pci_iov_remove_virtfn en ffffffff8adf9429 #10 [ffffaad04005fca8] sriov_disable en ffffffff8adf98e4 #11 [ffffaad04005fcc8] ice_free_vfs en ffffffffc04bb2c8 [ice] #12 [ffffaad04005fd10] ice_remove en ffffffffc04778fe [ice] #13 [ffffaad04005fd38] ice_shutdown en ffffffffc0477946 [ice] #14 [ffffaad04005fd50] pci_device_shutdown en ffffffff8add58f1 #15 [ffffaad04005fd70] device_shutdown en ffffffff8af05386 #16 [ffffaad04005fd98] kernel_restart en ffffffff8a92a870 #17 [ffffaad04005fda8] __do_sys_reboot en ffffffff8a92abd6 #18 [ffffaad04005fee0] do_syscall_64 en ffffffff8b317159 #19 [ffffaad04005ff08] __context_tracking_enter en ffffffff8b31b6fc #20 [ffffaad04005ff18] syscall_exit_to_user_mode en ffffffff8b31b50d #21 [ffffaad04005ff28] do_syscall_64 en ffffffff8b317169 #22 [ffffaad04005ff50] entry_SYSCALL_64_after_hwframe en ffffffff8b40009b RIP: 00007f1baa5c13d7 RSP: 00007fffbcc55a98 RFLAGS: 00000202 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1baa5c13d7 RDX: 0000000001234567 RSI: 0000000028121969 RDI: 00000000fee1dead RBP: 00007fffbcc55ca0 R8: 000000000000000 R9: 00007fffbcc54e90 R10: 00007fffbcc55050 R11: 00000000000000202 R12: 0000000000000005 R13: 0000000000000000 R14: 00007fffbcc55af0 R15: 0000000000000000 ORIG_RAX: 00000000000000a9 CS: 0033 SS: 002b Durante el reinicio, se invocan las devoluciones de llamada de apagado de PM de todos los controladores. En iavf_shutdown(), el estado del adaptador cambia a __IAVF_REMOVE. En ice_shutdown() se ejecuta la cadena de llamadas anterior, que en alg\u00fan momento llama a iavf_remove(). Sin embargo, iavf_remove() espera que el VF est\u00e9 en uno de los estados __IAVF_RUNNING, __IAVF_DOWN o __IAVF_INIT_FAILED. De lo contrario, se suspende indefinidamente. Por lo tanto, si se invoca iavf_shutdown() antes que iavf_remove(), el sistema se bloquear\u00e1 indefinidamente porque el adaptador ya est\u00e1 en el estado __IAVF_REMOVE. Para solucionar esto, regrese de iavf_remove() si el estado es __IAVF_REMOVE, como ya se explic\u00f3 con iavf_shutdown()." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53065.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53065.json index e22ae892228..4d0b1192100 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53065.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53065.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53065", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:25.580", - "lastModified": "2025-05-02T16:15:25.580", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output\n\nsyzkaller reportes a KASAN issue with stack-out-of-bounds.\nThe call trace is as follows:\n dump_stack+0x9c/0xd3\n print_address_description.constprop.0+0x19/0x170\n __kasan_report.cold+0x6c/0x84\n kasan_report+0x3a/0x50\n __perf_event_header__init_id+0x34/0x290\n perf_event_header__init_id+0x48/0x60\n perf_output_begin+0x4a4/0x560\n perf_event_bpf_output+0x161/0x1e0\n perf_iterate_sb_cpu+0x29e/0x340\n perf_iterate_sb+0x4c/0xc0\n perf_event_bpf_event+0x194/0x2c0\n __bpf_prog_put.constprop.0+0x55/0xf0\n __cls_bpf_delete_prog+0xea/0x120 [cls_bpf]\n cls_bpf_delete_prog_work+0x1c/0x30 [cls_bpf]\n process_one_work+0x3c2/0x730\n worker_thread+0x93/0x650\n kthread+0x1b8/0x210\n ret_from_fork+0x1f/0x30\n\ncommit 267fb27352b6 (\"perf: Reduce stack usage of perf_output_begin()\")\nuse on-stack struct perf_sample_data of the caller function.\n\nHowever, perf_event_bpf_output uses incorrect parameter to convert\nsmall-sized data (struct perf_bpf_event) into large-sized data\n(struct perf_sample_data), which causes memory overwriting occurs in\n__perf_event_header__init_id." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: perf/core: Se solucion\u00f3 que el par\u00e1metro perf_output_begin se invocara incorrectamente en perf_event_bpf_output syzkaller informa un problema de KASAN con una pila fuera de los l\u00edmites. El seguimiento de la llamada es el siguiente: dump_stack+0x9c/0xd3 print_address_description.constprop.0+0x19/0x170 __kasan_report.cold+0x6c/0x84 kasan_report+0x3a/0x50 __perf_event_header__init_id+0x34/0x290 perf_event_header__init_id+0x48/0x60 perf_output_begin+0x4a4/0x560 perf_event_bpf_output+0x161/0x1e0 perf_iterate_sb_cpu+0x29e/0x340 perf_iterate_sb+0x4c/0xc0 perf_event_bpf_event+0x194/0x2c0 __bpf_prog_put.constprop.0+0x55/0xf0 __cls_bpf_delete_prog+0xea/0x120 [cls_bpf] cls_bpf_delete_prog_work+0x1c/0x30 [cls_bpf] process_one_work+0x3c2/0x730 workers_thread+0x93/0x650 kthread+0x1b8/0x210 ret_from_fork+0x1f/0x30 commit 267fb27352b6 (\"perf: Reducir el uso de la pila de perf_output_begin()\") usa la estructura en pila perf_sample_data de la funci\u00f3n que llama. Sin embargo, perf_event_bpf_output utiliza un par\u00e1metro incorrecto para convertir datos de tama\u00f1o peque\u00f1o (struct perf_bpf_event) en datos de tama\u00f1o grande (struct perf_sample_data), lo que provoca que se sobrescriba la memoria en __perf_event_header__init_id." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53066.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53066.json index 3716971fd36..c2181770baa 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53066.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53066.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53066", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:25.673", - "lastModified": "2025-05-02T16:15:25.673", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nqed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info\n\nWe have to make sure that the info returned by the helper is valid\nbefore using it.\n\nFound by Linux Verification Center (linuxtesting.org) with the SVACE\nstatic analysis tool." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: qed/qed_sriov: protecci\u00f3n contra desreferencias nulas de qed_iov_get_vf_info. Debemos asegurarnos de que la informaci\u00f3n devuelta por el ayudante sea v\u00e1lida antes de usarla. Encontrada por el Centro de Verificaci\u00f3n de Linux (linuxtesting.org) con la herramienta de an\u00e1lisis est\u00e1tico SVACE." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53067.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53067.json index 98ed764eadd..4a448e55211 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53067.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53067.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53067", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:25.777", - "lastModified": "2025-05-02T16:15:25.777", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Only call get_timer_irq() once in constant_clockevent_init()\n\nUnder CONFIG_DEBUG_ATOMIC_SLEEP=y and CONFIG_DEBUG_PREEMPT=y, we can see\nthe following messages on LoongArch, this is because using might_sleep()\nin preemption disable context.\n\n[ 0.001127] smp: Bringing up secondary CPUs ...\n[ 0.001222] Booting CPU#1...\n[ 0.001244] 64-bit Loongson Processor probed (LA464 Core)\n[ 0.001247] CPU1 revision is: 0014c012 (Loongson-64bit)\n[ 0.001250] FPU1 revision is: 00000000\n[ 0.001252] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283\n[ 0.001255] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1\n[ 0.001257] preempt_count: 1, expected: 0\n[ 0.001258] RCU nest depth: 0, expected: 0\n[ 0.001259] Preemption disabled at:\n[ 0.001261] [<9000000000223800>] arch_dup_task_struct+0x20/0x110\n[ 0.001272] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.2.0-rc7+ #43\n[ 0.001275] Hardware name: Loongson Loongson-3A5000-7A1000-1w-A2101/Loongson-LS3A5000-7A1000-1w-A2101, BIOS vUDK2018-LoongArch-V4.0.05132-beta10 12/13/202\n[ 0.001277] Stack : 0072617764726148 0000000000000000 9000000000222f1c 90000001001e0000\n[ 0.001286] 90000001001e3be0 90000001001e3be8 0000000000000000 0000000000000000\n[ 0.001292] 90000001001e3be8 0000000000000040 90000001001e3cb8 90000001001e3a50\n[ 0.001297] 9000000001642000 90000001001e3be8 be694d10ce4139dd 9000000100174500\n[ 0.001303] 0000000000000001 0000000000000001 00000000ffffe0a2 0000000000000020\n[ 0.001309] 000000000000002f 9000000001354116 00000000056b0000 ffffffffffffffff\n[ 0.001314] 0000000000000000 0000000000000000 90000000014f6e90 9000000001642000\n[ 0.001320] 900000000022b69c 0000000000000001 0000000000000000 9000000001736a90\n[ 0.001325] 9000000100038000 0000000000000000 9000000000222f34 0000000000000000\n[ 0.001331] 00000000000000b0 0000000000000004 0000000000000000 0000000000070000\n[ 0.001337] ...\n[ 0.001339] Call Trace:\n[ 0.001342] [<9000000000222f34>] show_stack+0x5c/0x180\n[ 0.001346] [<90000000010bdd80>] dump_stack_lvl+0x60/0x88\n[ 0.001352] [<9000000000266418>] __might_resched+0x180/0x1cc\n[ 0.001356] [<90000000010c742c>] mutex_lock+0x20/0x64\n[ 0.001359] [<90000000002a8ccc>] irq_find_matching_fwspec+0x48/0x124\n[ 0.001364] [<90000000002259c4>] constant_clockevent_init+0x68/0x204\n[ 0.001368] [<900000000022acf4>] start_secondary+0x40/0xa8\n[ 0.001371] [<90000000010c0124>] smpboot_entry+0x60/0x64\n\nHere are the complete call chains:\n\nsmpboot_entry()\n start_secondary()\n constant_clockevent_init()\n get_timer_irq()\n irq_find_matching_fwnode()\n irq_find_matching_fwspec()\n mutex_lock()\n might_sleep()\n __might_sleep()\n __might_resched()\n\nIn order to avoid the above issue, we should break the call chains,\nusing timer_irq_installed variable as check condition to only call\nget_timer_irq() once in constant_clockevent_init() is a simple and\nproper way." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: LoongArch: solo llamar a get_timer_irq() una vez en constant_clockevent_init() Bajo CONFIG_DEBUG_ATOMIC_SLEEP=y y CONFIG_DEBUG_PREEMPT=y, podemos ver los siguientes mensajes en LoongArch, esto se debe a que se usa might_sleep() en el contexto de deshabilitaci\u00f3n de preempci\u00f3n. [ 0.001127] smp: Activando CPU secundarias... [ 0.001222] Arrancando CPU#1... [ 0.001244] Procesador Loongson de 64 bits probado (n\u00facleo LA464) [ 0.001247] La revisi\u00f3n de CPU1 es: 0014c012 (Loongson-64bit) [ 0.001250] La revisi\u00f3n de FPU1 es: 00000000 [ 0.001252] ERROR: funci\u00f3n de suspensi\u00f3n llamada desde un contexto no v\u00e1lido en kernel/locking/mutex.c:283 [ 0.001255] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1 [ 0.001257] preempt_count: 1, expected: 0 [ 0.001258] Profundidad de anidamiento de RCU: 0, esperado: 0 [ 0.001259] Preempci\u00f3n deshabilitada en: [ 0.001261] [<9000000000223800>] arch_dup_task_struct+0x20/0x110 [ 0.001272] CPU: 1 PID: 0 Comm: swapper/1 No contaminado 6.2.0-rc7+ #43 [ 0.001275] Nombre del hardware: Loongson Loongson-3A5000-7A1000-1w-A2101/Loongson-LS3A5000-7A1000-1w-A2101, BIOS vUDK2018-LoongArch-V4.0.05132-beta10 12/13/202 [ 0.001277] Pila: 0072617764726148 0000000000000000 9000000000222f1c 90000001001e0000 [ 0.001286] 90000001001e3be0 90000001001e3be8 0000000000000000 000000000000000 [ 0.001292] 90000001001e3be8 0000000000000040 90000001001e3cb8 90000001001e3a50 [ 0.001297] 9000000001642000 90000001001e3be8 be694d10ce4139dd 9000000100174500 [ 0.001303] 0000000000000001 000000000000001 000000000ffffe0a2 0000000000000020 [ 0.001309] 00000000000002f 9000000001354116 00000000056b0000 ffffffffffffffffff [ 0.001314] 0000000000000000 0000000000000000 90000000014f6e90 9000000001642000 [ 0.001320] 900000000022b69c 0000000000000001 000000000000000 9000000001736a90 [ 0.001325] 9000000100038000 000000000000000 9000000000222f34 000000000000000 [ 0.001331] 00000000000000b0 0000000000000004 0000000000000000 0000000000070000 [ 0.001337] ... [ 0.001339] Rastreo de llamadas: [ 0.001342] [<9000000000222f34>] show_stack+0x5c/0x180 [ 0.001346] [<90000000010bdd80>] dump_stack_lvl+0x60/0x88 [ 0.001352] [<9000000000266418>] __might_resched+0x180/0x1cc [ 0.001356] [<90000000010c742c>] mutex_lock+0x20/0x64 [ 0.001359] [<90000000002a8ccc>] irq_find_matching_fwspec+0x48/0x124 [ 0.001364] [<90000000002259c4>] constant_clockevent_init+0x68/0x204 [ 0.001368] [<900000000022acf4>] start_secondary+0x40/0xa8 [ 0.001371] [<90000000010c0124>] smpboot_entry+0x60/0x64 Estas son las cadenas de llamadas completas: Para evitar el problema anterior, debemos romper las cadenas de llamadas, utilizando la variable timer_irq_installed como condici\u00f3n de verificaci\u00f3n para llamar a get_timer_irq() solo una vez en constant_clockevent_init() es una forma simple y adecuada." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53068.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53068.json index 32c2904ce44..55cdd4d4f06 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53068.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53068.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53068", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:25.870", - "lastModified": "2025-05-02T16:15:25.870", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: Limit packet length to skb->len\n\nPacket length retrieved from descriptor may be larger than\nthe actual socket buffer length. In such case the cloned\nskb passed up the network stack will leak kernel memory contents.\n\nAdditionally prevent integer underflow when size is less than\nETH_FCS_LEN." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: usb: lan78xx: Limitar la longitud del paquete a skb->len. La longitud del paquete obtenida del descriptor puede ser mayor que la longitud real del b\u00fafer del socket. En tal caso, el skb clonado que se pasa a la pila de red filtrar\u00e1 el contenido de la memoria del kernel. Adem\u00e1s, se evita el subdesbordamiento de enteros cuando el tama\u00f1o es menor que ETH_FCS_LEN." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53069.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53069.json index 7a9b4340c08..3db365d5136 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53069.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53069.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53069", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:25.960", - "lastModified": "2025-05-02T16:15:25.960", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-vf: Add missing free for alloc_percpu\n\nAdd the free_percpu for the allocated \"vf->hw.lmt_info\" in order to avoid\nmemory leak, same as the \"pf->hw.lmt_info\" in\n`drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c`." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: octeontx2-vf: Agregar libre faltante para alloc_percpu Agregue libre_percpu para el \"vf->hw.lmt_info\" asignado para evitar fugas de memoria, igual que \"pf->hw.lmt_info\" en `drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c`." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53070.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53070.json index 17d4ff35686..87b8753cb77 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53070.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53070.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53070", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:26.050", - "lastModified": "2025-05-02T16:15:26.050", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: PPTT: Fix to avoid sleep in the atomic context when PPTT is absent\n\nCommit 0c80f9e165f8 (\"ACPI: PPTT: Leave the table mapped for the runtime usage\")\nenabled to map PPTT once on the first invocation of acpi_get_pptt() and\nnever unmapped the same allowing it to be used at runtime with out the\nhassle of mapping and unmapping the table. This was needed to fetch LLC\ninformation from the PPTT in the cpuhotplug path which is executed in\nthe atomic context as the acpi_get_table() might sleep waiting for a\nmutex.\n\nHowever it missed to handle the case when there is no PPTT on the system\nwhich results in acpi_get_pptt() being called from all the secondary\nCPUs attempting to fetch the LLC information in the atomic context\nwithout knowing the absence of PPTT resulting in the splat like below:\n\n | BUG: sleeping function called from invalid context at kernel/locking/semaphore.c:164\n | in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1\n | preempt_count: 1, expected: 0\n | RCU nest depth: 0, expected: 0\n | no locks held by swapper/1/0.\n | irq event stamp: 0\n | hardirqs last enabled at (0): 0x0\n | hardirqs last disabled at (0): copy_process+0x61c/0x1b40\n | softirqs last enabled at (0): copy_process+0x61c/0x1b40\n | softirqs last disabled at (0): 0x0\n | CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.3.0-rc1 #1\n | Call trace:\n | dump_backtrace+0xac/0x138\n | show_stack+0x30/0x48\n | dump_stack_lvl+0x60/0xb0\n | dump_stack+0x18/0x28\n | __might_resched+0x160/0x270\n | __might_sleep+0x58/0xb0\n | down_timeout+0x34/0x98\n | acpi_os_wait_semaphore+0x7c/0xc0\n | acpi_ut_acquire_mutex+0x58/0x108\n | acpi_get_table+0x40/0xe8\n | acpi_get_pptt+0x48/0xa0\n | acpi_get_cache_info+0x38/0x140\n | init_cache_level+0xf4/0x118\n | detect_cache_attributes+0x2e4/0x640\n | update_siblings_masks+0x3c/0x330\n | store_cpu_topology+0x88/0xf0\n | secondary_start_kernel+0xd0/0x168\n | __secondary_switched+0xb8/0xc0\n\nUpdate acpi_get_pptt() to consider the fact that PPTT is once checked and\nis not available on the system and return NULL avoiding any attempts to\nfetch PPTT and thereby avoiding any possible sleep waiting for a mutex\nin the atomic context." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ACPI: PPTT: Correcci\u00f3n para evitar la suspensi\u00f3n en el contexto at\u00f3mico cuando PPTT est\u00e1 ausente. el commit 0c80f9e165f8 (\"ACPI: PPTT: Dejar la tabla asignada para el uso en tiempo de ejecuci\u00f3n\") habilit\u00f3 la asignaci\u00f3n de PPTT una vez en la primera invocaci\u00f3n de acpi_get_pptt() y nunca la desasign\u00f3, lo que permite su uso en tiempo de ejecuci\u00f3n sin la molestia de asignar y desasignar la tabla. Esto era necesario para obtener informaci\u00f3n de LLC del PPTT en la ruta cpuhotplug, que se ejecuta en el contexto at\u00f3mico, ya que acpi_get_table() podr\u00eda estar en suspensi\u00f3n esperando un mutex. Sin embargo, no logr\u00f3 gestionar el caso en que no hay PPTT en el sistema, lo que provoca que acpi_get_pptt() se llame desde todas las CPU secundarias que intentan obtener la informaci\u00f3n de LLC en el contexto at\u00f3mico sin conocer la ausencia de PPTT, lo que resulta en un error como el siguiente: | ERROR: funci\u00f3n inactiva llamada desde contexto no v\u00e1lido en kernel/locking/semaphore.c:164 | in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1 | preempt_count: 1, expected: 0 | Profundidad de anidamiento de RCU: 0, expected: 0 | swapper/1/0 no tiene bloqueos. | marca de evento irq: 0 | hardirqs habilitado por \u00faltima vez en (0): 0x0 | hardirqs deshabilitado por \u00faltima vez en (0): copy_process+0x61c/0x1b40 | softirqs habilitado por \u00faltima vez en (0): copy_process+0x61c/0x1b40 | softirqs deshabilitado por \u00faltima vez en (0): 0x0 | CPU: 1 PID: 0 Comm: swapper/1 No contaminado 6.3.0-rc1 #1 | Rastreo de llamadas: | dump_backtrace+0xac/0x138 | show_stack+0x30/0x48 | dump_stack_lvl+0x60/0xb0 | dump_stack+0x18/0x28 | __might_resched+0x160/0x270 | __might_sleep+0x58/0xb0 | down_timeout+0x34/0x98 | acpi_os_wait_semaphore+0x7c/0xc0 | acpi_ut_acquire_mutex+0x58/0x108 | acpi_get_table+0x40/0xe8 | acpi_get_pptt+0x48/0xa0 | acpi_get_cache_info+0x38/0x140 | init_cache_level+0xf4/0x118 | detect_cache_attributes+0x2e4/0x640 | update_siblings_masks+0x3c/0x330 | store_cpu_topology+0x88/0xf0 | secondary_start_kernel+0xd0/0x168 | __secondary_switched+0xb8/0xc0 Actualice acpi_get_pptt() para considerar el hecho de que PPTT se verifica una vez y no est\u00e1 disponible en el sistema y devuelve NULL evitando cualquier intento de obtener PPTT y, por lo tanto, evitando cualquier posible suspensi\u00f3n esperando un mutex en el contexto at\u00f3mico." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53071.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53071.json index 6da39366939..5ba897e49cd 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53071.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53071.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53071", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:26.140", - "lastModified": "2025-05-02T16:15:26.140", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: do not run mt76_unregister_device() on unregistered hw\n\nTrying to probe a mt7921e pci card without firmware results in a\nsuccessful probe where ieee80211_register_hw hasn't been called. When\nremoving the driver, ieee802111_unregister_hw is called unconditionally\nleading to a kernel NULL pointer dereference.\nFix the issue running mt76_unregister_device routine just for registered\nhw." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mt76: no ejecutar mt76_unregister_device() en hardware no registrado. Al intentar sondear una tarjeta PCI mt7921e sin firmware, se obtiene un sondeo exitoso donde no se ha llamado a ieee80211_register_hw. Al desinstalar el controlador, se llama a ieee802111_unregister_hw incondicionalmente, lo que provoca una desreferencia de puntero nulo en el kernel. Se solucion\u00f3 el problema al ejecutar la rutina mt76_unregister_device solo para hardware registrado." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53072.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53072.json index f3391d462f7..9990e8f3a6d 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53072.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53072.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53072", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:26.237", - "lastModified": "2025-05-02T16:15:26.237", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: use the workqueue to destroy unaccepted sockets\n\nChristoph reported a UaF at token lookup time after having\nrefactored the passive socket initialization part:\n\n BUG: KASAN: use-after-free in __token_bucket_busy+0x253/0x260\n Read of size 4 at addr ffff88810698d5b0 by task syz-executor653/3198\n\n CPU: 1 PID: 3198 Comm: syz-executor653 Not tainted 6.2.0-rc59af4eaa31c1f6c00c8f1e448ed99a45c66340dd5 #6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Call Trace:\n \n dump_stack_lvl+0x6e/0x91\n print_report+0x16a/0x46f\n kasan_report+0xad/0x130\n __token_bucket_busy+0x253/0x260\n mptcp_token_new_connect+0x13d/0x490\n mptcp_connect+0x4ed/0x860\n __inet_stream_connect+0x80e/0xd90\n tcp_sendmsg_fastopen+0x3ce/0x710\n mptcp_sendmsg+0xff1/0x1a20\n inet_sendmsg+0x11d/0x140\n __sys_sendto+0x405/0x490\n __x64_sys_sendto+0xdc/0x1b0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nWe need to properly clean-up all the paired MPTCP-level\nresources and be sure to release the msk last, even when\nthe unaccepted subflow is destroyed by the TCP internals\nvia inet_child_forget().\n\nWe can re-use the existing MPTCP_WORK_CLOSE_SUBFLOW infra,\nexplicitly checking that for the critical scenario: the\nclosed subflow is the MPC one, the msk is not accepted and\neventually going through full cleanup.\n\nWith such change, __mptcp_destroy_sock() is always called\non msk sockets, even on accepted ones. We don't need anymore\nto transiently drop one sk reference at msk clone time.\n\nPlease note this commit depends on the parent one:\n\n mptcp: refactor passive socket initialization" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: usa workqueue para destruir sockets no aceptados Christoph inform\u00f3 un UaF en el momento de la b\u00fasqueda del token despu\u00e9s de haber refactorizado la parte de inicializaci\u00f3n del socket pasivo: ERROR: KASAN: use-after-free en __token_bucket_busy+0x253/0x260 Lectura de tama\u00f1o 4 en la direcci\u00f3n ffff88810698d5b0 por la tarea syz-executor653/3198 CPU: 1 PID: 3198 Comm: syz-executor653 No contaminado 6.2.0-rc59af4eaa31c1f6c00c8f1e448ed99a45c66340dd5 #6 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 01/04/2014 Rastreo de llamadas: dump_stack_lvl+0x6e/0x91 print_report+0x16a/0x46f kasan_report+0xad/0x130 __token_bucket_busy+0x253/0x260 mptcp_token_new_connect+0x13d/0x490 mptcp_connect+0x4ed/0x860 __inet_stream_connect+0x80e/0xd90 tcp_sendmsg_fastopen+0x3ce/0x710 mptcp_sendmsg+0xff1/0x1a20 inet_sendmsg+0x11d/0x140 __sys_sendto+0x405/0x490 __x64_sys_sendto+0xdc/0x1b0 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc Necesitamos limpiar correctamente todos los recursos emparejados de nivel MPTCP y asegurarnos de liberar el msk al final, incluso cuando el subflujo no aceptado es destruido por los procesos internos de TCP mediante inet_child_forget(). Podemos reutilizar la infra MPTCP_WORK_CLOSE_SUBFLOW existente, comprobando expl\u00edcitamente que para el escenario cr\u00edtico: el subflujo cerrado es el de MPC, el msk no es aceptado y finalmente se realiza una limpieza completa. Con este cambio, __mptcp_destroy_sock() siempre se llama en los sockets msk, incluso en los aceptados. Ya no es necesario eliminar temporalmente una referencia sk al clonar msk. Tenga en cuenta que esta confirmaci\u00f3n depende de la principal: mptcp: refactorizar la inicializaci\u00f3n pasiva del socket." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53073.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53073.json index ba34f2695c5..b356247a106 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53073.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53073.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53073", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:26.330", - "lastModified": "2025-05-02T16:15:26.330", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/amd/core: Always clear status for idx\n\nThe variable 'status' (which contains the unhandled overflow bits) is\nnot being properly masked in some cases, displaying the following\nwarning:\n\n WARNING: CPU: 156 PID: 475601 at arch/x86/events/amd/core.c:972 amd_pmu_v2_handle_irq+0x216/0x270\n\nThis seems to be happening because the loop is being continued before\nthe status bit being unset, in case x86_perf_event_set_period()\nreturns 0. This is also causing an inconsistency because the \"handled\"\ncounter is incremented, but the status bit is not cleaned.\n\nMove the bit cleaning together above, together when the \"handled\"\ncounter is incremented." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: perf/x86/amd/core: Siempre borrar el estado de idx. La variable 'status' (que contiene los bits de desbordamiento no controlados) no se enmascara correctamente en algunos casos, mostrando la siguiente advertencia: ADVERTENCIA: CPU: 156 PID: 475601 en arch/x86/events/amd/core.c:972 amd_pmu_v2_handle_irq+0x216/0x270. Esto parece estar sucediendo porque el bucle contin\u00faa antes de que se desactive el bit de estado, en caso de que x86_perf_event_set_period() devuelva 0. Esto tambi\u00e9n causa una inconsistencia porque el contador \"controlado\" se incrementa, pero el bit de estado no se limpia. Mueva la limpieza de bits junto arriba, junto cuando se incrementa el contador \"controlado\"." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53074.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53074.json index b628261bec8..fdc0a7e1daf 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53074.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53074.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53074", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:26.420", - "lastModified": "2025-05-02T16:15:26.420", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini\n\nThe call trace occurs when the amdgpu is removed after\nthe mode1 reset. During mode1 reset, from suspend to resume,\nthere is no need to reinitialize the ta firmware buffer\nwhich caused the bo pin_count increase redundantly.\n\n[ 489.885525] Call Trace:\n[ 489.885525] \n[ 489.885526] amdttm_bo_put+0x34/0x50 [amdttm]\n[ 489.885529] amdgpu_bo_free_kernel+0xe8/0x130 [amdgpu]\n[ 489.885620] psp_free_shared_bufs+0xb7/0x150 [amdgpu]\n[ 489.885720] psp_hw_fini+0xce/0x170 [amdgpu]\n[ 489.885815] amdgpu_device_fini_hw+0x2ff/0x413 [amdgpu]\n[ 489.885960] ? blocking_notifier_chain_unregister+0x56/0xb0\n[ 489.885962] amdgpu_driver_unload_kms+0x51/0x60 [amdgpu]\n[ 489.886049] amdgpu_pci_remove+0x5a/0x140 [amdgpu]\n[ 489.886132] ? __pm_runtime_resume+0x60/0x90\n[ 489.886134] pci_device_remove+0x3e/0xb0\n[ 489.886135] __device_release_driver+0x1ab/0x2a0\n[ 489.886137] driver_detach+0xf3/0x140\n[ 489.886138] bus_remove_driver+0x6c/0xf0\n[ 489.886140] driver_unregister+0x31/0x60\n[ 489.886141] pci_unregister_driver+0x40/0x90\n[ 489.886142] amdgpu_exit+0x15/0x451 [amdgpu]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: se corrige la advertencia de seguimiento de llamadas ttm_bo en psp_hw_fini. El seguimiento de llamadas se produce al eliminar amdgpu tras el reinicio en modo 1. Durante el reinicio en modo 1, desde la suspensi\u00f3n hasta la reanudaci\u00f3n, no es necesario reinicializar el b\u00fafer de firmware ta, lo que provocaba un aumento redundante en el recuento de pines de bo. [ 489.885525] Seguimiento de llamadas: [ 489.885525] [ 489.885526] amdttm_bo_put+0x34/0x50 [amdttm] [ 489.885529] amdgpu_bo_free_kernel+0xe8/0x130 [amdgpu] [ 489.885620] psp_free_shared_bufs+0xb7/0x150 [amdgpu] [ 489.885720] psp_hw_fini+0xce/0x170 [amdgpu] [ 489.885815] amdgpu_device_fini_hw+0x2ff/0x413 [amdgpu] [ 489.885960] ? blocking_notifier_chain_unregister+0x56/0xb0 [ 489.885962] amdgpu_driver_unload_kms+0x51/0x60 [amdgpu] [ 489.886049] amdgpu_pci_remove+0x5a/0x140 [amdgpu] [ 489.886132] ? __pm_runtime_resume+0x60/0x90 [ 489.886134] pci_device_remove+0x3e/0xb0 [ 489.886135] __device_release_driver+0x1ab/0x2a0 [ 489.886137] driver_detach+0xf3/0x140 [ 489.886138] bus_remove_driver+0x6c/0xf0 [ 489.886140] driver_unregister+0x31/0x60 [ 489.886141] pci_unregister_driver+0x40/0x90 [ 489.886142] amdgpu_exit+0x15/0x451 [amdgpu] " } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53075.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53075.json index 24cf761f643..23fca3df9b4 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53075.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53075.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53075", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:26.510", - "lastModified": "2025-05-02T16:15:26.510", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix invalid address access in lookup_rec() when index is 0\n\nKASAN reported follow problem:\n\n BUG: KASAN: use-after-free in lookup_rec\n Read of size 8 at addr ffff000199270ff0 by task modprobe\n CPU: 2 Comm: modprobe\n Call trace:\n kasan_report\n __asan_load8\n lookup_rec\n ftrace_location\n arch_check_ftrace_location\n check_kprobe_address_safe\n register_kprobe\n\nWhen checking pg->records[pg->index - 1].ip in lookup_rec(), it can get a\npg which is newly added to ftrace_pages_start in ftrace_process_locs().\nBefore the first pg->index++, index is 0 and accessing pg->records[-1].ip\nwill cause this problem.\n\nDon't check the ip when pg->index is 0." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ftrace: Se corrige el acceso a direcciones no v\u00e1lidas en lookup_rec() cuando el \u00edndice es 0 KASAN inform\u00f3 el siguiente problema: BUG: KASAN: use-after-free en lookup_rec Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff000199270ff0 por la tarea modprobe CPU: 2 Comm: modprobe Rastreo de llamadas: kasan_report __asan_load8 lookup_rec ftrace_location arch_check_ftrace_location check_kprobe_address_safe register_kprobe Al verificar pg->records[pg->index - 1].ip en lookup_rec(), puede obtener un pg que se agreg\u00f3 recientemente a ftrace_pages_start en ftrace_process_locs(). Antes del primer pg->index++, el \u00edndice es 0 y acceder a pg->records[-1].ip causar\u00e1 este problema. No verifique la IP cuando pg->index sea 0." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53077.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53077.json index 641c69ca2f9..710dfed13c4 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53077.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53077.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53077", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:26.720", - "lastModified": "2025-05-02T16:15:26.720", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes\n\n[WHY]\nWhen PTEBufferSizeInRequests is zero, UBSAN reports the following\nwarning because dml_log2 returns an unexpected negative value:\n\n shift exponent 4294966273 is too large for 32-bit type 'int'\n\n[HOW]\n\nIn the case PTEBufferSizeInRequests is zero, skip the dml_log2() and\nassign the result directly." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: corregir desplazamiento fuera de los l\u00edmites en CalculateVMAndRowBytes [POR QU\u00c9] Cuando PTEBufferSizeInRequests es cero, UBSAN informa la siguiente advertencia porque dml_log2 devuelve un valor negativo inesperado: el exponente de desplazamiento 4294966273 es demasiado grande para el tipo de 32 bits 'int' [C\u00d3MO] En el caso de que PTEBufferSizeInRequests sea cero, omita dml_log2() y asigne el resultado directamente." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53078.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53078.json index a653db37f26..1a89fd2c673 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53078.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53078.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53078", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:26.820", - "lastModified": "2025-05-02T16:15:26.820", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()\n\nIf alua_rtpg_queue() failed from alua_activate(), then 'qdata' is not\nfreed, which will cause following memleak:\n\nunreferenced object 0xffff88810b2c6980 (size 32):\n comm \"kworker/u16:2\", pid 635322, jiffies 4355801099 (age 1216426.076s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$.............\n backtrace:\n [<0000000098f3a26d>] alua_activate+0xb0/0x320\n [<000000003b529641>] scsi_dh_activate+0xb2/0x140\n [<000000007b296db3>] activate_path_work+0xc6/0xe0 [dm_multipath]\n [<000000007adc9ace>] process_one_work+0x3c5/0x730\n [<00000000c457a985>] worker_thread+0x93/0x650\n [<00000000cb80e628>] kthread+0x1ba/0x210\n [<00000000a1e61077>] ret_from_fork+0x22/0x30\n\nFix the problem by freeing 'qdata' in error path." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: scsi_dh_alua: Se corrige la fuga de memoria para 'qdata' en alua_activate(). Si alua_rtpg_queue() falla desde alua_activate(), entonces 'qdata' no se libera, lo que causar\u00e1 la siguiente fuga de memoria: objeto sin referencia 0xffff88810b2c6980 (tama\u00f1o 32): comm \"kworker/u16:2\", pid 635322, jiffies 4355801099 (edad 1216426.076s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$............. backtrace: [<0000000098f3a26d>] alua_activate+0xb0/0x320 [<000000003b529641>] scsi_dh_activate+0xb2/0x140 [<000000007b296db3>] activate_path_work+0xc6/0xe0 [dm_multipath] [<000000007adc9ace>] process_one_work+0x3c5/0x730 [<00000000c457a985>] worker_thread+0x93/0x650 [<00000000cb80e628>] kthread+0x1ba/0x210 [<00000000a1e61077>] ret_from_fork+0x22/0x30 Solucione el problema liberando 'qdata' en la ruta de error." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53079.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53079.json index 5f5dd9086c5..f9b60acee92 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53079.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53079.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53079", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:26.923", - "lastModified": "2025-05-02T16:15:26.923", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix steering rules cleanup\n\nvport's mc, uc and multicast rules are not deleted in teardown path when\nEEH happens. Since the vport's promisc settings(uc, mc and all) in\nfirmware are reset after EEH, mlx5 driver will try to delete the above\nrules in the initialization path. This cause kernel crash because these\nsoftware rules are no longer valid.\n\nFix by nullifying these rules right after delete to avoid accessing any dangling\npointers.\n\nCall Trace:\n__list_del_entry_valid+0xcc/0x100 (unreliable)\ntree_put_node+0xf4/0x1b0 [mlx5_core]\ntree_remove_node+0x30/0x70 [mlx5_core]\nmlx5_del_flow_rules+0x14c/0x1f0 [mlx5_core]\nesw_apply_vport_rx_mode+0x10c/0x200 [mlx5_core]\nesw_update_vport_rx_mode+0xb4/0x180 [mlx5_core]\nesw_vport_change_handle_locked+0x1ec/0x230 [mlx5_core]\nesw_enable_vport+0x130/0x260 [mlx5_core]\nmlx5_eswitch_enable_sriov+0x2a0/0x2f0 [mlx5_core]\nmlx5_device_enable_sriov+0x74/0x440 [mlx5_core]\nmlx5_load_one+0x114c/0x1550 [mlx5_core]\nmlx5_pci_resume+0x68/0xf0 [mlx5_core]\neeh_report_resume+0x1a4/0x230\neeh_pe_dev_traverse+0x98/0x170\neeh_handle_normal_event+0x3e4/0x640\neeh_handle_event+0x4c/0x370\neeh_event_handler+0x14c/0x210\nkthread+0x168/0x1b0\nret_from_kernel_thread+0x5c/0x84" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: Se corrige la eliminaci\u00f3n de las reglas de direccionamiento de las reglas de limpieza de vport mc, uc y multicast en la ruta de desmontaje cuando se produce EEH. Dado que la configuraci\u00f3n promisc del vport (uc, mc y todas) en el firmware se restablece despu\u00e9s de EEH, el controlador mlx5 intentar\u00e1 eliminar las reglas mencionadas en la ruta de inicializaci\u00f3n. Esto provoca un fallo del kernel porque estas reglas de software ya no son v\u00e1lidas. Se corrige anulando estas reglas justo despu\u00e9s de la eliminaci\u00f3n para evitar el acceso a punteros colgantes. Rastreo de llamadas: __list_del_entry_valid+0xcc/0x100 (unreliable) tree_put_node+0xf4/0x1b0 [mlx5_core] tree_remove_node+0x30/0x70 [mlx5_core] mlx5_del_flow_rules+0x14c/0x1f0 [mlx5_core] esw_apply_vport_rx_mode+0x10c/0x200 [mlx5_core] esw_update_vport_rx_mode+0xb4/0x180 [mlx5_core] esw_vport_change_handle_locked+0x1ec/0x230 [mlx5_core] esw_enable_vport+0x130/0x260 [mlx5_core] mlx5_eswitch_enable_sriov+0x2a0/0x2f0 [mlx5_core] mlx5_device_enable_sriov+0x74/0x440 [mlx5_core] mlx5_load_one+0x114c/0x1550 [mlx5_core] mlx5_pci_resume+0x68/0xf0 [mlx5_core] eeh_report_resume+0x1a4/0x230 eeh_pe_dev_traverse+0x98/0x170 eeh_handle_normal_event+0x3e4/0x640 eeh_handle_event+0x4c/0x370 eeh_event_handler+0x14c/0x210 kthread+0x168/0x1b0 ret_from_kernel_thread+0x5c/0x84 " } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53080.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53080.json index 060abd79d0b..2796ae6a1aa 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53080.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53080.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53080", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:27.020", - "lastModified": "2025-05-02T16:15:27.020", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Add missing overflow check in xdp_umem_reg\n\nThe number of chunks can overflow u32. Make sure to return -EINVAL on\noverflow. Also remove a redundant u32 cast assigning umem->npgs." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xsk: Se ha a\u00f1adido una comprobaci\u00f3n de desbordamiento faltante en xdp_umem_reg. El n\u00famero de fragmentos puede desbordar u32. Aseg\u00farese de devolver -EINVAL en caso de desbordamiento. Tambi\u00e9n se ha eliminado una conversi\u00f3n u32 redundante que asigna umem->npgs." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53081.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53081.json index 039d0ed4798..6b06de9b64e 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53081.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53081.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53081", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:27.117", - "lastModified": "2025-05-02T16:15:27.117", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix data corruption after failed write\n\nWhen buffered write fails to copy data into underlying page cache page,\nocfs2_write_end_nolock() just zeroes out and dirties the page. This can\nleave dirty page beyond EOF and if page writeback tries to write this page\nbefore write succeeds and expands i_size, page gets into inconsistent\nstate where page dirty bit is clear but buffer dirty bits stay set\nresulting in page data never getting written and so data copied to the\npage is lost. Fix the problem by invalidating page beyond EOF after\nfailed write." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ocfs2: se corrige la corrupci\u00f3n de datos tras una escritura fallida. Cuando una escritura en b\u00fafer no copia los datos en la p\u00e1gina de cach\u00e9 de la p\u00e1gina subyacente, ocfs2_write_end_nolock() simplemente pone a cero y contamina la p\u00e1gina. Esto puede dejar una p\u00e1gina contaminada m\u00e1s all\u00e1 del EOF. Si la escritura diferida intenta escribir en esta p\u00e1gina antes de que la escritura tenga \u00e9xito y expande i_size, la p\u00e1gina entra en un estado inconsistente donde el bit de p\u00e1gina contaminada se borra, pero los bits de b\u00fafer contaminados permanecen activos, lo que resulta en que los datos de la p\u00e1gina nunca se escriban y, por lo tanto, se pierdan los datos copiados. Se soluciona el problema invalidando la p\u00e1gina m\u00e1s all\u00e1 del EOF tras una escritura fallida." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53082.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53082.json index 73a499a2788..7664e1141e1 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53082.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53082.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53082", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:27.220", - "lastModified": "2025-05-02T16:15:27.220", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvp_vdpa: fix the crash in hot unplug with vp_vdpa\n\nWhile unplugging the vp_vdpa device, it triggers a kernel panic\nThe root cause is: vdpa_mgmtdev_unregister() will accesses modern\ndevices which will cause a use after free.\nSo need to change the sequence in vp_vdpa_remove\n\n[ 195.003359] BUG: unable to handle page fault for address: ff4e8beb80199014\n[ 195.004012] #PF: supervisor read access in kernel mode\n[ 195.004486] #PF: error_code(0x0000) - not-present page\n[ 195.004960] PGD 100000067 P4D 1001b6067 PUD 1001b7067 PMD 1001b8067 PTE 0\n[ 195.005578] Oops: 0000 1 PREEMPT SMP PTI\n[ 195.005968] CPU: 13 PID: 164 Comm: kworker/u56:10 Kdump: loaded Not tainted 5.14.0-252.el9.x86_64 #1\n[ 195.006792] Hardware name: Red Hat KVM/RHEL, BIOS edk2-20221207gitfff6d81270b5-2.el9 unknown\n[ 195.007556] Workqueue: kacpi_hotplug acpi_hotplug_work_fn\n[ 195.008059] RIP: 0010:ioread8+0x31/0x80\n[ 195.008418] Code: 77 28 48 81 ff 00 00 01 00 76 0b 89 fa ec 0f b6 c0 c3 cc cc cc cc 8b 15 ad 72 93 01 b8 ff 00 00 00 85 d2 75 0f c3 cc cc cc cc <8a> 07 0f b6 c0 c3 cc cc cc cc 83 ea 01 48 83 ec 08 48 89 fe 48 c7\n[ 195.010104] RSP: 0018:ff4e8beb8067bab8 EFLAGS: 00010292\n[ 195.010584] RAX: ffffffffc05834a0 RBX: ffffffffc05843c0 RCX: ff4e8beb8067bae0\n[ 195.011233] RDX: ff1bcbd580f88000 RSI: 0000000000000246 RDI: ff4e8beb80199014\n[ 195.011881] RBP: ff1bcbd587e39000 R08: ffffffff916fa2d0 R09: ff4e8beb8067ba68\n[ 195.012527] R10: 000000000000001c R11: 0000000000000000 R12: ff1bcbd5a3de9120\n[ 195.013179] R13: ffffffffc062d000 R14: 0000000000000080 R15: ff1bcbe402bc7805\n[ 195.013826] FS: 0000000000000000(0000) GS:ff1bcbe402740000(0000) knlGS:0000000000000000\n[ 195.014564] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 195.015093] CR2: ff4e8beb80199014 CR3: 0000000107dea002 CR4: 0000000000771ee0\n[ 195.015741] PKRU: 55555554\n[ 195.016001] Call Trace:\n[ 195.016233] \n[ 195.016434] vp_modern_get_status+0x12/0x20\n[ 195.016823] vp_vdpa_reset+0x1b/0x50 [vp_vdpa]\n[ 195.017238] virtio_vdpa_reset+0x3c/0x48 [virtio_vdpa]\n[ 195.017709] remove_vq_common+0x1f/0x3a0 [virtio_net]\n[ 195.018178] virtnet_remove+0x5d/0x70 [virtio_net]\n[ 195.018618] virtio_dev_remove+0x3d/0x90\n[ 195.018986] device_release_driver_internal+0x1aa/0x230\n[ 195.019466] bus_remove_device+0xd8/0x150\n[ 195.019841] device_del+0x18b/0x3f0\n[ 195.020167] ? kernfs_find_ns+0x35/0xd0\n[ 195.020526] device_unregister+0x13/0x60\n[ 195.020894] unregister_virtio_device+0x11/0x20\n[ 195.021311] device_release_driver_internal+0x1aa/0x230\n[ 195.021790] bus_remove_device+0xd8/0x150\n[ 195.022162] device_del+0x18b/0x3f0\n[ 195.022487] device_unregister+0x13/0x60\n[ 195.022852] ? vdpa_dev_remove+0x30/0x30 [vdpa]\n[ 195.023270] vp_vdpa_dev_del+0x12/0x20 [vp_vdpa]\n[ 195.023694] vdpa_match_remove+0x2b/0x40 [vdpa]\n[ 195.024115] bus_for_each_dev+0x78/0xc0\n[ 195.024471] vdpa_mgmtdev_unregister+0x65/0x80 [vdpa]\n[ 195.024937] vp_vdpa_remove+0x23/0x40 [vp_vdpa]\n[ 195.025353] pci_device_remove+0x36/0xa0\n[ 195.025719] device_release_driver_internal+0x1aa/0x230\n[ 195.026201] pci_stop_bus_device+0x6c/0x90\n[ 195.026580] pci_stop_and_remove_bus_device+0xe/0x20\n[ 195.027039] disable_slot+0x49/0x90\n[ 195.027366] acpiphp_disable_and_eject_slot+0x15/0x90\n[ 195.027832] hotplug_event+0xea/0x210\n[ 195.028171] ? hotplug_event+0x210/0x210\n[ 195.028535] acpiphp_hotplug_notify+0x22/0x80\n[ 195.028942] ? hotplug_event+0x210/0x210\n[ 195.029303] acpi_device_hotplug+0x8a/0x1d0\n[ 195.029690] acpi_hotplug_work_fn+0x1a/0x30\n[ 195.030077] process_one_work+0x1e8/0x3c0\n[ 195.030451] worker_thread+0x50/0x3b0\n[ 195.030791] ? rescuer_thread+0x3a0/0x3a0\n[ 195.031165] kthread+0xd9/0x100\n[ 195.031459] ? kthread_complete_and_exit+0x20/0x20\n[ 195.031899] ret_from_fork+0x22/0x30\n[ 195.032233] " + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vp_vdpa: corrige el fallo en la desconexi\u00f3n activa con vp_vdpa Al desconectar el dispositivo vp_vdpa, se desencadena un p\u00e1nico del kernel La causa ra\u00edz es: vdpa_mgmtdev_unregister() acceder\u00e1 a dispositivos modernos, lo que provocar\u00e1 un use-after-free. Entonces es necesario cambiar la secuencia en vp_vdpa_remove [ 195.003359] ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: ff4e8beb80199014 [ 195.004012] #PF: acceso de lectura del supervisor en modo kernel [ 195.004486] #PF: error_code(0x0000) - p\u00e1gina no presente [ 195.004960] PGD 100000067 P4D 1001b6067 PUD 1001b7067 PMD 1001b8067 PTE 0 [ 195.005578] Oops: 0000 1 PREEMPT SMP PTI [ 195.005968] CPU: 13 PID: 164 Comm: kworker/u56:10 Kdump: cargado No contaminado 5.14.0-252.el9.x86_64 #1 [ 195.006792] Nombre del hardware: Red Hat KVM/RHEL, BIOS edk2-20221207gitfff6d81270b5-2.el9 unknown [ 195.007556] Workqueue: kacpi_hotplug acpi_hotplug_work_fn [ 195.008059] RIP: 0010:ioread8+0x31/0x80 [ 195.008418] Code: 77 28 48 81 ff 00 00 01 00 76 0b 89 fa ec 0f b6 c0 c3 cc cc cc cc 8b 15 ad 72 93 01 b8 ff 00 00 00 85 d2 75 0f c3 cc cc cc cc <8a> 07 0f b6 c0 c3 cc cc cc cc 83 ea 01 48 83 ec 08 48 89 fe 48 c7 [ 195.010104] RSP: 0018:ff4e8beb8067bab8 EFLAGS: 00010292 [ 195.010584] RAX: ffffffffc05834a0 RBX: ffffffffc05843c0 RCX: ff4e8beb8067bae0 [ 195.011233] RDX: ff1bcbd580f88000 RSI: 0000000000000246 RDI: ff4e8beb80199014 [ 195.011881] RBP: ff1bcbd587e39000 R08: ffffffff916fa2d0 R09: ff4e8beb8067ba68 [ 195.012527] R10: 000000000000001c R11: 0000000000000000 R12: ff1bcbd5a3de9120 [ 195.013179] R13: ffffffffc062d000 R14: 0000000000000080 R15: ff1bcbe402bc7805 [ 195.013826] FS: 0000000000000000(0000) GS:ff1bcbe402740000(0000) knlGS:0000000000000000 [ 195.014564] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 195.015093] CR2: ff4e8beb80199014 CR3: 0000000107dea002 CR4: 0000000000771ee0 [ 195.015741] PKRU: 55555554 [ 195.016001] Call Trace: [ 195.016233] [ 195.016434] vp_modern_get_status+0x12/0x20 [ 195.016823] vp_vdpa_reset+0x1b/0x50 [vp_vdpa] [ 195.017238] virtio_vdpa_reset+0x3c/0x48 [virtio_vdpa] [ 195.017709] remove_vq_common+0x1f/0x3a0 [virtio_net] [ 195.018178] virtnet_remove+0x5d/0x70 [virtio_net] [ 195.018618] virtio_dev_remove+0x3d/0x90 [ 195.018986] device_release_driver_internal+0x1aa/0x230 [ 195.019466] bus_remove_device+0xd8/0x150 [ 195.019841] device_del+0x18b/0x3f0 [ 195.020167] ? kernfs_find_ns+0x35/0xd0 [ 195.020526] device_unregister+0x13/0x60 [ 195.020894] unregister_virtio_device+0x11/0x20 [ 195.021311] device_release_driver_internal+0x1aa/0x230 [ 195.021790] bus_remove_device+0xd8/0x150 [ 195.022162] device_del+0x18b/0x3f0 [ 195.022487] device_unregister+0x13/0x60 [ 195.022852] ? vdpa_dev_remove+0x30/0x30 [vdpa] [ 195.023270] vp_vdpa_dev_del+0x12/0x20 [vp_vdpa] [ 195.023694] vdpa_match_remove+0x2b/0x40 [vdpa] [ 195.024115] bus_for_each_dev+0x78/0xc0 [ 195.024471] vdpa_mgmtdev_unregister+0x65/0x80 [vdpa] [ 195.024937] vp_vdpa_remove+0x23/0x40 [vp_vdpa] [ 195.025353] pci_device_remove+0x36/0xa0 [ 195.025719] device_release_driver_internal+0x1aa/0x230 [ 195.026201] pci_stop_bus_device+0x6c/0x90 [ 195.026580] pci_stop_and_remove_bus_device+0xe/0x20 [ 195.027039] disable_slot+0x49/0x90 [ 195.027366] acpiphp_disable_and_eject_slot+0x15/0x90 [ 195.027832] hotplug_event+0xea/0x210 [ 195.028171] ? hotplug_event+0x210/0x210 [ 195.028535] acpiphp_hotplug_notify+0x22/0x80 [ 195.028942] ? hotplug_event+0x210/0x210 [ 195.029303] acpi_device_hotplug+0x8a/0x1d0 [ 195.029690] acpi_hotplug_work_fn+0x1a/0x30 [ 195.030077] process_one_work+0x1e8/0x3c0 [ 195.030451] worker_thread+0x50/0x3b0 [ 195.030791] ? rescuer_thread+0x3a0/0x3a0 [ 195.031165] kthread+0xd9/0x100 [ 195.031459] ? kthread_complete_and_exit+0x20/0x20 [ 195.031899] ret_from_fork+0x22/0x30 [ 195.032233] " } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53083.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53083.json index 5946f5d4769..3e955b27940 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53083.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53083.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53083", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:27.310", - "lastModified": "2025-05-02T16:15:27.310", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: don't replace page in rq_pages if it's a continuation of last page\n\nThe splice read calls nfsd_splice_actor to put the pages containing file\ndata into the svc_rqst->rq_pages array. It's possible however to get a\nsplice result that only has a partial page at the end, if (e.g.) the\nfilesystem hands back a short read that doesn't cover the whole page.\n\nnfsd_splice_actor will plop the partial page into its rq_pages array and\nreturn. Then later, when nfsd_splice_actor is called again, the\nremainder of the page may end up being filled out. At this point,\nnfsd_splice_actor will put the page into the array _again_ corrupting\nthe reply. If this is done enough times, rq_next_page will overrun the\narray and corrupt the trailing fields -- the rq_respages and\nrq_next_page pointers themselves.\n\nIf we've already added the page to the array in the last pass, don't add\nit to the array a second time when dealing with a splice continuation.\nThis was originally handled properly in nfsd_splice_actor, but commit\n91e23b1c3982 (\"NFSD: Clean up nfsd_splice_actor()\") removed the check\nfor it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: no reemplace la p\u00e1gina en rq_pages si es una continuaci\u00f3n de la \u00faltima p\u00e1gina la lectura de empalme llama a nfsd_splice_actor para poner las p\u00e1ginas que contienen datos de archivo en la matriz svc_rqst->rq_pages. Sin embargo, es posible obtener un resultado de empalme que solo tenga una p\u00e1gina parcial al final, si (p. ej.) el sistema de archivos devuelve una lectura corta que no cubre toda la p\u00e1gina. nfsd_splice_actor colocar\u00e1 la p\u00e1gina parcial en su matriz rq_pages y retornar\u00e1. Luego, m\u00e1s tarde, cuando se vuelva a llamar a nfsd_splice_actor, el resto de la p\u00e1gina puede terminar llen\u00e1ndose. En este punto, nfsd_splice_actor colocar\u00e1 la p\u00e1gina en array _again_ corrompiendo la respuesta. Si esto se repite varias veces, rq_next_page saturar\u00e1 el array y corromper\u00e1 los campos finales: los punteros rq_respages y rq_next_page. Si ya a\u00f1adimos la p\u00e1gina al array en la \u00faltima pasada, no la a\u00f1adamos una segunda vez al tratar con una continuaci\u00f3n de empalme. Esto se gestionaba correctamente en nfsd_splice_actor, pero el commit 91e23b1c3982 (\"NFSD: Limpiar nfsd_splice_actor()\") elimin\u00f3 la comprobaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53084.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53084.json index 48476615148..b7e2bdcc722 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53084.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53084.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53084", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:27.403", - "lastModified": "2025-05-02T16:15:27.403", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/shmem-helper: Remove another errant put in error path\n\ndrm_gem_shmem_mmap() doesn't own reference in error code path, resulting\nin the dma-buf shmem GEM object getting prematurely freed leading to a\nlater use-after-free." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/shmem-helper: Eliminar otro objeto errante en la ruta de error drm_gem_shmem_mmap() no posee una referencia en la ruta del c\u00f3digo de error, lo que da como resultado que el objeto GEM shmem dma-buf se libere prematuramente y genere un use-after-free posterior." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53085.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53085.json index 82db9727117..2f62e71e496 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53085.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53085.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53085", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:27.493", - "lastModified": "2025-05-02T16:15:27.493", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/edid: fix info leak when failing to get panel id\n\nMake sure to clear the transfer buffer before fetching the EDID to\navoid leaking slab data to the logs on errors that leave the buffer\nunchanged." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/edid: corrige p\u00e9rdida de informaci\u00f3n cuando no se puede obtener el ID del panel. Aseg\u00farese de borrar el b\u00fafer de transferencia antes de obtener el EDID para evitar filtrar datos de la losa a los registros en errores que dejan el b\u00fafer sin cambios." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53086.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53086.json index 7c97364bd9d..31542d63de2 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53086.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53086.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53086", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:27.580", - "lastModified": "2025-05-02T16:15:27.580", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: connac: do not check WED status for non-mmio devices\n\nWED is supported just for mmio devices, so do not check it for usb or\nsdio devices. This patch fixes the crash reported below:\n\n[ 21.946627] wlp0s3u1i3: authenticate with c4:41:1e:f5:2b:1d\n[ 22.525298] wlp0s3u1i3: send auth to c4:41:1e:f5:2b:1d (try 1/3)\n[ 22.548274] wlp0s3u1i3: authenticate with c4:41:1e:f5:2b:1d\n[ 22.557694] wlp0s3u1i3: send auth to c4:41:1e:f5:2b:1d (try 1/3)\n[ 22.565885] wlp0s3u1i3: authenticated\n[ 22.569502] wlp0s3u1i3: associate with c4:41:1e:f5:2b:1d (try 1/3)\n[ 22.578966] wlp0s3u1i3: RX AssocResp from c4:41:1e:f5:2b:1d (capab=0x11 status=30 aid=3)\n[ 22.579113] wlp0s3u1i3: c4:41:1e:f5:2b:1d rejected association temporarily; comeback duration 1000 TU (1024 ms)\n[ 23.649518] wlp0s3u1i3: associate with c4:41:1e:f5:2b:1d (try 2/3)\n[ 23.752528] wlp0s3u1i3: RX AssocResp from c4:41:1e:f5:2b:1d (capab=0x11 status=0 aid=3)\n[ 23.797450] wlp0s3u1i3: associated\n[ 24.959527] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)\n[ 24.959640] BUG: unable to handle page fault for address: ffff88800c223200\n[ 24.959706] #PF: supervisor instruction fetch in kernel mode\n[ 24.959788] #PF: error_code(0x0011) - permissions violation\n[ 24.959846] PGD 2c01067 P4D 2c01067 PUD 2c02067 PMD c2a8063 PTE 800000000c223163\n[ 24.959957] Oops: 0011 [#1] PREEMPT SMP\n[ 24.960009] CPU: 0 PID: 391 Comm: wpa_supplicant Not tainted 6.2.0-kvm #18\n[ 24.960089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.1-2.fc37 04/01/2014\n[ 24.960191] RIP: 0010:0xffff88800c223200\n[ 24.960446] RSP: 0018:ffffc90000ff7698 EFLAGS: 00010282\n[ 24.960513] RAX: ffff888028397010 RBX: ffff88800c26e630 RCX: 0000000000000058\n[ 24.960598] RDX: ffff88800c26f844 RSI: 0000000000000006 RDI: ffff888028397010\n[ 24.960682] RBP: ffff88800ea72f00 R08: 18b873fbab2b964c R09: be06b38235f3c63c\n[ 24.960766] R10: 18b873fbab2b964c R11: be06b38235f3c63c R12: 0000000000000001\n[ 24.960853] R13: ffff88800c26f84c R14: ffff8880063f0ff8 R15: ffff88800c26e644\n[ 24.960950] FS: 00007effcea327c0(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000\n[ 24.961036] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 24.961106] CR2: ffff88800c223200 CR3: 000000000eaa2000 CR4: 00000000000006b0\n[ 24.961190] Call Trace:\n[ 24.961219] \n[ 24.961245] ? mt76_connac_mcu_add_key+0x2cf/0x310\n[ 24.961313] ? mt7921_set_key+0x150/0x200\n[ 24.961365] ? drv_set_key+0xa9/0x1b0\n[ 24.961418] ? ieee80211_key_enable_hw_accel+0xd9/0x240\n[ 24.961485] ? ieee80211_key_replace+0x3f3/0x730\n[ 24.961541] ? crypto_shash_setkey+0x89/0xd0\n[ 24.961597] ? ieee80211_key_link+0x2d7/0x3a0\n[ 24.961664] ? crypto_aead_setauthsize+0x31/0x50\n[ 24.961730] ? sta_info_hash_lookup+0xa6/0xf0\n[ 24.961785] ? ieee80211_add_key+0x1fc/0x250\n[ 24.961842] ? rdev_add_key+0x41/0x140\n[ 24.961882] ? nl80211_parse_key+0x6c/0x2f0\n[ 24.961940] ? nl80211_new_key+0x24a/0x290\n[ 24.961984] ? genl_rcv_msg+0x36c/0x3a0\n[ 24.962036] ? rdev_mod_link_station+0xe0/0xe0\n[ 24.962102] ? nl80211_set_key+0x410/0x410\n[ 24.962143] ? nl80211_pre_doit+0x200/0x200\n[ 24.962187] ? genl_bind+0xc0/0xc0\n[ 24.962217] ? netlink_rcv_skb+0xaa/0xd0\n[ 24.962259] ? genl_rcv+0x24/0x40\n[ 24.962300] ? netlink_unicast+0x224/0x2f0\n[ 24.962345] ? netlink_sendmsg+0x30b/0x3d0\n[ 24.962388] ? ____sys_sendmsg+0x109/0x1b0\n[ 24.962388] ? ____sys_sendmsg+0x109/0x1b0\n[ 24.962440] ? __import_iovec+0x2e/0x110\n[ 24.962482] ? ___sys_sendmsg+0xbe/0xe0\n[ 24.962525] ? mod_objcg_state+0x25c/0x330\n[ 24.962576] ? __dentry_kill+0x19e/0x1d0\n[ 24.962618] ? call_rcu+0x18f/0x270\n[ 24.962660] ? __dentry_kill+0x19e/0x1d0\n[ 24.962702] ? __x64_sys_sendmsg+0x70/0x90\n[ 24.962744] ? do_syscall_64+0x3d/0x80\n[ 24.962796] ? exit_to_user_mode_prepare+0x1b/0x70\n[ 24.962852] ? entry_SYSCA\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mt76: connac: no verifique el estado de WED para dispositivos que no sean mmio WED solo es compatible con dispositivos mmio, por lo que no lo verifique para dispositivos usb o sdio. Este parche corrige el fallo informado a continuaci\u00f3n: [ 21.946627] wlp0s3u1i3: autenticar con c4:41:1e:f5:2b:1d [ 22.525298] wlp0s3u1i3: enviar autenticaci\u00f3n a c4:41:1e:f5:2b:1d (intentar 1/3) [ 22.548274] wlp0s3u1i3: autenticar con c4:41:1e:f5:2b:1d [ 22.557694] wlp0s3u1i3: enviar autenticaci\u00f3n a c4:41:1e:f5:2b:1d (intentar 1/3) [ 22.565885] wlp0s3u1i3: autenticado [ 22.569502] wlp0s3u1i3: asociar con c4:41:1e:f5:2b:1d (try 1/3) [ 22.578966] wlp0s3u1i3: RX AssocResp de c4:41:1e:f5:2b:1d (capab=0x11 status=30 aid=3) [ 22.579113] wlp0s3u1i3: c4:41:1e:f5:2b:1d rechaz\u00f3 la asociaci\u00f3n temporalmente; duraci\u00f3n del regreso 1000 TU (1024 ms) [ 23.649518] wlp0s3u1i3: asociado con c4:41:1e:f5:2b:1d (intento 2/3) [ 23.752528] wlp0s3u1i3: RX AssocResp de c4:41:1e:f5:2b:1d (capab=0x11 status=0 aid=3) [ 23.797450] wlp0s3u1i3: asociado [ 24.959527] el kernel intent\u00f3 ejecutar p\u00e1gina protegida por NX - \u00bfintento de explotaci\u00f3n? (uid: 0) [24.959640] ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: ffff88800c223200 [24.959706] #PF: obtenci\u00f3n de instrucci\u00f3n de supervisor en modo kernel [24.959788] #PF: error_code(0x0011) - violaci\u00f3n de permisos [24.959846] PGD 2c01067 P4D 2c01067 PUD 2c02067 PMD c2a8063 PTE 800000000c223163 [24.959957] Oops: 0011 [#1] PREEMPT SMP [24.960009] CPU: 0 PID: 391 Comm: wpa_supplicant No contaminado 6.2.0-kvm #18 [ 24.960089] Nombre del hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS 1.16.1-2.fc37 01/04/2014 [ 24.960191] RIP: 0010:0xffff88800c223200 [ 24.960446] RSP: 0018:ffffc90000ff7698 EFLAGS: 00010282 [ 24.960513] RAX: ffff888028397010 RBX: ffff88800c26e630 RCX: 0000000000000058 [ 24.960598] RDX: ffff88800c26f844 RSI: 0000000000000006 RDI: ffff888028397010 [ 24.960682] RBP: ffff88800ea72f00 R08: 18b873fbab2b964c R09: be06b38235f3c63c [ 24.960766] R10: 18b873fbab2b964c R11: be06b38235f3c63c R12: 000000000000001 [ 24.960853] R13: ffff88800c26f84c R14: ffff8880063f0ff8 R15: ffff88800c26e644 [24.960950] FS: 00007effcea327c0(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000 [24.961036] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [24.961106] CR2: ffff88800c223200 CR3: 000000000eaa2000 CR4: 00000000000006b0 [24.961190] Rastreo de llamadas: [24.961219] [ 24.961245] ? mt76_connac_mcu_add_key+0x2cf/0x310 [ 24.961313] ? mt7921_set_key+0x150/0x200 [ 24.961365] ? drv_set_key+0xa9/0x1b0 [ 24.961418] ? ieee80211_key_enable_hw_accel+0xd9/0x240 [ 24.961485] ? ieee80211_key_replace+0x3f3/0x730 [ 24.961541] ? crypto_shash_setkey+0x89/0xd0 [ 24.961597] ? ieee80211_key_link+0x2d7/0x3a0 [ 24.961664] ? crypto_aead_setauthsize+0x31/0x50 [ 24.961730] ? sta_info_hash_lookup+0xa6/0xf0 [ 24.961785] ? ieee80211_add_key+0x1fc/0x250 [ 24.961842] ? rdev_add_key+0x41/0x140 [ 24.961882] ? nl80211_parse_key+0x6c/0x2f0 [ 24.961940] ? nl80211_new_key+0x24a/0x290 [ 24.961984] ? genl_rcv_msg+0x36c/0x3a0 [ 24.962036] ? rdev_mod_link_station+0xe0/0xe0 [ 24.962102] ? nl80211_set_key+0x410/0x410 [ 24.962143] ? nl80211_pre_doit+0x200/0x200 [ 24.962187] ? genl_bind+0xc0/0xc0 [ 24.962217] ? netlink_rcv_skb+0xaa/0xd0 [ 24.962259] ? genl_rcv+0x24/0x40 [ 24.962300] ? netlink_unicast+0x224/0x2f0 [ 24.962345] ? netlink_sendmsg+0x30b/0x3d0 [ 24.962388] ? ____sys_sendmsg+0x109/0x1b0 [ 24.962388] ? ____sys_sendmsg+0x109/0x1b0 [ 24.962440] ? __import_iovec+0x2e/0x110 [ 24.962482] ? ___sys_sendmsg+0xbe/0xe0 [ 24.962525] ? mod_objcg_state+0x25c/0x330 [ 24.962576] ? __dentry_kill+0x19e/0x1d0 [ 24.962618] ? call_rcu+0x18f/0x270 [ 24.962660] ? __dentry_kill+0x19e/0x1d0 [ 24.962702] ? __x64_sys_sendmsg+0x70/0x90 [ 24.962744] ? do_syscall_64+0x3d/0x80 [ 24.962796] ? exit_to_user_mode_prepare+0x1b/0x70 [ 24.962852] ? entry_SYSCA ---truncado---" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53087.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53087.json index a440382457a..22f6a6de1f3 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53087.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53087.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53087", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:27.667", - "lastModified": "2025-05-02T16:15:27.667", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/active: Fix misuse of non-idle barriers as fence trackers\n\nUsers reported oopses on list corruptions when using i915 perf with a\nnumber of concurrently running graphics applications. Root cause analysis\npointed at an issue in barrier processing code -- a race among perf open /\nclose replacing active barriers with perf requests on kernel context and\nconcurrent barrier preallocate / acquire operations performed during user\ncontext first pin / last unpin.\n\nWhen adding a request to a composite tracker, we try to reuse an existing\nfence tracker, already allocated and registered with that composite. The\ntracker we obtain may already track another fence, may be an idle barrier,\nor an active barrier.\n\nIf the tracker we get occurs a non-idle barrier then we try to delete that\nbarrier from a list of barrier tasks it belongs to. However, while doing\nthat we don't respect return value from a function that performs the\nbarrier deletion. Should the deletion ever fail, we would end up reusing\nthe tracker still registered as a barrier task. Since the same structure\nfield is reused with both fence callback lists and barrier tasks list,\nlist corruptions would likely occur.\n\nBarriers are now deleted from a barrier tasks list by temporarily removing\nthe list content, traversing that content with skip over the node to be\ndeleted, then populating the list back with the modified content. Should\nthat intentionally racy concurrent deletion attempts be not serialized,\none or more of those may fail because of the list being temporary empty.\n\nRelated code that ignores the results of barrier deletion was initially\nintroduced in v5.4 by commit d8af05ff38ae (\"drm/i915: Allow sharing the\nidle-barrier from other kernel requests\"). However, all users of the\nbarrier deletion routine were apparently serialized at that time, then the\nissue didn't exhibit itself. Results of git bisect with help of a newly\ndeveloped igt@gem_barrier_race@remote-request IGT test indicate that list\ncorruptions might start to appear after commit 311770173fac (\"drm/i915/gt:\nSchedule request retirement when timeline idles\"), introduced in v5.5.\n\nRespect results of barrier deletion attempts -- mark the barrier as idle\nonly if successfully deleted from the list. Then, before proceeding with\nsetting our fence as the one currently tracked, make sure that the tracker\nwe've got is not a non-idle barrier. If that check fails then don't use\nthat tracker but go back and try to acquire a new, usable one.\n\nv3: use unlikely() to document what outcome we expect (Andi),\n - fix bad grammar in commit description.\nv2: no code changes,\n - blame commit 311770173fac (\"drm/i915/gt: Schedule request retirement\n when timeline idles\"), v5.5, not commit d8af05ff38ae (\"drm/i915: Allow\n sharing the idle-barrier from other kernel requests\"), v5.4,\n - reword commit description.\n\n(cherry picked from commit 506006055769b10d1b2b4e22f636f3b45e0e9fc7)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/i915/active: Arregla el mal uso de barreras no inactivas como rastreadores de vallas Los usuarios informaron errores en las corrupciones de listas al usar i915 perf con varias aplicaciones gr\u00e1ficas que se ejecutan simult\u00e1neamente. El an\u00e1lisis de la causa ra\u00edz apunt\u00f3 a un problema en el c\u00f3digo de procesamiento de barreras: una ejecuci\u00f3n entre la apertura/cierre de perf que reemplaza las barreras activas con solicitudes de perf en el contexto del kernel y las operaciones de preasignaci\u00f3n/adquisici\u00f3n de barreras simult\u00e1neas realizadas durante el primer pin/\u00faltimo desanclaje del contexto del usuario. Al agregar una solicitud a un rastreador compuesto, intentamos reutilizar un rastreador de vallas existente, ya asignado y registrado con ese compuesto. El rastreador que obtenemos puede que ya rastree otra valla, puede ser una barrera inactiva o una barrera activa. Si el rastreador que obtenemos ocurre con una barrera no inactiva, entonces intentamos eliminar esa barrera de una lista de tareas de barrera a la que pertenece. Sin embargo, mientras hacemos eso no respetamos el valor de retorno de una funci\u00f3n que realiza la eliminaci\u00f3n de la barrera. Si la eliminaci\u00f3n falla, terminar\u00edamos reutilizando el rastreador a\u00fan registrado como tarea de barrera. Dado que el mismo campo de estructura se reutiliza tanto con las listas de devoluci\u00f3n de llamadas de valla como con la lista de tareas de barrera, es probable que se produzcan da\u00f1os en la lista. Ahora, las barreras se eliminan de una lista de tareas de barrera eliminando temporalmente su contenido, recorri\u00e9ndolo con la omisi\u00f3n del nodo que se va a eliminar y, a continuaci\u00f3n, rellenando la lista con el contenido modificado. Si estos intentos de eliminaci\u00f3n concurrentes, intencionalmente agresivos, no se serializan, uno o m\u00e1s de ellos podr\u00edan fallar debido a que la lista est\u00e1 temporalmente vac\u00eda. El c\u00f3digo relacionado que ignora los resultados de la eliminaci\u00f3n de barrera se introdujo inicialmente en la versi\u00f3n 5.4 mediante el commit d8af05ff38ae (\"drm/i915: Permitir compartir la barrera inactiva con otras solicitudes del kernel\"). Sin embargo, todos los usuarios de la rutina de eliminaci\u00f3n de barrera aparentemente estaban serializados en ese momento, por lo que el problema no se manifest\u00f3. Los resultados de git bisect con la ayuda de una prueba IGT igt@gem_barrier_race@remote-request recientemente desarrollada indican que podr\u00edan aparecer corrupciones en la lista despu\u00e9s deel commit 311770173fac (\"drm/i915/gt: Retirada de solicitud de programaci\u00f3n cuando la l\u00ednea de tiempo est\u00e1 inactiva\"), introducida en la v5.5. Respetar los resultados de los intentos de eliminaci\u00f3n de barreras: marcar la barrera como inactiva solo si se elimina correctamente de la lista. Luego, antes de configurar nuestra barrera como la que se rastrea actualmente, asegurarse de que el rastreador que tenemos no sea una barrera no inactiva. Si la comprobaci\u00f3n falla, no usar ese rastreador, sino volver atr\u00e1s e intentar obtener uno nuevo y utilizable. v3: usar Unlikely() para documentar el resultado esperado (Andi). Corregir errores gramaticales en la descripci\u00f3n de la confirmaci\u00f3n. v2: sin cambios de c\u00f3digo, - culpar a el commit 311770173fac (\"drm/i915/gt: Programar el retiro de solicitudes cuando la l\u00ednea de tiempo est\u00e1 inactiva\"), v5.5, no confirmar d8af05ff38ae (\"drm/i915: Permitir compartir la barrera de inactividad con otras solicitudes del kernel\"), v5.4, - reformular la descripci\u00f3n deel commit. (Seleccionado de la confirmaci\u00f3n 506006055769b10d1b2b4e22f636f3b45e0e9fc7)" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53088.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53088.json index 82e6dfab1d7..876a9c1901c 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53088.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53088.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53088", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:27.760", - "lastModified": "2025-05-02T16:15:27.760", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix UaF in listener shutdown\n\nAs reported by Christoph after having refactored the passive\nsocket initialization, the mptcp listener shutdown path is prone\nto an UaF issue.\n\n BUG: KASAN: use-after-free in _raw_spin_lock_bh+0x73/0xe0\n Write of size 4 at addr ffff88810cb23098 by task syz-executor731/1266\n\n CPU: 1 PID: 1266 Comm: syz-executor731 Not tainted 6.2.0-rc59af4eaa31c1f6c00c8f1e448ed99a45c66340dd5 #6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Call Trace:\n \n dump_stack_lvl+0x6e/0x91\n print_report+0x16a/0x46f\n kasan_report+0xad/0x130\n kasan_check_range+0x14a/0x1a0\n _raw_spin_lock_bh+0x73/0xe0\n subflow_error_report+0x6d/0x110\n sk_error_report+0x3b/0x190\n tcp_disconnect+0x138c/0x1aa0\n inet_child_forget+0x6f/0x2e0\n inet_csk_listen_stop+0x209/0x1060\n __mptcp_close_ssk+0x52d/0x610\n mptcp_destroy_common+0x165/0x640\n mptcp_destroy+0x13/0x80\n __mptcp_destroy_sock+0xe7/0x270\n __mptcp_close+0x70e/0x9b0\n mptcp_close+0x2b/0x150\n inet_release+0xe9/0x1f0\n __sock_release+0xd2/0x280\n sock_close+0x15/0x20\n __fput+0x252/0xa20\n task_work_run+0x169/0x250\n exit_to_user_mode_prepare+0x113/0x120\n syscall_exit_to_user_mode+0x1d/0x40\n do_syscall_64+0x48/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nThe msk grace period can legitly expire in between the last\nreference count dropped in mptcp_subflow_queue_clean() and\nthe later eventual access in inet_csk_listen_stop()\n\nAfter the previous patch we don't need anymore special-casing\nmsk listener socket cleanup: the mptcp worker will process each\nof the unaccepted msk sockets.\n\nJust drop the now unnecessary code.\n\nPlease note this commit depends on the two parent ones:\n\n mptcp: refactor passive socket initialization\n mptcp: use the workqueue to destroy unaccepted sockets" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: correcci\u00f3n de UaF en el apagado del oyente Como inform\u00f3 Christoph despu\u00e9s de haber refactorizado la inicializaci\u00f3n del socket pasivo, la ruta de apagado del oyente mptcp es propensa a un problema de UaF. ERROR: KASAN: use-after-free en _raw_spin_lock_bh+0x73/0xe0 Escritura de tama\u00f1o 4 en la direcci\u00f3n ffff88810cb23098 por la tarea syz-executor731/1266 CPU: 1 PID: 1266 Comm: syz-executor731 No contaminado 6.2.0-rc59af4eaa31c1f6c00c8f1e448ed99a45c66340dd5 #6 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 01/04/2014 Rastreo de llamadas: dump_stack_lvl+0x6e/0x91 print_report+0x16a/0x46f kasan_report+0xad/0x130 kasan_check_range+0x14a/0x1a0 _raw_spin_lock_bh+0x73/0xe0 subflow_error_report+0x6d/0x110 sk_error_report+0x3b/0x190 tcp_disconnect+0x138c/0x1aa0 inet_child_forget+0x6f/0x2e0 inet_csk_listen_stop+0x209/0x1060 __mptcp_close_ssk+0x52d/0x610 mptcp_destroy_common+0x165/0x640 mptcp_destroy+0x13/0x80 __mptcp_destroy_sock+0xe7/0x270 __mptcp_close+0x70e/0x9b0 mptcp_close+0x2b/0x150 inet_release+0xe9/0x1f0 __sock_release+0xd2/0x280 sock_close+0x15/0x20 __fput+0x252/0xa20 task_work_run+0x169/0x250 exit_to_user_mode_prepare+0x113/0x120 syscall_exit_to_user_mode+0x1d/0x40 do_syscall_64+0x48/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc puede expirar leg\u00edtimamente entre el \u00faltimo recuento de referencias introducido en mptcp_subflow_queue_clean() y el acceso eventual posterior en inet_csk_listen_stop(). Tras la actualizaci\u00f3n anterior, ya no necesitamos la limpieza de sockets del receptor MSK con casos especiales: el trabajador de mptcp procesar\u00e1 cada uno de los sockets MSK no aceptados. Simplemente elimine el c\u00f3digo innecesario. Tenga en cuenta que esta confirmaci\u00f3n depende de las dos principales: mptcp: refactorizar la inicializaci\u00f3n pasiva de sockets. mptcp: usar la cola de trabajo para eliminar los sockets no aceptados." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53089.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53089.json index 294a807b7aa..e271c1b1896 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53089.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53089.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53089", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:27.853", - "lastModified": "2025-05-02T16:15:27.853", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix task hung in ext4_xattr_delete_inode\n\nSyzbot reported a hung task problem:\n==================================================================\nINFO: task syz-executor232:5073 blocked for more than 143 seconds.\n Not tainted 6.2.0-rc2-syzkaller-00024-g512dee0c00ad #0\n\"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:syz-exec232 state:D stack:21024 pid:5073 ppid:5072 flags:0x00004004\nCall Trace:\n \n context_switch kernel/sched/core.c:5244 [inline]\n __schedule+0x995/0xe20 kernel/sched/core.c:6555\n schedule+0xcb/0x190 kernel/sched/core.c:6631\n __wait_on_freeing_inode fs/inode.c:2196 [inline]\n find_inode_fast+0x35a/0x4c0 fs/inode.c:950\n iget_locked+0xb1/0x830 fs/inode.c:1273\n __ext4_iget+0x22e/0x3ed0 fs/ext4/inode.c:4861\n ext4_xattr_inode_iget+0x68/0x4e0 fs/ext4/xattr.c:389\n ext4_xattr_inode_dec_ref_all+0x1a7/0xe50 fs/ext4/xattr.c:1148\n ext4_xattr_delete_inode+0xb04/0xcd0 fs/ext4/xattr.c:2880\n ext4_evict_inode+0xd7c/0x10b0 fs/ext4/inode.c:296\n evict+0x2a4/0x620 fs/inode.c:664\n ext4_orphan_cleanup+0xb60/0x1340 fs/ext4/orphan.c:474\n __ext4_fill_super fs/ext4/super.c:5516 [inline]\n ext4_fill_super+0x81cd/0x8700 fs/ext4/super.c:5644\n get_tree_bdev+0x400/0x620 fs/super.c:1282\n vfs_get_tree+0x88/0x270 fs/super.c:1489\n do_new_mount+0x289/0xad0 fs/namespace.c:3145\n do_mount fs/namespace.c:3488 [inline]\n __do_sys_mount fs/namespace.c:3697 [inline]\n __se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fa5406fd5ea\nRSP: 002b:00007ffc7232f968 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fa5406fd5ea\nRDX: 0000000020000440 RSI: 0000000020000000 RDI: 00007ffc7232f970\nRBP: 00007ffc7232f970 R08: 00007ffc7232f9b0 R09: 0000000000000432\nR10: 0000000000804a03 R11: 0000000000000202 R12: 0000000000000004\nR13: 0000555556a7a2c0 R14: 00007ffc7232f9b0 R15: 0000000000000000\n \n==================================================================\n\nThe problem is that the inode contains an xattr entry with ea_inum of 15\nwhen cleaning up an orphan inode <15>. When evict inode <15>, the reference\ncounting of the corresponding EA inode is decreased. When EA inode <15> is\nfound by find_inode_fast() in __ext4_iget(), it is found that the EA inode\nholds the I_FREEING flag and waits for the EA inode to complete deletion.\nAs a result, when inode <15> is being deleted, we wait for inode <15> to\ncomplete the deletion, resulting in an infinite loop and triggering Hung\nTask. To solve this problem, we only need to check whether the ino of EA\ninode and parent is the same before getting EA inode." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: correcci\u00f3n de tarea bloqueada en ext4_xattr_delete_inode. Syzbot inform\u00f3 de un problema de tarea bloqueada: =================================================================== INFORMACI\u00d3N: La tarea syz-executor232:5073 se bloque\u00f3 durante m\u00e1s de 143 segundos. No contaminada. 6.2.0-rc2-syzkaller-00024-g512dee0c00ad #0 \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" desactiva este mensaje. tarea:syz-exec232 estado:D pila:21024 pid:5073 ppid:5072 indicadores:0x00004004 Rastreo de llamadas: context_switch kernel/sched/core.c:5244 [en l\u00ednea] __schedule+0x995/0xe20 kernel/sched/core.c:6555 schedule+0xcb/0x190 kernel/sched/core.c:6631 __wait_on_freeing_inode fs/inode.c:2196 [en l\u00ednea] find_inode_fast+0x35a/0x4c0 fs/inode.c:950 iget_locked+0xb1/0x830 fs/inode.c:1273 __ext4_iget+0x22e/0x3ed0 fs/ext4/inode.c:4861 ext4_xattr_inode_iget+0x68/0x4e0 fs/ext4/xattr.c:389 ext4_xattr_inode_dec_ref_all+0x1a7/0xe50 fs/ext4/xattr.c:1148 ext4_xattr_delete_inode+0xb04/0xcd0 fs/ext4/xattr.c:2880 ext4_evict_inode+0xd7c/0x10b0 fs/ext4/inode.c:296 evict+0x2a4/0x620 fs/inode.c:664 ext4_orphan_cleanup+0xb60/0x1340 fs/ext4/orphan.c:474 __ext4_fill_super fs/ext4/super.c:5516 [en l\u00ednea] ext4_fill_super+0x81cd/0x8700 fs/ext4/super.c:5644 get_tree_bdev+0x400/0x620 fs/super.c:1282 vfs_get_tree+0x88/0x270 fs/super.c:1489 do_new_mount+0x289/0xad0 fs/namespace.c:3145 do_mount fs/namespace.c:3488 [en l\u00ednea] __do_sys_mount fs/namespace.c:3697 [en l\u00ednea] __se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674 do_syscall_x64 arch/x86/entry/common.c:50 [en l\u00ednea] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fa5406fd5ea RSP: 002b:00007ffc7232f968 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fa5406fd5ea RDX: 0000000020000440 RSI: 0000000020000000 RDI: 00007ffc7232f970 RBP: 00007ffc7232f970 R08: 00007ffc7232f9b0 R09: 0000000000000432 R10: 0000000000804a03 R11: 0000000000000202 R12: 000000000000004 R13: 0000555556a7a2c0 R14: 00007ffc7232f9b0 R15: 000000000000000 == ... Para resolver este problema, solo necesitamos verificar si el ino del inodo EA y el padre es el mismo antes de obtener el inodo EA." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53090.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53090.json index d45c657a30f..08c7785081d 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53090.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53090.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53090", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:27.957", - "lastModified": "2025-05-02T16:15:27.957", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix an illegal memory access\n\nIn the kfd_wait_on_events() function, the kfd_event_waiter structure is\nallocated by alloc_event_waiters(), but the event field of the waiter\nstructure is not initialized; When copy_from_user() fails in the\nkfd_wait_on_events() function, it will enter exception handling to\nrelease the previously allocated memory of the waiter structure;\nDue to the event field of the waiters structure being accessed\nin the free_waiters() function, this results in illegal memory access\nand system crash, here is the crash log:\n\nlocalhost kernel: RIP: 0010:native_queued_spin_lock_slowpath+0x185/0x1e0\nlocalhost kernel: RSP: 0018:ffffaa53c362bd60 EFLAGS: 00010082\nlocalhost kernel: RAX: ff3d3d6bff4007cb RBX: 0000000000000282 RCX: 00000000002c0000\nlocalhost kernel: RDX: ffff9e855eeacb80 RSI: 000000000000279c RDI: ffffe7088f6a21d0\nlocalhost kernel: RBP: ffffe7088f6a21d0 R08: 00000000002c0000 R09: ffffaa53c362be64\nlocalhost kernel: R10: ffffaa53c362bbd8 R11: 0000000000000001 R12: 0000000000000002\nlocalhost kernel: R13: ffff9e7ead15d600 R14: 0000000000000000 R15: ffff9e7ead15d698\nlocalhost kernel: FS: 0000152a3d111700(0000) GS:ffff9e855ee80000(0000) knlGS:0000000000000000\nlocalhost kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nlocalhost kernel: CR2: 0000152938000010 CR3: 000000044d7a4000 CR4: 00000000003506e0\nlocalhost kernel: Call Trace:\nlocalhost kernel: _raw_spin_lock_irqsave+0x30/0x40\nlocalhost kernel: remove_wait_queue+0x12/0x50\nlocalhost kernel: kfd_wait_on_events+0x1b6/0x490 [hydcu]\nlocalhost kernel: ? ftrace_graph_caller+0xa0/0xa0\nlocalhost kernel: kfd_ioctl+0x38c/0x4a0 [hydcu]\nlocalhost kernel: ? kfd_ioctl_set_trap_handler+0x70/0x70 [hydcu]\nlocalhost kernel: ? kfd_ioctl_create_queue+0x5a0/0x5a0 [hydcu]\nlocalhost kernel: ? ftrace_graph_caller+0xa0/0xa0\nlocalhost kernel: __x64_sys_ioctl+0x8e/0xd0\nlocalhost kernel: ? syscall_trace_enter.isra.18+0x143/0x1b0\nlocalhost kernel: do_syscall_64+0x33/0x80\nlocalhost kernel: entry_SYSCALL_64_after_hwframe+0x44/0xa9\nlocalhost kernel: RIP: 0033:0x152a4dff68d7\n\nAllocate the structure with kcalloc, and remove redundant 0-initialization\nand a redundant loop condition check." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdkfd: Se corrige un acceso ilegal a memoria En la funci\u00f3n kfd_wait_on_events(), la estructura kfd_event_waiter es asignada por alloc_event_waiters(), pero el campo de evento de la estructura waiter no se inicializa; Cuando copy_from_user() falla en la funci\u00f3n kfd_wait_on_events(), ingresar\u00e1 al control de excepciones para liberar la memoria previamente asignada de la estructura waiter; Debido a que se accede al campo de evento de la estructura waiters en la funci\u00f3n free_waiters(), esto da como resultado un acceso ilegal a la memoria y un bloqueo del sistema. Aqu\u00ed est\u00e1 el registro de bloqueo: kernel localhost: RIP: 0010:native_queued_spin_lock_slowpath+0x185/0x1e0 kernel localhost: RSP: 0018:ffffaa53c362bd60 EFLAGS: 00010082 kernel localhost: RAX: ff3d3d6bff4007cb RBX: 0000000000000282 RCX: 00000000002c0000 kernel localhost: RDX: ffff9e855eeacb80 RSI: 000000000000279c RDI: ffffe7088f6a21d0 kernel localhost: RBP: ffffe7088f6a21d0 R08: 00000000002c0000 R09: ffffaa53c362be64 n\u00facleo del host local: R10: ffffaa53c362bbd8 R11: 0000000000000001 R12: 0000000000000002 n\u00facleo del host local: R13: ffff9e7ead15d600 R14: 0000000000000000 R15: ffff9e7ead15d698 n\u00facleo del host local: FS: 0000152a3d111700(0000) GS:ffff9e855ee80000(0000) knlGS:0000000000000000 n\u00facleo localhost: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 n\u00facleo localhost: CR2: 0000152938000010 CR3: 000000044d7a4000 CR4: 00000000003506e0 n\u00facleo localhost: Seguimiento de llamadas: n\u00facleo localhost: _raw_spin_lock_irqsave+0x30/0x40 n\u00facleo localhost: remove_wait_queue+0x12/0x50 n\u00facleo localhost: kfd_wait_on_events+0x1b6/0x490 [hydcu] n\u00facleo localhost: ? ftrace_graph_caller+0xa0/0xa0 n\u00facleo local del host: kfd_ioctl+0x38c/0x4a0 [hydcu] n\u00facleo local del host: ? kfd_ioctl_set_trap_handler+0x70/0x70 [hydcu] n\u00facleo local del host: ? kfd_ioctl_create_queue+0x5a0/0x5a0 [hydcu] n\u00facleo local del host: ? ftrace_graph_caller+0xa0/0xa0 n\u00facleo local del host: __x64_sys_ioctl+0x8e/0xd0 n\u00facleo local del host: ? syscall_trace_enter.isra.18+0x143/0x1b0 kernel localhost: do_syscall_64+0x33/0x80 kernel localhost: entry_SYSCALL_64_after_hwframe+0x44/0xa9 kernel localhost: RIP: 0033:0x152a4dff68d7 Asigne la estructura con kcalloc y elimine la inicializaci\u00f3n 0 redundante y una verificaci\u00f3n de condici\u00f3n de bucle redundante." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53091.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53091.json index 1ba79151295..b3a2cac1bb0 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53091.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53091.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53091", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:28.073", - "lastModified": "2025-05-02T16:15:28.073", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: update s_journal_inum if it changes after journal replay\n\nWhen mounting a crafted ext4 image, s_journal_inum may change after journal\nreplay, which is obviously unreasonable because we have successfully loaded\nand replayed the journal through the old s_journal_inum. And the new\ns_journal_inum bypasses some of the checks in ext4_get_journal(), which\nmay trigger a null pointer dereference problem. So if s_journal_inum\nchanges after the journal replay, we ignore the change, and rewrite the\ncurrent journal_inum to the superblock." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: actualizar s_journal_inum si cambia despu\u00e9s de la reproducci\u00f3n del diario. Al montar una imagen ext4 manipulada, s_journal_inum puede cambiar despu\u00e9s de la reproducci\u00f3n del diario, lo cual es obviamente irrazonable porque hemos cargado y reproducido correctamente el diario a trav\u00e9s del antiguo s_journal_inum. Y el nuevo s_journal_inum omite algunas de las comprobaciones en ext4_get_journal(), lo que puede desencadenar un problema de desreferencia de puntero nulo. Por lo tanto, si s_journal_inum cambia despu\u00e9s de la reproducci\u00f3n del diario, ignoramos el cambio y reescribimos el journal_inum actual en el superbloque." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53092.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53092.json index 69b852bdae8..28bbc361a03 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53092.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53092.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53092", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:28.180", - "lastModified": "2025-05-02T16:15:28.180", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: exynos: fix node leak in probe PM QoS error path\n\nMake sure to add the newly allocated interconnect node to the provider\nbefore adding the PM QoS request so that the node is freed on errors." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: interconexi\u00f3n: exynos: se corrige la p\u00e9rdida de nodo en la ruta de error de QoS de PM de la sonda Aseg\u00farese de agregar el nodo de interconexi\u00f3n reci\u00e9n asignado al proveedor antes de agregar la solicitud de QoS de PM para que el nodo se libere en caso de errores." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53093.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53093.json index 9c9bcb051cc..996900edece 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53093.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53093.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53093", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:28.270", - "lastModified": "2025-05-02T16:15:28.270", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Do not let histogram values have some modifiers\n\nHistogram values can not be strings, stacktraces, graphs, symbols,\nsyscalls, or grouped in buckets or log. Give an error if a value is set to\ndo so.\n\nNote, the histogram code was not prepared to handle these modifiers for\nhistograms and caused a bug.\n\nMark Rutland reported:\n\n # echo 'p:copy_to_user __arch_copy_to_user n=$arg2' >> /sys/kernel/tracing/kprobe_events\n # echo 'hist:keys=n:vals=hitcount.buckets=8:sort=hitcount' > /sys/kernel/tracing/events/kprobes/copy_to_user/trigger\n # cat /sys/kernel/tracing/events/kprobes/copy_to_user/hist\n[ 143.694628] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 143.695190] Mem abort info:\n[ 143.695362] ESR = 0x0000000096000004\n[ 143.695604] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 143.695889] SET = 0, FnV = 0\n[ 143.696077] EA = 0, S1PTW = 0\n[ 143.696302] FSC = 0x04: level 0 translation fault\n[ 143.702381] Data abort info:\n[ 143.702614] ISV = 0, ISS = 0x00000004\n[ 143.702832] CM = 0, WnR = 0\n[ 143.703087] user pgtable: 4k pages, 48-bit VAs, pgdp=00000000448f9000\n[ 143.703407] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[ 143.704137] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 143.704714] Modules linked in:\n[ 143.705273] CPU: 0 PID: 133 Comm: cat Not tainted 6.2.0-00003-g6fc512c10a7c #3\n[ 143.706138] Hardware name: linux,dummy-virt (DT)\n[ 143.706723] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 143.707120] pc : hist_field_name.part.0+0x14/0x140\n[ 143.707504] lr : hist_field_name.part.0+0x104/0x140\n[ 143.707774] sp : ffff800008333a30\n[ 143.707952] x29: ffff800008333a30 x28: 0000000000000001 x27: 0000000000400cc0\n[ 143.708429] x26: ffffd7a653b20260 x25: 0000000000000000 x24: ffff10d303ee5800\n[ 143.708776] x23: ffffd7a6539b27b0 x22: ffff10d303fb8c00 x21: 0000000000000001\n[ 143.709127] x20: ffff10d303ec2000 x19: 0000000000000000 x18: 0000000000000000\n[ 143.709478] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n[ 143.709824] x14: 0000000000000000 x13: 203a6f666e692072 x12: 6567676972742023\n[ 143.710179] x11: 0a230a6d6172676f x10: 000000000000002c x9 : ffffd7a6521e018c\n[ 143.710584] x8 : 000000000000002c x7 : 7f7f7f7f7f7f7f7f x6 : 000000000000002c\n[ 143.710915] x5 : ffff10d303b0103e x4 : ffffd7a653b20261 x3 : 000000000000003d\n[ 143.711239] x2 : 0000000000020001 x1 : 0000000000000001 x0 : 0000000000000000\n[ 143.711746] Call trace:\n[ 143.712115] hist_field_name.part.0+0x14/0x140\n[ 143.712642] hist_field_name.part.0+0x104/0x140\n[ 143.712925] hist_field_print+0x28/0x140\n[ 143.713125] event_hist_trigger_print+0x174/0x4d0\n[ 143.713348] hist_show+0xf8/0x980\n[ 143.713521] seq_read_iter+0x1bc/0x4b0\n[ 143.713711] seq_read+0x8c/0xc4\n[ 143.713876] vfs_read+0xc8/0x2a4\n[ 143.714043] ksys_read+0x70/0xfc\n[ 143.714218] __arm64_sys_read+0x24/0x30\n[ 143.714400] invoke_syscall+0x50/0x120\n[ 143.714587] el0_svc_common.constprop.0+0x4c/0x100\n[ 143.714807] do_el0_svc+0x44/0xd0\n[ 143.714970] el0_svc+0x2c/0x84\n[ 143.715134] el0t_64_sync_handler+0xbc/0x140\n[ 143.715334] el0t_64_sync+0x190/0x194\n[ 143.715742] Code: a9bd7bfd 910003fd a90153f3 aa0003f3 (f9400000)\n[ 143.716510] ---[ end trace 0000000000000000 ]---\nSegmentation fault" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rastreo: No permitir que los valores del histograma tengan modificadores. Los valores del histograma no pueden ser cadenas, seguimientos de pila, gr\u00e1ficos, s\u00edmbolos, llamadas al sistema ni agruparse en contenedores o registros. Se genera un error si se configura un valor para ello. Tenga en cuenta que el c\u00f3digo del histograma no estaba preparado para manejar estos modificadores, lo que provoc\u00f3 un error. Mark Rutland inform\u00f3: # echo 'p:copy_to_user __arch_copy_to_user n=$arg2' >> /sys/kernel/tracing/kprobe_events # echo 'hist:keys=n:vals=hitcount.buckets=8:sort=hitcount' > /sys/kernel/tracing/events/kprobes/copy_to_user/trigger # cat /sys/kernel/tracing/events/kprobes/copy_to_user/hist [ 143.694628] No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000000 [ 143.695190] Informaci\u00f3n de aborto de memoria: [ 143.695362] ESR = 0x0000000096000004 [ 143.695604] EC = 0x25: DABT (EL actual), IL = 32 bits [ 143.695889] SET = 0, FnV = 0 [ 143.696077] EA = 0, S1PTW = 0 [ 143.696302] FSC = 0x04: fallo de traducci\u00f3n de nivel 0 [ 143.702381] Informaci\u00f3n de cancelaci\u00f3n de datos: [ 143.702614] ISV = 0, ISS = 0x00000004 [ 143.702832] CM = 0, WnR = 0 [ 143.703087] pgtable de usuario: p\u00e1ginas de 4k, VA de 48 bits, pgdp=00000000448f9000 [ 143.703407] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000 [ 143.704137] Error interno: Oops: 0000000096000004 [#1] PREEMPT SMP [ 143.704714] M\u00f3dulos vinculados: [ 143.705273] CPU: 0 PID: 133 Comm: cat No contaminado 6.2.0-00003-g6fc512c10a7c #3 [ 143.706138] Nombre del hardware: linux,dummy-virt (DT) [ 143.706723] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 143.707120] pc : nombre_campo_hist.parte.0+0x14/0x140 [ 143.707504] lr : nombre_campo_hist.parte.0+0x104/0x140 [ 143.707774] sp : ffff800008333a30 [ 143.707952] x29: ffff800008333a30 x28: 0000000000000001 x27: 0000000000400cc0 [ 143.708429] x26: ffffd7a653b20260 x25: 0000000000000000 x24: ffff10d303ee5800 [ 143.708776] x23: ffffd7a6539b27b0 x22: ffff10d303fb8c00 x21: 0000000000000001 [ 143.709127] x20: ffff10d303ec2000 x19: 0000000000000000 x18: 0000000000000000 [ 143.709478] x17: 000000000000000 x16: 0000000000000000 x15: 0000000000000000 [ 143.709824] x14: 0000000000000000 x13: 203a6f666e692072 x12: 6567676972742023 [ 143.710179] x11: 0a230a6d6172676f x10: 000000000000002c x9: ffffd7a6521e018c [143.710584] x8: 000000000000002c x7: 7f7f7f7f7f7f7f7f x6: 000000000000002c [ 143.710915] x5 : ffff10d303b0103e x4 : ffffd7a653b20261 x3 : 000000000000003d [ 143.711239] x2 : 0000000000020001 x1 : 0000000000000001 x0 : 0000000000000000 [ 143.711746] Rastreo de llamadas:[ 143.712115] hist_field_name.part.0+0x14/0x140 [ 143.712642] hist_field_name.part.0+0x104/0x140 [ 143.712925] hist_field_print+0x28/0x140 [ 143.713125] event_hist_trigger_print+0x174/0x4d0 [ 143.713348] hist_show+0xf8/0x980 [ 143.713521] seq_read_iter+0x1bc/0x4b0 [ 143.713711] seq_read+0x8c/0xc4 [ 143.713876] vfs_read+0xc8/0x2a4 [ 143.714043] ksys_read+0x70/0xfc [ 143.714218] __arm64_sys_read+0x24/0x30 [ 143.714400] invoke_syscall+0x50/0x120 [ 143.714587] el0_svc_common.constprop.0+0x4c/0x100 [ 143.714807] do_el0_svc+0x44/0xd0 [ 143.714970] el0_svc+0x2c/0x84 [ 143.715134] el0t_64_sync_handler+0xbc/0x140 [ 143.715334] el0t_64_sync+0x190/0x194 [ 143.715742] Code: a9bd7bfd 910003fd a90153f3 aa0003f3 (f9400000) [ 143.716510]--- Fallo de segmentaci\u00f3n" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53094.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53094.json index faa85e0aaf1..a0363d891fe 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53094.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53094.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53094", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:28.363", - "lastModified": "2025-05-02T16:15:28.363", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: fsl_lpuart: fix race on RX DMA shutdown\n\nFrom time to time DMA completion can come in the middle of DMA shutdown:\n\n:\t\t\t\t:\nlpuart32_shutdown()\n lpuart_dma_shutdown()\n del_timer_sync()\n\t\t\t\t\tlpuart_dma_rx_complete()\n\t\t\t\t\t lpuart_copy_rx_to_tty()\n\t\t\t\t\t mod_timer()\n lpuart_dma_rx_free()\n\nWhen the timer fires a bit later, sport->dma_rx_desc is NULL:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000004\npc : lpuart_copy_rx_to_tty+0xcc/0x5bc\nlr : lpuart_timer_func+0x1c/0x2c\nCall trace:\n lpuart_copy_rx_to_tty\n lpuart_timer_func\n call_timer_fn\n __run_timers.part.0\n run_timer_softirq\n __do_softirq\n __irq_exit_rcu\n irq_exit\n handle_domain_irq\n gic_handle_irq\n call_on_irq_stack\n do_interrupt_handler\n ...\n\nTo fix this fold del_timer_sync() into lpuart_dma_rx_free() after\ndmaengine_terminate_sync() to make sure timer will not be re-started in\nlpuart_copy_rx_to_tty() <= lpuart_dma_rx_complete()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tty: serial: fsl_lpuart: fix race on RX DMA shutting De vez en cuando, la finalizaci\u00f3n de DMA puede llegar en medio del shutting de DMA: : : lpuart32_shutdown() lpuart_dma_shutdown() del_timer_sync() lpuart_dma_rx_complete() lpuart_copy_rx_to_tty() mod_timer() lpuart_dma_rx_free() Cuando el temporizador se activa un poco m\u00e1s tarde, sport->dma_rx_desc es NULL: No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000004 pc : lpuart_copy_rx_to_tty+0xcc/0x5bc lr : lpuart_timer_func+0x1c/0x2c Rastreo de llamadas: lpuart_copy_rx_to_tty lpuart_timer_func call_timer_fn __run_timers.part.0 run_timer_softirq __do_softirq __irq_exit_rcu irq_exit handle_domain_irq gic_handle_irq call_on_irq_stack do_interrupt_handler ... Para solucionar esto, incorpore del_timer_sync() en lpuart_dma_rx_free() despu\u00e9s de dmaengine_terminate_sync() para asegurarse de que el temporizador no se reinicie en lpuart_copy_rx_to_tty() <= lpuart_dma_rx_complete()." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53095.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53095.json index 9b130377bb3..4421e8d27a5 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53095.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53095.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53095", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:28.453", - "lastModified": "2025-05-02T16:15:28.453", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/ttm: Fix a NULL pointer dereference\n\nThe LRU mechanism may look up a resource in the process of being removed\nfrom an object. The locking rules here are a bit unclear but it looks\ncurrently like res->bo assignment is protected by the LRU lock, whereas\nbo->resource is protected by the object lock, while *clearing* of\nbo->resource is also protected by the LRU lock. This means that if\nwe check that bo->resource points to the LRU resource under the LRU\nlock we should be safe.\nSo perform that check before deciding to swap out a bo. That avoids\ndereferencing a NULL bo->resource in ttm_bo_swapout()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/ttm: Corregir una desreferencia de puntero NULL. El mecanismo LRU puede buscar un recurso en proceso de ser eliminado de un objeto. Las reglas de bloqueo aqu\u00ed son un poco confusas, pero actualmente parece que la asignaci\u00f3n res->bo est\u00e1 protegida por el bloqueo LRU, mientras que bo->resource est\u00e1 protegida por el bloqueo de objeto, mientras que la *limpieza* de bo->resource tambi\u00e9n est\u00e1 protegida por el bloqueo LRU. Esto significa que si comprobamos que bo->resource apunta al recurso LRU bajo el bloqueo LRU, deber\u00edamos estar seguros. As\u00ed que realice esa comprobaci\u00f3n antes de decidir intercambiar un bo. Esto evita la desreferencia de un bo->resource NULL en ttm_bo_swapout()." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53096.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53096.json index cc6d099599c..4cbcfc8e1c1 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53096.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53096.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53096", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:28.543", - "lastModified": "2025-05-02T16:15:28.543", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: fix mem leak when freeing nodes\n\nThe node link array is allocated when adding links to a node but is not\ndeallocated when nodes are destroyed." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: interconexi\u00f3n: se corrige una p\u00e9rdida de memoria al liberar nodos. La matriz de enlaces de nodos se asigna cuando se agregan enlaces a un nodo, pero no se desasigna cuando se destruyen los nodos." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53097.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53097.json index 94ea470a8fd..b5abdb3e1af 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53097.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53097.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53097", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:28.643", - "lastModified": "2025-05-02T16:15:28.643", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/iommu: fix memory leak with using debugfs_lookup()\n\nWhen calling debugfs_lookup() the result must have dput() called on it,\notherwise the memory will leak over time. To make things simpler, just\ncall debugfs_lookup_and_remove() instead which handles all of the logic\nat once." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/iommu: se corrige una fuga de memoria con debugfs_lookup(). Al llamar a debugfs_lookup(), se debe ejecutar dput() en el resultado; de lo contrario, la fuga de memoria se producir\u00e1 con el tiempo. Para simplificar, simplemente llame a debugfs_lookup_and_remove(), que gestiona toda la l\u00f3gica a la vez." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53098.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53098.json index 437a0799712..7fcef044e20 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53098.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53098.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53098", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:28.733", - "lastModified": "2025-05-02T16:15:28.733", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: gpio-ir-recv: add remove function\n\nIn case runtime PM is enabled, do runtime PM clean up to remove\ncpu latency qos request, otherwise driver removal may have below\nkernel dump:\n\n[ 19.463299] Unable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000048\n[ 19.472161] Mem abort info:\n[ 19.474985] ESR = 0x0000000096000004\n[ 19.478754] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 19.484081] SET = 0, FnV = 0\n[ 19.487149] EA = 0, S1PTW = 0\n[ 19.490361] FSC = 0x04: level 0 translation fault\n[ 19.495256] Data abort info:\n[ 19.498149] ISV = 0, ISS = 0x00000004\n[ 19.501997] CM = 0, WnR = 0\n[ 19.504977] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000049f81000\n[ 19.511432] [0000000000000048] pgd=0000000000000000,\np4d=0000000000000000\n[ 19.518245] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 19.524520] Modules linked in: gpio_ir_recv(+) rc_core [last\nunloaded: rc_core]\n[ 19.531845] CPU: 0 PID: 445 Comm: insmod Not tainted\n6.2.0-rc1-00028-g2c397a46d47c #72\n[ 19.531854] Hardware name: FSL i.MX8MM EVK board (DT)\n[ 19.531859] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS\nBTYPE=--)\n[ 19.551777] pc : cpu_latency_qos_remove_request+0x20/0x110\n[ 19.557277] lr : gpio_ir_recv_runtime_suspend+0x18/0x30\n[gpio_ir_recv]\n[ 19.557294] sp : ffff800008ce3740\n[ 19.557297] x29: ffff800008ce3740 x28: 0000000000000000 x27:\nffff800008ce3d50\n[ 19.574270] x26: ffffc7e3e9cea100 x25: 00000000000f4240 x24:\nffffc7e3f9ef0e30\n[ 19.574284] x23: 0000000000000000 x22: ffff0061803820f4 x21:\n0000000000000008\n[ 19.574296] x20: ffffc7e3fa75df30 x19: 0000000000000020 x18:\nffffffffffffffff\n[ 19.588570] x17: 0000000000000000 x16: ffffc7e3f9efab70 x15:\nffffffffffffffff\n[ 19.595712] x14: ffff800008ce37b8 x13: ffff800008ce37aa x12:\n0000000000000001\n[ 19.602853] x11: 0000000000000001 x10: ffffcbe3ec0dff87 x9 :\n0000000000000008\n[ 19.609991] x8 : 0101010101010101 x7 : 0000000000000000 x6 :\n000000000f0bfe9f\n[ 19.624261] x5 : 00ffffffffffffff x4 : 0025ab8e00000000 x3 :\nffff006180382010\n[ 19.631405] x2 : ffffc7e3e9ce8030 x1 : ffffc7e3fc3eb810 x0 :\n0000000000000020\n[ 19.638548] Call trace:\n[ 19.640995] cpu_latency_qos_remove_request+0x20/0x110\n[ 19.646142] gpio_ir_recv_runtime_suspend+0x18/0x30 [gpio_ir_recv]\n[ 19.652339] pm_generic_runtime_suspend+0x2c/0x44\n[ 19.657055] __rpm_callback+0x48/0x1dc\n[ 19.660807] rpm_callback+0x6c/0x80\n[ 19.664301] rpm_suspend+0x10c/0x640\n[ 19.667880] rpm_idle+0x250/0x2d0\n[ 19.671198] update_autosuspend+0x38/0xe0\n[ 19.675213] pm_runtime_set_autosuspend_delay+0x40/0x60\n[ 19.680442] gpio_ir_recv_probe+0x1b4/0x21c [gpio_ir_recv]\n[ 19.685941] platform_probe+0x68/0xc0\n[ 19.689610] really_probe+0xc0/0x3dc\n[ 19.693189] __driver_probe_device+0x7c/0x190\n[ 19.697550] driver_probe_device+0x3c/0x110\n[ 19.701739] __driver_attach+0xf4/0x200\n[ 19.705578] bus_for_each_dev+0x70/0xd0\n[ 19.709417] driver_attach+0x24/0x30\n[ 19.712998] bus_add_driver+0x17c/0x240\n[ 19.716834] driver_register+0x78/0x130\n[ 19.720676] __platform_driver_register+0x28/0x34\n[ 19.725386] gpio_ir_recv_driver_init+0x20/0x1000 [gpio_ir_recv]\n[ 19.731404] do_one_initcall+0x44/0x2ac\n[ 19.735243] do_init_module+0x48/0x1d0\n[ 19.739003] load_module+0x19fc/0x2034\n[ 19.742759] __do_sys_finit_module+0xac/0x12c\n[ 19.747124] __arm64_sys_finit_module+0x20/0x30\n[ 19.751664] invoke_syscall+0x48/0x114\n[ 19.755420] el0_svc_common.constprop.0+0xcc/0xec\n[ 19.760132] do_el0_svc+0x38/0xb0\n[ 19.763456] el0_svc+0x2c/0x84\n[ 19.766516] el0t_64_sync_handler+0xf4/0x120\n[ 19.770789] el0t_64_sync+0x190/0x194\n[ 19.774460] Code: 910003fd a90153f3 aa0003f3 91204021 (f9401400)\n[ 19.780556] ---[ end trace 0000000000000000 ]---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: rc: gpio-ir-recv: agregar funci\u00f3n de eliminaci\u00f3n En caso de que PM en tiempo de ejecuci\u00f3n est\u00e9 habilitado, realice una limpieza de PM en tiempo de ejecuci\u00f3n para eliminar la solicitud de calidad de servicio de latencia de la CPU; de lo contrario, la eliminaci\u00f3n del controlador puede tener el siguiente volcado de kernel: [19.463299] No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000048 [19.472161] Informaci\u00f3n de aborto de memoria: [19.474985] ESR = 0x0000000096000004 [19.478754] EC = 0x25: DABT (EL actual), IL = 32 bits [19.484081] SET = 0, FnV = 0 [19.487149] EA = 0, S1PTW = 0 [ [19.490361] FSC = 0x04: error de traducci\u00f3n de nivel 0 [19.495256] Informaci\u00f3n de cancelaci\u00f3n de datos: [19.498149] ISV = 0, ISS = 0x00000004 [19.501997] CM = 0, WnR = 0 [19.504977] usuario pgtable: p\u00e1ginas de 4k, VA de 48 bits, pgdp=0000000049f81000 [ 19.511432] [0000000000000048] pgd=0000000000000000, p4d=0000000000000000 [ 19.518245] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 19.524520] Modules linked in: gpio_ir_recv(+) rc_core [last unloaded: rc_core] [ 19.531845] CPU: 0 PID: 445 Comm: insmod Not tainted 6.2.0-rc1-00028-g2c397a46d47c #72 [ 19.531854] Hardware name: FSL i.MX8MM EVK board (DT) [ 19.531859] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 19.551777] pc : cpu_latency_qos_remove_request+0x20/0x110 [ 19.557277] lr : gpio_ir_recv_runtime_suspend+0x18/0x30 [gpio_ir_recv] [ 19.557294] sp : ffff800008ce3740 [ 19.557297] x29: ffff800008ce3740 x28: 0000000000000000 x27: ffff800008ce3d50 [ 19.574270] x26: ffffc7e3e9cea100 x25: 00000000000f4240 x24: ffffc7e3f9ef0e30 [ 19.574284] x23: 0000000000000000 x22: ffff0061803820f4 x21: 0000000000000008 [ 19.574296] x20: ffffc7e3fa75df30 x19: 0000000000000020 x18: ffffffffffffffff [ 19.588570] x17: 0000000000000000 x16: ffffc7e3f9efab70 x15: ffffffffffffffff [ 19.595712] x14: ffff800008ce37b8 x13: ffff800008ce37aa x12: 0000000000000001 [ 19.602853] x11: 0000000000000001 x10: ffffcbe3ec0dff87 x9 : 0000000000000008 [ 19.609991] x8 : 0101010101010101 x7 : 0000000000000000 x6 : 000000000f0bfe9f [ 19.624261] x5 : 00ffffffffffffff x4 : 0025ab8e00000000 x3 : ffff006180382010 [ 19.631405] x2 : ffffc7e3e9ce8030 x1 : ffffc7e3fc3eb810 x0 : 0000000000000020 [ 19.638548] Call trace: [ 19.640995] cpu_latency_qos_remove_request+0x20/0x110 [ 19.646142] gpio_ir_recv_runtime_suspend+0x18/0x30 [gpio_ir_recv] [ 19.652339] pm_generic_runtime_suspend+0x2c/0x44 [ 19.657055] __rpm_callback+0x48/0x1dc [ 19.660807] rpm_callback+0x6c/0x80 [ 19.664301] rpm_suspend+0x10c/0x640 [ 19.667880] rpm_idle+0x250/0x2d0 [ 19.671198] update_autosuspend+0x38/0xe0 [ 19.675213] pm_runtime_set_autosuspend_delay+0x40/0x60 [ 19.680442] gpio_ir_recv_probe+0x1b4/0x21c [gpio_ir_recv] [ 19.685941] platform_probe+0x68/0xc0 [ 19.689610] really_probe+0xc0/0x3dc [ 19.693189] __driver_probe_device+0x7c/0x190 [ 19.697550] driver_probe_device+0x3c/0x110 [ 19.701739] __driver_attach+0xf4/0x200 [ 19.705578] bus_for_each_dev+0x70/0xd0 [ 19.709417] driver_attach+0x24/0x30 [ 19.712998] bus_add_driver+0x17c/0x240 [ 19.716834] driver_register+0x78/0x130 [ 19.720676] __platform_driver_register+0x28/0x34 [ 19.725386] gpio_ir_recv_driver_init+0x20/0x1000 [gpio_ir_recv] [ 19.731404] do_one_initcall+0x44/0x2ac [ 19.735243] do_init_module+0x48/0x1d0 [ 19.739003] load_module+0x19fc/0x2034 [ 19.742759] __do_sys_finit_module+0xac/0x12c [ 19.747124] __arm64_sys_finit_module+0x20/0x30 [ 19.751664] invoke_syscall+0x48/0x114 [ 19.755420] el0_svc_common.constprop.0+0xcc/0xec [ 19.760132] do_el0_svc+0x38/0xb0 [ 19.763456] el0_svc+0x2c/0x84 [ 19.766516] el0t_64_sync_handler+0xf4/0x120 [ 19.770789] el0t_64_sync+0x190/0x194 [ 19.774460] Code: 910003fd a90153f3 aa0003f3 91204021 (f9401400) [ 19.780556] ---[ fin de seguimiento 0000000000000000 ]---" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53099.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53099.json index 159558db87d..0f6f4f36aed 100644 --- a/CVE-2023/CVE-2023-530xx/CVE-2023-53099.json +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53099.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53099", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:28.830", - "lastModified": "2025-05-02T16:15:28.830", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: xilinx: don't make a sleepable memory allocation from an atomic context\n\nThe following issue was discovered using lockdep:\n[ 6.691371] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209\n[ 6.694602] in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 1, name: swapper/0\n[ 6.702431] 2 locks held by swapper/0/1:\n[ 6.706300] #0: ffffff8800f6f188 (&dev->mutex){....}-{3:3}, at: __device_driver_lock+0x4c/0x90\n[ 6.714900] #1: ffffffc009a2abb8 (enable_lock){....}-{2:2}, at: clk_enable_lock+0x4c/0x140\n[ 6.723156] irq event stamp: 304030\n[ 6.726596] hardirqs last enabled at (304029): [] _raw_spin_unlock_irqrestore+0xc0/0xd0\n[ 6.736142] hardirqs last disabled at (304030): [] clk_enable_lock+0xfc/0x140\n[ 6.744742] softirqs last enabled at (303958): [] _stext+0x4f0/0x894\n[ 6.752655] softirqs last disabled at (303951): [] irq_exit+0x238/0x280\n[ 6.760744] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G U 5.15.36 #2\n[ 6.768048] Hardware name: xlnx,zynqmp (DT)\n[ 6.772179] Call trace:\n[ 6.774584] dump_backtrace+0x0/0x300\n[ 6.778197] show_stack+0x18/0x30\n[ 6.781465] dump_stack_lvl+0xb8/0xec\n[ 6.785077] dump_stack+0x1c/0x38\n[ 6.788345] ___might_sleep+0x1a8/0x2a0\n[ 6.792129] __might_sleep+0x6c/0xd0\n[ 6.795655] kmem_cache_alloc_trace+0x270/0x3d0\n[ 6.800127] do_feature_check_call+0x100/0x220\n[ 6.804513] zynqmp_pm_invoke_fn+0x8c/0xb0\n[ 6.808555] zynqmp_pm_clock_getstate+0x90/0xe0\n[ 6.813027] zynqmp_pll_is_enabled+0x8c/0x120\n[ 6.817327] zynqmp_pll_enable+0x38/0xc0\n[ 6.821197] clk_core_enable+0x144/0x400\n[ 6.825067] clk_core_enable+0xd4/0x400\n[ 6.828851] clk_core_enable+0xd4/0x400\n[ 6.832635] clk_core_enable+0xd4/0x400\n[ 6.836419] clk_core_enable+0xd4/0x400\n[ 6.840203] clk_core_enable+0xd4/0x400\n[ 6.843987] clk_core_enable+0xd4/0x400\n[ 6.847771] clk_core_enable+0xd4/0x400\n[ 6.851555] clk_core_enable_lock+0x24/0x50\n[ 6.855683] clk_enable+0x24/0x40\n[ 6.858952] fclk_probe+0x84/0xf0\n[ 6.862220] platform_probe+0x8c/0x110\n[ 6.865918] really_probe+0x110/0x5f0\n[ 6.869530] __driver_probe_device+0xcc/0x210\n[ 6.873830] driver_probe_device+0x64/0x140\n[ 6.877958] __driver_attach+0x114/0x1f0\n[ 6.881828] bus_for_each_dev+0xe8/0x160\n[ 6.885698] driver_attach+0x34/0x50\n[ 6.889224] bus_add_driver+0x228/0x300\n[ 6.893008] driver_register+0xc0/0x1e0\n[ 6.896792] __platform_driver_register+0x44/0x60\n[ 6.901436] fclk_driver_init+0x1c/0x28\n[ 6.905220] do_one_initcall+0x104/0x590\n[ 6.909091] kernel_init_freeable+0x254/0x2bc\n[ 6.913390] kernel_init+0x24/0x130\n[ 6.916831] ret_from_fork+0x10/0x20\n\nFix it by passing the GFP_ATOMIC gfp flag for the corresponding\nmemory allocation." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware: xilinx: no realice una asignaci\u00f3n de memoria inactiva desde un contexto at\u00f3mico El siguiente problema se descubri\u00f3 utilizando lockdep: [ 6.691371] ERROR: funci\u00f3n inactiva llamada desde un contexto no v\u00e1lido en include/linux/sched/mm.h:209 [ 6.694602] in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 1, name: swapper/0 [ 6.702431] 2 bloqueos mantenidos por swapper/0/1: [ 6.706300] #0: ffffff8800f6f188 (&dev->mutex){....}-{3:3}, en: __device_driver_lock+0x4c/0x90 [ 6.714900] #1: ffffffc009a2abb8 (enable_lock){....}-{2:2}, en: clk_enable_lock+0x4c/0x140 [ 6.723156] marca de evento irq: 304030 [ 6.726596] hardirqs se habilitaron por \u00faltima vez en (304029): [] _raw_spin_unlock_irqrestore+0xc0/0xd0 [ 6.736142] hardirqs se deshabilitaron por \u00faltima vez en (304030): [] clk_enable_lock+0xfc/0x140 [ 6.744742] softirqs se habilitaron por \u00faltima vez en (303958): [] _stext+0x4f0/0x894 [ 6.752655] \u00daltima desactivaci\u00f3n de softirqs en (303951): [] irq_exit+0x238/0x280 [ 6.760744] CPU: 1 PID: 1 Comm: swapper/0 Contaminado: GU 5.15.36 #2 [ 6.768048] Nombre del hardware: xlnx,zynqmp (DT) [ 6.772179] Rastreo de llamadas: [ 6.774584] dump_backtrace+0x0/0x300 [ 6.778197] show_stack+0x18/0x30 [ 6.781465] dump_stack_lvl+0xb8/0xec [ 6.785077] dump_stack+0x1c/0x38 [ 6.788345] ___might_sleep+0x1a8/0x2a0 [ 6.792129] __might_sleep+0x6c/0xd0 [ 6.795655] kmem_cache_alloc_trace+0x270/0x3d0 [ 6.800127] do_feature_check_call+0x100/0x220 [ 6.804513] zynqmp_pm_invoke_fn+0x8c/0xb0 [ 6.808555] zynqmp_pm_clock_getstate+0x90/0xe0 [ 6.813027] zynqmp_pll_is_enabled+0x8c/0x120 [ 6.817327] zynqmp_pll_enable+0x38/0xc0 [ 6.821197] clk_core_enable+0x144/0x400 [ 6.825067] clk_core_enable+0xd4/0x400 [ 6.828851] clk_core_enable+0xd4/0x400 [ 6.832635] clk_core_enable+0xd4/0x400 [ 6.836419] clk_core_enable+0xd4/0x400 [ 6.840203] clk_core_enable+0xd4/0x400 [ 6.843987] clk_core_enable+0xd4/0x400 [ 6.847771] clk_core_enable+0xd4/0x400 [ 6.851555] clk_core_enable_lock+0x24/0x50 [ 6.855683] clk_enable+0x24/0x40 [ 6.858952] fclk_probe+0x84/0xf0 [ 6.862220] platform_probe+0x8c/0x110 [ 6.865918] really_probe+0x110/0x5f0 [ 6.869530] __driver_probe_device+0xcc/0x210 [ 6.873830] driver_probe_device+0x64/0x140 [ 6.877958] __driver_attach+0x114/0x1f0 [ 6.881828] bus_for_each_dev+0xe8/0x160 [ 6.885698] driver_attach+0x34/0x50 [ 6.889224] bus_add_driver+0x228/0x300 [ 6.893008] driver_register+0xc0/0x1e0 [ 6.896792] __platform_driver_register+0x44/0x60 [ 6.901436] fclk_driver_init+0x1c/0x28 [ 6.905220] do_one_initcall+0x104/0x590 [ 6.909091] kernel_init_freeable+0x254/0x2bc [ 6.913390] kernel_init+0x24/0x130 [ 6.916831] ret_from_fork+0x10/0x20 Arr\u00e9glelo pasando el indicador gfp GFP_ATOMIC para la asignaci\u00f3n de memoria correspondiente." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53100.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53100.json index 839c9c4ac4b..7a4ba97aefd 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53100.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53100.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53100", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:28.923", - "lastModified": "2025-05-02T16:15:28.923", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix WARNING in ext4_update_inline_data\n\nSyzbot found the following issue:\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none.\nfscrypt: AES-256-CTS-CBC using implementation \"cts-cbc-aes-aesni\"\nfscrypt: AES-256-XTS using implementation \"xts-aes-aesni\"\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 5071 at mm/page_alloc.c:5525 __alloc_pages+0x30a/0x560 mm/page_alloc.c:5525\nModules linked in:\nCPU: 1 PID: 5071 Comm: syz-executor263 Not tainted 6.2.0-rc1-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nRIP: 0010:__alloc_pages+0x30a/0x560 mm/page_alloc.c:5525\nRSP: 0018:ffffc90003c2f1c0 EFLAGS: 00010246\nRAX: ffffc90003c2f220 RBX: 0000000000000014 RCX: 0000000000000000\nRDX: 0000000000000028 RSI: 0000000000000000 RDI: ffffc90003c2f248\nRBP: ffffc90003c2f2d8 R08: dffffc0000000000 R09: ffffc90003c2f220\nR10: fffff52000785e49 R11: 1ffff92000785e44 R12: 0000000000040d40\nR13: 1ffff92000785e40 R14: dffffc0000000000 R15: 1ffff92000785e3c\nFS: 0000555556c0d300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f95d5e04138 CR3: 00000000793aa000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n __alloc_pages_node include/linux/gfp.h:237 [inline]\n alloc_pages_node include/linux/gfp.h:260 [inline]\n __kmalloc_large_node+0x95/0x1e0 mm/slab_common.c:1113\n __do_kmalloc_node mm/slab_common.c:956 [inline]\n __kmalloc+0xfe/0x190 mm/slab_common.c:981\n kmalloc include/linux/slab.h:584 [inline]\n kzalloc include/linux/slab.h:720 [inline]\n ext4_update_inline_data+0x236/0x6b0 fs/ext4/inline.c:346\n ext4_update_inline_dir fs/ext4/inline.c:1115 [inline]\n ext4_try_add_inline_entry+0x328/0x990 fs/ext4/inline.c:1307\n ext4_add_entry+0x5a4/0xeb0 fs/ext4/namei.c:2385\n ext4_add_nondir+0x96/0x260 fs/ext4/namei.c:2772\n ext4_create+0x36c/0x560 fs/ext4/namei.c:2817\n lookup_open fs/namei.c:3413 [inline]\n open_last_lookups fs/namei.c:3481 [inline]\n path_openat+0x12ac/0x2dd0 fs/namei.c:3711\n do_filp_open+0x264/0x4f0 fs/namei.c:3741\n do_sys_openat2+0x124/0x4e0 fs/open.c:1310\n do_sys_open fs/open.c:1326 [inline]\n __do_sys_openat fs/open.c:1342 [inline]\n __se_sys_openat fs/open.c:1337 [inline]\n __x64_sys_openat+0x243/0x290 fs/open.c:1337\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nAbove issue happens as follows:\next4_iget\n ext4_find_inline_data_nolock ->i_inline_off=164 i_inline_size=60\next4_try_add_inline_entry\n __ext4_mark_inode_dirty\n ext4_expand_extra_isize_ea ->i_extra_isize=32 s_want_extra_isize=44\n ext4_xattr_shift_entries\n\t ->after shift i_inline_off is incorrect, actually is change to 176\next4_try_add_inline_entry\n ext4_update_inline_dir\n get_max_inline_xattr_value_size\n if (EXT4_I(inode)->i_inline_off)\n\tentry = (struct ext4_xattr_entry *)((void *)raw_inode +\n\t\t\tEXT4_I(inode)->i_inline_off);\n free += EXT4_XATTR_SIZE(le32_to_cpu(entry->e_value_size));\n\t->As entry is incorrect, then 'free' may be negative\n ext4_update_inline_data\n value = kzalloc(len, GFP_NOFS);\n -> len is unsigned int, maybe very large, then trigger warning when\n 'kzalloc()'\n\nTo resolve the above issue we need to update 'i_inline_off' after\n'ext4_xattr_shift_entries()'. We do not need to set\nEXT4_STATE_MAY_INLINE_DATA flag here, since ext4_mark_inode_dirty()\nalready sets this flag if needed. Setting EXT4_STATE_MAY_INLINE_DATA\nwhen it is needed may trigger a BUG_ON in ext4_writepages()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: correcci\u00f3n de ADVERTENCIA en ext4_update_inline_data. Syzbot encontr\u00f3 el siguiente problema: EXT4-fs (loop0): sistema de archivos montado 00000000-0000-0000-0000-00000000000 sin registro. Modo de cuota: ninguno. fscrypt: AES-256-CTS-CBC con implementaci\u00f3n \"cts-cbc-aes-aesni\" fscrypt: AES-256-XTS con implementaci\u00f3n \"xts-aes-aesni\" ------------[ cortar aqu\u00ed ]------------ ADVERTENCIA: CPU: 0 PID: 5071 en mm/page_alloc.c:5525 __alloc_pages+0x30a/0x560 mm/page_alloc.c:5525 M\u00f3dulos vinculados: CPU: 1 PID: 5071 Comm: syz-executor263 No contaminado 6.2.0-rc1-syzkaller #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 26/10/2022 RIP: 0010:__alloc_pages+0x30a/0x560 mm/page_alloc.c:5525 RSP: 0018:ffffc90003c2f1c0 EFLAGS: 00010246 RAX: ffffc90003c2f220 RBX: 0000000000000014 RCX: 0000000000000000 RDX: 0000000000000028 RSI: 0000000000000000 RDI: ffffc90003c2f248 RBP: ffffc90003c2f2d8 R08: dffffc0000000000 R09: ffffc90003c2f220 R10: fffff52000785e49 R11: 1ffff92000785e44 R12: 0000000000040d40 R13: 1ffff92000785e40 R14: dffffc0000000000 R15: 1ffff92000785e3c FS: 0000555556c0d300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f95d5e04138 CR3: 00000000793aa000 CR4: 000000000003506f0 DR0: 00000000000000000 DR1: 00000000000000000 DR2: 00000000 __alloc_pages_node include/linux/gfp.h:237 [inline] alloc_pages_node include/linux/gfp.h:260 [inline] __kmalloc_large_node+0x95/0x1e0 mm/slab_common.c:1113 __do_kmalloc_node mm/slab_common.c:956 [inline] __kmalloc+0xfe/0x190 mm/slab_common.c:981 kmalloc include/linux/slab.h:584 [inline] kzalloc include/linux/slab.h:720 [inline] ext4_update_inline_data+0x236/0x6b0 fs/ext4/inline.c:346 ext4_update_inline_dir fs/ext4/inline.c:1115 [inline] ext4_try_add_inline_entry+0x328/0x990 fs/ext4/inline.c:1307 ext4_add_entry+0x5a4/0xeb0 fs/ext4/namei.c:2385 ext4_add_nondir+0x96/0x260 fs/ext4/namei.c:2772 ext4_create+0x36c/0x560 fs/ext4/namei.c:2817 lookup_open fs/namei.c:3413 [inline] open_last_lookups fs/namei.c:3481 [inline] path_openat+0x12ac/0x2dd0 fs/namei.c:3711 do_filp_open+0x264/0x4f0 fs/namei.c:3741 do_sys_openat2+0x124/0x4e0 fs/open.c:1310 do_sys_open fs/open.c:1326 [inline] __do_sys_openat fs/open.c:1342 [inline] __se_sys_openat fs/open.c:1337 [inline] __x64_sys_openat+0x243/0x290 fs/open.c:1337 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Above issue happens as follows: ext4_iget ext4_find_inline_data_nolock ->i_inline_off=164 i_inline_size=60 ext4_try_add_inline_entry __ext4_mark_inode_dirty ext4_expand_extra_isize_ea ->i_extra_isize=32 s_want_extra_isize=44 ext4_xattr_shift_entries ->after shift i_inline_off is incorrect, actually is change to 176 ext4_try_add_inline_entry ext4_update_inline_dir get_max_inline_xattr_value_size if (EXT4_I(inode)->i_inline_off) entry = (struct ext4_xattr_entry *)((void *)raw_inode + EXT4_I(inode)->i_inline_off); free += EXT4_XATTR_SIZE(le32_to_cpu(entry->e_value_size)); ->Como la entrada es incorrecta, entonces 'libre' puede ser negativo ext4_update_inline_data valor = kzalloc(len, GFP_NOFS); -> len es un entero sin signo, posiblemente muy grande, por lo que se activa una advertencia al ejecutar 'kzalloc()'. Para resolver el problema anterior, debemos actualizar 'i_inline_off' despu\u00e9s de 'ext4_xattr_shift_entries()'. No es necesario activar el indicador EXT4_STATE_MAY_INLINE_DATA, ya que ext4_mark_inode_dirty() ya lo activa si es necesario. Activar EXT4_STATE_MAY_INLINE_DATA cuando es necesario puede activar un error BUG_ON en ext4_writepages()." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53101.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53101.json index a5f3051eccd..3784f1d12fb 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53101.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53101.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53101", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:29.023", - "lastModified": "2025-05-02T16:15:29.023", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: zero i_disksize when initializing the bootloader inode\n\nIf the boot loader inode has never been used before, the\nEXT4_IOC_SWAP_BOOT inode will initialize it, including setting the\ni_size to 0. However, if the \"never before used\" boot loader has a\nnon-zero i_size, then i_disksize will be non-zero, and the\ninconsistency between i_size and i_disksize can trigger a kernel\nwarning:\n\n WARNING: CPU: 0 PID: 2580 at fs/ext4/file.c:319\n CPU: 0 PID: 2580 Comm: bb Not tainted 6.3.0-rc1-00004-g703695902cfa\n RIP: 0010:ext4_file_write_iter+0xbc7/0xd10\n Call Trace:\n vfs_write+0x3b1/0x5c0\n ksys_write+0x77/0x160\n __x64_sys_write+0x22/0x30\n do_syscall_64+0x39/0x80\n\nReproducer:\n 1. create corrupted image and mount it:\n mke2fs -t ext4 /tmp/foo.img 200\n debugfs -wR \"sif <5> size 25700\" /tmp/foo.img\n mount -t ext4 /tmp/foo.img /mnt\n cd /mnt\n echo 123 > file\n 2. Run the reproducer program:\n posix_memalign(&buf, 1024, 1024)\n fd = open(\"file\", O_RDWR | O_DIRECT);\n ioctl(fd, EXT4_IOC_SWAP_BOOT);\n write(fd, buf, 1024);\n\nFix this by setting i_disksize as well as i_size to zero when\ninitiaizing the boot loader inode." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: i_disksize cero al inicializar el inodo del cargador de arranque. Si el inodo del cargador de arranque nunca se ha usado antes, el inodo EXT4_IOC_SWAP_BOOT lo inicializar\u00e1, incluyendo el establecimiento de i_size a 0. Sin embargo, si el cargador de arranque \"nunca usado antes\" tiene un i_size distinto de cero, entonces i_disksize ser\u00e1 distinto de cero, y la inconsistencia entre i_size e i_disksize puede activar una advertencia del kernel: ADVERTENCIA: CPU: 0 PID: 2580 en fs/ext4/file.c:319 CPU: 0 PID: 2580 Comm: bb No contaminado 6.3.0-rc1-00004-g703695902cfa RIP: 0010:ext4_file_write_iter+0xbc7/0xd10 Rastreo de llamadas: vfs_write+0x3b1/0x5c0 ksys_write+0x77/0x160 __x64_sys_write+0x22/0x30 do_syscall_64+0x39/0x80 Reproductor: 1. crear una imagen da\u00f1ada y montarla: mke2fs -t ext4 /tmp/foo.img 200 debugfs -wR \"sif <5> size 25700\" /tmp/foo.img mount -t ext4 /tmp/foo.img /mnt cd /mnt echo 123 > file 2. Ejecutar el programa reproductor: posix_memalign(&buf, 1024, 1024) fd = open(\"file\", O_RDWR | Solucione esto configurando i_disksize e i_size en cero al iniciar el inodo del cargador de arranque." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53102.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53102.json index 315f5c0e348..13bdba5cc65 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53102.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53102.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53102", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:29.127", - "lastModified": "2025-05-02T16:15:29.127", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: xsk: disable txq irq before flushing hw\n\nice_qp_dis() intends to stop a given queue pair that is a target of xsk\npool attach/detach. One of the steps is to disable interrupts on these\nqueues. It currently is broken in a way that txq irq is turned off\n*after* HW flush which in turn takes no effect.\n\nice_qp_dis():\n-> ice_qvec_dis_irq()\n--> disable rxq irq\n--> flush hw\n-> ice_vsi_stop_tx_ring()\n-->disable txq irq\n\nBelow splat can be triggered by following steps:\n- start xdpsock WITHOUT loading xdp prog\n- run xdp_rxq_info with XDP_TX action on this interface\n- start traffic\n- terminate xdpsock\n\n[ 256.312485] BUG: kernel NULL pointer dereference, address: 0000000000000018\n[ 256.319560] #PF: supervisor read access in kernel mode\n[ 256.324775] #PF: error_code(0x0000) - not-present page\n[ 256.329994] PGD 0 P4D 0\n[ 256.332574] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 256.337006] CPU: 3 PID: 32 Comm: ksoftirqd/3 Tainted: G OE 6.2.0-rc5+ #51\n[ 256.345218] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019\n[ 256.355807] RIP: 0010:ice_clean_rx_irq_zc+0x9c/0x7d0 [ice]\n[ 256.361423] Code: b7 8f 8a 00 00 00 66 39 ca 0f 84 f1 04 00 00 49 8b 47 40 4c 8b 24 d0 41 0f b7 45 04 66 25 ff 3f 66 89 04 24 0f 84 85 02 00 00 <49> 8b 44 24 18 0f b7 14 24 48 05 00 01 00 00 49 89 04 24 49 89 44\n[ 256.380463] RSP: 0018:ffffc900088bfd20 EFLAGS: 00010206\n[ 256.385765] RAX: 000000000000003c RBX: 0000000000000035 RCX: 000000000000067f\n[ 256.393012] RDX: 0000000000000775 RSI: 0000000000000000 RDI: ffff8881deb3ac80\n[ 256.400256] RBP: 000000000000003c R08: ffff889847982710 R09: 0000000000010000\n[ 256.407500] R10: ffffffff82c060c0 R11: 0000000000000004 R12: 0000000000000000\n[ 256.414746] R13: ffff88811165eea0 R14: ffffc9000d255000 R15: ffff888119b37600\n[ 256.421990] FS: 0000000000000000(0000) GS:ffff8897e0cc0000(0000) knlGS:0000000000000000\n[ 256.430207] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 256.436036] CR2: 0000000000000018 CR3: 0000000005c0a006 CR4: 00000000007706e0\n[ 256.443283] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 256.450527] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 256.457770] PKRU: 55555554\n[ 256.460529] Call Trace:\n[ 256.463015] \n[ 256.465157] ? ice_xmit_zc+0x6e/0x150 [ice]\n[ 256.469437] ice_napi_poll+0x46d/0x680 [ice]\n[ 256.473815] ? _raw_spin_unlock_irqrestore+0x1b/0x40\n[ 256.478863] __napi_poll+0x29/0x160\n[ 256.482409] net_rx_action+0x136/0x260\n[ 256.486222] __do_softirq+0xe8/0x2e5\n[ 256.489853] ? smpboot_thread_fn+0x2c/0x270\n[ 256.494108] run_ksoftirqd+0x2a/0x50\n[ 256.497747] smpboot_thread_fn+0x1c1/0x270\n[ 256.501907] ? __pfx_smpboot_thread_fn+0x10/0x10\n[ 256.506594] kthread+0xea/0x120\n[ 256.509785] ? __pfx_kthread+0x10/0x10\n[ 256.513597] ret_from_fork+0x29/0x50\n[ 256.517238] \n\nIn fact, irqs were not disabled and napi managed to be scheduled and run\nwhile xsk_pool pointer was still valid, but SW ring of xdp_buff pointers\nwas already freed.\n\nTo fix this, call ice_qvec_dis_irq() after ice_vsi_stop_tx_ring(). Also\nwhile at it, remove redundant ice_clean_rx_ring() call - this is handled\nin ice_qp_clean_rings()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: xsk: deshabilitar la IRQ de txq antes de vaciar el hardware. ice_qp_dis() intenta detener un par de colas determinado que es objetivo de la conexi\u00f3n/desconexi\u00f3n del grupo xsk. Uno de los pasos consiste en deshabilitar las interrupciones en estas colas. Actualmente, el problema es que la IRQ de txq se desactiva *despu\u00e9s* de vaciar el hardware, lo que no tiene efecto. ice_qp_dis(): -> ice_qvec_dis_irq() --> deshabilitar irq rxq --> vaciar hw -> ice_vsi_stop_tx_ring() --> deshabilitar irq txq El splat que aparece a continuaci\u00f3n se puede activar siguiendo los pasos: - iniciar xdpsock SIN cargar el programa xdp - ejecutar xdp_rxq_info con la acci\u00f3n XDP_TX en esta interfaz - iniciar tr\u00e1fico - finalizar xdpsock [ 256.312485] ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000018 [ 256.319560] #PF: acceso de lectura del supervisor en modo kernel [ 256.324775] #PF: error_code(0x0000) - p\u00e1gina no presente [ 256.329994] PGD 0 P4D 0 [ 256.332574] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 256.337006] CPU: 3 PID: 32 Comm: ksoftirqd/3 Contaminado: G OE 6.2.0-rc5+ #51 [ 256.345218] Nombre del hardware: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019 [ 256.355807] RIP: 0010:ice_clean_rx_irq_zc+0x9c/0x7d0 [ice] [ 256.361423] Code: b7 8f 8a 00 00 00 66 39 ca 0f 84 f1 04 00 00 49 8b 47 40 4c 8b 24 d0 41 0f b7 45 04 66 25 ff 3f 66 89 04 24 0f 84 85 02 00 00 <49> 8b 44 24 18 0f b7 14 24 48 05 00 01 00 00 49 89 04 24 49 89 44 [ 256.380463] RSP: 0018:ffffc900088bfd20 EFLAGS: 00010206 [ 256.385765] RAX: 000000000000003c RBX: 0000000000000035 RCX: 000000000000067f [ 256.393012] RDX: 0000000000000775 RSI: 0000000000000000 RDI: ffff8881deb3ac80 [ 256.400256] RBP: 000000000000003c R08: ffff889847982710 R09: 0000000000010000 [ 256.407500] R10: ffffffff82c060c0 R11: 0000000000000004 R12: 0000000000000000 [ 256.414746] R13: ffff88811165eea0 R14: ffffc9000d255000 R15: ffff888119b37600 [ 256.421990] FS: 0000000000000000(0000) GS:ffff8897e0cc0000(0000) knlGS:0000000000000000 [ 256.430207] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 256.436036] CR2: 0000000000000018 CR3: 0000000005c0a006 CR4: 00000000007706e0 [ 256.443283] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 256.450527] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 256.457770] PKRU: 55555554 [ 256.460529] Call Trace: [ 256.463015] [ 256.465157] ? ice_xmit_zc+0x6e/0x150 [ice] [ 256.469437] ice_napi_poll+0x46d/0x680 [ice] [ 256.473815] ? _raw_spin_unlock_irqrestore+0x1b/0x40 [ 256.478863] __napi_poll+0x29/0x160 [ 256.482409] net_rx_action+0x136/0x260 [ 256.486222] __do_softirq+0xe8/0x2e5 [ 256.489853] ? smpboot_thread_fn+0x2c/0x270 [ 256.494108] run_ksoftirqd+0x2a/0x50 [ 256.497747] smpboot_thread_fn+0x1c1/0x270 [ 256.501907] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 256.506594] kthread+0xea/0x120 [ 256.509785] ? __pfx_kthread+0x10/0x10 [ 256.513597] ret_from_fork+0x29/0x50 [ 256.517238] De hecho, las IRQ no se deshabilitaron y napi logr\u00f3 programarse y ejecutarse mientras el puntero xsk_pool a\u00fan era v\u00e1lido, pero el anillo de SW de punteros xdp_buff ya estaba liberado. Para solucionar esto, llame a ice_qvec_dis_irq() despu\u00e9s de ice_vsi_stop_tx_ring(). Adem\u00e1s, elimine la llamada redundante a ice_clean_rx_ring(); esto se gestiona en ice_qp_clean_rings()." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53103.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53103.json index 04e6faebc24..fd3828b2b16 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53103.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53103.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53103", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:29.223", - "lastModified": "2025-05-02T16:15:29.223", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails\n\nsyzbot reported a warning[1] where the bond device itself is a slave and\nwe try to enslave a non-ethernet device as the first slave which fails\nbut then in the error path when ether_setup() restores the bond device\nit also clears all flags. In my previous fix[2] I restored the\nIFF_MASTER flag, but I didn't consider the case that the bond device\nitself might also be a slave with IFF_SLAVE set, so we need to restore\nthat flag as well. Use the bond_ether_setup helper which does the right\nthing and restores the bond's flags properly.\n\nSteps to reproduce using a nlmon dev:\n $ ip l add nlmon0 type nlmon\n $ ip l add bond1 type bond\n $ ip l add bond2 type bond\n $ ip l set bond1 master bond2\n $ ip l set dev nlmon0 master bond1\n $ ip -d l sh dev bond1\n 22: bond1: mtu 1500 qdisc noqueue master bond2 state DOWN mode DEFAULT group default qlen 1000\n (now bond1's IFF_SLAVE flag is gone and we'll hit a warning[3] if we\n try to delete it)\n\n[1] https://syzkaller.appspot.com/bug?id=391c7b1f6522182899efba27d891f1743e8eb3ef\n[2] commit 7d5cd2ce5292 (\"bonding: correctly handle bonding type change on enslave failure\")\n[3] example warning:\n [ 27.008664] bond1: (slave nlmon0): The slave device specified does not support setting the MAC address\n [ 27.008692] bond1: (slave nlmon0): Error -95 calling set_mac_address\n [ 32.464639] bond1 (unregistering): Released all slaves\n [ 32.464685] ------------[ cut here ]------------\n [ 32.464686] WARNING: CPU: 1 PID: 2004 at net/core/dev.c:10829 unregister_netdevice_many+0x72a/0x780\n [ 32.464694] Modules linked in: br_netfilter bridge bonding virtio_net\n [ 32.464699] CPU: 1 PID: 2004 Comm: ip Kdump: loaded Not tainted 5.18.0-rc3+ #47\n [ 32.464703] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.1-2.fc37 04/01/2014\n [ 32.464704] RIP: 0010:unregister_netdevice_many+0x72a/0x780\n [ 32.464707] Code: 99 fd ff ff ba 90 1a 00 00 48 c7 c6 f4 02 66 96 48 c7 c7 20 4d 35 96 c6 05 fa c7 2b 02 01 e8 be 6f 4a 00 0f 0b e9 73 fd ff ff <0f> 0b e9 5f fd ff ff 80 3d e3 c7 2b 02 00 0f 85 3b fd ff ff ba 59\n [ 32.464710] RSP: 0018:ffffa006422d7820 EFLAGS: 00010206\n [ 32.464712] RAX: ffff8f6e077140a0 RBX: ffffa006422d7888 RCX: 0000000000000000\n [ 32.464714] RDX: ffff8f6e12edbe58 RSI: 0000000000000296 RDI: ffffffff96d4a520\n [ 32.464716] RBP: ffff8f6e07714000 R08: ffffffff96d63600 R09: ffffa006422d7728\n [ 32.464717] R10: 0000000000000ec0 R11: ffffffff9698c988 R12: ffff8f6e12edb140\n [ 32.464719] R13: dead000000000122 R14: dead000000000100 R15: ffff8f6e12edb140\n [ 32.464723] FS: 00007f297c2f1740(0000) GS:ffff8f6e5d900000(0000) knlGS:0000000000000000\n [ 32.464725] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 32.464726] CR2: 00007f297bf1c800 CR3: 00000000115e8000 CR4: 0000000000350ee0\n [ 32.464730] Call Trace:\n [ 32.464763] \n [ 32.464767] rtnl_dellink+0x13e/0x380\n [ 32.464776] ? cred_has_capability.isra.0+0x68/0x100\n [ 32.464780] ? __rtnl_unlock+0x33/0x60\n [ 32.464783] ? bpf_lsm_capset+0x10/0x10\n [ 32.464786] ? security_capable+0x36/0x50\n [ 32.464790] rtnetlink_rcv_msg+0x14e/0x3b0\n [ 32.464792] ? _copy_to_iter+0xb1/0x790\n [ 32.464796] ? post_alloc_hook+0xa0/0x160\n [ 32.464799] ? rtnl_calcit.isra.0+0x110/0x110\n [ 32.464802] netlink_rcv_skb+0x50/0xf0\n [ 32.464806] netlink_unicast+0x216/0x340\n [ 32.464809] netlink_sendmsg+0x23f/0x480\n [ 32.464812] sock_sendmsg+0x5e/0x60\n [ 32.464815] ____sys_sendmsg+0x22c/0x270\n [ 32.464818] ? import_iovec+0x17/0x20\n [ 32.464821] ? sendmsg_copy_msghdr+0x59/0x90\n [ 32.464823] ? do_set_pte+0xa0/0xe0\n [ 32.464828] ___sys_sendmsg+0x81/0xc0\n [ 32.464832] ? mod_objcg_state+0xc6/0x300\n [ 32.464835] ? refill_obj_stock+0xa9/0x160\n [ 32.464838] ? memcg_slab_free_hook+0x1a5/0x1f0\n [ 32.464842] __sys_sendm\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: enlace: restaurar el indicador IFF_SLAVE del enlace si falla la ejecuci\u00f3n de un dispositivo no ethernet. syzbot report\u00f3 una advertencia[1] donde el dispositivo de enlace es esclavo e intentamos ejecutar un dispositivo no ethernet como primer esclavo, lo cual falla. Sin embargo, en la ruta de error, cuando ether_setup() restaura el dispositivo de enlace, tambi\u00e9n borra todos los indicadores. En mi correcci\u00f3n anterior[2], restaur\u00e9 el indicador IFF_MASTER, pero no consider\u00e9 la posibilidad de que el dispositivo de enlace tambi\u00e9n sea esclavo con IFF_SLAVE activado, por lo que tambi\u00e9n debemos restaurar ese indicador. Use el asistente bond_ether_setup, que realiza la acci\u00f3n correcta y restaura los indicadores del enlace correctamente. Pasos para reproducir usando un dev nlmon: $ ip l add nlmon0 type nlmon $ ip l add bond1 type bond $ ip l add bond2 type bond $ ip l set bond1 master bond2 $ ip l set dev nlmon0 master bond1 $ ip -dl sh dev bond1 22: bond1: mtu 1500 qdisc noqueue master bond2 state DOWN mode DEFAULT group default qlen 1000 (ahora el indicador IFF_SLAVE de bond1 desapareci\u00f3 y recibiremos una advertencia[3] si intentamos eliminarlo) [1] https://syzkaller.appspot.com/bug?id=391c7b1f6522182899efba27d891f1743e8eb3ef [2] commit 7d5cd2ce5292 (\"bonding: \"Manejar correctamente el cambio de tipo de enlace en caso de fallo de esclavizaci\u00f3n\") [3] Ejemplo de advertencia: [27.008664] bond1: (esclavo nlmon0): El dispositivo esclavo especificado no admite la configuraci\u00f3n de la direcci\u00f3n MAC [27.008692] bond1: (esclavo nlmon0): Error -95 al llamar a set_mac_address [32.464639] bond1 (anulando registro): Se liberaron todos los esclavos [32.464685] ------------[cortar aqu\u00ed]------------ [32.464686] ADVERTENCIA: CPU: 1 PID: 2004 en net/core/dev.c:10829 unregister_netdevice_many+0x72a/0x780 [32.464694] M\u00f3dulos vinculados: br_netfilter puente enlace virtio_net [32.464699] CPU: 1 PID: 2004 Comm: ip Kdump: cargado No contaminado 5.18.0-rc3+ #47 [ 32.464703] Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.1-2.fc37 01/04/2014 [ 32.464704] RIP: 0010:unregister_netdevice_many+0x72a/0x780 [ 32.464707] C\u00f3digo: 99 fd ff ff ba 90 1a 00 00 48 c7 c6 f4 02 66 96 48 c7 c7 20 4d 35 96 c6 05 fa c7 2b 02 01 e8 be 6f 4a 00 0f 0b e9 73 fd ff ff <0f> 0b e9 5f fd ff ff 80 3d e3 c7 2b 02 00 0f 85 3b fd ff ff ba 59 [ 32.464710] RSP: 0018:ffffa006422d7820 EFLAGS: 00010206 [ 32.464712] RAX: ffff8f6e077140a0 RBX: ffffa006422d7888 RCX: 0000000000000000 [ 32.464714] RDX: ffff8f6e12edbe58 RSI: 0000000000000296 RDI: ffffffff96d4a520 [32.464716] RBP: ffff8f6e07714000 R08: ffffffff96d63600 R09: ffffa006422d7728 [32.464717] R10: 000000000000ec0 R11: ffffffff9698c988 R12: ffff8f6e12edb140 [32.464719] R13: muerto000000000122 R14: muerto000000000100 R15: ffff8f6e12edb140 [32.464723] FS: 00007f297c2f1740(0000) GS:ffff8f6e5d900000(0000) knlGS:0000000000000000 [ 32.464725] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.464726] CR2: 00007f297bf1c800 CR3: 00000000115e8000 CR4: 0000000000350ee0 [ 32.464730] Rastreo de llamadas: [ 32.464763] [ 32.464767] rtnl_dellink+0x13e/0x380 [ 32.464776] ? cred_has_capability.isra.0+0x68/0x100 [ 32.464780] ? __rtnl_unlock+0x33/0x60 [ 32.464783] ? bpf_lsm_capset+0x10/0x10 [ 32.464786] ? security_capable+0x36/0x50 [ 32.464790] rtnetlink_rcv_msg+0x14e/0x3b0 [ 32.464792] ? _copy_to_iter+0xb1/0x790 [ 32.464796] ? post_alloc_hook+0xa0/0x160 [ 32.464799] ? rtnl_calcit.isra.0+0x110/0x110 [ 32.464802] netlink_rcv_skb+0x50/0xf0 [ 32.464806] netlink_unicast+0x216/0x340 [ 32.464809] netlink_sendmsg+0x23f/0x480 [ 32.464812] sock_sendmsg+0x5e/0x60 [ 32.464815] ____sys_sendmsg+0x22c/0x270 [ 32.464818] ? import_iovec+0x17/0x20 [ 32.464821] ? sendmsg_copy_msghdr+0x59/0x90 [ 32.464823] ? do_set_pte+0xa0/0xe0 [ 32.464828] ___sys_sendmsg+0x81/0xc0 [ 32.464832] ? mod_objcg_state+0xc6/0x300 [ 32.464835] ? refill_obj_stock+0xa9/0x160 [ 32.464838] ? memcg_slab_free_hook+0x1a5/0x1f0 [ 32.464842] __sys_sendm ---truncado---" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53104.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53104.json index 2cc79a38c3f..60795d6ca72 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53104.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53104.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53104", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:29.317", - "lastModified": "2025-05-02T16:15:29.317", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull\n\nPacket length check needs to be located after size and align_count\ncalculation to prevent kernel panic in skb_pull() in case\nrx_cmd_a & RX_CMD_A_RED evaluates to true." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: usb: smsc75xx: Mover la comprobaci\u00f3n de la longitud del paquete para evitar el p\u00e1nico del kernel en skb_pull La comprobaci\u00f3n de la longitud del paquete se debe ubicar despu\u00e9s del c\u00e1lculo de tama\u00f1o y align_count para evitar el p\u00e1nico del kernel en skb_pull() en caso de que rx_cmd_a y RX_CMD_A_RED se eval\u00faen como verdaderos." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53105.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53105.json index a1f39fd2f96..77d151ddfee 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53105.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53105.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53105", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:29.430", - "lastModified": "2025-05-02T16:15:29.430", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix cleanup null-ptr deref on encap lock\n\nDuring module is unloaded while a peer tc flow is still offloaded,\nfirst the peer uplink rep profile is changed to a nic profile, and so\nneigh encap lock is destroyed. Next during unload, the VF reps netdevs\nare unregistered which causes the original non-peer tc flow to be deleted,\nwhich deletes the peer flow. The peer flow deletion detaches the encap\nentry and try to take the already destroyed encap lock, causing the\nbelow trace.\n\nFix this by clearing peer flows during tc eswitch cleanup\n(mlx5e_tc_esw_cleanup()).\n\nRelevant trace:\n[ 4316.837128] BUG: kernel NULL pointer dereference, address: 00000000000001d8\n[ 4316.842239] RIP: 0010:__mutex_lock+0xb5/0xc40\n[ 4316.851897] Call Trace:\n[ 4316.852481] \n[ 4316.857214] mlx5e_rep_neigh_entry_release+0x93/0x790 [mlx5_core]\n[ 4316.858258] mlx5e_rep_encap_entry_detach+0xa7/0xf0 [mlx5_core]\n[ 4316.859134] mlx5e_encap_dealloc+0xa3/0xf0 [mlx5_core]\n[ 4316.859867] clean_encap_dests.part.0+0x5c/0xe0 [mlx5_core]\n[ 4316.860605] mlx5e_tc_del_fdb_flow+0x32a/0x810 [mlx5_core]\n[ 4316.862609] __mlx5e_tc_del_fdb_peer_flow+0x1a2/0x250 [mlx5_core]\n[ 4316.863394] mlx5e_tc_del_flow+0x(/0x630 [mlx5_core]\n[ 4316.864090] mlx5e_flow_put+0x5f/0x100 [mlx5_core]\n[ 4316.864771] mlx5e_delete_flower+0x4de/0xa40 [mlx5_core]\n[ 4316.865486] tc_setup_cb_reoffload+0x20/0x80\n[ 4316.865905] fl_reoffload+0x47c/0x510 [cls_flower]\n[ 4316.869181] tcf_block_playback_offloads+0x91/0x1d0\n[ 4316.869649] tcf_block_unbind+0xe7/0x1b0\n[ 4316.870049] tcf_block_offload_cmd.isra.0+0x1ee/0x270\n[ 4316.879266] tcf_block_offload_unbind+0x61/0xa0\n[ 4316.879711] __tcf_block_put+0xa4/0x310" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5e: Se corrige la limpieza de null-ptr deref en el bloqueo de encap. Durante la descarga del m\u00f3dulo mientras un flujo tc de igual a\u00fan est\u00e1 descargado, primero se cambia el perfil de representante de enlace ascendente de igual a un perfil NIC, y as\u00ed se destruye el bloqueo de encap vecino. A continuaci\u00f3n, durante la descarga, se anula el registro de los representantes VF netdevs, lo que provoca la eliminaci\u00f3n del flujo tc original no par, lo que elimina el flujo par. La eliminaci\u00f3n del flujo par separa la entrada de encap e intenta tomar el bloqueo de encap ya destruido, causando el siguiente rastro. Solucione esto borrando los flujos de igual durante la limpieza del conmutador de eswitch de tc (mlx5e_tc_esw_cleanup()). Rastreo relevante: [ 4316.837128] ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 00000000000001d8 [ 4316.842239] RIP: 0010:__mutex_lock+0xb5/0xc40 [ 4316.851897] Rastreo de llamada: [ 4316.852481] [ 4316.857214] mlx5e_rep_neigh_entry_release+0x93/0x790 [mlx5_core] [ 4316.858258] mlx5e_rep_encap_entry_detach+0xa7/0xf0 [mlx5_core] [ 4316.859134] mlx5e_encap_dealloc+0xa3/0xf0 [mlx5_core] [ 4316.859867] clean_encap_dests.part.0+0x5c/0xe0 [mlx5_core] [ 4316.860605] mlx5e_tc_del_fdb_flow+0x32a/0x810 [mlx5_core] [ 4316.862609] __mlx5e_tc_del_fdb_peer_flow+0x1a2/0x250 [mlx5_core] [ 4316.863394] mlx5e_tc_del_flow+0x(/0x630 [mlx5_core] [ 4316.864090] mlx5e_flow_put+0x5f/0x100 [mlx5_core] [ 4316.864771] mlx5e_delete_flower+0x4de/0xa40 [mlx5_core] [ 4316.865486] tc_setup_cb_reoffload+0x20/0x80 [ 4316.865905] fl_reoffload+0x47c/0x510 [cls_flower] [ 4316.869181] tcf_block_playback_offloads+0x91/0x1d0 [ 4316.869649] tcf_block_unbind+0xe7/0x1b0 [ 4316.870049] tcf_block_offload_cmd.isra.0+0x1ee/0x270 [ 4316.879266] tcf_block_offload_unbind+0x61/0xa0 [ 4316.879711] __tcf_block_put+0xa4/0x310 " } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53106.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53106.json index e32b234ca31..4ed10853f1c 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53106.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53106.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53106", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:29.520", - "lastModified": "2025-05-02T16:15:29.520", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: st-nci: Fix use after free bug in ndlc_remove due to race condition\n\nThis bug influences both st_nci_i2c_remove and st_nci_spi_remove.\nTake st_nci_i2c_remove as an example.\n\nIn st_nci_i2c_probe, it called ndlc_probe and bound &ndlc->sm_work\nwith llt_ndlc_sm_work.\n\nWhen it calls ndlc_recv or timeout handler, it will finally call\nschedule_work to start the work.\n\nWhen we call st_nci_i2c_remove to remove the driver, there\nmay be a sequence as follows:\n\nFix it by finishing the work before cleanup in ndlc_remove\n\nCPU0 CPU1\n\n |llt_ndlc_sm_work\nst_nci_i2c_remove |\n ndlc_remove |\n st_nci_remove |\n nci_free_device|\n kfree(ndev) |\n//free ndlc->ndev |\n |llt_ndlc_rcv_queue\n |nci_recv_frame\n |//use ndlc->ndev" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfc: st-nci: Fix use after free bug en ndlc_remove debido a una condici\u00f3n de ejecuci\u00f3n Este error afecta tanto a st_nci_i2c_remove como a st_nci_spi_remove. Tomemos st_nci_i2c_remove como ejemplo. En st_nci_i2c_probe, llam\u00f3 a ndlc_probe y vincul\u00f3 &ndlc->sm_work con llt_ndlc_sm_work. Cuando llama a ndlc_recv o al controlador de tiempo de espera, finalmente llamar\u00e1 a schedule_work para iniciar el trabajo. Cuando llamamos a st_nci_i2c_remove para eliminar el controlador, puede haber una secuencia como la siguiente: Arr\u00e9glelo finalizando el trabajo antes de la limpieza en ndlc_remove CPU0 CPU1 |llt_ndlc_sm_work st_nci_i2c_remove | ndlc_remove | st_nci_remove | nci_free_device| kfree(ndev) | //liberar ndlc->ndev | |llt_ndlc_rcv_queue |nci_recv_frame |//usar ndlc->ndev" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53107.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53107.json index 6ddb44a27ed..78b382a559b 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53107.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53107.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53107", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:29.620", - "lastModified": "2025-05-02T16:15:29.620", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nveth: Fix use after free in XDP_REDIRECT\n\nCommit 718a18a0c8a6 (\"veth: Rework veth_xdp_rcv_skb in order\nto accept non-linear skb\") introduced a bug where it tried to\nuse pskb_expand_head() if the headroom was less than\nXDP_PACKET_HEADROOM. This however uses kmalloc to expand the head,\nwhich will later allow consume_skb() to free the skb while is it still\nin use by AF_XDP.\n\nPreviously if the headroom was less than XDP_PACKET_HEADROOM we\ncontinued on to allocate a new skb from pages so this restores that\nbehavior.\n\nBUG: KASAN: use-after-free in __xsk_rcv+0x18d/0x2c0\nRead of size 78 at addr ffff888976250154 by task napi/iconduit-g/148640\n\nCPU: 5 PID: 148640 Comm: napi/iconduit-g Kdump: loaded Tainted: G O 6.1.4-cloudflare-kasan-2023.1.2 #1\nHardware name: Quanta Computer Inc. QuantaPlex T41S-2U/S2S-MB, BIOS S2S_3B10.03 06/21/2018\nCall Trace:\n \n dump_stack_lvl+0x34/0x48\n print_report+0x170/0x473\n ? __xsk_rcv+0x18d/0x2c0\n kasan_report+0xad/0x130\n ? __xsk_rcv+0x18d/0x2c0\n kasan_check_range+0x149/0x1a0\n memcpy+0x20/0x60\n __xsk_rcv+0x18d/0x2c0\n __xsk_map_redirect+0x1f3/0x490\n ? veth_xdp_rcv_skb+0x89c/0x1ba0 [veth]\n xdp_do_redirect+0x5ca/0xd60\n veth_xdp_rcv_skb+0x935/0x1ba0 [veth]\n ? __netif_receive_skb_list_core+0x671/0x920\n ? veth_xdp+0x670/0x670 [veth]\n veth_xdp_rcv+0x304/0xa20 [veth]\n ? do_xdp_generic+0x150/0x150\n ? veth_xdp_rcv_one+0xde0/0xde0 [veth]\n ? _raw_spin_lock_bh+0xe0/0xe0\n ? newidle_balance+0x887/0xe30\n ? __perf_event_task_sched_in+0xdb/0x800\n veth_poll+0x139/0x571 [veth]\n ? veth_xdp_rcv+0xa20/0xa20 [veth]\n ? _raw_spin_unlock+0x39/0x70\n ? finish_task_switch.isra.0+0x17e/0x7d0\n ? __switch_to+0x5cf/0x1070\n ? __schedule+0x95b/0x2640\n ? io_schedule_timeout+0x160/0x160\n __napi_poll+0xa1/0x440\n napi_threaded_poll+0x3d1/0x460\n ? __napi_poll+0x440/0x440\n ? __kthread_parkme+0xc6/0x1f0\n ? __napi_poll+0x440/0x440\n kthread+0x2a2/0x340\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n \n\nFreed by task 148640:\n kasan_save_stack+0x23/0x50\n kasan_set_track+0x21/0x30\n kasan_save_free_info+0x2a/0x40\n ____kasan_slab_free+0x169/0x1d0\n slab_free_freelist_hook+0xd2/0x190\n __kmem_cache_free+0x1a1/0x2f0\n skb_release_data+0x449/0x600\n consume_skb+0x9f/0x1c0\n veth_xdp_rcv_skb+0x89c/0x1ba0 [veth]\n veth_xdp_rcv+0x304/0xa20 [veth]\n veth_poll+0x139/0x571 [veth]\n __napi_poll+0xa1/0x440\n napi_threaded_poll+0x3d1/0x460\n kthread+0x2a2/0x340\n ret_from_fork+0x22/0x30\n\nThe buggy address belongs to the object at ffff888976250000\n which belongs to the cache kmalloc-2k of size 2048\nThe buggy address is located 340 bytes inside of\n 2048-byte region [ffff888976250000, ffff888976250800)\n\nThe buggy address belongs to the physical page:\npage:00000000ae18262a refcount:2 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x976250\nhead:00000000ae18262a order:3 compound_mapcount:0 compound_pincount:0\nflags: 0x2ffff800010200(slab|head|node=0|zone=2|lastcpupid=0x1ffff)\nraw: 002ffff800010200 0000000000000000 dead000000000122 ffff88810004cf00\nraw: 0000000000000000 0000000080080008 00000002ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffff888976250000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff888976250080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n> ffff888976250100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff888976250180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff888976250200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: veth: Correcci\u00f3n del use after free en XDP_REDIRECT. el commit 718a18a0c8a6 (\"veth: Reestructurar veth_xdp_rcv_skb para aceptar skb no lineal\") introdujo un error que provocaba que se intentara usar pskb_expand_head() si el espacio libre era inferior a XDP_PACKET_HEADROOM. Sin embargo, esto utiliza kmalloc para expandir el espacio libre, lo que posteriormente permitir\u00e1 que consuma_skb() libere el skb mientras AF_XDP lo siga utilizando. Anteriormente, si el espacio libre era inferior a XDP_PACKET_HEADROOM, se asignaba un nuevo skb desde las p\u00e1ginas, por lo que esto restaura ese comportamiento. ERROR: KASAN: use-after-free en __xsk_rcv+0x18d/0x2c0 Lectura de tama\u00f1o 78 en la direcci\u00f3n ffff888976250154 por la tarea napi/iconduit-g/148640 CPU: 5 PID: 148640 Comm: napi/iconduit-g Kdump: cargado Contaminado: GO 6.1.4-cloudflare-kasan-2023.1.2 #1 Nombre del hardware: Quanta Computer Inc. QuantaPlex T41S-2U/S2S-MB, BIOS S2S_3B10.03 21/06/2018 Seguimiento de llamadas: dump_stack_lvl+0x34/0x48 print_report+0x170/0x473 ? __xsk_rcv+0x18d/0x2c0 kasan_report+0xad/0x130 ? __xsk_rcv+0x18d/0x2c0 kasan_check_range+0x149/0x1a0 memcpy+0x20/0x60 __xsk_rcv+0x18d/0x2c0 __xsk_map_redirect+0x1f3/0x490 ? veth_xdp_rcv_skb+0x89c/0x1ba0 [veth] xdp_do_redirect+0x5ca/0xd60 veth_xdp_rcv_skb+0x935/0x1ba0 [veth] ? __netif_receive_skb_list_core+0x671/0x920 ? veth_xdp+0x670/0x670 [veth] veth_xdp_rcv+0x304/0xa20 [veth] ? do_xdp_generic+0x150/0x150 ? veth_xdp_rcv_one+0xde0/0xde0 [veth] ? _raw_spin_lock_bh+0xe0/0xe0 ? newidle_balance+0x887/0xe30 ? __perf_event_task_sched_in+0xdb/0x800 veth_poll+0x139/0x571 [veth] ? veth_xdp_rcv+0xa20/0xa20 [veth] ? _raw_spin_unlock+0x39/0x70 ? finish_task_switch.isra.0+0x17e/0x7d0 ? __switch_to+0x5cf/0x1070 ? __schedule+0x95b/0x2640 ? io_schedule_timeout+0x160/0x160 __napi_poll+0xa1/0x440 napi_threaded_poll+0x3d1/0x460 ? __napi_poll+0x440/0x440 ? __kthread_parkme+0xc6/0x1f0 ? __napi_poll+0x440/0x440 kthread+0x2a2/0x340 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x22/0x30 Freed by task 148640: kasan_save_stack+0x23/0x50 kasan_set_track+0x21/0x30 kasan_save_free_info+0x2a/0x40 ____kasan_slab_free+0x169/0x1d0 slab_free_freelist_hook+0xd2/0x190 __kmem_cache_free+0x1a1/0x2f0 skb_release_data+0x449/0x600 consume_skb+0x9f/0x1c0 veth_xdp_rcv_skb+0x89c/0x1ba0 [veth] veth_xdp_rcv+0x304/0xa20 [veth] veth_poll+0x139/0x571 [veth] __napi_poll+0xa1/0x440 napi_threaded_poll+0x3d1/0x460 kthread+0x2a2/0x340 ret_from_fork+0x22/0x30 The buggy address belongs to the object at ffff888976250000 which belongs to the cache kmalloc-2k of size 2048 The buggy address is located 340 bytes inside of 2048-byte region [ffff888976250000, ffff888976250800) The buggy address belongs to the physical page: page:00000000ae18262a refcount:2 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x976250 head:00000000ae18262a order:3 compound_mapcount:0 compound_pincount:0 flags: 0x2ffff800010200(slab|head|node=0|zone=2|lastcpupid=0x1ffff) raw: 002ffff800010200 0000000000000000 dead000000000122 ffff88810004cf00 raw: 0000000000000000 0000000080080008 00000002ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888976250000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888976250080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb > ffff888976250100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888976250180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888976250200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb " } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53108.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53108.json index 10ce8446eac..5d962e2be0a 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53108.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53108.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53108", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:29.713", - "lastModified": "2025-05-02T16:15:29.713", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/iucv: Fix size of interrupt data\n\niucv_irq_data needs to be 4 bytes larger.\nThese bytes are not used by the iucv module, but written by\nthe z/VM hypervisor in case a CPU is deconfigured.\n\nReported as:\nBUG dma-kmalloc-64 (Not tainted): kmalloc Redzone overwritten\n-----------------------------------------------------------------------------\n0x0000000000400564-0x0000000000400567 @offset=1380. First byte 0x80 instead of 0xcc\nAllocated in iucv_cpu_prepare+0x44/0xd0 age=167839 cpu=2 pid=1\n__kmem_cache_alloc_node+0x166/0x450\nkmalloc_node_trace+0x3a/0x70\niucv_cpu_prepare+0x44/0xd0\ncpuhp_invoke_callback+0x156/0x2f0\ncpuhp_issue_call+0xf0/0x298\n__cpuhp_setup_state_cpuslocked+0x136/0x338\n__cpuhp_setup_state+0xf4/0x288\niucv_init+0xf4/0x280\ndo_one_initcall+0x78/0x390\ndo_initcalls+0x11a/0x140\nkernel_init_freeable+0x25e/0x2a0\nkernel_init+0x2e/0x170\n__ret_from_fork+0x3c/0x58\nret_from_fork+0xa/0x40\nFreed in iucv_init+0x92/0x280 age=167839 cpu=2 pid=1\n__kmem_cache_free+0x308/0x358\niucv_init+0x92/0x280\ndo_one_initcall+0x78/0x390\ndo_initcalls+0x11a/0x140\nkernel_init_freeable+0x25e/0x2a0\nkernel_init+0x2e/0x170\n__ret_from_fork+0x3c/0x58\nret_from_fork+0xa/0x40\nSlab 0x0000037200010000 objects=32 used=30 fp=0x0000000000400640 flags=0x1ffff00000010200(slab|head|node=0|zone=0|\nObject 0x0000000000400540 @offset=1344 fp=0x0000000000000000\nRedzone 0000000000400500: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................\nRedzone 0000000000400510: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................\nRedzone 0000000000400520: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................\nRedzone 0000000000400530: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................\nObject 0000000000400540: 00 01 00 03 00 00 00 00 00 00 00 00 00 00 00 00 ................\nObject 0000000000400550: f3 86 81 f2 f4 82 f8 82 f0 f0 f0 f0 f0 f0 f0 f2 ................\nObject 0000000000400560: 00 00 00 00 80 00 00 00 cc cc cc cc cc cc cc cc ................\nObject 0000000000400570: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................\nRedzone 0000000000400580: cc cc cc cc cc cc cc cc ........\nPadding 00000000004005d4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ\nPadding 00000000004005e4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ\nPadding 00000000004005f4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZ\nCPU: 6 PID: 121030 Comm: 116-pai-crypto. Not tainted 6.3.0-20230221.rc0.git4.99b8246b2d71.300.fc37.s390x+debug #1\nHardware name: IBM 3931 A01 704 (z/VM 7.3.0)\nCall Trace:\n[<000000032aa034ec>] dump_stack_lvl+0xac/0x100\n[<0000000329f5a6cc>] check_bytes_and_report+0x104/0x140\n[<0000000329f5aa78>] check_object+0x370/0x3c0\n[<0000000329f5ede6>] free_debug_processing+0x15e/0x348\n[<0000000329f5f06a>] free_to_partial_list+0x9a/0x2f0\n[<0000000329f5f4a4>] __slab_free+0x1e4/0x3a8\n[<0000000329f61768>] __kmem_cache_free+0x308/0x358\n[<000000032a91465c>] iucv_cpu_dead+0x6c/0x88\n[<0000000329c2fc66>] cpuhp_invoke_callback+0x156/0x2f0\n[<000000032aa062da>] _cpu_down.constprop.0+0x22a/0x5e0\n[<0000000329c3243e>] cpu_device_down+0x4e/0x78\n[<000000032a61dee0>] device_offline+0xc8/0x118\n[<000000032a61e048>] online_store+0x60/0xe0\n[<000000032a08b6b0>] kernfs_fop_write_iter+0x150/0x1e8\n[<0000000329fab65c>] vfs_write+0x174/0x360\n[<0000000329fab9fc>] ksys_write+0x74/0x100\n[<000000032aa03a5a>] __do_syscall+0x1da/0x208\n[<000000032aa177b2>] system_call+0x82/0xb0\nINFO: lockdep is turned off.\nFIX dma-kmalloc-64: Restoring kmalloc Redzone 0x0000000000400564-0x0000000000400567=0xcc\nFIX dma-kmalloc-64: Object at 0x0000000000400540 not freed" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/iucv: Se corrige que el tama\u00f1o de los datos de interrupci\u00f3n iucv_irq_data deba ser 4 bytes mayor. Estos bytes no son utilizados por el m\u00f3dulo iucv, sino por el hipervisor z/VM en caso de desconfiguraci\u00f3n de una CPU. Reportado como: BUG dma-kmalloc-64 (No contaminado): kmalloc Redzone sobrescrito ----------------------------------------------------------------------------- 0x0000000000400564-0x0000000000400567 @offset=1380. First byte 0x80 instead of 0xcc Allocated in iucv_cpu_prepare+0x44/0xd0 age=167839 cpu=2 pid=1 __kmem_cache_alloc_node+0x166/0x450 kmalloc_node_trace+0x3a/0x70 iucv_cpu_prepare+0x44/0xd0 cpuhp_invoke_callback+0x156/0x2f0 cpuhp_issue_call+0xf0/0x298 __cpuhp_setup_state_cpuslocked+0x136/0x338 __cpuhp_setup_state+0xf4/0x288 iucv_init+0xf4/0x280 do_one_initcall+0x78/0x390 do_initcalls+0x11a/0x140 kernel_init_freeable+0x25e/0x2a0 kernel_init+0x2e/0x170 __ret_from_fork+0x3c/0x58 ret_from_fork+0xa/0x40 Freed in iucv_init+0x92/0x280 age=167839 cpu=2 pid=1 __kmem_cache_free+0x308/0x358 iucv_init+0x92/0x280 do_one_initcall+0x78/0x390 do_initcalls+0x11a/0x140 kernel_init_freeable+0x25e/0x2a0 kernel_init+0x2e/0x170 __ret_from_fork+0x3c/0x58 ret_from_fork+0xa/0x40 Slab 0x0000037200010000 objects=32 used=30 fp=0x0000000000400640 flags=0x1ffff00000010200(slab|head|node=0|zone=0| Object 0x0000000000400540 @offset=1344 fp=0x0000000000000000 Redzone 0000000000400500: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000000400510: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000000400520: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000000400530: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Object 0000000000400540: 00 01 00 03 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object 0000000000400550: f3 86 81 f2 f4 82 f8 82 f0 f0 f0 f0 f0 f0 f0 f2 ................ Object 0000000000400560: 00 00 00 00 80 00 00 00 cc cc cc cc cc cc cc cc ................ Object 0000000000400570: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000000400580: cc cc cc cc cc cc cc cc ........ Padding 00000000004005d4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000004005e4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000004005f4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZ CPU: 6 PID: 121030 Comm: 116-pai-crypto. Not tainted 6.3.0-20230221.rc0.git4.99b8246b2d71.300.fc37.s390x+debug #1 Hardware name: IBM 3931 A01 704 (z/VM 7.3.0) Rastreo de llamadas: [<000000032aa034ec>] dump_stack_lvl+0xac/0x100 [<0000000329f5a6cc>] check_bytes_and_report+0x104/0x140 [<0000000329f5aa78>] check_object+0x370/0x3c0 [<0000000329f5ede6>] free_debug_processing+0x15e/0x348 [<0000000329f5f06a>] free_to_partial_list+0x9a/0x2f0 [<0000000329f5f4a4>] __slab_free+0x1e4/0x3a8 [<0000000329f61768>] __kmem_cache_free+0x308/0x358 [<000000032a91465c>] iucv_cpu_dead+0x6c/0x88 [<0000000329c2fc66>] cpuhp_invoke_callback+0x156/0x2f0 [<000000032aa062da>] _cpu_down.constprop.0+0x22a/0x5e0 [<0000000329c3243e>] cpu_device_down+0x4e/0x78 [<000000032a61dee0>] device_offline+0xc8/0x118 [<000000032a61e048>] online_store+0x60/0xe0 [<000000032a08b6b0>] kernfs_fop_write_iter+0x150/0x1e8 [<0000000329fab65c>] vfs_write+0x174/0x360 [<0000000329fab9fc>] ksys_write+0x74/0x100 [<000000032aa03a5a>] __do_syscall+0x1da/0x208 [<000000032aa177b2>] system_call+0x82/0xb0 INFORMACI\u00d3N: LockDep est\u00e1 desactivado. CORRECCI\u00d3N dma-kmalloc-64: Restaurando la zona roja de kmalloc 0x0000000000400564-0x0000000000400567=0xcc CORRECCI\u00d3N dma-kmalloc-64: Objeto en 0x0000000000400540 no liberado." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53109.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53109.json index 0916aeb5277..28fdcf45522 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53109.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53109.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53109", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:29.823", - "lastModified": "2025-05-02T16:15:29.823", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tunnels: annotate lockless accesses to dev->needed_headroom\n\nIP tunnels can apparently update dev->needed_headroom\nin their xmit path.\n\nThis patch takes care of three tunnels xmit, and also the\ncore LL_RESERVED_SPACE() and LL_RESERVED_SPACE_EXTRA()\nhelpers.\n\nMore changes might be needed for completeness.\n\nBUG: KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit\n\nread to 0xffff88815b9da0ec of 2 bytes by task 888 on cpu 1:\nip_tunnel_xmit+0x1270/0x1730 net/ipv4/ip_tunnel.c:803\n__gre_xmit net/ipv4/ip_gre.c:469 [inline]\nipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661\n__netdev_start_xmit include/linux/netdevice.h:4881 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4895 [inline]\nxmit_one net/core/dev.c:3580 [inline]\ndev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596\n__dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246\ndev_queue_xmit include/linux/netdevice.h:3051 [inline]\nneigh_direct_output+0x17/0x20 net/core/neighbour.c:1623\nneigh_output include/net/neighbour.h:546 [inline]\nip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228\nip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316\nNF_HOOK_COND include/linux/netfilter.h:291 [inline]\nip_output+0xe5/0x1b0 net/ipv4/ip_output.c:430\ndst_output include/net/dst.h:444 [inline]\nip_local_out+0x64/0x80 net/ipv4/ip_output.c:126\niptunnel_xmit+0x34a/0x4b0 net/ipv4/ip_tunnel_core.c:82\nip_tunnel_xmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813\n__gre_xmit net/ipv4/ip_gre.c:469 [inline]\nipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661\n__netdev_start_xmit include/linux/netdevice.h:4881 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4895 [inline]\nxmit_one net/core/dev.c:3580 [inline]\ndev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596\n__dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246\ndev_queue_xmit include/linux/netdevice.h:3051 [inline]\nneigh_direct_output+0x17/0x20 net/core/neighbour.c:1623\nneigh_output include/net/neighbour.h:546 [inline]\nip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228\nip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316\nNF_HOOK_COND include/linux/netfilter.h:291 [inline]\nip_output+0xe5/0x1b0 net/ipv4/ip_output.c:430\ndst_output include/net/dst.h:444 [inline]\nip_local_out+0x64/0x80 net/ipv4/ip_output.c:126\niptunnel_xmit+0x34a/0x4b0 net/ipv4/ip_tunnel_core.c:82\nip_tunnel_xmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813\n__gre_xmit net/ipv4/ip_gre.c:469 [inline]\nipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661\n__netdev_start_xmit include/linux/netdevice.h:4881 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4895 [inline]\nxmit_one net/core/dev.c:3580 [inline]\ndev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596\n__dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246\ndev_queue_xmit include/linux/netdevice.h:3051 [inline]\nneigh_direct_output+0x17/0x20 net/core/neighbour.c:1623\nneigh_output include/net/neighbour.h:546 [inline]\nip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228\nip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316\nNF_HOOK_COND include/linux/netfilter.h:291 [inline]\nip_output+0xe5/0x1b0 net/ipv4/ip_output.c:430\ndst_output include/net/dst.h:444 [inline]\nip_local_out+0x64/0x80 net/ipv4/ip_output.c:126\niptunnel_xmit+0x34a/0x4b0 net/ipv4/ip_tunnel_core.c:82\nip_tunnel_xmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813\n__gre_xmit net/ipv4/ip_gre.c:469 [inline]\nipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661\n__netdev_start_xmit include/linux/netdevice.h:4881 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4895 [inline]\nxmit_one net/core/dev.c:3580 [inline]\ndev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596\n__dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246\ndev_queue_xmit include/linux/netdevice.h:3051 [inline]\nneigh_direct_output+0x17/0x20 net/core/neighbour.c:1623\nneigh_output include/net/neighbour.h:546 [inline]\nip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228\nip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316\nNF_HOOK_COND include/linux/netfilter.h:291 [inline]\nip_output+0xe5/0x1b0 net/i\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: tunnels: annotate, los accesos sin bloqueo a los t\u00faneles IP dev->needed_headroom aparentemente pueden actualizar dev->needed_headroom en su ruta de transmisi\u00f3n. Este parche soluciona la transmisi\u00f3n de tres t\u00faneles y tambi\u00e9n los ayudantes principales LL_RESERVED_SPACE() y LL_RESERVED_SPACE_EXTRA(). Es posible que se requieran m\u00e1s cambios para completar la soluci\u00f3n. ERROR: KCSAN: ejecuci\u00f3n de datos en ip_tunnel_xmit / ip_tunnel_xmit le\u00eddo a 0xffff88815b9da0ec de 2 bytes por la tarea 888 en la CPU 1: ip_tunnel_xmit+0x1270/0x1730 net/ipv4/ip_tunnel.c:803 __gre_xmit net/ipv4/ip_gre.c:469 [inline] ipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661 __netdev_start_xmit include/linux/netdevice.h:4881 [inline] netdev_start_xmit include/linux/netdevice.h:4895 [inline] xmit_one net/core/dev.c:3580 [inline] dev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596 __dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246 dev_queue_xmit include/linux/netdevice.h:3051 [inline] neigh_direct_output+0x17/0x20 net/core/neighbour.c:1623 neigh_output include/net/neighbour.h:546 [inline] ip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228 ip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316 NF_HOOK_COND include/linux/netfilter.h:291 [inline] ip_output+0xe5/0x1b0 net/ipv4/ip_output.c:430 dst_output include/net/dst.h:444 [inline] ip_local_out+0x64/0x80 net/ipv4/ip_output.c:126 iptunnel_xmit+0x34a/0x4b0 net/ipv4/ip_tunnel_core.c:82 ip_tunnel_xmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813 __gre_xmit net/ipv4/ip_gre.c:469 [inline] ipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661 __netdev_start_xmit include/linux/netdevice.h:4881 [inline] netdev_start_xmit include/linux/netdevice.h:4895 [inline] xmit_one net/core/dev.c:3580 [inline] dev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596 __dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246 dev_queue_xmit include/linux/netdevice.h:3051 [inline] neigh_direct_output+0x17/0x20 net/core/neighbour.c:1623 neigh_output include/net/neighbour.h:546 [inline] ip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228 ip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316 NF_HOOK_COND include/linux/netfilter.h:291 [inline] ip_output+0xe5/0x1b0 net/ipv4/ip_output.c:430 dst_output include/net/dst.h:444 [inline] ip_local_out+0x64/0x80 net/ipv4/ip_output.c:126 iptunnel_xmit+0x34a/0x4b0 net/ipv4/ip_tunnel_core.c:82 ip_tunnel_xmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813 __gre_xmit net/ipv4/ip_gre.c:469 [inline] ipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661 __netdev_start_xmit include/linux/netdevice.h:4881 [inline] netdev_start_xmit include/linux/netdevice.h:4895 [inline] xmit_one net/core/dev.c:3580 [inline] dev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596 __dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246 dev_queue_xmit include/linux/netdevice.h:3051 [inline] neigh_direct_output+0x17/0x20 net/core/neighbour.c:1623 neigh_output include/net/neighbour.h:546 [inline] ip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228 ip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316 NF_HOOK_COND include/linux/netfilter.h:291 [inline] ip_output+0xe5/0x1b0 net/ipv4/ip_output.c:430 dst_output include/net/dst.h:444 [inline] ip_local_out+0x64/0x80 net/ipv4/ip_output.c:126 iptunnel_xmit+0x34a/0x4b0 net/ipv4/ip_tunnel_core.c:82 ip_tunnel_xmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813 __gre_xmit net/ipv4/ip_gre.c:469 [inline] ipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661 __netdev_start_xmit include/linux/netdevice.h:4881 [inline] netdev_start_xmit include/linux/netdevice.h:4895 [inline] xmit_one net/core/dev.c:3580 [inline] dev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596 __dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246 dev_queue_xmit include/linux/netdevice.h:3051 [inline] neigh_direct_output+0x17/0x20 net/core/neighbour.c:1623 neigh_output include/net/neighbour.h:546 [inline] ip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228 ip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316 NF_HOOK_COND include/linux/netfilter.h:291 [inline] ip_output+0xe5/0x1b0 net/i ---truncado---" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53110.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53110.json index 9346776a6db..2b1b7bd6077 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53110.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53110.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53110", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:29.930", - "lastModified": "2025-05-02T16:15:29.930", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler()\n\nWhen performing a stress test on SMC-R by rmmod mlx5_ib driver\nduring the wrk/nginx test, we found that there is a probability\nof triggering a panic while terminating all link groups.\n\nThis issue dues to the race between smc_smcr_terminate_all()\nand smc_buf_create().\n\n\t\t\tsmc_smcr_terminate_all\n\nsmc_buf_create\n/* init */\nconn->sndbuf_desc = NULL;\n...\n\n\t\t\t__smc_lgr_terminate\n\t\t\t\tsmc_conn_kill\n\t\t\t\t\tsmc_close_abort\n\t\t\t\t\t\tsmc_cdc_get_slot_and_msg_send\n\n\t\t\t__softirqentry_text_start\n\t\t\t\tsmc_wr_tx_process_cqe\n\t\t\t\t\tsmc_cdc_tx_handler\n\t\t\t\t\t\tREAD(conn->sndbuf_desc->len);\n\t\t\t\t\t\t/* panic dues to NULL sndbuf_desc */\n\nconn->sndbuf_desc = xxx;\n\nThis patch tries to fix the issue by always to check the sndbuf_desc\nbefore send any cdc msg, to make sure that no null pointer is\nseen during cqe processing." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/smc: correcci\u00f3n de sndbuf_desc NULL en smc_cdc_tx_handler(). Al realizar una prueba de estr\u00e9s en SMC-R con el controlador rmmod mlx5_ib durante la prueba wrk/nginx, se observ\u00f3 la probabilidad de generar un p\u00e1nico al terminar todos los grupos de enlaces. Este problema se debe a la competencia entre smc_smcr_terminate_all() y smc_buf_create(). smc_smcr_terminate_all smc_buf_create /* init */ conn->sndbuf_desc = NULL; ... __smc_lgr_terminate smc_conn_kill smc_close_abort smc_cdc_get_slot_and_msg_send __softirqentry_text_start smc_wr_tx_process_cqe smc_cdc_tx_handler READ(conn->sndbuf_desc->len); /* p\u00e1nico debido a NULL sndbuf_desc */ conn->sndbuf_desc = xxx; Este parche intenta solucionar el problema verificando siempre sndbuf_desc antes de enviar cualquier mensaje de cdc, para asegurarse de que no se vea ning\u00fan puntero nulo durante el procesamiento de cqe." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53111.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53111.json index e8ec9fca31f..f49ad056649 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53111.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53111.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53111", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:30.027", - "lastModified": "2025-05-02T16:15:30.027", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nloop: Fix use-after-free issues\n\ndo_req_filebacked() calls blk_mq_complete_request() synchronously or\nasynchronously when using asynchronous I/O unless memory allocation fails.\nHence, modify loop_handle_cmd() such that it does not dereference 'cmd' nor\n'rq' after do_req_filebacked() finished unless we are sure that the request\nhas not yet been completed. This patch fixes the following kernel crash:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000054\nCall trace:\n css_put.42938+0x1c/0x1ac\n loop_process_work+0xc8c/0xfd4\n loop_rootcg_workfn+0x24/0x34\n process_one_work+0x244/0x558\n worker_thread+0x400/0x8fc\n kthread+0x16c/0x1e0\n ret_from_fork+0x10/0x20" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: loop: Se corrigen los problemas de use after free. do_req_filebacked() llama a blk_mq_complete_request() de forma s\u00edncrona o as\u00edncrona al usar E/S as\u00edncrona, a menos que falle la asignaci\u00f3n de memoria. Por lo tanto, se debe modificar loop_handle_cmd() para que no desreferencia \u00abcmd\u00bb ni \u00abrq\u00bb tras la finalizaci\u00f3n de do_req_filebacked(), a menos que estemos seguros de que la solicitud a\u00fan no se ha completado. Este parche corrige el siguiente fallo del kernel: No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000054 Seguimiento de llamadas: css_put.42938+0x1c/0x1ac loop_process_work+0xc8c/0xfd4 loop_rootcg_workfn+0x24/0x34 process_one_work+0x244/0x558worker_thread+0x400/0x8fckthread+0x16c/0x1e0ret_from_fork+0x10/0x20" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53112.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53112.json index b2801cab438..d4f36e092dc 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53112.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53112.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53112", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:30.140", - "lastModified": "2025-05-02T16:15:30.140", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/sseu: fix max_subslices array-index-out-of-bounds access\n\nIt seems that commit bc3c5e0809ae (\"drm/i915/sseu: Don't try to store EU\nmask internally in UAPI format\") exposed a potential out-of-bounds\naccess, reported by UBSAN as following on a laptop with a gen 11 i915\ncard:\n\n UBSAN: array-index-out-of-bounds in drivers/gpu/drm/i915/gt/intel_sseu.c:65:27\n index 6 is out of range for type 'u16 [6]'\n CPU: 2 PID: 165 Comm: systemd-udevd Not tainted 6.2.0-9-generic #9-Ubuntu\n Hardware name: Dell Inc. XPS 13 9300/077Y9N, BIOS 1.11.0 03/22/2022\n Call Trace:\n \n show_stack+0x4e/0x61\n dump_stack_lvl+0x4a/0x6f\n dump_stack+0x10/0x18\n ubsan_epilogue+0x9/0x3a\n __ubsan_handle_out_of_bounds.cold+0x42/0x47\n gen11_compute_sseu_info+0x121/0x130 [i915]\n intel_sseu_info_init+0x15d/0x2b0 [i915]\n intel_gt_init_mmio+0x23/0x40 [i915]\n i915_driver_mmio_probe+0x129/0x400 [i915]\n ? intel_gt_probe_all+0x91/0x2e0 [i915]\n i915_driver_probe+0xe1/0x3f0 [i915]\n ? drm_privacy_screen_get+0x16d/0x190 [drm]\n ? acpi_dev_found+0x64/0x80\n i915_pci_probe+0xac/0x1b0 [i915]\n ...\n\nAccording to the definition of sseu_dev_info, eu_mask->hsw is limited to\na maximum of GEN_MAX_SS_PER_HSW_SLICE (6) sub-slices, but\ngen11_sseu_info_init() can potentially set 8 sub-slices, in the\n!IS_JSL_EHL(gt->i915) case.\n\nFix this by reserving up to 8 slots for max_subslices in the eu_mask\nstruct.\n\n(cherry picked from commit 3cba09a6ac86ea1d456909626eb2685596c07822)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/i915/sseu: fix max_subslices array-index-out-of-bounds access Parece que el commit bc3c5e0809ae (\"drm/i915/sseu: No intente almacenar la m\u00e1scara EU internamente en formato UAPI\") expuso un posible acceso fuera de los l\u00edmites, informado por UBSAN de la siguiente manera en una computadora port\u00e1til con una tarjeta i915 gen 11: UBSAN: array-index-out-of-bounds en drivers/gpu/drm/i915/gt/intel_sseu.c:65:27 el \u00edndice 6 est\u00e1 fuera de rango para el tipo 'u16 [6]' CPU: 2 PID: 165 Comm: systemd-udevd No contaminado 6.2.0-9-generic #9-Ubuntu Nombre del hardware: Dell Inc. XPS 13 9300/077Y9N, BIOS 1.11.0 22/03/2022 Seguimiento de llamadas: show_stack+0x4e/0x61 dump_stack_lvl+0x4a/0x6f dump_stack+0x10/0x18 ubsan_epilogue+0x9/0x3a __ubsan_handle_out_of_bounds.cold+0x42/0x47 gen11_compute_sseu_info+0x121/0x130 [i915] intel_sseu_info_init+0x15d/0x2b0 [i915] intel_gt_init_mmio+0x23/0x40 [i915] i915_driver_mmio_probe+0x129/0x400 [i915] ? intel_gt_probe_all+0x91/0x2e0 [i915] i915_driver_probe+0xe1/0x3f0 [i915] ? drm_privacy_screen_get+0x16d/0x190 [drm] ? acpi_dev_found+0x64/0x80 i915_pci_probe+0xac/0x1b0 [i915] ... Seg\u00fan la definici\u00f3n de sseu_dev_info, eu_mask->hsw est\u00e1 limitado a un m\u00e1ximo de GEN_MAX_SS_PER_HSW_SLICE (6) subsecciones, pero gen11_sseu_info_init() puede establecer potencialmente 8 subsecciones, en el caso de !IS_JSL_EHL(gt->i915). Para solucionar esto, reserve hasta 8 espacios para max_subslices en la estructura eu_mask. (Seleccionado de la confirmaci\u00f3n 3cba09a6ac86ea1d456909626eb2685596c07822)" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53113.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53113.json index fb5e0b472d8..fa20b279780 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53113.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53113.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53113", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:30.407", - "lastModified": "2025-05-02T16:15:30.407", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: fix NULL-ptr deref in offchan check\n\nIf, e.g. in AP mode, the link was already created by userspace\nbut not activated yet, it has a chandef but the chandef isn't\nvalid and has no channel. Check for this and ignore this link." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: nl80211: se corrige la deref NULL-ptr en la comprobaci\u00f3n offchan. Si, por ejemplo, en modo AP, el enlace ya fue creado por el espacio de usuario, pero a\u00fan no se activ\u00f3, tiene una definici\u00f3n de canal (chandef), pero esta no es v\u00e1lida y no tiene canal. Verifique esto e ignore este enlace." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53114.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53114.json index 42f28f1782f..c7004f115ad 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53114.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53114.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53114", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:30.493", - "lastModified": "2025-05-02T16:15:30.493", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix kernel crash during reboot when adapter is in recovery mode\n\nIf the driver detects during probe that firmware is in recovery\nmode then i40e_init_recovery_mode() is called and the rest of\nprobe function is skipped including pci_set_drvdata(). Subsequent\ni40e_shutdown() called during shutdown/reboot dereferences NULL\npointer as pci_get_drvdata() returns NULL.\n\nTo fix call pci_set_drvdata() also during entering to recovery mode.\n\nReproducer:\n1) Lets have i40e NIC with firmware in recovery mode\n2) Run reboot\n\nResult:\n[ 139.084698] i40e: Intel(R) Ethernet Connection XL710 Network Driver\n[ 139.090959] i40e: Copyright (c) 2013 - 2019 Intel Corporation.\n[ 139.108438] i40e 0000:02:00.0: Firmware recovery mode detected. Limiting functionality.\n[ 139.116439] i40e 0000:02:00.0: Refer to the Intel(R) Ethernet Adapters and Devices User Guide for details on firmware recovery mode.\n[ 139.129499] i40e 0000:02:00.0: fw 8.3.64775 api 1.13 nvm 8.30 0x8000b78d 1.3106.0 [8086:1583] [15d9:084a]\n[ 139.215932] i40e 0000:02:00.0 enp2s0f0: renamed from eth0\n[ 139.223292] i40e 0000:02:00.1: Firmware recovery mode detected. Limiting functionality.\n[ 139.231292] i40e 0000:02:00.1: Refer to the Intel(R) Ethernet Adapters and Devices User Guide for details on firmware recovery mode.\n[ 139.244406] i40e 0000:02:00.1: fw 8.3.64775 api 1.13 nvm 8.30 0x8000b78d 1.3106.0 [8086:1583] [15d9:084a]\n[ 139.329209] i40e 0000:02:00.1 enp2s0f1: renamed from eth0\n...\n[ 156.311376] BUG: kernel NULL pointer dereference, address: 00000000000006c2\n[ 156.318330] #PF: supervisor write access in kernel mode\n[ 156.323546] #PF: error_code(0x0002) - not-present page\n[ 156.328679] PGD 0 P4D 0\n[ 156.331210] Oops: 0002 [#1] PREEMPT SMP NOPTI\n[ 156.335567] CPU: 26 PID: 15119 Comm: reboot Tainted: G E 6.2.0+ #1\n[ 156.343126] Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.4 04/13/2022\n[ 156.353369] RIP: 0010:i40e_shutdown+0x15/0x130 [i40e]\n[ 156.358430] Code: c1 fc ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 55 48 89 fd 53 48 8b 9f 48 01 00 00 80 8b c2 06 00 00 04 f0 80 8b c0 06 00 00 08 48 8d bb 08 08 00\n[ 156.377168] RSP: 0018:ffffb223c8447d90 EFLAGS: 00010282\n[ 156.382384] RAX: ffffffffc073ee70 RBX: 0000000000000000 RCX: 0000000000000001\n[ 156.389510] RDX: 0000000080000001 RSI: 0000000000000246 RDI: ffff95db49988000\n[ 156.396634] RBP: ffff95db49988000 R08: ffffffffffffffff R09: ffffffff8bd17d40\n[ 156.403759] R10: 0000000000000001 R11: ffffffff8a5e3d28 R12: ffff95db49988000\n[ 156.410882] R13: ffffffff89a6fe17 R14: ffff95db49988150 R15: 0000000000000000\n[ 156.418007] FS: 00007fe7c0cc3980(0000) GS:ffff95ea8ee80000(0000) knlGS:0000000000000000\n[ 156.426083] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 156.431819] CR2: 00000000000006c2 CR3: 00000003092fc005 CR4: 0000000000770ee0\n[ 156.438944] PKRU: 55555554\n[ 156.441647] Call Trace:\n[ 156.444096] \n[ 156.446199] pci_device_shutdown+0x38/0x60\n[ 156.450297] device_shutdown+0x163/0x210\n[ 156.454215] kernel_restart+0x12/0x70\n[ 156.457872] __do_sys_reboot+0x1ab/0x230\n[ 156.461789] ? vfs_writev+0xa6/0x1a0\n[ 156.465362] ? __pfx_file_free_rcu+0x10/0x10\n[ 156.469635] ? __call_rcu_common.constprop.85+0x109/0x5a0\n[ 156.475034] do_syscall_64+0x3e/0x90\n[ 156.478611] entry_SYSCALL_64_after_hwframe+0x72/0xdc\n[ 156.483658] RIP: 0033:0x7fe7bff37ab7" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i40e: Se soluciona el fallo del kernel durante el reinicio cuando el adaptador est\u00e1 en modo de recuperaci\u00f3n Si el controlador detecta durante el sondeo que el firmware est\u00e1 en modo de recuperaci\u00f3n, se llama a i40e_init_recovery_mode() y se omite el resto de la funci\u00f3n del sondeo, incluido pci_set_drvdata(). La llamada posterior a i40e_shutdown() durante el apagado/reinicio desreferencia el puntero NULL, ya que pci_get_drvdata() devuelve NULL. Para solucionarlo, llame tambi\u00e9n a pci_set_drvdata() durante el ingreso al modo de recuperaci\u00f3n. Reproductor: 1) Tengamos la NIC i40e con el firmware en modo de recuperaci\u00f3n 2) Ejecute el reinicio Resultado: [ 139.084698] i40e: Controlador de red Intel(R) Ethernet Connection XL710 [ 139.090959] i40e: Copyright (c) 2013 - 2019 Intel Corporation. [ 139.108438] i40e 0000:02:00.0: Se detect\u00f3 el modo de recuperaci\u00f3n de firmware. Funcionalidad limitada. [ 139.116439] i40e 0000:02:00.0: Consulte la Gu\u00eda del usuario de adaptadores y dispositivos Intel(R) Ethernet para obtener m\u00e1s informaci\u00f3n sobre el modo de recuperaci\u00f3n de firmware. [ 139.129499] i40e 0000:02:00.0: fw 8.3.64775 api 1.13 nvm 8.30 0x8000b78d 1.3106.0 [8086:1583] [15d9:084a] [ 139.215932] i40e 0000:02:00.0 enp2s0f0: renombrado de eth0 [ 139.223292] i40e 0000:02:00.1: Se detect\u00f3 modo de recuperaci\u00f3n de firmware. Funcionalidad limitada. [ 139.231292] i40e 0000:02:00.1: Consulte la Gu\u00eda del usuario de adaptadores y dispositivos Intel(R) Ethernet para obtener m\u00e1s informaci\u00f3n sobre el modo de recuperaci\u00f3n de firmware. [ 139.244406] i40e 0000:02:00.1: fw 8.3.64775 api 1.13 nvm 8.30 0x8000b78d 1.3106.0 [8086:1583] [15d9:084a] [ 139.329209] i40e 0000:02:00.1 enp2s0f1: renombrado de eth0 ... [ 156.311376] ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 00000000000006c2 [ 156.318330] #PF: acceso de escritura del supervisor en modo kernel [ 156.323546] #PF: error_code(0x0002) - no presente p\u00e1gina [ 156.328679] PGD 0 P4D 0 [ 156.331210] Oops: 0002 [#1] PREEMPT SMP NOPTI [ 156.335567] CPU: 26 PID: 15119 Comm: reboot Tainted: GE 6.2.0+ #1 [ 156.343126] Nombre del hardware: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.4 04/13/2022 [ 156.353369] RIP: 0010:i40e_shutdown+0x15/0x130 [i40e] [ 156.358430] Code: c1 fc ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 55 48 89 fd 53 48 8b 9f 48 01 00 00 80 8b c2 06 00 00 04 f0 80 8b c0 06 00 00 08 48 8d bb 08 08 00 [ 156.377168] RSP: 0018:ffffb223c8447d90 EFLAGS: 00010282 [ 156.382384] RAX: ffffffffc073ee70 RBX: 0000000000000000 RCX: 0000000000000001 [ 156.389510] RDX: 0000000080000001 RSI: 0000000000000246 RDI: ffff95db49988000 [ 156.396634] RBP: ffff95db49988000 R08: ffffffffffffffff R09: ffffffff8bd17d40 [ 156.403759] R10: 0000000000000001 R11: ffffffff8a5e3d28 R12: ffff95db49988000 [ 156.410882] R13: ffffffff89a6fe17 R14: ffff95db49988150 R15: 0000000000000000 [ 156.418007] FS: 00007fe7c0cc3980(0000) GS:ffff95ea8ee80000(0000) knlGS:0000000000000000 [ 156.426083] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 156.431819] CR2: 00000000000006c2 CR3: 00000003092fc005 CR4: 0000000000770ee0 [ 156.438944] PKRU: 55555554 [ 156.441647] Call Trace: [ 156.444096] [ 156.446199] pci_device_shutdown+0x38/0x60 [ 156.450297] device_shutdown+0x163/0x210 [ 156.454215] kernel_restart+0x12/0x70 [ 156.457872] __do_sys_reboot+0x1ab/0x230 [ 156.461789] ? vfs_writev+0xa6/0x1a0 [ 156.465362] ? __pfx_file_free_rcu+0x10/0x10 [ 156.469635] ? __call_rcu_common.constprop.85+0x109/0x5a0 [ 156.475034] do_syscall_64+0x3e/0x90 [ 156.478611] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 156.483658] RIP: 0033:0x7fe7bff37ab7 " } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53115.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53115.json index 1af72a4932e..8226e9acabe 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53115.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53115.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53115", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:30.590", - "lastModified": "2025-05-02T16:15:30.590", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix memory leaks in mpi3mr_init_ioc()\n\nDon't allocate memory again when IOC is being reinitialized." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: mpi3mr: corrige fugas de memoria en mpi3mr_init_ioc() No vuelva a asignar memoria cuando se reinicialice IOC." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53116.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53116.json index 87274c0377b..46867d44131 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53116.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53116.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53116", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:30.680", - "lastModified": "2025-05-02T16:15:30.680", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: avoid potential UAF in nvmet_req_complete()\n\nAn nvme target ->queue_response() operation implementation may free the\nrequest passed as argument. Such implementation potentially could result\nin a use after free of the request pointer when percpu_ref_put() is\ncalled in nvmet_req_complete().\n\nAvoid such problem by using a local variable to save the sq pointer\nbefore calling __nvmet_req_complete(), thus avoiding dereferencing the\nreq pointer after that function call." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvmet: evitar posible UAF en nvmet_req_complete(). La implementaci\u00f3n de la operaci\u00f3n nvme target ->queue_response() puede liberar la solicitud pasada como argumento. Esta implementaci\u00f3n podr\u00eda provocar un use after free del puntero de solicitud al llamar a percpu_ref_put() en nvmet_req_complete(). Para evitar este problema, utilice una variable local para guardar el puntero sq antes de llamar a __nvmet_req_complete(), evitando as\u00ed la desreferenciaci\u00f3n del puntero req despu\u00e9s de esa llamada." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53117.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53117.json index 94f3928a3e8..c59a975e34f 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53117.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53117.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53117", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:30.783", - "lastModified": "2025-05-02T16:15:30.783", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: prevent out-of-bounds array speculation when closing a file descriptor\n\nGoogle-Bug-Id: 114199369" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs: evitar la especulaci\u00f3n de matrices fuera de los l\u00edmites al cerrar un descriptor de archivo Google-Bug-Id: 114199369" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53118.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53118.json index e4034e343d1..867bdc31df7 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53118.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53118.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53118", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:30.880", - "lastModified": "2025-05-02T16:15:30.880", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Fix a procfs host directory removal regression\n\nscsi_proc_hostdir_rm() decreases a reference counter and hence must only be\ncalled once per host that is removed. This change does not require a\nscsi_add_host_with_dma() change since scsi_add_host_with_dma() will return\n0 (success) if scsi_proc_host_add() is called." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: core: Se corrige una regresi\u00f3n de eliminaci\u00f3n del directorio del host procfs. scsi_proc_hostdir_rm() disminuye un contador de referencias y, por lo tanto, solo debe llamarse una vez por cada host eliminado. Este cambio no requiere modificar scsi_add_host_with_dma(), ya que scsi_add_host_with_dma() devolver\u00e1 0 (\u00e9xito) si se llama a scsi_proc_host_add()." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53119.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53119.json index 48f6dff3c6c..9ee78a7fa8c 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53119.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53119.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53119", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:30.980", - "lastModified": "2025-05-02T16:15:30.980", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: initialize struct pn533_out_arg properly\n\nstruct pn533_out_arg used as a temporary context for out_urb is not\ninitialized properly. Its uninitialized 'phy' field can be dereferenced in\nerror cases inside pn533_out_complete() callback function. It causes the\nfollowing failure:\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nRIP: 0010:pn533_out_complete.cold+0x15/0x44 drivers/nfc/pn533/usb.c:441\nCall Trace:\n \n __usb_hcd_giveback_urb+0x2b6/0x5c0 drivers/usb/core/hcd.c:1671\n usb_hcd_giveback_urb+0x384/0x430 drivers/usb/core/hcd.c:1754\n dummy_timer+0x1203/0x32d0 drivers/usb/gadget/udc/dummy_hcd.c:1988\n call_timer_fn+0x1da/0x800 kernel/time/timer.c:1700\n expire_timers+0x234/0x330 kernel/time/timer.c:1751\n __run_timers kernel/time/timer.c:2022 [inline]\n __run_timers kernel/time/timer.c:1995 [inline]\n run_timer_softirq+0x326/0x910 kernel/time/timer.c:2035\n __do_softirq+0x1fb/0xaf6 kernel/softirq.c:571\n invoke_softirq kernel/softirq.c:445 [inline]\n __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650\n irq_exit_rcu+0x9/0x20 kernel/softirq.c:662\n sysvec_apic_timer_interrupt+0x97/0xc0 arch/x86/kernel/apic/apic.c:1107\n\nInitialize the field with the pn533_usb_phy currently used.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfc: pn533: inicializar correctamente la estructura pn533_out_arg. La estructura pn533_out_arg, utilizada como contexto temporal para out_urb, no se inicializa correctamente. Su campo \"phy\" no inicializado puede desreferenciarse en casos de error dentro de la funci\u00f3n de devoluci\u00f3n de llamada pn533_out_complete(). Provoca el siguiente error: fallo de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref en el rango [0x0000000000000000-0x0000000000000007] CPU: 1 PID: 0 Comm: swapper/1 No contaminado 6.2.0-rc3-next-20230110-syzkaller #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 26/10/2022 RIP: 0010:pn533_out_complete.cold+0x15/0x44 drivers/nfc/pn533/usb.c:441 Rastreo de llamadas: __usb_hcd_giveback_urb+0x2b6/0x5c0 drivers/usb/core/hcd.c:1671 usb_hcd_giveback_urb+0x384/0x430 drivers/usb/core/hcd.c:1754 dummy_timer+0x1203/0x32d0 drivers/usb/gadget/udc/dummy_hcd.c:1988 call_timer_fn+0x1da/0x800 kernel/time/timer.c:1700 expire_timers+0x234/0x330 kernel/time/timer.c:1751 __run_timers kernel/time/timer.c:2022 [inline] __run_timers kernel/time/timer.c:1995 [inline] run_timer_softirq+0x326/0x910 kernel/time/timer.c:2035 __do_softirq+0x1fb/0xaf6 kernel/softirq.c:571 invoke_softirq kernel/softirq.c:445 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 irq_exit_rcu+0x9/0x20 kernel/softirq.c:662 sysvec_apic_timer_interrupt+0x97/0xc0 arch/x86/kernel/apic/apic.c:1107 Inicializa el campo con el pn533_usb_phy utilizado actualmente. Encontrado por el Centro de Verificaci\u00f3n de Linux (linuxtesting.org) con Syzkaller." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53120.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53120.json index 9cb9242bd88..f6f2e11b72f 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53120.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53120.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53120", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:31.083", - "lastModified": "2025-05-02T16:15:31.083", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix config page DMA memory leak\n\nA fix for:\n\nDMA-API: pci 0000:83:00.0: device driver has pending DMA allocations while released from device [count=1]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: mpi3mr: Se corrige la p\u00e9rdida de memoria DMA en la p\u00e1gina de configuraci\u00f3n. Una soluci\u00f3n para: DMA-API: pci 0000:83:00.0: el controlador del dispositivo tiene asignaciones DMA pendientes mientras se libera del dispositivo [count=1]" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53121.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53121.json index 1943e268776..9fb1742faf4 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53121.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53121.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53121", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:31.173", - "lastModified": "2025-05-02T16:15:31.173", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: tcp_make_synack() can be called from process context\n\ntcp_rtx_synack() now could be called in process context as explained in\n0a375c822497 (\"tcp: tcp_rtx_synack() can be called from process\ncontext\").\n\ntcp_rtx_synack() might call tcp_make_synack(), which will touch per-CPU\nvariables with preemption enabled. This causes the following BUG:\n\n BUG: using __this_cpu_add() in preemptible [00000000] code: ThriftIO1/5464\n caller is tcp_make_synack+0x841/0xac0\n Call Trace:\n \n dump_stack_lvl+0x10d/0x1a0\n check_preemption_disabled+0x104/0x110\n tcp_make_synack+0x841/0xac0\n tcp_v6_send_synack+0x5c/0x450\n tcp_rtx_synack+0xeb/0x1f0\n inet_rtx_syn_ack+0x34/0x60\n tcp_check_req+0x3af/0x9e0\n tcp_rcv_state_process+0x59b/0x2030\n tcp_v6_do_rcv+0x5f5/0x700\n release_sock+0x3a/0xf0\n tcp_sendmsg+0x33/0x40\n ____sys_sendmsg+0x2f2/0x490\n __sys_sendmsg+0x184/0x230\n do_syscall_64+0x3d/0x90\n\nAvoid calling __TCP_INC_STATS() with will touch per-cpu variables. Use\nTCP_INC_STATS() which is safe to be called from context switch." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tcp: tcp_make_synack() se puede llamar desde el contexto del proceso. tcp_rtx_synack() ahora se puede llamar en el contexto del proceso como se explica en 0a375c822497 (\"tcp: tcp_rtx_synack() se puede llamar desde el contexto del proceso\"). tcp_rtx_synack() podr\u00eda llamar a tcp_make_synack(), que tocar\u00e1 las variables por CPU con la preempci\u00f3n habilitada. Esto provoca el siguiente ERROR: ERROR: uso de __this_cpu_add() en c\u00f3digo preemptible [00000000]: El llamador de ThriftIO1/5464 es tcp_make_synack+0x841/0xac0 Rastreo de llamadas: dump_stack_lvl+0x10d/0x1a0 check_preemption_disabled+0x104/0x110 tcp_make_synack+0x841/0xac0 tcp_v6_send_synack+0x5c/0x450 tcp_rtx_synack+0xeb/0x1f0 inet_rtx_syn_ack+0x34/0x60 tcp_check_req+0x3af/0x9e0 tcp_rcv_state_process+0x59b/0x2030 tcp_v6_do_rcv+0x5f5/0x700 release_sock+0x3a/0xf0 tcp_sendmsg+0x33/0x40 ____sys_sendmsg+0x2f2/0x490 __sys_sendmsg+0x184/0x230 do_syscall_64+0x3d/0x90 Evite llamar a __TCP_INC_STATS(), ya que afectar\u00e1 las variables por CPU. Use TCP_INC_STATS(), que se puede llamar de forma segura desde un cambio de contexto." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53122.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53122.json index 12be65bc515..b798537b97b 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53122.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53122.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53122", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:31.270", - "lastModified": "2025-05-02T16:15:31.270", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRISC-V: fix taking the text_mutex twice during sifive errata patching\n\nChris pointed out that some bonehead, *cough* me *cough*, added two\nmutex_locks() to the SiFive errata patching. The second was meant to\nhave been a mutex_unlock().\n\nThis results in errors such as\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000030\nOops [#1]\nModules linked in:\nCPU: 0 PID: 0 Comm: swapper Not tainted\n6.2.0-rc1-starlight-00079-g9493e6f3ce02 #229\nHardware name: BeagleV Starlight Beta (DT)\nepc : __schedule+0x42/0x500\n ra : schedule+0x46/0xce\nepc : ffffffff8065957c ra : ffffffff80659a80 sp : ffffffff81203c80\n gp : ffffffff812d50a0 tp : ffffffff8120db40 t0 : ffffffff81203d68\n t1 : 0000000000000001 t2 : 4c45203a76637369 s0 : ffffffff81203cf0\n s1 : ffffffff8120db40 a0 : 0000000000000000 a1 : ffffffff81213958\n a2 : ffffffff81213958 a3 : 0000000000000000 a4 : 0000000000000000\n a5 : ffffffff80a1bd00 a6 : 0000000000000000 a7 : 0000000052464e43\n s2 : ffffffff8120db41 s3 : ffffffff80a1ad00 s4 : 0000000000000000\n s5 : 0000000000000002 s6 : ffffffff81213938 s7 : 0000000000000000\n s8 : 0000000000000000 s9 : 0000000000000001 s10: ffffffff812d7204\n s11: ffffffff80d3c920 t3 : 0000000000000001 t4 : ffffffff812e6dd7\n t5 : ffffffff812e6dd8 t6 : ffffffff81203bb8\nstatus: 0000000200000100 badaddr: 0000000000000030 cause: 000000000000000d\n[] schedule+0x46/0xce\n[] schedule_preempt_disabled+0x16/0x28\n[] __mutex_lock.constprop.0+0x3fe/0x652\n[] __mutex_lock_slowpath+0xe/0x16\n[] mutex_lock+0x42/0x4c\n[] sifive_errata_patch_func+0xf6/0x18c\n[] _apply_alternatives+0x74/0x76\n[] apply_boot_alternatives+0x3c/0xfa\n[] setup_arch+0x60c/0x640\n[] start_kernel+0x8e/0x99c\n---[ end trace 0000000000000000 ]---\n\n[Palmer: pick up Geert's bug report from the thread]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RISC-V: se corrige la toma de text_mutex dos veces durante la correcci\u00f3n de erratas de SiFive. Chris se\u00f1al\u00f3 que un imb\u00e9cil, *ejem* yo *ejem*, a\u00f1adi\u00f3 dos mutex_locks() a la correcci\u00f3n de erratas de SiFive. El segundo deb\u00eda ser un mutex_unlock(). Esto genera errores como No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 0000000000000030 Ups [#1] M\u00f3dulos vinculados: CPU: 0 PID: 0 Comm: swapper No contaminado 6.2.0-rc1-starlight-00079-g9493e6f3ce02 #229 Nombre del hardware: BeagleV Starlight Beta (DT) epc: __schedule+0x42/0x500 ra: schedule+0x46/0xce epc: ffffffff8065957c ra: ffffffff80659a80 sp: ffffffff81203c80 gp: ffffffff812d50a0 tp: ffffffff8120db40 t0: ffffffff81203d68 t1: 0000000000000001 t2: 4c45203a76637369 s0: ffffffff81203cf0 s1: ffffffff8120db40 a0: 0000000000000000 a1: ffffffff81213958 a2: ffffffff81213958 a3: 0000000000000000 a4: 0000000000000000 a5: ffffffff80a1bd00 a6: 0000000000000000 a7: 0000000052464e43 s2: ffffffff8120db41 s3: ffffffff80a1ad00 s4: 0000000000000000 s5: 0000000000000002 s6: ffffffff81213938 s7: 0000000000000000 s8: 0000000000000000 s9: 0000000000000001 s10: ffffffff812d7204 s11: ffffffff80d3c920 t3: 0000000000000001 t4: ffffffff812e6dd7 t5: ffffffff812e6dd8 t6: ffffffff81203bb8 estado: 0000000200000100 direcci\u00f3n incorrecta: 0000000000000030 causa: 000000000000000d [] programaci\u00f3n+0x46/0xce [] programaci\u00f3n_preempt_disabled+0x16/0x28 [] __mutex_lock.constprop.0+0x3fe/0x652 [] __mutex_lock_slowpath+0xe/0x16 [] mutex_lock+0x42/0x4c [] sifive_errata_patch_func+0xf6/0x18c [] _apply_alternatives+0x74/0x76 [] apply_boot_alternatives+0x3c/0xfa [] setup_arch+0x60c/0x640 [] start_kernel+0x8e/0x99c ---[ fin de seguimiento 0000000000000000 ]--- [Palmer: consulta el informe de error de Geert en el hilo]" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53123.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53123.json index bb7697eb0d8..375232040be 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53123.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53123.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53123", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:31.360", - "lastModified": "2025-05-02T16:15:31.360", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: s390: Fix use-after-free of PCI resources with per-function hotplug\n\nOn s390 PCI functions may be hotplugged individually even when they\nbelong to a multi-function device. In particular on an SR-IOV device VFs\nmay be removed and later re-added.\n\nIn commit a50297cf8235 (\"s390/pci: separate zbus creation from\nscanning\") it was missed however that struct pci_bus and struct\nzpci_bus's resource list retained a reference to the PCI functions MMIO\nresources even though those resources are released and freed on\nhot-unplug. These stale resources may subsequently be claimed when the\nPCI function re-appears resulting in use-after-free.\n\nOne idea of fixing this use-after-free in s390 specific code that was\ninvestigated was to simply keep resources around from the moment a PCI\nfunction first appeared until the whole virtual PCI bus created for\na multi-function device disappears. The problem with this however is\nthat due to the requirement of artificial MMIO addreesses (address\ncookies) extra logic is then needed to keep the address cookies\ncompatible on re-plug. At the same time the MMIO resources semantically\nbelong to the PCI function so tying their lifecycle to the function\nseems more logical.\n\nInstead a simpler approach is to remove the resources of an individually\nhot-unplugged PCI function from the PCI bus's resource list while\nkeeping the resources of other PCI functions on the PCI bus untouched.\n\nThis is done by introducing pci_bus_remove_resource() to remove an\nindividual resource. Similarly the resource also needs to be removed\nfrom the struct zpci_bus's resource list. It turns out however, that\nthere is really no need to add the MMIO resources to the struct\nzpci_bus's resource list at all and instead we can simply use the\nzpci_bar_struct's resource pointer directly." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI: s390: Se corrige el problema de use-after-free de recursos PCI con la conexi\u00f3n en caliente por funci\u00f3n. En s390, las funciones PCI pueden conectarse en caliente individualmente, incluso si pertenecen a un dispositivo multifunci\u00f3n. En particular, en un dispositivo SR-IOV, las funciones virtuales (VF) pueden eliminarse y volver a a\u00f1adirse posteriormente. Sin embargo, en el commit a50297cf8235 (\"s390/pci: separar la creaci\u00f3n de zbus del escaneo\") se omiti\u00f3 que la lista de recursos de struct pci_bus y struct zpci_bus conservaba una referencia a los recursos MMIO de las funciones PCI, incluso si estos recursos se liberan al desconectar en caliente. Estos recursos obsoletos pueden reclamarse posteriormente cuando la funci\u00f3n PCI reaparece, lo que resulta en un problema de use-after-free. Una idea para corregir este problema de use-after-free en el c\u00f3digo espec\u00edfico de s390 que se investig\u00f3 fue simplemente mantener los recursos desde el momento en que aparece una funci\u00f3n PCI hasta que desaparece todo el bus PCI virtual creado para un dispositivo multifunci\u00f3n. El problema con esto, sin embargo, es que debido al requisito de direcciones MMIO artificiales (cookies de direcci\u00f3n), se necesita l\u00f3gica adicional para mantener las cookies de direcci\u00f3n compatibles al volver a conectar. Al mismo tiempo, los recursos MMIO pertenecen sem\u00e1nticamente a la funci\u00f3n PCI, por lo que vincular su ciclo de vida a la funci\u00f3n parece m\u00e1s l\u00f3gico. En cambio, un enfoque m\u00e1s simple es eliminar los recursos de una funci\u00f3n PCI individualmente desconectada en caliente de la lista de recursos del bus PCI, mientras que se mantienen intactos los recursos de otras funciones PCI en el bus PCI. Esto se hace introduciendo pci_bus_remove_resource() para eliminar un recurso individual. De manera similar, el recurso tambi\u00e9n debe eliminarse de la lista de recursos de struct zpci_bus. Sin embargo, resulta que realmente no hay necesidad de agregar los recursos MMIO a la lista de recursos de struct zpci_bus en absoluto y, en su lugar, podemos simplemente usar el puntero de recursos de zpci_bar_struct directamente." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53124.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53124.json index a998d82f1fe..b10495de3a4 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53124.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53124.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53124", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:31.453", - "lastModified": "2025-05-02T16:15:31.453", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()\n\nPort is allocated by sas_port_alloc_num() and rphy is allocated by either\nsas_end_device_alloc() or sas_expander_alloc(), all of which may return\nNULL. So we need to check the rphy to avoid possible NULL pointer access.\n\nIf sas_rphy_add() returned with failure, rphy is set to NULL. We would\naccess the rphy in the following lines which would also result NULL pointer\naccess." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: mpt3sas: Se corrige el acceso a puntero nulo en mpt3sas_transport_port_add(). El puerto se asigna mediante sas_port_alloc_num() y el rphy se asigna mediante sas_end_device_alloc() o sas_expander_alloc(), lo que puede devolver un valor nulo. Por lo tanto, es necesario comprobar el rphy para evitar un posible acceso a puntero nulo. Si sas_rphy_add() falla, el rphy se establece en nulo. Acceder\u00edamos al rphy en las siguientes l\u00edneas, lo que tambi\u00e9n resultar\u00eda en un acceso a puntero nulo." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53125.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53125.json index 96c39937140..0a4faf7327c 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53125.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53125.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53125", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:31.547", - "lastModified": "2025-05-02T16:15:31.547", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: smsc75xx: Limit packet length to skb->len\n\nPacket length retrieved from skb data may be larger than\nthe actual socket buffer length (up to 9026 bytes). In such\ncase the cloned skb passed up the network stack will leak\nkernel memory contents." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: usb: smsc75xx: Limitar la longitud del paquete a skb->len. La longitud del paquete recuperada de los datos de skb puede ser mayor que la longitud real del b\u00fafer del socket (hasta 9026 bytes). En tal caso, el skb clonado que se pasa a la pila de red filtrar\u00e1 el contenido de la memoria del kernel." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53126.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53126.json index 0658074db11..c83a2693a4e 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53126.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53126.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53126", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:31.643", - "lastModified": "2025-05-02T16:15:31.643", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix sas_hba.phy memory leak in mpi3mr_remove()\n\nFree mrioc->sas_hba.phy at .remove." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: mpi3mr: corrige la p\u00e9rdida de memoria sas_hba.phy en mpi3mr_remove() Libera mrioc->sas_hba.phy en .remove." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53127.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53127.json index bc7d13bb9a7..467a4944568 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53127.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53127.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53127", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:31.730", - "lastModified": "2025-05-02T16:15:31.730", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix expander node leak in mpi3mr_remove()\n\nAdd a missing resource clean up in .remove." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: mpi3mr: Se corrige la p\u00e9rdida del nodo expansor en mpi3mr_remove(). Se agrega una limpieza de recursos faltantes en .remove." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53128.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53128.json index fc48b13d6e7..621882dd2ff 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53128.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53128.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53128", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:31.820", - "lastModified": "2025-05-02T16:15:31.820", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix throttle_groups memory leak\n\nAdd a missing kfree()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: mpi3mr: Se corrige la p\u00e9rdida de memoria de throttle_groups. Se agrega un kfree() faltante." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53129.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53129.json index 498543a2d59..1f9a2b5cd92 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53129.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53129.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53129", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:31.907", - "lastModified": "2025-05-02T16:15:31.907", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: Fix deadlock during directory rename\n\nAs lockdep properly warns, we should not be locking i_rwsem while having\ntransactions started as the proper lock ordering used by all directory\nhandling operations is i_rwsem -> transaction start. Fix the lock\nordering by moving the locking of the directory earlier in\next4_rename()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: Se corrige el bloqueo al renombrar un directorio. Como advierte lockdep, no se debe bloquear i_rwsem mientras se inician transacciones, ya que el orden de bloqueo correcto para todas las operaciones de gesti\u00f3n de directorios es i_rwsem -> inicio de transacci\u00f3n. Corrija el orden de bloqueo desplazando el bloqueo del directorio hacia una etapa anterior en ext4_rename()." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53130.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53130.json index 6512d4f1c38..67726ac1c86 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53130.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53130.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53130", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:31.997", - "lastModified": "2025-05-02T16:15:31.997", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix wrong mode for blkdev_put() from disk_scan_partitions()\n\nIf disk_scan_partitions() is called with 'FMODE_EXCL',\nblkdev_get_by_dev() will be called without 'FMODE_EXCL', however, follow\nblkdev_put() is still called with 'FMODE_EXCL', which will cause\n'bd_holders' counter to leak.\n\nFix the problem by using the right mode for blkdev_put()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bloque: corregir el modo incorrecto para blkdev_put() desde disk_scan_partitions(). Si se llama a disk_scan_partitions() con 'FMODE_EXCL', blkdev_get_by_dev() se llamar\u00e1 sin 'FMODE_EXCL'. Sin embargo, blkdev_put() se seguir\u00e1 llamando con 'FMODE_EXCL', lo que provocar\u00e1 una fuga del contador 'bd_holders'. Solucione el problema usando el modo correcto para blkdev_put()." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53131.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53131.json index 35d3ece0596..16f24b3ca9d 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53131.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53131.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53131", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:32.087", - "lastModified": "2025-05-02T16:15:32.087", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix a server shutdown leak\n\nFix a race where kthread_stop() may prevent the threadfn from ever getting\ncalled. If that happens the svc_rqst will not be cleaned up." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: SUNRPC: Se corrige una fuga de informaci\u00f3n al apagar el servidor. Se corrige una ejecuci\u00f3n donde kthread_stop() podr\u00eda impedir que se llame a threadfn. Si esto ocurre, svc_rqst no se limpiar\u00e1." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53132.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53132.json index cf90883c91e..86d554f8692 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53132.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53132.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53132", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:32.170", - "lastModified": "2025-05-02T16:15:32.170", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix mpi3mr_hba_port memory leak in mpi3mr_remove()\n\nFree mpi3mr_hba_port at .remove." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: mpi3mr: corrige la p\u00e9rdida de memoria mpi3mr_hba_port en mpi3mr_remove() Libera mpi3mr_hba_port en .remove." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53133.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53133.json index 5fcaa17a164..cb1166a711e 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53133.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53133.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53133", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:32.260", - "lastModified": "2025-05-02T16:15:32.260", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser()\n\nWhen the buffer length of the recvmsg system call is 0, we got the\nflollowing soft lockup problem:\n\nwatchdog: BUG: soft lockup - CPU#3 stuck for 27s! [a.out:6149]\nCPU: 3 PID: 6149 Comm: a.out Kdump: loaded Not tainted 6.2.0+ #30\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:remove_wait_queue+0xb/0xc0\nCode: 5e 41 5f c3 cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 57 <41> 56 41 55 41 54 55 48 89 fd 53 48 89 f3 4c 8d 6b 18 4c 8d 73 20\nRSP: 0018:ffff88811b5978b8 EFLAGS: 00000246\nRAX: 0000000000000000 RBX: ffff88811a7d3780 RCX: ffffffffb7a4d768\nRDX: dffffc0000000000 RSI: ffff88811b597908 RDI: ffff888115408040\nRBP: 1ffff110236b2f1b R08: 0000000000000000 R09: ffff88811a7d37e7\nR10: ffffed10234fa6fc R11: 0000000000000001 R12: ffff88811179b800\nR13: 0000000000000001 R14: ffff88811a7d38a8 R15: ffff88811a7d37e0\nFS: 00007f6fb5398740(0000) GS:ffff888237180000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000000 CR3: 000000010b6ba002 CR4: 0000000000370ee0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n tcp_msg_wait_data+0x279/0x2f0\n tcp_bpf_recvmsg_parser+0x3c6/0x490\n inet_recvmsg+0x280/0x290\n sock_recvmsg+0xfc/0x120\n ____sys_recvmsg+0x160/0x3d0\n ___sys_recvmsg+0xf0/0x180\n __sys_recvmsg+0xea/0x1a0\n do_syscall_64+0x3f/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nThe logic in tcp_bpf_recvmsg_parser is as follows:\n\nmsg_bytes_ready:\n\tcopied = sk_msg_recvmsg(sk, psock, msg, len, flags);\n\tif (!copied) {\n\t\twait data;\n\t\tgoto msg_bytes_ready;\n\t}\n\nIn this case, \"copied\" always is 0, the infinite loop occurs.\n\nAccording to the Linux system call man page, 0 should be returned in this\ncase. Therefore, in tcp_bpf_recvmsg_parser(), if the length is 0, directly\nreturn. Also modify several other functions with the same problem." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf, sockmap: corrige un error de bucle infinito cuando len es 0 en tcp_bpf_recvmsg_parser() Cuando la longitud del b\u00fafer de la llamada del sistema recvmsg es 0, tenemos el siguiente problema de bloqueo suave: watchdog: ERROR: bloqueo suave: \u00a1CPU n.\u00ba 3 bloqueada durante 27 s! [a.out:6149] CPU: 3 PID: 6149 Comm: a.out Kdump: cargado No contaminado 6.2.0+ #30 Nombre del hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 RIP: 0010:remove_wait_queue+0xb/0xc0 C\u00f3digo: 5e 41 5f c3 cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 57 <41> 56 41 55 41 54 55 48 89 fd 53 48 89 f3 4c 8d 6b 18 4c 8d 73 20 RSP: 0018:ffff88811b5978b8 EFLAGS: 00000246 RAX: 000000000000000 RBX: ffff88811a7d3780 RCX: ffffffffb7a4d768 RDX: dffffc0000000000 RSI: ffff88811b597908 RDI: ffff888115408040 RBP: 1ffff110236b2f1b R08: 000000000000000 R09: ffff88811a7d37e7 R10: ffffed10234fa6fc R11: 000000000000001 R12: ffff88811179b800 R13: 0000000000000001 R14: ffff88811a7d38a8 R15: ffff88811a7d37e0 FS: 00007f6fb5398740(0000) GS:ffff888237180000(0000) knlGS:000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000080050033 CR2: 0000000020000000 CR3: 0000000010b6ba002 CR4: 0000000000370ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Rastreo de llamadas: tcp_msg_wait_data+0x279/0x2f0 tcp_bpf_recvmsg_parser+0x3c6/0x490 inet_recvmsg+0x280/0x290 sock_recvmsg+0xfc/0x120 ____sys_recvmsg+0x160/0x3d0 ___sys_recvmsg+0xf0/0x180 __sys_recvmsg+0xea/0x1a0 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc The logic in tcp_bpf_recvmsg_parser is as follows: msg_bytes_ready: copied = sk_msg_recvmsg(sk, psock, msg, len, flags); if (!copied) { wait data; goto msg_bytes_ready; } En este caso, \"copiado\" siempre es 0, se produce el bucle infinito. Seg\u00fan la p\u00e1gina del manual de llamadas del sistema de Linux, en este caso se deber\u00eda devolver 0. Por lo tanto, en tcp_bpf_recvmsg_parser(), si la longitud es 0, se devuelve directamente. Modifique tambi\u00e9n otras funciones con el mismo problema." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53134.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53134.json index 0ce30577db4..cd4cc3637bb 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53134.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53134.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53134", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:32.353", - "lastModified": "2025-05-02T16:15:32.353", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Avoid order-5 memory allocation for TPA data\n\nThe driver needs to keep track of all the possible concurrent TPA (GRO/LRO)\ncompletions on the aggregation ring. On P5 chips, the maximum number\nof concurrent TPA is 256 and the amount of memory we allocate is order-5\non systems using 4K pages. Memory allocation failure has been reported:\n\nNetworkManager: page allocation failure: order:5, mode:0x40dc0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1\nCPU: 15 PID: 2995 Comm: NetworkManager Kdump: loaded Not tainted 5.10.156 #1\nHardware name: Dell Inc. PowerEdge R660/0M1CC5, BIOS 0.2.25 08/12/2022\nCall Trace:\n dump_stack+0x57/0x6e\n warn_alloc.cold.120+0x7b/0xdd\n ? _cond_resched+0x15/0x30\n ? __alloc_pages_direct_compact+0x15f/0x170\n __alloc_pages_slowpath.constprop.108+0xc58/0xc70\n __alloc_pages_nodemask+0x2d0/0x300\n kmalloc_order+0x24/0xe0\n kmalloc_order_trace+0x19/0x80\n bnxt_alloc_mem+0x1150/0x15c0 [bnxt_en]\n ? bnxt_get_func_stat_ctxs+0x13/0x60 [bnxt_en]\n __bnxt_open_nic+0x12e/0x780 [bnxt_en]\n bnxt_open+0x10b/0x240 [bnxt_en]\n __dev_open+0xe9/0x180\n __dev_change_flags+0x1af/0x220\n dev_change_flags+0x21/0x60\n do_setlink+0x35c/0x1100\n\nInstead of allocating this big chunk of memory and dividing it up for the\nconcurrent TPA instances, allocate each small chunk separately for each\nTPA instance. This will reduce it to order-0 allocations." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bnxt_en: Evita la asignaci\u00f3n de memoria de orden 5 para datos TPA. El controlador debe registrar todas las posibles finalizaciones simult\u00e1neas de TPA (GRO/LRO) en el anillo de agregaci\u00f3n. En chips P5, el n\u00famero m\u00e1ximo de TPA simult\u00e1neas es de 256 y la cantidad de memoria que asignamos es de orden 5 en sistemas que utilizan p\u00e1ginas de 4K. Se inform\u00f3 un error de asignaci\u00f3n de memoria: NetworkManager: error de asignaci\u00f3n de p\u00e1gina: orden: 5, modo: 0x40dc0 (GFP_KERNEL | __GFP_COMP | __GFP_ZERO), m\u00e1scara de nodo = (null), conjunto de CPU = /, mems_allowed = 0-1 CPU: 15 PID: 2995 Comm: NetworkManager Kdump: cargado No contaminado 5.10.156 # 1 Nombre del hardware: Dell Inc. PowerEdge R660 / 0M1CC5, BIOS 0.2.25 12/08/2022 Seguimiento de llamadas: dump_stack + 0x57 / 0x6e warn_alloc.cold.120 + 0x7b / 0xdd ? _cond_resched + 0x15 / 0x30 ? __alloc_pages_direct_compact+0x15f/0x170 __alloc_pages_slowpath.constprop.108+0xc58/0xc70 __alloc_pages_nodemask+0x2d0/0x300 kmalloc_order+0x24/0xe0 kmalloc_order_trace+0x19/0x80 bnxt_alloc_mem+0x1150/0x15c0 [bnxt_es] ? bnxt_get_func_stat_ctxs+0x13/0x60 [bnxt_es] __bnxt_open_nic+0x12e/0x780 [bnxt_es] bnxt_open+0x10b/0x240 [bnxt_es] __dev_open+0xe9/0x180 __dev_change_flags+0x1af/0x220 dev_change_flags+0x21/0x60 do_setlink+0x35c/0x1100 En lugar de asignar esta gran cantidad de memoria y dividirla para las instancias de TPA simult\u00e1neas, asigne cada peque\u00f1a cantidad por separado para cada instancia de TPA. Esto reducir\u00e1 las asignaciones a un orden de 0." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53135.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53135.json index 95694f8ed9c..a54e0cfe478 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53135.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53135.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53135", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:32.447", - "lastModified": "2025-05-02T16:15:32.447", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode\n\nWhen CONFIG_FRAME_POINTER is unset, the stack unwinding function\nwalk_stackframe randomly reads the stack and then, when KASAN is enabled,\nit can lead to the following backtrace:\n\n[ 0.000000] ==================================================================\n[ 0.000000] BUG: KASAN: stack-out-of-bounds in walk_stackframe+0xa6/0x11a\n[ 0.000000] Read of size 8 at addr ffffffff81807c40 by task swapper/0\n[ 0.000000]\n[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.2.0-12919-g24203e6db61f #43\n[ 0.000000] Hardware name: riscv-virtio,qemu (DT)\n[ 0.000000] Call Trace:\n[ 0.000000] [] walk_stackframe+0x0/0x11a\n[ 0.000000] [] init_param_lock+0x26/0x2a\n[ 0.000000] [] walk_stackframe+0xa2/0x11a\n[ 0.000000] [] dump_stack_lvl+0x22/0x36\n[ 0.000000] [] print_report+0x198/0x4a8\n[ 0.000000] [] init_param_lock+0x26/0x2a\n[ 0.000000] [] walk_stackframe+0xa2/0x11a\n[ 0.000000] [] kasan_report+0x9a/0xc8\n[ 0.000000] [] walk_stackframe+0xa2/0x11a\n[ 0.000000] [] walk_stackframe+0xa2/0x11a\n[ 0.000000] [] desc_make_final+0x80/0x84\n[ 0.000000] [] stack_trace_save+0x88/0xa6\n[ 0.000000] [] filter_irq_stacks+0x72/0x76\n[ 0.000000] [] devkmsg_read+0x32a/0x32e\n[ 0.000000] [] kasan_save_stack+0x28/0x52\n[ 0.000000] [] desc_make_final+0x7c/0x84\n[ 0.000000] [] stack_trace_save+0x84/0xa6\n[ 0.000000] [] kasan_set_track+0x12/0x20\n[ 0.000000] [] __kasan_slab_alloc+0x58/0x5e\n[ 0.000000] [] __kmem_cache_create+0x21e/0x39a\n[ 0.000000] [] create_boot_cache+0x70/0x9c\n[ 0.000000] [] kmem_cache_init+0x6c/0x11e\n[ 0.000000] [] mm_init+0xd8/0xfe\n[ 0.000000] [] start_kernel+0x190/0x3ca\n[ 0.000000]\n[ 0.000000] The buggy address belongs to stack of task swapper/0\n[ 0.000000] and is located at offset 0 in frame:\n[ 0.000000] stack_trace_save+0x0/0xa6\n[ 0.000000]\n[ 0.000000] This frame has 1 object:\n[ 0.000000] [32, 56) 'c'\n[ 0.000000]\n[ 0.000000] The buggy address belongs to the physical page:\n[ 0.000000] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x81a07\n[ 0.000000] flags: 0x1000(reserved|zone=0)\n[ 0.000000] raw: 0000000000001000 ff600003f1e3d150 ff600003f1e3d150 0000000000000000\n[ 0.000000] raw: 0000000000000000 0000000000000000 00000001ffffffff\n[ 0.000000] page dumped because: kasan: bad access detected\n[ 0.000000]\n[ 0.000000] Memory state around the buggy address:\n[ 0.000000] ffffffff81807b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 0.000000] ffffffff81807b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 0.000000] >ffffffff81807c00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 f3\n[ 0.000000] ^\n[ 0.000000] ffffffff81807c80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00\n[ 0.000000] ffffffff81807d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 0.000000] ==================================================================\n\nFix that by using READ_ONCE_NOCHECK when reading the stack in imprecise\nmode." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: riscv: Usar READ_ONCE_NOCHECK en modo de desenrollado de pila impreciso Cuando no se establece CONFIG_FRAME_POINTER, la funci\u00f3n de desenrollado de pila walk_stackframe lee la pila aleatoriamente y luego, cuando KASAN est\u00e1 habilitado, puede llevar al siguiente backtrace: [ 0.000000] ===================================================================== [ 0.000000] ERROR: KASAN: pila fuera de los l\u00edmites en walk_stackframe+0xa6/0x11a [ 0.000000] Lectura de tama\u00f1o 8 en la direcci\u00f3n ffffffff81807c40 por tarea swapper/0 [ 0.000000] [ 0.000000] CPU: 0 PID: 0 Comm: swapper No contaminado 6.2.0-12919-g24203e6db61f #43 [ 0.000000] Nombre del hardware: riscv-virtio,qemu (DT) [ 0.000000] Rastreo de llamadas: [ 0.000000] [] walk_stackframe+0x0/0x11a [ 0.000000] [] init_param_lock+0x26/0x2a [ 0.000000] [] walk_stackframe+0xa2/0x11a [ 0.000000] [] dump_stack_lvl+0x22/0x36 [ 0.000000] [] print_report+0x198/0x4a8 [ 0.000000] [] init_param_lock+0x26/0x2a [ 0.000000] [] walk_stackframe+0xa2/0x11a [ 0.000000] [] kasan_report+0x9a/0xc8 [ 0.000000] [] walk_stackframe+0xa2/0x11a [ 0.000000] [] walk_stackframe+0xa2/0x11a [ 0.000000] [] desc_make_final+0x80/0x84 [ 0.000000] [] stack_trace_save+0x88/0xa6 [ 0.000000] [] filter_irq_stacks+0x72/0x76 [ 0.000000] [] devkmsg_read+0x32a/0x32e [ 0.000000] [] kasan_save_stack+0x28/0x52 [ 0.000000] [] desc_make_final+0x7c/0x84 [ 0.000000] [] stack_trace_save+0x84/0xa6 [ 0.000000] [] kasan_set_track+0x12/0x20 [ 0.000000] [] __kasan_slab_alloc+0x58/0x5e [ 0.000000] [] __kmem_cache_create+0x21e/0x39a [ 0.000000] [] create_boot_cache+0x70/0x9c [ 0.000000] [] kmem_cache_init+0x6c/0x11e [ 0.000000] [] mm_init+0xd8/0xfe [ 0.000000] [] start_kernel+0x190/0x3ca [ 0.000000] [ 0.000000] The buggy address belongs to stack of task swapper/0 [ 0.000000] and is located at offset 0 in frame: [ 0.000000] stack_trace_save+0x0/0xa6 [ 0.000000] [ 0.000000] This frame has 1 object: [ 0.000000] [32, 56) 'c' [ 0.000000] [ 0.000000] The buggy address belongs to the physical page: [ 0.000000] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x81a07 [ 0.000000] flags: 0x1000(reserved|zone=0) [ 0.000000] raw: 0000000000001000 ff600003f1e3d150 ff600003f1e3d150 0000000000000000 [ 0.000000] raw: 0000000000000000 0000000000000000 00000001ffffffff [ 0.000000] page dumped because: kasan: bad access detected [ 0.000000] [ 0.000000] Memory state around the buggy address: [ 0.000000] ffffffff81807b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 0.000000] ffffffff81807b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 0.000000] >ffffffff81807c00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 f3 [ 0.000000] ^ [ 0.000000] ffffffff81807c80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 0.000000] ffffffff81807d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 0.000000] ================================================================== Solucione esto usando READ_ONCE_NOCHECK al leer la pila en modo impreciso." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53136.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53136.json index 346db4d021b..97ff40da579 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53136.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53136.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53136", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:32.540", - "lastModified": "2025-05-02T16:15:32.540", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: fix struct pid leaks in OOB support\n\nsyzbot reported struct pid leak [1].\n\nIssue is that queue_oob() calls maybe_add_creds() which potentially\nholds a reference on a pid.\n\nBut skb->destructor is not set (either directly or by calling\nunix_scm_to_skb())\n\nThis means that subsequent kfree_skb() or consume_skb() would leak\nthis reference.\n\nIn this fix, I chose to fully support scm even for the OOB message.\n\n[1]\nBUG: memory leak\nunreferenced object 0xffff8881053e7f80 (size 128):\ncomm \"syz-executor242\", pid 5066, jiffies 4294946079 (age 13.220s)\nhex dump (first 32 bytes):\n01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\nbacktrace:\n[] alloc_pid+0x6a/0x560 kernel/pid.c:180\n[] copy_process+0x169f/0x26c0 kernel/fork.c:2285\n[] kernel_clone+0xf7/0x610 kernel/fork.c:2684\n[] __do_sys_clone+0x7c/0xb0 kernel/fork.c:2825\n[] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n[] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80\n[] entry_SYSCALL_64_after_hwframe+0x63/0xcd" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: af_unix: se corrigen fugas de struct pid en la compatibilidad OOB. syzbot report\u00f3 una fuga de struct pid [1]. El problema radica en que queue_oob() llama a perhaps_add_creds(), que potencialmente contiene una referencia a un PID. Sin embargo, skb->destructor no est\u00e1 definido (ni directamente ni mediante la llamada a unix_scm_to_skb()). Esto significa que las posteriores operaciones kfree_skb() o consume_skb() filtrar\u00edan esta referencia. En esta correcci\u00f3n, opt\u00e9 por ofrecer compatibilidad total con scm, incluso para el mensaje OOB. [1] ERROR: p\u00e9rdida de memoria, objeto no referenciado 0xffff8881053e7f80 (tama\u00f1o 128): comunicaci\u00f3n \"syz-executor242\", pid 5066, jiffies 4294946079 (edad 13.220s), volcado hexadecimal (primeros 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] alloc_pid+0x6a/0x560 kernel/pid.c:180 [] copy_process+0x169f/0x26c0 kernel/fork.c:2285 [] kernel_clone+0xf7/0x610 kernel/fork.c:2684 [] __do_sys_clone+0x7c/0xb0 kernel/fork.c:2825 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x63/0xcd " } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53137.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53137.json index 46c504e0378..e8cdc6e486b 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53137.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53137.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53137", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:32.633", - "lastModified": "2025-05-02T16:15:32.633", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: Fix possible corruption when moving a directory\n\nWhen we are renaming a directory to a different directory, we need to\nupdate '..' entry in the moved directory. However nothing prevents moved\ndirectory from being modified and even converted from the inline format\nto the normal format. When such race happens the rename code gets\nconfused and we crash. Fix the problem by locking the moved directory." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: Se corrige la posible corrupci\u00f3n al mover un directorio. Al renombrar un directorio, es necesario actualizar la entrada \"..\" en el directorio movido. Sin embargo, nada impide que el directorio movido se modifique e incluso se convierta del formato en l\u00ednea al formato normal. Cuando esto ocurre, el c\u00f3digo de renombrado se confunde y se produce un fallo. Solucione el problema bloqueando el directorio movido." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53138.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53138.json index 8f1cbc9849a..72d44c4599a 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53138.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53138.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53138", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:32.720", - "lastModified": "2025-05-02T16:15:32.720", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: caif: Fix use-after-free in cfusbl_device_notify()\n\nsyzbot reported use-after-free in cfusbl_device_notify() [1]. This\ncauses a stack trace like below:\n\nBUG: KASAN: use-after-free in cfusbl_device_notify+0x7c9/0x870 net/caif/caif_usb.c:138\nRead of size 8 at addr ffff88807ac4e6f0 by task kworker/u4:6/1214\n\nCPU: 0 PID: 1214 Comm: kworker/u4:6 Not tainted 5.19.0-rc3-syzkaller-00146-g92f20ff72066 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nWorkqueue: netns cleanup_net\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description.constprop.0.cold+0xeb/0x467 mm/kasan/report.c:313\n print_report mm/kasan/report.c:429 [inline]\n kasan_report.cold+0xf4/0x1c6 mm/kasan/report.c:491\n cfusbl_device_notify+0x7c9/0x870 net/caif/caif_usb.c:138\n notifier_call_chain+0xb5/0x200 kernel/notifier.c:87\n call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:1945\n call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]\n call_netdevice_notifiers net/core/dev.c:1997 [inline]\n netdev_wait_allrefs_any net/core/dev.c:10227 [inline]\n netdev_run_todo+0xbc0/0x10f0 net/core/dev.c:10341\n default_device_exit_batch+0x44e/0x590 net/core/dev.c:11334\n ops_exit_list+0x125/0x170 net/core/net_namespace.c:167\n cleanup_net+0x4ea/0xb00 net/core/net_namespace.c:594\n process_one_work+0x996/0x1610 kernel/workqueue.c:2289\n worker_thread+0x665/0x1080 kernel/workqueue.c:2436\n kthread+0x2e9/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302\n \n\nWhen unregistering a net device, unregister_netdevice_many_notify()\nsets the device's reg_state to NETREG_UNREGISTERING, calls notifiers\nwith NETDEV_UNREGISTER, and adds the device to the todo list.\n\nLater on, devices in the todo list are processed by netdev_run_todo().\nnetdev_run_todo() waits devices' reference count become 1 while\nrebdoadcasting NETDEV_UNREGISTER notification.\n\nWhen cfusbl_device_notify() is called with NETDEV_UNREGISTER multiple\ntimes, the parent device might be freed. This could cause UAF.\nProcessing NETDEV_UNREGISTER multiple times also causes inbalance of\nreference count for the module.\n\nThis patch fixes the issue by accepting only first NETDEV_UNREGISTER\nnotification." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: caif: Se corrige el use-after-free en cfusbl_device_notify() syzbot inform\u00f3 el use-after-free en cfusbl_device_notify() [1]. Esto provoca un seguimiento de pila como el siguiente: ERROR: KASAN: use-after-free en cfusbl_device_notify+0x7c9/0x870 net/caif/caif_usb.c:138 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff88807ac4e6f0 por la tarea kworker/u4:6/1214 CPU: 0 PID: 1214 Comm: kworker/u4:6 No contaminado 5.19.0-rc3-syzkaller-00146-g92f20ff72066 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Cola de trabajo: netns cleanup_net Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description.constprop.0.cold+0xeb/0x467 mm/kasan/report.c:313 print_report mm/kasan/report.c:429 [inline] kasan_report.cold+0xf4/0x1c6 mm/kasan/report.c:491 cfusbl_device_notify+0x7c9/0x870 net/caif/caif_usb.c:138 notifier_call_chain+0xb5/0x200 kernel/notifier.c:87 call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:1945 call_netdevice_notifiers_extack net/core/dev.c:1983 [inline] call_netdevice_notifiers net/core/dev.c:1997 [inline] netdev_wait_allrefs_any net/core/dev.c:10227 [inline] netdev_run_todo+0xbc0/0x10f0 net/core/dev.c:10341 default_device_exit_batch+0x44e/0x590 net/core/dev.c:11334 ops_exit_list+0x125/0x170 net/core/net_namespace.c:167 cleanup_net+0x4ea/0xb00 net/core/net_namespace.c:594 process_one_work+0x996/0x1610 kernel/workqueue.c:2289 worker_thread+0x665/0x1080 kernel/workqueue.c:2436 kthread+0x2e9/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302 Al anular el registro de un dispositivo de red, unregister_netdevice_many_notify() establece el estado del dispositivo en NETREG_UNREGISTERING, llama a los notificadores con NETDEV_UNREGISTER y a\u00f1ade el dispositivo a la lista de tareas pendientes. Posteriormente, netdev_run_todo() procesa los dispositivos de la lista de tareas pendientes. netdev_run_todo() espera a que el recuento de referencias de los dispositivos llegue a 1 mientras retransmite la notificaci\u00f3n NETDEV_UNREGISTER. Si se llama a cfusbl_device_notify() con NETDEV_UNREGISTER varias veces, el dispositivo principal podr\u00eda liberarse. Esto podr\u00eda causar un UAF. Procesar NETDEV_UNREGISTER varias veces tambi\u00e9n provoca un desequilibrio en el recuento de referencias del m\u00f3dulo. Este parche soluciona el problema aceptando solo la primera notificaci\u00f3n NETDEV_UNREGISTER." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53139.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53139.json index 01cf7aacc5b..587af4c9b6f 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53139.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53139.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53139", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:32.817", - "lastModified": "2025-05-02T16:15:32.817", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties\n\ndevm_kmalloc_array may fails, *fw_vsc_cfg might be null and cause\nout-of-bounds write in device_property_read_u8_array later." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfc: fdp: agregar comprobaci\u00f3n nula de devm_kmalloc_array en fdp_nci_i2c_read_device_properties devm_kmalloc_array puede fallar, *fw_vsc_cfg puede ser nulo y provocar una escritura fuera de los l\u00edmites en device_property_read_u8_array m\u00e1s adelante." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53140.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53140.json index f48a0b2e89d..a240a6e2380 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53140.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53140.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53140", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:32.920", - "lastModified": "2025-05-02T16:15:32.920", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Remove the /proc/scsi/${proc_name} directory earlier\n\nRemove the /proc/scsi/${proc_name} directory earlier to fix a race\ncondition between unloading and reloading kernel modules. This fixes a bug\nintroduced in 2009 by commit 77c019768f06 (\"[SCSI] fix /proc memory leak in\nthe SCSI core\").\n\nFix the following kernel warning:\n\nproc_dir_entry 'scsi/scsi_debug' already registered\nWARNING: CPU: 19 PID: 27986 at fs/proc/generic.c:376 proc_register+0x27d/0x2e0\nCall Trace:\n proc_mkdir+0xb5/0xe0\n scsi_proc_hostdir_add+0xb5/0x170\n scsi_host_alloc+0x683/0x6c0\n sdebug_driver_probe+0x6b/0x2d0 [scsi_debug]\n really_probe+0x159/0x540\n __driver_probe_device+0xdc/0x230\n driver_probe_device+0x4f/0x120\n __device_attach_driver+0xef/0x180\n bus_for_each_drv+0xe5/0x130\n __device_attach+0x127/0x290\n device_initial_probe+0x17/0x20\n bus_probe_device+0x110/0x130\n device_add+0x673/0xc80\n device_register+0x1e/0x30\n sdebug_add_host_helper+0x1a7/0x3b0 [scsi_debug]\n scsi_debug_init+0x64f/0x1000 [scsi_debug]\n do_one_initcall+0xd7/0x470\n do_init_module+0xe7/0x330\n load_module+0x122a/0x12c0\n __do_sys_finit_module+0x124/0x1a0\n __x64_sys_finit_module+0x46/0x50\n do_syscall_64+0x38/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: core: Eliminar el directorio /proc/scsi/${proc_name} antes. Eliminar el directorio /proc/scsi/${proc_name} antes para corregir una condici\u00f3n de ejecuci\u00f3n entre la descarga y la recarga de m\u00f3dulos del kernel. Esto corrige un error introducido en 2009 por el commit 77c019768f06 (\"[SCSI] corregir fuga de memoria de /proc en el n\u00facleo SCSI\"). Corrija la siguiente advertencia del kernel: proc_dir_entry 'scsi/scsi_debug' ya est\u00e1 registrado ADVERTENCIA: CPU: 19 PID: 27986 en fs/proc/generic.c:376 proc_register+0x27d/0x2e0 Seguimiento de llamadas: proc_mkdir+0xb5/0xe0 scsi_proc_hostdir_add+0xb5/0x170 scsi_host_alloc+0x683/0x6c0 sdebug_driver_probe+0x6b/0x2d0 [scsi_debug] really_probe+0x159/0x540 __driver_probe_device+0xdc/0x230 driver_probe_device+0x4f/0x120 __device_attach_driver+0xef/0x180 bus_for_each_drv+0xe5/0x130 __device_attach+0x127/0x290 device_initial_probe+0x17/0x20 bus_probe_device+0x110/0x130 device_add+0x673/0xc80 device_register+0x1e/0x30 sdebug_add_host_helper+0x1a7/0x3b0 [scsi_debug] scsi_debug_init+0x64f/0x1000 [scsi_debug] do_one_initcall+0xd7/0x470 do_init_module+0xe7/0x330 load_module+0x122a/0x12c0 __do_sys_finit_module+0x124/0x1a0 __x64_sys_finit_module+0x46/0x50 do_syscall_64+0x38/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 " } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53141.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53141.json index 48791d66394..70de0f94a3a 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53141.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53141.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53141", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:33.023", - "lastModified": "2025-05-02T16:15:33.023", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping()\n\nila_xlat_nl_cmd_get_mapping() generates an empty skb,\ntriggerring a recent sanity check [1].\n\nInstead, return an error code, so that user space\ncan get it.\n\n[1]\nskb_assert_len\nWARNING: CPU: 0 PID: 5923 at include/linux/skbuff.h:2527 skb_assert_len include/linux/skbuff.h:2527 [inline]\nWARNING: CPU: 0 PID: 5923 at include/linux/skbuff.h:2527 __dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156\nModules linked in:\nCPU: 0 PID: 5923 Comm: syz-executor269 Not tainted 6.2.0-syzkaller-18300-g2ebd1fbb946d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : skb_assert_len include/linux/skbuff.h:2527 [inline]\npc : __dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156\nlr : skb_assert_len include/linux/skbuff.h:2527 [inline]\nlr : __dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156\nsp : ffff80001e0d6c40\nx29: ffff80001e0d6e60 x28: dfff800000000000 x27: ffff0000c86328c0\nx26: dfff800000000000 x25: ffff0000c8632990 x24: ffff0000c8632a00\nx23: 0000000000000000 x22: 1fffe000190c6542 x21: ffff0000c8632a10\nx20: ffff0000c8632a00 x19: ffff80001856e000 x18: ffff80001e0d5fc0\nx17: 0000000000000000 x16: ffff80001235d16c x15: 0000000000000000\nx14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001\nx11: ff80800008353a30 x10: 0000000000000000 x9 : 21567eaf25bfb600\nx8 : 21567eaf25bfb600 x7 : 0000000000000001 x6 : 0000000000000001\nx5 : ffff80001e0d6558 x4 : ffff800015c74760 x3 : ffff800008596744\nx2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000000e\nCall trace:\nskb_assert_len include/linux/skbuff.h:2527 [inline]\n__dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156\ndev_queue_xmit include/linux/netdevice.h:3033 [inline]\n__netlink_deliver_tap_skb net/netlink/af_netlink.c:307 [inline]\n__netlink_deliver_tap+0x45c/0x6f8 net/netlink/af_netlink.c:325\nnetlink_deliver_tap+0xf4/0x174 net/netlink/af_netlink.c:338\n__netlink_sendskb net/netlink/af_netlink.c:1283 [inline]\nnetlink_sendskb+0x6c/0x154 net/netlink/af_netlink.c:1292\nnetlink_unicast+0x334/0x8d4 net/netlink/af_netlink.c:1380\nnlmsg_unicast include/net/netlink.h:1099 [inline]\ngenlmsg_unicast include/net/genetlink.h:433 [inline]\ngenlmsg_reply include/net/genetlink.h:443 [inline]\nila_xlat_nl_cmd_get_mapping+0x620/0x7d0 net/ipv6/ila/ila_xlat.c:493\ngenl_family_rcv_msg_doit net/netlink/genetlink.c:968 [inline]\ngenl_family_rcv_msg net/netlink/genetlink.c:1048 [inline]\ngenl_rcv_msg+0x938/0xc1c net/netlink/genetlink.c:1065\nnetlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2574\ngenl_rcv+0x38/0x50 net/netlink/genetlink.c:1076\nnetlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]\nnetlink_unicast+0x660/0x8d4 net/netlink/af_netlink.c:1365\nnetlink_sendmsg+0x800/0xae0 net/netlink/af_netlink.c:1942\nsock_sendmsg_nosec net/socket.c:714 [inline]\nsock_sendmsg net/socket.c:734 [inline]\n____sys_sendmsg+0x558/0x844 net/socket.c:2479\n___sys_sendmsg net/socket.c:2533 [inline]\n__sys_sendmsg+0x26c/0x33c net/socket.c:2562\n__do_sys_sendmsg net/socket.c:2571 [inline]\n__se_sys_sendmsg net/socket.c:2569 [inline]\n__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2569\n__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]\ninvoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52\nel0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142\ndo_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:193\nel0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637\nel0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655\nel0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591\nirq event stamp: 136484\nhardirqs last enabled at (136483): [] __up_console_sem+0x60/0xb4 kernel/printk/printk.c:345\nhardirqs last disabled at (136484): [] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405\nsoftirqs last enabled at (136418): [] softirq_ha\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ila: no generar mensajes vac\u00edos en ila_xlat_nl_cmd_get_mapping(). ila_xlat_nl_cmd_get_mapping() genera un skb vac\u00edo, lo que activa una comprobaci\u00f3n de integridad reciente [1]. En su lugar, devuelve un c\u00f3digo de error para que el espacio de usuario pueda obtenerlo. [1] skb_assert_len ADVERTENCIA: CPU: 0 PID: 5923 en include/linux/skbuff.h:2527 skb_assert_len include/linux/skbuff.h:2527 [en l\u00ednea] ADVERTENCIA: CPU: 0 PID: 5923 en include/linux/skbuff.h:2527 __dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156 M\u00f3dulos vinculados: CPU: 0 PID: 5923 Comm: syz-executor269 No contaminado 6.2.0-syzkaller-18300-g2ebd1fbb946d #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 21/01/2023 pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : skb_assert_len include/linux/skbuff.h:2527 [en l\u00ednea] pc : __dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156 lr : skb_assert_len include/linux/skbuff.h:2527 [en l\u00ednea] lr : __dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156 sp : ffff80001e0d6c40 x29: ffff80001e0d6e60 x28: dfff800000000000 x27: ffff0000c86328c0 x26: dfff800000000000 x25: ffff0000c8632990 x24: ffff0000c8632a00 x23: 0000000000000000 x22: 1fffe000190c6542 x21: ffff0000c8632a10 x20: ffff0000c8632a00 x19: ffff80001856e000 x18: ffff80001e0d5fc0 x17: 000000000000000 x16: ffff80001235d16c x15: 000000000000000 x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001 x11: ff80800008353a30 x10: 0000000000000000 x9: 21567eaf25bfb600 x8: 21567eaf25bfb600 x7: 000000000000001 x6: 000000000000001 x5: ffff80001e0d6558 x4: ffff800015c74760 x3: ffff800008596744 x2: 0000000000000001 x1 : 0000000100000000 x0 : 000000000000000e Rastreo de llamadas: skb_assert_len include/linux/skbuff.h:2527 [en l\u00ednea] __dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156 dev_queue_xmit include/linux/netdevice.h:3033 [en l\u00ednea] __netlink_deliver_tap_skb net/netlink/af_netlink.c:307 [en l\u00ednea] __netlink_deliver_tap+0x45c/0x6f8 net/netlink/af_netlink.c:325 netlink_deliver_tap+0xf4/0x174 net/netlink/af_netlink.c:338 __netlink_sendskb net/netlink/af_netlink.c:1283 [en l\u00ednea] netlink_sendskb+0x6c/0x154 net/netlink/af_netlink.c:1292 netlink_unicast+0x334/0x8d4 net/netlink/af_netlink.c:1380 nlmsg_unicast include/net/netlink.h:1099 [en l\u00ednea] genlmsg_unicast include/net/genetlink.h:433 [en l\u00ednea] genlmsg_reply include/net/genetlink.h:443 [en l\u00ednea] ila_xlat_nl_cmd_get_mapping+0x620/0x7d0 net/ipv6/ila/ila_xlat.c:493 genl_family_rcv_msg_doit net/netlink/genetlink.c:968 [en l\u00ednea] genl_family_rcv_msg net/netlink/genetlink.c:1048 [en l\u00ednea] genl_rcv_msg+0x938/0xc1c net/netlink/genetlink.c:1065 netlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2574 genl_rcv+0x38/0x50 net/netlink/genetlink.c:1076 netlink_unicast_kernel net/netlink/af_netlink.c:1339 [en l\u00ednea] netlink_unicast+0x660/0x8d4 net/netlink/af_netlink.c:1365 netlink_sendmsg+0x800/0xae0 net/netlink/af_netlink.c:1942 sock_sendmsg_nosec net/socket.c:714 [en l\u00ednea] sock_sendmsg net/socket.c:734 [en l\u00ednea] ____sys_sendmsg+0x558/0x844 net/socket.c:2479 ___sys_sendmsg net/socket.c:2533 [en l\u00ednea] __sys_sendmsg+0x26c/0x33c net/socket.c:2562 __do_sys_sendmsg net/socket.c:2571 [en l\u00ednea] __se_sys_sendmsg net/socket.c:2569 [en l\u00ednea] __arm64_sys_sendmsg+0x80/0x94 net/socket.c:2569 __invoke_syscall arch/arm64/kernel/syscall.c:38 [en l\u00ednea] invocar_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:193 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591 marca de evento irq: 136484 hardirqs habilitados por \u00faltima vez en (136483): [] __up_console_sem+0x60/0xb4 kernel/printk/printk.c:345 hardirqs deshabilitados por \u00faltima vez en (136484): [] el1_dbg+0x24/0x80 arch/arm6 ---truncado---" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53142.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53142.json index 0ec876939f6..e45821881c0 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53142.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53142.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53142", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:33.137", - "lastModified": "2025-05-02T16:15:33.137", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: copy last block omitted in ice_get_module_eeprom()\n\nice_get_module_eeprom() is broken since commit e9c9692c8a81 (\"ice:\nReimplement module reads used by ethtool\") In this refactor,\nice_get_module_eeprom() reads the eeprom in blocks of size 8.\nBut the condition that should protect the buffer overflow\nignores the last block. The last block always contains zeros.\n\nBug uncovered by ethtool upstream commit 9538f384b535\n(\"netlink: eeprom: Defer page requests to individual parsers\")\nAfter this commit, ethtool reads a block with length = 1;\nto read the SFF-8024 identifier value.\n\nunpatched driver:\n$ ethtool -m enp65s0f0np0 offset 0x90 length 8\nOffset Values\n------ ------\n0x0090: 00 00 00 00 00 00 00 00\n$ ethtool -m enp65s0f0np0 offset 0x90 length 12\nOffset Values\n------ ------\n0x0090: 00 00 01 a0 4d 65 6c 6c 00 00 00 00\n$\n\n$ ethtool -m enp65s0f0np0\nOffset Values\n------ ------\n0x0000: 11 06 06 00 00 00 00 00 00 00 00 00 00 00 00 00\n0x0010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n0x0020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n0x0030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n0x0040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n0x0050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n0x0060: 00 00 00 00 00 00 00 00 00 00 00 00 00 01 08 00\n0x0070: 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n\npatched driver:\n$ ethtool -m enp65s0f0np0 offset 0x90 length 8\nOffset Values\n------ ------\n0x0090: 00 00 01 a0 4d 65 6c 6c\n$ ethtool -m enp65s0f0np0 offset 0x90 length 12\nOffset Values\n------ ------\n0x0090: 00 00 01 a0 4d 65 6c 6c 61 6e 6f 78\n$ ethtool -m enp65s0f0np0\n Identifier : 0x11 (QSFP28)\n Extended identifier : 0x00\n Extended identifier description : 1.5W max. Power consumption\n Extended identifier description : No CDR in TX, No CDR in RX\n Extended identifier description : High Power Class (> 3.5 W) not enabled\n Connector : 0x23 (No separable connector)\n Transceiver codes : 0x88 0x00 0x00 0x00 0x00 0x00 0x00 0x00\n Transceiver type : 40G Ethernet: 40G Base-CR4\n Transceiver type : 25G Ethernet: 25G Base-CR CA-N\n Encoding : 0x05 (64B/66B)\n BR, Nominal : 25500Mbps\n Rate identifier : 0x00\n Length (SMF,km) : 0km\n Length (OM3 50um) : 0m\n Length (OM2 50um) : 0m\n Length (OM1 62.5um) : 0m\n Length (Copper or Active cable) : 1m\n Transmitter technology : 0xa0 (Copper cable unequalized)\n Attenuation at 2.5GHz : 4db\n Attenuation at 5.0GHz : 5db\n Attenuation at 7.0GHz : 7db\n Attenuation at 12.9GHz : 10db\n ........\n ...." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: se omite la copia del \u00faltimo bloque en ice_get_module_eeprom(). ice_get_module_eeprom() no funciona desde el commit e9c9692c8a81 (\"ice: Reimplementar las lecturas del m\u00f3dulo utilizadas por ethtool\"). En esta refactorizaci\u00f3n, ice_get_module_eeprom() lee la EEPROM en bloques de tama\u00f1o 8. Sin embargo, la condici\u00f3n que deber\u00eda proteger contra el desbordamiento del b\u00fafer ignora el \u00faltimo bloque. Este \u00faltimo bloque siempre contiene ceros. Error descubierto por el commit upstream de ethtool 9538f384b535 (\"netlink: eeprom: Aplazar las solicitudes de p\u00e1gina a analizadores individuales\"). Despu\u00e9s de esta confirmaci\u00f3n, ethtool lee un bloque con longitud = 1; para leer el valor del identificador SFF-8024. controlador sin parchear: $ ethtool -m enp65s0f0np0 offset 0x90 length 8 Valores de desplazamiento ------ ------ 0x0090: 00 00 00 00 00 00 00 00 $ ethtool -m enp65s0f0np0 offset 0x90 length 12 Valores de desplazamiento ------ ------ 0x0090: 00 00 01 a0 4d 65 6c 6c 00 00 00 00 $ $ ethtool -m enp65s0f0np0 Valores de desplazamiento ------ ------ 0x0000: 11 06 06 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0060: 00 00 00 00 00 00 00 00 00 00 00 00 01 08 00 0x0070: 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 controlador parcheado: $ ethtool -m enp65s0f0np0 offset 0x90 length 8 Valores de desplazamiento ------ ------ 0x0090: 00 00 01 a0 4d 65 6c 6c $ ethtool -m enp65s0f0np0 offset 0x90 length 12 Valores de desplazamiento ------ ------ 0x0090: 00 00 01 a0 4d 65 6c 6c 61 6e 6f 78 $ ethtool -m enp65s0f0np0 Identificador: 0x11 (QSFP28) Identificador extendido: 0x00 Descripci\u00f3n del identificador extendido: 1,5 W m\u00e1x. Consumo de energ\u00eda Descripci\u00f3n extendida del identificador: Sin CDR en TX, Sin CDR en RX Descripci\u00f3n extendida del identificador: Clase de alta potencia (> 3,5 W) no habilitada Conector: 0x23 (sin conector separable) C\u00f3digos del transceptor: 0x88 0x00 0x00 0x00 0x00 0x00 0x00 0x00 Tipo de transceptor: Ethernet de 40 G: Base-CR4 de 40 G Tipo de transceptor: Ethernet de 25 G: Base-CR de 25 G Codificaci\u00f3n CA-N: 0x05 (64B/66B) BR, nominal: 25500 Mbps Identificador de velocidad: 0x00 Longitud (SMF, km): 0 km Longitud (OM3 50 um): 0 m Longitud (OM2 50 um): 0 m Longitud (OM1 62,5 um): 0 m Longitud (cobre o cable activo): 1m Tecnolog\u00eda del transmisor: 0xa0 (cable de cobre sin ecualizar) Atenuaci\u00f3n a 2,5 GHz: 4 db Atenuaci\u00f3n a 5,0 GHz: 5 db Atenuaci\u00f3n a 7,0 GHz: 7 db Atenuaci\u00f3n a 12,9 GHz: 10 db ........ ...." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53143.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53143.json index 1c9b4ef8d30..36fbd07f62e 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53143.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53143.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53143", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:33.240", - "lastModified": "2025-05-02T16:15:33.240", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix another off-by-one fsmap error on 1k block filesystems\n\nApparently syzbot figured out that issuing this FSMAP call:\n\nstruct fsmap_head cmd = {\n\t.fmh_count\t= ...;\n\t.fmh_keys\t= {\n\t\t{ .fmr_device = /* ext4 dev */, .fmr_physical = 0, },\n\t\t{ .fmr_device = /* ext4 dev */, .fmr_physical = 0, },\n\t},\n...\n};\nret = ioctl(fd, FS_IOC_GETFSMAP, &cmd);\n\nProduces this crash if the underlying filesystem is a 1k-block ext4\nfilesystem:\n\nkernel BUG at fs/ext4/ext4.h:3331!\ninvalid opcode: 0000 [#1] PREEMPT SMP\nCPU: 3 PID: 3227965 Comm: xfs_io Tainted: G W O 6.2.0-rc8-achx\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:ext4_mb_load_buddy_gfp+0x47c/0x570 [ext4]\nRSP: 0018:ffffc90007c03998 EFLAGS: 00010246\nRAX: ffff888004978000 RBX: ffffc90007c03a20 RCX: ffff888041618000\nRDX: 0000000000000000 RSI: 00000000000005a4 RDI: ffffffffa0c99b11\nRBP: ffff888012330000 R08: ffffffffa0c2b7d0 R09: 0000000000000400\nR10: ffffc90007c03950 R11: 0000000000000000 R12: 0000000000000001\nR13: 00000000ffffffff R14: 0000000000000c40 R15: ffff88802678c398\nFS: 00007fdf2020c880(0000) GS:ffff88807e100000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffd318a5fe8 CR3: 000000007f80f001 CR4: 00000000001706e0\nCall Trace:\n \n ext4_mballoc_query_range+0x4b/0x210 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80]\n ext4_getfsmap_datadev+0x713/0x890 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80]\n ext4_getfsmap+0x2b7/0x330 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80]\n ext4_ioc_getfsmap+0x153/0x2b0 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80]\n __ext4_ioctl+0x2a7/0x17e0 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80]\n __x64_sys_ioctl+0x82/0xa0\n do_syscall_64+0x2b/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033:0x7fdf20558aff\nRSP: 002b:00007ffd318a9e30 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00000000000200c0 RCX: 00007fdf20558aff\nRDX: 00007fdf1feb2010 RSI: 00000000c0c0583b RDI: 0000000000000003\nRBP: 00005625c0634be0 R08: 00005625c0634c40 R09: 0000000000000001\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fdf1feb2010\nR13: 00005625be70d994 R14: 0000000000000800 R15: 0000000000000000\n\nFor GETFSMAP calls, the caller selects a physical block device by\nwriting its block number into fsmap_head.fmh_keys[01].fmr_device.\nTo query mappings for a subrange of the device, the starting byte of the\nrange is written to fsmap_head.fmh_keys[0].fmr_physical and the last\nbyte of the range goes in fsmap_head.fmh_keys[1].fmr_physical.\n\nIOWs, to query what mappings overlap with bytes 3-14 of /dev/sda, you'd\nset the inputs as follows:\n\n\tfmh_keys[0] = { .fmr_device = major(8, 0), .fmr_physical = 3},\n\tfmh_keys[1] = { .fmr_device = major(8, 0), .fmr_physical = 14},\n\nWhich would return you whatever is mapped in the 12 bytes starting at\nphysical offset 3.\n\nThe crash is due to insufficient range validation of keys[1] in\next4_getfsmap_datadev. On 1k-block filesystems, block 0 is not part of\nthe filesystem, which means that s_first_data_block is nonzero.\next4_get_group_no_and_offset subtracts this quantity from the blocknr\nargument before cracking it into a group number and a block number\nwithin a group. IOWs, block group 0 spans blocks 1-8192 (1-based)\ninstead of 0-8191 (0-based) like what happens with larger blocksizes.\n\nThe net result of this encoding is that blocknr < s_first_data_block is\nnot a valid input to this function. The end_fsb variable is set from\nthe keys that are copied from userspace, which means that in the above\nexample, its value is zero. That leads to an underflow here:\n\n\tblocknr = blocknr - le32_to_cpu(es->s_first_data_block);\n\nThe division then operates on -1:\n\n\toffset = do_div(blocknr, EXT4_BLOCKS_PER_GROUP(sb)) >>\n\t\tEXT4_SB(sb)->s_cluster_bits;\n\nLeaving an impossibly large group number (2^32-1) in blocknr.\next4_getfsmap_check_keys checked that keys[0\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: corrige otro error de fsmap de un bloque en sistemas de archivos de 1k Aparentemente, syzbot descubri\u00f3 que emitir esta llamada FSMAP: Produce este fallo si el sistema de archivos subyacente es un sistema de archivos ext4 de 1k bloques: \u00a1ERROR del kernel en fs/ext4/ext4.h:3331! C\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] PREEMPT SMP CPU: 3 PID: 3227965 Comm: xfs_io Contaminado: GWO 6.2.0-rc8-achx Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 01/04/2014 RIP: 0010:ext4_mb_load_buddy_gfp+0x47c/0x570 [ext4] RSP: 0018:ffffc90007c03998 EFLAGS: 00010246 RAX: ffff888004978000 RBX: ffffc90007c03a20 RCX: ffff888041618000 RDX: 0000000000000000 RSI: 00000000000005a4 RDI: ffffffffa0c99b11 RBP: ffff888012330000 R08: ffffffffa0c2b7d0 R09: 0000000000000400 R10: ffffc90007c03950 R11: 0000000000000000 R12: 000000000000001 R13: 00000000ffffffff R14: 0000000000000c40 R15: ffff88802678c398 FS: 00007fdf2020c880(0000) GS:ffff88807e100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffd318a5fe8 CR3: 000000007f80f001 CR4: 00000000001706e0 Rastreo de llamadas: ext4_mballoc_query_range+0x4b/0x210 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80] ext4_getfsmap_datadev+0x713/0x890 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80] ext4_getfsmap+0x2b7/0x330 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80] ext4_ioc_getfsmap+0x153/0x2b0 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80] __ext4_ioctl+0x2a7/0x17e0 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80] __x64_sys_ioctl+0x82/0xa0 hacer_llamada_al_sistema_64+0x2b/0x80 entrada_LLAMADA_AL_SISTEMA_64_despu\u00e9s_de_hwframe+0x46/0xb0 RIP: 0033:0x7fdf20558aff RSP: 002b:00007ffd318a9e30 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00000000000200c0 RCX: 00007fdf20558aff RDX: 00007fdf1feb2010 RSI: 00000000c0c0583b RDI: 0000000000000003 RBP: 00005625c0634be0 R08: 00005625c0634c40 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdf1feb2010 R13: 00005625be70d994 R14: 000000000000800 R15: 000000000000000 Para las llamadas GETFSMAP, el llamador selecciona un dispositivo de bloque f\u00edsico escribiendo su n\u00famero de bloque en fsmap_head.fmh_keys[01].fmr_device. Para consultar las asignaciones de un subrango del dispositivo, el byte inicial del rango se escribe en fsmap_head.fmh_keys[0].fmr_physical y el \u00faltimo byte en fsmap_head.fmh_keys[1].fmr_physical. IOWs, para consultar qu\u00e9 asignaciones se superponen con los bytes 3-14 de /dev/sda, debe configurar las entradas de la siguiente manera: fmh_keys[0] = { .fmr_device = major(8, 0), .fmr_physical = 3}, fmh_keys[1] = { .fmr_device = major(8, 0), .fmr_physical = 14}, lo que le devolver\u00eda lo que est\u00e9 asignado en los 12 bytes a partir del desplazamiento f\u00edsico 3. El fallo se debe a una validaci\u00f3n de rango insuficiente de keys[1] en ext4_getfsmap_datadev. En sistemas de archivos de 1k bloques, el bloque 0 no forma parte del sistema de archivos, lo que significa que s_first_data_block es distinto de cero. ext4_get_group_no_and_offset resta esta cantidad del argumento blocknr antes de descomponerlo en un n\u00famero de grupo y un n\u00famero de bloque dentro de un grupo. En las IOW, el grupo de bloques 0 abarca los bloques 1-8192 (basado en 1) en lugar de 0-8191 (basado en 0), como ocurre con tama\u00f1os de bloque mayores. El resultado final de esta codificaci\u00f3n es que blocknr < s_first_data_block no es una entrada v\u00e1lida para esta funci\u00f3n. La variable end_fsb se establece a partir de las claves copiadas del espacio de usuario, lo que significa que, en el ejemplo anterior, su valor es cero. Esto genera un desbordamiento por debajo de la capacidad: blocknr = blocknr - le32_to_cpu(es->s_first_data_block); La divisi\u00f3n opera entonces sobre -1: offset = do_div(blocknr, EXT4_BLOCKS_PER_GROUP(sb)) >> EXT4_SB(sb)->s_cluster_bits; De esta manera, se deja un n\u00famero de grupo imposiblemente grande (2^32-1) en blocknr. ext4_getfsmap_check_keys verific\u00f3 que keys[0 ---truncado---" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53144.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53144.json index 916c086ac81..e412771d255 100644 --- a/CVE-2023/CVE-2023-531xx/CVE-2023-53144.json +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53144.json @@ -2,13 +2,17 @@ "id": "CVE-2023-53144", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T16:15:33.357", - "lastModified": "2025-05-02T16:15:33.357", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix wrong kunmap when using LZMA on HIGHMEM platforms\n\nAs the call trace shown, the root cause is kunmap incorrect pages:\n\n BUG: kernel NULL pointer dereference, address: 00000000\n CPU: 1 PID: 40 Comm: kworker/u5:0 Not tainted 6.2.0-rc5 #4\n Workqueue: erofs_worker z_erofs_decompressqueue_work\n EIP: z_erofs_lzma_decompress+0x34b/0x8ac\n z_erofs_decompress+0x12/0x14\n z_erofs_decompress_queue+0x7e7/0xb1c\n z_erofs_decompressqueue_work+0x32/0x60\n process_one_work+0x24b/0x4d8\n ? process_one_work+0x1a4/0x4d8\n worker_thread+0x14c/0x3fc\n kthread+0xe6/0x10c\n ? rescuer_thread+0x358/0x358\n ? kthread_complete_and_exit+0x18/0x18\n ret_from_fork+0x1c/0x28\n ---[ end trace 0000000000000000 ]---\n\nThe bug is trivial and should be fixed now. It has no impact on\n!HIGHMEM platforms." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: erofs: corrige kunmap incorrecto al usar LZMA en plataformas HIGHMEM Como lo muestra el seguimiento de llamadas, la causa ra\u00edz son p\u00e1ginas incorrectas de kunmap: ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 00000000 CPU: 1 PID: 40 Comm: kworker/u5:0 No contaminado 6.2.0-rc5 #4 Cola de trabajo: erofs_worker z_erofs_decompressqueue_work EIP: z_erofs_lzma_decompress+0x34b/0x8ac z_erofs_decompress+0x12/0x14 z_erofs_decompress_queue+0x7e7/0xb1c z_erofs_decompressqueue_work+0x32/0x60 process_one_work+0x24b/0x4d8 ? process_one_work+0x1a4/0x4d8, work_thread+0x14c/0x3fc, kthread+0xe6/0x10c, rescuer_thread+0x358/0x358, kthread_complete_and_exit+0x18/0x18, ret_from_fork+0x1c/0x28 ---[ fin del seguimiento 000000000000000 ]--- El error es trivial y deber\u00eda estar corregido. No afecta a las plataformas !HIGHMEM." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-116xx/CVE-2024-11615.json b/CVE-2024/CVE-2024-116xx/CVE-2024-11615.json index 0d372c94df0..6b70d701a99 100644 --- a/CVE-2024/CVE-2024-116xx/CVE-2024-11615.json +++ b/CVE-2024/CVE-2024-116xx/CVE-2024-11615.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11615", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-05T17:18:19.130", - "lastModified": "2025-05-05T17:18:19.130", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-137xx/CVE-2024-13738.json b/CVE-2024/CVE-2024-137xx/CVE-2024-13738.json index 21d73c87fda..955ed8df965 100644 --- a/CVE-2024/CVE-2024-137xx/CVE-2024-13738.json +++ b/CVE-2024/CVE-2024-137xx/CVE-2024-13738.json @@ -2,13 +2,17 @@ "id": "CVE-2024-13738", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-03T03:15:20.013", - "lastModified": "2025-05-03T03:15:20.013", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The The Motors - Car Dealer, Rental & Listing WordPress theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.6.65. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.\r\n\r\n*It is unclear exactly which version the issue was patched in from the changelog. Therefore, we used the latest version at the time of verification." + }, + { + "lang": "es", + "value": "El tema Motors - Car Dealer, Rental & Listing WordPress theme WordPress para es vulnerable a la ejecuci\u00f3n de shortcodes arbitrarios en todas las versiones hasta la 5.6.65 incluida. Esto se debe a que el software permite a los usuarios ejecutar una acci\u00f3n que no valida correctamente un valor antes de ejecutar do_shortcode. Esto permite que atacantes no autenticados ejecuten shortcodes arbitrarios. *Se desconoce la versi\u00f3n exacta en la que se solucion\u00f3 el problema seg\u00fan el registro de cambios. Por lo tanto, utilizamos la versi\u00f3n m\u00e1s reciente en el momento de la verificaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22393.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22393.json index 9ddf54206b8..68dad409c8a 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22393.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22393.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22393", "sourceIdentifier": "security@apache.org", "published": "2024-02-22T10:15:08.340", - "lastModified": "2025-02-13T18:16:48.463", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-05-05T21:00:08.810", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,22 +51,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:answer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2.5", + "matchCriteriaId": "0DA3BAC5-BABF-4F6F-9EB4-BF6383235902" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/02/22/1", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread/f58l6dr4r74hl6o71gn47kmn44vw12cv", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/02/22/1", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread/f58l6dr4r74hl6o71gn47kmn44vw12cv", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-250xx/CVE-2024-25065.json b/CVE-2024/CVE-2024-250xx/CVE-2024-25065.json index 69a947bc7a2..aa5726d8e28 100644 --- a/CVE-2024/CVE-2024-250xx/CVE-2024-25065.json +++ b/CVE-2024/CVE-2024-250xx/CVE-2024-25065.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25065", "sourceIdentifier": "security@apache.org", "published": "2024-02-29T01:44:14.480", - "lastModified": "2025-02-13T18:17:13.343", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-05-05T21:02:31.940", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,54 +51,108 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*", + "versionEndExcluding": "18.12.12", + "matchCriteriaId": "424FD80B-5374-418B-86EF-12EC573A24E1" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/02/28/10", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://issues.apache.org/jira/browse/OFBIZ-12887", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://lists.apache.org/thread/rplfjp7ppn9ro49oo7jsrpj99m113lfc", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://ofbiz.apache.org/download.html", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Product" + ] }, { "url": "https://ofbiz.apache.org/release-notes-18.12.12.html", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://ofbiz.apache.org/security.html", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/02/28/10", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://issues.apache.org/jira/browse/OFBIZ-12887", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://lists.apache.org/thread/rplfjp7ppn9ro49oo7jsrpj99m113lfc", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://ofbiz.apache.org/download.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] }, { "url": "https://ofbiz.apache.org/release-notes-18.12.12.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes" + ] }, { "url": "https://ofbiz.apache.org/security.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-318xx/CVE-2024-31860.json b/CVE-2024/CVE-2024-318xx/CVE-2024-31860.json index 2e616b81d03..801432009a2 100644 --- a/CVE-2024/CVE-2024-318xx/CVE-2024-31860.json +++ b/CVE-2024/CVE-2024-318xx/CVE-2024-31860.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31860", "sourceIdentifier": "security@apache.org", "published": "2024-04-09T09:15:26.293", - "lastModified": "2025-02-13T18:18:00.030", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-05-05T20:49:47.687", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,32 +49,83 @@ "value": "CWE-20" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.9.0", + "versionEndExcluding": "0.11.0", + "matchCriteriaId": "1798D6A2-1159-49F5-A996-C7C7E4C1E4CD" + } + ] + } + ] } ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/04/09/2", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://github.com/apache/zeppelin/pull/4632", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://lists.apache.org/thread/c0zfjnow3oc3dzc8w5rbkzj8lqj5jm5x", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/09/2", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://github.com/apache/zeppelin/pull/4632", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://lists.apache.org/thread/c0zfjnow3oc3dzc8w5rbkzj8lqj5jm5x", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-318xx/CVE-2024-31862.json b/CVE-2024/CVE-2024-318xx/CVE-2024-31862.json index 5de10a82d1d..859516a0811 100644 --- a/CVE-2024/CVE-2024-318xx/CVE-2024-31862.json +++ b/CVE-2024/CVE-2024-318xx/CVE-2024-31862.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31862", "sourceIdentifier": "security@apache.org", "published": "2024-04-09T10:15:08.513", - "lastModified": "2025-02-13T18:18:00.207", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-05-05T20:46:55.243", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,32 +49,83 @@ "value": "CWE-20" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.10.1", + "versionEndExcluding": "0.11.0", + "matchCriteriaId": "5D7D1A27-76A6-4963-95A7-42769DD35CDF" + } + ] + } + ] } ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/04/09/5", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://github.com/apache/zeppelin/pull/4632", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://lists.apache.org/thread/73xdjx43yg4yz8bd4p3o8vzyybkysmn0", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/09/5", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://github.com/apache/zeppelin/pull/4632", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://lists.apache.org/thread/73xdjx43yg4yz8bd4p3o8vzyybkysmn0", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-318xx/CVE-2024-31864.json b/CVE-2024/CVE-2024-318xx/CVE-2024-31864.json index 966aa2a4a4d..dde31a87539 100644 --- a/CVE-2024/CVE-2024-318xx/CVE-2024-31864.json +++ b/CVE-2024/CVE-2024-318xx/CVE-2024-31864.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31864", "sourceIdentifier": "security@apache.org", "published": "2024-04-09T16:15:08.113", - "lastModified": "2025-02-13T18:18:00.517", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-05-05T20:27:35.617", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,38 +51,82 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.11.1", + "matchCriteriaId": "F2FE053F-B68F-4910-9388-9634FA1204F2" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/04/09/8", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://github.com/apache/zeppelin/pull/4709", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://lists.apache.org/thread/752qdk0rnkd9nqtornz734zwb7xdwcdb", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "https://www.cve.org/CVERecord?id=CVE-2020-11974", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Not Applicable" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/09/8", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://github.com/apache/zeppelin/pull/4709", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://lists.apache.org/thread/752qdk0rnkd9nqtornz734zwb7xdwcdb", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "https://www.cve.org/CVERecord?id=CVE-2020-11974", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-318xx/CVE-2024-31865.json b/CVE-2024/CVE-2024-318xx/CVE-2024-31865.json index 993b45a4248..611e854987a 100644 --- a/CVE-2024/CVE-2024-318xx/CVE-2024-31865.json +++ b/CVE-2024/CVE-2024-318xx/CVE-2024-31865.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31865", "sourceIdentifier": "security@apache.org", "published": "2024-04-09T16:15:08.213", - "lastModified": "2025-02-13T18:18:00.710", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-05-05T20:27:58.593", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,32 +49,83 @@ "value": "CWE-20" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.8.2", + "versionEndExcluding": "0.11.1", + "matchCriteriaId": "891BB3D1-5B35-4211-B5D8-9F472D668858" + } + ] + } + ] } ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/04/09/9", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://github.com/apache/zeppelin/pull/4631", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://lists.apache.org/thread/slm1sf0slwc11f4m4r0nd6ot2rf7w81l", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/09/9", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://github.com/apache/zeppelin/pull/4631", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://lists.apache.org/thread/slm1sf0slwc11f4m4r0nd6ot2rf7w81l", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-318xx/CVE-2024-31866.json b/CVE-2024/CVE-2024-318xx/CVE-2024-31866.json index bbd7fe606b4..ceac1232834 100644 --- a/CVE-2024/CVE-2024-318xx/CVE-2024-31866.json +++ b/CVE-2024/CVE-2024-318xx/CVE-2024-31866.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31866", "sourceIdentifier": "security@apache.org", "published": "2024-04-09T16:15:08.307", - "lastModified": "2025-02-13T18:18:00.873", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-05-05T20:09:58.807", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,30 +51,71 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.8.2", + "versionEndExcluding": "0.11.1", + "matchCriteriaId": "891BB3D1-5B35-4211-B5D8-9F472D668858" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/04/09/10", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://github.com/apache/zeppelin/pull/4715", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://lists.apache.org/thread/jpkbq3oktopt34x2n5wnhzc2r1410ddd", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/09/10", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://github.com/apache/zeppelin/pull/4715", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://lists.apache.org/thread/jpkbq3oktopt34x2n5wnhzc2r1410ddd", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-318xx/CVE-2024-31867.json b/CVE-2024/CVE-2024-318xx/CVE-2024-31867.json index 7250a395258..eb7b2de8a82 100644 --- a/CVE-2024/CVE-2024-318xx/CVE-2024-31867.json +++ b/CVE-2024/CVE-2024-318xx/CVE-2024-31867.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31867", "sourceIdentifier": "security@apache.org", "published": "2024-04-09T17:16:03.237", - "lastModified": "2025-02-13T18:18:01.063", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-05-05T20:12:05.860", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,32 +49,83 @@ "value": "CWE-20" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.8.2", + "versionEndExcluding": "0.11.1", + "matchCriteriaId": "891BB3D1-5B35-4211-B5D8-9F472D668858" + } + ] + } + ] } ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/04/09/12", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://github.com/apache/zeppelin/pull/4714", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://lists.apache.org/thread/s4scw8bxdhrjs0kg0lhb68xqd8y9lrtf", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/09/12", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://github.com/apache/zeppelin/pull/4714", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://lists.apache.org/thread/s4scw8bxdhrjs0kg0lhb68xqd8y9lrtf", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-318xx/CVE-2024-31868.json b/CVE-2024/CVE-2024-318xx/CVE-2024-31868.json index 23aa28ba6a2..26230ec8d3d 100644 --- a/CVE-2024/CVE-2024-318xx/CVE-2024-31868.json +++ b/CVE-2024/CVE-2024-318xx/CVE-2024-31868.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31868", "sourceIdentifier": "security@apache.org", "published": "2024-04-09T16:15:08.413", - "lastModified": "2024-11-21T09:14:03.497", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-05-05T20:11:35.210", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,26 +51,62 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.8.2", + "versionEndExcluding": "0.11.1", + "matchCriteriaId": "891BB3D1-5B35-4211-B5D8-9F472D668858" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/apache/zeppelin/pull/4728", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://lists.apache.org/thread/55mqs673plsxmgnq7fdf2flftpllyf11", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/09/11", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://github.com/apache/zeppelin/pull/4728", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://lists.apache.org/thread/55mqs673plsxmgnq7fdf2flftpllyf11", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-417xx/CVE-2024-41753.json b/CVE-2024/CVE-2024-417xx/CVE-2024-41753.json index dba70cf7cee..71a82870849 100644 --- a/CVE-2024/CVE-2024-417xx/CVE-2024-41753.json +++ b/CVE-2024/CVE-2024-417xx/CVE-2024-41753.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41753", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-05-03T16:15:19.150", - "lastModified": "2025-05-03T16:15:19.150", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF004 and 24.0.1 through 24.0.1 IF001 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + }, + { + "lang": "es", + "value": "IBM Cloud Pak for Business Automation 24.0.0 a 24.0.0 IF004 y 24.0.1 a 24.0.1 IF001 son vulnerables a ataques de cross-site scripting. Esta vulnerabilidad permite a un atacante no autenticado incrustar c\u00f3digo JavaScript arbitrario en la interfaz web, alterando as\u00ed la funcionalidad prevista y pudiendo provocar la divulgaci\u00f3n de credenciales en una sesi\u00f3n de confianza." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42212.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42212.json index 2e3961e3b6d..6c324fed0da 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42212.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42212.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42212", "sourceIdentifier": "psirt@hcl.com", "published": "2025-05-05T19:15:55.353", - "lastModified": "2025-05-05T19:15:55.353", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42213.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42213.json index 576a1ee84df..65e1781538d 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42213.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42213.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42213", "sourceIdentifier": "psirt@hcl.com", "published": "2025-05-05T19:15:55.500", - "lastModified": "2025-05-05T19:15:55.500", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51991.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51991.json index c2718c280fc..a1a9d3ac8e1 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51991.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51991.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51991", "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-05T17:18:44.853", - "lastModified": "2025-05-05T17:18:44.853", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-550xx/CVE-2024-55069.json b/CVE-2024/CVE-2024-550xx/CVE-2024-55069.json index bda06653d12..3c0a2c511e5 100644 --- a/CVE-2024/CVE-2024-550xx/CVE-2024-55069.json +++ b/CVE-2024/CVE-2024-550xx/CVE-2024-55069.json @@ -2,13 +2,17 @@ "id": "CVE-2024-55069", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-02T22:15:16.750", - "lastModified": "2025-05-02T22:15:16.750", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_read_header in /libavformat/iamfdec.c." + }, + { + "lang": "es", + "value": "ffmpeg 7.1 es vulnerable a la desreferencia de puntero nulo en la funci\u00f3n iamf_read_header en /libavformat/iamfdec.c." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-572xx/CVE-2024-57229.json b/CVE-2024/CVE-2024-572xx/CVE-2024-57229.json index 12f9ad5c29b..ab1a5ee3ad5 100644 --- a/CVE-2024/CVE-2024-572xx/CVE-2024-57229.json +++ b/CVE-2024/CVE-2024-572xx/CVE-2024-57229.json @@ -2,8 +2,8 @@ "id": "CVE-2024-57229", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T17:18:45.743", - "lastModified": "2025-05-05T18:15:39.900", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-572xx/CVE-2024-57230.json b/CVE-2024/CVE-2024-572xx/CVE-2024-57230.json index 6436b3361e9..6fe1ea041ac 100644 --- a/CVE-2024/CVE-2024-572xx/CVE-2024-57230.json +++ b/CVE-2024/CVE-2024-572xx/CVE-2024-57230.json @@ -2,8 +2,8 @@ "id": "CVE-2024-57230", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T17:18:45.873", - "lastModified": "2025-05-05T18:15:40.047", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-572xx/CVE-2024-57231.json b/CVE-2024/CVE-2024-572xx/CVE-2024-57231.json index 3e489698092..cf067c228d0 100644 --- a/CVE-2024/CVE-2024-572xx/CVE-2024-57231.json +++ b/CVE-2024/CVE-2024-572xx/CVE-2024-57231.json @@ -2,8 +2,8 @@ "id": "CVE-2024-57231", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T17:18:46.000", - "lastModified": "2025-05-05T18:15:40.193", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-572xx/CVE-2024-57232.json b/CVE-2024/CVE-2024-572xx/CVE-2024-57232.json index c0ad8b039af..6c62bacdf19 100644 --- a/CVE-2024/CVE-2024-572xx/CVE-2024-57232.json +++ b/CVE-2024/CVE-2024-572xx/CVE-2024-57232.json @@ -2,8 +2,8 @@ "id": "CVE-2024-57232", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T17:18:46.140", - "lastModified": "2025-05-05T18:15:40.340", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-572xx/CVE-2024-57233.json b/CVE-2024/CVE-2024-572xx/CVE-2024-57233.json index f79a1f695e9..0442e6102c6 100644 --- a/CVE-2024/CVE-2024-572xx/CVE-2024-57233.json +++ b/CVE-2024/CVE-2024-572xx/CVE-2024-57233.json @@ -2,8 +2,8 @@ "id": "CVE-2024-57233", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T17:18:46.273", - "lastModified": "2025-05-05T18:15:40.493", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-572xx/CVE-2024-57234.json b/CVE-2024/CVE-2024-572xx/CVE-2024-57234.json index 57032275edb..95640b7870a 100644 --- a/CVE-2024/CVE-2024-572xx/CVE-2024-57234.json +++ b/CVE-2024/CVE-2024-572xx/CVE-2024-57234.json @@ -2,8 +2,8 @@ "id": "CVE-2024-57234", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T17:18:46.403", - "lastModified": "2025-05-05T18:15:40.650", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-572xx/CVE-2024-57235.json b/CVE-2024/CVE-2024-572xx/CVE-2024-57235.json index 2a22ea00e2b..eb535d7daf2 100644 --- a/CVE-2024/CVE-2024-572xx/CVE-2024-57235.json +++ b/CVE-2024/CVE-2024-572xx/CVE-2024-57235.json @@ -2,8 +2,8 @@ "id": "CVE-2024-57235", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T17:18:46.530", - "lastModified": "2025-05-05T18:15:40.797", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58098.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58098.json index 6575ea3e46a..5e3a3a3c12d 100644 --- a/CVE-2024/CVE-2024-580xx/CVE-2024-58098.json +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58098.json @@ -2,8 +2,8 @@ "id": "CVE-2024-58098", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-05T15:15:53.810", - "lastModified": "2025-05-05T15:15:53.810", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-581xx/CVE-2024-58100.json b/CVE-2024/CVE-2024-581xx/CVE-2024-58100.json index b49c111a7b9..f3c3c8287bd 100644 --- a/CVE-2024/CVE-2024-581xx/CVE-2024-58100.json +++ b/CVE-2024/CVE-2024-581xx/CVE-2024-58100.json @@ -2,8 +2,8 @@ "id": "CVE-2024-58100", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-05T15:15:53.913", - "lastModified": "2025-05-05T15:15:53.913", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-581xx/CVE-2024-58134.json b/CVE-2024/CVE-2024-581xx/CVE-2024-58134.json index 211b63c6708..f1fb23193bf 100644 --- a/CVE-2024/CVE-2024-581xx/CVE-2024-58134.json +++ b/CVE-2024/CVE-2024-581xx/CVE-2024-58134.json @@ -2,13 +2,17 @@ "id": "CVE-2024-58134", "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "published": "2025-05-03T16:15:19.310", - "lastModified": "2025-05-03T16:15:19.310", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default.\n\nThese predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user\u2019s session." + }, + { + "lang": "es", + "value": "Las versiones de Mojolicious de la 0.999922 a la 9.39 para Perl utilizan una cadena de c\u00f3digo fijo, o el nombre de la clase de la aplicaci\u00f3n, como secreto de sesi\u00f3n HMAC por defecto. Estos secretos predeterminados predecibles pueden explotarse para falsificar cookies de sesi\u00f3n. Un atacante que conozca o adivine el secreto podr\u00eda calcular firmas HMAC v\u00e1lidas para la cookie de sesi\u00f3n, lo que le permitir\u00eda manipular o secuestrar la sesi\u00f3n de otro usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-581xx/CVE-2024-58135.json b/CVE-2024/CVE-2024-581xx/CVE-2024-58135.json index 138c1242956..b543171cdee 100644 --- a/CVE-2024/CVE-2024-581xx/CVE-2024-58135.json +++ b/CVE-2024/CVE-2024-581xx/CVE-2024-58135.json @@ -2,13 +2,17 @@ "id": "CVE-2024-58135", "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "published": "2025-05-03T11:15:48.037", - "lastModified": "2025-05-03T11:15:48.037", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mojolicious versions from 7.28 through 9.39 for Perl may generate weak HMAC session secrets.\n\nWhen creating a default app with the \"mojo generate app\" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys." + }, + { + "lang": "es", + "value": "Las versiones de Mojolicious de la 7.28 a la 9.39 para Perl pueden generar secretos de sesi\u00f3n HMAC d\u00e9biles. Al crear una aplicaci\u00f3n predeterminada con la herramienta \"mojo generate app\", se escribe un secreto d\u00e9bil en el archivo de configuraci\u00f3n de la aplicaci\u00f3n mediante la funci\u00f3n insegura rand(), que se utiliza para autenticar y proteger la integridad de las sesiones de la aplicaci\u00f3n. Esto podr\u00eda permitir a un atacante acceder por fuerza bruta a las claves de sesi\u00f3n de la aplicaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-582xx/CVE-2024-58237.json b/CVE-2024/CVE-2024-582xx/CVE-2024-58237.json index fbea1ed3777..be2114e1495 100644 --- a/CVE-2024/CVE-2024-582xx/CVE-2024-58237.json +++ b/CVE-2024/CVE-2024-582xx/CVE-2024-58237.json @@ -2,8 +2,8 @@ "id": "CVE-2024-58237", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-05T15:15:54.010", - "lastModified": "2025-05-05T15:15:54.010", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-582xx/CVE-2024-58253.json b/CVE-2024/CVE-2024-582xx/CVE-2024-58253.json index c0b143dd4e4..132fa32978a 100644 --- a/CVE-2024/CVE-2024-582xx/CVE-2024-58253.json +++ b/CVE-2024/CVE-2024-582xx/CVE-2024-58253.json @@ -2,13 +2,17 @@ "id": "CVE-2024-58253", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-02T20:15:19.793", - "lastModified": "2025-05-02T20:15:19.793", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the obfstr crate before 0.4.4 for Rust, the obfstr! argument type is not restricted to string slices, leading to invalid UTF-8 conversion that produces an invalid value." + }, + { + "lang": "es", + "value": "Obfstr crate anterior a la versi\u00f3n 0.4.4 para Rust, el tipo de argumento obfstr! no est\u00e1 restringido a segmentos de cadena, lo que genera una conversi\u00f3n UTF-8 no v\u00e1lida que produce un valor no v\u00e1lido." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-02xx/CVE-2025-0217.json b/CVE-2025/CVE-2025-02xx/CVE-2025-0217.json index 1665338d003..769a6431558 100644 --- a/CVE-2025/CVE-2025-02xx/CVE-2025-0217.json +++ b/CVE-2025/CVE-2025-02xx/CVE-2025-0217.json @@ -2,8 +2,8 @@ "id": "CVE-2025-0217", "sourceIdentifier": "13061848-ea10-403d-bd75-c83a022c2891", "published": "2025-05-05T17:18:46.720", - "lastModified": "2025-05-05T17:18:46.720", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0782.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0782.json index ed6b3669993..b3fe92df23a 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0782.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0782.json @@ -2,13 +2,17 @@ "id": "CVE-2025-0782", "sourceIdentifier": "security@huntr.dev", "published": "2025-05-02T21:15:23.550", - "lastModified": "2025-05-02T21:15:23.550", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the S3 bucket configuration for h2oai/h2o-3 allows public write access to the 'h2o-release' bucket. This issue affects all versions and could enable an attacker to overwrite any file in the bucket. As users download binary files such as JARs from this bucket, this vulnerability could lead to remote code execution (RCE) on any user who uses the application. Additionally, an attacker could modify the documentation to include malicious download links." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la configuraci\u00f3n del bucket S3 para h2oai/h2o-3 permite acceso p\u00fablico de escritura al bucket \"h2o-release\". Este problema afecta a todas las versiones y podr\u00eda permitir a un atacante sobrescribir cualquier archivo del bucket. Al descargar archivos binarios, como JAR, desde este bucket, esta vulnerabilidad podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo (RCE) en cualquier usuario que utilice la aplicaci\u00f3n. Adem\u00e1s, un atacante podr\u00eda modificar la documentaci\u00f3n para incluir enlaces de descarga maliciosos." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-09xx/CVE-2025-0915.json b/CVE-2025/CVE-2025-09xx/CVE-2025-0915.json new file mode 100644 index 00000000000..6701bab535a --- /dev/null +++ b/CVE-2025/CVE-2025-09xx/CVE-2025-0915.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-0915", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2025-05-05T21:15:46.970", + "lastModified": "2025-05-05T21:15:46.970", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 \n\n\n\nunder specific configurations could allow an authenticated user to cause a denial of service due to insufficient release of allocated memory resources." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7232529", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-10xx/CVE-2025-1000.json b/CVE-2025/CVE-2025-10xx/CVE-2025-1000.json new file mode 100644 index 00000000000..f5c303dd239 --- /dev/null +++ b/CVE-2025/CVE-2025-10xx/CVE-2025-1000.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-1000", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2025-05-05T21:15:47.120", + "lastModified": "2025-05-05T21:15:47.120", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 \n\ncould allow an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7232528", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-14xx/CVE-2025-1493.json b/CVE-2025/CVE-2025-14xx/CVE-2025-1493.json new file mode 100644 index 00000000000..f58cb8c80ac --- /dev/null +++ b/CVE-2025/CVE-2025-14xx/CVE-2025-1493.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-1493", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2025-05-05T21:15:47.263", + "lastModified": "2025-05-05T21:15:47.263", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1 \n\n\n\n\n\ncould allow an authenticated user to cause a denial of service due to concurrent execution of shared resources." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7232518", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-14xx/CVE-2025-1495.json b/CVE-2025/CVE-2025-14xx/CVE-2025-1495.json index 77b079f84fb..5fa5f80a8fc 100644 --- a/CVE-2025/CVE-2025-14xx/CVE-2025-1495.json +++ b/CVE-2025/CVE-2025-14xx/CVE-2025-1495.json @@ -2,13 +2,17 @@ "id": "CVE-2025-1495", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-05-03T17:15:44.767", - "lastModified": "2025-05-03T17:15:44.767", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation." + }, + { + "lang": "es", + "value": "IBM Business Automation Workflow 24.0.0 y 24.0.1 a 24.0.1 IF001 Center puede filtrar informaci\u00f3n confidencial debido a la falta de validaci\u00f3n de autorizaci\u00f3n." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-18xx/CVE-2025-1838.json b/CVE-2025/CVE-2025-18xx/CVE-2025-1838.json index 1a537ae531d..d6d33806a09 100644 --- a/CVE-2025/CVE-2025-18xx/CVE-2025-1838.json +++ b/CVE-2025/CVE-2025-18xx/CVE-2025-1838.json @@ -2,13 +2,17 @@ "id": "CVE-2025-1838", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-05-03T19:15:48.607", - "lastModified": "2025-05-03T19:15:48.607", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Cloud Pak for Business Automation\n\n 24.0.0 and 24.0.1 through 24.0.1 IF001 \n\nAuthoring allows an authenticated user to bypass client-side data validation in an authoring user interface which could cause a denial of service." + }, + { + "lang": "es", + "value": "IBM Cloud Pak for Business Automation 24.0.0 y 24.0.1 a 24.0.1 IF001 La creaci\u00f3n permite que un usuario autenticado omita la validaci\u00f3n de datos del lado del cliente en una interfaz de usuario de creaci\u00f3n, lo que podr\u00eda provocar una denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-18xx/CVE-2025-1883.json b/CVE-2025/CVE-2025-18xx/CVE-2025-1883.json index 74add6e6454..a4de6c5ab7e 100644 --- a/CVE-2025/CVE-2025-18xx/CVE-2025-1883.json +++ b/CVE-2025/CVE-2025-18xx/CVE-2025-1883.json @@ -2,13 +2,17 @@ "id": "CVE-2025-1883", "sourceIdentifier": "3DS.Information-Security@3ds.com", "published": "2025-05-02T15:15:48.317", - "lastModified": "2025-05-02T15:15:48.317", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-Of-Bounds Write vulnerability exists in the OBJ file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted OBJ\u00c2\u00a0file." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de escritura fuera de los l\u00edmites en el procedimiento de lectura de archivos OBJ en SOLIDWORKS eDrawings en la versi\u00f3n SOLIDWORKS Desktop 2025. Esta vulnerabilidad podr\u00eda permitir que un atacante ejecute c\u00f3digo arbitrario al abrir un archivo OBJ especialmente manipulado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-18xx/CVE-2025-1884.json b/CVE-2025/CVE-2025-18xx/CVE-2025-1884.json index fdba2bdbd4d..884767234c8 100644 --- a/CVE-2025/CVE-2025-18xx/CVE-2025-1884.json +++ b/CVE-2025/CVE-2025-18xx/CVE-2025-1884.json @@ -2,13 +2,17 @@ "id": "CVE-2025-1884", "sourceIdentifier": "3DS.Information-Security@3ds.com", "published": "2025-05-02T15:15:48.440", - "lastModified": "2025-05-02T15:15:48.440", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Use-After-Free vulnerability exists in the SLDPRT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de use-after-free en el procedimiento de lectura de archivos SLDPRT en SOLIDWORKS eDrawings en la versi\u00f3n SOLIDWORKS Desktop 2025. Esta vulnerabilidad podr\u00eda permitir que un atacante ejecute c\u00f3digo arbitrario al abrir un archivo SLDPRT especialmente manipulado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-19xx/CVE-2025-1909.json b/CVE-2025/CVE-2025-19xx/CVE-2025-1909.json new file mode 100644 index 00000000000..f33fbc58789 --- /dev/null +++ b/CVE-2025/CVE-2025-19xx/CVE-2025-1909.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-1909", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-05-05T20:15:19.127", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-288" + } + ] + } + ], + "references": [ + { + "url": "https://www.buddyboss.com/resources/buddyboss-platform-pro-releases/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.buddyboss.com/resources/buddyboss-platform-pro-releases/2-7-10/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7cce9b8b-0589-4b09-b184-a66fc86fcb46?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-19xx/CVE-2025-1992.json b/CVE-2025/CVE-2025-19xx/CVE-2025-1992.json index 3e5d630db85..089d095b018 100644 --- a/CVE-2025/CVE-2025-19xx/CVE-2025-1992.json +++ b/CVE-2025/CVE-2025-19xx/CVE-2025-1992.json @@ -2,8 +2,8 @@ "id": "CVE-2025-1992", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-05-05T17:18:46.867", - "lastModified": "2025-05-05T17:18:46.867", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-206xx/CVE-2025-20665.json b/CVE-2025/CVE-2025-206xx/CVE-2025-20665.json index 0e046b069eb..0889ae614e6 100644 --- a/CVE-2025/CVE-2025-206xx/CVE-2025-20665.json +++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20665.json @@ -2,13 +2,17 @@ "id": "CVE-2025-20665", "sourceIdentifier": "security@mediatek.com", "published": "2025-05-05T03:15:21.803", - "lastModified": "2025-05-05T03:15:21.803", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In devinfo, there is a possible information disclosure due to a missing SELinux policy. This could lead to local information disclosure of device identifier with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09555228; Issue ID: MSV-2760." + }, + { + "lang": "es", + "value": "En devinfo, existe una posible divulgaci\u00f3n de informaci\u00f3n debido a la falta de una pol\u00edtica de SELinux. Esto podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n local del identificador del dispositivo sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se requiere la interacci\u00f3n del usuario para su explotaci\u00f3n. ID de parche: ALPS09555228; ID de problema: MSV-2760." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-206xx/CVE-2025-20666.json b/CVE-2025/CVE-2025-206xx/CVE-2025-20666.json index 91b3242d9b9..ede66ad6a72 100644 --- a/CVE-2025/CVE-2025-206xx/CVE-2025-20666.json +++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20666.json @@ -2,13 +2,17 @@ "id": "CVE-2025-20666", "sourceIdentifier": "security@mediatek.com", "published": "2025-05-05T03:15:21.940", - "lastModified": "2025-05-05T03:15:21.940", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00650610; Issue ID: MSV-2933." + }, + { + "lang": "es", + "value": "En Modem, existe un posible fallo del sistema debido a una excepci\u00f3n no detectada. Esto podr\u00eda provocar una denegaci\u00f3n de servicio remota si un UE se conecta a una estaci\u00f3n base no autorizada controlada por el atacante, sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se requiere la interacci\u00f3n del usuario para su explotaci\u00f3n. ID de parche: MOLY00650610; ID de problema: MSV-2933." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-206xx/CVE-2025-20667.json b/CVE-2025/CVE-2025-206xx/CVE-2025-20667.json index 5075c43414a..62ba00de9ec 100644 --- a/CVE-2025/CVE-2025-206xx/CVE-2025-20667.json +++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20667.json @@ -2,13 +2,17 @@ "id": "CVE-2025-20667", "sourceIdentifier": "security@mediatek.com", "published": "2025-05-05T03:15:22.053", - "lastModified": "2025-05-05T03:15:22.053", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Modem, there is a possible information disclosure due to incorrect error handling. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01513293; Issue ID: MSV-2741." + }, + { + "lang": "es", + "value": "En el Modem, existe una posible divulgaci\u00f3n de informaci\u00f3n debido a una gesti\u00f3n incorrecta de errores. Esto podr\u00eda provocar una divulgaci\u00f3n remota de informaci\u00f3n si un UE se conecta a una estaci\u00f3n base no autorizada controlada por el atacante, sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se requiere la interacci\u00f3n del usuario para su explotaci\u00f3n. ID de parche: MOLY01513293; ID de problema: MSV-2741." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-206xx/CVE-2025-20668.json b/CVE-2025/CVE-2025-206xx/CVE-2025-20668.json index 6f41036e801..c87188950e1 100644 --- a/CVE-2025/CVE-2025-206xx/CVE-2025-20668.json +++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20668.json @@ -2,13 +2,17 @@ "id": "CVE-2025-20668", "sourceIdentifier": "security@mediatek.com", "published": "2025-05-05T03:15:22.180", - "lastModified": "2025-05-05T03:15:22.180", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In scp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09625562; Issue ID: MSV-3027." + }, + { + "lang": "es", + "value": "En SCP, existe una posible escritura fuera de los l\u00edmites debido a la falta de una comprobaci\u00f3n de los l\u00edmites. Esto podr\u00eda provocar una escalada local de privilegios si un actor malicioso ya ha obtenido el privilegio de System. No se requiere la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS09625562; ID de problema: MSV-3027." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-206xx/CVE-2025-20670.json b/CVE-2025/CVE-2025-206xx/CVE-2025-20670.json index 4682d5fbbf8..a163ae0f4b2 100644 --- a/CVE-2025/CVE-2025-206xx/CVE-2025-20670.json +++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20670.json @@ -2,13 +2,17 @@ "id": "CVE-2025-20670", "sourceIdentifier": "security@mediatek.com", "published": "2025-05-05T03:15:22.300", - "lastModified": "2025-05-05T03:15:22.300", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Modem, there is a possible permission bypass due to improper certificate validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with User execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01334347; Issue ID: MSV-2772." + }, + { + "lang": "es", + "value": "En Modem, existe una posible omisi\u00f3n de permisos debido a una validaci\u00f3n incorrecta del certificado. Esto podr\u00eda provocar la divulgaci\u00f3n remota de informaci\u00f3n si un UE se conecta a una estaci\u00f3n base no autorizada controlada por el atacante, con privilegios de ejecuci\u00f3n de usuario necesarios. La interacci\u00f3n del usuario es necesaria para su explotaci\u00f3n. ID de parche: MOLY01334347; ID de problema: MSV-2772." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-206xx/CVE-2025-20671.json b/CVE-2025/CVE-2025-206xx/CVE-2025-20671.json index e1d1da96aa9..ecd2f98c2d1 100644 --- a/CVE-2025/CVE-2025-206xx/CVE-2025-20671.json +++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20671.json @@ -2,13 +2,17 @@ "id": "CVE-2025-20671", "sourceIdentifier": "security@mediatek.com", "published": "2025-05-05T03:15:22.420", - "lastModified": "2025-05-05T03:15:22.420", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In thermal, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09698599; Issue ID: MSV-3228." + }, + { + "lang": "es", + "value": "En Thermal, existe la posibilidad de una escritura fuera de los l\u00edmites debido a una condici\u00f3n de ejecuci\u00f3n. Esto podr\u00eda provocar una escalada local de privilegios si un agente malicioso ya ha obtenido el privilegio de System. No se requiere la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS09698599; ID de problema: MSV-3228." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-215xx/CVE-2025-21572.json b/CVE-2025/CVE-2025-215xx/CVE-2025-21572.json index 58e9f6ade2d..10db6da66a6 100644 --- a/CVE-2025/CVE-2025-215xx/CVE-2025-21572.json +++ b/CVE-2025/CVE-2025-215xx/CVE-2025-21572.json @@ -2,13 +2,17 @@ "id": "CVE-2025-21572", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-05-02T22:15:16.927", - "lastModified": "2025-05-02T22:15:16.927", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "OpenGrok 1.13.25 has a reflected Cross-Site Scripting (XSS) issue when producing the history view page. This happens through improper handling of path segments. The application reflects unsanitized user input into the HTML output." + }, + { + "lang": "es", + "value": "OpenGrok 1.13.25 presenta un problema de Cross-Site Scripting (XSS) al generar la p\u00e1gina de historial. Esto se debe a un manejo incorrecto de los segmentos de ruta. La aplicaci\u00f3n refleja la entrada del usuario sin corregir en la salida HTML." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-249xx/CVE-2025-24977.json b/CVE-2025/CVE-2025-249xx/CVE-2025-24977.json index e6922b7beb5..d6d399931f2 100644 --- a/CVE-2025/CVE-2025-249xx/CVE-2025-24977.json +++ b/CVE-2025/CVE-2025-249xx/CVE-2025-24977.json @@ -2,8 +2,8 @@ "id": "CVE-2025-24977", "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-05T17:18:47.397", - "lastModified": "2025-05-05T17:18:47.397", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-255xx/CVE-2025-25504.json b/CVE-2025/CVE-2025-255xx/CVE-2025-25504.json index 6461e29a135..544238488bc 100644 --- a/CVE-2025/CVE-2025-255xx/CVE-2025-25504.json +++ b/CVE-2025/CVE-2025-255xx/CVE-2025-25504.json @@ -2,8 +2,8 @@ "id": "CVE-2025-25504", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T16:15:50.640", - "lastModified": "2025-05-05T18:15:41.100", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-25xx/CVE-2025-2545.json b/CVE-2025/CVE-2025-25xx/CVE-2025-2545.json index c7363210ef9..edc39e51468 100644 --- a/CVE-2025/CVE-2025-25xx/CVE-2025-2545.json +++ b/CVE-2025/CVE-2025-25xx/CVE-2025-2545.json @@ -2,8 +2,8 @@ "id": "CVE-2025-2545", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2025-05-05T12:15:16.170", - "lastModified": "2025-05-05T12:15:16.170", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-262xx/CVE-2025-26241.json b/CVE-2025/CVE-2025-262xx/CVE-2025-26241.json index aad5e9481da..52c2bf8fb00 100644 --- a/CVE-2025/CVE-2025-262xx/CVE-2025-26241.json +++ b/CVE-2025/CVE-2025-262xx/CVE-2025-26241.json @@ -2,8 +2,8 @@ "id": "CVE-2025-26241", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T16:15:50.750", - "lastModified": "2025-05-05T18:15:41.570", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-279xx/CVE-2025-27920.json b/CVE-2025/CVE-2025-279xx/CVE-2025-27920.json index 192d572e16c..14efc3652bc 100644 --- a/CVE-2025/CVE-2025-279xx/CVE-2025-27920.json +++ b/CVE-2025/CVE-2025-279xx/CVE-2025-27920.json @@ -2,8 +2,8 @@ "id": "CVE-2025-27920", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T16:15:50.857", - "lastModified": "2025-05-05T16:15:50.857", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-279xx/CVE-2025-27921.json b/CVE-2025/CVE-2025-279xx/CVE-2025-27921.json index 8b7632b88e8..632bf75a70b 100644 --- a/CVE-2025/CVE-2025-279xx/CVE-2025-27921.json +++ b/CVE-2025/CVE-2025-279xx/CVE-2025-27921.json @@ -2,8 +2,8 @@ "id": "CVE-2025-27921", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T16:15:51.143", - "lastModified": "2025-05-05T16:15:51.143", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-280xx/CVE-2025-28062.json b/CVE-2025/CVE-2025-280xx/CVE-2025-28062.json index e9ab15de7de..ac8079f817b 100644 --- a/CVE-2025/CVE-2025-280xx/CVE-2025-28062.json +++ b/CVE-2025/CVE-2025-280xx/CVE-2025-28062.json @@ -2,8 +2,8 @@ "id": "CVE-2025-28062", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T16:15:51.310", - "lastModified": "2025-05-05T16:15:51.310", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-281xx/CVE-2025-28168.json b/CVE-2025/CVE-2025-281xx/CVE-2025-28168.json index 4d8e882bf52..23b963126b9 100644 --- a/CVE-2025/CVE-2025-281xx/CVE-2025-28168.json +++ b/CVE-2025/CVE-2025-281xx/CVE-2025-28168.json @@ -2,8 +2,8 @@ "id": "CVE-2025-28168", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T14:15:28.500", - "lastModified": "2025-05-05T14:15:28.500", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-295xx/CVE-2025-29573.json b/CVE-2025/CVE-2025-295xx/CVE-2025-29573.json index db2fb1f57ea..344871d74c8 100644 --- a/CVE-2025/CVE-2025-295xx/CVE-2025-29573.json +++ b/CVE-2025/CVE-2025-295xx/CVE-2025-29573.json @@ -2,8 +2,8 @@ "id": "CVE-2025-29573", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T19:15:55.653", - "lastModified": "2025-05-05T19:15:55.653", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-29xx/CVE-2025-2905.json b/CVE-2025/CVE-2025-29xx/CVE-2025-2905.json index c7f878fe9d7..ad5df757f3b 100644 --- a/CVE-2025/CVE-2025-29xx/CVE-2025-2905.json +++ b/CVE-2025/CVE-2025-29xx/CVE-2025-2905.json @@ -2,8 +2,8 @@ "id": "CVE-2025-2905", "sourceIdentifier": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "published": "2025-05-05T09:15:15.923", - "lastModified": "2025-05-05T09:15:15.923", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "ed10eef1-636d-4fbe-9993-6890dfa878f8", @@ -16,6 +16,10 @@ { "lang": "en", "value": "An XML External Entity (XXE) vulnerability exists in the gateway component of WSO2 API Manager due to insufficient validation of XML input in crafted URL paths. User-supplied XML is parsed without appropriate restrictions, enabling external entity resolution.\n\n\nThis vulnerability can be exploited by an unauthenticated remote attacker to read files from the server\u2019s filesystem or perform denial-of-service (DoS) attacks.\n\n\n\n * \nOn systems running JDK 7 or early JDK 8, full file contents may be exposed.\n\n\n\n\n * \nOn later versions of JDK 8 and newer, only the first line of a file may be read, due to improvements in XML parser behavior.\n\n\n\n\n * \nDoS attacks such as \"Billion Laughs\" payloads can cause service disruption." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de Entidad Externa XML (XXE) en el componente de puerta de enlace de WSO2 API Manager debido a una validaci\u00f3n insuficiente de la entrada XML en rutas URL manipulada. El XML proporcionado por el usuario se analiza sin las restricciones adecuadas, lo que permite la resoluci\u00f3n de entidades externas. Esta vulnerabilidad puede ser explotada por un atacante remoto no autenticado para leer archivos del sistema de archivos del servidor o realizar ataques de denegaci\u00f3n de servicio (DoS). * En sistemas con JDK 7 o versiones anteriores de JDK 8, el contenido completo de los archivos puede quedar expuesto. * En versiones posteriores de JDK 8 y posteriores, solo se puede leer la primera l\u00ednea de un archivo, gracias a mejoras en el comportamiento del analizador XML. * Los ataques DoS, como los payloads \"Billion Laughs\", pueden causar interrupciones del servicio." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-304xx/CVE-2025-30445.json b/CVE-2025/CVE-2025-304xx/CVE-2025-30445.json index 9a51088d63e..4700e4e3052 100644 --- a/CVE-2025/CVE-2025-304xx/CVE-2025-30445.json +++ b/CVE-2025/CVE-2025-304xx/CVE-2025-30445.json @@ -2,8 +2,8 @@ "id": "CVE-2025-30445", "sourceIdentifier": "product-security@apple.com", "published": "2025-04-29T03:15:34.860", - "lastModified": "2025-04-30T16:15:35.287", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-05-05T20:07:32.073", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,34 +51,125 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.7.6", + "matchCriteriaId": "687E67E4-136D-4154-BA6F-5ACA16254023" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionStartIncluding": "18.0", + "versionEndExcluding": "18.4", + "matchCriteriaId": "BAAF5169-C6A9-449A-B41F-2CB1801EBA4B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "18.4", + "matchCriteriaId": "0D9C73F9-FEF4-4FC1-B83D-56566AD35990" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "13.7.5", + "matchCriteriaId": "345CC17A-CCA4-4B82-A645-A5226A8DAEBB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.7.5", + "matchCriteriaId": "D05DCA25-A1A0-4AEA-9F31-952803114EE2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.0", + "versionEndExcluding": "15.4", + "matchCriteriaId": "1320B815-0457-4276-83B9-AFAFDAF17EDA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "18.4", + "matchCriteriaId": "8C61CCC2-87D3-4A3A-837B-63C48299A7AD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.4", + "matchCriteriaId": "E82603D7-A630-4B9B-9C51-880667F05EC7" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/122371", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/122372", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/122373", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/122374", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/122375", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/122377", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/122378", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-312xx/CVE-2025-31202.json b/CVE-2025/CVE-2025-312xx/CVE-2025-31202.json index 18ad3a3b7cd..6e983f08210 100644 --- a/CVE-2025/CVE-2025-312xx/CVE-2025-31202.json +++ b/CVE-2025/CVE-2025-312xx/CVE-2025-31202.json @@ -2,8 +2,8 @@ "id": "CVE-2025-31202", "sourceIdentifier": "product-security@apple.com", "published": "2025-04-29T03:15:35.040", - "lastModified": "2025-04-29T16:15:31.030", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-05-05T20:07:59.807", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,22 +51,80 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionEndExcluding": "18.4", + "matchCriteriaId": "6B3450F7-7B4A-46CE-A6E0-BBE6569F2EBF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "18.4", + "matchCriteriaId": "0D9C73F9-FEF4-4FC1-B83D-56566AD35990" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15.4", + "matchCriteriaId": "E3BD0A90-23F1-430A-8119-E14055F7E621" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "18.4", + "matchCriteriaId": "8C61CCC2-87D3-4A3A-837B-63C48299A7AD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.4", + "matchCriteriaId": "E82603D7-A630-4B9B-9C51-880667F05EC7" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/122371", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/122373", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/122377", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/122378", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-312xx/CVE-2025-31203.json b/CVE-2025/CVE-2025-312xx/CVE-2025-31203.json index ac7ba515d2e..9247c047597 100644 --- a/CVE-2025/CVE-2025-312xx/CVE-2025-31203.json +++ b/CVE-2025/CVE-2025-312xx/CVE-2025-31203.json @@ -2,8 +2,8 @@ "id": "CVE-2025-31203", "sourceIdentifier": "product-security@apple.com", "published": "2025-04-29T03:15:35.133", - "lastModified": "2025-04-30T16:15:35.697", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-05-05T20:08:22.600", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,34 +51,124 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.7.6", + "matchCriteriaId": "687E67E4-136D-4154-BA6F-5ACA16254023" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionStartIncluding": "18.0", + "versionEndExcluding": "18.4", + "matchCriteriaId": "BAAF5169-C6A9-449A-B41F-2CB1801EBA4B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "18.4", + "matchCriteriaId": "0D9C73F9-FEF4-4FC1-B83D-56566AD35990" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.7.5", + "matchCriteriaId": "4574F5B9-8508-4E60-9B09-E6E467A34C1C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.0", + "versionEndExcluding": "15.4", + "matchCriteriaId": "1320B815-0457-4276-83B9-AFAFDAF17EDA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "18.4", + "matchCriteriaId": "8C61CCC2-87D3-4A3A-837B-63C48299A7AD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.4", + "matchCriteriaId": "E82603D7-A630-4B9B-9C51-880667F05EC7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "11.4", + "matchCriteriaId": "1B93684A-A17F-487C-8C19-E6E30C1C4790" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/122371", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/122372", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/122373", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/122374", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/122376", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/122377", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/122378", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-316xx/CVE-2025-31650.json b/CVE-2025/CVE-2025-316xx/CVE-2025-31650.json index 78c4e14011c..9684decb879 100644 --- a/CVE-2025/CVE-2025-316xx/CVE-2025-31650.json +++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31650.json @@ -2,8 +2,8 @@ "id": "CVE-2025-31650", "sourceIdentifier": "security@apache.org", "published": "2025-04-28T20:15:20.653", - "lastModified": "2025-04-29T13:52:10.697", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-05-05T20:12:54.823", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,7 +15,30 @@ "value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en Apache Tomcat. La gesti\u00f3n incorrecta de errores en algunos encabezados de prioridad HTTP no v\u00e1lidos provoc\u00f3 una limpieza incompleta de la solicitud fallida, lo que gener\u00f3 una fuga de memoria. Un gran n\u00famero de solicitudes de este tipo podr\u00eda generar una excepci\u00f3n OutOfMemoryException, lo que resulta en una denegaci\u00f3n de servicio. Este problema afecta a Apache Tomcat: de la 9.0.76 a la 9.0.102, de la 10.1.10 a la 10.1.39 y de la 11.0.0-M2 a la 11.0.5. Se recomienda actualizar a las versiones 9.0.104, 10.1.40 o 11.0.6, que solucionan el problema." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ { "source": "security@apache.org", @@ -26,16 +49,187 @@ "value": "CWE-20" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-459" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.76", + "versionEndExcluding": "9.0.104", + "matchCriteriaId": "6F4F87EB-0046-4BAA-91C8-C60C60425186" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.1.10", + "versionEndExcluding": "10.1.40", + "matchCriteriaId": "7EC8AA6F-0BB4-4075-8F2B-DE39FD9A2BD8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.0.1", + "versionEndExcluding": "11.0.6", + "matchCriteriaId": "45AB4386-DB38-4808-924A-617CECE9F939" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*", + "matchCriteriaId": "57088BDD-A136-45EF-A8A1-2EBF79CEC2CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*", + "matchCriteriaId": "B32D1D7A-A04F-444E-8F45-BB9A9E4B0199" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone12:*:*:*:*:*:*", + "matchCriteriaId": "0092FB35-3B00-484F-A24D-7828396A4FF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone13:*:*:*:*:*:*", + "matchCriteriaId": "CB557E88-FA9D-4B69-AA6F-EAEE7F9B01AC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone14:*:*:*:*:*:*", + "matchCriteriaId": "72D3C6F1-84FA-4F82-96C1-9A8DA1C1F30F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone15:*:*:*:*:*:*", + "matchCriteriaId": "3521C81B-37D9-48FC-9540-D0D333B9A4A4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone16:*:*:*:*:*:*", + "matchCriteriaId": "02A84634-A8F2-4BA9-B9F3-BEF36AEC5480" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone17:*:*:*:*:*:*", + "matchCriteriaId": "ECBBC1F1-C86B-40AF-B740-A99F6B27682A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone18:*:*:*:*:*:*", + "matchCriteriaId": "9D2206B2-F3FF-43F2-B3E2-3CAAC64C691D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone19:*:*:*:*:*:*", + "matchCriteriaId": "0495A538-4102-40D0-A35C-0179CFD52A9D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*", + "matchCriteriaId": "2AAD52CE-94F5-4F98-A027-9A7E68818CB6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone20:*:*:*:*:*:*", + "matchCriteriaId": "77BA6600-0890-4BA1-B447-EC1746BAB4FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone21:*:*:*:*:*:*", + "matchCriteriaId": "7914D26B-CBD6-4846-9BD3-403708D69319" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone22:*:*:*:*:*:*", + "matchCriteriaId": "123C6285-03BE-49FC-B821-8BDB25D02863" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone23:*:*:*:*:*:*", + "matchCriteriaId": "8A28C2E2-B7BC-46CE-94E4-AE3EF172AA47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone24:*:*:*:*:*:*", + "matchCriteriaId": "069B0D8E-8223-4C4E-A834-C6235D6C3450" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone25:*:*:*:*:*:*", + "matchCriteriaId": "E6282085-5716-4874-B0B0-180ECDEE128F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*", + "matchCriteriaId": "F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*", + "matchCriteriaId": "03A171AF-2EC8-4422-912C-547CDB58CAAA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*", + "matchCriteriaId": "538E68C4-0BA4-495F-AEF8-4EF6EE7963CF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*", + "matchCriteriaId": "49350A6E-5E1D-45B2-A874-3B8601B3ADCC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*", + "matchCriteriaId": "5F50942F-DF54-46C0-8371-9A476DD3EEA3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*", + "matchCriteriaId": "D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*", + "matchCriteriaId": "98792138-DD56-42DF-9612-3BDC65EEC117" + } + ] + } + ] } ], "references": [ { "url": "https://lists.apache.org/thread/j6zzk0y3yym9pzfzkq5vcyxzz0yzh826", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2025/04/28/2", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-316xx/CVE-2025-31651.json b/CVE-2025/CVE-2025-316xx/CVE-2025-31651.json index c48b7f67f0d..8b0997874f9 100644 --- a/CVE-2025/CVE-2025-316xx/CVE-2025-31651.json +++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31651.json @@ -2,8 +2,8 @@ "id": "CVE-2025-31651", "sourceIdentifier": "security@apache.org", "published": "2025-04-28T20:15:20.783", - "lastModified": "2025-04-29T13:52:10.697", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-05-05T20:14:47.843", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,7 +15,30 @@ "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de secuencias de escape, metadatos o de control en Apache Tomcat. En un subconjunto de configuraciones improbables de reglas de reescritura, una solicitud especialmente manipulada pod\u00eda eludir algunas reglas de reescritura. Si dichas reglas aplicaban restricciones de seguridad de forma eficaz, estas pod\u00edan eludirse. Este problema afecta a Apache Tomcat: de la 11.0.0-M1 a la 11.0.5, de la 10.1.0-M1 a la 10.1.39 y de la 9.0.0.M1 a la 9.0.102. Se recomienda a los usuarios actualizar a la versi\u00f3n [FIXED_VERSION], que soluciona el problema." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "security@apache.org", @@ -26,16 +49,67 @@ "value": "CWE-150" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-116" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.0", + "versionEndExcluding": "9.0.104", + "matchCriteriaId": "BB09D245-9455-444D-8265-743642DD53C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.1.0", + "versionEndExcluding": "10.1.40", + "matchCriteriaId": "E5BD6C26-75CE-4DDC-BF4D-5A5187BD4CAF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.0.0", + "versionEndExcluding": "11.0.6", + "matchCriteriaId": "9331B3B3-C3C4-4D12-BE11-043F6614B2D3" + } + ] + } + ] } ], "references": [ { "url": "https://lists.apache.org/list.html?announce@tomcat.apache.org", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2025/04/28/3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-35xx/CVE-2025-3583.json b/CVE-2025/CVE-2025-35xx/CVE-2025-3583.json index e321155d872..fd36440f3b0 100644 --- a/CVE-2025/CVE-2025-35xx/CVE-2025-3583.json +++ b/CVE-2025/CVE-2025-35xx/CVE-2025-3583.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3583", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-05T06:15:31.620", - "lastModified": "2025-05-05T15:15:54.273", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37797.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37797.json index 0fbc38465f9..630404befd9 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37797.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37797.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37797", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T15:15:48.557", - "lastModified": "2025-05-02T15:15:48.557", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a UAF vulnerability in class handling\n\nThis patch fixes a Use-After-Free vulnerability in the HFSC qdisc class\nhandling. The issue occurs due to a time-of-check/time-of-use condition\nin hfsc_change_class() when working with certain child qdiscs like netem\nor codel.\n\nThe vulnerability works as follows:\n1. hfsc_change_class() checks if a class has packets (q.qlen != 0)\n2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g.,\n codel, netem) might drop packets and empty the queue\n3. The code continues assuming the queue is still non-empty, adding\n the class to vttree\n4. This breaks HFSC scheduler assumptions that only non-empty classes\n are in vttree\n5. Later, when the class is destroyed, this can lead to a Use-After-Free\n\nThe fix adds a second queue length check after qdisc_peek_len() to verify\nthe queue wasn't emptied." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net_sched: hfsc: Se corrige una vulnerabilidad de UAF en la gesti\u00f3n de clases. Este parche corrige una vulnerabilidad de use-after-free en la gesti\u00f3n de clases de qdisc HFSC. El problema se produce debido a una condici\u00f3n de tiempo de comprobaci\u00f3n/tiempo de uso en hfsc_change_class() al trabajar con ciertas qdiscs secundarias como netem o codel. La vulnerabilidad funciona de la siguiente manera: 1. hfsc_change_class() verifica si una clase tiene paquetes (q.qlen != 0) 2. Luego llama a qdisc_peek_len(), que para ciertos qdiscs (por ejemplo, codel, netem) puede descartar paquetes y vaciar la cola 3. El c\u00f3digo contin\u00faa asumiendo que la cola todav\u00eda no est\u00e1 vac\u00eda, agregando la clase a vttree 4. Esto rompe las suposiciones del programador HFSC de que solo las clases no vac\u00edas est\u00e1n en vttree 5. M\u00e1s tarde, cuando se destruye la clase, esto puede llevar a un Use-After-Free La soluci\u00f3n agrega una segunda verificaci\u00f3n de longitud de cola despu\u00e9s de qdisc_peek_len() para verificar que la cola no se haya vaciado." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37798.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37798.json index 959535a4090..45d1ed2f8c2 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37798.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37798.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37798", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-02T15:15:48.657", - "lastModified": "2025-05-02T15:15:48.657", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncodel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()\n\nAfter making all ->qlen_notify() callbacks idempotent, now it is safe to\nremove the check of qlen!=0 from both fq_codel_dequeue() and\ncodel_qdisc_dequeue()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: codel: eliminar la comprobaci\u00f3n de sch->q.qlen antes de qdisc_tree_reduce_backlog() Despu\u00e9s de hacer que todas las devoluciones de llamadas ->qlen_notify() sean idempotentes, ahora es seguro eliminar la comprobaci\u00f3n de qlen!=0 de fq_codel_dequeue() y codel_qdisc_dequeue()." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37799.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37799.json index 2c801340ca4..1aee27fb94c 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37799.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37799.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37799", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-03T12:15:14.950", - "lastModified": "2025-05-05T05:15:15.713", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp\n\nvmxnet3 driver's XDP handling is buggy for packet sizes using ring0 (that\nis, packet sizes between 128 - 3k bytes).\n\nWe noticed MTU-related connectivity issues with Cilium's service load-\nbalancing in case of vmxnet3 as NIC underneath. A simple curl to a HTTP\nbackend service where the XDP LB was doing IPIP encap led to overly large\npacket sizes but only for *some* of the packets (e.g. HTTP GET request)\nwhile others (e.g. the prior TCP 3WHS) looked completely fine on the wire.\n\nIn fact, the pcap recording on the backend node actually revealed that the\nnode with the XDP LB was leaking uninitialized kernel data onto the wire\nfor the affected packets, for example, while the packets should have been\n152 bytes their actual size was 1482 bytes, so the remainder after 152 bytes\nwas padded with whatever other data was in that page at the time (e.g. we\nsaw user/payload data from prior processed packets).\n\nWe only noticed this through an MTU issue, e.g. when the XDP LB node and\nthe backend node both had the same MTU (e.g. 1500) then the curl request\ngot dropped on the backend node's NIC given the packet was too large even\nthough the IPIP-encapped packet normally would never even come close to\nthe MTU limit. Lowering the MTU on the XDP LB (e.g. 1480) allowed to let\nthe curl request succeed (which also indicates that the kernel ignored the\npadding, and thus the issue wasn't very user-visible).\n\nCommit e127ce7699c1 (\"vmxnet3: Fix missing reserved tailroom\") was too eager\nto also switch xdp_prepare_buff() from rcd->len to rbi->len. It really needs\nto stick to rcd->len which is the actual packet length from the descriptor.\nThe latter we also feed into vmxnet3_process_xdp_small(), by the way, and\nit indicates the correct length needed to initialize the xdp->{data,data_end}\nparts. For e127ce7699c1 (\"vmxnet3: Fix missing reserved tailroom\") the\nrelevant part was adapting xdp_init_buff() to address the warning given the\nxdp_data_hard_end() depends on xdp->frame_sz. With that fixed, traffic on\nthe wire looks good again." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vmxnet3: Se ha corregido un tama\u00f1o de paquete incorrecto en vmxnet3_process_xdp. El manejo de XDP del controlador vmxnet3 presenta errores para tama\u00f1os de paquete que utilizan ring0 (es decir, tama\u00f1os de paquete entre 128 y 3 k bytes). Observamos problemas de conectividad relacionados con la MTU con el balanceo de carga del servicio de Cilium en el caso de vmxnet3 como NIC subyacente. Una simple conexi\u00f3n curl a un servicio HTTP backend donde el LB XDP realizaba encapsulado IPIP gener\u00f3 tama\u00f1os de paquete excesivamente grandes, pero solo para *algunos* paquetes (p. ej., una solicitud HTTP GET), mientras que otros (p. ej., el TCP 3WHS anterior) funcionaron correctamente en la red. De hecho, la grabaci\u00f3n de pcap en el nodo backend revel\u00f3 que el nodo con el LB XDP estaba filtrando datos de kernel sin inicializar en la red para los paquetes afectados. Por ejemplo, si bien los paquetes deber\u00edan haber tenido 152 bytes, su tama\u00f1o real era de 1482 bytes, por lo que el resto despu\u00e9s de 152 bytes se rellen\u00f3 con cualquier otro dato que hubiera en esa p\u00e1gina en ese momento (por ejemplo, vimos datos de usuario/carga \u00fatil de paquetes procesados previamente). Solo notamos esto a trav\u00e9s de un problema de MTU; por ejemplo, cuando el nodo LB XDP y el nodo backend ten\u00edan la misma MTU (por ejemplo, 1500), la solicitud curl se descart\u00f3 en la NIC del nodo backend debido a que el paquete era demasiado grande, aunque el paquete encapsulado en IPIP normalmente ni siquiera se acercar\u00eda al l\u00edmite de MTU. Reducir la MTU en el LB XDP (por ejemplo, 1480) permiti\u00f3 que la solicitud curl se ejecutara correctamente (lo que tambi\u00e9n indica que el kernel ignor\u00f3 el relleno y, por lo tanto, el problema no era muy visible para el usuario). el commit e127ce7699c1 (\"vmxnet3: Correcci\u00f3n de la falta de espacio reservado para la cola\") estaba demasiado ansiosa por cambiar xdp_prepare_buff() de rcd->len a rbi->len. Es necesario que se mantenga en rcd->len, que es la longitud real del paquete del descriptor. Por cierto, esta \u00faltima tambi\u00e9n se introduce en vmxnet3_process_xdp_small(), e indica la longitud correcta necesaria para inicializar las partes xdp->{data,data_end}. Para e127ce7699c1 (\"vmxnet3: Correcci\u00f3n de la falta de espacio reservado para la cola\"), la parte relevante fue adaptar xdp_init_buff() para abordar la advertencia, dado que xdp_data_hard_end() depende de xdp->frame_sz. Con esto corregido, el tr\u00e1fico en la red se ve bien de nuevo." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-37xx/CVE-2025-3779.json b/CVE-2025/CVE-2025-37xx/CVE-2025-3779.json index d2e747a1435..63fb12e8561 100644 --- a/CVE-2025/CVE-2025-37xx/CVE-2025-3779.json +++ b/CVE-2025/CVE-2025-37xx/CVE-2025-3779.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3779", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-03T03:15:27.890", - "lastModified": "2025-05-03T03:15:27.890", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Personizely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018widgetId\u2019 parameter in all versions up to, and including, 0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Personizely para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro 'widgetId' en todas las versiones hasta la 0.10 incluida, debido a una depuraci\u00f3n de entrada y un escape de salida insuficientes. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-38xx/CVE-2025-3815.json b/CVE-2025/CVE-2025-38xx/CVE-2025-3815.json index ac6e0c826bb..e27c81b296f 100644 --- a/CVE-2025/CVE-2025-38xx/CVE-2025-3815.json +++ b/CVE-2025/CVE-2025-38xx/CVE-2025-3815.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3815", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-03T08:15:31.040", - "lastModified": "2025-05-03T08:15:31.040", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 parameter in all versions up to, and including, 1.12.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento SurveyJS para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro 'id' en todas las versiones hasta la 1.12.32 incluida, debido a una depuraci\u00f3n de entrada y un escape de salida insuficientes. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-38xx/CVE-2025-3879.json b/CVE-2025/CVE-2025-38xx/CVE-2025-3879.json index 8cb4d6123ac..24fdb646bc4 100644 --- a/CVE-2025/CVE-2025-38xx/CVE-2025-3879.json +++ b/CVE-2025/CVE-2025-38xx/CVE-2025-3879.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3879", "sourceIdentifier": "security@hashicorp.com", "published": "2025-05-02T17:15:51.273", - "lastModified": "2025-05-02T17:15:51.273", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vault Community, Vault Enterprise (\u201cVault\u201d) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18." + }, + { + "lang": "es", + "value": "El m\u00e9todo de autenticaci\u00f3n de Azure de Vault Community, Vault Enterprise (\"Vault\") no validaba correctamente las notificaciones en el token emitido por Azure, lo que pod\u00eda provocar la omisi\u00f3n del par\u00e1metro bound_locations al iniciar sesi\u00f3n. Corregido en Vault Community Edition 1.19.1 y Vault Enterprise 1.19.1, 1.18.7, 1.17.14 y 1.16.18." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-393xx/CVE-2025-39363.json b/CVE-2025/CVE-2025-393xx/CVE-2025-39363.json index dec99f5ec08..6d8c3fc1d6d 100644 --- a/CVE-2025/CVE-2025-393xx/CVE-2025-39363.json +++ b/CVE-2025/CVE-2025-393xx/CVE-2025-39363.json @@ -2,13 +2,17 @@ "id": "CVE-2025-39363", "sourceIdentifier": "audit@patchstack.com", "published": "2025-05-05T06:15:31.410", - "lastModified": "2025-05-05T06:15:31.410", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Stored XSS.This issue affects Custom Login and Registration: from n/a through 1.0.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en AlphaEfficiencyTeam Custom Login and Registration permite XSS almacenado. Este problema afecta al inicio de sesi\u00f3n y registro personalizados: desde n/a hasta 1.0.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-39xx/CVE-2025-3918.json b/CVE-2025/CVE-2025-39xx/CVE-2025-3918.json index dd7afc4d585..7311501680e 100644 --- a/CVE-2025/CVE-2025-39xx/CVE-2025-3918.json +++ b/CVE-2025/CVE-2025-39xx/CVE-2025-3918.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3918", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-03T03:15:28.040", - "lastModified": "2025-05-03T03:15:28.040", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Job Listings plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the register_action() function in versions 0.1 to 0.1.1. The plugin\u2019s registration handler reads the client-supplied $_POST['user_role'] and passes it directly to wp_insert_user() without restricting to a safe set of roles. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator." + }, + { + "lang": "es", + "value": "El complemento Job Listings para WordPress es vulnerable a la escalada de privilegios debido a una autorizaci\u00f3n incorrecta en la funci\u00f3n register_action() en las versiones 0.1 a 0.1.1. El controlador de registro del complemento lee el $_POST['user_role'] proporcionado por el cliente y lo pasa directamente a wp_insert_user() sin restringirlo a un conjunto seguro de roles. Esto permite que atacantes no autenticados eleven sus privilegios a los de administrador." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-39xx/CVE-2025-3927.json b/CVE-2025/CVE-2025-39xx/CVE-2025-3927.json index ed6333cb0d4..152ad3c53a1 100644 --- a/CVE-2025/CVE-2025-39xx/CVE-2025-3927.json +++ b/CVE-2025/CVE-2025-39xx/CVE-2025-3927.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3927", "sourceIdentifier": "cret@cert.org", "published": "2025-05-02T15:15:49.017", - "lastModified": "2025-05-02T16:15:34.273", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "cret@cert.org", @@ -16,6 +16,10 @@ { "lang": "en", "value": "Digigram's PYKO-OUT audio-over-IP (AoIP) web-server does not require a password by default, allowing any attacker with the target IP address to connect and compromise the device, potentially pivoting to connected network or hardware devices." + }, + { + "lang": "es", + "value": "El servidor web de audio sobre IP (AoIP) PYKO-OUT de Digigram no requiere una contrase\u00f1a de manera predeterminada, lo que permite que cualquier atacante con la direcci\u00f3n IP de destino se conecte y comprometa el dispositivo, recurriendo potencialmente a dispositivos de hardware o de red conectados." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4050.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4050.json index 2d06492dc46..b77c36dfb24 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4050.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4050.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4050", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2025-05-05T18:15:43.953", - "lastModified": "2025-05-05T18:15:43.953", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4051.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4051.json index eebbd3203a5..92e2d40cbcd 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4051.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4051.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4051", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2025-05-05T18:15:44.060", - "lastModified": "2025-05-05T18:15:44.060", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4052.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4052.json index 13f7d9fd169..5962aae9531 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4052.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4052.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4052", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2025-05-05T18:15:44.153", - "lastModified": "2025-05-05T18:15:44.153", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4096.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4096.json index c9693412208..8c0e2c53e14 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4096.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4096.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4096", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2025-05-05T18:15:44.240", - "lastModified": "2025-05-05T18:15:44.240", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4166.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4166.json index 85c0e10c86f..fccb0f07c58 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4166.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4166.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4166", "sourceIdentifier": "security@hashicorp.com", "published": "2025-05-02T15:15:50.313", - "lastModified": "2025-05-02T15:15:50.313", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is fixed in Vault Community 1.19.3 and Vault Enterprise 1.19.3, 1.18.9, 1.17.16, 1.16.20." + }, + { + "lang": "es", + "value": "El complemento Clave/Valor (kv) versi\u00f3n 2 de Vault Community y Vault Enterprise podr\u00eda exponer involuntariamente informaci\u00f3n confidencial en los registros del servidor y de auditor\u00eda cuando los usuarios env\u00edan payloads malformadas durante la creaci\u00f3n o actualizaci\u00f3n de secretos mediante la API REST de Vault. Esta vulnerabilidad, identificada como CVE-2025-4166, est\u00e1 corregida en Vault Community 1.19.3 y Vault Enterprise 1.19.3, 1.18.9, 1.17.16 y 1.16.20." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4168.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4168.json index 18cb10a453d..fc9ce5e0eb3 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4168.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4168.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4168", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-03T03:15:28.350", - "lastModified": "2025-05-03T03:15:28.350", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Subpage List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'subpages' shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Subpage List para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del shortcode \"subpages\" del complemento en todas las versiones hasta la 1.3.3 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en las p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4170.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4170.json index b2afdd4d516..6a3f84c4141 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4170.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4170.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4170", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-03T03:15:28.493", - "lastModified": "2025-05-03T03:15:28.493", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Xavin's Review Ratings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xrr' shortcode in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Xavin's Review Ratings para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del shortcode 'xrr' del complemento en todas las versiones hasta la 1.4.0 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4172.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4172.json index ca07b7e2a20..0d9e0e0292c 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4172.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4172.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4172", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-03T03:15:28.640", - "lastModified": "2025-05-03T03:15:28.640", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The VerticalResponse Newsletter Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'verticalresponse' shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento VerticalResponse Newsletter Widget para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del shortcode \"verticalresponse\" en todas las versiones hasta la 1.6 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4188.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4188.json index f2fbe74257e..0d8c619e30d 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4188.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4188.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4188", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-03T03:15:28.780", - "lastModified": "2025-05-03T03:15:28.780", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Advanced Reorder Image Text Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'reorder-simple-image-text-slider-setting' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Advanced Reorder Image Text Slider para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.0 incluida. Esto se debe a la falta o a una validaci\u00f3n de nonce incorrecta en la p\u00e1gina \"reorder-simple-image-text-slider-setting\". Esto permite que atacantes no autenticados actualicen la configuraci\u00f3n e inyecten scripts web maliciosos mediante una solicitud falsificada, ya que pueden enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4198.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4198.json index 5f09b0cc7ac..1ab7b3ec0eb 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4198.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4198.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4198", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-03T03:15:28.923", - "lastModified": "2025-05-03T03:15:28.923", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Alink Tap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the 'alink-tap' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Alink Tap para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.3.1 incluida. Esto se debe a la falta o la validaci\u00f3n incorrecta de nonce en la p\u00e1gina \"alink-tap\". Esto permite que atacantes no autenticados actualicen la configuraci\u00f3n e inyecten scripts web maliciosos mediante una solicitud falsificada, ya que pueden enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4199.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4199.json index 307634692d4..e55275a8673 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4199.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4199.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4199", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-03T03:15:29.070", - "lastModified": "2025-05-03T03:15:29.070", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Abundatrade Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.02. This is due to missing or incorrect nonce validation on the 'abundatrade' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Abundatrade Plugin para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.8.02 incluida. Esto se debe a la falta o la validaci\u00f3n incorrecta de nonce en la p\u00e1gina \"abundatrade\". Esto permite que atacantes no autenticados actualicen la configuraci\u00f3n e inyecten scripts web maliciosos mediante una solicitud falsificada, ya que pueden enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4210.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4210.json index 9b3cc3e5090..044fe7f21fc 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4210.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4210.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4210", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-02T16:15:36.743", - "lastModified": "2025-05-02T16:15:36.743", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in Casdoor up to 1.811.0. This vulnerability affects the function HandleScim of the file controllers/scim.go of the component SCIM User Creation Endpoint. The manipulation leads to authorization bypass. The attack can be initiated remotely. Upgrading to version 1.812.0 is able to address this issue. The name of the patch is 3d12ac8dc2282369296c3386815c00a06c6a92fe. It is recommended to upgrade the affected component." + }, + { + "lang": "es", + "value": "Se detect\u00f3 una vulnerabilidad cr\u00edtica en Casdoor hasta la versi\u00f3n 1.811.0. Esta vulnerabilidad afecta la funci\u00f3n HandleScim del archivo controllers/scim.go del componente SCIM User Creation Endpoint. La manipulaci\u00f3n permite la omisi\u00f3n de la autorizaci\u00f3n. El ataque puede iniciarse remotamente. Actualizar a la versi\u00f3n 1.812.0 puede solucionar este problema. El parche se llama 3d12ac8dc2282369296c3386815c00a06c6a92fe. Se recomienda actualizar el componente afectado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4213.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4213.json index 8b7e6093681..52170eb3626 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4213.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4213.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4213", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-02T18:15:28.160", - "lastModified": "2025-05-02T18:15:28.160", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in PHPGurukul Online Birth Certificate System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en PHPGurukul Online Birth Certificate System 1.0, clasificada como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /admin/search.php. La manipulaci\u00f3n del argumento \"searchdata\" provoca una inyecci\u00f3n SQL. El ataque puede iniciarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4214.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4214.json index 7dafa3f36a0..1cea5b5c5df 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4214.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4214.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4214", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-02T20:15:20.003", - "lastModified": "2025-05-02T20:15:20.003", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PHPGuruku Online DJ Booking Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/booking-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en PHPGuruku Online DJ Booking Management System 1.0, clasificada como cr\u00edtica. Este problema afecta a un procesamiento desconocido del archivo /admin/booking-bwdates-reports-details.php. La manipulaci\u00f3n del argumento \"fromdate\" provoca una inyecci\u00f3n SQL. El ataque puede iniciarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Otros par\u00e1metros tambi\u00e9n podr\u00edan verse afectados." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4215.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4215.json index 1b3f4b41b68..eedf8024dc0 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4215.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4215.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4215", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-02T21:15:23.893", - "lastModified": "2025-05-05T15:15:55.017", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4218.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4218.json index 5b91a322109..2e066b9f7cc 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4218.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4218.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4218", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-02T21:15:24.057", - "lastModified": "2025-05-05T15:15:55.140", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4222.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4222.json index f31451fb0f6..9b25f9d998d 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4222.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4222.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4222", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-03T03:15:29.217", - "lastModified": "2025-05-03T03:15:29.217", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Database Toolset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.4 via backup files stored in a publicly accessible location. This makes it possible for unauthenticated attackers to extract sensitive data from database backup files. An index file is present, so a brute force attack would need to be successful in order to compromise any data." + }, + { + "lang": "es", + "value": "El complemento Database Toolset para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 1.8.4 incluida, a trav\u00e9s de archivos de copia de seguridad almacenados en una ubicaci\u00f3n de acceso p\u00fablico. Esto permite a atacantes no autenticados extraer informaci\u00f3n confidencial de los archivos de copia de seguridad de la base de datos. Existe un archivo de \u00edndice, por lo que un ataque de fuerza bruta tendr\u00eda que tener \u00e9xito para comprometer los datos." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4226.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4226.json index cc867ddd2d4..4b2f158a5e4 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4226.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4226.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4226", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-03T11:15:49.283", - "lastModified": "2025-05-05T13:15:49.620", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4236.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4236.json index 2a0fb45dcbd..d2759ebbd52 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4236.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4236.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4236", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-03T14:15:16.360", - "lastModified": "2025-05-03T14:15:16.360", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this vulnerability is an unknown functionality of the component MDIR Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad en PCMan FTP Server 2.0.7, clasificada como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del componente MDIR Command Handler. La manipulaci\u00f3n provoca un desbordamiento del b\u00fafer. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4237.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4237.json index 3227d433968..0f95bbb8f88 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4237.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4237.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4237", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-03T15:15:46.190", - "lastModified": "2025-05-03T15:15:46.190", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this issue is some unknown functionality of the component MDELETE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en PCMan FTP Server 2.0.7, clasificada como cr\u00edtica. Este problema afecta a una funcionalidad desconocida del componente MDELETE Command Handler. La manipulaci\u00f3n provoca un desbordamiento del b\u00fafer. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4238.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4238.json index 929906cb705..dbf89fdcae0 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4238.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4238.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4238", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-03T17:15:45.373", - "lastModified": "2025-05-03T17:15:45.373", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. This affects an unknown part of the component MGET Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en PCMan FTP Server 2.0.7. Se ha clasificado como cr\u00edtica. Afecta a una parte desconocida del componente MGET Command Handler. La manipulaci\u00f3n provoca un desbordamiento del b\u00fafer. Es posible iniciar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. " } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4239.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4239.json index 18b42053ede..414ab47dc0a 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4239.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4239.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4239", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-03T17:15:45.543", - "lastModified": "2025-05-03T17:15:45.543", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PCMan FTP Server 2.0.7. It has been declared as critical. This vulnerability affects unknown code of the component TYPE Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en PCMan FTP Server 2.0.7. Se ha declarado cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del componente TYPE Command Handler. La manipulaci\u00f3n provoca un desbordamiento del b\u00fafer. El ataque puede iniciarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4240.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4240.json index 90a0366d70c..daed0a0227b 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4240.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4240.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4240", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-03T18:15:15.907", - "lastModified": "2025-05-03T18:15:15.907", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PCMan FTP Server 2.0.7. It has been rated as critical. This issue affects some unknown processing of the component LCD Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en PCMan FTP Server 2.0.7. Se ha clasificado como cr\u00edtica. Este problema afecta a un procesamiento desconocido del componente LCD Command Handler. La manipulaci\u00f3n provoca un desbordamiento del b\u00fafer. El ataque puede iniciarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4241.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4241.json index 6caf1645f92..315181be6e2 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4241.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4241.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4241", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-03T18:15:16.087", - "lastModified": "2025-05-03T18:15:16.087", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in PHPGurukul Teacher Subject Allocation Management System 1.0. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad cr\u00edtica en PHPGurukul Teacher Subject Allocation Management System 1.0. Se ve afectada una funci\u00f3n desconocida del archivo /admin/search.php. La manipulaci\u00f3n del argumento \"searchdata\" provoca una inyecci\u00f3n SQL. Es posible ejecutar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4242.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4242.json index 046e4fcc12d..20a1f0b3452 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4242.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4242.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4242", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-03T19:15:48.833", - "lastModified": "2025-05-03T19:15:48.833", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in PHPGurukul Online Birth Certificate System 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/between-dates-report.php. The manipulation of the argument fromdate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad cr\u00edtica en PHPGurukul Online Birth Certificate System 2.0. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /admin/between-dates-report.php. La manipulaci\u00f3n del argumento \"fromdate\" provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Otros par\u00e1metros tambi\u00e9n podr\u00edan verse afectados." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4243.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4243.json index e60a6b71165..090a0396f2f 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4243.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4243.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4243", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-03T19:15:49.027", - "lastModified": "2025-05-05T15:15:55.317", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4244.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4244.json index ce8be425269..2e74b232f7b 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4244.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4244.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4244", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-03T20:15:16.823", - "lastModified": "2025-05-05T15:15:55.493", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4247.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4247.json index 8ffba8c9b4e..9c7699c65d6 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4247.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4247.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4247", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-04T05:15:30.023", - "lastModified": "2025-05-05T15:15:55.613", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4248.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4248.json index 864275edd01..4c98738e96a 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4248.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4248.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4248", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-04T06:15:14.667", - "lastModified": "2025-05-05T15:15:55.740", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4249.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4249.json index a776b2dba64..2aa57e9e3d0 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4249.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4249.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4249", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-04T07:15:46.510", - "lastModified": "2025-05-04T07:15:46.510", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PHPGurukul e-Diary Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /manage-categories.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en PHPGurukul e-Diary Management System 1.0, clasificada como cr\u00edtica. Este problema afecta a una funcionalidad desconocida del archivo /manage-categories.php. La manipulaci\u00f3n del ID del argumento provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4250.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4250.json index 03c8bb61f14..8e01e0704f1 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4250.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4250.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4250", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-04T09:17:08.230", - "lastModified": "2025-05-04T09:17:08.230", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in code-projects Nero Social Networking Site 1.0. It has been classified as critical. This affects an unknown part of the file /index.php. The manipulation of the argument fname/lname/login/password2/cpassword/address/cnumber/email/gender/propic/month leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en code-projects Nero Social Networking Site 1.0. Se ha clasificado como cr\u00edtica. Afecta una parte desconocida del archivo /index.php. La manipulaci\u00f3n del argumento fname/lname/login/password2/cpassword/address/cnumber/email/gender/propic/month provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4251.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4251.json index f3bd912b0bd..b1110df2679 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4251.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4251.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4251", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-04T22:15:32.773", - "lastModified": "2025-05-04T22:15:32.773", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. This issue affects some unknown processing of the component RMDIR Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en PCMan FTP Server 2.0.7, clasificada como cr\u00edtica. Este problema afecta a un procesamiento desconocido del componente RMDIR Command Handler. La manipulaci\u00f3n provoca un desbordamiento del b\u00fafer. El ataque podr\u00eda iniciarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4252.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4252.json index a97877b0877..462c9546e6d 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4252.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4252.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4252", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-04T23:15:45.227", - "lastModified": "2025-05-04T23:15:45.227", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. Affected is an unknown function of the component APPEND Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en PCMan FTP Server 2.0.7. Se ha clasificado como cr\u00edtica. Se ve afectada una funci\u00f3n desconocida del componente APPEND Command Handler. La manipulaci\u00f3n provoca un desbordamiento del b\u00fafer. Es posible ejecutar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4253.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4253.json index d7db73e4a7f..b767d07caf9 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4253.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4253.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4253", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-04T23:15:46.010", - "lastModified": "2025-05-04T23:15:46.010", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PCMan FTP Server 2.0.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component HASH Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en PCMan FTP Server 2.0.7. Se ha declarado cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del componente HASH Command Handler. La manipulaci\u00f3n provoca un desbordamiento del b\u00fafer. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4254.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4254.json index 88c50385447..5947e348b77 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4254.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4254.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4254", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-05T00:15:14.763", - "lastModified": "2025-05-05T00:15:14.763", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PCMan FTP Server 2.0.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component LIST Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en PCMan FTP Server 2.0.7. Se ha clasificado como cr\u00edtica. Este problema afecta a una funcionalidad desconocida del componente LIST Command Handler. La manipulaci\u00f3n provoca un desbordamiento del b\u00fafer. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4255.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4255.json index ad06f09515e..5d2857e13cd 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4255.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4255.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4255", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-05T00:15:15.660", - "lastModified": "2025-05-05T00:15:15.660", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. This affects an unknown part of the component RMD Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad cr\u00edtica en PCMan FTP Server 2.0.7. Esta afecta a una parte desconocida del componente RMD Command Handler. La manipulaci\u00f3n provoca un desbordamiento del b\u00fafer. Es posible iniciar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4256.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4256.json index dc7cfc4f977..8cd2b5dc60d 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4256.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4256.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4256", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-05T01:15:48.970", - "lastModified": "2025-05-05T15:15:55.873", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4257.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4257.json index 0c99345f95e..9c324b7e74b 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4257.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4257.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4257", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-05T01:15:49.367", - "lastModified": "2025-05-05T01:15:49.367", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in SeaCMS 13.2. This issue affects some unknown processing of the file /admin_pay.php. The manipulation of the argument cstatus leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad clasificada como problem\u00e1tica en SeaCMS 13.2. Este problema afecta a un procesamiento desconocido del archivo /admin_pay.php. La manipulaci\u00f3n del argumento cstatus provoca ataques de cross site scripting. El ataque puede iniciarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4258.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4258.json index 4e4d15f8f6d..9b787e457a3 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4258.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4258.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4258", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-05T02:15:18.480", - "lastModified": "2025-05-05T02:15:18.480", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu up to 4.2.0. Affected is the function Upload of the file \\youkefu-master\\src\\main\\java\\com\\ukefu\\webim\\web\\handler\\resource\\MediaController.java. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad clasificada como cr\u00edtica en zhangyanbo2007 youkefu (hasta la versi\u00f3n 4.2.0). La funci\u00f3n de carga del archivo \\youkefu-master\\src\\main\\java\\com\\ukefu\\webim\\web\\handler\\resource\\MediaController.java se ve afectada. La manipulaci\u00f3n del argumento imgFile permite una carga sin restricciones. Es posible ejecutar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4259.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4259.json index 4ae675dd022..984805bbb26 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4259.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4259.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4259", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-05T03:15:23.477", - "lastModified": "2025-05-05T03:15:23.477", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in newbee-mall 1.0 and classified as critical. Affected by this vulnerability is the function Upload of the file ltd/newbee/mall/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad en newbee-mall 1.0, clasificada como cr\u00edtica. Esta vulnerabilidad afecta la funci\u00f3n \"Upload\" del archivo ltd/newbee/mall/controller/common/UploadController.java. La manipulaci\u00f3n del argumento \"File\" permite una carga sin restricciones. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Este producto no utiliza control de versiones. Por ello, no hay informaci\u00f3n disponible sobre las versiones afectadas y no afectadas." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4260.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4260.json index 00187353516..70126ee3a24 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4260.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4260.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4260", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-05T03:15:23.660", - "lastModified": "2025-05-05T03:15:23.660", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in zhangyanbo2007 youkefu up to 4.2.0 and classified as problematic. Affected by this issue is the function impsave of the file m\\web\\handler\\admin\\system\\TemplateController.java. The manipulation of the argument dataFile leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en zhangyanbo2007 youkefu hasta la versi\u00f3n 4.2.0, clasificada como problem\u00e1tica. Este problema afecta a la funci\u00f3n impsave del archivo m\\web\\handler\\admin\\system\\TemplateController.java. La manipulaci\u00f3n del argumento dataFile provoca la deserializaci\u00f3n. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4261.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4261.json index 400623005ab..0358202d688 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4261.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4261.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4261", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-05T04:15:18.970", - "lastModified": "2025-05-05T04:15:18.970", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in GAIR-NLP factool up to 3f3914bc090b644be044b7e0005113c135d8b20f. It has been classified as critical. This affects the function run_single of the file factool/factool/math/tool.py. The manipulation leads to code injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en GAIR-NLP factool hasta 3f3914bc090b644be044b7e0005113c135d8b20f. Se ha clasificado como cr\u00edtica. Afecta a la funci\u00f3n run_single del archivo factool/factool/math/tool.py. La manipulaci\u00f3n provoca la inyecci\u00f3n de c\u00f3digo. El ataque debe abordarse localmente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Este producto utiliza el enfoque de lanzamiento continuo para garantizar una entrega continua. Por lo tanto, no se dispone de detalles de las versiones afectadas ni de las actualizadas." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4262.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4262.json index 5adab5f92ca..34187ea9b21 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4262.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4262.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4262", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-05T04:16:17.080", - "lastModified": "2025-05-05T04:16:17.080", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PHPGurukul Online DJ Booking Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/user-search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en PHPGurukul Online DJ Booking Management System 1.0. Se ha declarado cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /admin/user-search.php. La manipulaci\u00f3n del argumento \"searchdata\" provoca una inyecci\u00f3n SQL. El ataque puede iniciarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4263.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4263.json index d1bdba139a7..b601b26935a 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4263.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4263.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4263", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-05T04:16:20.583", - "lastModified": "2025-05-05T04:16:20.583", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PHPGurukul Online DJ Booking Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en PHPGurukul Online DJ Booking Management System 1.0. Se ha clasificado como cr\u00edtica. Este problema afecta a un procesamiento desconocido del archivo /admin/booking-search.php. La manipulaci\u00f3n del argumento \"searchdata\" provoca una inyecci\u00f3n SQL. El ataque puede iniciarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4264.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4264.json index bbaef61c5dd..0d098d7aab9 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4264.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4264.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4264", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-05T05:15:15.860", - "lastModified": "2025-05-05T05:15:15.860", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/edit-ambulance.php. The manipulation of the argument dconnum leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad cr\u00edtica en PHPGurukul Emergency Ambulance Hiring Portal 1.0. La vulnerabilidad afecta a una funci\u00f3n desconocida del archivo /admin/edit-ambulance.php. La manipulaci\u00f3n del argumento dconnum provoca una inyecci\u00f3n SQL. Es posible ejecutar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4265.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4265.json index b44606df866..4dfd72b5aaf 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4265.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4265.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4265", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-05T05:15:16.060", - "lastModified": "2025-05-05T05:15:16.060", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/contact-us.php. The manipulation of the argument mobnum leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad cr\u00edtica en PHPGurukul Emergency Ambulance Hiring Portal 1.0. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /admin/contact-us.php. La manipulaci\u00f3n del argumento mobnum provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Otros par\u00e1metros tambi\u00e9n podr\u00edan verse afectados." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4266.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4266.json index 834b013bca5..19af4e09032 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4266.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4266.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4266", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-05T06:15:31.723", - "lastModified": "2025-05-05T06:15:31.723", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in PHPGurukul Notice Board System 1.0. Affected by this issue is some unknown functionality of the file /bwdates-reports-details.php?vid=2. The manipulation of the argument fromdate/tomdate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en PHPGurukul Notice Board System 1.0. Este problema afecta a una funcionalidad desconocida del archivo /bwdates-reports-details.php?vid=2. La manipulaci\u00f3n del argumento fromdate/tomdate provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4267.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4267.json index 7d3e95261d9..bbb05236ac4 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4267.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4267.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4267", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-05T06:15:31.897", - "lastModified": "2025-05-05T06:15:31.897", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in SourceCodester/oretnom23 Stock Management System 1.0. This affects an unknown part of the file /admin/?page=purchase_order/view_po of the component Purchase Order Details Page. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad clasificada como cr\u00edtica en SourceCodester/oretnom23 Stock Management System 1.0. Esta afecta a una parte desconocida del archivo /admin/?page=purchase_order/view_po del componente \"P\u00e1gina de Detalles de la Orden de Compra\". La manipulaci\u00f3n del ID del argumento provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4268.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4268.json index 23365cd1844..1c0844057a5 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4268.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4268.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4268", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-05T07:15:47.073", - "lastModified": "2025-05-05T07:15:47.073", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input RebootSystem leads to missing authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad en TOTOLINK A720R 4.1.5cu.374, clasificada como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /cgi-bin/cstecgi.cgi. La manipulaci\u00f3n del argumento topicurl con la entrada RebootSystem provoca la omisi\u00f3n de la autenticaci\u00f3n. El ataque puede iniciarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4269.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4269.json index 4572d674abd..f3f46910a67 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4269.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4269.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4269", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-05T07:15:48.233", - "lastModified": "2025-05-05T07:15:48.233", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi of the component Log Handler. The manipulation of the argument topicurl with the input clearDiagnosisLog/clearSyslog/clearTracerouteLog leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en TOTOLINK A720R 4.1.5cu.374, clasificada como cr\u00edtica. Este problema afecta a un procesamiento desconocido del archivo /cgi-bin/cstecgi.cgi del componente Log Handler. La manipulaci\u00f3n del argumento topicurl con la entrada clearDiagnosisLog/clearSyslog/clearTracerouteLog genera controles de acceso inadecuados. El ataque podr\u00eda iniciarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4270.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4270.json index 4ac2496791c..8323afa9575 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4270.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4270.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4270", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-05T08:15:15.607", - "lastModified": "2025-05-05T08:15:15.607", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Config Handler. The manipulation of the argument topicurl with the input getInitCfg/getSysStatusCfg leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en TOTOLINK A720R 4.1.5cu.374. Se ha clasificado como problem\u00e1tica. Se ve afectada una funci\u00f3n desconocida del archivo /cgi-bin/cstecgi.cgi del componente Config Handler. La manipulaci\u00f3n del argumento topicurl con la entrada getInitCfg/getSysStatusCfg provoca la divulgaci\u00f3n de informaci\u00f3n. Es posible ejecutar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4271.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4271.json index 2fe093baa56..236a24a1bee 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4271.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4271.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4271", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-05T08:15:15.790", - "lastModified": "2025-05-05T08:15:15.790", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en TOTOLINK A720R 4.1.5cu.374. Se ha declarado problem\u00e1tica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /cgi-bin/cstecgi.cgi. La manipulaci\u00f3n del argumento \"topicurl\" con la entrada \"showSyslog\" provoca la divulgaci\u00f3n de informaci\u00f3n. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4272.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4272.json index dc509542a71..09918ac504d 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4272.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4272.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4272", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-05T11:15:45.593", - "lastModified": "2025-05-05T11:15:45.593", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4279.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4279.json index 422edac764f..ed50f3e372c 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4279.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4279.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4279", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-05T19:15:57.477", - "lastModified": "2025-05-05T19:15:57.477", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4281.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4281.json index 9120f187cd5..3eb9ae91d98 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4281.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4281.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4281", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-05T16:15:52.560", - "lastModified": "2025-05-05T16:15:52.560", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4282.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4282.json index 27401c79de9..d41851b11fe 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4282.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4282.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4282", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-05T18:15:44.350", - "lastModified": "2025-05-05T18:15:44.350", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4283.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4283.json index 6646efbdb13..dd2920a6e7b 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4283.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4283.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4283", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-05T19:15:57.687", - "lastModified": "2025-05-05T19:15:57.687", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4286.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4286.json new file mode 100644 index 00000000000..f96da7aa317 --- /dev/null +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4286.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-4286", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-05-05T20:15:21.897", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Intelbras InControl up to 2.21.59. It has been classified as problematic. Affected is an unknown function of the component Dispositivos Edi\u00e7\u00e3o Page. The manipulation of the argument Senha de Comunica\u00e7\u00e3o leads to unprotected storage of credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. According to the vendor this issue should be fixed in a later release." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 2.7, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:N/A:N", + "baseScore": 3.3, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-255" + }, + { + "lang": "en", + "value": "CWE-256" + } + ] + } + ], + "references": [ + { + "url": "https://eldruin.notion.site/Intelbras-InControl-v2-21-57-Storing-password-in-insecure-format-17d27474cccb8003b647ea832186b162?pvs=4", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.307392", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.307392", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.483834", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4287.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4287.json new file mode 100644 index 00000000000..4d4fbb75329 --- /dev/null +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4287.json @@ -0,0 +1,149 @@ +{ + "id": "CVE-2025-4287", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-05-05T20:15:22.100", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function torch.cuda.nccl.reduce of the file torch/cuda/nccl.py. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as 5827d2061dcb4acd05ac5f8e65d8693a481ba0f5. It is recommended to apply a patch to fix this issue." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "baseScore": 1.7, + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 3.1, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-404" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Divigroup-RAP/PYTORCH/commit/5827d2061dcb4acd05ac5f8e65d8693a481ba0f5", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/pytorch/pytorch/issues/150836", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/pytorch/pytorch/issues/150836#issue-2979097872", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/pytorch/pytorch/pull/150923", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.307394", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.307394", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.553644", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4288.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4288.json new file mode 100644 index 00000000000..c612bc53c81 --- /dev/null +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4288.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-4288", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-05-05T21:15:47.410", + "lastModified": "2025-05-05T21:15:47.410", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. This affects an unknown part of the component RNFR Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://fitoxs.com/exploit/exploit-aab361888e671e1705f94c27c26f9bc7c9c63d3c66d5df89e31dcaf7fa17f528.txt", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.307395", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.307395", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.561625", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4289.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4289.json new file mode 100644 index 00000000000..16be75b4308 --- /dev/null +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4289.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-4289", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-05-05T21:15:47.580", + "lastModified": "2025-05-05T21:15:47.580", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. This vulnerability affects unknown code of the component RNTO Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://fitoxs.com/exploit/exploit-0c70a8b6f3e2d1312bbfa8fcb8e44c802394c3adfb7c1f860a18e9fdc88d8e9c3.txt", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.307396", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.307396", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.561626", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-438xx/CVE-2025-43842.json b/CVE-2025/CVE-2025-438xx/CVE-2025-43842.json index 3c3a5db010f..3ec92ccbe1e 100644 --- a/CVE-2025/CVE-2025-438xx/CVE-2025-43842.json +++ b/CVE-2025/CVE-2025-438xx/CVE-2025-43842.json @@ -2,8 +2,8 @@ "id": "CVE-2025-43842", "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-05T17:18:48.967", - "lastModified": "2025-05-05T18:15:41.950", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-438xx/CVE-2025-43843.json b/CVE-2025/CVE-2025-438xx/CVE-2025-43843.json index f8246220870..6c693d1535d 100644 --- a/CVE-2025/CVE-2025-438xx/CVE-2025-43843.json +++ b/CVE-2025/CVE-2025-438xx/CVE-2025-43843.json @@ -2,8 +2,8 @@ "id": "CVE-2025-43843", "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-05T17:18:49.440", - "lastModified": "2025-05-05T18:15:42.070", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-438xx/CVE-2025-43844.json b/CVE-2025/CVE-2025-438xx/CVE-2025-43844.json index 30accb15e2c..1a0f54aeb04 100644 --- a/CVE-2025/CVE-2025-438xx/CVE-2025-43844.json +++ b/CVE-2025/CVE-2025-438xx/CVE-2025-43844.json @@ -2,8 +2,8 @@ "id": "CVE-2025-43844", "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-05T18:15:42.180", - "lastModified": "2025-05-05T18:15:42.180", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-438xx/CVE-2025-43845.json b/CVE-2025/CVE-2025-438xx/CVE-2025-43845.json index 73fad257fb9..9e9bf5c066e 100644 --- a/CVE-2025/CVE-2025-438xx/CVE-2025-43845.json +++ b/CVE-2025/CVE-2025-438xx/CVE-2025-43845.json @@ -2,8 +2,8 @@ "id": "CVE-2025-43845", "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-05T18:15:42.300", - "lastModified": "2025-05-05T18:15:42.300", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-438xx/CVE-2025-43846.json b/CVE-2025/CVE-2025-438xx/CVE-2025-43846.json index fdd4ae9a8d9..b8bdd21a39d 100644 --- a/CVE-2025/CVE-2025-438xx/CVE-2025-43846.json +++ b/CVE-2025/CVE-2025-438xx/CVE-2025-43846.json @@ -2,8 +2,8 @@ "id": "CVE-2025-43846", "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-05T18:15:42.430", - "lastModified": "2025-05-05T18:15:42.430", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-438xx/CVE-2025-43847.json b/CVE-2025/CVE-2025-438xx/CVE-2025-43847.json index ee1960c0803..3bfa4d576da 100644 --- a/CVE-2025/CVE-2025-438xx/CVE-2025-43847.json +++ b/CVE-2025/CVE-2025-438xx/CVE-2025-43847.json @@ -2,8 +2,8 @@ "id": "CVE-2025-43847", "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-05T18:15:42.560", - "lastModified": "2025-05-05T18:15:42.560", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-438xx/CVE-2025-43848.json b/CVE-2025/CVE-2025-438xx/CVE-2025-43848.json index bc904d5df77..c8b3aa7446f 100644 --- a/CVE-2025/CVE-2025-438xx/CVE-2025-43848.json +++ b/CVE-2025/CVE-2025-438xx/CVE-2025-43848.json @@ -2,8 +2,8 @@ "id": "CVE-2025-43848", "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-05T18:15:42.683", - "lastModified": "2025-05-05T18:15:42.683", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-438xx/CVE-2025-43849.json b/CVE-2025/CVE-2025-438xx/CVE-2025-43849.json index aac6d582f1f..278e7dd260b 100644 --- a/CVE-2025/CVE-2025-438xx/CVE-2025-43849.json +++ b/CVE-2025/CVE-2025-438xx/CVE-2025-43849.json @@ -2,8 +2,8 @@ "id": "CVE-2025-43849", "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-05T19:15:55.957", - "lastModified": "2025-05-05T19:15:55.957", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-438xx/CVE-2025-43850.json b/CVE-2025/CVE-2025-438xx/CVE-2025-43850.json index 7196086977b..552292e1cc8 100644 --- a/CVE-2025/CVE-2025-438xx/CVE-2025-43850.json +++ b/CVE-2025/CVE-2025-438xx/CVE-2025-43850.json @@ -2,8 +2,8 @@ "id": "CVE-2025-43850", "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-05T19:15:56.090", - "lastModified": "2025-05-05T19:15:56.090", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-438xx/CVE-2025-43851.json b/CVE-2025/CVE-2025-438xx/CVE-2025-43851.json index 162f26ef65f..3014be12b7b 100644 --- a/CVE-2025/CVE-2025-438xx/CVE-2025-43851.json +++ b/CVE-2025/CVE-2025-438xx/CVE-2025-43851.json @@ -2,8 +2,8 @@ "id": "CVE-2025-43851", "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-05T19:15:56.220", - "lastModified": "2025-05-05T19:15:56.220", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-438xx/CVE-2025-43852.json b/CVE-2025/CVE-2025-438xx/CVE-2025-43852.json index ee3c442d5cf..6bae5ef928c 100644 --- a/CVE-2025/CVE-2025-438xx/CVE-2025-43852.json +++ b/CVE-2025/CVE-2025-438xx/CVE-2025-43852.json @@ -2,8 +2,8 @@ "id": "CVE-2025-43852", "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-05T19:15:56.353", - "lastModified": "2025-05-05T19:15:56.353", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-439xx/CVE-2025-43915.json b/CVE-2025/CVE-2025-439xx/CVE-2025-43915.json index 65ad2a25634..be1da9d73bf 100644 --- a/CVE-2025/CVE-2025-439xx/CVE-2025-43915.json +++ b/CVE-2025/CVE-2025-439xx/CVE-2025-43915.json @@ -2,8 +2,8 @@ "id": "CVE-2025-43915", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T17:18:49.603", - "lastModified": "2025-05-05T18:15:42.820", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-43xx/CVE-2025-4316.json b/CVE-2025/CVE-2025-43xx/CVE-2025-4316.json index 1f0180f3720..bea30498949 100644 --- a/CVE-2025/CVE-2025-43xx/CVE-2025-4316.json +++ b/CVE-2025/CVE-2025-43xx/CVE-2025-4316.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4316", "sourceIdentifier": "security@devolutions.net", "published": "2025-05-05T14:15:29.930", - "lastModified": "2025-05-05T14:15:29.930", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-43xx/CVE-2025-4318.json b/CVE-2025/CVE-2025-43xx/CVE-2025-4318.json index 9ed33a6b24b..d91fd192f2e 100644 --- a/CVE-2025/CVE-2025-43xx/CVE-2025-4318.json +++ b/CVE-2025/CVE-2025-43xx/CVE-2025-4318.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4318", "sourceIdentifier": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "published": "2025-05-05T19:15:57.847", - "lastModified": "2025-05-05T19:15:57.847", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44868.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44868.json index 10c27d5fd9d..233a94ad765 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44868.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44868.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44868", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-02T15:15:49.123", - "lastModified": "2025-05-02T15:15:49.123", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the ping_test function of the adm.cgi via the pingIp parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Wavlink WL-WN530H4 20220801 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n ping_test de adm.cgi mediante el par\u00e1metro pingIp. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44872.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44872.json index 0cc2861fd35..8482c845aea 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44872.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44872.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44872", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-02T15:15:49.227", - "lastModified": "2025-05-02T15:15:49.227", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request." + }, + { + "lang": "es", + "value": "Se detect\u00f3 que Tenda AC9 V15.03.06.42_multi contiene una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n formsetUsbUnload mediante el par\u00e1metro deviceName. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44877.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44877.json index b6feab0d1ed..03beaa51074 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44877.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44877.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44877", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-02T15:15:49.323", - "lastModified": "2025-05-02T15:15:49.323", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:45.973", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request." + }, + { + "lang": "es", + "value": "Se detect\u00f3 que Tenda AC9 V15.03.06.42_multi conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n formSetSambaConf mediante el par\u00e1metro usbname. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-450xx/CVE-2025-45042.json b/CVE-2025/CVE-2025-450xx/CVE-2025-45042.json index cf607049478..c18f65563ed 100644 --- a/CVE-2025/CVE-2025-450xx/CVE-2025-45042.json +++ b/CVE-2025/CVE-2025-450xx/CVE-2025-45042.json @@ -2,8 +2,8 @@ "id": "CVE-2025-45042", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T16:15:51.410", - "lastModified": "2025-05-05T16:15:51.410", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-452xx/CVE-2025-45236.json b/CVE-2025/CVE-2025-452xx/CVE-2025-45236.json index 995ecb199d3..19502a17db1 100644 --- a/CVE-2025/CVE-2025-452xx/CVE-2025-45236.json +++ b/CVE-2025/CVE-2025-452xx/CVE-2025-45236.json @@ -2,8 +2,8 @@ "id": "CVE-2025-45236", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T18:15:43.163", - "lastModified": "2025-05-05T18:15:43.163", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-452xx/CVE-2025-45237.json b/CVE-2025/CVE-2025-452xx/CVE-2025-45237.json index 31970f6b2c4..de652cc07cb 100644 --- a/CVE-2025/CVE-2025-452xx/CVE-2025-45237.json +++ b/CVE-2025/CVE-2025-452xx/CVE-2025-45237.json @@ -2,8 +2,8 @@ "id": "CVE-2025-45237", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T18:15:43.280", - "lastModified": "2025-05-05T18:15:43.280", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-452xx/CVE-2025-45238.json b/CVE-2025/CVE-2025-452xx/CVE-2025-45238.json index b612d982eba..6930eccaeeb 100644 --- a/CVE-2025/CVE-2025-452xx/CVE-2025-45238.json +++ b/CVE-2025/CVE-2025-452xx/CVE-2025-45238.json @@ -2,8 +2,8 @@ "id": "CVE-2025-45238", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T18:15:43.397", - "lastModified": "2025-05-05T18:15:43.397", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-452xx/CVE-2025-45239.json b/CVE-2025/CVE-2025-452xx/CVE-2025-45239.json index 3e1d837597c..cd321cb2065 100644 --- a/CVE-2025/CVE-2025-452xx/CVE-2025-45239.json +++ b/CVE-2025/CVE-2025-452xx/CVE-2025-45239.json @@ -2,8 +2,8 @@ "id": "CVE-2025-45239", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T18:15:43.510", - "lastModified": "2025-05-05T18:15:43.510", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-452xx/CVE-2025-45240.json b/CVE-2025/CVE-2025-452xx/CVE-2025-45240.json index 3eb2752f5e7..b0c81611939 100644 --- a/CVE-2025/CVE-2025-452xx/CVE-2025-45240.json +++ b/CVE-2025/CVE-2025-452xx/CVE-2025-45240.json @@ -2,8 +2,8 @@ "id": "CVE-2025-45240", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T17:18:49.733", - "lastModified": "2025-05-05T18:15:43.623", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-452xx/CVE-2025-45242.json b/CVE-2025/CVE-2025-452xx/CVE-2025-45242.json index 6144472a99c..ae361279f2c 100644 --- a/CVE-2025/CVE-2025-452xx/CVE-2025-45242.json +++ b/CVE-2025/CVE-2025-452xx/CVE-2025-45242.json @@ -2,8 +2,8 @@ "id": "CVE-2025-45242", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T17:18:50.540", - "lastModified": "2025-05-05T18:15:43.793", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-453xx/CVE-2025-45320.json b/CVE-2025/CVE-2025-453xx/CVE-2025-45320.json index 3d286755345..dc92294ac76 100644 --- a/CVE-2025/CVE-2025-453xx/CVE-2025-45320.json +++ b/CVE-2025/CVE-2025-453xx/CVE-2025-45320.json @@ -2,8 +2,8 @@ "id": "CVE-2025-45320", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T16:15:51.697", - "lastModified": "2025-05-05T16:15:51.697", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-453xx/CVE-2025-45321.json b/CVE-2025/CVE-2025-453xx/CVE-2025-45321.json index 2eee1a8951c..100044151e2 100644 --- a/CVE-2025/CVE-2025-453xx/CVE-2025-45321.json +++ b/CVE-2025/CVE-2025-453xx/CVE-2025-45321.json @@ -2,8 +2,8 @@ "id": "CVE-2025-45321", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T16:15:51.780", - "lastModified": "2025-05-05T16:15:51.780", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-453xx/CVE-2025-45322.json b/CVE-2025/CVE-2025-453xx/CVE-2025-45322.json index df03f3f5415..59e925afade 100644 --- a/CVE-2025/CVE-2025-453xx/CVE-2025-45322.json +++ b/CVE-2025/CVE-2025-453xx/CVE-2025-45322.json @@ -2,8 +2,8 @@ "id": "CVE-2025-45322", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T16:15:51.957", - "lastModified": "2025-05-05T16:15:51.957", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-456xx/CVE-2025-45607.json b/CVE-2025/CVE-2025-456xx/CVE-2025-45607.json new file mode 100644 index 00000000000..33fcdfd4206 --- /dev/null +++ b/CVE-2025/CVE-2025-456xx/CVE-2025-45607.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2025-45607", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-05-05T20:15:19.427", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue in the component /manage/ of itranswarp v2.19 allows attackers to bypass authentication via a crafted request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/michaelliao/itranswarp/issues/73", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-456xx/CVE-2025-45608.json b/CVE-2025/CVE-2025-456xx/CVE-2025-45608.json new file mode 100644 index 00000000000..bc2b0f4ce05 --- /dev/null +++ b/CVE-2025/CVE-2025-456xx/CVE-2025-45608.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2025-45608", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-05-05T20:15:19.887", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Incorrect access control in the /system/user/findUserList API of Xinguan v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/zykzhangyukang/Xinguan/issues/26", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-456xx/CVE-2025-45609.json b/CVE-2025/CVE-2025-456xx/CVE-2025-45609.json new file mode 100644 index 00000000000..862145f6a60 --- /dev/null +++ b/CVE-2025/CVE-2025-456xx/CVE-2025-45609.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2025-45609", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-05-05T20:15:20.010", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Incorrect access control in the doFilter function of kob latest v1.0.0-SNAPSHOT allows attackers to access sensitive information via a crafted payload." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/LianjiaTech/kob/issues/29", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-456xx/CVE-2025-45610.json b/CVE-2025/CVE-2025-456xx/CVE-2025-45610.json new file mode 100644 index 00000000000..d91b5efd221 --- /dev/null +++ b/CVE-2025/CVE-2025-456xx/CVE-2025-45610.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2025-45610", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-05-05T20:15:20.120", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Incorrect access control in the component /scheduleLog/info/1 of PassJava-Platform v3.0.0 allows attackers to access sensitive information via a crafted payload." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Jackson0714/PassJava-Platform/issues/48", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-456xx/CVE-2025-45611.json b/CVE-2025/CVE-2025-456xx/CVE-2025-45611.json new file mode 100644 index 00000000000..1f376110be2 --- /dev/null +++ b/CVE-2025/CVE-2025-456xx/CVE-2025-45611.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2025-45611", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-05-05T20:15:20.243", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/java-aodeng/hope-boot/issues/86", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-456xx/CVE-2025-45612.json b/CVE-2025/CVE-2025-456xx/CVE-2025-45612.json new file mode 100644 index 00000000000..16eea77e27c --- /dev/null +++ b/CVE-2025/CVE-2025-456xx/CVE-2025-45612.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2025-45612", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-05-05T20:15:20.357", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Exrick/xmall/issues/96", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-456xx/CVE-2025-45613.json b/CVE-2025/CVE-2025-456xx/CVE-2025-45613.json new file mode 100644 index 00000000000..3e5b75276e2 --- /dev/null +++ b/CVE-2025/CVE-2025-456xx/CVE-2025-45613.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2025-45613", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-05-05T20:15:20.470", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Incorrect access control in the component /user/list of Shiro-Action v0.6 allows attackers to access sensitive information via a crafted payload." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/zhaojun1998/Shiro-Action/issues/24", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-456xx/CVE-2025-45614.json b/CVE-2025/CVE-2025-456xx/CVE-2025-45614.json new file mode 100644 index 00000000000..53f0a921cb0 --- /dev/null +++ b/CVE-2025/CVE-2025-456xx/CVE-2025-45614.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2025-45614", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-05-05T20:15:20.573", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Incorrect access control in the component /api/user/manager of One v1.0 allows attackers to access sensitive information via a crafted payload." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/lcw2004/one/issues/44", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-456xx/CVE-2025-45615.json b/CVE-2025/CVE-2025-456xx/CVE-2025-45615.json new file mode 100644 index 00000000000..d20f7ac5f5d --- /dev/null +++ b/CVE-2025/CVE-2025-456xx/CVE-2025-45615.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2025-45615", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-05-05T20:15:20.680", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSHOT allows attackers to gain access to Admin rights via a crafted request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/user-xiangpeng/yaoqishan/issues/29", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-456xx/CVE-2025-45616.json b/CVE-2025/CVE-2025-456xx/CVE-2025-45616.json new file mode 100644 index 00000000000..15d91fc2d1c --- /dev/null +++ b/CVE-2025/CVE-2025-456xx/CVE-2025-45616.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2025-45616", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-05-05T20:15:20.790", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Incorrect access control in the /admin/** API of brcc v1.2.0 allows attackers to gain access to Admin rights via a crafted request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/baidu/brcc/issues/194", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-456xx/CVE-2025-45617.json b/CVE-2025/CVE-2025-456xx/CVE-2025-45617.json new file mode 100644 index 00000000000..23f2925a7ca --- /dev/null +++ b/CVE-2025/CVE-2025-456xx/CVE-2025-45617.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2025-45617", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-05-05T20:15:20.897", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Incorrect access control in the component /user/list of production_ssm v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/megagao/production_ssm/issues/33", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-456xx/CVE-2025-45618.json b/CVE-2025/CVE-2025-456xx/CVE-2025-45618.json new file mode 100644 index 00000000000..9eec2c7948d --- /dev/null +++ b/CVE-2025/CVE-2025-456xx/CVE-2025-45618.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2025-45618", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-05-05T20:15:21.003", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Incorrect access control in the component /admin/sys/datasource/ajaxList of jeeweb-mybatis-springboot v0.0.1.RELEASE allows attackers to access sensitive information via a crafted payload." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/huangjian888/jeeweb-mybatis-springboot/issues/31", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-457xx/CVE-2025-45751.json b/CVE-2025/CVE-2025-457xx/CVE-2025-45751.json index 4d264b1af48..e990ffd5738 100644 --- a/CVE-2025/CVE-2025-457xx/CVE-2025-45751.json +++ b/CVE-2025/CVE-2025-457xx/CVE-2025-45751.json @@ -2,8 +2,8 @@ "id": "CVE-2025-45751", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T14:15:28.950", - "lastModified": "2025-05-05T14:15:28.950", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-458xx/CVE-2025-45800.json b/CVE-2025/CVE-2025-458xx/CVE-2025-45800.json index 7b0b481b144..dbfff91b4c4 100644 --- a/CVE-2025/CVE-2025-458xx/CVE-2025-45800.json +++ b/CVE-2025/CVE-2025-458xx/CVE-2025-45800.json @@ -2,13 +2,17 @@ "id": "CVE-2025-45800", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-02T17:15:52.423", - "lastModified": "2025-05-02T17:15:52.423", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cste_modules/global.so library, specifically in the processing of the deviceMac parameter." + }, + { + "lang": "es", + "value": "TOTOLINK A950RG V4.1.2cu.5204_B20210112 contiene una vulnerabilidad de ejecuci\u00f3n de comandos en la interfaz setDeviceName de la librer\u00eda /lib/cste_modules/global.so, espec\u00edficamente en el procesamiento del par\u00e1metro deviceMac." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-463xx/CVE-2025-46332.json b/CVE-2025/CVE-2025-463xx/CVE-2025-46332.json index 73d56880c34..66db547ffa8 100644 --- a/CVE-2025/CVE-2025-463xx/CVE-2025-46332.json +++ b/CVE-2025/CVE-2025-463xx/CVE-2025-46332.json @@ -2,13 +2,17 @@ "id": "CVE-2025-46332", "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-02T17:15:52.947", - "lastModified": "2025-05-02T17:15:52.947", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Flags SDK is an open-source feature flags toolkit for Next.js and SvelteKit. Impacted versions include flags from 3.2.0 and prior and @vercel/flags from 3.1.1 and prior as certain circumstances allows a bad actor with detailed knowledge of the vulnerability to list all flags returned by the flags discovery endpoint (.well-known/vercel/flags). This vulnerability allows for information disclosure, where a bad actor could gain access to a list of all feature flags exposed through the flags discovery endpoint, including the flag names, flag descriptions, available options and their labels (e.g. true, false), and default flag values. This issue has been patched in flags@4.0.0, users of flags and @vercel/flags should also migrate to flags@4.0.0." + }, + { + "lang": "es", + "value": "Flags SDK es un kit de herramientas de c\u00f3digo abierto para Next.js y SvelteKit. Las versiones afectadas incluyen flags de la versi\u00f3n 3.2.0 y anteriores, y @vercel/flags de la versi\u00f3n 3.1.1 y anteriores, ya que, en determinadas circunstancias, un atacante con conocimiento detallado de la vulnerabilidad puede listar todos los flags devueltos por el endpoint de descubrimiento de flags (.well-known/vercel/flags). Esta vulnerabilidad permite la divulgaci\u00f3n de informaci\u00f3n, lo que permite a un atacante acceder a una lista de todos los flags de caracter\u00edsticas expuestos a trav\u00e9s del endpoint de descubrimiento de flags, incluyendo los nombres y descripciones de los flags, las opciones disponibles y sus etiquetas (p. ej., verdadero, falso) y los valores predeterminados de los flags. Este problema se ha corregido en flags@4.0.0; los usuarios de flags y @vercel/flags tambi\u00e9n deben migrar a flags@4.0.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-463xx/CVE-2025-46335.json b/CVE-2025/CVE-2025-463xx/CVE-2025-46335.json index 9f384506885..d75856c35aa 100644 --- a/CVE-2025/CVE-2025-463xx/CVE-2025-46335.json +++ b/CVE-2025/CVE-2025-463xx/CVE-2025-46335.json @@ -2,8 +2,8 @@ "id": "CVE-2025-46335", "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-05T19:15:56.487", - "lastModified": "2025-05-05T19:15:56.487", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-463xx/CVE-2025-46340.json b/CVE-2025/CVE-2025-463xx/CVE-2025-46340.json index 1ee98682c3c..a619fc9d845 100644 --- a/CVE-2025/CVE-2025-463xx/CVE-2025-46340.json +++ b/CVE-2025/CVE-2025-463xx/CVE-2025-46340.json @@ -2,8 +2,8 @@ "id": "CVE-2025-46340", "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-05T19:15:56.627", - "lastModified": "2025-05-05T19:15:56.627", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-465xx/CVE-2025-46553.json b/CVE-2025/CVE-2025-465xx/CVE-2025-46553.json index 679c5d37b5a..0f980a0e5fb 100644 --- a/CVE-2025/CVE-2025-465xx/CVE-2025-46553.json +++ b/CVE-2025/CVE-2025-465xx/CVE-2025-46553.json @@ -2,8 +2,8 @@ "id": "CVE-2025-46553", "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-05T19:15:56.763", - "lastModified": "2025-05-05T19:15:56.763", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-465xx/CVE-2025-46559.json b/CVE-2025/CVE-2025-465xx/CVE-2025-46559.json index 488ecb47d7c..f5d847f912a 100644 --- a/CVE-2025/CVE-2025-465xx/CVE-2025-46559.json +++ b/CVE-2025/CVE-2025-465xx/CVE-2025-46559.json @@ -2,8 +2,8 @@ "id": "CVE-2025-46559", "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-05T19:15:56.910", - "lastModified": "2025-05-05T19:15:56.910", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-465xx/CVE-2025-46571.json b/CVE-2025/CVE-2025-465xx/CVE-2025-46571.json index 94cefcc90b0..dc5600059bd 100644 --- a/CVE-2025/CVE-2025-465xx/CVE-2025-46571.json +++ b/CVE-2025/CVE-2025-465xx/CVE-2025-46571.json @@ -2,8 +2,8 @@ "id": "CVE-2025-46571", "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-05T19:15:57.050", - "lastModified": "2025-05-05T19:15:57.050", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-467xx/CVE-2025-46719.json b/CVE-2025/CVE-2025-467xx/CVE-2025-46719.json index 97af62df3f7..33b8a929e81 100644 --- a/CVE-2025/CVE-2025-467xx/CVE-2025-46719.json +++ b/CVE-2025/CVE-2025-467xx/CVE-2025-46719.json @@ -2,8 +2,8 @@ "id": "CVE-2025-46719", "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-05T19:15:57.197", - "lastModified": "2025-05-05T19:15:57.197", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-467xx/CVE-2025-46720.json b/CVE-2025/CVE-2025-467xx/CVE-2025-46720.json index 0e94d3b0fef..d40d1d1110c 100644 --- a/CVE-2025/CVE-2025-467xx/CVE-2025-46720.json +++ b/CVE-2025/CVE-2025-467xx/CVE-2025-46720.json @@ -2,8 +2,8 @@ "id": "CVE-2025-46720", "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-05T19:15:57.330", - "lastModified": "2025-05-05T19:15:57.330", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-467xx/CVE-2025-46723.json b/CVE-2025/CVE-2025-467xx/CVE-2025-46723.json index 0b3a8f03be5..ccece886ed9 100644 --- a/CVE-2025/CVE-2025-467xx/CVE-2025-46723.json +++ b/CVE-2025/CVE-2025-467xx/CVE-2025-46723.json @@ -2,13 +2,17 @@ "id": "CVE-2025-46723", "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-02T23:15:16.580", - "lastModified": "2025-05-02T23:15:16.580", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "OpenVM is a performant and modular zkVM framework built for customization and extensibility. In version 1.0.0, OpenVM is vulnerable to overflow through byte decomposition of pc in AUIPC chip. A typo results in the highest limb of pc being range checked to 8-bits instead of 6-bits. This results in the if statement never being triggered because the enumeration gives i=0,1,2, when instead the enumeration should give i=1,2,3, leaving pc_limbs[3] range checked to 8-bits instead of 6-bits. This leads to a vulnerability where the pc_limbs decomposition differs from the true pc, which means a malicious prover can make the destination register take a different value than the AUIPC instruction dictates, by making the decomposition overflow the BabyBear field. This issue has been patched in version 1.1.0." + }, + { + "lang": "es", + "value": "OpenVM es un framework zkVM modular y de alto rendimiento, dise\u00f1ado para la personalizaci\u00f3n y la extensibilidad. En la versi\u00f3n 1.0.0, OpenVM es vulnerable a un desbordamiento debido a la descomposici\u00f3n de bytes de pc en el chip AUIPC. Un error tipogr\u00e1fico provoca que la rama m\u00e1s alta de pc se compruebe a 8 bits en lugar de 6. Esto provoca que la instrucci\u00f3n if nunca se active, ya que la enumeraci\u00f3n devuelve i=0,1,2, cuando deber\u00eda dar i=1,2,3, dejando el rango de pc_limbs[3] comprobado a 8 bits en lugar de 6. Esto genera una vulnerabilidad donde la descomposici\u00f3n de pc_limbs difiere de la verdadera pc, lo que significa que un probador malicioso puede hacer que el registro de destino tome un valor diferente al que dicta la instrucci\u00f3n AUIPC, provocando que la descomposici\u00f3n desborde el campo BabyBear. Este problema se ha corregido en la versi\u00f3n 1.1.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-467xx/CVE-2025-46726.json b/CVE-2025/CVE-2025-467xx/CVE-2025-46726.json new file mode 100644 index 00000000000..ea8c0be3bf3 --- /dev/null +++ b/CVE-2025/CVE-2025-467xx/CVE-2025-46726.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2025-46726", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-05-05T20:15:21.107", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Langroid is a framework for building large-language-model-powered applications. Prior to version 0.53.4, a LLM application leveraging `XMLToolMessage` class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. Version 0.53.4 fixes the issue." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-611" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/langroid/langroid/blob/df6227e6c079ec22bb2768498423148d6685acff/langroid/agent/xml_tool_message.py#L51-L52", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/langroid/langroid/commit/36e7e7db4dd1636de225c2c66c84052b1e9ac3c3", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/langroid/langroid/security/advisories/GHSA-pw95-88fg-3j6f", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-467xx/CVE-2025-46730.json b/CVE-2025/CVE-2025-467xx/CVE-2025-46730.json new file mode 100644 index 00000000000..36fc280d6ff --- /dev/null +++ b/CVE-2025/CVE-2025-467xx/CVE-2025-46730.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-46730", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-05-05T20:15:21.313", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to internal security teams, audit teams, and external vendors. MobSF provides a feature that allows users to upload ZIP files for static analysis. Upon upload, these ZIP files are automatically extracted and stored within the MobSF directory. However, in versions up to and including 4.3.2, this functionality lacks a check on the total uncompressed size of the ZIP file, making it vulnerable to a ZIP of Death (zip bomb) attack. Due to the absence of safeguards against oversized extractions, an attacker can craft a specially prepared ZIP file that is small in compressed form but expands to a massive size upon extraction. Exploiting this, an attacker can exhaust the server's disk space, leading to a complete denial of service (DoS) not just for MobSF, but also for any other applications or websites hosted on the same server. This vulnerability can lead to complete server disruption in an organization which can affect other internal portals and tools too (which are hosted on the same server). If some organization has created their customized cloud based mobile security tool using MobSF core then an attacker can exploit this vulnerability to crash their servers. Commit 6987a946485a795f4fd38cebdb4860b368a1995d fixes this issue. As an additional mitigation, it is recommended to implement a safeguard that checks the total uncompressed size of any uploaded ZIP file before extraction. If the estimated uncompressed size exceeds a safe threshold (e.g., 100 MB), MobSF should reject the file and notify the user." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-409" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/6987a946485a795f4fd38cebdb4860b368a1995d", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-c5vg-26p8-q8cr", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-467xx/CVE-2025-46731.json b/CVE-2025/CVE-2025-467xx/CVE-2025-46731.json new file mode 100644 index 00000000000..662900f3457 --- /dev/null +++ b/CVE-2025/CVE-2025-467xx/CVE-2025-46731.json @@ -0,0 +1,90 @@ +{ + "id": "CVE-2025-46731", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-05-05T20:15:21.460", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Craft is a content management system. Versions of Craft CMS on the 4.x branch prior to 4.14.13 and on the 5.x branch prior to 5.6.16 contains a potential remote code execution vulnerability via Twig SSTI. One must have administrator access and `ALLOW_ADMIN_CHANGES` must be enabled for this to work. Users should update to the patched versions 4.14.13 or 5.6.15 to mitigate the issue." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1336" + } + ] + } + ], + "references": [ + { + "url": "http://github.com/craftcms/cms/pull/17026", + "source": "security-advisories@github.com" + }, + { + "url": "https://craftcms.com/knowledge-base/securing-craft#set-allowAdminChanges-to-false-in-production", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/craftcms/cms/security/advisories/GHSA-7c58-g782-9j38", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/craftcms/cms/security/advisories/GHSA-f3cw-hg6r-chfv", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-467xx/CVE-2025-46734.json b/CVE-2025/CVE-2025-467xx/CVE-2025-46734.json new file mode 100644 index 00000000000..45da593c7d0 --- /dev/null +++ b/CVE-2025/CVE-2025-467xx/CVE-2025-46734.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-46734", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-05-05T20:15:21.613", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "league/commonmark is a PHP Markdown parser. A cross-site scripting (XSS) vulnerability in the Attributes extension of the league/commonmark library (versions 1.5.0 through 2.6.x) allows remote attackers to insert malicious JavaScript calls into HTML. The league/commonmark library provides configuration options such as `html_input: 'strip'` and `allow_unsafe_links: false` to mitigate cross-site scripting (XSS) attacks by stripping raw HTML and disallowing unsafe links. However, when the Attributes Extension is enabled, it introduces a way for users to inject arbitrary HTML attributes into elements via Markdown syntax using curly braces. Version 2.7.0 contains three changes to prevent this XSS attack vector: All attributes starting with `on` are considered unsafe and blocked by default; support for an explicit allowlist of allowed HTML attributes; and manually-added `href` and `src` attributes now respect the existing `allow_unsafe_links` configuration option. If upgrading is not feasible, please consider disabling the `AttributesExtension` for untrusted users and/or filtering the rendered HTML through a library like HTMLPurifier." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/thephpleague/commonmark/commit/f0d626cf05ad3e99e6db26ebcb9091b6cd1cd89b", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/thephpleague/commonmark/security/advisories/GHSA-3527-qv2q-pfvx", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-468xx/CVE-2025-46813.json b/CVE-2025/CVE-2025-468xx/CVE-2025-46813.json new file mode 100644 index 00000000000..1e10d86b40d --- /dev/null +++ b/CVE-2025/CVE-2025-468xx/CVE-2025-46813.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-46813", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-05-05T20:15:21.753", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Discourse is an open-source community platform. A data leak vulnerability affects sites deployed between commits 10df7fdee060d44accdee7679d66d778d1136510 and 82d84af6b0efbd9fa2aeec3e91ce7be1a768511b. On login-required sites, the leak meant that some content on the site's homepage could be visible to unauthenticated users. Only login-required sites that got deployed during this timeframe are affected, roughly between April 30 2025 noon EDT and May 2 2025, noon EDT. Sites on the stable branch are unaffected. Private content on an instance's homepage could be visible to unauthenticated users on login-required sites. Versions of 3.5.0.beta4 after commit 82d84af6b0efbd9fa2aeec3e91ce7be1a768511b are not vulnerable to the issue. No workarounds are available. Sites must upgrade to a non-vulnerable version of Discourse." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/discourse/discourse/commit/10df7fdee060d44accdee7679d66d778d1136510", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/discourse/discourse/commit/82d84af6b0efbd9fa2aeec3e91ce7be1a768511b", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/discourse/discourse/security/advisories/GHSA-v3h7-c287-pfg9", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-472xx/CVE-2025-47226.json b/CVE-2025/CVE-2025-472xx/CVE-2025-47226.json index c1d02b8a376..397c86fa24f 100644 --- a/CVE-2025/CVE-2025-472xx/CVE-2025-47226.json +++ b/CVE-2025/CVE-2025-472xx/CVE-2025-47226.json @@ -2,13 +2,17 @@ "id": "CVE-2025-47226", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-02T21:15:23.693", - "lastModified": "2025-05-03T20:15:15.923", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information." + }, + { + "lang": "es", + "value": "Grokability Snipe-IT anterior a 8.1.0 tiene una autorizaci\u00f3n incorrecta para acceder a la informaci\u00f3n de los activos." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-472xx/CVE-2025-47229.json b/CVE-2025/CVE-2025-472xx/CVE-2025-47229.json index 9eda4ad3b88..78bc0c37ca2 100644 --- a/CVE-2025/CVE-2025-472xx/CVE-2025-47229.json +++ b/CVE-2025/CVE-2025-472xx/CVE-2025-47229.json @@ -2,13 +2,17 @@ "id": "CVE-2025-47229", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-03T03:15:28.183", - "lastModified": "2025-05-03T03:15:28.183", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a denial of service (var_set_leave_quiet assertion failure and application exit) via crafted input data, such as data that triggers a call from src/data/dictionary.c code into src/data/variable.c code." + }, + { + "lang": "es", + "value": "libpspp-core.a en GNU PSPP hasta 2.0.1 permite a los atacantes provocar una denegaci\u00f3n de servicio (error de afirmaci\u00f3n var_set_leave_quiet y salida de la aplicaci\u00f3n) a trav\u00e9s de datos de entrada manipulados, como datos que activan una llamada desde el c\u00f3digo src/data/dictionary.c al c\u00f3digo src/data/variable.c." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-472xx/CVE-2025-47241.json b/CVE-2025/CVE-2025-472xx/CVE-2025-47241.json index cb196628e2a..c1414d43895 100644 --- a/CVE-2025/CVE-2025-472xx/CVE-2025-47241.json +++ b/CVE-2025/CVE-2025-472xx/CVE-2025-47241.json @@ -2,13 +2,17 @@ "id": "CVE-2025-47241", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-03T21:15:48.023", - "lastModified": "2025-05-03T21:15:48.023", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In browser-use (aka Browser Use) before 0.1.45, URL parsing of allowed_domains is mishandled because userinfo can be placed in the authority component." + }, + { + "lang": "es", + "value": "En browser-use (tambi\u00e9n conocido como Browser Use) anterior a la versi\u00f3n 0.1.45, el an\u00e1lisis de URL de allowed_domains se gestiona incorrectamente porque la informaci\u00f3n del usuario se puede colocar en el componente de autoridad." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-472xx/CVE-2025-47244.json b/CVE-2025/CVE-2025-472xx/CVE-2025-47244.json index 8db6d473e3b..4bb9548ebd1 100644 --- a/CVE-2025/CVE-2025-472xx/CVE-2025-47244.json +++ b/CVE-2025/CVE-2025-472xx/CVE-2025-47244.json @@ -2,13 +2,17 @@ "id": "CVE-2025-47244", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-03T23:15:48.150", - "lastModified": "2025-05-03T23:15:48.150", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C# reflection layer, as demonstrated by causing a denial of service (when an attacker executes a loop calling RestartWeb) or obtaining potentially sensitive information. Exploitation can occur if Anonymous access is enabled, or if there is a successful CSRF attack." + }, + { + "lang": "es", + "value": "Inedo ProGet, hasta la versi\u00f3n 2024.22, permite a atacantes remotos acceder a funcionalidades restringidas a trav\u00e9s de la capa de reflexi\u00f3n de C#, como se demuestra al provocar una denegaci\u00f3n de servicio (cuando un atacante ejecuta un bucle que llama a RestartWeb) o al obtener informaci\u00f3n potencialmente confidencial. La explotaci\u00f3n puede ocurrir si se habilita el acceso an\u00f3nimo o si se produce un ataque CSRF exitoso." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-472xx/CVE-2025-47245.json b/CVE-2025/CVE-2025-472xx/CVE-2025-47245.json index d6826d66f80..1cf6a94245c 100644 --- a/CVE-2025/CVE-2025-472xx/CVE-2025-47245.json +++ b/CVE-2025/CVE-2025-472xx/CVE-2025-47245.json @@ -2,13 +2,17 @@ "id": "CVE-2025-47245", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-04T00:15:15.373", - "lastModified": "2025-05-04T00:15:15.373", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role." + }, + { + "lang": "es", + "value": "En BlueWave Checkmate hasta la versi\u00f3n 2.0.2 anterior a d4a6072, se puede modificar una solicitud de invitaci\u00f3n para especificar un rol privilegiado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-472xx/CVE-2025-47268.json b/CVE-2025/CVE-2025-472xx/CVE-2025-47268.json index fd23c3500c3..60e6c9a9cba 100644 --- a/CVE-2025/CVE-2025-472xx/CVE-2025-47268.json +++ b/CVE-2025/CVE-2025-472xx/CVE-2025-47268.json @@ -2,8 +2,8 @@ "id": "CVE-2025-47268", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T14:15:29.063", - "lastModified": "2025-05-05T14:15:29.063", - "vulnStatus": "Received", + "lastModified": "2025-05-05T20:54:19.760", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/README.md b/README.md index d5176ffae44..a8b02b202fe 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-05-05T20:00:20.376180+00:00 +2025-05-05T22:00:20.312480+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-05-05T19:39:51.650000+00:00 +2025-05-05T21:15:47.580000+00:00 ``` ### Last Data Feed Release @@ -33,69 +33,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -292561 +292586 ``` ### CVEs added in the last Commit -Recently added CVEs: `31` +Recently added CVEs: `25` -- [CVE-2025-4096](CVE-2025/CVE-2025-40xx/CVE-2025-4096.json) (`2025-05-05T18:15:44.240`) -- [CVE-2025-4279](CVE-2025/CVE-2025-42xx/CVE-2025-4279.json) (`2025-05-05T19:15:57.477`) -- [CVE-2025-4282](CVE-2025/CVE-2025-42xx/CVE-2025-4282.json) (`2025-05-05T18:15:44.350`) -- [CVE-2025-4283](CVE-2025/CVE-2025-42xx/CVE-2025-4283.json) (`2025-05-05T19:15:57.687`) -- [CVE-2025-4318](CVE-2025/CVE-2025-43xx/CVE-2025-4318.json) (`2025-05-05T19:15:57.847`) -- [CVE-2025-43844](CVE-2025/CVE-2025-438xx/CVE-2025-43844.json) (`2025-05-05T18:15:42.180`) -- [CVE-2025-43845](CVE-2025/CVE-2025-438xx/CVE-2025-43845.json) (`2025-05-05T18:15:42.300`) -- [CVE-2025-43846](CVE-2025/CVE-2025-438xx/CVE-2025-43846.json) (`2025-05-05T18:15:42.430`) -- [CVE-2025-43847](CVE-2025/CVE-2025-438xx/CVE-2025-43847.json) (`2025-05-05T18:15:42.560`) -- [CVE-2025-43848](CVE-2025/CVE-2025-438xx/CVE-2025-43848.json) (`2025-05-05T18:15:42.683`) -- [CVE-2025-43849](CVE-2025/CVE-2025-438xx/CVE-2025-43849.json) (`2025-05-05T19:15:55.957`) -- [CVE-2025-43850](CVE-2025/CVE-2025-438xx/CVE-2025-43850.json) (`2025-05-05T19:15:56.090`) -- [CVE-2025-43851](CVE-2025/CVE-2025-438xx/CVE-2025-43851.json) (`2025-05-05T19:15:56.220`) -- [CVE-2025-43852](CVE-2025/CVE-2025-438xx/CVE-2025-43852.json) (`2025-05-05T19:15:56.353`) -- [CVE-2025-45236](CVE-2025/CVE-2025-452xx/CVE-2025-45236.json) (`2025-05-05T18:15:43.163`) -- [CVE-2025-45237](CVE-2025/CVE-2025-452xx/CVE-2025-45237.json) (`2025-05-05T18:15:43.280`) -- [CVE-2025-45238](CVE-2025/CVE-2025-452xx/CVE-2025-45238.json) (`2025-05-05T18:15:43.397`) -- [CVE-2025-45239](CVE-2025/CVE-2025-452xx/CVE-2025-45239.json) (`2025-05-05T18:15:43.510`) -- [CVE-2025-46335](CVE-2025/CVE-2025-463xx/CVE-2025-46335.json) (`2025-05-05T19:15:56.487`) -- [CVE-2025-46340](CVE-2025/CVE-2025-463xx/CVE-2025-46340.json) (`2025-05-05T19:15:56.627`) -- [CVE-2025-46553](CVE-2025/CVE-2025-465xx/CVE-2025-46553.json) (`2025-05-05T19:15:56.763`) -- [CVE-2025-46559](CVE-2025/CVE-2025-465xx/CVE-2025-46559.json) (`2025-05-05T19:15:56.910`) -- [CVE-2025-46571](CVE-2025/CVE-2025-465xx/CVE-2025-46571.json) (`2025-05-05T19:15:57.050`) -- [CVE-2025-46719](CVE-2025/CVE-2025-467xx/CVE-2025-46719.json) (`2025-05-05T19:15:57.197`) -- [CVE-2025-46720](CVE-2025/CVE-2025-467xx/CVE-2025-46720.json) (`2025-05-05T19:15:57.330`) +- [CVE-2025-0915](CVE-2025/CVE-2025-09xx/CVE-2025-0915.json) (`2025-05-05T21:15:46.970`) +- [CVE-2025-1000](CVE-2025/CVE-2025-10xx/CVE-2025-1000.json) (`2025-05-05T21:15:47.120`) +- [CVE-2025-1493](CVE-2025/CVE-2025-14xx/CVE-2025-1493.json) (`2025-05-05T21:15:47.263`) +- [CVE-2025-1909](CVE-2025/CVE-2025-19xx/CVE-2025-1909.json) (`2025-05-05T20:15:19.127`) +- [CVE-2025-4286](CVE-2025/CVE-2025-42xx/CVE-2025-4286.json) (`2025-05-05T20:15:21.897`) +- [CVE-2025-4287](CVE-2025/CVE-2025-42xx/CVE-2025-4287.json) (`2025-05-05T20:15:22.100`) +- [CVE-2025-4288](CVE-2025/CVE-2025-42xx/CVE-2025-4288.json) (`2025-05-05T21:15:47.410`) +- [CVE-2025-4289](CVE-2025/CVE-2025-42xx/CVE-2025-4289.json) (`2025-05-05T21:15:47.580`) +- [CVE-2025-45607](CVE-2025/CVE-2025-456xx/CVE-2025-45607.json) (`2025-05-05T20:15:19.427`) +- [CVE-2025-45608](CVE-2025/CVE-2025-456xx/CVE-2025-45608.json) (`2025-05-05T20:15:19.887`) +- [CVE-2025-45609](CVE-2025/CVE-2025-456xx/CVE-2025-45609.json) (`2025-05-05T20:15:20.010`) +- [CVE-2025-45610](CVE-2025/CVE-2025-456xx/CVE-2025-45610.json) (`2025-05-05T20:15:20.120`) +- [CVE-2025-45611](CVE-2025/CVE-2025-456xx/CVE-2025-45611.json) (`2025-05-05T20:15:20.243`) +- [CVE-2025-45612](CVE-2025/CVE-2025-456xx/CVE-2025-45612.json) (`2025-05-05T20:15:20.357`) +- [CVE-2025-45613](CVE-2025/CVE-2025-456xx/CVE-2025-45613.json) (`2025-05-05T20:15:20.470`) +- [CVE-2025-45614](CVE-2025/CVE-2025-456xx/CVE-2025-45614.json) (`2025-05-05T20:15:20.573`) +- [CVE-2025-45615](CVE-2025/CVE-2025-456xx/CVE-2025-45615.json) (`2025-05-05T20:15:20.680`) +- [CVE-2025-45616](CVE-2025/CVE-2025-456xx/CVE-2025-45616.json) (`2025-05-05T20:15:20.790`) +- [CVE-2025-45617](CVE-2025/CVE-2025-456xx/CVE-2025-45617.json) (`2025-05-05T20:15:20.897`) +- [CVE-2025-45618](CVE-2025/CVE-2025-456xx/CVE-2025-45618.json) (`2025-05-05T20:15:21.003`) +- [CVE-2025-46726](CVE-2025/CVE-2025-467xx/CVE-2025-46726.json) (`2025-05-05T20:15:21.107`) +- [CVE-2025-46730](CVE-2025/CVE-2025-467xx/CVE-2025-46730.json) (`2025-05-05T20:15:21.313`) +- [CVE-2025-46731](CVE-2025/CVE-2025-467xx/CVE-2025-46731.json) (`2025-05-05T20:15:21.460`) +- [CVE-2025-46734](CVE-2025/CVE-2025-467xx/CVE-2025-46734.json) (`2025-05-05T20:15:21.613`) +- [CVE-2025-46813](CVE-2025/CVE-2025-468xx/CVE-2025-46813.json) (`2025-05-05T20:15:21.753`) ### CVEs modified in the last Commit -Recently modified CVEs: `91` +Recently modified CVEs: `292` -- [CVE-2024-1983](CVE-2024/CVE-2024-19xx/CVE-2024-1983.json) (`2025-05-05T18:38:46.200`) -- [CVE-2024-25730](CVE-2024/CVE-2024-257xx/CVE-2024-25730.json) (`2025-05-05T19:16:50.050`) -- [CVE-2024-27757](CVE-2024/CVE-2024-277xx/CVE-2024-27757.json) (`2025-05-05T18:13:19.633`) -- [CVE-2024-32206](CVE-2024/CVE-2024-322xx/CVE-2024-32206.json) (`2025-05-05T18:14:23.690`) -- [CVE-2024-57229](CVE-2024/CVE-2024-572xx/CVE-2024-57229.json) (`2025-05-05T18:15:39.900`) -- [CVE-2024-57230](CVE-2024/CVE-2024-572xx/CVE-2024-57230.json) (`2025-05-05T18:15:40.047`) -- [CVE-2024-57231](CVE-2024/CVE-2024-572xx/CVE-2024-57231.json) (`2025-05-05T18:15:40.193`) -- [CVE-2024-57232](CVE-2024/CVE-2024-572xx/CVE-2024-57232.json) (`2025-05-05T18:15:40.340`) -- [CVE-2024-57233](CVE-2024/CVE-2024-572xx/CVE-2024-57233.json) (`2025-05-05T18:15:40.493`) -- [CVE-2024-57234](CVE-2024/CVE-2024-572xx/CVE-2024-57234.json) (`2025-05-05T18:15:40.650`) -- [CVE-2024-57235](CVE-2024/CVE-2024-572xx/CVE-2024-57235.json) (`2025-05-05T18:15:40.797`) -- [CVE-2025-25504](CVE-2025/CVE-2025-255xx/CVE-2025-25504.json) (`2025-05-05T18:15:41.100`) -- [CVE-2025-26241](CVE-2025/CVE-2025-262xx/CVE-2025-26241.json) (`2025-05-05T18:15:41.570`) -- [CVE-2025-27193](CVE-2025/CVE-2025-271xx/CVE-2025-27193.json) (`2025-05-05T19:13:52.733`) -- [CVE-2025-27194](CVE-2025/CVE-2025-271xx/CVE-2025-27194.json) (`2025-05-05T19:12:52.850`) -- [CVE-2025-27195](CVE-2025/CVE-2025-271xx/CVE-2025-27195.json) (`2025-05-05T19:12:46.777`) -- [CVE-2025-27196](CVE-2025/CVE-2025-271xx/CVE-2025-27196.json) (`2025-05-05T19:08:58.717`) -- [CVE-2025-27198](CVE-2025/CVE-2025-271xx/CVE-2025-27198.json) (`2025-05-05T19:08:24.377`) -- [CVE-2025-29316](CVE-2025/CVE-2025-293xx/CVE-2025-29316.json) (`2025-05-05T18:15:41.723`) -- [CVE-2025-29824](CVE-2025/CVE-2025-298xx/CVE-2025-29824.json) (`2025-05-05T19:15:47.380`) -- [CVE-2025-43842](CVE-2025/CVE-2025-438xx/CVE-2025-43842.json) (`2025-05-05T18:15:41.950`) -- [CVE-2025-43843](CVE-2025/CVE-2025-438xx/CVE-2025-43843.json) (`2025-05-05T18:15:42.070`) -- [CVE-2025-43915](CVE-2025/CVE-2025-439xx/CVE-2025-43915.json) (`2025-05-05T18:15:42.820`) -- [CVE-2025-45240](CVE-2025/CVE-2025-452xx/CVE-2025-45240.json) (`2025-05-05T18:15:43.623`) -- [CVE-2025-45242](CVE-2025/CVE-2025-452xx/CVE-2025-45242.json) (`2025-05-05T18:15:43.793`) +- [CVE-2025-45237](CVE-2025/CVE-2025-452xx/CVE-2025-45237.json) (`2025-05-05T20:54:19.760`) +- [CVE-2025-45238](CVE-2025/CVE-2025-452xx/CVE-2025-45238.json) (`2025-05-05T20:54:19.760`) +- [CVE-2025-45239](CVE-2025/CVE-2025-452xx/CVE-2025-45239.json) (`2025-05-05T20:54:19.760`) +- [CVE-2025-45240](CVE-2025/CVE-2025-452xx/CVE-2025-45240.json) (`2025-05-05T20:54:19.760`) +- [CVE-2025-45242](CVE-2025/CVE-2025-452xx/CVE-2025-45242.json) (`2025-05-05T20:54:19.760`) +- [CVE-2025-45320](CVE-2025/CVE-2025-453xx/CVE-2025-45320.json) (`2025-05-05T20:54:19.760`) +- [CVE-2025-45321](CVE-2025/CVE-2025-453xx/CVE-2025-45321.json) (`2025-05-05T20:54:19.760`) +- [CVE-2025-45322](CVE-2025/CVE-2025-453xx/CVE-2025-45322.json) (`2025-05-05T20:54:19.760`) +- [CVE-2025-45751](CVE-2025/CVE-2025-457xx/CVE-2025-45751.json) (`2025-05-05T20:54:19.760`) +- [CVE-2025-45800](CVE-2025/CVE-2025-458xx/CVE-2025-45800.json) (`2025-05-05T20:54:19.760`) +- [CVE-2025-46332](CVE-2025/CVE-2025-463xx/CVE-2025-46332.json) (`2025-05-05T20:54:19.760`) +- [CVE-2025-46335](CVE-2025/CVE-2025-463xx/CVE-2025-46335.json) (`2025-05-05T20:54:19.760`) +- [CVE-2025-46340](CVE-2025/CVE-2025-463xx/CVE-2025-46340.json) (`2025-05-05T20:54:19.760`) +- [CVE-2025-46553](CVE-2025/CVE-2025-465xx/CVE-2025-46553.json) (`2025-05-05T20:54:19.760`) +- [CVE-2025-46559](CVE-2025/CVE-2025-465xx/CVE-2025-46559.json) (`2025-05-05T20:54:19.760`) +- [CVE-2025-46571](CVE-2025/CVE-2025-465xx/CVE-2025-46571.json) (`2025-05-05T20:54:19.760`) +- [CVE-2025-46719](CVE-2025/CVE-2025-467xx/CVE-2025-46719.json) (`2025-05-05T20:54:19.760`) +- [CVE-2025-46720](CVE-2025/CVE-2025-467xx/CVE-2025-46720.json) (`2025-05-05T20:54:19.760`) +- [CVE-2025-46723](CVE-2025/CVE-2025-467xx/CVE-2025-46723.json) (`2025-05-05T20:54:19.760`) +- [CVE-2025-47226](CVE-2025/CVE-2025-472xx/CVE-2025-47226.json) (`2025-05-05T20:54:19.760`) +- [CVE-2025-47229](CVE-2025/CVE-2025-472xx/CVE-2025-47229.json) (`2025-05-05T20:54:19.760`) +- [CVE-2025-47241](CVE-2025/CVE-2025-472xx/CVE-2025-47241.json) (`2025-05-05T20:54:19.760`) +- [CVE-2025-47244](CVE-2025/CVE-2025-472xx/CVE-2025-47244.json) (`2025-05-05T20:54:19.760`) +- [CVE-2025-47245](CVE-2025/CVE-2025-472xx/CVE-2025-47245.json) (`2025-05-05T20:54:19.760`) +- [CVE-2025-47268](CVE-2025/CVE-2025-472xx/CVE-2025-47268.json) (`2025-05-05T20:54:19.760`) ## Download and Usage diff --git a/_state.csv b/_state.csv index f9764bce338..58dbf308c1c 100644 --- a/_state.csv +++ b/_state.csv @@ -106660,7 +106660,7 @@ CVE-2017-6507,0,0,1e1852ee71a732d83e80ee45680ce67d4500c8f5cdd43dbc3ef38f12c712bf CVE-2017-6508,0,0,afeac0c474fc6618e1293a091d2120be2c3538a8089d0ca70380bb665f1b94f4,2025-04-20T01:37:25.860000 CVE-2017-6509,0,0,2b5c8e4422a1c2dcbc5ebc44a3ffdef6564af5133e52c29cf3256a588e7f1bbf,2025-04-20T01:37:25.860000 CVE-2017-6510,0,0,0fa31aba89188000d6db00bcdd883ab34e81c42eb3317288169110fbc9725190,2025-04-20T01:37:25.860000 -CVE-2017-6511,0,1,a5c3e07381d33440e258a8056632c7e0d7d139bf1e922a071a6554ad9de12907,2025-05-05T19:15:51.150000 +CVE-2017-6511,0,0,a5c3e07381d33440e258a8056632c7e0d7d139bf1e922a071a6554ad9de12907,2025-05-05T19:15:51.150000 CVE-2017-6512,0,0,f9dd28ebae0c34d6d30dd760994657ffc3e673be1212d1b0a41fa2bbbd384a42,2025-04-20T01:37:25.860000 CVE-2017-6513,0,0,98eac39bce293f50ac755a6ae297b2e62c907de04a714e8ba4bc50db51e7380c,2025-04-20T01:37:25.860000 CVE-2017-6514,0,0,7167cb99ae86ad5ad58596e485bad636b5a5e6e5e31ae5e1ad4d4aa4e865f89b,2024-11-21T03:29:56.157000 @@ -111451,7 +111451,7 @@ CVE-2018-10242,0,0,a4d54d2c19f263487b5ad528806ef5d67d1e10d7cb96d0fd104a1a46c808e CVE-2018-10243,0,0,757521480207a6cfed328377ee398c1e8b83dc8c3de1b1107bb70e1c1c104e49,2024-11-21T03:41:05.800000 CVE-2018-10244,0,0,927072618a5e0bd9399af563c495925ec4a8e178d9ba3d6b519aab2542190787,2024-11-21T03:41:05.947000 CVE-2018-10245,0,0,a89554cf43561e30832dd21b63274614b375060625dfdc1dbcd5222a446269b7,2024-11-21T03:41:06.093000 -CVE-2018-10248,0,1,86edea51ef844642df7d33724887c18bac45696ad22d7fc58478504dd3264daa,2025-05-05T18:10:51.717000 +CVE-2018-10248,0,0,86edea51ef844642df7d33724887c18bac45696ad22d7fc58478504dd3264daa,2025-05-05T18:10:51.717000 CVE-2018-10249,0,0,445e9cf0c9ffb7cec1e5aabb0f7a3d65492155b58e0aa05f7576fa9347226f6e,2024-11-21T03:41:06.397000 CVE-2018-1025,0,0,584d8f397c3cd32bc19952eda0c44926453aae5d29c10bc48f6e887aa110dba3,2024-11-21T03:59:01.067000 CVE-2018-10250,0,0,9d650122f14f5f9b7650586e5af9cb2088f75fe7c3d14b68cb55e1dc4047d18e,2024-11-21T03:41:06.543000 @@ -111494,9 +111494,9 @@ CVE-2018-10306,0,0,1fdb60627486330f307b2e22bdf3a6352ccee87c323dfaa79583222cc7866 CVE-2018-10307,0,0,e48d45eff61324d00595d8557efbf885247357c6ba82c10df782224447c942b1,2024-11-21T03:41:11.327000 CVE-2018-10309,0,0,9e616cc3569b609e7839e304c408b121ba77cee2794900083aaefbc88fe673f5,2024-11-21T03:41:11.463000 CVE-2018-10310,0,0,ed52ff268e56c48b0c0bd2538fc2cbdc95d1746195f6fe4c30d6b89897897934,2024-11-21T03:41:11.600000 -CVE-2018-10311,0,1,227ea37a18f06366d97463b25b8166324a2554ce6d180534bb2ce8eb96346dcc,2025-05-05T18:10:51.717000 -CVE-2018-10312,0,1,e1b7b4833b17d14aedb91f631df49dc94e936fd1236118785bf50beb218aca3e,2025-05-05T18:10:51.717000 -CVE-2018-10313,0,1,dc3432efb9071e57abf17b742a4a907e36a8193bb8c84f7b14abf7ec95e3ce45,2025-05-05T18:10:51.717000 +CVE-2018-10311,0,0,227ea37a18f06366d97463b25b8166324a2554ce6d180534bb2ce8eb96346dcc,2025-05-05T18:10:51.717000 +CVE-2018-10312,0,0,e1b7b4833b17d14aedb91f631df49dc94e936fd1236118785bf50beb218aca3e,2025-05-05T18:10:51.717000 +CVE-2018-10313,0,0,dc3432efb9071e57abf17b742a4a907e36a8193bb8c84f7b14abf7ec95e3ce45,2025-05-05T18:10:51.717000 CVE-2018-10314,0,0,71281e87b95dacd4b0e76241fa375caef605bb1d5c7a58876d5788ba15c37bf9,2024-11-21T03:41:12.187000 CVE-2018-10316,0,0,136f3f048b91496c85305b92a49abe35fb26cc58b2ab4c418a05ae339790779f,2024-11-21T03:41:12.333000 CVE-2018-10318,0,0,e82ed9def94b404ec538ca071aa280f347906b1fa89fc52650e2e3367fd5ae8c,2024-11-21T03:41:12.480000 @@ -111550,8 +111550,8 @@ CVE-2018-10363,0,0,bb6ad565e195d800608266a0eaa526bbc1aa1270bb013d6e3d639b294e63f CVE-2018-10364,0,0,6b1ee6de152b5df15d131ff21766b5119ed980eb9493ac2ce92444fa173e01dd,2024-11-21T03:41:16.230000 CVE-2018-10365,0,0,ad9c27142498ad9a452d1c50de475a852a0de08f4305ccbaca4e80b6127981ba,2024-11-21T03:41:16.377000 CVE-2018-10366,0,0,99401027f49fda8903ee45d255282c61a64672e3d310ff9fa6dd6c522209db5a,2024-11-21T03:41:16.520000 -CVE-2018-10367,0,1,abba2c0a8c171e0f7c83bfcb78c65459ea99338a4446421d66efa02c23312248,2025-05-05T18:10:51.717000 -CVE-2018-10368,0,1,bc00917121cf15be5e2668b7cf06bb6c1515bb37e84d7d4d57bb20e2e0c17673,2025-05-05T18:10:51.717000 +CVE-2018-10367,0,0,abba2c0a8c171e0f7c83bfcb78c65459ea99338a4446421d66efa02c23312248,2025-05-05T18:10:51.717000 +CVE-2018-10368,0,0,bc00917121cf15be5e2668b7cf06bb6c1515bb37e84d7d4d57bb20e2e0c17673,2025-05-05T18:10:51.717000 CVE-2018-10369,0,0,f07520fae3f6c6a6fa24ca8fc9853e519b5b1a979837633276b908f21e826a53,2024-11-21T03:41:16.927000 CVE-2018-1037,0,0,b09c8b1c6104e5327eeaf3808b6155aa0e410c1321fede53104e7c57e959a22c,2024-11-21T03:59:02.330000 CVE-2018-10371,0,0,c5b5e5fb1983b0c477d0ed99572c63516c858947987464e208bb0b41b947fc93,2024-11-21T03:41:17.067000 @@ -111571,7 +111571,7 @@ CVE-2018-10387,0,0,fc188c47d22fe95e454c2c8757b84c28a6972c9d9e1fc79123f1781842705 CVE-2018-10388,0,0,51d919709f8000245d0b16d2bed862f1f7eae16cc0b027d0f53adeddee0a0e01,2024-11-21T03:41:18.940000 CVE-2018-10389,0,0,1cf9f17d10118103143ba687303ad5b8fac11386e0a6eee9fcc2dd839b8f85f4,2024-11-21T03:41:19.090000 CVE-2018-1039,0,0,3c53db8f4da8d260548857fdf5423a25d0b415942c0692a343e8889df3010cdf,2024-11-21T03:59:02.593000 -CVE-2018-10391,0,1,910b2ed8df975fd99731d76c805d8ff8dc4e5ba28b37354be306d51767d8c25c,2025-05-05T18:10:51.717000 +CVE-2018-10391,0,0,910b2ed8df975fd99731d76c805d8ff8dc4e5ba28b37354be306d51767d8c25c,2025-05-05T18:10:51.717000 CVE-2018-10392,0,0,bb733875ded2db210891dc4ae81040ed56f6d81ed25504dddcbd2ba4161c4a79,2024-11-21T03:41:19.387000 CVE-2018-10393,0,0,63d54a1f306079a334bff416c682e83e99dee72806a332cbfad527a9fc47e5f4,2024-11-21T03:41:19.557000 CVE-2018-1040,0,0,c7e8641f57bed780118210d36425dafed610b98041ee7c7321ed8a30b0635b1c,2024-11-21T03:59:02.777000 @@ -112555,7 +112555,7 @@ CVE-2018-1149,0,0,549d06401e74899571e74bac0dc6581deed25c8aa31ba7fdeebccb8f7a8367 CVE-2018-11490,0,0,adab5fc6ea1a8ba369a4393e437e28579fbb15e2f4841ceb6e4ddc83758dabea,2024-11-21T03:43:28.430000 CVE-2018-11491,0,0,0504c5d4917f9b8a4174186ffed0347050bfb4b166b94a77c86c63955712d43d,2024-11-21T03:43:28.580000 CVE-2018-11492,0,0,5f25b2ddd7a3f04e9870a5f76c59af5982d60f4ae37e60f518e66a6d6108c665,2024-11-21T03:43:28.710000 -CVE-2018-11493,0,1,ece9f7a556ea9fdf85295bd711960bd5b90b53b88523e6a76730b392d2361341,2025-05-05T18:10:51.717000 +CVE-2018-11493,0,0,ece9f7a556ea9fdf85295bd711960bd5b90b53b88523e6a76730b392d2361341,2025-05-05T18:10:51.717000 CVE-2018-11494,0,0,814379bd57ce9706803a50b590cabe6b9e9da44b80bc4d8ebc2e4c9f63391e26,2024-11-21T03:43:29.020000 CVE-2018-11495,0,0,27fda5626f13417f3aafca53d6e12939791531671413d4efa2868e000fa9557b,2024-11-21T03:43:29.193000 CVE-2018-11496,0,0,6a71def4f8636703a3933c9ed91ca58424e665c4d7505c4d1489afc1dea3a32d,2024-11-21T03:43:29.330000 @@ -112587,7 +112587,7 @@ CVE-2018-11523,0,0,f36c7ccff501a7e62ac935ccdde0ebd8acb5728e6289e5a6a7f47fea3582c CVE-2018-11525,0,0,09a561ae15b30770da1611a521b9ddf11858fa954cf9f1325a442955f5e376b2,2024-11-21T03:43:32.763000 CVE-2018-11526,0,0,306565a1f50f43a712677148700f71444f8fb9504c8b021e2dca456c7c2ac8e0,2024-11-21T03:43:32.917000 CVE-2018-11527,0,0,61ba05ab9ce63eefd59779ebc25f03b98882b3cc6035127726907348cbd509a8,2024-11-21T03:43:33.063000 -CVE-2018-11528,0,1,e0cbb48a119a416bd94f19720d10083fcdfa6ae29ed1bea875dc30e2c6e623a0,2025-05-05T18:10:51.717000 +CVE-2018-11528,0,0,e0cbb48a119a416bd94f19720d10083fcdfa6ae29ed1bea875dc30e2c6e623a0,2025-05-05T18:10:51.717000 CVE-2018-11529,0,0,1a070cdb1ea19482933d3807444a5adb997253427952847b54fff11510849fd7,2024-11-21T03:43:33.350000 CVE-2018-1153,0,0,ebf0842c2719dfab90d1794f23c06c724b97579b295a169256a7d43c07bb7f1a,2024-11-21T03:59:17.753000 CVE-2018-11531,0,0,f0846cac0be329b7d045f505b12073d61826aa566c5ce38369fe9644ad1164f0,2024-11-21T03:43:33.523000 @@ -112605,7 +112605,7 @@ CVE-2018-11545,0,0,37f21942f15b80c2a4b417943fc805cabea0a4328b6d9f8a615d9e588381e CVE-2018-11546,0,0,775a8708461c7a9bfc3e2d7f0860ed30f4261e16945625b1c95909d33a1ffc06,2024-11-21T03:43:35.143000 CVE-2018-11547,0,0,54c45f036d21061b22b11f72f9019ef7ccd2df25329209c21d86b4cb17f21cd4,2024-11-21T03:43:35.290000 CVE-2018-11548,0,0,8674387d040afec3df7a388feb32cee69d3efcb4b51a4d5f42d8ed81d8ac9eaf,2024-11-21T03:43:35.433000 -CVE-2018-11549,0,1,d2ae0b21a5f29fedfe60e4f2786e411dc1fa1750e2de5f278b949e58dee201de,2025-05-05T18:10:51.717000 +CVE-2018-11549,0,0,d2ae0b21a5f29fedfe60e4f2786e411dc1fa1750e2de5f278b949e58dee201de,2025-05-05T18:10:51.717000 CVE-2018-1155,0,0,88484f9af93dc815b2d0e3344062f66518640cb8824e3225ec80041713f07d85,2024-11-21T03:59:17.970000 CVE-2018-11550,0,0,f19404e9886aa5c2bc686673ef8d4675d9ec6851727c43bc53e2b766d920fb1e,2023-11-07T02:51:42.393000 CVE-2018-11551,0,0,aef5ebbfe3131512ebed0fabd430b6e603ee61309398497702bfd2b676dc14b4,2024-11-21T03:43:35.750000 @@ -115231,7 +115231,7 @@ CVE-2018-14503,0,0,68b29b31a461932a795f754d9cf9cb5f914f377d468df77796700cc452adb CVE-2018-14504,0,0,86c7bdc2f485d83f6ff3c15b826408c10c8f002cdc2277887636b2d39c1c8671,2024-11-21T03:49:12.887000 CVE-2018-14505,0,0,ca3188d3ac93005d5daba7360ad57b2cbc4cb0f41e92c7722cea8f8d7d815eec,2024-11-21T03:49:13.043000 CVE-2018-1451,0,0,d8e4e35ec2c636c797e4ba70c2be86abe8273ceb9ddc25c42c8ce09b893ad190,2024-11-21T03:59:50.747000 -CVE-2018-14512,0,1,60ee58fa43e2e1d4906b6ea5534c6dcba1f154472739e3c3b205b8b5200562ea,2025-05-05T18:10:51.717000 +CVE-2018-14512,0,0,60ee58fa43e2e1d4906b6ea5534c6dcba1f154472739e3c3b205b8b5200562ea,2025-05-05T18:10:51.717000 CVE-2018-14513,0,0,4ef8d74ea86fefa67a7682a25317f012793e3c7a2f18d40818549496928bde83,2024-11-21T03:49:13.340000 CVE-2018-14514,0,0,6aed0d86a5c20bedc783010f8199368ad829eac6137fc80c712d385a216ae621,2024-11-21T03:49:13.550000 CVE-2018-14515,0,0,1fa5619533c6d71b8e4a171de2bf7c37df8261604b5ededa6ed2e1e2048d237a,2024-11-21T03:49:14.563000 @@ -117651,8 +117651,8 @@ CVE-2018-17420,0,0,36ab8b67a9e720ef491280d60c90e66aa7507464477015a60d77f47156cbe CVE-2018-17421,0,0,32a771ebf588f5d506fb882ce2b535b4f5cbbff6f8ffba95a132c78df4e56814,2024-11-21T03:54:22.663000 CVE-2018-17422,0,0,82d31cfa17397ab6efcb8419137920e0d0b969f280185c3108ccfb278f0073f2,2024-11-21T03:54:22.803000 CVE-2018-17423,0,0,614520257f5f72218e62d810dfc3a3b6f1167ef6218743407bb0c23a4c4d50cc,2024-11-21T03:54:22.947000 -CVE-2018-17425,0,1,9c2f06fa8afc5857426b62fc2c014baee6649807c4b45b62c1fc1f6ba8ce090e,2025-05-05T18:10:51.717000 -CVE-2018-17426,0,1,738fec268c081f452de68e0ef3225500cae25d173d53cdf7c4aedd4d8aeb442a,2025-05-05T18:10:51.717000 +CVE-2018-17425,0,0,9c2f06fa8afc5857426b62fc2c014baee6649807c4b45b62c1fc1f6ba8ce090e,2025-05-05T18:10:51.717000 +CVE-2018-17426,0,0,738fec268c081f452de68e0ef3225500cae25d173d53cdf7c4aedd4d8aeb442a,2025-05-05T18:10:51.717000 CVE-2018-17427,0,0,94503a9040c338d9f5835759b95907a96d65208978687ae68bfbe17f8cdf8ba7,2024-11-21T03:54:23.383000 CVE-2018-17428,0,0,1bccc6cfebd5f7cd0fe63aeb4e6995c4d7907ffd16ff3ce4fee7df25fe344a4d,2024-11-21T03:54:23.527000 CVE-2018-17429,0,0,9fd7cea086a64f656a45aa3b602c3a3b72217a2ff2b5c06f2c6a07e82b3bf9ed,2024-11-21T03:54:23.663000 @@ -118661,8 +118661,8 @@ CVE-2018-18708,0,0,4af4b7b5ca971a3adc257d0e2f52d28848abefb4e84f8186e76abdfdec92b CVE-2018-18709,0,0,d05affc20316813d87e8d0bea81cdca27bb6afadcfff37ef67eb3827fe85717b,2024-11-21T03:56:25.177000 CVE-2018-1871,0,0,41846e08c2280d251a5f1e0d370f8fb5b9a04f6b4676ca9b02fd72f0e3b237b2,2024-11-21T04:00:30.813000 CVE-2018-18710,0,0,31aa6379e91615ce591037f778627da6334de2d64410e725666100c17dbad6be,2024-11-21T03:56:25.320000 -CVE-2018-18711,0,1,8d80b4afd065b66e516447e3c20733e0ea3843ccd9595e428db3de97b590f939,2025-05-05T18:10:51.717000 -CVE-2018-18712,0,1,b7e4e748dfe4bfed7d4d4f7a0bf2d73f7771a783d31bea558e9a81999ac695ff,2025-05-05T18:10:51.717000 +CVE-2018-18711,0,0,8d80b4afd065b66e516447e3c20733e0ea3843ccd9595e428db3de97b590f939,2025-05-05T18:10:51.717000 +CVE-2018-18712,0,0,b7e4e748dfe4bfed7d4d4f7a0bf2d73f7771a783d31bea558e9a81999ac695ff,2025-05-05T18:10:51.717000 CVE-2018-18713,0,0,a6761c30a352e2225a486a2f3526801e31cc133e2472fa43a56af3322a6a0103,2024-11-21T03:56:25.797000 CVE-2018-18714,0,0,728249d7cce14e6e96ca0f9e3723c922c8652721a632dbb9b96671e8e25918ff,2024-11-21T03:56:25.953000 CVE-2018-18715,0,0,9310b6709fba840d5bbdef784525b71692036e88b3d248f9e74f68f6f34c9c5a,2024-11-21T03:56:26.097000 @@ -118868,7 +118868,7 @@ CVE-2018-18934,0,0,bfdf01976c99f1867d555d3c59d9aa076c4c2996a7115cb11751ba34ddc1e CVE-2018-18935,0,0,d930edd6bd20a7277993a2d904e0e3f97a7acd08e06f204ea3c881f0587870f6,2024-11-21T03:56:54.280000 CVE-2018-18936,0,0,a89b4a86ae38458419814d732a0d81f3796226f4f90099efe77dc56f09ef4f9c,2024-11-21T03:56:54.423000 CVE-2018-18937,0,0,c31457a948b39bfec0e166d3b4d0c693b5be3f368b6f2a7538a305ee3ee5b969,2024-11-21T03:56:54.570000 -CVE-2018-18938,0,1,dfcfd6c4dcafacc3e9008b42de951bea6ef24f252ce876dded32f960d3df9180,2025-05-05T18:10:51.717000 +CVE-2018-18938,0,0,dfcfd6c4dcafacc3e9008b42de951bea6ef24f252ce876dded32f960d3df9180,2025-05-05T18:10:51.717000 CVE-2018-18939,0,0,a242fb5da19a5e953f1357022351750e0efb868242fd84c0544c79d40f200630,2024-11-21T03:56:54.850000 CVE-2018-18940,0,0,c7ff0ebe7ac121589ad82bdb838edd0373517c753d1b6e353c2722d547de61f1,2024-11-21T03:56:54.993000 CVE-2018-18941,0,0,eee8e723b36a570c23e575d268b024e7371a1325c7e8b862c52e7c3a8691b7b5,2024-11-21T03:56:55.150000 @@ -127203,7 +127203,7 @@ CVE-2018-9860,0,0,23fdbf22669a38e75bb072215b18f79f009d4cd305c20a07d210738bdf29e4 CVE-2018-9861,0,0,348d0454db7781bb4ec4a4c3c0f63fb014addf1f36bd9c6ddb581c5e5e78614b,2024-11-21T04:15:49.717000 CVE-2018-9862,0,0,40b7ac49f0c9b272a65f50e6bcc09c26659afe8e1adecf68b3d0b158c44f6cb2,2024-11-21T04:15:49.883000 CVE-2018-9864,0,0,5d1ed9af69492416f946dd0291053e4eb04de8d15581ff323f006239b189a01e,2024-11-21T04:15:50.030000 -CVE-2018-9866,0,1,d6104ae4f4f7a2db9df302fd6f25f95d92feddb0bd2b4779573f5f6a1a741eae,2025-05-05T19:15:52.430000 +CVE-2018-9866,0,0,d6104ae4f4f7a2db9df302fd6f25f95d92feddb0bd2b4779573f5f6a1a741eae,2025-05-05T19:15:52.430000 CVE-2018-9867,0,0,29d1467f482a7be57d49718261a12e789992913ddfefa9594f9379bffb320fe3,2024-11-21T04:15:50.300000 CVE-2018-9918,0,0,9e6fa9ea9f146c2d3d3bea14cd9ca9793cafcc31eb7a4c371385f8b2d5e0f4ec,2024-11-21T04:15:50.427000 CVE-2018-9919,0,0,2b45bb26a92383b02a1cdb0069d64264a910bac70a6f32c5a5870f4d16b2c350,2024-11-21T04:15:50.570000 @@ -142653,7 +142653,7 @@ CVE-2019-8058,0,0,cc49d48be8e938e8fe272489da3aed24fef29ddbba0b958af92eb8b33246c4 CVE-2019-8059,0,0,b8183cbba2b9fc6ee7b2c38a9b27632d084f302904ef3c67a3f116639509e45b,2024-11-21T04:49:12.760000 CVE-2019-8060,0,0,c5b717e13593796e23446e8628672bd2a3d7aa03f602f27840da235bb3018de7,2024-11-21T04:49:12.873000 CVE-2019-8061,0,0,22c99d7746ad17ce638160159f66d5de1b3b2d62d34ff52dcc2c37ab1ea32e29,2024-11-21T04:49:12.993000 -CVE-2019-8062,0,1,71d36d00b92cf2b36ad11b118aaf97b71f6d8153accc99b73eca6ea178bc7180,2025-05-05T19:15:52.637000 +CVE-2019-8062,0,0,71d36d00b92cf2b36ad11b118aaf97b71f6d8153accc99b73eca6ea178bc7180,2025-05-05T19:15:52.637000 CVE-2019-8063,0,0,121b26be224fb75b5908d776bdc692f8eb6b65feaffbcd0fb8a31224e3225a66,2024-11-21T04:49:13.213000 CVE-2019-8064,0,0,a7ae62fe2ffd8fc77f851e3b37a5bd0ed1e6efa5f9a5190b42d844cbb1e29ddc,2024-11-21T04:49:13.330000 CVE-2019-8066,0,0,9159611c99160e1a1113b8415c37ccde8bc99a9cac621b0f250e024b688214cd,2024-11-21T04:49:13.453000 @@ -143537,10 +143537,10 @@ CVE-2019-9103,0,0,79ac74e356a8e326912e0bbbbe07f81000ff82ae5993e63bc6a679daa1b0f3 CVE-2019-9104,0,0,e07068cd3aa252afeff56f46f6a5bb61f8f44e0273fad4b8b2b10b6222cff5eb,2024-11-21T04:50:59.400000 CVE-2019-9105,0,0,e3443a76555ce36cab690a482af3b0a29c6f3d4086e6be3308dd05e0dcaa70dd,2024-11-21T04:50:59.550000 CVE-2019-9106,0,0,d1753d9d1179b0e532f893d216cb42737db3d56c71fd1c9897ea21111ed0c135,2024-11-21T04:50:59.690000 -CVE-2019-9107,0,1,577f72a683488bd60e277674ff10aa821f8707fde3a1fc3c4bad643fa820e9f1,2025-05-05T18:10:51.717000 +CVE-2019-9107,0,0,577f72a683488bd60e277674ff10aa821f8707fde3a1fc3c4bad643fa820e9f1,2025-05-05T18:10:51.717000 CVE-2019-9108,0,0,244ec3b018000d832dd3b767fef9dc80ca480fe39666fc2cb419d8433452db1c,2024-11-21T04:50:59.970000 -CVE-2019-9109,0,1,056fa9c9ea26f2116d608d5243b01c4e21e1626107c533ddb295a9756b6a43d2,2025-05-05T18:10:51.717000 -CVE-2019-9110,0,1,544938195490a4e28f172b0788f0d43c3c9b7755a75f51e3b0c87c7b6db4b062,2025-05-05T18:10:51.717000 +CVE-2019-9109,0,0,056fa9c9ea26f2116d608d5243b01c4e21e1626107c533ddb295a9756b6a43d2,2025-05-05T18:10:51.717000 +CVE-2019-9110,0,0,544938195490a4e28f172b0788f0d43c3c9b7755a75f51e3b0c87c7b6db4b062,2025-05-05T18:10:51.717000 CVE-2019-9111,0,0,ad5e6254e3ac19c87a3269eacf5b75ac4a480dbf8c65774efa4417caccc6b9d9,2024-11-21T04:51:00.407000 CVE-2019-9112,0,0,9e46208b591822c50f55ef77aae98d616bc10d466499916777f6a1383b9eb31f,2024-11-21T04:51:00.540000 CVE-2019-9113,0,0,3ffb6a5f50bf1fc8fe8833f7c2c379a81f3e5c68ebbd15e9506ea38c817431ef,2024-11-21T04:51:00.673000 @@ -152629,7 +152629,7 @@ CVE-2020-19767,0,0,34c0182452e27e784b7860a3fe21f6a14a94672158268a671c9ec787b383c CVE-2020-19768,0,0,a5b095a36583f667b75dfe0da1199ba6dc6af01ef9b81e89878b9e990f75d044,2024-11-21T05:09:23.747000 CVE-2020-19769,0,0,869afd827502ee2e35aa27c310b4885f409ef4055d1e272f773541e1c743d2bc,2024-11-21T05:09:23.890000 CVE-2020-1977,0,0,b75b53418566d13429e6ad0330f3ecc25b22eaabe086821504a7122f8a56cf43,2024-11-21T05:11:46.283000 -CVE-2020-19770,0,1,de690b8b8166d4396d814ebd1514308e96cd4fe8926fdc1a8ae49a696fe8f390,2025-05-05T18:10:51.717000 +CVE-2020-19770,0,0,de690b8b8166d4396d814ebd1514308e96cd4fe8926fdc1a8ae49a696fe8f390,2025-05-05T18:10:51.717000 CVE-2020-19778,0,0,509661914f1fbbd014c35fad2e8807ea946ab078b6b01c45f653ee06090a100e,2024-11-21T05:09:24.180000 CVE-2020-1978,0,0,86e48da611cde2a3047fe4299c452735c73797cf4e41b32828dda3777b151b99,2024-11-21T05:11:46.410000 CVE-2020-19786,0,0,af41913014ef275bb96154e84753cf39e2211955131cd99428b06e43f8a2ada3,2025-02-25T21:15:09.997000 @@ -152672,7 +152672,7 @@ CVE-2020-1989,0,0,f96fdd868ac90216e26a4f89965bb55967bda607882bb3ee65694c09a613f8 CVE-2020-19890,0,0,e01d45ca83ea6429129d7520dd237645edbbc6b4aa454eb27830de3ce2b5200e,2024-11-21T05:09:28.240000 CVE-2020-19891,0,0,65f0d0382fb67687cffdb8116c9804de3f6e2f38fca130c0534462e558405a13,2024-11-21T05:09:28.383000 CVE-2020-19896,0,0,052cd75573d4155bf9b60ae193c0fff9edc9181c834daa631485276d2670ad11,2024-11-21T05:09:28.540000 -CVE-2020-19897,0,1,c9406446e4b8dbfa2868591edfc925e4194f8579e4097c8e59266e9453c5ecc6,2025-05-05T18:10:51.717000 +CVE-2020-19897,0,0,c9406446e4b8dbfa2868591edfc925e4194f8579e4097c8e59266e9453c5ecc6,2025-05-05T18:10:51.717000 CVE-2020-1990,0,0,8ce8d6ad23f5013177ddfcc5394b3516a395794de9094acff9c61fdc841fcd20,2024-11-21T05:11:47.967000 CVE-2020-19902,0,0,b6b68facc7eaf789bbad0bfb25e4e01ea0f20297133ca39df0291bebca2014d7,2024-11-21T05:09:28.890000 CVE-2020-19907,0,0,902875d456533f4c4b10e99b600a68e77c1f6e3933e6d9e22d2e2a42ba41db72,2024-11-21T05:09:29.030000 @@ -152725,8 +152725,8 @@ CVE-2020-2011,0,0,573068e854e5730dc47306d180d61118a70e4590a2042abe70f870b569fb74 CVE-2020-20118,0,0,ec2b457760d9cbf6859d866a7ecf7395b907f4706a9c63a014c6942090ce851d,2024-11-21T05:11:50.680000 CVE-2020-2012,0,0,5f3b2d902d1899bbb7803d9c67183b16304097803bd69826af3337607989a414,2024-11-21T05:24:26.830000 CVE-2020-20120,0,0,4ccc160c3cd2272d5b2b9a2ae16b98bd15f4a6598ad8c3c189cd7b4cf92f5573,2024-11-21T05:11:50.850000 -CVE-2020-20122,0,1,f4090bcedb4b3e945c1c81b54420dfae75b1356c85ec334cd1027f23939e2374,2025-05-05T18:10:51.717000 -CVE-2020-20124,0,1,943c558fa12dc9a9f2e19f5d251a8c4e38fa13c2860ef78bb349dd0ad10e3996,2025-05-05T18:10:51.717000 +CVE-2020-20122,0,0,f4090bcedb4b3e945c1c81b54420dfae75b1356c85ec334cd1027f23939e2374,2025-05-05T18:10:51.717000 +CVE-2020-20124,0,0,943c558fa12dc9a9f2e19f5d251a8c4e38fa13c2860ef78bb349dd0ad10e3996,2025-05-05T18:10:51.717000 CVE-2020-20125,0,0,ebcd63949853d13bb73af40be0b8673acc8fbc71a1ea31e9c353e95b9ebd6bda,2024-11-21T05:11:52.113000 CVE-2020-20128,0,0,ae8a404c80709efbbae08038eecf84bd901585f207d1fd565d762b8e20f05e28,2024-11-21T05:11:52.260000 CVE-2020-20129,0,0,2ec9f5856a33233600e2ef37e3574c1cd7e20061a1887552ab5c46772ac223ad,2024-11-21T05:11:52.417000 @@ -173702,7 +173702,7 @@ CVE-2021-28651,0,0,29692802c62c3127862795e3a702650452baf16c7410be0b0917da4bdaac4 CVE-2021-28652,0,0,2dd1528d6acc4143a8a581feac783cfd0fd299526d271d0f7e66418c3a2a65bf,2024-11-21T06:00:01.900000 CVE-2021-28653,0,0,542db028ec781e36406b9beb45352a46667d72806928b03a3941bebaa4dc3988,2024-11-21T06:00:02.120000 CVE-2021-28655,0,0,b62f6fca6055d16dc2d814eb9178c060737f51291d9cf73bca46c380f16e15ee,2025-04-17T16:15:23.250000 -CVE-2021-28656,0,0,6eabe47a5fff808c80d2de680e718dd70af4dc95720abc87a47018419de785a2,2024-11-21T06:00:02.420000 +CVE-2021-28656,0,1,0f68db9c3d50b2f3eb7e0a64117aaa7fb27b9dbebbed81c1054bb5e9d312025e,2025-05-05T20:49:50.420000 CVE-2021-28657,0,0,7bba244489588d286985d30c08383e7b7926103c96a2db45e7f4898bbe7ebe8e,2024-11-21T06:00:02.613000 CVE-2021-28658,0,0,2e2c72909aff60bd6e3ca99ab0b0cf929e00df5fb983c569f10734b8b1022791,2024-11-21T06:00:02.827000 CVE-2021-28660,0,0,47782f4300770f739f680cec3ffa74309170eaf0f3836d8e4fa9cd0e190f2329,2024-11-21T06:00:02.993000 @@ -191351,7 +191351,7 @@ CVE-2022-21542,0,0,40a5bcc12eabf6258801e78e6dc2d267a4fe441026d924242ff67b3e7342b CVE-2022-21543,0,0,c76ee9b7a29c0e131577bf6b9934c1cb1bf0c1670a2ed75054ba6efb261c3c24,2024-11-21T06:44:55.483000 CVE-2022-21544,0,0,11c2ecfdea00503bacbb9472730fdae5939e1310a2f31bda79dcb601f471d00c,2024-11-21T06:44:55.610000 CVE-2022-21545,0,0,20632a8e5e2d297e5dc5567814288b9e21b0351e381ffd66dae3b43622145575,2024-11-21T06:44:55.737000 -CVE-2022-21546,0,0,8f2496a7938694aa74527ed7c0aa917d1b49a5e6a24b792276ab7326246b066f,2025-05-02T22:15:15.290000 +CVE-2022-21546,0,1,4141cb07f8d13415e5a2633dc6de35076ffb5b79637757511c9f61bf4c8b91bf,2025-05-05T20:54:19.760000 CVE-2022-21547,0,0,7852e220889c5dd0ad167f791cca7bdf9f02c7853c53e39a323f705bd216b802,2024-11-21T06:44:55.867000 CVE-2022-21548,0,0,2a9883299b3d40c55b8600f291a673339f0f880aee096b244247faec73a7804d,2024-11-21T06:44:55.990000 CVE-2022-21549,0,0,5cad69ea91cedb7215bdf3e9009750377e2eff3f29cefe9b81dff221fa824e82,2024-11-21T06:44:56.113000 @@ -193524,7 +193524,7 @@ CVE-2022-23863,0,0,656784c55f962e89341a3d497a0acc2adbd3b87bfc05ff1fc7a6e353a8878 CVE-2022-23865,0,0,4159c30a437c77ff0a7d3a32d9a8a3ef803b511d175f6f2b796cac1433fa07df,2024-11-21T06:49:23.373000 CVE-2022-23868,0,0,cce6dcf2b22563328434513b1da0481a3658b517f8e9e5b94ed68f1599d661d5,2024-11-21T06:49:23.507000 CVE-2022-23869,0,0,eec411f915641ddc2c05489e7f72e6e849092b709fe17be6c85c8dce0b8d99d7,2024-11-21T06:49:23.640000 -CVE-2022-2387,0,0,d96ccec35fe6dac938faf35c273e962ae370ff7017ec16504665d716c2c2ea97,2025-02-07T19:44:53.660000 +CVE-2022-2387,0,1,2dc40af1f60db58aca2b003eb298f83fe38276c9425dfadf54014e21755b0373,2025-05-05T21:15:45.570000 CVE-2022-23871,0,0,1e64b6fad5dcb9f22439db32d6f600f39e91cf43109736a66d98f3a29c189208,2024-11-21T06:49:23.780000 CVE-2022-23872,0,0,64385cb0c21691c5911ddd623b3e73752b79e2e9d9157366ead093bdd31adaec,2024-11-21T06:49:23.920000 CVE-2022-23873,0,0,ed33b1cdfed8dcac1efcc4e4acabc0d8f06055670e05aacc6ec9873673593870,2024-11-21T06:49:24.057000 @@ -195333,7 +195333,7 @@ CVE-2022-25914,0,0,ea85b3d20fcdba40e98a1f2cdcd647c8276d14d85844e934ba691037c0cb5 CVE-2022-25915,0,0,5aa003b7e1f84307c964e23607671f46a7f7788a33952f993ccefd1f2966489a,2024-11-21T06:53:12.477000 CVE-2022-25916,0,0,dce8b45aa57b4dc4edbd177863ae087ff5c96770b5950542262a7324dcde11f2,2025-03-27T14:15:18.600000 CVE-2022-25917,0,0,9bd770e6850cc2e12264df689badff3efaa99220946ea2457a30300e0f4a7b1c,2025-02-05T16:15:31.900000 -CVE-2022-25918,0,1,a407067a9844c3ddbafad7e8349f0334f1ff8ce14e847d90540e6441941d27a6,2025-05-05T19:15:53.727000 +CVE-2022-25918,0,0,a407067a9844c3ddbafad7e8349f0334f1ff8ce14e847d90540e6441941d27a6,2025-05-05T19:15:53.727000 CVE-2022-2592,0,0,40cb734077644b941ec8702ba654ad6b21b7e972565529118853c5120586b075,2024-11-21T07:01:18.747000 CVE-2022-25920,0,0,66d9c2abde03e238bc19825aae4ee75ced60aa5e228ae6eaf08c2f0c78540ed4,2023-11-07T03:44:53.053000 CVE-2022-25921,0,0,28462eae06dda4a8e508c4b9e5a723da242b2236da4033e3198620b08cff7309,2024-11-21T06:53:12.970000 @@ -196268,7 +196268,7 @@ CVE-2022-27105,0,0,a161dc32841ee330f832d3ed7f20f7bf5e46321b7d6d104edbb9c4689a675 CVE-2022-27107,0,0,73a3471041916ba53a213cf6d28be40177a78ef3bb4d6b49171582c568b230b1,2024-11-21T06:55:08.747000 CVE-2022-27108,0,0,e50a4608d393c359f31b71f13f60284027486834b96f12e4c0f5ec2bef3ceadc,2024-11-21T06:55:08.970000 CVE-2022-27109,0,0,5990631a908d5a5378ec7435d95c18cf49c8efa1f8de354fd0652d10bb752534,2024-11-21T06:55:09.190000 -CVE-2022-2711,0,0,04105ad9eca73633f3b41b6499a5c88db45a58601b4cc1117c1c1a8f613a8165,2024-11-21T07:01:33.883000 +CVE-2022-2711,0,1,72953f02384c60f7d09ec469ae226c67bd54f6073edf6a9faa8a5d31ef6d6d31,2025-05-05T21:15:46.147000 CVE-2022-27110,0,0,6dc83c0b63d5f3a2c655d37d7d310cbeb179bb4eef8ad22cd594ade89495d9ac,2024-11-21T06:55:10.290000 CVE-2022-27111,0,0,a2dd39842a2bed44993b32ddfa039dd48b727b0e7018b5c52a0c1136c3cd8686,2024-11-21T06:55:10.490000 CVE-2022-27114,0,0,23fc7d73a67ca4484c827584d2c2609698b119029b76cc29d821bbb4dbfe02f6,2024-11-21T06:55:10.707000 @@ -196503,7 +196503,7 @@ CVE-2022-27427,0,0,1414131cea9dc91f1d4275356915d7d04ce3229fc70cc9f37ee59bf12dd49 CVE-2022-27428,0,0,181f5201451f2ba3075aa414191ab60644ee070368801b08524495aeefca4a7d,2024-11-21T06:55:43.143000 CVE-2022-27429,0,0,ccaa3e0cfdad0f90f2372c790d07b8a04e9ce0a48f54b90d8db6629aee087d96,2024-11-21T06:55:43.280000 CVE-2022-2743,0,0,70d8e2f05986404571e262b6a69f5b8716627210c62647ceed9b1a004fa81943,2024-11-21T07:01:37.360000 -CVE-2022-27431,0,1,d3e469a8ca08dc71e883c1b9d8206cc1dc9c0b1a6601edb7283c77c448f1c7be,2025-05-05T18:10:51.717000 +CVE-2022-27431,0,0,d3e469a8ca08dc71e883c1b9d8206cc1dc9c0b1a6601edb7283c77c448f1c7be,2025-05-05T18:10:51.717000 CVE-2022-27432,0,0,e9607c83dc3678d63ecc00361086080da1f6760033d8d46cd7a25625d0524e28,2024-11-21T06:55:43.570000 CVE-2022-27434,0,0,263048d651fdba63ba60bf03989f0052ffa8b098180128440e967132204d1808,2024-11-21T06:55:43.710000 CVE-2022-27435,0,0,edfbeb4a19cd6da6745afdca2f460e2ac7a425d52934a768a1b72a27e77225e9,2024-11-21T06:55:43.857000 @@ -205611,7 +205611,7 @@ CVE-2022-38712,0,0,f990b01d18be6820bab4a0f79fe62fb77d68d1f780f63e5cadfd7814ad8ae CVE-2022-38714,0,0,1a9b1ecd5ee816c30fe3f96f63791c6af4e69bac1bc3ba0ac1886f2f0cb34059,2025-03-18T20:15:16.603000 CVE-2022-38715,0,0,32c95eb50ef56a9871e7e7dd43ebf7ad3d62483d462d12d92da3e2883a88603a,2024-11-21T07:16:59.117000 CVE-2022-38716,0,0,2befc1985d6f3707af7a5205c016220638f8fdc2ffcdd2205c62c7acbc4ba9b6,2024-11-21T07:16:59.253000 -CVE-2022-3872,0,0,6ec2c6467f550b633eee81ea4454655c04d39c57a8de8e6ef11519fefc91372a,2024-11-21T07:20:24.477000 +CVE-2022-3872,0,1,52e499a85cb964abe6457ef09357313a35e74d37c5f4ba7dfd572f85e2b5a34d,2025-05-05T21:15:46.473000 CVE-2022-38723,0,0,89090455240aaba550009d5121b19c421f79e51a01d72c5372e900c907ef7f80,2025-04-10T16:15:21.310000 CVE-2022-38724,0,0,9d57f9c045044a9873b9b75028a0bfb6a1ada21fd1704e8b89d35c1dadff23e2,2025-04-29T05:15:42.413000 CVE-2022-38725,0,0,863dbe8a696e310f22f4aa84887ae88c439e14165c733a629aa180805cf70693,2025-04-03T15:15:42.010000 @@ -208391,8 +208391,8 @@ CVE-2022-42312,0,0,35fafd414277ce55bf97d952c98847f71da3677c4d490bfe47859ef95196e CVE-2022-42313,0,0,de9d7ed4b2fa7f0fd9d096bad776c59c010c3d9fb65435c9f2c4f3ddcf4b0f83,2024-11-21T07:24:43.670000 CVE-2022-42314,0,0,d010ce243f2099f1bda1713d2695faa4addcc2eb7ca8f66656cfe8a3c8cb111c,2024-11-21T07:24:43.813000 CVE-2022-42315,0,0,05c9d3c100e62c2aedfd4e55868ddf24d74ff960f708c689c2ce5694aa695b1e,2024-11-21T07:24:43.950000 -CVE-2022-42316,0,0,a29b0966c7e56614e07c90d4604cbbe97595c23adf25f46e8c8383eea3371259,2024-11-21T07:24:44.080000 -CVE-2022-42317,0,0,e86f4817ad1b4d361dbbeedb388d6c9445de77767b7964646e01d876dddd7eb9,2024-11-21T07:24:44.213000 +CVE-2022-42316,0,1,96d53a5ec60849530ef25b9fe3a1dfda91dd908aa6d1fefa4720a23d7510f7ea,2025-05-05T20:15:18.057000 +CVE-2022-42317,0,1,a6342768802373cafc403f34df6b1e3841b032bf970bc8d71eb754da0920a908,2025-05-05T20:15:18.737000 CVE-2022-42318,0,0,e9aed531dfb9c1180168c5c4874bb0dd4879f8c29d42b0da259155bd97c238d3,2025-05-05T17:18:18.180000 CVE-2022-42319,0,0,3251053432d7e60e3b84f7bb291f4870fe579b03511096aa5ce6c999c190a1ab,2024-11-21T07:24:44.503000 CVE-2022-4232,0,0,321bb549a57ce292922fb88b9fd2d6f06af38dc05723825c8a9c07777925cd64,2024-11-21T07:34:50.393000 @@ -208403,7 +208403,7 @@ CVE-2022-42323,0,0,e92854584bdabd2446bb330d4ea11c015084f2567eb109d1c3a8dec9afced CVE-2022-42324,0,0,502c820aec0f9489e777cd9cc923da89c15643658262c31acfc62833e5d6745e,2024-11-21T07:24:45.167000 CVE-2022-42325,0,0,f53bbad17feb5d88c964cf6fa1cdacbfb4bdd7cf8e8f7e256badc98b07d300a3,2024-11-21T07:24:45.297000 CVE-2022-42326,0,0,21de740a479c8b06996efc1b1394643403138331f5d2956ea75bacb31fa094a3,2025-05-05T16:15:20.700000 -CVE-2022-42327,0,0,58838e9942473c454575669f827673abdeff016cdfc72168369e016d82c4a13e,2024-11-21T07:24:45.573000 +CVE-2022-42327,0,1,72646c0a69019c01635c8f4ac72bd5d41f51f80b44adb4e61f50c86b01819bbb,2025-05-05T20:15:18.900000 CVE-2022-42328,0,0,1ef1d251b521f67068ab3f3294829b798800d45928f4a1653c3b54f8d02117e6,2025-04-23T15:15:51.370000 CVE-2022-42329,0,0,6c2aa6da9b4120d1e90516e8bc508b698967e2965bdfa9195b616183eb225555,2025-04-23T15:15:51.587000 CVE-2022-4233,0,0,503f7e66c4b20a60150196b39efa789f5faf0c5031e4e643b1f2817955796307,2024-11-21T07:34:50.510000 @@ -208715,7 +208715,7 @@ CVE-2022-42784,0,0,95784a8d2cf1379cdcd11f5f9edd72443ea4f59abf0f300883b3ac3e45f78 CVE-2022-42785,0,0,9cc900ff1c98874fc2a49f7f1713ed5d7a961acc20ee844067ebb715904e2169,2024-11-21T07:25:20.317000 CVE-2022-42786,0,0,761c233f470adaa56fb1e203572349871f3c07458d516ea4b0c3a11e4fd2ac1d,2024-11-21T07:25:20.490000 CVE-2022-42787,0,0,1c00261964f52af47d817b01ea3b06d0affc2048c76e89b9c91f9f1d281c8c79,2024-11-21T07:25:20.673000 -CVE-2022-42788,0,1,ecc8e8d996e245aaa3edd083b1dbf8969be9d5eaef8f042635861c626232dec4,2025-05-05T19:15:54.003000 +CVE-2022-42788,0,0,ecc8e8d996e245aaa3edd083b1dbf8969be9d5eaef8f042635861c626232dec4,2025-05-05T19:15:54.003000 CVE-2022-42789,0,0,bb28a04d5056ed0e3b7a33feab4468a07c9a2ae44bad87b4501dcef54dc4da7c,2024-11-21T07:25:21.040000 CVE-2022-4279,0,0,369524070a7c4a1352f74b451324a05079056a93708bf753f3ee1a13b4dd5613,2024-11-21T07:34:55.880000 CVE-2022-42790,0,0,420b585752ce90dcf65ef0200f97d1707c17e114c2ed54967736dcfcba1bb62c,2024-11-21T07:25:21.183000 @@ -208871,8 +208871,8 @@ CVE-2022-42950,0,0,20d4082bffbc77fa3560921770930640b675e908f7bc2394264650dd258e0 CVE-2022-42951,0,0,1c030da7f5ff30312033b2bc3d23eeed5ac1b7e402a7fea4ff36f2ef213b6a3f,2025-03-26T15:15:40.167000 CVE-2022-42953,0,0,1e06308b9e96596dedafb54de661b26e4eca66a689fa635df055d1db60dc0d3f,2025-04-15T14:15:33.560000 CVE-2022-42954,0,0,c7cd0bbb3a807b191d2c0198f361bfe595e5e21ef2475236f2f51b895b08d29c,2025-04-30T15:15:57.860000 -CVE-2022-42955,0,1,3c9b8e1ba669584964fb3d9ff71e4908a655c3ac8a39ca9120be373274dc1e6c,2025-05-05T18:15:36.737000 -CVE-2022-42956,0,1,3008ce43569987fe508762b1062e7cced9a5b8d3239e8ca5a9659becb1b29349,2025-05-05T18:15:37.363000 +CVE-2022-42955,0,0,3c9b8e1ba669584964fb3d9ff71e4908a655c3ac8a39ca9120be373274dc1e6c,2025-05-05T18:15:36.737000 +CVE-2022-42956,0,0,3008ce43569987fe508762b1062e7cced9a5b8d3239e8ca5a9659becb1b29349,2025-05-05T18:15:37.363000 CVE-2022-4296,0,0,95538a4b65e537a3557845a12e8b70a31c904b8375e91a729002961ad96f5e82,2024-11-21T07:34:57.730000 CVE-2022-42960,0,0,a62d6f475645814ba66f67395c6d4ec66c28084223b7fa7f65d674c127787f7a,2025-04-30T16:15:26.523000 CVE-2022-42961,0,0,7eed0c145b8de8fa0ef2b8dc53359e5a697f5cab307d59a3e3cf0f0620d4d7e7,2024-11-21T07:25:41.433000 @@ -208901,7 +208901,7 @@ CVE-2022-42985,0,0,6d833b4dcbc02c7f639fd821a7be3994403f1c65257b700c5514a6418627d CVE-2022-42986,0,0,e8c3c30f82ae751725e0f1a4959865d5d7d4f14ba6546aa469c2aaa927cbcaf7,2023-11-07T03:53:42.750000 CVE-2022-42989,0,0,f439d3465f37a65820bbaf79c65aafda254ebc569269b1533c925cdb4eb14657,2025-04-29T05:15:44.263000 CVE-2022-4299,0,0,e6fab8219cf449187712742ef29cb6f7406d1c9664898e749ae53d697821497d,2025-04-04T21:15:41.903000 -CVE-2022-42990,0,1,33c18105fc58ba0d67578d442bf28ef9a866de6cc35a9dd7795887fede257ddf,2025-05-05T18:15:37.560000 +CVE-2022-42990,0,0,33c18105fc58ba0d67578d442bf28ef9a866de6cc35a9dd7795887fede257ddf,2025-05-05T18:15:37.560000 CVE-2022-42991,0,0,e7d14a0cbd98573d2e9a43656211443bdab3e0a4823061f29ee103fd63330d0e,2024-11-21T07:25:45.237000 CVE-2022-42992,0,0,dd33bc6d00eba48a73d27f11ebfe827da87d8fa132230a4b43035db9c8211b4a,2024-11-21T07:25:45.393000 CVE-2022-42993,0,0,edebbca74de506cea350adf90528cc22a8b83ebf0dee05a1ec26c45c5bd1999c,2024-11-21T07:25:45.543000 @@ -208946,12 +208946,12 @@ CVE-2022-43042,0,0,a55b7eff867ba76bc31fd4664bafaa1e58d27ee2891dd5742de8c61e40f5f CVE-2022-43043,0,0,8796e578b4b960b51ca963142cd4b891a7759efc80f1a328c2747ee0844c8325,2024-11-21T07:25:50.990000 CVE-2022-43044,0,0,53c74f66ca19a9d94cdf44b2476cc9247ebd15d695e186023653de0419d00600,2024-11-21T07:25:51.160000 CVE-2022-43045,0,0,6483650818cbff650f3f757a699a2190a5ee667d270bb0b6e544012fa00031b8,2024-11-21T07:25:51.330000 -CVE-2022-43046,0,1,80ea25a35bb34b15e8c6c2c4da899e700ba58b051e7ca9458132690e0b530924,2025-05-05T18:15:37.740000 -CVE-2022-43049,0,1,84856401c5c3055287412637a16c5a14b2356febfaf7ffec7c416abd93621241,2025-05-05T18:15:37.933000 +CVE-2022-43046,0,0,80ea25a35bb34b15e8c6c2c4da899e700ba58b051e7ca9458132690e0b530924,2025-05-05T18:15:37.740000 +CVE-2022-43049,0,0,84856401c5c3055287412637a16c5a14b2356febfaf7ffec7c416abd93621241,2025-05-05T18:15:37.933000 CVE-2022-4305,0,0,eda7f6180dd2f78477482c02eb98ad963df6c592997cb31dc38600a4b8e5db1e,2025-04-03T20:15:18.120000 -CVE-2022-43050,0,1,a4505711fc300f5200dda2935d9afc58ca8ce0f463b061d35037a118fc45b9c1,2025-05-05T18:15:38.107000 -CVE-2022-43051,0,1,53d919bc07df2a3594d1968674f0b02472b1305cf0212351c4b362353afcd88e,2025-05-05T18:15:38.283000 -CVE-2022-43052,0,1,c6e7281e0a2e120bda5c965379826b9999a92a691867502eada349376ab8fe0a,2025-05-05T18:15:38.453000 +CVE-2022-43050,0,0,a4505711fc300f5200dda2935d9afc58ca8ce0f463b061d35037a118fc45b9c1,2025-05-05T18:15:38.107000 +CVE-2022-43051,0,0,53d919bc07df2a3594d1968674f0b02472b1305cf0212351c4b362353afcd88e,2025-05-05T18:15:38.283000 +CVE-2022-43052,0,0,c6e7281e0a2e120bda5c965379826b9999a92a691867502eada349376ab8fe0a,2025-05-05T18:15:38.453000 CVE-2022-43058,0,0,d7864ef781bad6f2a49b9f74e2def917508fc1e48c25db1427d9c8c70adcd49e,2025-05-01T15:15:55.923000 CVE-2022-4306,0,0,07e7b045aa9d351a1667711ad59312eae63454cf96522fe976d913693e8cd1f8,2025-03-27T21:15:41.030000 CVE-2022-43061,0,0,832d9c1df518d25df887a13354c8408d68cd9f1f0609d2ed61792326dca4dc61,2025-05-05T13:15:47.360000 @@ -209103,17 +209103,17 @@ CVE-2022-43293,0,0,8506cc97930c931db9e4fcee3c80dba83ef562d1c3d3788cefa636922182f CVE-2022-43294,0,0,1780fc03705715d8b9ff81bfee3ca0a734955f6728c88c4190da1a468760a509,2025-04-30T19:15:52.750000 CVE-2022-43295,0,0,e4e6c6de8dd7f3f3dcbcf9f30d9c1bbb3be7a11c7bcfc335e7f8d44335a2a6e1,2024-11-21T07:26:13.960000 CVE-2022-4330,0,0,55846e5d6a1942bd98fb9e09f5968b859e56c8657b2446753e0b5f6674170b79,2024-11-21T07:35:04.063000 -CVE-2022-43303,0,1,ac060801f3f254917054a1a54ec406c1c05121904551caff9a3c8a8772066ac4,2025-05-05T18:15:38.623000 -CVE-2022-43304,0,1,336563f5b43e6b5326d7770cca9e628c290da1cab122cbcb51e5075bfa2a56b6,2025-05-05T18:15:38.807000 -CVE-2022-43305,0,1,1cebbfb9584cd81266860d0e0d2ba6d95f877fa36bb86ca936321474495fd2bd,2025-05-05T18:15:38.980000 -CVE-2022-43306,0,1,9fee0e1ea77e563e7644fc8da72d70ad8f6f8e441b66594addede6725c019fad,2025-05-05T18:15:39.153000 +CVE-2022-43303,0,0,ac060801f3f254917054a1a54ec406c1c05121904551caff9a3c8a8772066ac4,2025-05-05T18:15:38.623000 +CVE-2022-43304,0,0,336563f5b43e6b5326d7770cca9e628c290da1cab122cbcb51e5075bfa2a56b6,2025-05-05T18:15:38.807000 +CVE-2022-43305,0,0,1cebbfb9584cd81266860d0e0d2ba6d95f877fa36bb86ca936321474495fd2bd,2025-05-05T18:15:38.980000 +CVE-2022-43306,0,0,9fee0e1ea77e563e7644fc8da72d70ad8f6f8e441b66594addede6725c019fad,2025-05-05T18:15:39.153000 CVE-2022-43308,0,0,b94a0ef725d0e1e039b30468f5be77191d0ac3679ceee6c0d2ea1cef17c69a61,2025-04-30T14:15:25.927000 CVE-2022-43309,0,0,25335bc44ff0eaaf094c1babc3cc34e726365ea079646d7153cb7f44379d21bc,2025-02-11T21:15:09.697000 CVE-2022-4331,0,0,324c3e522222b33aaeb07e99c338d86895ba38dd3746448869cd7624cb0108c3,2025-02-28T18:15:25.947000 CVE-2022-43310,0,0,757649bc790ad7dac9ef79539a75b031ee9eb6ba71da9372e74a653bee9e6274,2025-05-01T16:15:24.680000 CVE-2022-43317,0,0,5c92f7affa1327a88b24e08ee8c4c96db343d2ada2927900f507c838f8b56ec4,2024-11-21T07:26:16.077000 CVE-2022-43318,0,0,a2668c71bbd2a17809493decbc0772fa85c9c43e6b0a838d5b02acd868707dd7,2024-11-21T07:26:16.237000 -CVE-2022-43319,0,1,9405f2b664cfa39584b115f65864493c8f3ef5cb9c3eabc9ed23bf9be12d91b2,2025-05-05T18:15:39.327000 +CVE-2022-43319,0,0,9405f2b664cfa39584b115f65864493c8f3ef5cb9c3eabc9ed23bf9be12d91b2,2025-05-05T18:15:39.327000 CVE-2022-4332,0,0,648bd1880f8360d008b3e13c5b712e833d35b279d1e1f38943fbb78a251d52ed,2024-11-21T07:35:04.357000 CVE-2022-43320,0,0,801dd46b17d3ccf4872dee9343bca8a61f5b6606df0c5d1b0093e6ecc6822142,2025-05-01T16:15:25.077000 CVE-2022-43321,0,0,8ddac0bf648c34cf48f3ec865dae642dd370ff1be400da74eaad79934a69f7d3,2025-05-01T16:15:25.257000 @@ -209132,15 +209132,15 @@ CVE-2022-43340,0,0,5db857e0193b1b777f9c5fe586e64ca593781dd141374d371b29acc52a8dd CVE-2022-43342,0,0,1924ca34eed3b762a5635281a673c3880f500198eb74038f4df8f0d189a85db5,2025-04-30T16:15:28.100000 CVE-2022-43343,0,0,3a268e4483160aad7a6b3862bd4399433b97e1d217defd25181ac78f4e6c2a8a,2025-05-01T19:15:54.587000 CVE-2022-4335,0,0,ba636c67f94d81abb522fc6fcb38741449cc737db34323300f45361f041ef89c,2025-03-28T15:15:42.973000 -CVE-2022-43350,0,1,b845b61bbf84311bdfc0e07a74097ebfb0615320e1178a8bb0e92eed905cee0d,2025-05-05T18:15:39.490000 -CVE-2022-43351,0,1,8f8c16b8fb719123283bdedacdf6552f6d15819484eba9965d11f989e7ee8b84,2025-05-05T18:15:39.663000 -CVE-2022-43352,0,1,9d522bf1e7429076bd63f5c3538d2debd8d2e66be4c3c51a4b612bdf5c8f3a93,2025-05-05T19:15:54.153000 +CVE-2022-43350,0,0,b845b61bbf84311bdfc0e07a74097ebfb0615320e1178a8bb0e92eed905cee0d,2025-05-05T18:15:39.490000 +CVE-2022-43351,0,0,8f8c16b8fb719123283bdedacdf6552f6d15819484eba9965d11f989e7ee8b84,2025-05-05T18:15:39.663000 +CVE-2022-43352,0,0,9d522bf1e7429076bd63f5c3538d2debd8d2e66be4c3c51a4b612bdf5c8f3a93,2025-05-05T19:15:54.153000 CVE-2022-43353,0,0,50ec5e1d7482efee96a8b7c08f4bcb1c0e6eea3923f3fc1b683d6fd37ca57e7e,2025-05-02T21:15:22.517000 CVE-2022-43354,0,0,69eb8de1ed56c87a8698f74656fc2cad74d294562fda3b9d8606817e86bb196c,2025-05-02T21:15:22.680000 CVE-2022-43355,0,0,4903be514ec540daee350ce9e047ccb7340aa2279c25533c019aead4698d67d2,2025-05-02T21:15:22.833000 CVE-2022-43357,0,0,49710cd3fa169042a9e0bbe187a6945bb110faff0d8151512ac67e439036ab51,2024-11-21T07:26:19.753000 CVE-2022-43358,0,0,11dc4794f1b8bc43d2f46726b4033a61fe6070f59544c7f6fadcd79df5e58abe,2024-11-21T07:26:19.950000 -CVE-2022-43359,0,1,08e6b61da137130dcd0b02627afc674a39cc12fa685d5af41a9f68062bd8a034,2025-05-05T19:15:54.297000 +CVE-2022-43359,0,0,08e6b61da137130dcd0b02627afc674a39cc12fa685d5af41a9f68062bd8a034,2025-05-05T19:15:54.297000 CVE-2022-4336,0,0,c6213846d84c8eeb84cd5c6d2d9113a1416277a04a1060249af2edb42816093d,2025-04-14T18:15:26.510000 CVE-2022-43361,0,0,0653759efdee9ddb9f4562e841085997978af6c3831b7160ce7ff75ee664b399,2025-05-05T15:15:49.307000 CVE-2022-43362,0,0,01117472de2091a88d408a6914c586cc306eb03b2d7483eaa6c8cce04ddc8d5f,2025-05-05T15:15:49.480000 @@ -209757,13 +209757,13 @@ CVE-2022-44037,0,0,d2d8cc48fe43ac3fb7f464c308d1af6fb7ed211d48b0bd56a0d39833aa825 CVE-2022-44038,0,0,9569adf717bba31d206c17608bb0841dca9709faf0d8393428c9b2e3acf585b9,2025-04-25T16:15:23.983000 CVE-2022-44039,0,0,51a6b3d4c7818653ae48fda3a8e1d3a67385418d7db95bbc4b08ea94ec695b04,2025-04-24T14:15:39.200000 CVE-2022-4404,0,0,ba625c43db2864d65a0ff31257f21f8f69354cda3fd5674e2dec0e49c55a9cee,2024-08-19T16:15:06.710000 -CVE-2022-44048,0,1,b0f4cae95e73a0f9b3798d03107bdbc459d71f19810a89c5cfa33607352bacd3,2025-05-05T19:15:54.443000 -CVE-2022-44049,0,1,acc10883545f30723323a4060a3ddc4af9c6205696e72c5ff26e2573860a7808,2025-05-05T19:15:54.593000 +CVE-2022-44048,0,0,b0f4cae95e73a0f9b3798d03107bdbc459d71f19810a89c5cfa33607352bacd3,2025-05-05T19:15:54.443000 +CVE-2022-44049,0,0,acc10883545f30723323a4060a3ddc4af9c6205696e72c5ff26e2573860a7808,2025-05-05T19:15:54.593000 CVE-2022-4405,0,0,a97f9d8cb098103144f679f3d5528985d65dbf5dfab46ca9fc83404123a88ba5,2024-08-16T19:15:06.450000 -CVE-2022-44050,0,1,d61d95a40d2ea179f7e74b63d053e454dc56b54368576e4bce650ab7a7ecf64e,2025-05-05T19:15:54.750000 -CVE-2022-44051,0,1,7c0e84752e931646442cf70a03467a48eac4b0cc2498eff5170568cbb7e5ad5a,2025-05-05T19:15:54.900000 -CVE-2022-44052,0,1,096e8dd8180c596d93c78b37163c01110c90369d7a3cf27e85529b9e9dd9a868,2025-05-05T19:15:55.047000 -CVE-2022-44053,0,1,c0337ff314cbe0b6c521d94478c823e2c779c66a0158057d14beba690c0ad91a,2025-05-05T19:15:55.193000 +CVE-2022-44050,0,0,d61d95a40d2ea179f7e74b63d053e454dc56b54368576e4bce650ab7a7ecf64e,2025-05-05T19:15:54.750000 +CVE-2022-44051,0,0,7c0e84752e931646442cf70a03467a48eac4b0cc2498eff5170568cbb7e5ad5a,2025-05-05T19:15:54.900000 +CVE-2022-44052,0,0,096e8dd8180c596d93c78b37163c01110c90369d7a3cf27e85529b9e9dd9a868,2025-05-05T19:15:55.047000 +CVE-2022-44053,0,0,c0337ff314cbe0b6c521d94478c823e2c779c66a0158057d14beba690c0ad91a,2025-05-05T19:15:55.193000 CVE-2022-44054,0,0,0dbcd2803227233313f00f63b047b62d5299530fcd987f7afd97631bb66c69c0,2025-05-01T18:15:48.503000 CVE-2022-44069,0,0,cc5af01a5a577b2702b971f9ad02b8ef3e25502151afa268b801c6d6bd16b3c9,2025-04-30T16:15:31.050000 CVE-2022-4407,0,0,c9c3af685ebf2c701f4678196d6fa21172369d0cf6f76d58a3cac952dd23f8a0,2024-11-21T07:35:12.677000 @@ -212312,7 +212312,7 @@ CVE-2022-4789,0,0,666d514e5a13ae7a62ec9e8cacc8078b663453259e976db52a6c5ed8af31e9 CVE-2022-47891,0,0,2f47c6b847a20229910a5de68a3507a4706502db4587eb25ec3e6a2c92cc8336,2024-11-21T07:32:28.007000 CVE-2022-47892,0,0,fa33bc395405adce2d71e2c3c83901a37edd3ee953f8a5e42cedd8d25ec3270b,2024-11-21T07:32:29.170000 CVE-2022-47893,0,0,c550f784eeb7e2f910fc08aec898b9c9fef6e6aa5dc22f2ced703996128bb0a4,2024-11-21T07:32:29.367000 -CVE-2022-47894,0,0,7af8d7405285616f596879d8dc2e1ca1e90341b7fbb7d2bca77af9531cd0e0cc,2025-02-13T17:15:49.627000 +CVE-2022-47894,0,1,c3cbd2d8d94b11c51cdfb57ddce43f917b65af0c98ac22be886a81c9274574cc,2025-05-05T20:48:37.760000 CVE-2022-47895,0,0,e02da6a2fc9c74d4ed02317ba1b65ac05938c59fdef5980de61a066e4f8bb7cd,2024-11-21T07:32:30.530000 CVE-2022-47896,0,0,0962dff4a1558f617e8a450129033216694d634bb163178a870d841b6a4ab869,2024-11-21T07:32:30.710000 CVE-2022-4790,0,0,d76c8a510312514c59af64ef2d781d03e9ef4a75860171d291465ec8dedcc4de,2025-04-02T15:15:50.750000 @@ -214222,8 +214222,8 @@ CVE-2022-49928,0,0,5e3cc84ae7dddd23a1afca508d808b04f08a3391483a7a6ac8a709a20878d CVE-2022-49929,0,0,9405a7ff0b9c9a95fc9857cbd888f6cdc87000d222e5f4717654bef39dd6ffb5,2025-05-02T13:52:51.693000 CVE-2022-49930,0,0,b5adec445190053018f2e2a164b9b79a23f9780893169e1e015855993b3f145f,2025-05-02T13:52:51.693000 CVE-2022-49931,0,0,464559c871a2f7ef946366fbbacef4f9f8f6dd517cd7d95dce6864a06fe64a64,2025-05-02T13:52:51.693000 -CVE-2022-49932,0,0,bb903afc250194024b6dd177c47f0de61e28bed8f7ac60bd7a29ee972928282b,2025-05-02T16:15:22.070000 -CVE-2022-49933,0,0,dec9123f751ca4b30e1815cf3802764ff034e724743f3943318caa25f0f9cb15,2025-05-02T16:15:22.163000 +CVE-2022-49932,0,1,d57d102aaa6deb7e73249ba645e7677d806be48db5293978a3a6b96da4fdb9fa,2025-05-05T20:54:45.973000 +CVE-2022-49933,0,1,4625926b323425fbc9659f1cf24db7366a710b6016bb379333db5c425c8e0ebc,2025-05-05T20:54:45.973000 CVE-2023-0001,0,0,2dfbf6dbe59b530ec18f5af443ba14cd4d2a5b201d3a1ffcc25574a8da444091,2024-11-21T07:36:22.050000 CVE-2023-0002,0,0,d4360529168fea353efb6226181fd2ab0e85944e3049df689718cf07491ef7ac,2024-11-21T07:36:22.187000 CVE-2023-0003,0,0,e9130921c34a8d1b2e06e89be0ccfee8f78c6c04b42ac1af0311d8e1a3808a43,2025-02-13T17:15:52.570000 @@ -225771,7 +225771,7 @@ CVE-2023-31854,0,0,1afe22a18848e9c434b0c259f6d2c90301fa42928d2094ebf0bc1b4b52fc6 CVE-2023-31856,0,0,f4de4ba59c8554e57797f25e0888b1eb604674ed22835a10a43d6b46ab9e9216,2025-01-23T16:15:29.030000 CVE-2023-31857,0,0,ca2a7a9bc84482dea3d73e44a0e752440acc0bb6ffa23c26a88cf6a2432d6a23,2025-01-23T16:15:29.230000 CVE-2023-3186,0,0,14a8a3e02f8d6ed26188c9f463e876e766ad72b9a21434e816a4de3953e3d487,2024-11-21T08:16:39.013000 -CVE-2023-31860,0,1,9d3a580db510495fa62aefd1fc1fc96a5228074257085314af457e7092c2b884,2025-05-05T18:10:51.717000 +CVE-2023-31860,0,0,9d3a580db510495fa62aefd1fc1fc96a5228074257085314af457e7092c2b884,2025-05-05T18:10:51.717000 CVE-2023-31861,0,0,00ed8b460a421cbea6dd8b076a614dfb6e50c87d17fb1a33433f66e14cf7477d,2025-01-16T15:15:10.720000 CVE-2023-31862,0,0,183773c4fb48488b0f34d273b560a7d98eb8d59c9dafd533700dcea0bf6248f9,2025-01-21T20:15:30 CVE-2023-31867,0,0,3f97c746a106b59feb7da8efbb130c3ebd33dce765f13b1306b2c553d6ba473a,2024-11-21T08:02:20.963000 @@ -239620,7 +239620,7 @@ CVE-2023-49955,0,0,c6f9cb741793d4d402bc41f1ed723cc149f58adb8fd8863bed9f9e3cc5533 CVE-2023-49956,0,0,d6dd4d225a584118f39fcc11332136c98d06521c2751758db344a61dec8c4e92,2024-11-21T08:34:04.703000 CVE-2023-49957,0,0,40e0859d0022c68fb8fa3e1697efdbebae0273366219631a810efaf23e1fdab9,2024-11-21T08:34:04.867000 CVE-2023-49958,0,0,a47816abf8c233bed9f507dcb6b4c0dbbf07edff7beb12284b1c81d5c0bf1b97,2024-11-21T08:34:05.007000 -CVE-2023-49959,0,1,d7382b6da6d7926632253729c6fc21c63d435b41f52c7cb94b043800a71bea19,2025-05-05T19:39:51.650000 +CVE-2023-49959,0,0,d7382b6da6d7926632253729c6fc21c63d435b41f52c7cb94b043800a71bea19,2025-05-05T19:39:51.650000 CVE-2023-4996,0,0,15b342803c1f80acd3d2d39cee9fc3cf4cd0335f6d9d76ea3694b9fd4e617042,2024-11-21T08:36:25.640000 CVE-2023-49960,0,0,b32b1729b3193a2a7667d80db05e0111f9aa9f19c9c0da8b4f6644c05809a992,2025-04-25T18:09:33.990000 CVE-2023-49961,0,0,e502960afd32284c1b3cbb230bd3ef288a991750ecf23595e60cdad2fd4fcc61,2024-11-21T08:34:05.660000 @@ -239919,7 +239919,7 @@ CVE-2023-50375,0,0,be124c88fb4bb3ca7e1f7b250fc843c6b3736338d8531c103785773a68abd CVE-2023-50376,0,0,dccbf43acc9fd7b3dd16fbfbe2139276b59ceaf4190032397254fc637373a331,2024-11-21T08:36:55.650000 CVE-2023-50377,0,0,2e55e5dd0b9ea749ddd96251ca5ab5ff90e2e8f4b180745130261f7bd6023132,2024-11-21T08:36:55.783000 CVE-2023-50378,0,0,0454eb883a7466b810642c469a3a15f6ba9e92155bb9f1e7524280e2f82c443b,2024-11-21T08:36:55.923000 -CVE-2023-50379,0,0,b58e825a51cb0a16f30def1239bf7a9ef51490125672e236ea40a828126cbb95,2025-02-13T18:15:50.790000 +CVE-2023-50379,0,1,da6385dd5cc0a6cd4e1a5f8de38d67bfe2e150a4915b60e246b3170ca8a25687,2025-05-05T21:01:27.150000 CVE-2023-5038,0,0,4c238d283e75a890575a8cc3d86d933745aabcc98fceb1d1036e6b25ebb71346,2024-11-21T08:40:56.980000 CVE-2023-50380,0,0,c5ce7d4c0ba3949ab8bb0f2f3daea347cf30ad96e476187052113e987e46a57d,2025-03-27T20:15:20.650000 CVE-2023-50381,0,0,ee7d57e36ca60df4250d44e574938eb8ddcf3bd310f31deb1c9d78f7fa4c00b0,2024-11-21T08:36:56.433000 @@ -240625,7 +240625,7 @@ CVE-2023-51514,0,0,fd045876a5b64b601897d61b4879de0ef70ace44f02a5bb84fff6e9509399 CVE-2023-51515,0,0,cf6f4fc5368cadc9aabbda6e25adff7a88b955bad0dfc9c1844c5fb48208e5cc,2024-11-21T08:38:17.167000 CVE-2023-51516,0,0,5219084a60784cb1f5db9bb6a050f6beb01036a8946611649b82e32d0942d453,2024-11-21T08:38:17.277000 CVE-2023-51517,0,0,c429a7bed8dc792e55ec2da763192c17c59c800420ee41852a41287f6f787c0d,2024-11-21T08:38:17.407000 -CVE-2023-51518,0,0,ba564e0f4e58f29992bc5f0eced4e03ed2fdeba3276d58780af88a13f6908eb8,2024-11-21T08:38:17.540000 +CVE-2023-51518,0,1,8321ba5a9519b69ef0f2014f6a25eadede0ab402b18ed857192af3278c6c7926,2025-05-05T21:01:52.963000 CVE-2023-51519,0,0,fec0605cb844f196eaff682ac5dc20cc4da5ac68801fc28f6d7134669a007e4d,2024-11-21T08:38:17.730000 CVE-2023-5152,0,0,e0e7345d47320bb88865362c9247216d472fbb369a5bd0435428e121f1223b93,2024-11-21T08:41:10.290000 CVE-2023-51520,0,0,d41905c890993c1ef2db4baf2617b8c6993caa40e55571d729ace60787360dbb,2024-11-21T08:38:17.870000 @@ -240864,7 +240864,7 @@ CVE-2023-51743,0,0,2c3fd625f391eb9990011c1d90ad27fc72264e5613e2a8ab56d9c339e3367 CVE-2023-51744,0,0,6f79b9953b2ecba681c86f0075fa8d557e307b83ff632d9766b46d85c929ff74,2024-11-21T08:38:43.213000 CVE-2023-51745,0,0,adaf51f3b951ad457ba8e017e6cad48cb183b46ec151f5009239b24904c3a4e2,2024-11-21T08:38:43.330000 CVE-2023-51746,0,0,9983b83f606d188d1cd1ab76f828d27fe807ce4194761eccf9ab0087796dedd7,2024-11-21T08:38:43.460000 -CVE-2023-51747,0,0,16861328eaa7ade691548817eafd57fc669ddc244401bb2e74d4b380b7b606a8,2025-02-13T18:15:53.470000 +CVE-2023-51747,0,1,8e87e01627a62bf005ef535fc81f72a56623d1777160f98b64f87c269f24a957,2025-05-05T21:02:14.223000 CVE-2023-51748,0,0,1c7d9270aeab86a642e5f879974bba644cbd248c17a79619d18a3e201fc821da,2024-11-21T08:38:43.800000 CVE-2023-51749,0,0,37d09e9aa58b4a7462cdb0d4486d5aaa759f73fb158f410bcbae12282308c57b,2024-11-21T08:38:43.950000 CVE-2023-5175,0,0,ee2e784beb417523600b06663a45ec9c9c79e0a125409e96ff2ec3ddb94a713c,2025-05-01T20:15:35.723000 @@ -241020,7 +241020,7 @@ CVE-2023-52048,0,0,dc6a64e99c990ac71e2e5fd5c1632b65bf305feb3beb43bad667892a5fedb CVE-2023-5205,0,0,ad9e6403ed51d32e238949552f23850cd3c894ce7b700f7f43181c17b96bcabf,2024-11-21T08:41:17.900000 CVE-2023-52059,0,0,631fc170b23676a9d5a914e1efcd033aa6ac461afd7c0cbe7ba670738271ca23,2024-11-21T08:39:05.367000 CVE-2023-52060,0,0,916b6d0023ba25356201b349f9585af7af15e0ab89951480565e91e01992b734,2025-03-13T20:15:16.240000 -CVE-2023-52064,0,1,cdef612cbf98d13deb7aa4b99c2c8a1e376d46e030d189acdda80c813318fa18,2025-05-05T18:10:51.717000 +CVE-2023-52064,0,0,cdef612cbf98d13deb7aa4b99c2c8a1e376d46e030d189acdda80c813318fa18,2025-05-05T18:10:51.717000 CVE-2023-52066,0,0,09340d84a37f64a7d281f33481a88c11d08d9b9bd7b6e5fa961539ad3a21cbc4,2024-11-04T19:35:02.827000 CVE-2023-52068,0,0,7ecac2896ebd66625aba5f276e9edc1208d7d8cbeb72808da2150f1beda62c3b,2024-11-21T08:39:06.050000 CVE-2023-52069,0,0,e0cc3a56b8f34ef806c166922e3f10aab7b4b5e2b7d66a9939240fb5414ee212,2024-11-21T08:39:06.227000 @@ -241978,127 +241978,127 @@ CVE-2023-53031,0,0,451f86f2688662f26c32d2314d26df257466645907dd1d2b936cba64435fc CVE-2023-53032,0,0,93ff98cea1dccacd110dbd1baf1362d079a1c6c42ed51d528b776f30ae2b7a78,2025-03-28T18:11:40.180000 CVE-2023-53033,0,0,8d057d9c44ce98261c228cb81506be1f3f8f50bb5bf9b573d71aa33383f2883c,2025-03-28T18:11:40.180000 CVE-2023-53034,0,0,874b21dc5d8893263c686e1d99ac0a563054392f5a4c1376cb4d7e9316ea3a18,2025-04-17T20:22:16.240000 -CVE-2023-53035,0,0,be3cdce0318c29e10a84d40ede413e707c8f7051d4efcdc49cb3418bd42fd576,2025-05-02T16:15:22.627000 -CVE-2023-53036,0,0,a5d6467f55f9fa2ed954ba63917c41aef8e1b3cad0944ed69c4f95688f8c4b34,2025-05-02T16:15:22.733000 -CVE-2023-53037,0,0,692b16aa8928b326850f13eaad11f5f97bbef107bbef0973076d9aff8c25c33a,2025-05-02T16:15:22.827000 -CVE-2023-53038,0,0,d581a437b83cafae4328638437c2be2ea4bab2144f632371f8de19402291a426,2025-05-02T16:15:22.920000 -CVE-2023-53039,0,0,bc828bcab6752984c39c74d6879182192d521ac307c9e40a6e4ccb4e1cedc0ce,2025-05-02T16:15:23.017000 +CVE-2023-53035,0,1,00f49639ce175bf576d6bb458b6127655f6d76446f9527a966141404dba1da3c,2025-05-05T20:54:45.973000 +CVE-2023-53036,0,1,ad228d0bad48e27c0a646dcfb0077b69d121a77f1180a619f9907d7cd88deefb,2025-05-05T20:54:45.973000 +CVE-2023-53037,0,1,2f2e0f1fbedd9185bfa974530c6ae23052fd5e5a1db178400463f5171b30948a,2025-05-05T20:54:45.973000 +CVE-2023-53038,0,1,16384ff92b062b349e0432b9d192425883f225bad8bd362698d826264564bc96,2025-05-05T20:54:45.973000 +CVE-2023-53039,0,1,aaa58dc7a443a60d352040afa9db39a57974dcb5a63eff84ec932d724e3d0246,2025-05-05T20:54:45.973000 CVE-2023-5304,0,0,0c927516ecfa012da696090d08f4ca4cc85e3e04790de8eb26a492ef0f0f359a,2024-11-21T08:41:29.560000 -CVE-2023-53040,0,0,7a0bfb3930e6424a747c08d1a54db3a599695206cdde4ffdb4a7519537f295c7,2025-05-02T16:15:23.113000 -CVE-2023-53041,0,0,83233f618dc9f67a57cb93a0bdea91347777428e4f123f7c4dac21d607a4509c,2025-05-02T16:15:23.220000 -CVE-2023-53042,0,0,e7e0a49411522c98b1fc775996db94cd5539862d76ad54b0c0906affdd2e897d,2025-05-02T16:15:23.320000 -CVE-2023-53043,0,0,c135bc521a949c898ee362c38a03c11330012addce55bc00aba2c2d624903638,2025-05-02T16:15:23.400000 -CVE-2023-53044,0,0,255603bebf2888c0edbe16307d6846a660bc5cd5d66ff947c2b0cfb8d4b4ca1a,2025-05-02T16:15:23.490000 -CVE-2023-53045,0,0,bc6e0e69872635edd1aeff9c5104dc4b5d16c9598bc7ff04f0c3330359da1aa6,2025-05-02T16:15:23.590000 -CVE-2023-53046,0,0,6042fdedb56da5cc18cc7643e7e1d0c53e0282033a3a5b871d7dd4b6810a0c38,2025-05-02T16:15:23.697000 -CVE-2023-53047,0,0,d6d1d45ddf42ea94ee9cc9c4b1b010ef825069a7711f50b7e807406376b3ab93,2025-05-02T16:15:23.790000 -CVE-2023-53048,0,0,310046153300be419ae3dca992a8e32d7c93ee171298d3d0c24b818ddb6ee504,2025-05-02T16:15:23.897000 -CVE-2023-53049,0,0,75e8ad3b060da7bdb96d11e5ed8ffba3082180b037330ae45a994e10608b3d54,2025-05-02T16:15:23.990000 +CVE-2023-53040,0,1,c557f7f3189e04dbda426520dbd7fb361ed527eeb8c416b69a725a2938aa9fbf,2025-05-05T20:54:45.973000 +CVE-2023-53041,0,1,8b70ae0b14745b4dbd7c11b85c5b627087161011e1edc3cbb89e4bac92d8fbaf,2025-05-05T20:54:45.973000 +CVE-2023-53042,0,1,bd8f931b2ec5c3fc0e77e1659803f129cd825bf4ae5b1386b11d9f40e378f565,2025-05-05T20:54:45.973000 +CVE-2023-53043,0,1,b768291d216bd5ce633100540a4c99d40fcabadc634b12e20b821aea9a7cac58,2025-05-05T20:54:45.973000 +CVE-2023-53044,0,1,5e74b88c3a41ae8c597649ee69595064fcc8febd19a182148dc215be82c4a2b2,2025-05-05T20:54:45.973000 +CVE-2023-53045,0,1,4a404e5c33205bf441c5d19032b7494712467c6ca5f7e72a0a824e2b1d2b5453,2025-05-05T20:54:45.973000 +CVE-2023-53046,0,1,3e1f71debf4caf44599e1b379bb0092be4e70f987ead63da79b86f6426fe0195,2025-05-05T20:54:45.973000 +CVE-2023-53047,0,1,b8b722eeacb6323096b7edcb3fd8564cbf5db8753d24ec2b2eac2027d20fb290,2025-05-05T20:54:45.973000 +CVE-2023-53048,0,1,53bb8fa2eed688f9ed48824bbbda9bb4417b67826fbe7cd29f8b9edd7a8430e1,2025-05-05T20:54:45.973000 +CVE-2023-53049,0,1,e791a96a33a81e8121b6223cf810b90c0df4db1c69c35c4a97fdb408964519ae,2025-05-05T20:54:45.973000 CVE-2023-5305,0,0,a8016335a5ce7a2f26964ae5271ac31340d697aa75d3cef2db4225bce24964b6,2024-11-21T08:41:29.717000 -CVE-2023-53050,0,0,b6d29fd920e9c115b53d505704b3d671d66b4722015e5b71c22d6b15b244edb3,2025-05-02T16:15:24.093000 -CVE-2023-53051,0,0,cfc6a7edc7670cda5eee4c296cc5972fa927c0ecdd50b4ab50780796911a6927,2025-05-02T16:15:24.180000 -CVE-2023-53052,0,0,b83d4056fb9b2a6425dc990572b855bd6c714fa41d8c0d9baa1c4a26ddd6ce09,2025-05-02T16:15:24.283000 -CVE-2023-53053,0,0,93465d2b47a8a6965f6e64ff73a2f61a4832639c3a4592e12ba72d5f27483c14,2025-05-02T16:15:24.373000 -CVE-2023-53054,0,0,5db56d382a8952579025454e2edc635f43a8332acbb66ad274a96e458fe9ded4,2025-05-02T16:15:24.483000 -CVE-2023-53055,0,0,b0e6fc68a0453469c4fa08f60092f0998abeb8a1995108f07f0e57c53d728355,2025-05-02T16:15:24.590000 -CVE-2023-53056,0,0,2506dd21ae6f99d0cd19252444fd0c810625db98c2b78993565628bb50da483c,2025-05-02T16:15:24.680000 -CVE-2023-53057,0,0,4ff78c7658ffda2ad7ecd04d3c11c4f48189f7012857e1c6ed58c188415a9e01,2025-05-02T16:15:24.773000 -CVE-2023-53058,0,0,c8f079e069f47aab396a1002f398c5b8636df1b942ca928c5e7ca1ddbba31326,2025-05-02T16:15:24.867000 -CVE-2023-53059,0,0,ed8cc15db876db0123aa44f7ceec3d63106a80c024bc7f7379d227867c8c7ee5,2025-05-02T16:15:24.963000 +CVE-2023-53050,0,1,6f5093d5080ba447156f28417a805d9505ce756391548904e5214926f259d7d9,2025-05-05T20:54:45.973000 +CVE-2023-53051,0,1,5b0450072772f21fcf9e2448b01d2c9102700dbc263a8f2a844efaa6340d2977,2025-05-05T20:54:45.973000 +CVE-2023-53052,0,1,7850253500bf3c2d1bbf912dbd85896e04f400f3fc884a06e1f40fe852e5a72a,2025-05-05T20:54:45.973000 +CVE-2023-53053,0,1,a93a5188013732236620cd7f63a2888ca116bb35d3f3754f7c1e763116ea9aa4,2025-05-05T20:54:45.973000 +CVE-2023-53054,0,1,5fe19cdf147426e95302df3b1d201c3e4649d145e550f84dc4977cc38abb5410,2025-05-05T20:54:45.973000 +CVE-2023-53055,0,1,ae2db9e0b81e027d39bf92a6aa0904610e20d8789f87300086de0e72ac80205c,2025-05-05T20:54:45.973000 +CVE-2023-53056,0,1,4b15a132e3fb0bbdd5c3618e20d7d121326c0f315bacd73fe903b8043fff14a8,2025-05-05T20:54:45.973000 +CVE-2023-53057,0,1,56153775c0e62bd10317fe5bbc8032173725950c5e0840a1c6f1d3e6276db937,2025-05-05T20:54:45.973000 +CVE-2023-53058,0,1,1d0654cb0bc06c15ff2aa58ea4c8b4230805ba92429f72b64a640f4365185a22,2025-05-05T20:54:45.973000 +CVE-2023-53059,0,1,7f32fcded22e0d2810d461599a9d8684fb574f82316f57dfec9deb0f89aa1888,2025-05-05T20:54:45.973000 CVE-2023-5306,0,0,476b3821b61b469afa7b1ea84617d24f0cc2f50c242f49afe4eefd5e4bb959a9,2024-01-02T16:15:12.483000 -CVE-2023-53060,0,0,685b4f8f1eac1145402c6cbabe4a0a5a71246a33d7ebdd5c334e31828cb5436b,2025-05-02T16:15:25.060000 -CVE-2023-53061,0,0,7c4501ec9bbe60776d54bba578b104b73e75b42a5acfbfb1067a7d6c3983d9c9,2025-05-02T16:15:25.163000 -CVE-2023-53062,0,0,56726ffe7fc3c9e23f0bc1acad38dfbfcb229816e64149151de55099fb1f19aa,2025-05-02T16:15:25.257000 -CVE-2023-53063,0,0,4a8a904bf623834a575e279751775a4dee9b45007c5089de3cdce0b8727e967b,2025-05-02T16:15:25.377000 -CVE-2023-53064,0,0,cc1ae0f6e65507322d7159012d215f94836fc91c6d336d9be77b13b8143da1e0,2025-05-02T16:15:25.480000 -CVE-2023-53065,0,0,ea168550e51a22c38490e015ad3d131c0c38b73642a7f67d07ec3b307bdcd53f,2025-05-02T16:15:25.580000 -CVE-2023-53066,0,0,454d4c849f27001dc4539b6e7bc553afc9752f4bb2a1da60b9ae75f357146437,2025-05-02T16:15:25.673000 -CVE-2023-53067,0,0,a2f4e6b5ed99fd69d01a1a93c633b35fb3c941b71b9af91f923769ddcce5701e,2025-05-02T16:15:25.777000 -CVE-2023-53068,0,0,626a1528627c1d203193f7e53e0775b1630f05899db42e10880c2582485fa53c,2025-05-02T16:15:25.870000 -CVE-2023-53069,0,0,8a735bb6765e3850853456ad66b20a9520d9c431f6f8895ce348674ae074b7eb,2025-05-02T16:15:25.960000 +CVE-2023-53060,0,1,5c90f5807e1031c961c5b3eaa896ff5fb911c2b43abb9f40ba9de80e1e33ea91,2025-05-05T20:54:45.973000 +CVE-2023-53061,0,1,e8b3e8fef85fa9a6dbfa8760502f0e973cb36781c7d3fcc31857d8c0a8a33169,2025-05-05T20:54:45.973000 +CVE-2023-53062,0,1,78ade6ea2df9c85eff0b32da768cd0315bee87e7b5e5c3d088c97940b10bc47b,2025-05-05T20:54:45.973000 +CVE-2023-53063,0,1,e12588bf65ee6869d4c60e8f0f8f5fbe28c94fdd0b3b242b0ea8a90f5150f9db,2025-05-05T20:54:45.973000 +CVE-2023-53064,0,1,4c663a73a5f7fa8bcb3ab47e73586af87ea72be410ff7cb6e4c45571a921e987,2025-05-05T20:54:45.973000 +CVE-2023-53065,0,1,868fe4f3da96c52fd20b8e970ab1c69c0daf810bbb238c0111aec7593022480c,2025-05-05T20:54:45.973000 +CVE-2023-53066,0,1,160ca62fb64fd01ee54bd3742390c89abccdd34c79e2686b3553e2f76215aad3,2025-05-05T20:54:45.973000 +CVE-2023-53067,0,1,059850f21de390b46af0a852819cf93e5c600743c4a0baa566b0a479c9b3a026,2025-05-05T20:54:45.973000 +CVE-2023-53068,0,1,8d7543a710e3f94b2a6a01921db0f12b1e0797617e9a7153c695256d8a3607fd,2025-05-05T20:54:45.973000 +CVE-2023-53069,0,1,680e2f68be770cb36d851ce20eed2ce182e73e3590ff33c71d79de0fd1e70a37,2025-05-05T20:54:45.973000 CVE-2023-5307,0,0,70a4fc05a1df6708953207043220ebb67fef6ec8321baaf1b6598056b0b6fb42,2025-04-22T20:15:27.617000 -CVE-2023-53070,0,0,5267caa2f4f68ef46463179c98b6e245ef84293f44c500c04f1c0254ac9dd3a1,2025-05-02T16:15:26.050000 -CVE-2023-53071,0,0,12fa1f86b4382336a4e59234000e46d6e865fb8a77d95ef8c07a5aef0fb52081,2025-05-02T16:15:26.140000 -CVE-2023-53072,0,0,9eaa175487b5ed710e2eed3cef26b264df58ce706869330131201d4cd76659ba,2025-05-02T16:15:26.237000 -CVE-2023-53073,0,0,c9e53df48cb56c925af656ecc4617ba5cb5c552021b012e0999f2a40320617f8,2025-05-02T16:15:26.330000 -CVE-2023-53074,0,0,8a012b3b50f81e9899d82360a46534a462af5150d111fc125c42a0ea34eae724,2025-05-02T16:15:26.420000 -CVE-2023-53075,0,0,5fd72f62b8c9a09ffa34b46a23818aec134969138fdef5724461fd394e79057c,2025-05-02T16:15:26.510000 +CVE-2023-53070,0,1,6c6651882445758eaf57446ddf6a020e197bfb1049a8500978152ddbdc11edfa,2025-05-05T20:54:45.973000 +CVE-2023-53071,0,1,70e2d359046849e165b52827e4c6a031ce9f639064ff35839a828554dd629bb5,2025-05-05T20:54:45.973000 +CVE-2023-53072,0,1,aa301494e309953b9eeed0a50a4ffe39e03a309140df0bfff28af5f71ded3986,2025-05-05T20:54:45.973000 +CVE-2023-53073,0,1,752c40cc9a34ecc11a59c57c81f92e2b61d9346f3c51e3fd402eea42cc7ebbb5,2025-05-05T20:54:45.973000 +CVE-2023-53074,0,1,13fea4bfaa62e83955f6dbd326ceca2d23e57fb7a19cfe9b53164d7caa0b6475,2025-05-05T20:54:45.973000 +CVE-2023-53075,0,1,c8e7a535c2928be3125e021e6daac196866099455852696b47b139186bcacc55,2025-05-05T20:54:45.973000 CVE-2023-53076,0,0,c791c1876d95803e87a45f48c82b67ae128cf9426004a1009cceb9cbc003b807,2025-05-05T15:15:53.393000 -CVE-2023-53077,0,0,49e32959ff886749d2a184e9ba8dcfe6c289d2e4ae28a2858ca33d32a62bf819,2025-05-02T16:15:26.720000 -CVE-2023-53078,0,0,1833ccdaf5f820c3d16983c6a379287a945e1470cdfc48f7c525ece02aad1f72,2025-05-02T16:15:26.820000 -CVE-2023-53079,0,0,d854de3aa135de53519817b649fd311c3cda6ffee68e827cb327c6a22a89c36a,2025-05-02T16:15:26.923000 +CVE-2023-53077,0,1,1d260072b923d8a7b54463af98109867714bd5735c9eb2c1cba6b943062644df,2025-05-05T20:54:45.973000 +CVE-2023-53078,0,1,7c4efe06a0e4faae52d4a86a21602134072ab4abaa51a826fd1e9ff71c3d23bd,2025-05-05T20:54:45.973000 +CVE-2023-53079,0,1,426ba5712de457e3a0b1e799d6106f6c9fa74ac2225f50d8ec91516699ad5465,2025-05-05T20:54:45.973000 CVE-2023-5308,0,0,0bd63704a33840f9fb34c63561ae1f507086e98dd3ffbc3f3cc7a50083075ed0,2024-11-21T08:41:29.990000 -CVE-2023-53080,0,0,e1f0c6a0cef2d17a1071e2eefde658aecd3d731d4fe830ba893f6c62d8cc1334,2025-05-02T16:15:27.020000 -CVE-2023-53081,0,0,d0cb553e393710b48ac9b1fc4ac376972aec2c80b5f956604a5858801558d940,2025-05-02T16:15:27.117000 -CVE-2023-53082,0,0,466819ff0f942981916c668188e185918d4f90a203270b0ed5e6003fb34c9870,2025-05-02T16:15:27.220000 -CVE-2023-53083,0,0,e02aa9db7dc6b07b06e7a737dcd90f3dd7de300f5e71223edac7461667e44e5e,2025-05-02T16:15:27.310000 -CVE-2023-53084,0,0,1a0a16896344881ebacd2504c7c9215cb39e14310c2b276d28a28dce28904315,2025-05-02T16:15:27.403000 -CVE-2023-53085,0,0,8b9e62d1c724b9a79705d66b4b9cb3df43787bcf826e4ef69258061d10f63305,2025-05-02T16:15:27.493000 -CVE-2023-53086,0,0,59baa94e176ae9fcc78170e39c50221f1daf7787a595fcc622016aaa08d3780b,2025-05-02T16:15:27.580000 -CVE-2023-53087,0,0,f6052923e21f5d5d25cf3475f8110d9005538b16e766774a1f5d3a1f695b3a67,2025-05-02T16:15:27.667000 -CVE-2023-53088,0,0,81b579d76314d64526620e06cab459acf397172515d66a6208df0d779a0c2b02,2025-05-02T16:15:27.760000 -CVE-2023-53089,0,0,621c301735c278db5848abce9542888a7c9ca18e08b0f8617d78fea0910eacac,2025-05-02T16:15:27.853000 +CVE-2023-53080,0,1,03d8b14ce7129a0e8b77e7619d595bfe8c4519becd5d210e8145b48863ce282b,2025-05-05T20:54:45.973000 +CVE-2023-53081,0,1,b7405d92ad010f6fe7b84d9cc5ecff6a2746f78247ad06b739da1a02ed79207c,2025-05-05T20:54:45.973000 +CVE-2023-53082,0,1,edba5f2dd9ce4d28fc5156548b430acf3bc24ecaae9e3de2d9690764d3487e26,2025-05-05T20:54:45.973000 +CVE-2023-53083,0,1,b4bd29fff1299c4cbff634afb581efd39f1ec43ed37154219e89ac2aa8e78020,2025-05-05T20:54:45.973000 +CVE-2023-53084,0,1,9bdd3810850db35552ec185ad97745cb53f2dea64a8ace6020f522a41e537b8e,2025-05-05T20:54:45.973000 +CVE-2023-53085,0,1,73452d10b74f0ddb98c5fa1d4f87f79fe9265e0932af8300c02e4fb2f7c4cf7f,2025-05-05T20:54:45.973000 +CVE-2023-53086,0,1,69bcb162b42387aa5607ee774567e466ac3db31f8fa05460ca9e25b51ff95ddc,2025-05-05T20:54:45.973000 +CVE-2023-53087,0,1,72f6515042b4b9da51072dee7975640c3085883153f83e691efc241caca4f93a,2025-05-05T20:54:45.973000 +CVE-2023-53088,0,1,e0431e26118f153d04d1321742670fe3d84609e1f7707cdde15e66e0038b63fa,2025-05-05T20:54:45.973000 +CVE-2023-53089,0,1,e913205c23236856d818d7de097f264d8509a72ab872b8991b9a2ee7cc177125,2025-05-05T20:54:45.973000 CVE-2023-5309,0,0,7ff36b51673413d4b93370e967f36f985fc56ef7bc3162c9c1596fd8da79b8c1,2024-11-21T08:41:30.110000 -CVE-2023-53090,0,0,12e0df2d30d7d5f102d4481718c306c525832238b95c46acb30d1d2af2d4e293,2025-05-02T16:15:27.957000 -CVE-2023-53091,0,0,4371b75c186775def73e695f1aafd370310015b1e6d3704de5aae19f9d5b2dce,2025-05-02T16:15:28.073000 -CVE-2023-53092,0,0,02022de707c0782b89c5a9e85ff4a5d2a822af7f483c20c10cbb7ca8c1337d78,2025-05-02T16:15:28.180000 -CVE-2023-53093,0,0,19ab2cea8764723c81fa4807f1646c3c49bf8e9a7e8781023c97d950b8ea67fc,2025-05-02T16:15:28.270000 -CVE-2023-53094,0,0,e58bafe36ebdd357ba7fb8e72cb8af665707ef6531bfc75f9231574f846b66f1,2025-05-02T16:15:28.363000 -CVE-2023-53095,0,0,79d5edec7136a265a1af1d295225a5490baf94d1874d581cdc7a99339f09e0dd,2025-05-02T16:15:28.453000 -CVE-2023-53096,0,0,60234494cd95fbd5c7725a1a0d5ea9fac7dde0067f5a62e812fbf3c10f6d4622,2025-05-02T16:15:28.543000 -CVE-2023-53097,0,0,c001784ee77eb488fa1e296f0bfade9c76141488730a538536ac242b23378ab8,2025-05-02T16:15:28.643000 -CVE-2023-53098,0,0,a1c6e0454eee5f2bdc342f659a8f9a85f19609dd247a81f3bacec276b980e259,2025-05-02T16:15:28.733000 -CVE-2023-53099,0,0,83facc441abc46cf2417ff9752d567352e25e068252a1b8bbfdacd843c7c0c72,2025-05-02T16:15:28.830000 +CVE-2023-53090,0,1,7897efae0dba8690f7a5f101a027e94453cb7e3e9cdf60fc4e0b83bbd8878769,2025-05-05T20:54:45.973000 +CVE-2023-53091,0,1,717a4da21411195bc1f555add21953eeea42608c7c5ed6ac922fe4ff62c95af1,2025-05-05T20:54:45.973000 +CVE-2023-53092,0,1,d477571356aaf539934286de8e72dfde63fc9728d385aea1aec9a5411d08bc6f,2025-05-05T20:54:45.973000 +CVE-2023-53093,0,1,afe464967848f2c5878f8f4051039f2577766825c94bf47acd6904cd78fa89fd,2025-05-05T20:54:45.973000 +CVE-2023-53094,0,1,0760b06dc4a0c50a1dc5b4853efb55828d196cee0b7c78c0a6e6e17c8d20a397,2025-05-05T20:54:45.973000 +CVE-2023-53095,0,1,c42961e9034d79baf13fe244917390182f788dde7276a8c27353fe2008818026,2025-05-05T20:54:45.973000 +CVE-2023-53096,0,1,664cf3af69528af2a5a6ea509a26cb90ce12db1efd546f2445a853d9a2409099,2025-05-05T20:54:45.973000 +CVE-2023-53097,0,1,d1a5f2891314f51dfe604af6bccf2a3b60d16af56ae3c2798be6266237bc0ff6,2025-05-05T20:54:45.973000 +CVE-2023-53098,0,1,bb84af2280c230ca81c1302b78061fb72e1e53199fd50d96475d7faeb06af982,2025-05-05T20:54:45.973000 +CVE-2023-53099,0,1,622573e3d81d5cb94daa9a7e9ab7cc536eff289459e7d23e1d7607f88780fc6f,2025-05-05T20:54:45.973000 CVE-2023-5310,0,0,ae19de1a22d7f22d6fd9acfd5ee40221bbaa3312e010ce020b441062ea91c97f,2024-11-21T08:41:30.240000 -CVE-2023-53100,0,0,86abb2f7beb01d26490345c9cf7c2bb8e9649ef1c0db350034927e149b2081d4,2025-05-02T16:15:28.923000 -CVE-2023-53101,0,0,eb810459505fa7d21c1a6d5c9b0ed96058b56d509816430f65df21b9d449452a,2025-05-02T16:15:29.023000 -CVE-2023-53102,0,0,c7ad684c637f54a87eb95ef468ae241c90efff6eda4c6941a5db18a0c9447cf4,2025-05-02T16:15:29.127000 -CVE-2023-53103,0,0,4fe26c0b98a011bc6eb49430a1cb305b15d1e9aa6eb161b213724213c343fbaf,2025-05-02T16:15:29.223000 -CVE-2023-53104,0,0,31290fb322cfb6d580e594d48c4c4175f9ec3a673c045296cfc42d12a67af193,2025-05-02T16:15:29.317000 -CVE-2023-53105,0,0,d2e7e68bcd609f202537cadfe9afb978eec89eb6d4b3b806d6fd9656a6642a01,2025-05-02T16:15:29.430000 -CVE-2023-53106,0,0,eab11af4dcd8ee2910f3d8b1e0613423af99ac9f8e0739c7a9383191deef08c6,2025-05-02T16:15:29.520000 -CVE-2023-53107,0,0,41a88103405b9b812ed1aaef160faf6b3913f54ad7a0cac088e371388626c009,2025-05-02T16:15:29.620000 -CVE-2023-53108,0,0,f9b7b8e3e5b9140e75b0a73c9d576a721ce5b82ee92e6e2c4a39f4c242734e8e,2025-05-02T16:15:29.713000 -CVE-2023-53109,0,0,b6f99a3f58f1de38b4d8b552bd63df4aab985ff645475a595e7cc0365d75bfb5,2025-05-02T16:15:29.823000 +CVE-2023-53100,0,1,aeba2e312df99160f839954838d150604dc264bd3a2c1b8c153f09611ca88005,2025-05-05T20:54:45.973000 +CVE-2023-53101,0,1,111004101050265f21199463989719650273c97a0f7c305b5896e750beb776e3,2025-05-05T20:54:45.973000 +CVE-2023-53102,0,1,040412ccd5fb8da31fb4ee1dbbd2508d901eb0c2bb0cdf16a364b491ccc4e419,2025-05-05T20:54:45.973000 +CVE-2023-53103,0,1,aa7549778a20ef121eade6d8555bdb49d1c0ba6011b60b1570d11efa6afa7f57,2025-05-05T20:54:45.973000 +CVE-2023-53104,0,1,ffdf7a4d87052a52f33fd6af0ff72ab44255efae7cc88fa13dc2c6d46ad4c0ae,2025-05-05T20:54:45.973000 +CVE-2023-53105,0,1,a3527a252fb8af3e109567ac93653bf7ac9daba0209263e96b9e09bb13124294,2025-05-05T20:54:45.973000 +CVE-2023-53106,0,1,ac24ac30392a014ed6bca17a7191f0569fc3d4931083f1ab785566423031415e,2025-05-05T20:54:45.973000 +CVE-2023-53107,0,1,23d0f5321301959abfd8dcacc6953e10fd54f2f7dc3a23ed158e7a6854aba28f,2025-05-05T20:54:45.973000 +CVE-2023-53108,0,1,881b98f2d38f6baf33aa30006d0039f53ee08ad55343ee49454925e618500a95,2025-05-05T20:54:45.973000 +CVE-2023-53109,0,1,ee64c0ad44cf138d9396ac8b2f0c4dd26ff20e7c7132fc8d63d9dd2beae33467,2025-05-05T20:54:45.973000 CVE-2023-5311,0,0,62b6ab15a640c341942aa3984f0eb204c70a157164b7d966ddfb1b9333dc4d0c,2024-11-21T08:41:30.370000 -CVE-2023-53110,0,0,04a713ac81ef414a8d5d1dc39ad84a264bcc6d4a1aa31b4105b7647baf76a763,2025-05-02T16:15:29.930000 -CVE-2023-53111,0,0,abc40fb228e97e4c7657c7f60eaf6c78f7dae74d334a62f9f29ccd4d3daf1089,2025-05-02T16:15:30.027000 -CVE-2023-53112,0,0,dfee42fefbcfbd6155cf77ac02989a8db436ad2fa818ef51900832d56868bd01,2025-05-02T16:15:30.140000 -CVE-2023-53113,0,0,3b6912e41a0bed08fa1b57608552da10cfb3a4fb0d361c8b8377318a5ae8f625,2025-05-02T16:15:30.407000 -CVE-2023-53114,0,0,5d86e005df9ecdc00820058da4bf558480567d9b89b99854058da9c4169a088d,2025-05-02T16:15:30.493000 -CVE-2023-53115,0,0,761b0fa9bcf73258c1344022c6314d65935b52c7eff97384719c654a907a9427,2025-05-02T16:15:30.590000 -CVE-2023-53116,0,0,e0d36c8b1d68aaeb7b150bd2fc56a56af6c59cf99a5fcce3376b40a22593c2c8,2025-05-02T16:15:30.680000 -CVE-2023-53117,0,0,969e7ad70671586732d2b3f376f290083682ed461e48b54c63651d08defe90c2,2025-05-02T16:15:30.783000 -CVE-2023-53118,0,0,091bca00398837bf8b68154e7cb769b30e1ae78a8ce4259b4a74ad57f46a5530,2025-05-02T16:15:30.880000 -CVE-2023-53119,0,0,bb02d20792b8eca4e810243ff5ee24e8e6a998a2085eb7af4571b28db5f78670,2025-05-02T16:15:30.980000 +CVE-2023-53110,0,1,9c1ef664fadd658bc91c3a18526e3550e3d416fcb9c507939f49b2107e865695,2025-05-05T20:54:45.973000 +CVE-2023-53111,0,1,d73dd59ff85f3a4855586e8b59ba2872868a2bc82faacdbe2244852746cd38dd,2025-05-05T20:54:45.973000 +CVE-2023-53112,0,1,c10c3cdbdcd345978c70dbc9b65d0f6b4b595bd3b9d953ab57168870cead58c0,2025-05-05T20:54:19.760000 +CVE-2023-53113,0,1,037f458164c3a9bced590ad33ad53298f0aa472c17d651f8a20136068af4b623,2025-05-05T20:54:19.760000 +CVE-2023-53114,0,1,1c490a8cb95092ea6656e78165525f9b42c09345aa79929b86cbd22e3b02ebaf,2025-05-05T20:54:19.760000 +CVE-2023-53115,0,1,8d97ee81d122fd65cefad08e5898be71b85e7895d33608d2a4f65acc2fd4cfd8,2025-05-05T20:54:19.760000 +CVE-2023-53116,0,1,63e35996fcfc0ecce5971567cb2834cab4c3a5a18176321c55775aef159f2241,2025-05-05T20:54:19.760000 +CVE-2023-53117,0,1,f7164d141241f713c969de0d2e0681f8b2589c7a057da8cdc30a4176548ae41b,2025-05-05T20:54:19.760000 +CVE-2023-53118,0,1,bc76c20f8418bd4d7975e52cb86487c45d0bdd07180c285249a6c44f9ded46f2,2025-05-05T20:54:19.760000 +CVE-2023-53119,0,1,7f126759840434bc4f6a953a53d9bf468caf4c7a3639f67249eedcff28b4c079,2025-05-05T20:54:19.760000 CVE-2023-5312,0,0,1415bfd069705ff55f79f6d249de3b45d246fa9bee5d6271b902326ea749ba1b,2023-11-07T04:23:52.920000 -CVE-2023-53120,0,0,5a2b8baca303dc1ff5247c352f5ae33517d83c34c82f83c9328c052d0ed9eb7a,2025-05-02T16:15:31.083000 -CVE-2023-53121,0,0,d78d33dd55413f2d5c21e3c5c50549c41d5bd04acc036e8071034cf778a7b565,2025-05-02T16:15:31.173000 -CVE-2023-53122,0,0,d56713c30256bf8ff0c74b62403fc8419d5f0846458c2bcb8f0c3e19e4f1b94f,2025-05-02T16:15:31.270000 -CVE-2023-53123,0,0,f670dbeadf514ffb602275560cccbfebb8cec96665a15464b808dc4c903c7841,2025-05-02T16:15:31.360000 -CVE-2023-53124,0,0,424fea2fbb7325f75dbb2f810e8be1b02628be1463c5cc60ca84870b9ded589d,2025-05-02T16:15:31.453000 -CVE-2023-53125,0,0,328abaa42e47e29ef8479e52679e901564827ea295e69e76c77168603b0e37fc,2025-05-02T16:15:31.547000 -CVE-2023-53126,0,0,1b0055712bd249884a0e78fbbb8329c21c58c9ef280d85a99f9761b685cc3fde,2025-05-02T16:15:31.643000 -CVE-2023-53127,0,0,63604213221efcc8588001abace933555a9de1ad6d7f08f2dd456864a28e74fb,2025-05-02T16:15:31.730000 -CVE-2023-53128,0,0,dd6a5ccd79644a2a624cc6537d97e7258f12399be14b6c094eda4b1935d46c56,2025-05-02T16:15:31.820000 -CVE-2023-53129,0,0,3d20f715ca77e6d0edd4a98718fd384e7d0df24d84f929d7189a18a6463f8ac2,2025-05-02T16:15:31.907000 +CVE-2023-53120,0,1,940b100c8205f656ade643abca869d30cdf627221b4e7a60d29de12e3c53477d,2025-05-05T20:54:19.760000 +CVE-2023-53121,0,1,9e6bf0a7c936c5b2a894e638c10671f4a7cc634693ebe47314f93ca8a12dabf5,2025-05-05T20:54:19.760000 +CVE-2023-53122,0,1,af540432315e15bc30ce9bba07acf03b49e120330ace338310f6648e9e3ed835,2025-05-05T20:54:19.760000 +CVE-2023-53123,0,1,d0bc16e15129b1c74316b78ca1edc3d8d0bc419baea5217641b9ebe90e8ea3fb,2025-05-05T20:54:19.760000 +CVE-2023-53124,0,1,2598303e2d5844c1fd403fc64841cf3ad231ce8bb48dfdb11da992cb3602ece7,2025-05-05T20:54:19.760000 +CVE-2023-53125,0,1,4a6029a89911e4ab3990f0ad3fe843cf9ee22e23d4e0fe50105eacbaaa257922,2025-05-05T20:54:19.760000 +CVE-2023-53126,0,1,3cf1807304f5e15624dd3a0f6d6cf15ec56cb0865480dc340796903ef9d721bd,2025-05-05T20:54:19.760000 +CVE-2023-53127,0,1,ab07e2c25721b2aeff2a7f93b875479be168304ade8f253b62ec6f9a5dec8007,2025-05-05T20:54:19.760000 +CVE-2023-53128,0,1,e533b5d9bdf1a6b920e400a1c0aaa203b87e89b028cdc3d7f02ef314d9c00ae1,2025-05-05T20:54:19.760000 +CVE-2023-53129,0,1,178ad475e2530f27f153960ea319afff4524ed90cd0c3d61aa705e2069124841,2025-05-05T20:54:19.760000 CVE-2023-5313,0,0,cd3bd91ba814e0cfcdc6860d53d08840012171da1ca119fc7cc0fd9b81fc32e2,2024-11-21T08:41:30.507000 -CVE-2023-53130,0,0,67437a1f2523eef19b4553aecee7ff4b9cd7324b907d89f7eaaca82b777bb93d,2025-05-02T16:15:31.997000 -CVE-2023-53131,0,0,2724c9e1eeac9cc17c311d4bb2c3f0ff1c16cf5565e66e6a6f534eacedc22540,2025-05-02T16:15:32.087000 -CVE-2023-53132,0,0,0d415e76d6b9683f4afd02d22972f6e5e14ff3922d22a07d2a0f15037f7fa10e,2025-05-02T16:15:32.170000 -CVE-2023-53133,0,0,fcfff764e54901df52d4ce717b2a1a835773f60eef459062a5251a2e5e721a5f,2025-05-02T16:15:32.260000 -CVE-2023-53134,0,0,b369c859c855a1b0fffbb4bbfac83c6cbdcf7b826da230e0ca70f50f894f583f,2025-05-02T16:15:32.353000 -CVE-2023-53135,0,0,7b7495a6461e525c50174c2ef24a21ad9d6afd75864f242d673cc661b3e4d1cc,2025-05-02T16:15:32.447000 -CVE-2023-53136,0,0,ae07bbfd8ec0f89132fda5bdd073083c0de271965801262a4c374b28f1b3a2be,2025-05-02T16:15:32.540000 -CVE-2023-53137,0,0,ffe3b550bf27a4a095c6100a2ff952230fa78d19d9fce2769205f0835d33d892,2025-05-02T16:15:32.633000 -CVE-2023-53138,0,0,3be6f305de2b8c72d162107716df424d4dfd820697a626285e925b26521a9f8e,2025-05-02T16:15:32.720000 -CVE-2023-53139,0,0,a10251127f5ab64eb89bc3259f454ddf24311e4829d124eba2462bf43387dfb6,2025-05-02T16:15:32.817000 +CVE-2023-53130,0,1,46af6a1d9555751724f063ef9478e30b015daddbd866c6a674781776f5486804,2025-05-05T20:54:19.760000 +CVE-2023-53131,0,1,2031cace96f5d0be2781ab55914ae22d3594e34f91d987af5c3ed7ac932621d4,2025-05-05T20:54:19.760000 +CVE-2023-53132,0,1,bdc077c2431dbbac481ebe92ac1382d4d8d563db927fe6444779489040041943,2025-05-05T20:54:19.760000 +CVE-2023-53133,0,1,5aa1c97a4f3b7590188d1b8b8991c64e652b44b22e36500870a6bd7233a51f17,2025-05-05T20:54:19.760000 +CVE-2023-53134,0,1,77646aed0c53b2da7f529a9c3e4b97c37102d52bed08f70aeaeb9fd65d186ab5,2025-05-05T20:54:19.760000 +CVE-2023-53135,0,1,cb5934bbb0c9566db408456f8fdba7be13d255d208a627e211e8798c9a21f6a2,2025-05-05T20:54:19.760000 +CVE-2023-53136,0,1,40b00994ae1b21c11856a53ee1e52c972e25b47a494cd0ea37cfa02422ba9b59,2025-05-05T20:54:19.760000 +CVE-2023-53137,0,1,67d9d0ca44e90c04ff0e77a7bdc1d0694236daf8321c130fbac06a4056b61f65,2025-05-05T20:54:19.760000 +CVE-2023-53138,0,1,6206c3b19f36f8502ef8faf0b839eb4b93e23765c6cefc5c5274c83a8eecb080,2025-05-05T20:54:19.760000 +CVE-2023-53139,0,1,194f10cc984aef1f190a94fd764aec0137cef72a3dedb9e818d605ab3c6b6118,2025-05-05T20:54:19.760000 CVE-2023-5314,0,0,ab65d90f9e757aa5d5d35478939c7c9ec9fd5a6803914a758827aac0e3dc09cb,2024-11-21T08:41:30.647000 -CVE-2023-53140,0,0,88c83eb1b31cb63363d2b282aa1f8c891aa8073ad7b35df90b2f107ade4e9f3b,2025-05-02T16:15:32.920000 -CVE-2023-53141,0,0,87da139741a6351794592410fe2a2f16c93b923d2b324b6e496f4989efa8eccb,2025-05-02T16:15:33.023000 -CVE-2023-53142,0,0,e85f9388fdee9b0d12d68e396e0a1510455ad30a64bac2ed6d9a340ca4316b81,2025-05-02T16:15:33.137000 -CVE-2023-53143,0,0,0bb563a3e017de3aee9a7421cd3f13c6ee85a22f82cd0a0ea2bc9aa0e534765e,2025-05-02T16:15:33.240000 -CVE-2023-53144,0,0,da4f0b9db6a4aee505d54517db9ad445f67700b1f19c297d587f07c5fd4a9fd5,2025-05-02T16:15:33.357000 +CVE-2023-53140,0,1,e2a50c55d19b5d1752533fcc2ca72f737a697c131492ae2b939b50dbef0840a9,2025-05-05T20:54:19.760000 +CVE-2023-53141,0,1,08b6124678149abc336c1117a519c4356b8b27a4a18af16c2c3de4cc10a3cb2c,2025-05-05T20:54:19.760000 +CVE-2023-53142,0,1,5ff7393e03ac64b3d9ae1f0c790e1bca87e3021e579b2b97ed9f062cf77c18d0,2025-05-05T20:54:19.760000 +CVE-2023-53143,0,1,d40104482a09b3f44b59792891f873bb740083f0d641b05f2e613aac44176f4a,2025-05-05T20:54:19.760000 +CVE-2023-53144,0,1,234ec4accaf85ca6075694e4b92d05997cd7d9b706c2c16cfe88b5f1cd7aead5,2025-05-05T20:54:19.760000 CVE-2023-5315,0,0,ec012dfdf1d4ffd80f480ed42eda0a7b14d22ca640de49440d3a3e864ea1c111,2024-11-21T08:41:30.760000 CVE-2023-5316,0,0,4dd949eef5257c1ac4959c105b0be2eae9c02e7723c6d1c31d51853bf817c921,2024-11-21T08:41:30.877000 CVE-2023-5317,0,0,e291501a2006b3e44a0722039d33ed0fbe57bd4fb10f3c022762a96ce3600f49,2024-11-21T08:41:30.997000 @@ -243719,7 +243719,7 @@ CVE-2023-7081,0,0,91c63ea627dfdcc942a01ae71661456a1ce0179dd752d7ae102820022c20b5 CVE-2023-7082,0,0,01da1b16e99cb894b19b28e654f0eb0d1f946ad3cc9cf73b506a5d550a9446db,2024-11-21T08:45:12.920000 CVE-2023-7083,0,0,c5aa53dbff112a3d086d0b26f297d981e1f6ee6c887d1ac2941e9a37a179680a,2024-11-21T08:45:13.047000 CVE-2023-7084,0,0,d9889df429199caea86387e661e3ff9a19490ddaa4c78a76e3ed6d89055dc2e5,2024-11-21T08:45:13.180000 -CVE-2023-7085,0,1,ff31f837c71e6103db320dfb5036954bafa30bf8481edfd8ca5717d6131b3010,2025-05-05T18:00:58.713000 +CVE-2023-7085,0,0,ff31f837c71e6103db320dfb5036954bafa30bf8481edfd8ca5717d6131b3010,2025-05-05T18:00:58.713000 CVE-2023-7089,0,0,3eda31786e317c37a0b05cfc344876ae32458e35d6c8f690393958bfb9334612,2024-11-21T08:45:13.543000 CVE-2023-7090,0,0,594a7b8a9d6eff78de19931d6759536c96796d341f077f4eaa2759101ee8d992,2024-11-21T08:45:13.663000 CVE-2023-7091,0,0,93fc4b825a5b5c8789b661b74bbc6e0b8bb3e21b8cd7230a257f0fe5a439447b,2024-11-21T08:45:13.810000 @@ -243857,7 +243857,7 @@ CVE-2023-7242,0,0,e0a2e483a4603c7268168685c86efa9160d5f58ee87fc9d24f5e79db33cbb6 CVE-2023-7243,0,0,a6d39b882887bd276128033c6dcfff31a17043f39200d92a23af5f19936bb17b,2024-11-21T08:45:35.613000 CVE-2023-7244,0,0,dd787f884e2543369ebf73c6b25ee7f9322d4e3bdb2c43a5e07c1a29523326d3,2024-11-21T08:45:35.747000 CVE-2023-7245,0,0,d3bceec33d92b2fc8e00eb5d511a8af5d45d09f74efcc46dedbe4e3fb3f823ab,2025-04-02T20:11:54.737000 -CVE-2023-7246,0,1,f95010aa5517ede71d8d06a29bc6b6510b2f14cbd7a81209366bc34fdafb5c07,2025-05-05T18:50:03.257000 +CVE-2023-7246,0,0,f95010aa5517ede71d8d06a29bc6b6510b2f14cbd7a81209366bc34fdafb5c07,2025-05-05T18:50:03.257000 CVE-2023-7247,0,0,459127b4ddb7748da655daf0c02ba0bc9b0ffe4b1d657c58077773df303e3f3c,2025-05-01T00:07:34.950000 CVE-2023-7248,0,0,e08fe5b96cd2595ce8fe0beefc785801fce374dd433c166a7d83d66c039f20b8,2024-11-21T08:45:36.437000 CVE-2023-7249,0,0,623483f8d33a7623194b47dbb0403fbfea5e58ac0ef6bb27b136d602dd55dfaf,2024-08-13T17:13:50.917000 @@ -244205,7 +244205,7 @@ CVE-2024-0333,0,0,8d02600923b0d02e1b6c7070d1a8ded2d1f193f4c1d7d9ca81e40af9ef96b0 CVE-2024-0334,0,0,9739f711655d826c400a7f20155e945d56271247c9d6ef10170fd1b34ef501d2,2025-01-15T18:09:14.237000 CVE-2024-0335,0,0,ad5113205ca29b2f8742e9d2c19760bae855fe4340c6c1425f590ec6a288b45e,2024-11-21T08:46:20.327000 CVE-2024-0336,0,0,29ee6e88418307cb76eac16294907a5939d0f088f63097c202d7c40f3061674e,2024-11-21T08:46:20.463000 -CVE-2024-0337,0,1,683a512d97d9c66c99b29d5ba073dfefd3a6e20271775c8da759d9002592ec7a,2025-05-05T18:48:54.833000 +CVE-2024-0337,0,0,683a512d97d9c66c99b29d5ba073dfefd3a6e20271775c8da759d9002592ec7a,2025-05-05T18:48:54.833000 CVE-2024-0338,0,0,3727fe27f98338d0784f24d2fdd1ca2918b4ed9f08d9a4ad155c10393c70df8c,2024-11-21T08:46:20.760000 CVE-2024-0339,0,0,49bf2c81c4a587b6f3f618d612a7580b0be986a746beb6b69822069b1a3cb3f4,2025-02-11T02:15:32.963000 CVE-2024-0340,0,0,06b85e7e389f102535e519915abed523ecc03a44dee82eabb84b7aa7edf5d655,2024-11-21T08:46:20.887000 @@ -244628,7 +244628,7 @@ CVE-2024-0774,0,0,0a3ae60695cbf1fb6b46462639e196f690f4742067d8c03df19a7504c30a41 CVE-2024-0775,0,0,063b80b5a2abaacfae5a63096254b2df932380f66d79f884af68cc6de5841eb1,2024-11-21T08:47:20.760000 CVE-2024-0776,0,0,660ca2bed686505040aaa48f7a31622ffc5f009822f652d4187784ead0c18fc1,2024-11-21T08:47:20.897000 CVE-2024-0778,0,0,30eb49cd347c88e24c9885e6c35305e853f72c6dfad099f02fdfd7ae4b2787ef,2024-11-21T08:47:21.023000 -CVE-2024-0779,0,1,5382f782017d30d31e7acfe1d86c1f137ca9540ae6a0a680f9691f1af7a3e530,2025-05-05T18:56:44.187000 +CVE-2024-0779,0,0,5382f782017d30d31e7acfe1d86c1f137ca9540ae6a0a680f9691f1af7a3e530,2025-05-05T18:56:44.187000 CVE-2024-0780,0,0,df5fe382cd422c8a81850b1a6536edf569fa3fe183e8c5875f6cce7981fd25cd,2025-03-14T17:15:40.607000 CVE-2024-0781,0,0,ec090e8623d296c426d777bf73f740f5b568bca8b89430b58cfac07f155ae93f,2024-11-21T08:47:21.450000 CVE-2024-0782,0,0,eb6ac71f02c8da50317a6f42c46be6a4eacf5fb7f1e59204a81a77d1a930b344,2024-11-21T08:47:21.583000 @@ -244700,9 +244700,9 @@ CVE-2024-0851,0,0,45ef73a87a1c6afd615e45ca7a9d9dd0fa42e2c7d9a703e4ca2c7848b17c7d CVE-2024-0853,0,0,65a10213ae6200b5072f62bd2bb36a10fbd368488601cdd857d7baa226a547cd,2024-11-21T08:47:30.450000 CVE-2024-0854,0,0,83def637c9c89f1d4fb66e0a5195703c48cc32d524a346280222fb102848fe7f,2025-01-14T19:29:55.853000 CVE-2024-0855,0,0,b26a361a1517ce1f709a4d519b7d04ed7dca805341418f9c5619943536f0b9be,2025-05-01T14:25:47.930000 -CVE-2024-0856,0,1,65c9319aa508f437381f52ab362396c7acc77b90d16b6ae61ed0dde4e283914d,2025-05-05T18:41:08.043000 +CVE-2024-0856,0,0,65c9319aa508f437381f52ab362396c7acc77b90d16b6ae61ed0dde4e283914d,2025-05-05T18:41:08.043000 CVE-2024-0857,0,0,f5b207eaa482f0854c3fe9058cb4359270cea2f96494248560ac10b0594a344c,2024-11-21T08:47:31.060000 -CVE-2024-0858,0,1,20cb6f06aa8aa43097cec6829120027fb00b3a6206f7d451f1468fdfda277eb8,2025-05-05T18:55:59.967000 +CVE-2024-0858,0,0,20cb6f06aa8aa43097cec6829120027fb00b3a6206f7d451f1468fdfda277eb8,2025-05-05T18:55:59.967000 CVE-2024-0859,0,0,5cfa08098ea7d06341817062d82bfdf1a0864f915add801f57f34ac3edd24b76,2024-11-21T08:47:31.390000 CVE-2024-0860,0,0,7d97ac5d2be8cfaa69d18d5d8b4ce210b5d6c546d6ceaa4d2f4600029871a6d3,2025-01-23T19:56:53.883000 CVE-2024-0861,0,0,3706666137cefbcdffb9086c7097604cd841c37aec6a1005fe4813b690ecfbf9,2024-11-21T08:47:31.670000 @@ -244807,7 +244807,7 @@ CVE-2024-0968,0,0,2adf6f675fe8367153779cf53407f6187c199dacca5503cf3367ddd720d368 CVE-2024-0969,0,0,f0f63e7c5134853236cb11c3663a549ce3f697536d3dd8f4f5859c7117e2326e,2024-11-21T08:47:55.083000 CVE-2024-0971,0,0,0fbf66131068316f18a459309bb5abd202482e32856952ee011afb233e507491,2024-11-21T08:47:55.270000 CVE-2024-0972,0,0,e58be32866f33c67069bcbf1a6ed4e3bd511aaced28f98cb0cc22c6a351ffb25,2024-11-21T08:47:55.493000 -CVE-2024-0973,0,1,aed8eb330b3491d473a0c3659e7bd14152bc998dac9bc6833bcc7f238dfe0d40,2025-05-05T18:53:59.060000 +CVE-2024-0973,0,0,aed8eb330b3491d473a0c3659e7bd14152bc998dac9bc6833bcc7f238dfe0d40,2025-05-05T18:53:59.060000 CVE-2024-0974,0,0,30450b1e1be60ec4560e59f53aeee211010a354cbda6e8888e0d09007531d84f,2024-11-21T08:47:55.893000 CVE-2024-0975,0,0,927902427c81e78a820da29ca78a14e906507ae17eb4d8834d59df87d8387cd2,2025-02-07T01:11:02.703000 CVE-2024-0976,0,0,c79dabcd2e4b14a1e26c7170d6a384930b136ebbac47519fca77529002b6ebdb,2025-03-07T19:56:59.733000 @@ -246446,7 +246446,7 @@ CVE-2024-11611,0,0,a83df79a577c5a2160bdc770d323da4f2935866142b1fd802987fee6b3a88 CVE-2024-11612,0,0,bb444eed2bab8dc9d7d3d2707a19c782bc9311cf8cab3a2875a904169993bb7a,2024-11-22T21:15:17.387000 CVE-2024-11613,0,0,a3e07cdc9334a5ecee59dd269cd691a9aafaba0a184c1f7adde95fd1410284d2,2025-04-17T02:41:14.680000 CVE-2024-11614,0,0,477321533ad9e2ccd73ec62dea3afe896674cd2e969a76f5f053d52a44b0aed8,2025-04-17T01:15:45.350000 -CVE-2024-11615,0,0,08aa0e952e031fe39045d8d9bfaf28f95561923f896169e9375e2afde673e61d,2025-05-05T17:18:19.130000 +CVE-2024-11615,0,1,ebe1f0b3c17d00127e21b2bbfff8bab2b8f10838db90ac0e635237c245e6db96,2025-05-05T20:54:19.760000 CVE-2024-11616,0,0,e26913b28255a07687c098cb43ab011833b617a595c7054a83f61ac37c974dc4,2024-12-19T10:15:13.323000 CVE-2024-11618,0,0,0e3a6f9f43124700db03eb1b663dd8529795046f0f664ad17bec9e799f8ac8d2,2024-11-22T19:15:05.437000 CVE-2024-11619,0,0,199afb7118552bdb4d05394f3b278f423ca0e36121b2f9801d8d56e20db43382,2024-11-22T21:15:17.500000 @@ -248144,7 +248144,7 @@ CVE-2024-13306,0,0,8dea45fe22ef583481b71e4e38fb1b41d30b1fbc236314f0aca5a51f0af05 CVE-2024-13307,0,0,4cdddb6e54b0e00efe19b2308669bab914d019465d5766c3d3264377dd995516,2025-04-29T13:52:47.470000 CVE-2024-13308,0,0,5a7c5de49dea6dce6146be04ca3299c64c19e3ab1de1461d50a35b802bb7ee20,2025-01-30T22:15:08.723000 CVE-2024-13309,0,0,0b3b8b334a1de7768f2a2e87180e2cff3c33f0ede7bad89f9b0bac93a7d10749,2025-01-30T22:15:08.880000 -CVE-2024-1331,0,1,9d173e21c9dc37e78754849b6df46eb1d20847c006b8fdd8b08b4a7feac03dde,2025-05-05T18:08:54.767000 +CVE-2024-1331,0,0,9d173e21c9dc37e78754849b6df46eb1d20847c006b8fdd8b08b4a7feac03dde,2025-05-05T18:08:54.767000 CVE-2024-13310,0,0,c7d7f61ed943995654d2d7f670a6eebe7c0fd61f9032347d9fa323e6d73361eb,2025-01-31T16:15:33.080000 CVE-2024-13311,0,0,8f1f9a5d171f95a7ba0f9eaa7d2951798d439c8a220f4f2f7df62ba50bf29d83,2025-01-31T16:15:33.280000 CVE-2024-13312,0,0,816e38c6c7477b967986b1dc1563e84c09b9a93286b16913543c3869e5b6d36c,2025-01-31T16:15:33.413000 @@ -248165,7 +248165,7 @@ CVE-2024-13326,0,0,4eb664f857852f85d48bed2635b2952230bd12017f152968dd72998c41f74 CVE-2024-13327,0,0,22b2dc233eb39c57d3bd79862d7125f99336f863a716fc49868f10eabc54af1c,2025-02-04T19:15:30.650000 CVE-2024-13328,0,0,4d1dab7a207525c914cb3043e0142c7adaa8689dc98e67fe7dde91ba2060a391,2025-02-04T19:15:30.793000 CVE-2024-13329,0,0,e5412e38b5e36a20b4b91ac28412089c2740ce2fd4de0961474996ae997e8d98,2025-02-04T17:15:16.950000 -CVE-2024-1333,0,1,9cf42d8b3e389ab52ed38951df1135a855d75bf7350fcef5b573b79382e72050,2025-05-05T18:05:12.950000 +CVE-2024-1333,0,0,9cf42d8b3e389ab52ed38951df1135a855d75bf7350fcef5b573b79382e72050,2025-05-05T18:05:12.950000 CVE-2024-13330,0,0,b7b2be0ee54951ff3dafd011ece6b9c03ed5903c3fe1037f6d7bd9f191433082,2025-02-04T17:15:17.090000 CVE-2024-13331,0,0,8344d9d144f3a5c761819a19f03440d07ee528586036c079ebef3527b1cc2ccd,2025-02-04T19:15:30.927000 CVE-2024-13332,0,0,dac8734d921a69995688399552e86863e8f706d7756f9f6bda00d7ba7dffbf6b,2025-02-04T19:15:31.070000 @@ -248594,7 +248594,7 @@ CVE-2024-13734,0,0,17fab3f74e78896a40ac1961915d61db429551aa26d55adeda206fce66c88 CVE-2024-13735,0,0,3547c31c6d72f19019bc47ce66440b94aad2dbe68a07077b91d9f59acae687cd,2025-02-25T03:45:15.060000 CVE-2024-13736,0,0,3362a69c50f09f93ac1b8892771db3d9d5410b27ce15edc8013225c7425828fe,2025-03-06T15:08:38 CVE-2024-13737,0,0,953343507735f2a5266f50f28008c6074bad07e93db08099c699090aa4413224,2025-03-27T00:56:46.017000 -CVE-2024-13738,0,0,a9e24d0a7b09335d3f2efc7682439cde05c7099262708fe5a19b59ede6d5e30b,2025-05-03T03:15:20.013000 +CVE-2024-13738,0,1,a2a43ded37f8ceb1fc7630cc2eabff9c04be4490179955482028503c5619e21b,2025-05-05T20:54:19.760000 CVE-2024-13739,0,0,7d1b0e1ed41ddbc98d9523d63eb2ad72317bc8ff8d3062ea0e8e7ca75a8983f1,2025-03-27T00:51:56.443000 CVE-2024-1374,0,0,8b967aad89e76e7b7285732fb028781ee942f5f6a3c1468dd34bb1833f269dd3,2024-11-21T08:50:26.443000 CVE-2024-13740,0,0,7ff99f97d425424bdc9a3d1a435df988f74877e53c6e3d16169a71dec8c37f3b,2025-02-24T12:41:27.353000 @@ -248784,7 +248784,7 @@ CVE-2024-1397,0,0,b23e8b9ccb5706ad3f8d257df0efb1d8013c2af60938dfd6b0df8c51fda395 CVE-2024-1398,0,0,9645ba9f8586ede4d8e9304631788266d0cde74989f61af36e6ddca7859998d4,2025-01-08T18:39:21.643000 CVE-2024-1399,0,0,de4ae2e68321a6c15c8c7d567274d914b003ef22dbc953f97581fd2a2e98f996,2024-11-21T08:50:30.073000 CVE-2024-1400,0,0,bac94fa923e5d8ff034c18d15cece1c7c0b0b8e72e665f80cf1c9da5ac122607,2025-02-05T20:56:20.887000 -CVE-2024-1401,0,1,3f5a6ec4e213aaaa2419af3f9010e903695273207314f34dc54b8c7847ee5e52,2025-05-05T18:51:21.257000 +CVE-2024-1401,0,0,3f5a6ec4e213aaaa2419af3f9010e903695273207314f34dc54b8c7847ee5e52,2025-05-05T18:51:21.257000 CVE-2024-1402,0,0,c16a2bb5e28338a9b7a8e909fd1180bd46f3314048e1fd4a395f2a2357ace438,2024-11-21T08:50:30.447000 CVE-2024-1403,0,0,586131040c12c42e3d4d259065af315a9ce447a030f9164bd11968bf5202492a,2025-02-11T17:40:59.267000 CVE-2024-1404,0,0,72e7bfa50d663f6618ea5cb7b36bb28904508f29cf1e05b2cbe5def310af3816,2024-11-21T08:50:30.790000 @@ -249021,7 +249021,7 @@ CVE-2024-1654,0,0,54b765485da31e34b294f618921ee811c38caafb34113ca3e291e29f9af89f CVE-2024-1655,0,0,73472418806d29e6d771b815384afb3f8654a25ef96081ba479a56044724fb2f,2024-11-21T08:51:00.953000 CVE-2024-1656,0,0,e243f4b9296b3740f96ff646ddc835ed81a3996419b970e73520fbf18022e5c0,2024-09-11T16:26:11.920000 CVE-2024-1657,0,0,9d0dcabd947122c0ce24953e05521475a0c3a91683a93bec3c9f2dddcfbfd885,2024-11-21T08:51:01.173000 -CVE-2024-1658,0,1,4d795cc15cad6aa1bfd13a1267c7b50f2018f037dfc62e7d7aeb88785bb27473,2025-05-05T18:02:16.590000 +CVE-2024-1658,0,0,4d795cc15cad6aa1bfd13a1267c7b50f2018f037dfc62e7d7aeb88785bb27473,2025-05-05T18:02:16.590000 CVE-2024-1659,0,0,89ae27a5a9ba7c42d9a91c4b580358dd8ae6b774fde1ed1f21377fc24269979e,2024-11-21T08:51:01.463000 CVE-2024-1660,0,0,0b36a025a7cf15647cb940ade020894d26d5070278e93d1cba73cc4d9e477666,2024-11-21T08:51:01.610000 CVE-2024-1661,0,0,57419dfac19fc8b1117ab03280b3c2a88810749b66775f5fc9b43a910e481cd7,2024-11-21T08:51:01.803000 @@ -249334,7 +249334,7 @@ CVE-2024-1979,0,0,450c8bced69f6acee39bec8a0cbc5907a91ea6349c4a430e3400e611d5082a CVE-2024-1980,0,0,d05d6a10f51fa5cb95450081d05531b2a97dcdb5a95466a13c126d057076b9b9,2024-05-31T15:15:09.393000 CVE-2024-1981,0,0,cffe2c737efb8789ba097f31f0d9c0625560e844705711832217b8456fb6a355,2025-01-16T19:00:16.603000 CVE-2024-1982,0,0,2c3b991abfb1cc6b904427c7ec7611215da28588e140d0bf73ea79d1842c6579,2025-01-16T18:57:54.527000 -CVE-2024-1983,0,1,eb45f2d3ba72e56172fb7f2297a8c9100fbd9d0362cf9f1d8cf7fdb36a60704e,2025-05-05T18:38:46.200000 +CVE-2024-1983,0,0,eb45f2d3ba72e56172fb7f2297a8c9100fbd9d0362cf9f1d8cf7fdb36a60704e,2025-05-05T18:38:46.200000 CVE-2024-1984,0,0,920a1bc7dc8c1d74f9ff491089d69f3f520c921e97285bdabccea7eeadcef6ee,2024-11-21T08:51:44.100000 CVE-2024-1985,0,0,4057968660f4629a99234942fb0c77f034584df8c8d7585d728187ed350ba8f2,2025-02-05T16:43:56.660000 CVE-2024-1986,0,0,3ecaed9768f7e044532c47f6d5039af79180cdbe72b916e1350038f4d07e8945,2025-03-11T16:40:10.820000 @@ -251516,7 +251516,7 @@ CVE-2024-22389,0,0,451a7370dbe68208fd5aef88fb0780dc2891f5bc8fd2d914fe14e4c93004f CVE-2024-2239,0,0,5a7de56b46399cefd4d1704e58435f9b06b1b4b25f3a0e1cbba9562eafa91ca6,2025-01-23T16:35:08.010000 CVE-2024-22390,0,0,ce5d3d381f54505e0b8006b455f1f7b21f5167c3563cd40ef3a04a5c9787da18,2024-11-21T08:56:10.857000 CVE-2024-22391,0,0,613921831a91bcce15248f83a80e873279b6660a96fbc962ca6ad54492d854fd,2024-11-21T08:56:11.013000 -CVE-2024-22393,0,0,e1a4cabbf33bf82d09280aadf022c297d173874aef9dc512229b3da909815271,2025-02-13T18:16:48.463000 +CVE-2024-22393,0,1,d220a30bf12dc08a475c8eedea486b78c6f84e7fbb387fb7cc34164caf7de7d3,2025-05-05T21:00:08.810000 CVE-2024-22394,0,0,6a4dd319497532e11fb5ee3011a2c17aa149cd3e72d770be6f58ff81216b7f08,2024-11-21T08:56:11.347000 CVE-2024-22395,0,0,f5a9d3a805e1203fac3ac334907116e26be91933941b94b88e6ef77604f5fb3e,2024-12-05T17:04:30.223000 CVE-2024-22396,0,0,a6f86b280685a8077d64ea0c4e6e62471b49d7ff7e81586c6e52ac5aa39b1293,2024-11-21T08:56:11.697000 @@ -253366,7 +253366,7 @@ CVE-2024-2506,0,0,e4304dbfd8c5eaa87b226dc63744eee53633a6c1699664663a058e69d9457f CVE-2024-25062,0,0,33d5a68ef3b936424a736429c0cf52857e2954c9e23e61044543b96f4ce8f6aa,2024-11-21T09:00:10.427000 CVE-2024-25063,0,0,4c7ca004f54b50bed35c2f501d8937a0c1866b12746d59b80666fb955342e885,2025-03-27T16:15:22.760000 CVE-2024-25064,0,0,630189d4352af193613c5caf500a30b1ea966acedabfdb6b6c44c8c9c90ff2da,2024-11-21T09:00:10.703000 -CVE-2024-25065,0,0,4f37142c5e5ce3f92a8b909e68cfc1031cf2a7c815eeb0d4109e6ff370c9afbf,2025-02-13T18:17:13.343000 +CVE-2024-25065,0,1,173726f48c3a5651fc406e3117a2a40eea1debb7b7d75b17dfcd31b267c4f30e,2025-05-05T21:02:31.940000 CVE-2024-25066,0,0,b1636709be135f3fd4fb34d1f37e95f4010fd04e0a50cd29f71050b819c19472,2025-02-17T21:15:10.993000 CVE-2024-2507,0,0,d2bd12e43cb16137b76052767012daeeb5681b81f827ee8546e5b590614b4a24,2025-02-05T17:28:13.613000 CVE-2024-25073,0,0,b773096cbe22b7b2359c05c5b9b8c5d77df4ed93f4aca2b5ee2c4c6254770bbe,2024-12-04T21:15:22.230000 @@ -253829,7 +253829,7 @@ CVE-2024-25724,0,0,e0bfae1578de6d009c2ec567f45727863a3aaa4f54ddde5da227f1c075d1b CVE-2024-25728,0,0,249547664dee94486de7d24f91565612df1fd7ba5870da82cfb8177b2a0fcb61,2024-11-21T09:01:17.043000 CVE-2024-25729,0,0,3db67ab23a258a05979984a126775ad307c38690f174be37fd98d41efab8557a,2024-11-21T09:01:17.263000 CVE-2024-2573,0,0,57a27569f00533bee9ef2825ed2d131f63222e4eecb59af9eff21758bbe1c7f6,2025-02-20T18:12:59.823000 -CVE-2024-25730,0,1,a3f40cdeadc0746d34aa88aca10dd05a3714f9af1e9a3287e0396f12ade56eba,2025-05-05T19:16:50.050000 +CVE-2024-25730,0,0,a3f40cdeadc0746d34aa88aca10dd05a3714f9af1e9a3287e0396f12ade56eba,2025-05-05T19:16:50.050000 CVE-2024-25731,0,0,23c90892bb3a72d123390e073ef6f8f902d4cf65e44890c3ff8940f2d448fc74,2025-03-26T20:15:19.587000 CVE-2024-25734,0,0,527e447a884a88a64384bec0a173ecf9ef880b10e8ed79a82efc55a8a4a49418,2025-03-18T15:15:47.980000 CVE-2024-25735,0,0,9fdea3ad6de7f4f83bd747335b88ba4bc80cbb63cb46a203f3f828d80e36aca1,2024-11-21T09:01:17.970000 @@ -255504,7 +255504,7 @@ CVE-2024-27747,0,0,6f1ddae8b249acf53b9166e440726ecfc1ce36472977a70dc04ccd917691b CVE-2024-2775,0,0,c7ffaeb0461f05cca21e646af6acc77ea3eef3d3454b74ba7b43a7ce629618f8,2025-02-20T18:29:08.757000 CVE-2024-27752,0,0,51f44ea4d791b236f1be7a96290ec94dc23c429a938add370ee6be6fe01f7126,2024-11-21T09:04:59.627000 CVE-2024-27756,0,0,e93ad2fc2a071bfb70f8b4c256623e40cfa1d2e82cb7ead180eb27a2cd889aaf,2024-11-21T09:04:59.863000 -CVE-2024-27757,0,1,7ec78a2cac909ee6a28cb913a9ddf8ee3cecfa41b9a77222a6bb8ba8bd947026,2025-05-05T18:13:19.633000 +CVE-2024-27757,0,0,7ec78a2cac909ee6a28cb913a9ddf8ee3cecfa41b9a77222a6bb8ba8bd947026,2025-05-05T18:13:19.633000 CVE-2024-27758,0,0,0de54cc7d1bb775e1a420d07eaf51d2b86419d1e732ab9300e9b648b00610ff2,2024-11-21T09:05:00.297000 CVE-2024-2776,0,0,ff0c299b0adedb2ca09689e98f8c59d5c756fde1f6d767c33af6b85645f2595a,2025-02-21T18:36:45.960000 CVE-2024-27763,0,0,32383ad7216cd232dc170dc5d60505abb688dedd04dc8e59688d18a30e13c95a,2025-03-12T18:15:25.373000 @@ -258559,15 +258559,15 @@ CVE-2024-31857,0,0,20dfb12af53dc65b264ed20f498f15824869d4ee981fc0225fa3ba43b4458 CVE-2024-31858,0,0,fb7ea5972ca29ef5dbb01c13ffa0f30c065ee6f5e39915061b97fa7a1c736b37,2025-02-12T22:15:33.340000 CVE-2024-31859,0,0,5188bfcb73daa943c532580bcafd9e1ae4e11ae27457e4083ab53378c72ba6e7,2024-11-21T09:14:02.070000 CVE-2024-3186,0,0,6a202e3b12d67ed267f46ad36df1ad5893d1c9a9eec4366d9174b91b675690fe,2024-10-18T12:52:33.507000 -CVE-2024-31860,0,0,f35a8fa9a8832f625aa4d739ebced8b4d51fddec8d2dd2c82a84839c6dd58817,2025-02-13T18:18:00.030000 +CVE-2024-31860,0,1,bcd4a268ff5a1541e84fd518c7134d8d688fbdfc2ecf74e263366653f07cf363,2025-05-05T20:49:47.687000 CVE-2024-31861,0,0,7e520905222b40b184cd37e76ba3749bb6aceca828ca7e9efda91954bb808b66,2024-06-21T10:15:11.757000 -CVE-2024-31862,0,0,d345db6b0317c5edf01ae6d44af7f9daa32854a5f34e37851dce3b79b8efd163,2025-02-13T18:18:00.207000 +CVE-2024-31862,0,1,bbdbd88286987ceeb21e0bbb86a117ae7f13bcafde5fa4e0d9c3bb28d536d125,2025-05-05T20:46:55.243000 CVE-2024-31863,0,0,aeb39e417b9eecc809e9ff081abed4e80cead76a38e2a1138d98e49a8bf9cfcf,2025-03-25T19:15:42.637000 -CVE-2024-31864,0,0,bac8cd2e7f5c02cb6e51c85344e368bcc6dbd1279e97571453f08b3442c9b357,2025-02-13T18:18:00.517000 -CVE-2024-31865,0,0,b4d8853818e13f7a9e69b870f9268ac4f079e13aff0bed89aa68a4609c1ac061,2025-02-13T18:18:00.710000 -CVE-2024-31866,0,0,02666332b4e4cfe567d1961740960ec530da26a7ebe536fbb8f05e78c4a522cb,2025-02-13T18:18:00.873000 -CVE-2024-31867,0,0,f6c9bbfc49d8c3491c6cc0aee540952a71c8c3a6dc73c46c9138ce952c32fb48,2025-02-13T18:18:01.063000 -CVE-2024-31868,0,0,fcb0100b040b998d1b50fa06082ee5b25297e25786bb8fe79409eddad34de70b,2024-11-21T09:14:03.497000 +CVE-2024-31864,0,1,7aca964338c60c75c0c91afc3bfc231a1809474243d498456bdbc96bf07d654b,2025-05-05T20:27:35.617000 +CVE-2024-31865,0,1,8eb79f64883a7a728e3175c448545e972491f74df7e56f2d3865adb79bd4b32a,2025-05-05T20:27:58.593000 +CVE-2024-31866,0,1,42085a1c70c0858346c42ee4a6c65bc0aec5c21cbd69e1ea2bd1ba84ed2a837e,2025-05-05T20:09:58.807000 +CVE-2024-31867,0,1,560e5e1eea41aca08bbac51ef9f3c42ed06dd070a9aff2820b285ea7a55cf4e9,2025-05-05T20:12:05.860000 +CVE-2024-31868,0,1,775a784ac7b6e30056233bc25f85a3845a3faefbe1db569dba8f2ad289ebd104,2025-05-05T20:11:35.210000 CVE-2024-31869,0,0,ebe45d76895032fc54f5417d14d6f8106347521e7a80f0af2fee535ce3500d81,2025-03-13T17:15:30.837000 CVE-2024-3187,0,0,c0e5052d9b952d8b8908e4d27ef2406b2719f78ee0fedcc13d2d47e8cc27cd87,2024-10-18T12:52:33.507000 CVE-2024-31870,0,0,a22970b8b31c24a890ef795348787c61b651a2014a187c16beca7c8cd6d6b381,2024-11-21T09:14:03.823000 @@ -258840,7 +258840,7 @@ CVE-2024-3218,0,0,81581ac92c0291d6ed71dd9b38de9b17941e2f3f078e37375ed0e3bad56cd4 CVE-2024-3219,0,0,3436a48eefb6e374b0b41c8e6d01dbcbdf9a5be74956c1aef95b1c2c9d25a13f,2025-05-02T23:15:15.613000 CVE-2024-3220,0,0,c766422298c136f4a8e45324514ac876059fb77966ac9b6e9eab0ff9acaf57d7,2025-03-14T10:15:14.917000 CVE-2024-32205,0,0,b515c22daf534e23184b3e43b254269995ffc71b09793c9a7a083a2ff7d807bb,2024-04-22T20:15:07.210000 -CVE-2024-32206,0,1,ca788af868c82074309b27d9a000c5b669fbab46402f1e3def28fedc1eefbceb,2025-05-05T18:14:23.690000 +CVE-2024-32206,0,0,ca788af868c82074309b27d9a000c5b669fbab46402f1e3def28fedc1eefbceb,2025-05-05T18:14:23.690000 CVE-2024-3221,0,0,fbb7a14afa7e12fd61e8f2e6d02c1cbb45291067b61c8d84c5ba89e09aeb2bdd,2025-03-06T16:38:05.583000 CVE-2024-32210,0,0,175315f9813fd6f2ac4a742dbd54281d7bee9ff41ab24185218217ee2af870be,2024-11-21T09:14:35.530000 CVE-2024-32211,0,0,7aeac149ce230244d2b917a1cbedf2ade22ef2010393663a9a7c7fa147fe421a,2024-11-21T09:14:35.807000 @@ -266193,7 +266193,7 @@ CVE-2024-41745,0,0,6dba06d9ea0cc08ac8425e0341c71668811a6cd02139664e48e7481acbda9 CVE-2024-41746,0,0,989806c900ffd11c21b1fa6f91d833c84f6c1680e4b868bdf0c4c4b2010f26cb,2025-01-16T18:15:22.863000 CVE-2024-4175,0,0,5386392290fa38470dd8910cd3753515f25308d1edd31217aca2a63897449a15,2024-11-21T09:42:20.143000 CVE-2024-41752,0,0,04e93d2aa0d5f5c09f5bd50535183c7216d854c9071e1cb65e129028f085fb9a,2025-01-10T19:33:46.213000 -CVE-2024-41753,0,0,869cc0515d0680322e5721d3d71acc8f783e5f478fe90d4db66b98f853935ab5,2025-05-03T16:15:19.150000 +CVE-2024-41753,0,1,7d5d6a26c816a6da1d27260fc9700aaf448c7816bdd6b78cc084f410c6247da9,2025-05-05T20:54:19.760000 CVE-2024-41757,0,0,8eee660178ae839f23e8fefc895013469015edb1d9ab0b306f9f05d48053bb5c,2025-03-04T17:54:27.553000 CVE-2024-4176,0,0,bbebb00d63b41a3619ef35d6461fab3b8fd8271367eb9c2415dbdbc268e57b15,2024-11-21T09:42:20.253000 CVE-2024-41760,0,0,b4f0afc16edba57e674ab684247d68ec8bac5e6e8402e570fc600a4b5b409dd6,2025-03-11T01:15:33.427000 @@ -266620,8 +266620,8 @@ CVE-2024-4220,0,0,c10e6b612d929680611c4be467944f24a66f27a0712499a1f349b6953213d8 CVE-2024-42200,0,0,66659188c246db72ae2036019c20cdc2a8be48b55af2e6c3eb8bec75ca164066,2025-04-15T18:39:27.967000 CVE-2024-42207,0,0,7999bd374d3d2e00ca96b064d6050023c869b6b304031749819fd6f354ea6a70,2025-02-05T16:15:40.447000 CVE-2024-42208,0,0,7279db8edf90469f45fbe58ad50ae0f2729b6abb33262abb49e045282c050905,2025-04-07T14:18:15.560000 -CVE-2024-42212,1,1,74caea12426ccddf68e308aeef3b81dede58f92b261b0ef36cf87707dc6074bc,2025-05-05T19:15:55.353000 -CVE-2024-42213,1,1,c1165ee950be236525ad83bd2dc192302ec0ebb021e9a3decb84a22144754908,2025-05-05T19:15:55.500000 +CVE-2024-42212,0,1,a164f2b4cc049592775785be1c49ef168e2eb0899109bb28ee9f7194cb739419,2025-05-05T20:54:19.760000 +CVE-2024-42213,0,1,1d72825305b8026716f880b89405a77ffb05de9268655d0c237db25f1a15f146,2025-05-05T20:54:19.760000 CVE-2024-42218,0,0,3bca921601eaa25faf0015687ed4f595ccacf0ae5ca15099cde7ba2db042877a,2024-08-12T18:27:54.660000 CVE-2024-42219,0,0,a97969401a201997f2184a96905a9ffb0133ef1ebb5bd9c9a8f1fdcbd582f6f4,2024-08-12T18:30:21.627000 CVE-2024-4222,0,0,78ad3754433d9edd7ad7b04b2e437643c27bc5a8227a6a311a1fd475543e40e7,2025-01-22T18:23:01.487000 @@ -273962,7 +273962,7 @@ CVE-2024-51988,0,0,a45b9470dfa3fc9b3b82cb1bacb88f01f17e4e8292b3ec9c884e93e16e6b1 CVE-2024-51989,0,0,a62aa77319eb44e1ae15c0a171eaaf0800894194bc1d4e92f5debdb86b23946b,2024-11-08T19:01:03.880000 CVE-2024-5199,0,0,d333876b86dd47d072d00d7ea63e4dd70ed8e2c600b5ff8b7c9ccd7e5bfa86b1,2024-11-21T09:47:10.500000 CVE-2024-51990,0,0,9ede6495077ce4387cff0262327d989792f5ae4f5e91ddd40c08013523ab4959,2024-11-08T19:01:25.633000 -CVE-2024-51991,0,0,95e0cf8e30bdcdaec45fb94f2d92ec8f3091873facb633966b395b780ebb67a8,2025-05-05T17:18:44.853000 +CVE-2024-51991,0,1,9810335c9edd065cc38a051e7125b47cefcdf1c52bf8aca601b2e79feb353747,2025-05-05T20:54:19.760000 CVE-2024-51992,0,0,abe3dd87e571aedaed7f45c8497cc934b59698d127808c4551bbc7ac77323e85,2024-11-12T13:55:21.227000 CVE-2024-51993,0,0,6fff9f8be3a1371206df91a0681d43041964e0138134dfc7c2d4e308447095bb,2025-04-04T20:05:22.140000 CVE-2024-51994,0,0,69cbaa682f90d13755013bbee5670cf2d6679324ee0a1cef1c20175995eeb6d7,2025-04-04T20:03:59.507000 @@ -276057,7 +276057,7 @@ CVE-2024-5506,0,0,3a939cb8d1b19c0888bb3cd98071317aca0cf323e5a9cf329a9932ae18f6a9 CVE-2024-55060,0,0,ded18f12a3a0df91ab6d5c5bce845c4df60609680d3f23e558e770bad8a0740a,2025-04-03T16:30:04.377000 CVE-2024-55062,0,0,3123150d46b761ada11b83c374a54e9242d8e139ac058a4ffae965af3a17f30c,2025-02-11T22:15:28.900000 CVE-2024-55064,0,0,d70e68d4be0dd347bbd63a462911314935d644c9781ea6458c9d9173090f4c9d,2025-03-05T18:50:13.373000 -CVE-2024-55069,0,0,84bf96ab4ffdd80fde64a5736d5ec039c6feffaa7b3bcbb20d36e3e20abc0ef0,2025-05-02T22:15:16.750000 +CVE-2024-55069,0,1,bf7d9996c594f4f0c59362447445fe6697fb09e264d11871f739ef44d87b5421,2025-05-05T20:54:19.760000 CVE-2024-5507,0,0,cabca8bddf4a6d02e76f27981f16e33bb9535f789d53e187a16cce78138edc2d,2024-11-21T09:47:50.337000 CVE-2024-55070,0,0,3568834de5e6c4cfd90fc3eca6b0a215c1a501125b216b6c8d4a62f5e05ee025,2025-04-11T17:04:33.603000 CVE-2024-55072,0,0,892cc276075900a0acf9bfa9f6263a0321d503870f8541fde3806bfe4ba83664,2025-04-30T16:42:57.130000 @@ -277282,14 +277282,14 @@ CVE-2024-57225,0,0,12aa7703dc18d8ea4366b93d9c817ae8683944e7a70bd486b9748980d2358 CVE-2024-57226,0,0,dacc68de9095473e533741064656d3c926aaffd515cee4814bd16a22ad01f892,2025-04-16T14:16:25.213000 CVE-2024-57227,0,0,ef92a7d8b1b9aea18b937014e0afd1978cd3b169e556357e2a815efd84fe1724,2025-04-16T14:16:35.800000 CVE-2024-57228,0,0,74c502690fb2685d145160488ee0313be51fac02aebf4fb60c4246209d543c23,2025-04-16T14:16:45.610000 -CVE-2024-57229,0,1,c1e3a4c23f9bcd1574461bb8d4cc14bee8217e76a9c5ae915f0e0eb097cd429c,2025-05-05T18:15:39.900000 +CVE-2024-57229,0,1,a0db87e0c1a3adeb58fc6b64031a5f6eea69fe5b9a7034347e3e616b6d866dd8,2025-05-05T20:54:19.760000 CVE-2024-5723,0,0,e9a9bfbb365da81a3cbb0381b41b1530e9a21124d15e20f7ac8fec3dc25c5b02,2024-11-26T02:16:48.200000 -CVE-2024-57230,0,1,6484508d0ad6c52c851df1aee438cb709a165fbcf293dda567de966309e2b564,2025-05-05T18:15:40.047000 -CVE-2024-57231,0,1,87eda3d045e38439dbd4929d447dde5cdbc12a0c452e4e9e1aedca984de0e6fc,2025-05-05T18:15:40.193000 -CVE-2024-57232,0,1,2ee38b50bdcae43cd283891df1af99480fae6fcfec245772b8d7112f2ccddf91,2025-05-05T18:15:40.340000 -CVE-2024-57233,0,1,b4c9cdec4b25e287cf726f00a34249bcb4b40fa2354f3785c7be70ea17a378da,2025-05-05T18:15:40.493000 -CVE-2024-57234,0,1,7141c282ecdb5476e9c5aedaa333649502b478fc09a2ec90942b843841f8fb07,2025-05-05T18:15:40.650000 -CVE-2024-57235,0,1,daba47b3676cc8d19019360e28980f842136e2245af823c5ed8de60150a33def,2025-05-05T18:15:40.797000 +CVE-2024-57230,0,1,6d040cb65ef90b1019e9a2d63bf281d958ccb4c0c74829a69c9c18648a00dd4e,2025-05-05T20:54:19.760000 +CVE-2024-57231,0,1,c8b3e3a7b0554550dfb5438fbbb896b42e0f5231a498bf20c6f136a96452f3cc,2025-05-05T20:54:19.760000 +CVE-2024-57232,0,1,1fcca736e70b34b70395962baf0bc32d4607f98063bbcbca1d087139d93cc356,2025-05-05T20:54:19.760000 +CVE-2024-57233,0,1,9502358d1177d9890b515893860141864aeea6eaa655988f05d4ad3792e9b3c1,2025-05-05T20:54:19.760000 +CVE-2024-57234,0,1,f0b484a39066d38ea5437fc96e1945d4ad88ac9ae30deb068497cd61c282162e,2025-05-05T20:54:19.760000 +CVE-2024-57235,0,1,b233fa6ef41f473b8ee3a59ff80b330c457821b001c1e3a6629ae0e85716c7b7,2025-05-05T20:54:19.760000 CVE-2024-57237,0,0,fef0cbf59beef0bbb0800c060e5efd45e878e97a99de79a05a81bee9e443498e,2025-03-03T18:15:29.913000 CVE-2024-57238,0,0,a6b3be788c3bc4fc051e3d4d8b4703fb53567dec95099f9b84b95f6aa023a077,2025-02-12T20:15:35.620000 CVE-2024-5724,0,0,3819aa5efba8f524b2e05daa0542d560ece04ca1ec3f26079bc1135d63d2a09c,2024-11-21T09:48:13.843000 @@ -277834,10 +277834,10 @@ CVE-2024-58094,0,0,8782554bc1cb811541a04fd5d44adc0e07d4f24c9b0379c52881ede96a6e3 CVE-2024-58095,0,0,5a11b1a1572d7f73207595e48df39b1cbc4887f1b9dadbb6561746f204688aae,2025-04-17T20:22:16.240000 CVE-2024-58096,0,0,e3cf19ba0049ded05d28f9f4eee1d254b368b8d7f24ce5837d77302ac8b64350,2025-04-17T20:22:16.240000 CVE-2024-58097,0,0,829351fa47e1ca310ec798ee35487845f1d2b10416b1f63b0d0df39432631b4b,2025-04-17T20:22:16.240000 -CVE-2024-58098,0,0,4ad328d271f3a72f50677bf4d93100ab754998c46d132bf17b2769df86d5cd26,2025-05-05T15:15:53.810000 +CVE-2024-58098,0,1,4e880f5e2310006bc617cbf1e7f8e2f966522be5d04edcd463b67500cd0e5373,2025-05-05T20:54:19.760000 CVE-2024-58099,0,0,1c6f89da4311047427174f81b5d3582c8815da6118534d0fcb2e3de6182139e3,2025-04-29T13:52:10.697000 CVE-2024-5810,0,0,1cfa1d347c98633461d8a7b5c70e7a88c8da42418f63ef991acf03eb3681102e,2024-11-21T09:48:22.557000 -CVE-2024-58100,0,0,64b267ab0e9289d736e04fecbe509c573f731dfcf7f1fb351ff3499a8b6d64fd,2025-05-05T15:15:53.913000 +CVE-2024-58100,0,1,ebce603f5b723d8ab1173d8d8838e5cc90dece6d9fdb6978242471d88966134f,2025-05-05T20:54:19.760000 CVE-2024-58102,0,0,dd42630c366d4fe40426e956fe445b75d82fa202b00380f941f341e0dcc8270f,2025-03-11T08:15:10.917000 CVE-2024-58103,0,0,10a7b3d9d518bc786063856000a89f8cacb058ea7d9597066e2f5581bacc0a09,2025-03-16T04:15:12.313000 CVE-2024-58104,0,0,ef5194668e17b2fae71aeef1b8cd3db28854aa445adae506302dfff073d0b351,2025-03-27T16:45:46.410000 @@ -277865,8 +277865,8 @@ CVE-2024-58130,0,0,b1da61426890522f6374bed5d854c2d8adfdac7556fa6282fde3bf2122dc7 CVE-2024-58131,0,0,bc4908e979254be0dc1e1176cc36e7e2691904c3630b2abae16ce8f2a4516d81,2025-04-08T16:45:17.107000 CVE-2024-58132,0,0,87fc99e96492ae47f7ae88aebc39cca10a37119d96d5c66e6cef7cf588ab7762,2025-04-07T14:17:50.220000 CVE-2024-58133,0,0,4511afb6f4930bee53375abc516811f9928c158d8decf5ac029097e07f67929b,2025-04-07T14:17:50.220000 -CVE-2024-58134,0,0,b0cccbd2ca3eab170463d49674e8d82e68d13d9adaf1eeb9ae5c316ff1ed9066,2025-05-03T16:15:19.310000 -CVE-2024-58135,0,0,8af43e07194e980e3ea0f7075113ea9e4ee30e7cada80bfaad49d2081f4bd709,2025-05-03T11:15:48.037000 +CVE-2024-58134,0,1,315addf4712d31830c6b48bdc88670592c911d70c04b8ac52f87e62d57fbc2c4,2025-05-05T20:54:19.760000 +CVE-2024-58135,0,1,0378e5f34e4f45272a2636f33428001166ce1b8f8496bea72cf0bc27761d0a99,2025-05-05T20:54:19.760000 CVE-2024-58136,0,0,7d42d622ee4e18724ac12c03124fafd081de4815b0d827e3b883d9598d043c28,2025-05-03T01:00:02.097000 CVE-2024-5814,0,0,409f119643711fe465e9fd028af3caf838fd31e85495ee2ac73938edab3d7b3e,2024-08-28T12:57:39.090000 CVE-2024-5815,0,0,aa6c60bd870ff05880c843bf9053a612a42ac0af7385b9bf8cbbf1b2da2f2182,2024-11-21T09:48:23.203000 @@ -277878,14 +277878,14 @@ CVE-2024-5820,0,0,2c0985f3b66fb0ad2bec318f7e5cd61bb5fb275037c5522342e1692fe433f6 CVE-2024-5821,0,0,cdc4850be9f4379fb404f40f957b7dcfb9ddb61cd13ba59124a4fa6283f25e1b,2024-11-21T09:48:23.980000 CVE-2024-5822,0,0,8c7f438faa6a9af9b480613b911dd93a88e19e70cffdeac82cc67d739c737fc3,2024-11-21T09:48:24.107000 CVE-2024-5823,0,0,5123d89c111b48b404a1b53c7b20aef07938a088538cba82da9ac7e629cc09b9,2024-10-31T18:05:00.637000 -CVE-2024-58237,0,0,fff90e77db198c38ad8b386637f8dd51a9de24bc89559ea8756ec0d81f710012,2025-05-05T15:15:54.010000 +CVE-2024-58237,0,1,ac1f2c7bde63a9f389bec68e581841b3aca0e75c10896e35bc7e14950fed0ca4,2025-05-05T20:54:19.760000 CVE-2024-5824,0,0,e1bcdf6d43e3da8ae6ba6ab7de5f8d3f3eaee723b9a1ed9af8e8dbb46b2110c6,2024-11-21T09:48:24.360000 CVE-2024-58248,0,0,7692b9f3aadd9d67cd9e0636049612c05994b9b19e06740b9f1997015f2271cc,2025-04-17T20:22:16.240000 CVE-2024-58249,0,0,46e082cbdc4436e2ec6bd62f3df3fb3fe143b90b067e29566efeb2e0b2706af9,2025-04-17T20:22:16.240000 CVE-2024-5825,0,0,682d9c8db78e32760516d35e8d80736a485272125d13ba44bf7f0b379940e54f,2024-06-11T10:15:13.960000 CVE-2024-58250,0,0,0cee348f53514c8f66fdd102bc185afc75a5fff72792af4fd24660f96ce22a9b,2025-04-23T14:08:13.383000 CVE-2024-58251,0,0,3d7ad675c8c4ca6bbb888df41dfca6de49cf5c8949b93c3f966477ed760827bf,2025-04-29T13:52:47.470000 -CVE-2024-58253,0,0,14a6fc1e14dc0a9118de3c766f39a2f8a0219878ce328836de0ce123b4b0b79f,2025-05-02T20:15:19.793000 +CVE-2024-58253,0,1,da49c0596ff21f0dcbb928a2ca6fee65885d12875648098fb736cb7c8162f298,2025-05-05T20:54:19.760000 CVE-2024-5826,0,0,676ce5cec2202232492aeb7a31cb471cd0485dd44f0bad4d2271201c9d98c0de,2024-11-21T09:48:24.490000 CVE-2024-5827,0,0,12cdd01c3634b5f2da13128a187bc2d1c8d9fa87429a9aed8ec50812f82df183,2024-11-21T09:48:24.607000 CVE-2024-5828,0,0,73069a2f9dbd005f637a8c432d288f4c861c4d147da919c5c71f3de2432e48cd,2025-01-08T21:25:28.967000 @@ -281845,7 +281845,7 @@ CVE-2025-0212,0,0,bf62aecf255e3c107b1f8ae1243f979d37788235358b8c06d3603332ccadbc CVE-2025-0213,0,0,e55edcd5a8474480d6ca0507c44b56e0b37e6a395f430858b1ac9e770e3c02dd,2025-01-10T18:55:12.317000 CVE-2025-0214,0,0,8fd80d5845a5af418b45c515a846246c32cd1e8b93613f2b5c701a2019de48ed,2025-01-04T17:15:07.507000 CVE-2025-0215,0,0,08cb0e78d8518652d70806039da4be5d34bb246340a84dd1b7de87a550ad62c9,2025-01-15T23:15:10.453000 -CVE-2025-0217,0,0,fa0e5af6bf13463fb8a3a77e46a06fc4881c4d2545880ef44d83ee7d6523cf3a,2025-05-05T17:18:46.720000 +CVE-2025-0217,0,1,e120cd9c0b142aaf2d5231badf5061c410d4e63284a9ad7ec8064fe070e3176e,2025-05-05T20:54:19.760000 CVE-2025-0218,0,0,905ae324381201a99fabd7cee311f0688c1f029e9b30f8a17cd6239fa2b9ecb9,2025-02-11T21:11:36.480000 CVE-2025-0219,0,0,8fdcc96f4497aabb4a45b773ad5b642effeabe1cc88004f9fefc04185a8e58ad,2025-01-05T06:15:05.183000 CVE-2025-0220,0,0,5164909e12cef44ecdae5d30550c919a9d90fef93d4aaca4d4f457285645874f,2025-01-05T13:15:05.850000 @@ -282267,7 +282267,7 @@ CVE-2025-0764,0,0,77273f85eebda75df5c1b10c7e10eb8fa4db2d37828ed49e781e9b73668180 CVE-2025-0767,0,0,36072095d56068369b20f52bda087faaf294ad12e2f47acd8ec63d7b2c7819ac,2025-02-27T19:15:49.350000 CVE-2025-0769,0,0,8a8ea5cb17f2fc341a530991a05db29f5eab49abeb8ca520192f7b46c34ee88f,2025-02-28T20:15:46.440000 CVE-2025-0781,0,0,b187217e5320659130c2f954520571f906b51edbf3680129182cf06170507db1,2025-01-29T22:15:30.187000 -CVE-2025-0782,0,0,b1031a51d215b5d69d2748193a0b5c4bb34ebaef14d4434fc24acf1a1b4efe04,2025-05-02T21:15:23.550000 +CVE-2025-0782,0,1,3eb046c378c9312275ee8c7067d593916e6e0f26f8f84553bc84f9f72e145760,2025-05-05T20:54:19.760000 CVE-2025-0783,0,0,a1a945868267bdb320547ed220abbc700a32cfa153b0093b401f18345d541648,2025-01-28T19:15:14.410000 CVE-2025-0784,0,0,4eaf34ca2eb1e58d1808f28c199f31d018cdb7dce226b156d3dea721938df5ba,2025-01-28T20:15:56.230000 CVE-2025-0785,0,0,c2281f34981d432ddf6d052a7d0c62fb0154ca1cde3c30dd26a0e7ffaf8e2ce8,2025-01-28T22:15:16.227000 @@ -282374,6 +282374,7 @@ CVE-2025-0910,0,0,5441c161f7257bb6355c09b7b0bb2df312d9b6c6d59e58e837649ec8c68777 CVE-2025-0911,0,0,b9aa939093c00e0782e255aa47e49c2cf1d4559eb848b6a9c47f1e00b8bd8fad,2025-02-12T19:00:17 CVE-2025-0912,0,0,101de2beb23fbf49c10b44c5dcee63010fdc24170f54978cd272380a07982b45,2025-03-05T18:30:11.560000 CVE-2025-0914,0,0,42678a20c4dc452af9f91c4b0ea09c3e290aeef5b5759975f5d9768b3a81d3dd,2025-02-27T16:15:38.237000 +CVE-2025-0915,1,1,25398d6665daedfbd65f5277e36627e5c8635ac32552077f174d9f200ff4a8c7,2025-05-05T21:15:46.970000 CVE-2025-0916,0,0,b3e2dfc1a782ae4e58fd745e6dc8ce9f3019ca5ca64e71e978c066cc4fb2d49f,2025-02-25T20:19:48.457000 CVE-2025-0918,0,0,4227989e3d35097382e4bc473e8d6b90f5c37e9be43ac707cd1a7bd79f7110ab,2025-03-05T21:37:41.217000 CVE-2025-0919,0,0,f3c40a8c3e9859b98dc4dbb233022019405b6bb3a32be39636bc5e978bd23a1b,2025-02-12T17:15:23.357000 @@ -282428,6 +282429,7 @@ CVE-2025-0996,0,0,61dc4950816d8c0d04b00f936aa459046b15c240b3d37a7c085dc3d8cd03bb CVE-2025-0997,0,0,f250613d1f182ccf1575738db5199f92c19b7419ec251933ec6b859043eb1fc7,2025-04-07T19:08:04.843000 CVE-2025-0998,0,0,7bd42e251687d39d883712104c9eee494ec67b567b03623713d2e55ab05eccd4,2025-04-04T16:15:18.013000 CVE-2025-0999,0,0,603984de7512da140496f2860c5b0cc73c510ea40c341ebb00613187787e0649,2025-04-07T19:07:22.060000 +CVE-2025-1000,1,1,faa6e1366e1ad4486fe7aadb8cedf7ebcb16170b15b6a000b30ca857a9855355,2025-05-05T21:15:47.120000 CVE-2025-1001,0,0,25822520434c0eee757567b9ac3c60dedccca12f67ad7f4e0649410902d4f3cd,2025-02-21T01:15:09.533000 CVE-2025-1002,0,0,8a0ce274a6014852624cd98f4510a2359e65674ca94a8883697c40c60509bb23,2025-03-03T17:24:28.480000 CVE-2025-1003,0,0,6637ae0e206322756cfeafb7e3ebdef919f97629dd73a22be7a206522532acca,2025-02-04T00:15:33.940000 @@ -282796,7 +282798,8 @@ CVE-2025-1489,0,0,3008549e3d2861f78796256b763f59eec371226dd4b84353f864c64443cf0e CVE-2025-1490,0,0,ca694494d0dce0e11f7d032902bc42c3f25408248f35d98dbdd9bce4841e9290,2025-03-27T16:45:46.410000 CVE-2025-1491,0,0,2c68d92a6f55bf529fa37ef19f65078661a466e3bd99edb0dd7d2a7b0419f292,2025-03-01T13:15:10.750000 CVE-2025-1492,0,0,18eddfd45128b6e844c0eb36d195189058a711c4b65e42f0f384f28d3f889292,2025-04-10T20:03:01.333000 -CVE-2025-1495,0,0,9022c8b3df10c4db126502bdf7b37fca2a259d8cbfe9ac0c622659a3e5599cf0,2025-05-03T17:15:44.767000 +CVE-2025-1493,1,1,310103e2e66efe3940cd50c9ca573bc8c7f3d91737723d06ea5474c1e8f6b512,2025-05-05T21:15:47.263000 +CVE-2025-1495,0,1,eb77f981cabe4efbe3dd172718fb9875f01d80ca92253d5063810e79b3d4459f,2025-05-05T20:54:19.760000 CVE-2025-1496,0,0,00b701fe7bc2e4f39ec7ac2812437dabb31dde7416d14a43308b75ca4d34e495,2025-03-20T14:15:22.920000 CVE-2025-1497,0,0,7d02ef7499053e50d8ad89d76099a7d293753bcfe1045929e1a08d34bb3acdae,2025-03-24T18:46:13.367000 CVE-2025-1500,0,0,9fba8c7345ac0b652c7325920a14000ed49f87273e0c5734dc50f1fa6cac69b4,2025-04-07T14:17:50.220000 @@ -283046,7 +283049,7 @@ CVE-2025-1833,0,0,a9d0cbabff71e7e9ef5d9bc0529ede3be006be7fde961ae12c41920332ce68 CVE-2025-1834,0,0,f820bda20e1e7a1fb2fbc97f90cb666c20906496299f828ebe420513fa79aedf,2025-03-03T20:15:44.740000 CVE-2025-1835,0,0,aee1b4a486da841c7db8143deed10ae556bf311d96bdf0dba2c0ead166fcb14b,2025-03-03T20:15:44.867000 CVE-2025-1836,0,0,e55d8c1ad6c532ca23d15111c1e742b84846f7f3c67ac8b9d72b2a3b7fffafce,2025-03-02T23:15:10.993000 -CVE-2025-1838,0,0,4bc61eb4cc0cb097ec068380a259e2d958c1d142c817d893936278abb85ea289,2025-05-03T19:15:48.607000 +CVE-2025-1838,0,1,c53eb69ef96a5fe2305ece0f2cbbf93f285af0fa69ad3bc447aadc10cbe1cb8a,2025-05-05T20:54:19.760000 CVE-2025-1840,0,0,b4438c2b4152145fea4bcfacbb830c193fec082648ecc39928100b759a441887,2025-03-03T20:15:45.073000 CVE-2025-1841,0,0,a640ad368332bd3d3cbc149a3607fb3cceca241dd6d59a119c0d42ff0d2ac1df,2025-03-03T20:15:45.197000 CVE-2025-1842,0,0,7ccd0ad08d0d8734df889044267fd3c6cfe4c03c4a27d4282f875e8799119511,2025-03-03T01:15:10.023000 @@ -283089,8 +283092,8 @@ CVE-2025-1879,0,0,9355f40d37312caf9c5221593203bac7c55019bfe92fbf4f954648294a4aad CVE-2025-1880,0,0,cc844a9a059e54c6839bcf63827f508bff1844fe6930a0e929d2d05e3fccda9d,2025-03-05T14:51:33.507000 CVE-2025-1881,0,0,95dec5d65133cd6781028029fb9e1825e9b380a1b235ead1a18388896a7a8017,2025-03-05T14:51:17.733000 CVE-2025-1882,0,0,775520acab9f4f6d6b04e782470e86873cd7470ddaa1607a687283b01b16d46d,2025-03-05T15:18:54.127000 -CVE-2025-1883,0,0,e38e31d7fb9f685ca92511a0c9783e5f473363856fd17c332b63a43802d2b6f9,2025-05-02T15:15:48.317000 -CVE-2025-1884,0,0,9629849105bc522309fe84eca1f5c2ac14c9efdb54ffd690cffb03b1b2ac18ee,2025-05-02T15:15:48.440000 +CVE-2025-1883,0,1,6a2d764a08e44a8c4fb1b6bd8dd558c6379d01e96ec04704b6b6f5784af5738f,2025-05-05T20:54:45.973000 +CVE-2025-1884,0,1,87d6b03f43f977bb4739073c9f53c07ca01848a8b0d46f410aeff41be8d13cf5,2025-05-05T20:54:45.973000 CVE-2025-1886,0,0,eaf754cdcbd76e594498445e8a183b18d76e578c86df9a4473db58eab68b36a2,2025-03-07T11:15:15.843000 CVE-2025-1887,0,0,bddc21bc05d4cae4f660040038124541d0467cb3a445afa630affaed468d397e,2025-03-07T11:15:16.040000 CVE-2025-1888,0,0,3e8d1790cc44ab743ef758fc86281d2612ee29c3437c97526832c9d31e18e0b0,2025-03-14T17:15:50.807000 @@ -283113,6 +283116,7 @@ CVE-2025-1904,0,0,f1403f89463521fa6ecf20ea0b63150d28c96f5825eb8230b39ee2a81e24b3 CVE-2025-1905,0,0,2b4eb6efb4aab05c0b5f79955f2e8fa7379c3a611db1f2d5266246ca15810f0c,2025-03-06T12:21:06.503000 CVE-2025-1906,0,0,25be12853bbdada8a0f0b6f9783f2e12a1ead904ee5fe2efcc8d708d8d5a84e0,2025-03-06T12:17:27.613000 CVE-2025-1908,0,0,54102afe78dfd9ba90dde1515e764f3bc5ce380e066d2c9a94226102b5e94ebd,2025-04-29T13:52:47.470000 +CVE-2025-1909,1,1,646a96b935da62e606d23d79b49a10c87e851943d6b91d49abe33da295d46586,2025-05-05T20:54:19.760000 CVE-2025-1911,0,0,2e91c6b1d959cb6ca722089184997cbda20efda4aa5d2ef28d2794cac01c676f,2025-03-27T16:45:27.850000 CVE-2025-1912,0,0,49337feb908734040a0bfa95da816c69dae3aab8883429d3fccd45a08a1fe10f,2025-03-27T16:45:27.850000 CVE-2025-1913,0,0,ed75b3f8cfdd5b59fd97fd4a85114e92d8be81db43677a0c3ee67ea91d3bb9ec,2025-03-27T16:45:27.850000 @@ -283180,7 +283184,7 @@ CVE-2025-1982,0,0,b96ad8a83f923b799cc570f3488da675b0956e143ef201a1833f6d944c9c56 CVE-2025-1983,0,0,b00a7fbfc7e72efc3071430d1c49bb16299e59e8ab10971b7b91d7f6d942af27,2025-04-16T13:25:37.340000 CVE-2025-1984,0,0,9c3841609345cdbc038774b45498dc390a4f9eba4042b93fef2b069dfe449491,2025-03-14T18:15:31.507000 CVE-2025-1986,0,0,5f28ac8dabb696f579f028bc6c921df319afb14f50bb950b8197d2628a16f698,2025-04-01T20:26:11.547000 -CVE-2025-1992,0,0,f83908aedf28a2a05ba8d97ecb331932c6850029139120625beb21422beb732a,2025-05-05T17:18:46.867000 +CVE-2025-1992,0,1,a4ffb5f376cafca273fe2db05ea19e1854073a06cb1784a96f517fa80d288c8b,2025-05-05T20:54:19.760000 CVE-2025-1997,0,0,2320e8fae7a90840d951f0ca1bf029eb0495106dea7a57ba1224c981543ab87d,2025-03-27T16:45:12.210000 CVE-2025-1998,0,0,3538634182b2dcc45e8bb62709ffff36cc782093b83dd33c724b80bb29d5b1ec,2025-03-27T16:45:12.210000 CVE-2025-2000,0,0,c744a04801dcef754276dff40a4c1297d0ba396540500fda4355fbfeeb2bc0f3,2025-03-14T13:15:40.907000 @@ -283375,13 +283379,13 @@ CVE-2025-20661,0,0,f62962e9996c25907c5dd2d9f228505030ba0c85cf3fb77b1ba46ec8dc3f4 CVE-2025-20662,0,0,12aa5c5a0a2a4254a5cd5d0284932b03688b985d4a6e164fb473eeea68ae8941,2025-04-14T16:31:19.480000 CVE-2025-20663,0,0,596335f6a6120390f38a326693e2ad25807954564d3cf32daf45c2adaccfa901,2025-04-11T15:57:27.597000 CVE-2025-20664,0,0,4219106895903f3d40c45e3fe22a99bb379c7467ce7ddab134c6f372463f3577,2025-04-11T15:52:40.517000 -CVE-2025-20665,0,0,12da2aefa0f83b46d96cb1beb84726a67d17a958d02826205cf49ecefcaf5fb5,2025-05-05T03:15:21.803000 -CVE-2025-20666,0,0,5eee9d4fdcea42448655df7cef276da3e3abfcc13d1cc34d45a9e4c625b5da6c,2025-05-05T03:15:21.940000 -CVE-2025-20667,0,0,dfaa20266fcbf41e98440e08a29a4476ca3137298f3afebcb9f96ce977a7f9c2,2025-05-05T03:15:22.053000 -CVE-2025-20668,0,0,53f16d6b05faaf6a433b44008152d10194e41cf2c6a4b621d573b5be83b859b9,2025-05-05T03:15:22.180000 +CVE-2025-20665,0,1,9d35ed640dc76e38b23ab02808829c25fd85cedebb151cfa4d471ce3bfa12552,2025-05-05T20:54:19.760000 +CVE-2025-20666,0,1,6f5a72a061d0e3c997c0653308e23c36573c4aacea1bc0ef26ba79214920fd74,2025-05-05T20:54:19.760000 +CVE-2025-20667,0,1,5cee0f33e859b4d5cdafec022b2d3aa4ef65104fd3e540881d9dc56411290862,2025-05-05T20:54:19.760000 +CVE-2025-20668,0,1,a867365c8037c39d60b0228b685b6789ac1b2780a099ff4d552ba34eb2841346,2025-05-05T20:54:19.760000 CVE-2025-2067,0,0,793f52124f0b19963eac1a70db7334683702f0ec755d439c1d08e793cead16dc,2025-03-07T05:15:17.527000 -CVE-2025-20670,0,0,86ee25538fe6a3413d57d554319539f441b83befa3bda63707158ebc0bffbb84,2025-05-05T03:15:22.300000 -CVE-2025-20671,0,0,96c7c646fadf0b422fd69e7bd5e63a28b8c479c7e78b2183ea647104e70f46b4,2025-05-05T03:15:22.420000 +CVE-2025-20670,0,1,8aae8eccb4b75ec4cfb6041c80e070a56063851b939d98964f5e486478f7b20c,2025-05-05T20:54:19.760000 +CVE-2025-20671,0,1,96a2ca9eabe76098f6dd1c34c44bb7faf2c2cb97a192f8d02e37df06fdc57e9b,2025-05-05T20:54:19.760000 CVE-2025-2068,0,0,caea7b6972516a21e1fb4cb2f8db6e455533cd0aab201f39e697eeb619aa0bfd,2025-04-29T13:52:28.490000 CVE-2025-2069,0,0,3be67bf54f8ec61314fa1aeec7cad10107ab60b66fe6d57dfc7b2068092e5954,2025-04-29T13:52:28.490000 CVE-2025-2070,0,0,aa6c57d00653559715f3617271164e399083db51bc42952895ad83bcf08a7d15,2025-04-29T13:52:28.490000 @@ -283917,7 +283921,7 @@ CVE-2025-21569,0,0,5df0154e36384276f1807ec7f051b457b9528fd8420a266b3a9f61e681a5e CVE-2025-2157,0,0,5c6192ea5b2e45321f17a6fe2ad70d5b25d9e993a209c52e11c52f0c6d50997f,2025-03-15T07:15:34.930000 CVE-2025-21570,0,0,d3c65e90ec1a3c7352dc0d3fbf456c9010e6ed07fd68ebfe7d5bc1abd34c4279,2025-04-29T20:01:53.187000 CVE-2025-21571,0,0,1f59805e0fb04ba2d026ca95dab47004d4c21a30b54fb4631685adabba9a1aee,2025-04-29T20:02:23.943000 -CVE-2025-21572,0,0,695e1dd4b9da101487b894234bf2264ce0f9b6f6caaa1c712a7ea7476eaee4c1,2025-05-02T22:15:16.927000 +CVE-2025-21572,0,1,07d84c61a5f6b017d987136736c1b8023189322949753dd79f505090bc3ccd14,2025-05-05T20:54:19.760000 CVE-2025-21573,0,0,f7ca6cc1d6e801d28dc054ad1f8f01fe9d3a6dee28dbed8b082c00e19fbad719,2025-04-17T21:36:01.050000 CVE-2025-21574,0,0,b1cd3f454841971a3ea1e113ae25966537de4fd045aa9ee5ea97d7cde6b424a2,2025-04-17T21:35:46.023000 CVE-2025-21575,0,0,ca86d079613712017dd5c83ea4065b8a47b19787b4271c97df7beb66d37db291,2025-04-17T21:35:38.430000 @@ -286809,7 +286813,7 @@ CVE-2025-24972,0,0,2bfeab49fb3f39eb9e65ce9ece026906b6d6d88216e33613e47c2e76c1f0f CVE-2025-24973,0,0,4e0ec487b13ad29adffd9e40afc6f86ee9194b71c6b3a7da9dc820821aed9598,2025-02-11T16:15:52.020000 CVE-2025-24974,0,0,214e30f9ad1dadb8e549793c24ba043d3276d9cc0ee2f6629636929f8ed1e7c0,2025-03-21T15:40:04.130000 CVE-2025-24976,0,0,d3c2a0ec7f5c1f646ba24311fc47878f0806891920501766ac3a68c935b89720,2025-02-11T16:15:52.163000 -CVE-2025-24977,0,0,b8c30c75471b339887ae4e5f710aed9cf4f98d46b106f8c35027e241c9c7e1c5,2025-05-05T17:18:47.397000 +CVE-2025-24977,0,1,8bda1dd3e53af1316c4982c342519d24b4a4f60ffba3176a64661996cc6c9d9d,2025-05-05T20:54:19.760000 CVE-2025-24980,0,0,a17fd16fc181710dc23e803283e1d6d1f933f1a8ebddaf620892759c050de87c,2025-02-07T22:15:14.617000 CVE-2025-24981,0,0,53e7b164e1e8344d44125c41e4616160d5eab5393458f601a78911be7625504e,2025-02-06T18:15:32.847000 CVE-2025-24982,0,0,bb2e7ed21733f592bc39cfa057a56b08d6aa180f6c36351b70c6f04a2bffef43,2025-02-04T05:15:10.543000 @@ -287100,7 +287104,7 @@ CVE-2025-2543,0,0,e89290715b7ff44fef4dfaed136aca0776aa85b6a60156361d49a21cd6e637 CVE-2025-25430,0,0,50260f923bd873de4abd7f0df967d0eede640f192673faf640418e3d9b47a728,2025-03-04T16:15:39.763000 CVE-2025-25431,0,0,6493b573a6bc4f77e64c4c34f4cdf2e4b7b95c4c86320184de47aad5a831415a,2025-04-30T13:55:17.703000 CVE-2025-2544,0,0,61f3dad808e2359bbac367a26f479ab656345326f5e769e424e5a0af4077faa5,2025-04-07T14:17:50.220000 -CVE-2025-2545,0,0,db3af2f95a403b230c1f16c83491fcdd9f9b57b5828c91ae35c10175ea775766,2025-05-05T12:15:16.170000 +CVE-2025-2545,0,1,fb878cf26daa22f8b95c50000f4782f0b401ec11207f6576645cfb0376bda665,2025-05-05T20:54:19.760000 CVE-2025-25450,0,0,e3ddffa39d860b594bb74ab98ef16e7416f14ecc887f5721e7943e1b1d73ce80,2025-03-07T17:15:21.640000 CVE-2025-25451,0,0,4c60686324e8dfbebc3bac09932f9dca9715cd901e8b055c1d7eb1acd46fa78d,2025-03-07T17:15:21.803000 CVE-2025-25452,0,0,f8ac00e705c69600b7bd756ffd6640407ab44891503ee6108f0e991980324498,2025-03-07T17:15:21.947000 @@ -287131,7 +287135,7 @@ CVE-2025-2549,0,0,81bc1419bc2ca032b7d3a3129fa4aec6b83ee02f25c21613bfc61816baf003 CVE-2025-25497,0,0,342cc8c3073c7b4fb963ce6919474125872366956f79f35d55abc4517740c1dc,2025-03-07T20:15:38.013000 CVE-2025-2550,0,0,4a61e93674e502a8c0bed02381936602716218efa1f9f7373841b1b6041298c4,2025-03-20T17:15:38.903000 CVE-2025-25500,0,0,95e8030caa1744993dcffd587771b6fc47c54882af19cac8227239517d6e0133,2025-03-21T17:15:39.243000 -CVE-2025-25504,0,1,4ba88a84ebfb0c13b1bb83fc7dd5aee921df4a801b05dcb6fc7229b3c9f3e77a,2025-05-05T18:15:41.100000 +CVE-2025-25504,0,1,fca621c33cfb7124783fa951e6837cf922750719efead8b3b4a06f77c6e98aaf,2025-05-05T20:54:19.760000 CVE-2025-25505,0,0,e9c1c4e7fd17d69fb175176fd0aebef11f3e6fa5ba62e87e57c2aa8b17ea4735,2025-04-10T13:37:15.333000 CVE-2025-25507,0,0,99fcc628e72eaef3ab2758be4c7c5d9b6fb666ee1ec31a8fdfbf52e5a6e3d4f3,2025-04-10T13:37:05.443000 CVE-2025-2551,0,0,70be67e63aae83c04048736ff89759931da9700ea07f97a5f0016d4208b5a4fc,2025-03-20T17:15:39.090000 @@ -287416,7 +287420,7 @@ CVE-2025-26216,0,0,fa35563faa6505245c7f05bc4878e14310c206fdd07c5771663544280eaa7 CVE-2025-2622,0,0,939dbf3f462db5138e7efc1c25b4df44dcefcad147219dc69a16d470f7cab4df,2025-03-26T18:38:53.113000 CVE-2025-2623,0,0,3ab5fa7d579e15ca810445905623b237691afeb5371061b93ec95908d3457f2d,2025-03-26T18:29:45.483000 CVE-2025-2624,0,0,46e23f80f2c9d13a382050fe05c6fffb0c05ca1c0b64f7abbda428c5ccf88ddf,2025-03-26T18:26:27.147000 -CVE-2025-26241,0,1,ea97d4fd216d181b0fbc3d570bc034a65300ad784211abd4ba8eca23db78c992,2025-05-05T18:15:41.570000 +CVE-2025-26241,0,1,bfeb053d13eaca9b509caab2590914ab087d8d8885782ac04b6c6df27c27f6d2,2025-05-05T20:54:19.760000 CVE-2025-2625,0,0,a69b2a16e33cc77b4a32fd1909039df09919db2fa3840e12d206a48632ea57ae,2025-03-27T00:36:50.850000 CVE-2025-2626,0,0,ea2dc4024c9d8147d3035ca3c15ae2949d9c2178dae7d68cdb58dcfe9202c964,2025-04-02T14:42:26.510000 CVE-2025-26260,0,0,d87498df9911f6ec3fcf716c1acf728dc302a17a13c2bad4d77a68a80619f6a0,2025-03-19T19:15:46.987000 @@ -288058,11 +288062,11 @@ CVE-2025-2719,0,0,aab61dbd321f094053bdc03116bddf17d81ea49d4be45c3ea7db49b33c86fb CVE-2025-27190,0,0,f6f93c1a2aea709128307aab4dd8f7522a1d7f29cb3bdc0326949ea46ad2467a,2025-04-09T20:02:41.860000 CVE-2025-27191,0,0,4f5df9b8c88675a85a7e789e6b2d5ccdb0b9a9567f661f6a44fa4181c1411c1b,2025-04-09T20:02:41.860000 CVE-2025-27192,0,0,1b90b1b7a7ab4ed5119a3d35c794c4de9f8c839b7d2d708b8887e2e334fefdec,2025-04-09T20:02:41.860000 -CVE-2025-27193,0,1,4e42a828e2835b4221f0b07f1de24d3618582314d7cfa99f2bc50fa0a57052ba,2025-05-05T19:13:52.733000 -CVE-2025-27194,0,1,6ee940c8d8d06dd83943cf311617077cfb638f79f757651e87a4389a7020b2fd,2025-05-05T19:12:52.850000 -CVE-2025-27195,0,1,fbf8eab0f95214bc1dd6cfa4ce5ddeb7d60a4fca40e8301e181a61fc082a3101,2025-05-05T19:12:46.777000 -CVE-2025-27196,0,1,416e4d1299eb3bc24dc0be49a8aef8cf750997b5b7b3e1a5a65003cbdb5971fb,2025-05-05T19:08:58.717000 -CVE-2025-27198,0,1,9984dbdbaedfb47b8b9fd6855148838d0af5b15c405d6df887633e49c35e2aee,2025-05-05T19:08:24.377000 +CVE-2025-27193,0,0,4e42a828e2835b4221f0b07f1de24d3618582314d7cfa99f2bc50fa0a57052ba,2025-05-05T19:13:52.733000 +CVE-2025-27194,0,0,6ee940c8d8d06dd83943cf311617077cfb638f79f757651e87a4389a7020b2fd,2025-05-05T19:12:52.850000 +CVE-2025-27195,0,0,fbf8eab0f95214bc1dd6cfa4ce5ddeb7d60a4fca40e8301e181a61fc082a3101,2025-05-05T19:12:46.777000 +CVE-2025-27196,0,0,416e4d1299eb3bc24dc0be49a8aef8cf750997b5b7b3e1a5a65003cbdb5971fb,2025-05-05T19:08:58.717000 +CVE-2025-27198,0,0,9984dbdbaedfb47b8b9fd6855148838d0af5b15c405d6df887633e49c35e2aee,2025-05-05T19:08:24.377000 CVE-2025-27199,0,0,3736401b1512c6fb3bde76f2965756e9d8ec0b9f2beec166a39073d99c6fc493,2025-04-18T14:40:23.900000 CVE-2025-2720,0,0,9ae0525d8f85a05348d1159e71fc380adf3a8b9852bd68a0d6d2a49136b12cab,2025-03-27T06:15:29.720000 CVE-2025-27200,0,0,2d55459379d67dca2d0eb314eb2150af648e2a6572b027ee78112b380b949b64,2025-04-18T14:40:40.313000 @@ -288543,8 +288547,8 @@ CVE-2025-27912,0,0,607ba6a16d641d751b5df959275fc938490ced30d4e8e005bbdc21ac77f4d CVE-2025-27913,0,0,f2177e7fabb09419b96c97469c2fe9aa09d8b825af754be72e4ea907f64e0e7c,2025-03-11T03:15:40.027000 CVE-2025-27914,0,0,f279e908e73009eab2977a1f24fd2dfdc09b80866f9164398ffd96fb6fa013f7,2025-04-02T20:38:06.430000 CVE-2025-27915,0,0,cd099995dd55d9bf47b9910748dbe833f7620d7232f17e750972cd85ba2bccbf,2025-04-02T20:38:25.487000 -CVE-2025-27920,0,0,3bb3577e8bf22f57df7ac624bc8b66d9f62f24ea341c3f173371602b60150411,2025-05-05T16:15:50.857000 -CVE-2025-27921,0,0,db560c50783454a57cfbec52d6b6e964c1e0d3f72904795d2a8811020656d923,2025-05-05T16:15:51.143000 +CVE-2025-27920,0,1,c04be5c6d34666563085a81d7c71fd9bf16abce7c1c51d4067eef957d0f2f5b2,2025-05-05T20:54:19.760000 +CVE-2025-27921,0,1,94be5f928f59632bdfb4d48e0f4f6185f16112cc0a985a2cca7578e6dcde7639,2025-05-05T20:54:19.760000 CVE-2025-27924,0,0,4840c809271edb4af189b2d2219c4305e2093cdd10afd54a1be0c296547a863e,2025-03-10T23:15:35.280000 CVE-2025-27925,0,0,20d248e60598e5f95d1fae0ce2e564e286fc723b6dc1ad95ef277e933ed7ce47,2025-03-10T23:15:35.473000 CVE-2025-27926,0,0,55eb57ada8c72239b09d3012ac06f54ef846ef608760d35a348131200e00a4d9,2025-03-10T23:15:35.670000 @@ -288592,7 +288596,7 @@ CVE-2025-28039,0,0,1b599e06f5a4e23fe6fb163660d4bc70d995f8b2b9997fa65746d32955bcd CVE-2025-2804,0,0,05befb6a988325f06e55dd5b0c814f5549862889b3223abfcf82e08eebaa0244,2025-03-28T18:11:40.180000 CVE-2025-2805,0,0,880e5f81bed603812ce823b5a2b526104be41586e76c7f27af893f077e49d084,2025-04-11T15:39:52.920000 CVE-2025-28059,0,0,0b528bcd391ca7d8898ab4bd4553bb61f607c8c85b3fa32f1b18963847081036,2025-04-22T15:16:10.627000 -CVE-2025-28062,0,0,9a3391288bdd42b1a742bf5be1236ce749fa906ff82d65ca146cd8aa97ea765b,2025-05-05T16:15:51.310000 +CVE-2025-28062,0,1,d4bda8399e275e40e50a0e34bb80230202f68716bec5a9820b5ffd9cff4db6ac,2025-05-05T20:54:19.760000 CVE-2025-2807,0,0,f8faf57b374faab8743fa15c01545fe02708770c7c9d6b7c7888f61e54c92b92,2025-04-08T18:13:53.347000 CVE-2025-28072,0,0,9d11ce673db5bded08078d90348ac835537e426481654f68c0b7843b05bb341e,2025-04-28T17:38:00.493000 CVE-2025-28076,0,0,b06de1a60b2b58a912832fcc82a776940195b8e28d482a3c11c68d9bb16af3cf,2025-04-29T13:52:28.490000 @@ -288631,7 +288635,7 @@ CVE-2025-28145,0,0,f7cb8550c771e1ecfdbfb7b5a33b47f3e562fa1cb415f334ceae3bd2faf80 CVE-2025-28146,0,0,32c9b208c84d9df041320792b106820cf214078a35a3cb79372374645d1870eb,2025-04-15T15:16:08.660000 CVE-2025-2815,0,0,242155fff6e988a29170d3e8e0a0ff904f29004fb7975cc06cbc247a50a0c090,2025-03-28T18:11:40.180000 CVE-2025-2816,0,0,8918792d05d094d45bd0083e096b879f2d55fadf6ac4bf6b845b2b3a33bbcd26,2025-05-02T13:53:40.163000 -CVE-2025-28168,0,0,98c31977eb285b04b142b5a0359fb0eac56ad3919ac212b75264d5bfed78368b,2025-05-05T14:15:28.500000 +CVE-2025-28168,0,1,20484fe50dd2ba7bc5f81ae339cf246d779797fb372c0f24bd3738e9fc93394e,2025-05-05T20:54:19.760000 CVE-2025-28169,0,0,daded7404590ead49179714046cf4550734ad214e781473e5f10c5129c2c88e7,2025-04-29T13:52:47.470000 CVE-2025-2817,0,0,f2c71b94e67aca9d965323c14cd9650af88f4e7480e24b1b7222a49bf56e1bb1,2025-05-02T13:53:49.480000 CVE-2025-2819,0,0,38e9c36ae873a346ecdd7625eb6881a65dff946dea1e4d5fe1469a7230964dac,2025-03-27T16:45:27.850000 @@ -288840,7 +288844,7 @@ CVE-2025-29045,0,0,1963dc8d4038da2fbcb2fba081a2d74132412c687c5a7af4af339558b443c CVE-2025-29046,0,0,97c704d53eaab90ebd050fb706002e2d0c0d26d31e8336e6914769a779ce73be,2025-04-30T15:38:45.037000 CVE-2025-29047,0,0,ab9e56c52d1b5d7ce28982f238deab131b797a6e3c2a7fe7bd1afe31cde47f19,2025-04-30T15:32:30.690000 CVE-2025-29049,0,0,5d330c70d7d31103316e937aa271bd3496ea507fadb908ea97bf504a0ca30485,2025-04-02T14:58:07.527000 -CVE-2025-2905,0,0,e5e3dd1278ec76c1c074ad306d48fad60e90d22b25c4df0f131781af5e77e39f,2025-05-05T09:15:15.923000 +CVE-2025-2905,0,1,4e658b40e4673325cad88f5d27301325c733ab3811bf1fdb2bfe5209f1723eaf,2025-05-05T20:54:19.760000 CVE-2025-29058,0,0,6ac6c4fd284b5b5a087f6a926cf9eb9a9a9fb9393df6016a5d8572c632b81776,2025-04-21T14:23:45.950000 CVE-2025-2906,0,0,a9a7d8b41557888835e1c79dd2617916cc6b4f3c0d6d09861e305343a3b52d6a,2025-04-01T20:26:11.547000 CVE-2025-29062,0,0,cf634246124158ff6da279c0a25858fa36e0953ce98966a9f38c5cffd84c104e,2025-04-29T13:42:54.483000 @@ -288906,7 +288910,7 @@ CVE-2025-29312,0,0,a83ab0803d593b7408ef47819047a8eed47716c263e6e6784a866c9451353 CVE-2025-29313,0,0,36b5dfbaccdc259f2b52ceac76431ece1292ff6ced8c88ea82c0057012874cbd,2025-03-27T16:45:46.410000 CVE-2025-29314,0,0,68cd136edb649d9eb6aec698b8b31c836ad747d7f35cb5e1d05f8aa177ad8f88,2025-03-27T16:45:46.410000 CVE-2025-29315,0,0,f907f053863754eafc89ac11a469f54443f6b549eee8182288b1596f75ccbd29,2025-03-27T16:45:46.410000 -CVE-2025-29316,0,1,edbfef5d2b6ba20f5ddacf4404f4ebf4c89ebe5fca32750f4069bf616e710afc,2025-05-05T18:15:41.723000 +CVE-2025-29316,0,0,edbfef5d2b6ba20f5ddacf4404f4ebf4c89ebe5fca32750f4069bf616e710afc,2025-05-05T18:15:41.723000 CVE-2025-29322,0,0,2d154ec4512c8c4d705799afa2ea73c17ca8f22a9dcc44f2fe16f737f7f4c5a2,2025-04-08T19:15:48.650000 CVE-2025-2933,0,0,d2bf8266af3293189f2fc83d9c7224df7d9162ddc33d6ffbeb12c1b55081638f,2025-04-07T14:17:50.220000 CVE-2025-29339,0,0,37cf2a028a70e363b59096bf53fd42cd5e9f43c9e6d14e2e5b30f23715c8736c,2025-04-23T14:15:28.957000 @@ -288994,7 +288998,7 @@ CVE-2025-2956,0,0,12b742621d86c28d988776b85da597ef776ef6fe74e703c6823d14feeb258a CVE-2025-29568,0,0,c2149af8524fb3bb5f2deda1486a6eca7a6f55b031b635c8e3985de6f41d9933,2025-04-29T13:52:47.470000 CVE-2025-2957,0,0,d90251765154920d1060d5e6f1781980ec9f028972bb25184edb9ab3b3acf04f,2025-04-01T20:26:30.593000 CVE-2025-29570,0,0,ce09831559b48fe479ba4c5f9b34d0db4bbbbbf20068eb3ed4fe546923ebfe0f,2025-04-07T15:15:43.543000 -CVE-2025-29573,1,1,8849c1fce530e75c1b234edd508c56382db15bf8cb7621c6547c9d2a4c4c3971,2025-05-05T19:15:55.653000 +CVE-2025-29573,0,1,252cb3634483efd38a28d0662e2158cfff397752a8c4df784a2cfc60ffb00e80,2025-05-05T20:54:19.760000 CVE-2025-2958,0,0,9728ea5d0e1e0ffe03d484b47c7dc7d2f752fe0ff3a0cf460614ef3d0b6ffb41,2025-04-01T20:26:30.593000 CVE-2025-2959,0,0,57439d37e721214da77398b2206968b1ad6df0cab306317270d7e0fd15a79d3d,2025-04-15T18:17:30.903000 CVE-2025-29594,0,0,2f622bba8fdc6dc52fbb1c6d9cffd703149b20ba0389fb0df41fe5a0ef1aba15,2025-04-08T18:13:53.347000 @@ -289095,7 +289099,7 @@ CVE-2025-29820,0,0,223f69cb7aa416e618f5ad7c866eb63bda40ec0c9cf9ceddeafa5e17926d6 CVE-2025-29821,0,0,57290d71b86115397faca996957f3a29fa63d3c86cf935b4eb0d6a787a869fac,2025-04-09T20:03:01.577000 CVE-2025-29822,0,0,973881625f86d77ad7b53a903cab21ed1eb3049653ac5263e9d528e9fb666c55,2025-04-09T20:03:01.577000 CVE-2025-29823,0,0,7020e8f361c2e1051ff80b6673ee2bc8c14b1552e575c216beb796659e5526c1,2025-04-09T20:03:01.577000 -CVE-2025-29824,0,1,5242a2a74eb781ce41d684c0f59f2a21844b1e5434d0af82ba828676c6949e6e,2025-05-05T19:15:47.380000 +CVE-2025-29824,0,0,5242a2a74eb781ce41d684c0f59f2a21844b1e5434d0af82ba828676c6949e6e,2025-05-05T19:15:47.380000 CVE-2025-29825,0,0,dd1089d6ba2d2d522be0f60bdf7540a4d5154df3d6234df7f61c1c52ab900977,2025-05-02T13:52:51.693000 CVE-2025-2983,0,0,d31f69cd4a503a465c90bfed858cd3831ad229c0ecb657ddc75c62172e5f9155,2025-04-01T20:26:30.593000 CVE-2025-29834,0,0,4578a3b9050d36f7b5d401ef2cff9bd2a539c6ae9a0546aae8bc67b2af1fdb40,2025-04-15T18:39:43.697000 @@ -289396,7 +289400,7 @@ CVE-2025-30439,0,0,da2ca7ddbba55c6600a20f55dae4819460d11b882f4097a091f5482180051 CVE-2025-30441,0,0,0c04a93a6f174bf42d94b9b28150654c6cdebea87baad1c1bed2a17317c45cac,2025-04-04T19:40:24.640000 CVE-2025-30443,0,0,1fb67cce84049899c0c796e27ca3e5ee74832ab2e8e9be24196d4eab36479a77,2025-04-07T13:33:17.047000 CVE-2025-30444,0,0,7012499cc39e750a77057d8969c8b8cc9bf8b8609bf143b9cc39bc30fc25c076,2025-04-07T13:33:03.150000 -CVE-2025-30445,0,0,0b72e09c3f49f5861bc888bf33deb9bcb222f8c4d8336529bcc0665f19e3ecfb,2025-04-30T16:15:35.287000 +CVE-2025-30445,0,1,51ef91f2160a1dc800c5f463cfd7b9e405d04b66e76ac4eab6c1e8cb710e1803,2025-05-05T20:07:32.073000 CVE-2025-30446,0,0,981dffbeeed7b6d0a133a31354b5639e18efeb1f940bfa1a46bd0e35bafba0f8,2025-04-07T13:32:49.590000 CVE-2025-30447,0,0,203471f1d33c3097ff3e7033ccb86976a2135c3fac1bc3d6f9d9447f0c63a815,2025-04-07T13:32:38.797000 CVE-2025-30449,0,0,803f705e11846ad27b3daa6777d882e147b1edc94d42ae75dc7a301c5de3d9af,2025-04-07T13:32:19.277000 @@ -289961,8 +289965,8 @@ CVE-2025-31197,0,0,3398c0e8feb5507293c959674dbfa0a4b75f3b8ba43cb526b7c5a4336b7dd CVE-2025-3120,0,0,9369db34641ba283515729ba877bacc73b1ed0ebf559ba3490de54e6e6cc3ad7,2025-04-07T14:18:34.453000 CVE-2025-31200,0,0,a74f3af296b68c60f67b1de629944e384bb830a561ceea1f2a5727cedcce4f22,2025-04-18T13:50:15.483000 CVE-2025-31201,0,0,e7a89cad97e6db05e56e18d53afb0ef797d06486568ee4e0af2d0bab9bccd568,2025-04-18T13:47:59.890000 -CVE-2025-31202,0,0,43a5e362a39aba6180dc31a83803d7879a34dc058c8104911a5637f44b2bea1d,2025-04-29T16:15:31.030000 -CVE-2025-31203,0,0,38b7b72ee27cb388ab186d7c521680ef4f0fd17a74f66d12af10c39e57017b70,2025-04-30T16:15:35.697000 +CVE-2025-31202,0,1,3ecd0d77add2d84f0d79835e95e49a94c9e589accdbb5863c6bd37f956215a89,2025-05-05T20:07:59.807000 +CVE-2025-31203,0,1,b4dd46f64e252e7dee2b6e4e785b34065a46e842fe99f0583719bea8200b72fd,2025-05-05T20:08:22.600000 CVE-2025-3121,0,0,0fd3e4db6bab40a1114040fef4157a1f22168b8ff992c2ce90e1de325e42fd49,2025-04-07T14:18:34.453000 CVE-2025-3122,0,0,772110a5ff905b9e06974468fd4d65c9c80b3c7578e83c665aac7f3d07cf62ac,2025-04-07T14:18:34.453000 CVE-2025-3123,0,0,449baa99ae5f8386dedc8c93a29da0c19761ac9b25b48941a87f062412255d46,2025-04-07T14:18:34.453000 @@ -290262,8 +290266,8 @@ CVE-2025-31629,0,0,7feff55cf06b17a9b14d5e928a7330b9e036aea992741e33d5558d6e786b4 CVE-2025-3163,0,0,f532e36269cd7ed1c8c6fbcf53721ff1ab097db026b29755f65d36452625849a,2025-04-23T15:31:12.210000 CVE-2025-3164,0,0,f430347d00566ecabc1456225b754db04a6b786f314d5bbdf398f229ee8b6709,2025-04-23T15:18:08.857000 CVE-2025-3165,0,0,2e02105ce99f3564dd878406ce8c0b7835d84010bc4a7c0c3ba88c3a6192f2c5,2025-04-07T14:18:34.453000 -CVE-2025-31650,0,0,82a75dc1734977029f81172e0ae2e3bad77eaa6cdf9f5f9bcf68109363a80e4c,2025-04-29T13:52:10.697000 -CVE-2025-31651,0,0,e63f83be1992310ec799a441beb286950bfe28031ff7a91bd49958c9e04a8f0c,2025-04-29T13:52:10.697000 +CVE-2025-31650,0,1,8a0173e8f51e773391eb7c346ca9c82d9bae94aaf9822924cd81d40f430a47aa,2025-05-05T20:12:54.823000 +CVE-2025-31651,0,1,f92228e60fa6004051208b34e1e9a5912e7cc9f21d69363e0e00370390347d9b,2025-05-05T20:14:47.843000 CVE-2025-31654,0,0,c85615ab54233a158d1eec4ce7ea5a25d93d07293af602cf9b39c0b8e448858d,2025-04-16T13:25:37.340000 CVE-2025-3166,0,0,17028d9ea804572df4baaaae9408352ee57c738220a3aec0680e295f0ee3c81b,2025-04-08T19:54:38.830000 CVE-2025-3167,0,0,e58de6ed62e27cca62597484e5b404e43ba55291ae09b2f605cc65279611cd5c,2025-04-08T13:50:05.433000 @@ -291469,7 +291473,7 @@ CVE-2025-3576,0,0,fcfdd1e678fdad628e7417f5b3843fb736313985ccb3419de0d7118ddd0404 CVE-2025-3577,0,0,dfdef997e669866588ab8eb7c1ca73b6cf2cbe16fcb69f43d2b34abd27af8076,2025-04-23T14:08:13.383000 CVE-2025-3578,0,0,e13e840aaf0a24c67a679c44959c85bec14fbcb560caa6c65722eed662e1826f,2025-04-15T18:39:27.967000 CVE-2025-3579,0,0,6c0217c9a43a942438244f9ebf630b5c65085fd986d644363e1cb943f76ed2bf,2025-04-15T18:39:27.967000 -CVE-2025-3583,0,0,7299a2e3bfa9ccc76f4d8547dd6bc1911e8e69d4c59942bed45cdc8de9741c97,2025-05-05T15:15:54.273000 +CVE-2025-3583,0,1,7947abffb9e53a4baba625db1a68935144bd1d2cd5ea4b248fe8af41f99cedc7,2025-05-05T20:54:19.760000 CVE-2025-3585,0,0,a54288693643171c0acabc6ec95ab94f7327c2199882403bf0dab9c0f61422eb,2025-04-15T18:39:27.967000 CVE-2025-3587,0,0,766ca17a6eb8489be0c0c9a1346a82464f26020cfd84ceca7694920ed05f0f9c,2025-04-15T18:39:27.967000 CVE-2025-3588,0,0,da176b06433f826abfeb7533e116e8f1c0acf114fe10a330f45ab13cc6f35417,2025-04-15T18:39:27.967000 @@ -291636,7 +291640,7 @@ CVE-2025-37786,0,0,dfb9365f3f95a0b633ea1d49ea03d22c3cfb22dcf61af614e5de64fd33724 CVE-2025-37787,0,0,b524913b1d5ac48df07c4b8cc829369d8062bc11df477f17b189832cf4c1594a,2025-05-02T13:53:20.943000 CVE-2025-37788,0,0,83be39a53b1e0cf5a9c043d3f7d780a2fd9d1a83f525cef4659715020d1c6548,2025-05-02T13:53:20.943000 CVE-2025-37789,0,0,d2006e027ac457677e0845951c6b3ea55510106ca8b148321422c46576064849,2025-05-02T13:53:20.943000 -CVE-2025-3779,0,0,c7c819ddc14ffd56193f5819df9296e1f7449f81a3156bfb0b75f8f4eb3b61d4,2025-05-03T03:15:27.890000 +CVE-2025-3779,0,1,4b42d95c5a29fc17548d73ef9d1f68b026eabf0f2383883a949dfee6a89c6425,2025-05-05T20:54:19.760000 CVE-2025-37790,0,0,edad4793cbbae1a7e9a34936565c19f2ae9770b3a2367f14386a1c686759ad97,2025-05-02T13:53:20.943000 CVE-2025-37791,0,0,04a68d8b53b3c25fab1bb5be7ee644212baaddb8f63ad9033e80a81b582d45ae,2025-05-02T13:53:20.943000 CVE-2025-37792,0,0,94e8295b404c53f4cc3ad337c57f8622a79675bccb54ae6a016c936d1dbffcda,2025-05-02T13:53:20.943000 @@ -291644,9 +291648,9 @@ CVE-2025-37793,0,0,9e6910aad18657c47a7410a1072d795c5d706c71cf8c0e50b6b5a4599d1aa CVE-2025-37794,0,0,6754d7a634587cb009194a8f50edb6dc8531e07b4f77e0131ea9b58c7ed16925,2025-05-02T13:53:20.943000 CVE-2025-37795,0,0,5f43e8ceb755c5733fd8a35ddc7331855ed93d7583ae7af5b4b692f304a02d90,2025-05-02T13:53:20.943000 CVE-2025-37796,0,0,428030d0653a748175c71827ea4c9ae20b71774709349878f4ddda1cd95c0c1c,2025-05-02T13:53:20.943000 -CVE-2025-37797,0,0,fd425782a48b046881f128317728db45417b5f38b0527d9336a706a21c37dd5f,2025-05-02T15:15:48.557000 -CVE-2025-37798,0,0,068915ee94d82c87e0b618724118634cebedff326c7a2b7bd3db281318e4f527,2025-05-02T15:15:48.657000 -CVE-2025-37799,0,0,13d836ffb8e634552a0f93530fe22da4ba40718d49ac424248766b722cc548ef,2025-05-05T05:15:15.713000 +CVE-2025-37797,0,1,04c3b81aa43ea972ff03b205158e8c85815e069e0bd94bd11b701338b4fabaf6,2025-05-05T20:54:45.973000 +CVE-2025-37798,0,1,be48f42e78a97ee583b85d7dc176da94f31740373bceae27744ad0d4ea28ac30,2025-05-05T20:54:45.973000 +CVE-2025-37799,0,1,85f61eb961aa875297012e886cd9399d789a2f3f7c26e5abad0e51ed67e877ff,2025-05-05T20:54:19.760000 CVE-2025-3783,0,0,08564e7625cce7923d54746f30fbc8f13bf12d9607faa6a7346084b96420b3f3,2025-04-23T18:03:35.193000 CVE-2025-37838,0,0,4627751962794eed95b754bca312ed3f7d5516acc6a64aabcd85c08f967ca274,2025-05-02T07:16:04.937000 CVE-2025-3785,0,0,34d9097de5cddb801f390505cfe685b8a98c847bdfd442c3d9a27ba845f11ce9,2025-04-21T14:23:45.950000 @@ -291679,7 +291683,7 @@ CVE-2025-3808,0,0,c9d9b38c3b98d0e004f3d362b1c7affeec1437a2f1dff864304e4ff67e8ee1 CVE-2025-3809,0,0,b0f7ce143ffe6fc36f9bbc17873d1316b0e5d9337b65e2cd57e88fbec5f74a76,2025-04-21T14:23:45.950000 CVE-2025-38104,0,0,95fa066b9b297f0f71658bda9667ee4683e7719a8295e0ac6102597f6b2d67e5,2025-04-21T14:23:45.950000 CVE-2025-3814,0,0,11c279efbeec4fa23a54b22cf013841136b5f0f0ea6d94e898bb584de2240f97,2025-04-23T14:08:13.383000 -CVE-2025-3815,0,0,9adf16c4646ef2bf71ebf5665df071b14aed69121d3df64d5e1c011d1dac400f,2025-05-03T08:15:31.040000 +CVE-2025-3815,0,1,e6d6eafdf99072b79b824cef8fe42ba5009e89200a72e7566988b88e2d1ef899,2025-05-05T20:54:19.760000 CVE-2025-38152,0,0,6554c7473f6b6179493ded078859c0bfbf9661e041b4dcbfff31e86520619528,2025-04-29T14:39:46.800000 CVE-2025-3816,0,0,0d7063f065ed7a583101904f11408aabc0c0a375b6165150fa6a6202e87955da,2025-04-21T14:23:45.950000 CVE-2025-3817,0,0,d1d339a8b4a2a60b670dda015ec9ad8a209b25a85de9a75f6a155ea200a65ca1,2025-04-21T14:23:45.950000 @@ -291725,7 +291729,7 @@ CVE-2025-3868,0,0,e109e29b4a56b298e188d2d4af5984428468734c332a2ae4218688aa746fb7 CVE-2025-3870,0,0,5d27427174a3606bfdd389a0cb245ecba9bd450174244992e8a6859595ce8c31,2025-04-29T13:52:28.490000 CVE-2025-3872,0,0,26604960001ce7e7efc01090e0c7f3ace8c54075c9f64bec667f2f9d611a1cbd,2025-04-29T13:52:47.470000 CVE-2025-3874,0,0,5052c07981babad0a39098728b152d509935ca287c0f983ca99599a3792f62ba,2025-05-02T13:53:20.943000 -CVE-2025-3879,0,0,e186d5636519773339de92db123d68c5e49f15776f15e8d7a19230f5e4c55f4c,2025-05-02T17:15:51.273000 +CVE-2025-3879,0,1,d832e10f3f5a35fa6f778cb83701763ba1ca0a6464dece4429751c1aa0bef5fb,2025-05-05T20:54:19.760000 CVE-2025-3886,0,0,f9805f0706b699e818a837c8b7b69b045e46e370a62bab3d99d660c6876ebab1,2025-04-29T13:52:10.697000 CVE-2025-3889,0,0,34a11055d839157a86cf9ade07a0376430cd18400cd3619d72b556e9794d43ef,2025-05-02T13:53:20.943000 CVE-2025-3890,0,0,e5e4b4382f998706594cc11d64253db7cb5c9ceeadc6352d5a12a1ed9dda1d6c,2025-05-02T13:53:20.943000 @@ -291742,15 +291746,15 @@ CVE-2025-3911,0,0,2e6a3f0e2231d9173f37268e657efacc4fbc0e7463a9dbc8ada607731783d2 CVE-2025-3912,0,0,57d1aac638d5ebb58a5040fc8c1c81dae68dc606378b1f0b3ea535593bbf242c,2025-04-29T13:52:28.490000 CVE-2025-3914,0,0,39dc48efa45cfb63bb1da9177bab074344fac91433ba43912e542c027c8ca801,2025-04-29T13:52:10.697000 CVE-2025-3915,0,0,7ef07e3557a0599cd61ae2360c99d37066278383396fda2be6ec28859bbb442d,2025-04-29T13:52:10.697000 -CVE-2025-3918,0,0,78444e6a9c0a46715cf65bc19e5d16644ec350c792fa6f0430cd0c875f0221a0,2025-05-03T03:15:28.040000 +CVE-2025-3918,0,1,63b01e62f8046021d2f78807719fa3fd3623a650f7755e4a8a67c57ed80094c1,2025-05-05T20:54:19.760000 CVE-2025-3923,0,0,ee152c7f1a42d63e1ca21cb1c49adcbe2fb8c27f05521d2bf1672c2da0c26904,2025-04-29T13:52:28.490000 -CVE-2025-3927,0,0,9d4990b47789dce40b6ef7685dc00d0cccd4e67e2ae4c3634787a9e35c6249df,2025-05-02T16:15:34.273000 +CVE-2025-3927,0,1,d4bfb90dd661d386fa8251072be5a573cc74c06c166b8306703d32a46af6bafc,2025-05-05T20:54:45.973000 CVE-2025-3928,0,0,83a0809de1a0edc8dc4f4af3ed72246720b692a4958d733053fb98519a258338,2025-05-05T14:15:28.793000 CVE-2025-3929,0,0,2a38a98459a708cd9d0d1bae67ceef7cd34761c71e33edea585561657181b8b1,2025-04-29T13:52:10.697000 CVE-2025-3935,0,0,80d75d2841d93927d14c762eb28687b5d04ff0b86b4afd1b2a25489128931894,2025-04-29T13:52:28.490000 CVE-2025-39359,0,0,8cade7eb5a0a3d62159777effed30e36c7660bd8375986e1563b0eb49736a1f5,2025-04-29T13:52:47.470000 CVE-2025-39360,0,0,e3ef4918b977f5e26509cbbb0a55a7a5184edf27a50d85665934cc70b4a7df05,2025-04-29T13:52:28.490000 -CVE-2025-39363,0,0,9d3b24116f944f7f6d28397e0e869050d2fd95f6471f61dd7634c7e7f5a4daa2,2025-05-05T06:15:31.410000 +CVE-2025-39363,0,1,acab9f863de53030d6888c8fbbef0dbf17ab4126334488c91963374c6e596049,2025-05-05T20:54:19.760000 CVE-2025-39367,0,0,8ebddec06a10b3e67e56e184583e1e25afef738cb429f1fe22eebd3e00a9d85f,2025-04-29T13:52:10.697000 CVE-2025-39377,0,0,505758483289908c3e1bee983ec824402246c2bab78bb29478d4329c192b76b5,2025-04-29T13:52:28.490000 CVE-2025-39378,0,0,baf80807bc4b243f848ad6223ba5dc1be4eff755d86ec4da00a1437b58fe669f,2025-04-29T13:52:28.490000 @@ -291991,9 +291995,9 @@ CVE-2025-40364,0,0,e1468b00bb22572a62ec1b141065bed37efcb85f9368d87c29b0ce5bc57ec CVE-2025-4037,0,0,c2a9a7365cb7350487e335b4185abf1b7136e28443b7d38831abbd5f1a9ddffa,2025-04-30T18:03:09.867000 CVE-2025-4038,0,0,38a210925871d1c654ea27cb37bfed9e137470a281f3a51de05711986a25da1a,2025-04-29T13:52:10.697000 CVE-2025-4039,0,0,82997abe4f3d1a06f2c0c0c7affe39718ef0820c54c5fc54b87a7722e7f87a51,2025-04-29T21:08:47.950000 -CVE-2025-4050,1,1,9d9580cb63efda586d32a7741d5610080d9b624adf5eda92588b198684531023,2025-05-05T18:15:43.953000 -CVE-2025-4051,1,1,6a049f1730ea485fb3843cda294e60e264c1dd672287b68a7a622b906ff8bded,2025-05-05T18:15:44.060000 -CVE-2025-4052,1,1,190ac6278de39e4b4b4e64764dafccac52e5750c266b24c77fe1cf01392e945b,2025-05-05T18:15:44.153000 +CVE-2025-4050,0,1,b4ca4456c42df3ea93ac86c6f4ac8bd651af30752dbf84881f1cb13b40192177,2025-05-05T20:54:19.760000 +CVE-2025-4051,0,1,dfc33d8382fb1cdb2c2b43690c247279dcd84f5e2bfe13dfad1d6dafcf6d6b3b,2025-05-05T20:54:19.760000 +CVE-2025-4052,0,1,bf71c15ff9305b3206257f1c256b443433cac32b97a24a4fe78b1e742c7c71a3,2025-05-05T20:54:19.760000 CVE-2025-4058,0,0,74b024a331b737c7d4d1cea70429afcfc30724147895df3e65fb43e2660440cf,2025-04-29T14:15:33.893000 CVE-2025-4059,0,0,c9d8cc3abfe43ac51f5aca328d52d38799a820530a57978b2f812c9149356f92,2025-04-29T13:52:10.697000 CVE-2025-4060,0,0,a29e6a0d0d99c26e7b14b6dfd049b7091c102eda3969f836a2546338fe3ace82,2025-04-29T13:52:10.697000 @@ -292035,7 +292039,7 @@ CVE-2025-4091,0,0,25f04427dd7bedf2e847ce35fe61d63cfdfd5b2a4be0c2e7a6b98ca528e018 CVE-2025-4092,0,0,7edda83cfb806b2111333553f5300bf853ca9d13448e1a24fb38827c76bb9b4e,2025-05-02T13:53:40.163000 CVE-2025-4093,0,0,06473df3a2e6fa6e52748705347f8ae4b998f7a3443bb63d64f0fde6d6c89391,2025-05-02T13:53:40.163000 CVE-2025-4095,0,0,cae8e1c6358f7e063ff4b8cb5365d4cbb9a8d43b36017ef3b6ccb02f60becbc1,2025-05-02T13:53:40.163000 -CVE-2025-4096,1,1,bf203ad2caa2799320359f967e7482617f95e63d183456cbfe670b24f82ef093,2025-05-05T18:15:44.240000 +CVE-2025-4096,0,1,26271d85e58ae340dee3172db5f2f0f46f024005d36e112b5c904c5aded6f595,2025-05-05T20:54:19.760000 CVE-2025-4099,0,0,23a5906e0995ff51a9520902c8ae9b8ca729bde5178747bd67e75ca657502d05,2025-05-02T13:53:40.163000 CVE-2025-4100,0,0,58f0294ff38e16d00da486e2266b789b125accc2fb4d7c42c3fc7ae760ac305b,2025-05-02T13:53:40.163000 CVE-2025-4108,0,0,8a315fd614c824eb5100de0436658e39545d9e56579bd32d9a20b47d5c9b2361,2025-05-02T13:53:40.163000 @@ -292086,10 +292090,10 @@ CVE-2025-4161,0,0,3dc4f90c835dcb81a76cf75177dd744dab1dec86865dc7fa765c3f40dd90e1 CVE-2025-4162,0,0,bd7ee4eafbad385e1e351df319e6d6835cd1bab5b8f0b1df69e26a394c35b5ab,2025-05-02T13:53:20.943000 CVE-2025-4163,0,0,da56e3fa1e9129eee649295e8e1c7db9cdfbd905db8472ecb0f6e95a90aaaf2d,2025-05-02T13:53:20.943000 CVE-2025-4164,0,0,8a34f5d5bcf6e3d3a8ac7fd96d6cd42457cd135ba8780a76cab76fc110fd374b,2025-05-02T13:53:20.943000 -CVE-2025-4166,0,0,e3f57dcf82716d685569118e3c73d3c8b93af040f29e8d8c0f5a59e5577ccfae,2025-05-02T15:15:50.313000 -CVE-2025-4168,0,0,ea729c532c1299d471e40983d33ff9a83d8c9543368a0cbb8c27657bfe7922cb,2025-05-03T03:15:28.350000 -CVE-2025-4170,0,0,2c2a710677983f1b51692b46b1b5044af7873a63f0d6b4680c37752639d6040f,2025-05-03T03:15:28.493000 -CVE-2025-4172,0,0,d36c15f2e746ad6393d50cbb9112e3ebb506f0421aa43a5668ce963238e98c97,2025-05-03T03:15:28.640000 +CVE-2025-4166,0,1,5bfebbee34c2356ee039434bb4ac7a8705ff7fab6fe8d313f7df39c4661cee90,2025-05-05T20:54:45.973000 +CVE-2025-4168,0,1,a6468df4f7a2597ad76d3cb7aeb08566a4877cfddb2b3e40039e98441ddbce5f,2025-05-05T20:54:19.760000 +CVE-2025-4170,0,1,133573d3aa8594d19e56ffa6beff9d425ae43d2765fc46c0e41b4c599f9a4675,2025-05-05T20:54:19.760000 +CVE-2025-4172,0,1,6e2071d797dc74de0774e2626519ab67c844ff2b9fbe49e9ff0e7a7039192f36,2025-05-05T20:54:19.760000 CVE-2025-4173,0,0,bf481ba179fa77abaf7c10c7ea3a4798b4233f22538d3fe01f8beed112e81513,2025-05-02T18:15:27.400000 CVE-2025-4174,0,0,4581911a7ea3231d50f39b27f21b0295910b0e4a33aa4237284e4df7f599036c,2025-05-02T13:52:51.693000 CVE-2025-4175,0,0,21c0d7f4fbdaf89b9b7c5307a4ed4fa92b5522085932b988fcd1f4ac80a1a8fc,2025-05-02T13:52:51.693000 @@ -292104,79 +292108,83 @@ CVE-2025-4183,0,0,67a5de16ce0557419a0d4c5a8779137fcafe98528b5e767289610e99f27bbf CVE-2025-4184,0,0,4dd60fa815974f8bcedac29e071c69f0b2bed880c2b872672ebfd1b845ed20f9,2025-05-02T13:52:51.693000 CVE-2025-4185,0,0,495717b0784f3ba7b881e1ed7a54449fac9f054cdf430a0269043ae237c6bb06,2025-05-02T13:52:51.693000 CVE-2025-4186,0,0,cf7117de051d28597490cf9ddf2097252c0c24486f24a183472edb3785f69553,2025-05-02T13:52:51.693000 -CVE-2025-4188,0,0,5088fe013c792b1f96595e069d664f8c3a193c3b262718beefe00d319edcbc7c,2025-05-03T03:15:28.780000 +CVE-2025-4188,0,1,dae4661d96faab4b86b2442932d3ed4a7d5e86b7964e0bf5b5ad937c7ef62825,2025-05-05T20:54:19.760000 CVE-2025-4191,0,0,dcaac55d822628915f54d806c7a15db1c1bc0f4ffc2e5beda074dae096de3a69,2025-05-02T13:52:51.693000 CVE-2025-4192,0,0,66e06ad0dda5e5156070c3b0fab0530d8a62c7abb330afd5cfd77442fa61ae7e,2025-05-02T13:52:51.693000 CVE-2025-4193,0,0,8ab7d6a068e4ec767dc650c12a7e77f267bbfbfec8bd3bf0c98d3ead7816ab74,2025-05-02T13:52:51.693000 CVE-2025-4195,0,0,51783effc4ccb0ac890cda440d76f44c17423cb78c6bb422e3a1061984fa5cdf,2025-05-02T13:52:51.693000 CVE-2025-4196,0,0,d68521a62f66db6887e049a1e4fae1a290e42f6fdb39222b99ae3fd5cb96f9df,2025-05-02T13:52:51.693000 CVE-2025-4197,0,0,63d523c99e489842581a169bf80104bc82c8dcd37c61d6e4948d72615770ad6f,2025-05-02T13:52:51.693000 -CVE-2025-4198,0,0,94d742d4ad50c94b12be38b4d8ac15488ff08dc615a686563e295516aafffb40,2025-05-03T03:15:28.923000 -CVE-2025-4199,0,0,9629c5c8bca77c7b575ef8f5c95e2de45b1de11f288b06438b1e39ad68e78b9c,2025-05-03T03:15:29.070000 +CVE-2025-4198,0,1,e5602874b7c5cc6f9012651f4a60dc8d2e789373501ddfec072de22c80a74167,2025-05-05T20:54:19.760000 +CVE-2025-4199,0,1,553c17b65a2b6efd623dda6e1567d529495701f64dcb6b078b725c7f2893112f,2025-05-05T20:54:19.760000 CVE-2025-4204,0,0,b9df2a1e113f2262dc1922a48306035d7f1d7459c849de132b9aee720dbefb55,2025-05-02T13:52:51.693000 -CVE-2025-4210,0,0,af861b701427c03cc1825521a8f85486a15b444e199aec55a73933be4bb55862,2025-05-02T16:15:36.743000 -CVE-2025-4213,0,0,9422ab70029ffc8edda9a67c9aaaf9b104f2c99c9bbeb40f4cd08defac23c8ed,2025-05-02T18:15:28.160000 -CVE-2025-4214,0,0,8cee5e2c191dc5f7c39625764e80f36dacfe3615ac2ff5e798d6d9dcab815ab0,2025-05-02T20:15:20.003000 -CVE-2025-4215,0,0,06946e02eb92c6ad790e0cf7c1b28f402d6206c03a42c16676dc8b18e30cf8f8,2025-05-05T15:15:55.017000 -CVE-2025-4218,0,0,0f4ea4a1b065bbdda0bd2da4e8ba5ae4d91791731e16d9a75d3c3ab04f91d2b2,2025-05-05T15:15:55.140000 -CVE-2025-4222,0,0,d7e55c8bdf6a556e71c00ab53da641e383f5a7392abda11a90f9dd5f2800bf1c,2025-05-03T03:15:29.217000 -CVE-2025-4226,0,0,9f819de35b7715e56db80248d10b79fef538c6358ac0946b3a95bcb0c8229a7c,2025-05-05T13:15:49.620000 -CVE-2025-4236,0,0,b02b73d2178832a88f0069b14b0ab050d3506e4246a4c6b03a35dfdf221c36c3,2025-05-03T14:15:16.360000 -CVE-2025-4237,0,0,b8dfb524fe6a3cc945f250dd88926768b7e86e7db972e69849a5847496c728cf,2025-05-03T15:15:46.190000 -CVE-2025-4238,0,0,8159de3399b6ac3e45ec65e0d9f2690cadc7e0050833ff85bb7b37dbd5e9d30c,2025-05-03T17:15:45.373000 -CVE-2025-4239,0,0,1f7e77a27bdbe1c1dd34b8c30b8371d164a7cfb5ede6187f8be8f7ac6716c856,2025-05-03T17:15:45.543000 -CVE-2025-4240,0,0,f26bf65514dd8c01d51b1f9fb8b60d9ea6fac4a8ec23574bceefd11ac00c996f,2025-05-03T18:15:15.907000 -CVE-2025-4241,0,0,b9a7a2be54fc788970e27d7aa11cd8be4bbc589b7f6f58b0a6c7b1661f0fb025,2025-05-03T18:15:16.087000 -CVE-2025-4242,0,0,a18e1f98cd095d87c40d74111ad793041b0163f20bf3618b9ca69660145ea961,2025-05-03T19:15:48.833000 -CVE-2025-4243,0,0,e0535a6a694c5ba1c5654b8e69a68e74071ffa502dc4b055cd4edc6bcbf6472e,2025-05-05T15:15:55.317000 -CVE-2025-4244,0,0,a5f2385463620ac1a725285377b5c5a8604b82d12fe2de5ba6fcf8ae100fc9a7,2025-05-05T15:15:55.493000 -CVE-2025-4247,0,0,a88f9feefb5d3c3dca5c0e86775f25553979c300497cb2b827aeceb56a2f08ef,2025-05-05T15:15:55.613000 -CVE-2025-4248,0,0,fb97712b125822c1646a7f82867acff1b75da448467f4d703d13266ffcd63987,2025-05-05T15:15:55.740000 -CVE-2025-4249,0,0,d31747f38e68f199ab53d1fe66543ef4d8c9ad2cd04e2e300ea5e49f2b1f49da,2025-05-04T07:15:46.510000 -CVE-2025-4250,0,0,86985e0aebed8aa40005de56bff217d887fc19a8d92dae3bd1a8c05066ef5a91,2025-05-04T09:17:08.230000 -CVE-2025-4251,0,0,9be76bce51ad4a4def0d0b1ba1022dbde65d442bae915e21b4e949e3e1992c87,2025-05-04T22:15:32.773000 -CVE-2025-4252,0,0,3a3ede34768f259dfc19c49ebd459910e8cf96fbb0eeaf40d76aecab0dc14288,2025-05-04T23:15:45.227000 -CVE-2025-4253,0,0,eb700f3ff597f1d4cde62344388ef60bc86a36b95a84e5ee8ea7695e0ec83d5a,2025-05-04T23:15:46.010000 -CVE-2025-4254,0,0,a50047622692b9d859d7852bac702655419f7cc4afc2d2eac1d731f2659bc1ed,2025-05-05T00:15:14.763000 -CVE-2025-4255,0,0,78403e2fd28a1c6741dd043adf5fec0cac79fee6ef014c28c523c170b97207c9,2025-05-05T00:15:15.660000 -CVE-2025-4256,0,0,8cf38ae7f18d9e1fe438422351dccee2d669aba2a8a23a0cfc7df7a467276d3e,2025-05-05T15:15:55.873000 -CVE-2025-4257,0,0,7697797d572603a4b43e82dfc2c17399e0afb1951612a29ef544469152f78b6d,2025-05-05T01:15:49.367000 -CVE-2025-4258,0,0,678599ffed8339ffc9301b7e98fb29ee2bbab82c17ce92bef538ede501f97c27,2025-05-05T02:15:18.480000 -CVE-2025-4259,0,0,4360e3e48ffe0a4f6494efdde6020a048eea775c81b2573d21663600a329ac67,2025-05-05T03:15:23.477000 +CVE-2025-4210,0,1,75198efe0de18159aec1a87785e7e16a89c8de06da580116a7e14d570aed6ee1,2025-05-05T20:54:19.760000 +CVE-2025-4213,0,1,dbf3842a40f1e76ed3ff1cc7aaee23edeb0cc2b8d93dc4ffd5f10a9fd792287c,2025-05-05T20:54:19.760000 +CVE-2025-4214,0,1,0f23d9b6f1648bfaf830dc7fec2c0a6b54f36621eea82d52871fa70f3bba77c8,2025-05-05T20:54:19.760000 +CVE-2025-4215,0,1,59d1024bfb3eb80aa05dbd498a6f0a87cab63497c07c3cbb3c681703a5949035,2025-05-05T20:54:19.760000 +CVE-2025-4218,0,1,2c49204cc3b286450f9a71e19a17dbb76984ced9134a20a4535356e38fc3ed60,2025-05-05T20:54:19.760000 +CVE-2025-4222,0,1,5b80e5e44541c8bbb9a8305751d3cb38068903a855f3d03631dda0159a93a507,2025-05-05T20:54:19.760000 +CVE-2025-4226,0,1,b02ba6b04717d9ad5b0486e6bffea514cd6d5cbbbba335753a1705d8afdd00c9,2025-05-05T20:54:19.760000 +CVE-2025-4236,0,1,ae20192ed148722eb9e36ea673107e84f90f7a11ab58c8a64625e3f81cf2c5ca,2025-05-05T20:54:19.760000 +CVE-2025-4237,0,1,308310b53bb018ebea6ff064d838a689ba0965567ea10e1f88bbea6db580787a,2025-05-05T20:54:19.760000 +CVE-2025-4238,0,1,95498da037abdbcc23b34fb8f7fa66a7ffa621e39c556dc0d2f074cebf028118,2025-05-05T20:54:19.760000 +CVE-2025-4239,0,1,f5b4e517985318fe06b80d88c1d5a570daa26e6a8648504b5b5fc26205ab21aa,2025-05-05T20:54:19.760000 +CVE-2025-4240,0,1,8bca81d0a61076cff57aa147a59947f2af003a0481fe3ee43383628ba41af7dc,2025-05-05T20:54:19.760000 +CVE-2025-4241,0,1,749a50066f9b31f832d6873e08a82fc8069d28a562078065cfe9fdc30941ecad,2025-05-05T20:54:19.760000 +CVE-2025-4242,0,1,c807a956c088bb0a0d3ea7d3ab10b1f675a4621c2696e144b237bd0003bb307a,2025-05-05T20:54:19.760000 +CVE-2025-4243,0,1,8f7c6098848bbf9bad8f630b2f307ababd32f2564ebd924f219b929c524bf46f,2025-05-05T20:54:19.760000 +CVE-2025-4244,0,1,0bc9dd37fef6d65daa07064f898b300cbbfb0b0dacaaf90efe60deb493eeb5f0,2025-05-05T20:54:19.760000 +CVE-2025-4247,0,1,0607d8160229ab92f3028b614b0cc431286804c858fbd940cb64380c3b4e1fb5,2025-05-05T20:54:19.760000 +CVE-2025-4248,0,1,e9d3c45ae0de7414a6aadaabbd2665a57ed678fd09b755b416cd9f59f1592135,2025-05-05T20:54:19.760000 +CVE-2025-4249,0,1,fabfbc07e9c471ba6ce67bd3fe0832b710a6f24776c45350b0d8e7361d6df1d3,2025-05-05T20:54:19.760000 +CVE-2025-4250,0,1,88577a90ec93ae980ed1d55a1600c6c969761ff421151a23c3d781e20ee8a33b,2025-05-05T20:54:19.760000 +CVE-2025-4251,0,1,8898852c5992d8e7a200b859bf580f42064d443e3c6c26d4b92fa8aebb850fdb,2025-05-05T20:54:19.760000 +CVE-2025-4252,0,1,276a0c6a373e89a8b9ff58867288ff2395bf4ac397b686d5ccaa88325962c669,2025-05-05T20:54:19.760000 +CVE-2025-4253,0,1,f9d818a23da5a26f0ee7a073c15067246f5d1a3f85496523f722ee0a2d51c9b5,2025-05-05T20:54:19.760000 +CVE-2025-4254,0,1,4bd17fa1ed7fc98ab681ff8631df971093f8e9a93c63f53db32b46f5168d7314,2025-05-05T20:54:19.760000 +CVE-2025-4255,0,1,13c096e87259d19e8cdb2788017817a85f19a8245bc13cfc75156e7423bf47ea,2025-05-05T20:54:19.760000 +CVE-2025-4256,0,1,ff41dd59b60bfacb8351499d595556128060c8e4da11c4021efa6e877d51478b,2025-05-05T20:54:19.760000 +CVE-2025-4257,0,1,ca1eeaed71bd944e5e3f6240684101c830f646d300a64c7a94f5dd1df1554dd2,2025-05-05T20:54:19.760000 +CVE-2025-4258,0,1,796ce2adcc4d180e362e2a202a13a4dd18c262fbe611e96372c314a17120612f,2025-05-05T20:54:19.760000 +CVE-2025-4259,0,1,6a1459a33b8e0aca76b75ac4e5c9a7a2f1e4c994986e9f8a451f9b8990219b25,2025-05-05T20:54:19.760000 CVE-2025-42598,0,0,4c400d87dc34a2b74819c41bbdd48bd1c3da0af3c35841d82c2177d30b1cb5f5,2025-04-29T13:52:10.697000 CVE-2025-42599,0,0,d39e065342929b05f2b0a2b6fd7615d0e3f6e7c2f605fdbeb3b3bb9e83f12d93,2025-04-29T19:46:44.310000 -CVE-2025-4260,0,0,01de372a930c06f0491e6f7de7a7f4cf7968888eced4f73287ad28e1857720b5,2025-05-05T03:15:23.660000 +CVE-2025-4260,0,1,b975ae58d2faf53c92176801fe08d87bc7dcd47e1c1ab944b9864ffcdf3ac1cf,2025-05-05T20:54:19.760000 CVE-2025-42600,0,0,a98a7820b508b5a8b0c7d0f0dd6cbaa5b07d1e37b05a983a49eb79024a0cd435,2025-04-23T14:08:13.383000 CVE-2025-42601,0,0,f4f189a0da2053c5ffad5165ce7407fdad3589baca263238f2b69d54247669fb,2025-04-23T14:08:13.383000 CVE-2025-42602,0,0,342563812386d17a8bb3d54aaa16730170ac3bc84b0785b841a3d936f82320ab,2025-04-23T14:08:13.383000 CVE-2025-42603,0,0,31ce532789fa63ac7a2d8faf1bb3e5cda0a65e9fffeee50db51b716d8e3c0ab9,2025-04-23T14:08:13.383000 CVE-2025-42604,0,0,269e14add61f0ada4a9741e4417e420b7143cd08ae91dfa03ddb730909085b1f,2025-04-23T14:08:13.383000 CVE-2025-42605,0,0,a1d2e9298e94871e6519bd98ba3f8c610d1bc3ffab9913f2e5f959d76940a79c,2025-04-23T14:08:13.383000 -CVE-2025-4261,0,0,f8550e4dfa7481968e464d118572a943550324a9ba234759825bf4aea925a29b,2025-05-05T04:15:18.970000 -CVE-2025-4262,0,0,06f0654b32b79fed36a4337e0492f84d460165276902f20b11980fcf52c49771,2025-05-05T04:16:17.080000 -CVE-2025-4263,0,0,137e3ab861dfefec72ecae2aa015d280510804cd8835db0da29e0360384c9fc0,2025-05-05T04:16:20.583000 -CVE-2025-4264,0,0,d996078a10028f8e8a8fe0087e86e82efa2298b31be74c16acf84aaca34ea331,2025-05-05T05:15:15.860000 -CVE-2025-4265,0,0,03fb90556b65979ac44b1bd35daed3745553c62e8d99e219939c94f2218e11bd,2025-05-05T05:15:16.060000 -CVE-2025-4266,0,0,6a160895d9c303703c668c98388ab465fa30d7c0249f636236b1687d68a29da9,2025-05-05T06:15:31.723000 -CVE-2025-4267,0,0,409343eb7b44df10143a7d638c1ac83f1e9c99bdeb704e66ca2680da3eb72b54,2025-05-05T06:15:31.897000 -CVE-2025-4268,0,0,d7aff7ace9b956cb58e8b96b53613955ec37be56f4fae590b7616f66a3dedd73,2025-05-05T07:15:47.073000 -CVE-2025-4269,0,0,e2311b72273c8b46f09502d544720d97d410109479b95f05c9f848567950d4d6,2025-05-05T07:15:48.233000 -CVE-2025-4270,0,0,9157f526750597c098048759b02d02e77018675548819e2f5114007e720ff2d9,2025-05-05T08:15:15.607000 -CVE-2025-4271,0,0,fe703aebab016cfa9484994c8ee2380801a9c825b53934e2145c5ec7a62d0266,2025-05-05T08:15:15.790000 -CVE-2025-4272,0,0,6301d184cf7e061ea599b1cd1c49765a2ed78e425f40c7a36c8dc08cb34c0d62,2025-05-05T11:15:45.593000 +CVE-2025-4261,0,1,92e495093e3b52edfa00ebc043de4d86f03845896b5ba6d7a7fd283799ad6eb4,2025-05-05T20:54:19.760000 +CVE-2025-4262,0,1,4e26643694e2525e0db57b0cc1333c89dd89600cf8455cf3d36d778c81de1f72,2025-05-05T20:54:19.760000 +CVE-2025-4263,0,1,ccce19f3c765a0fba5b2a101ea73cca077484bd9230c58ca5e2ef804a7844de2,2025-05-05T20:54:19.760000 +CVE-2025-4264,0,1,6c477a299a967a04c3cf982cb0242a620826675a436bf3eaf9d60e5cdbc73c4b,2025-05-05T20:54:19.760000 +CVE-2025-4265,0,1,82c1e45be872e2f0ee9734b69b1cbefefd950343526703b6df5f4534790dfff0,2025-05-05T20:54:19.760000 +CVE-2025-4266,0,1,7d263723b366648dd8cc19bed962d3384778ed75f47727815266aa42e5f10767,2025-05-05T20:54:19.760000 +CVE-2025-4267,0,1,59b15d64a6847abd39b3a73e5b43c9d6421c5ec186e911fce969a65025d11ef5,2025-05-05T20:54:19.760000 +CVE-2025-4268,0,1,0225caf56a80000742718d09d25aed8a0e2953e59214f1be9ec807f16253a71a,2025-05-05T20:54:19.760000 +CVE-2025-4269,0,1,b3fcda18bd01b8da5cf6124f5a2cd67044955580ec2b5258ebfabca958fd20d8,2025-05-05T20:54:19.760000 +CVE-2025-4270,0,1,0016efb54f35534bb1821d52e07a3bb35be1fc4baf56a02359a2163cbbd0aa48,2025-05-05T20:54:19.760000 +CVE-2025-4271,0,1,1e42f9a91f46c8f1b5d3a461ab437a0ad07fbb3f4dc0e7e6c3af50fbe51716eb,2025-05-05T20:54:19.760000 +CVE-2025-4272,0,1,03ff047f7dd551c18b1a43bee5877489fab1871c5289ce9c9d307f362f1d7af9,2025-05-05T20:54:19.760000 CVE-2025-4273,0,0,30513e1edc3f48937d8031e4da5082aaf23e8e7c6784fd5493bc847cf717c492,2025-05-05T03:15:23.837000 -CVE-2025-4279,1,1,594358360ff7aab8e80ca71f9feb7c87d7fd59e29407e79f3984801ddb252ff6,2025-05-05T19:15:57.477000 -CVE-2025-4281,0,0,06ac410768d0f783ebd76b93b4007052d87f4b706d7b21914b64c6e91006ba41,2025-05-05T16:15:52.560000 -CVE-2025-4282,1,1,b8aee303133c4ef18534464ea4c315529cbc8fb084685929559c4d915771f0d5,2025-05-05T18:15:44.350000 -CVE-2025-4283,1,1,242014d637175c36f595321446fb97de154b28d82e13cfc00a074eb6850407e0,2025-05-05T19:15:57.687000 +CVE-2025-4279,0,1,619589126c1a12cb1bf767de9b2523bcefe57d75c72b831c976a3b0b0f0cd892,2025-05-05T20:54:19.760000 +CVE-2025-4281,0,1,4c4cbc6c5b9e57a0b43efe3aabb2efba8f29ced479a08b6509245da483d46b22,2025-05-05T20:54:19.760000 +CVE-2025-4282,0,1,11c013d33dc7d8002b85577d10eb6796036bd6c7774997ec672e586b4a4941a6,2025-05-05T20:54:19.760000 +CVE-2025-4283,0,1,493b1e544efd2448aa3ea73001061769be1a0cda3b8271a58f876cec2ff6ca8f,2025-05-05T20:54:19.760000 +CVE-2025-4286,1,1,bde0cd94b6e692169615ba63f6ec4b5fbdc79e46ca98982fb59b174b2f9768cf,2025-05-05T20:54:19.760000 +CVE-2025-4287,1,1,b950397e5897bf93cddc6d2d4944e73e34d552a1c6949b8326d96f45be8e7d8f,2025-05-05T20:54:19.760000 +CVE-2025-4288,1,1,910571bc82eb9356f3bc1a6206cc1afbb4734009aa004c2f9a70d5bdcdba7958,2025-05-05T21:15:47.410000 +CVE-2025-4289,1,1,5d53cd66651aaa3d64d9697194493509111a3a286cf8841971976a2b1e0d433e,2025-05-05T21:15:47.580000 CVE-2025-42921,0,0,fe45c9bf48d8b64b0cac9604dcc1ad3071452dfd7112cafe12dd9c33c82af017,2025-04-23T15:25:30.927000 CVE-2025-43012,0,0,f78eba67b396c6aab09f0e687e4ef58662e96b01c2404836843202e2dfdd4f0d,2025-04-17T20:21:05.203000 CVE-2025-43013,0,0,cea29fefbb7874147d20ca0439a948894c9ed92ca59da3ffe37724562ec07c4b,2025-04-23T15:29:33.910000 CVE-2025-43014,0,0,8c8e187893b05115834c1fe60888f6689d95da1f55e6603f1b98a0a40089dd30,2025-04-23T16:11:35.837000 CVE-2025-43015,0,0,e1099e2d690e6500afcce9f63f8d90a3ffca94e6d4b413f55df99246e9d63336,2025-04-25T16:30:24.887000 CVE-2025-43016,0,0,f2c72cd86df0dc4f466aff47f20427f717da38e7cfd3bc2cf6bf3e8b276a88fe,2025-04-29T13:52:28.490000 -CVE-2025-4316,0,0,b5ee414db954cba5ade409f660d3e347fa52dbc81fef989b6028cf5d48f17797,2025-05-05T14:15:29.930000 -CVE-2025-4318,1,1,1b7800defba2195c1e938f772dce1ef41f8216f10dd777ed056e511b6e36dbdf,2025-05-05T19:15:57.847000 +CVE-2025-4316,0,1,24c044bb41b9eae49511d240a09d718a7ae39c21518b82d962f42919e70aed71,2025-05-05T20:54:19.760000 +CVE-2025-4318,0,1,07e30dbd13ea98560a7383c89d913662e5e8cc0ebe320bf2f95ada0f060c693d,2025-05-05T20:54:19.760000 CVE-2025-43595,0,0,639a97cf595df7ab33930e9fd17fe542d2f8123e314605b09346a74d940c7c9a,2025-05-02T13:52:51.693000 CVE-2025-43703,0,0,d6625a868be77b8d7893d215165a3a98f3361eec5aed450c8d69ce3a9dfaf391,2025-04-17T20:21:48.243000 CVE-2025-43704,0,0,e4a4f68c1c515be2555ad90b5dc0fde58f5ff1d76445660f48da718ee733becf,2025-04-17T20:21:48.243000 @@ -292184,17 +292192,17 @@ CVE-2025-43708,0,0,d38c003beeae09584e47fb48659652128bc4a5d2c5ae13da147de319358e0 CVE-2025-43715,0,0,16cf4954d648fd87012f5a88d33c7f63ff2347a1f446f7ec65261364d5ff03d8,2025-04-17T20:21:48.243000 CVE-2025-43716,0,0,46e196b7cebe918c47d365501f2795e249d7e7988400ad22c8c59469409fc554,2025-04-29T13:52:47.470000 CVE-2025-43717,0,0,9a5c2cc8033daf666161adde3c155f3dbd039d2947998bab4e09970ac87bf337,2025-04-17T20:21:48.243000 -CVE-2025-43842,0,1,6e61fa66253cb1d34ef9e431da19abd7509beb9fb7ff7e5fdee8739654456b31,2025-05-05T18:15:41.950000 -CVE-2025-43843,0,1,48bff9dcdd6d480fe50fbebc60d9a029e5d379334d7a95ef9519d001caad5476,2025-05-05T18:15:42.070000 -CVE-2025-43844,1,1,9366b6f92b74a3da0478f0286fcbe59c4628a687368bceb9b990b934110c288b,2025-05-05T18:15:42.180000 -CVE-2025-43845,1,1,4a1465c9f9a9db6a0868697320f5b0b58e3a186467aac4979edf4ca4dd29e5ea,2025-05-05T18:15:42.300000 -CVE-2025-43846,1,1,ba9751d159653f54684d1d0074f7b1ab7c1e2379cd12dd2f4298e63172c1942e,2025-05-05T18:15:42.430000 -CVE-2025-43847,1,1,4a15552dd09afc44a333d2d4df632d95a6b28c3a42566913640f1e2993755ff9,2025-05-05T18:15:42.560000 -CVE-2025-43848,1,1,ac3a85bf468bf604d08569bd29596b04fe74006e7b189c97e4171632149f2a2a,2025-05-05T18:15:42.683000 -CVE-2025-43849,1,1,fc5c340afc131143216f18871883ed698015fc1941aa9e39c84b5a575f7c0e46,2025-05-05T19:15:55.957000 -CVE-2025-43850,1,1,ef20a4275351b9743a054d50148c62880194657897a36cb9280977ed7fd35d60,2025-05-05T19:15:56.090000 -CVE-2025-43851,1,1,6d4f970a8f41111c1678fdd381ca9fc3834bf4643d68d9c428d80c94f0bacaa4,2025-05-05T19:15:56.220000 -CVE-2025-43852,1,1,5a643afba75dd570bc70a84d21724a7a1ef5ce83640502692e127a4869d0b071,2025-05-05T19:15:56.353000 +CVE-2025-43842,0,1,c78555d62f029fd234938d96bad219e1a594b9124933181a95153c976d0b1a22,2025-05-05T20:54:19.760000 +CVE-2025-43843,0,1,aba8993aa8e777c0978d36b3f09235318fdb30a908e0a5f7ac9d137ce16cab73,2025-05-05T20:54:19.760000 +CVE-2025-43844,0,1,dadaf4240d2d49798543341b6d26da751bf136e23ffca4427513e5d679dc2705,2025-05-05T20:54:19.760000 +CVE-2025-43845,0,1,262a639d9d281c5da698c42a72cc25503513c04f56b3d491ba6fa471e4b315f2,2025-05-05T20:54:19.760000 +CVE-2025-43846,0,1,ec9f8b4505ea4f7f4f5cbff63977a74db5b3ae5f1019d7ab9d04ac114ebd904b,2025-05-05T20:54:19.760000 +CVE-2025-43847,0,1,020ef8384c35e146396a27655d71fbc261c07d100d70b0c8d271fe7c2c82abf6,2025-05-05T20:54:19.760000 +CVE-2025-43848,0,1,bf22dfec7c5b0ca6ef48202e5b2a45547b7e847fc6c09bd7fc6351faa0333a75,2025-05-05T20:54:19.760000 +CVE-2025-43849,0,1,89fc93e1e1db0ed12b77ac5e3a433d52da3219cd91bda63102d90b7f6cfb3e8a,2025-05-05T20:54:19.760000 +CVE-2025-43850,0,1,9ca66e44fbc87bcef01e7d54cade0df94680759ee91fe932bd36597475a6956b,2025-05-05T20:54:19.760000 +CVE-2025-43851,0,1,f775e81fcd743707d5895b8d169f2ac7b4834ff8ee7dee3715bca2c6481462fe,2025-05-05T20:54:19.760000 +CVE-2025-43852,0,1,5b34861bd37efb82108bdf7fd7f431df5e193ac9bfdf33ec9a172fc8fc7b7b87,2025-05-05T20:54:19.760000 CVE-2025-43854,0,0,dba5bf7c07e9f6066c18bebb5f824b05d2d69284c12b8412ce758f3493e7882b,2025-04-29T13:52:10.697000 CVE-2025-43855,0,0,f251e6d63bdd47bca8d5473ada779eff6aea56ded4158c2fae33805e50370b1d,2025-04-29T13:52:47.470000 CVE-2025-43857,0,0,a9e23f37cf4aebd58c4f43f481b544c0b30b281adcedfd7d3f55a56dfc0f5f76,2025-04-29T13:52:10.697000 @@ -292214,7 +292222,7 @@ CVE-2025-43899,0,0,8ab93a6edab6a82e6476c57ce7e31ae1effa4c1cbd643056ee95b9fb0d1e9 CVE-2025-43900,0,0,8ae3246d09152552bbb6cdca3332360753ff66f5c97b078c8130a1d2fe1845d9,2025-04-19T03:15:14.427000 CVE-2025-43901,0,0,98878e012cf8d6baa1ac5ec62480882e6fac2e6450aa75eeb2862c95e2d438b9,2025-04-19T03:15:14.487000 CVE-2025-43903,0,0,00b37505e4bad1c011979aeeb7ac0f46d600f0a3a2ddd582ccd8bfed7356ed02,2025-04-21T14:23:45.950000 -CVE-2025-43915,0,1,0bc7612e8a50ffbc6455a7ae35af18aa08833819079406ed4c761f7aff590ea1,2025-05-05T18:15:42.820000 +CVE-2025-43915,0,1,dee42daa54c1eb4115b3764895c2ac5deafe4de30a78713a1e297834af5ef687,2025-05-05T20:54:19.760000 CVE-2025-43916,0,0,681d8be38d92746749b1aa52bc81a99ae8dcb7d5c6c1be22a9ecf0d141bf9654,2025-04-21T14:23:45.950000 CVE-2025-43917,0,0,6cbc8a0cc4b5f4a260ea1bcaa2e61bc873dc43de357e9552c071e8ec2a49bca5,2025-04-21T14:23:45.950000 CVE-2025-43918,0,0,c6804f12f91fd2a33114034d2a7e21d55151c0cf36b011a784bd1cc327d47c14,2025-04-21T14:23:45.950000 @@ -292272,9 +292280,9 @@ CVE-2025-44864,0,0,7789f6d26f480117ab5f1e9e3fff36b83532a523dbd6053bdb908ae4f2d1c CVE-2025-44865,0,0,043e220304104c7f3f6b8f160744f5f3d19d02fad79a60b921987acb06a268e5,2025-05-02T13:52:51.693000 CVE-2025-44866,0,0,62ea0f3cc3e057b399b7e4d73c393f9ff587e75eb26373d868c78905b614bdcf,2025-05-02T13:52:51.693000 CVE-2025-44867,0,0,5d834ef889f696c090fb8c7cc0755641a0d17fc5fa997f4007ead308bd8dbbee,2025-05-02T13:52:51.693000 -CVE-2025-44868,0,0,bacfdb9d6ad38ee3b3a17d98d8057a8fc63513aa9c9fd12162c575d6d7d7edf8,2025-05-02T15:15:49.123000 -CVE-2025-44872,0,0,3a2eeb5df5d07c65cf058a81c733279464ff8402fea97f93cf8506de82cd047c,2025-05-02T15:15:49.227000 -CVE-2025-44877,0,0,d700299d5421e6aa9972ade26f97327176dc85c16c66285e59c2b912e62abce2,2025-05-02T15:15:49.323000 +CVE-2025-44868,0,1,aa1bbe97e6dbaf8fbf3e16bd3a5f2ceaade3c7ca67603aab34d7ff8372b91bb9,2025-05-05T20:54:45.973000 +CVE-2025-44872,0,1,af86fa19105734d04ebbadf39800d72be95725506514dd833f4cd66d7e9e7a18,2025-05-05T20:54:45.973000 +CVE-2025-44877,0,1,bcc84e5c5cea039dc0c34f46e0c70593b30dd7f5b3070f6f42e3d175e60c67b6,2025-05-05T20:54:45.973000 CVE-2025-45007,0,0,6ffa8b085097b8f4fc5e29bf0e6d52d2d49b887a52741886be19907646fbc723,2025-05-02T13:53:40.163000 CVE-2025-45009,0,0,0dd4c5d916c320ec1d3f1c18f03f979fd461212f9f78a87f6f450530c388bdf1,2025-05-02T13:53:40.163000 CVE-2025-45010,0,0,ee2e4c1f1d11edfe92994ff8553c3327a68447e4da1c5cecaef688ae9d424cca,2025-05-02T13:53:40.163000 @@ -292285,21 +292293,33 @@ CVE-2025-45018,0,0,dc4ffd927192faab4a4c098708a547eb8416b1c5e317742ba6e031376fd32 CVE-2025-45019,0,0,72615823193ccae8b933a1fa20218e94dcef6a48054cff80a5aa6eda3d74e261,2025-05-02T13:53:40.163000 CVE-2025-45020,0,0,cb3802b6b062774595b3b38dec9c6a571e941928ffb81bcdbcb1d2fa2d45d639,2025-05-02T13:53:40.163000 CVE-2025-45021,0,0,0570c2ba1a9bca30da6999bec8772c055b0034e01feec4d7b897bff6a185f10f,2025-05-02T13:53:40.163000 -CVE-2025-45042,0,0,dee1b72b7829da4ac6f6a2a64631d177928aeea94d58f2af9bec995143491876,2025-05-05T16:15:51.410000 -CVE-2025-45236,1,1,b40b27b9fcfc5f773dda36a4f3c49c566770c64e6469f7f4a6a72f42871e3e80,2025-05-05T18:15:43.163000 -CVE-2025-45237,1,1,2aac8bca67204a872c5e44149d7ec6d434df8a8827215fffac04a27594a274ca,2025-05-05T18:15:43.280000 -CVE-2025-45238,1,1,4198acb86851a7915f1fad73cd485ba7ca54d85aaaa2aa4d6c34f803f54d3e10,2025-05-05T18:15:43.397000 -CVE-2025-45239,1,1,3c5cd9fbc69c3a6949c9e24b5d2397455a58b911e18735c000c92d794cc9f3c7,2025-05-05T18:15:43.510000 -CVE-2025-45240,0,1,5ef40af192cb7611b2dfdbb81d40996e0ef043d3cda37a043d0e9c9499100d06,2025-05-05T18:15:43.623000 -CVE-2025-45242,0,1,1fbf63f21ad15e32147a93f7cb8266137acf05f89de4f8995f22c8617a7a2058,2025-05-05T18:15:43.793000 -CVE-2025-45320,0,0,06700ece4ca9bc882c346de86ce92fd35fb95119eaf536cf02ceebf30d8bfeb7,2025-05-05T16:15:51.697000 -CVE-2025-45321,0,0,0ba4b31f04da80d730a9e6b117e05bc82e58c7c856a2d693299dcb767b92900d,2025-05-05T16:15:51.780000 -CVE-2025-45322,0,0,ddf8b38a428b2a22c3b94c306f8e754c6953d192b3d891a47abdd9dbc58b03b5,2025-05-05T16:15:51.957000 +CVE-2025-45042,0,1,92c03411ad224f662ee1b7b77e6a18dd638657a7bbf38f7f664797862b910f27,2025-05-05T20:54:19.760000 +CVE-2025-45236,0,1,150a9888f70d9c6ba7fca263b39d68731e66accfe966c96e9cd600f380f387c1,2025-05-05T20:54:19.760000 +CVE-2025-45237,0,1,c34265465be1f2fc715a99993505407289a008c0776ac5c51a56146aa1a20f04,2025-05-05T20:54:19.760000 +CVE-2025-45238,0,1,8090c67c3be68ddd041d537b430b7c483ef193879231a393956e33cd79cf4bf2,2025-05-05T20:54:19.760000 +CVE-2025-45239,0,1,6e71903f2292708e8006ec543a513ca54fdb24834b1bc3781cb8907c224abea8,2025-05-05T20:54:19.760000 +CVE-2025-45240,0,1,50670fe15ece3dc5c2ea54e4e87770fc57d0d258b087e1425e6cdd9fd0ec9a49,2025-05-05T20:54:19.760000 +CVE-2025-45242,0,1,0016b14ddac587011bdaa8897b1de7666d9f0a65de289049a0127070838c89a1,2025-05-05T20:54:19.760000 +CVE-2025-45320,0,1,816f08bb326b5d9efc91f43a4884bf6d81b822f6e685633518a57c66e2f3155e,2025-05-05T20:54:19.760000 +CVE-2025-45321,0,1,6c48f95e4bf940a4328960ba360adafe0c33deb66a358198368758ce037ac204,2025-05-05T20:54:19.760000 +CVE-2025-45322,0,1,639cbe577ede41b89749f0a502da8616f6fc43d8685ec14a0bb1064237d0b908,2025-05-05T20:54:19.760000 CVE-2025-45427,0,0,2acb289b4531d79e0a4fdda0743ea875280a2030836ee1f38a4e78112f2ff823,2025-04-30T13:51:20.023000 CVE-2025-45428,0,0,a55753fec0ea61e23d5357aef97cfebf259250af906a54fae9de1214ab7deb77,2025-04-30T16:12:11.190000 CVE-2025-45429,0,0,32099a126e41e157c073e4b282e42326bf59a85e3c0de57c5dd11afb3e22532d,2025-04-30T15:48:51.963000 -CVE-2025-45751,0,0,1eb50bd19aa9c1d2f3cc167611b8a581352e2b09f3f2752a064141c7a6c0f389,2025-05-05T14:15:28.950000 -CVE-2025-45800,0,0,a77d3a8dbf101835cb427b4c2e8f5bcf9b064432ed9cdca7565eb017dda72333,2025-05-02T17:15:52.423000 +CVE-2025-45607,1,1,b9c7adf3060344fa653fe074715195d73541ef27dab8fde8d5fda745e82ae378,2025-05-05T20:54:19.760000 +CVE-2025-45608,1,1,51f9703aa59b51d7703b601d9cbf281949a7bd49d6d54ad70196a42dc01cfa13,2025-05-05T20:54:19.760000 +CVE-2025-45609,1,1,d83c9b552e3efd3d5e99da037de76eb0bf7b79f4642c70d10d644dc77937cc19,2025-05-05T20:54:19.760000 +CVE-2025-45610,1,1,bc9beb3ecfe1bf379133322bf0acd3bfeb8b755c3420fdbd3dae3ffb9722eb35,2025-05-05T20:54:19.760000 +CVE-2025-45611,1,1,c08a949a880185e298b4b35dd8d30d3d7569e14854eea17305244d135e328f73,2025-05-05T20:54:19.760000 +CVE-2025-45612,1,1,e0327f520013643ebc3a891ec9dece595cf89685465266b0eb197447e8abf3c6,2025-05-05T20:54:19.760000 +CVE-2025-45613,1,1,42f79335fd68319c992f7cbc925cb6a2182979ac4fda62f2f5b20131b2776e04,2025-05-05T20:54:19.760000 +CVE-2025-45614,1,1,a7fa05154f83f3330d742d87577ef0aecd4a20fd228ea6e78aba8fa14218cf35,2025-05-05T20:54:19.760000 +CVE-2025-45615,1,1,2354cb0b63b552fe39efbbcfb1724b1f8a13c4e98486fcaeae0e5af91b114b57,2025-05-05T20:54:19.760000 +CVE-2025-45616,1,1,d45c37f14b18ab6b3f3f16f0ca2425152c81ec80b01a20c6a7065a3e7ec2146f,2025-05-05T20:54:19.760000 +CVE-2025-45617,1,1,b6f15bd84026466e4391f59ccb3acbe04e71a578b5bd7fe4ffb7b5db4b7f881c,2025-05-05T20:54:19.760000 +CVE-2025-45618,1,1,19d29f9c4c70bb2346e4cbcd23ca5536e127d42f71678fdd11503d213a1156d3,2025-05-05T20:54:19.760000 +CVE-2025-45751,0,1,851763104aa42637b9d66f5805cfd163b01d2529d2d09a2e565ebd18fd5e1ba0,2025-05-05T20:54:19.760000 +CVE-2025-45800,0,1,02c61ed8809dc7a85d9d7842dcab3dabd50439bebb52e2abe29b3b43f19b3e3f,2025-05-05T20:54:19.760000 CVE-2025-45947,0,0,359c9dbf14e503988017d67aa788a499a7ac3bca9ffc4dc379e7011548317f85,2025-04-30T18:59:47.113000 CVE-2025-45949,0,0,2cec517c1301a76b89b8ccefb135dc95210f8464628904a6679478252432eda9,2025-04-30T18:03:41.357000 CVE-2025-45953,0,0,4ae22ace1fa79622bebb714ee3a1b2bc44139600b15fc188f0269a639daf29ec,2025-04-30T18:03:25.497000 @@ -292357,12 +292377,12 @@ CVE-2025-46328,0,0,fce8bef90289f3e35471bed1d12dcf17aece2585b7518ac140e7d9aab84d6 CVE-2025-46329,0,0,c42fea69e173614922f308417a005a49d9e8f582bd34f25a3472db2ba3eb068d,2025-04-29T13:52:10.697000 CVE-2025-46330,0,0,b6188a8dd9c3f0271d5a6760a7791d144665d3896d323b09f5649df3cc20bb7b,2025-04-29T13:52:10.697000 CVE-2025-46331,0,0,361ec4e6d8671e18323b0342483f801d5e5ac6de37d5bb066d6159aeff4b631e,2025-05-02T13:53:40.163000 -CVE-2025-46332,0,0,96c2c457d28c67b449d8bc341e96f939c65e42814860e9980e4634cb0c192469,2025-05-02T17:15:52.947000 +CVE-2025-46332,0,1,40c08105b16a4e7ec356abdca387f83834b807a2afbd877500500aecebdb168a,2025-05-05T20:54:19.760000 CVE-2025-46333,0,0,4ca215b72a98284b0530b719160d5251f8056ccde380184cb21e0e8b208b2507,2025-04-29T13:52:10.697000 -CVE-2025-46335,1,1,9ae2099b9826da6175778011250420abf1044fe70980922cd20825ba26f4d4d1,2025-05-05T19:15:56.487000 +CVE-2025-46335,0,1,f0ccc11b1598dff8ae8e46d29d22a237957d2128f817d57a47bf2b6d5047d404,2025-05-05T20:54:19.760000 CVE-2025-46337,0,0,b0c7c5a04b7cd0d7c11d627a62b8d7e7338302f8d07f8fa9c84ea057ad9b0e48,2025-05-05T13:15:49.323000 CVE-2025-46338,0,0,e5ecbe8dfd6a5f1493e32f5c03131bbc11de3ed65d7bf0cc647180c8514ea1d2,2025-04-29T13:52:10.697000 -CVE-2025-46340,1,1,7bec08ca0994b6d855928ebbc9a47e0ba35347bac8793e13fc19c7b50d55e196,2025-05-05T19:15:56.627000 +CVE-2025-46340,0,1,6f3b45816dbb20a361f272d53f3ae92b68a1c1ff7c0f0ba65829b7b514555d4b,2025-05-05T20:54:19.760000 CVE-2025-46342,0,0,4ccc97d67fbd9483c430474edc15b07bba02e1cfa6beb1ec434c2eab17b79121,2025-05-02T13:53:40.163000 CVE-2025-46343,0,0,aef42e784a4ba3ff6f4f92863ddf79ead99fe488ce3e4bc3bc064b7acfc66c93,2025-04-29T13:52:10.697000 CVE-2025-46344,0,0,c108ba1643f6799deff69a23819306f9fc6502a1a93c5163667667cccf8ad857,2025-05-02T13:53:40.163000 @@ -292479,18 +292499,18 @@ CVE-2025-46547,0,0,8acc1afe45e6a60f966cb7e5b4fe1e3f801c3ab7386ec5552ef5a599cdb15 CVE-2025-46549,0,0,f50e5e3b6bf948f691fae3590607c411bfcb3afdbedb907a37fe88201d13bd83,2025-05-02T13:53:40.163000 CVE-2025-46550,0,0,a8152277681a3aea096e9a2c4335292b3ede50d588e2f9c9dc9d80df952fbba2,2025-05-02T13:53:40.163000 CVE-2025-46552,0,0,a9cac8cad9e9d7978b6fa80a49016e323cc607187dfa835d6919210693f9bd85,2025-05-02T13:53:40.163000 -CVE-2025-46553,1,1,6fc902d0c99ce86104978d9e8518063cd368fc73ebd8e96393bec67b532d07c3,2025-05-05T19:15:56.763000 +CVE-2025-46553,0,1,792ab117b0109fc08441d70e86cfc8a570b11023393494e1ebcbcc1c247d20b1,2025-05-05T20:54:19.760000 CVE-2025-46554,0,0,a7b89eea12b63e666a925ea1c3ab241ef8ea8e981646e1e96bcb6f05587df1d7,2025-05-02T13:53:40.163000 CVE-2025-46557,0,0,695475fbfc401718c197f3766204de189f65619ff7e66fe731891859004c2d14,2025-05-02T13:53:40.163000 CVE-2025-46558,0,0,46044112001a42c9e94971cbcc8641b730ce8831adfe756198a0c859c9d96131,2025-05-02T13:53:40.163000 -CVE-2025-46559,1,1,94e7764766e9ad08c6fe96b6dd1096ea207dfacd1766cbf3832348ef02d95f10,2025-05-05T19:15:56.910000 +CVE-2025-46559,0,1,6d9fbce4aa89f77319a6e2e4cf3eeb86be3c9c5f22bac831a5aab851e70c452c,2025-05-05T20:54:19.760000 CVE-2025-46560,0,0,3be426986ff05bf7a7a319430354e149a50534bcceaf7a085c479cb575739461,2025-05-02T13:53:40.163000 CVE-2025-46565,0,0,c6310b0d16caffb5c4fca228b199569c838bec718e60758c1fab4e44d373407a,2025-05-02T18:15:27.060000 CVE-2025-46566,0,0,b9d0a45d6aa4eb3fccb467217f75b062a2ea0c1a7d6ec5955ce1f0480e325928,2025-05-02T18:15:27.160000 CVE-2025-46567,0,0,9d9a658e27dde728dadbcc81f9ed72885aaf5201b91bf87f1d9e602ac642ec75,2025-05-02T18:15:27.260000 CVE-2025-46568,0,0,85cbce905aedc800ce4a46bcc89f6b848f137b5459d1a5ef40ca461bc9c177ba,2025-05-02T14:15:19.860000 CVE-2025-46569,0,0,596192ea2f2bcb27dcfadc2be8975c11484ebb4929879c1b0161098a09bd2300,2025-05-02T13:52:51.693000 -CVE-2025-46571,1,1,4ca70d50aa4d68728dbae8547121cc89d460fe50ff6b338b5165c6672d77e0ac,2025-05-05T19:15:57.050000 +CVE-2025-46571,0,1,b297ba682c5a172c032eb50b43449952f9a29a456f6eae185a46e6b54c1029bf,2025-05-05T20:54:19.760000 CVE-2025-46574,0,0,92478992098cfd3e1c073cf382d77a474f9304fa70a4c0ac8d3d7924ea977234,2025-04-29T13:52:10.697000 CVE-2025-46575,0,0,2f0a5b24310dd6fd0827bf911a3730e65f94967c7a1c701ec5837ae7adf431ee,2025-04-29T13:52:10.697000 CVE-2025-46576,0,0,2a8d4b326347bdc18987acae65447d891b53c21b768c7297f2b5b705e0556ad3,2025-04-29T13:52:10.697000 @@ -292533,9 +292553,13 @@ CVE-2025-46687,0,0,eddf5cab5f4617bf23ba77f1f498dc6dad859b2964b65f78aa174d4bb8f2f CVE-2025-46688,0,0,eb94fcaf908d8cbd0411064f7d34a94b2d8e95d84d748ad41befaa449b931c4c,2025-04-29T13:52:10.697000 CVE-2025-46689,0,0,5cc7647d725b18a3c85da01639f15bc4067e800cf27a1a68c7d9c71a21a6a46e,2025-04-29T13:52:10.697000 CVE-2025-46690,0,0,d8aca000767c966e96b093e658d06764be5f4206a02635fbc35ded14eade0666,2025-04-29T13:52:10.697000 -CVE-2025-46719,1,1,ebf20ea24c89264ed56ab4cd862d20e826900cdca8a6053a91d500962f7d456a,2025-05-05T19:15:57.197000 -CVE-2025-46720,1,1,687071e13d695290de50df75c312aa9739c60b25b737f6f38a6a69982a73ae88,2025-05-05T19:15:57.330000 -CVE-2025-46723,0,0,38a73f26b94018a334bf8283f75d910933c226f80f378e3b4999df78e6faf881,2025-05-02T23:15:16.580000 +CVE-2025-46719,0,1,eb95ba132fb6e0e0136d846843a0405b1cac89556444e6846ed916d708ddfac7,2025-05-05T20:54:19.760000 +CVE-2025-46720,0,1,90c649755d227a548dce467b122a4d002a4bc4f186f2e51a13843e808cbee659,2025-05-05T20:54:19.760000 +CVE-2025-46723,0,1,23909492a9ee443fd9ae3060d2ebc8db94328dcc9cf17248e4a0a9a7d6a6e953,2025-05-05T20:54:19.760000 +CVE-2025-46726,1,1,a5c3457a98b8253fc80b489b12eca0a82eccd6453a36199f0c69a3913e03d1ec,2025-05-05T20:54:19.760000 +CVE-2025-46730,1,1,15db10087988a8a4609af678019f74fe3949662d8e4f9647f0842229b29ba86a,2025-05-05T20:54:19.760000 +CVE-2025-46731,1,1,d939505e71390728d12449de6291ae6aef05dceb7cdfc98e3c94d607bd56503c,2025-05-05T20:54:19.760000 +CVE-2025-46734,1,1,fc314dbe006ed28739fc25674a0f2ba6f4e80880ce69c0f16bfb5aae822a6301,2025-05-05T20:54:19.760000 CVE-2025-46753,0,0,56a83bece5ff13ee064a1fb0dfd7ee9ef1f9937de0590ea37c40336df8920ab8,2025-04-29T03:15:35.230000 CVE-2025-46754,0,0,d1f475db69a06e653e6bbea1629fc02eda427a48f7fb97bf4cbb6d831122b33e,2025-04-29T03:15:35.283000 CVE-2025-46755,0,0,8bd538daabe1bc6181ec74e1810e825b8ffb5571ec278f3ec0eda5518c419442,2025-04-29T03:15:35.343000 @@ -292550,13 +292574,14 @@ CVE-2025-46779,0,0,37c24e5b7e4a0045a4d100f0b48f14bc24b2b68a67fe538c22d10ef701f0d CVE-2025-46780,0,0,5993d506455854cf118c6763aa0e87cfcb5c499499a4d09b9c1fb1cc0884d3f3,2025-04-30T03:15:19.307000 CVE-2025-46781,0,0,e7fe47a74e2ae94a42cb82d6842951a5dd9286ffd4d5d353415d63928d0e29b9,2025-04-30T03:15:19.367000 CVE-2025-46782,0,0,190c817e4f3c09faf97df326ed9cdbea1555cc1850d161b9d9da454d08c1d46e,2025-04-30T03:15:19.430000 +CVE-2025-46813,1,1,a02ac7d99e24507cacc5a9a2b24e3035e2a1f13afb692665ef13392c2a8cada3,2025-05-05T20:54:19.760000 CVE-2025-47153,0,0,1bca3f0c72274ce4b4c023a8e0978fd82f9f0090c23ca3f26eaede96af2bc369,2025-05-02T19:15:55.930000 CVE-2025-47154,0,0,6a55c646b5911b6b02123224674cd90dd2e3787c01df5f2ac266b60ca2d454e0,2025-05-02T13:53:40.163000 CVE-2025-47201,0,0,5909e655c347961adc92b049fc3b858cea6b26374920e4415466c07622f39f83,2025-05-02T13:52:51.693000 -CVE-2025-47226,0,0,641f5bc349e6560fce4b9dbdd42056ce41fc882613061d87d593cee39dbb6d9a,2025-05-03T20:15:15.923000 -CVE-2025-47229,0,0,6fec8ddd5443564353f10001f8967a7abfc9875f230e3648131bfcf21a9215a1,2025-05-03T03:15:28.183000 +CVE-2025-47226,0,1,75f697734cf8199157178f3f460499cbde547be9dbd69dabfd7c23c45d2669f2,2025-05-05T20:54:19.760000 +CVE-2025-47229,0,1,ce628b1ca08883508604ad35fbd46640a7a9f93ddbaf98a26f657b9032cc95b5,2025-05-05T20:54:19.760000 CVE-2025-47240,0,0,6f2483b413224281be63c9ed06c49c6df7591950e649ffc34f5e0ba5adfd4086,2025-05-05T15:15:54.553000 -CVE-2025-47241,0,0,62e4a8eb3802da3b010dd896661f13466c93ea94ff76b65b4508e15bf74e0b70,2025-05-03T21:15:48.023000 -CVE-2025-47244,0,0,bfc121492ab9ab4995b077e613b5f51cff71abcfeaef217e8aa0887e5405d2d6,2025-05-03T23:15:48.150000 -CVE-2025-47245,0,0,7c65e02bed3c5f6157c0a56e0c696229330ea4a006690ae51bdd9f5a0ceca314,2025-05-04T00:15:15.373000 -CVE-2025-47268,0,0,f74133ddbf54c182ee0c4a9be24bbfff4920a6203b7acdba2733f32acfb9fcfa,2025-05-05T14:15:29.063000 +CVE-2025-47241,0,1,e6026e6d2c9de181673c4796b4be764460f13f46e5c7740556386399acfbeb9e,2025-05-05T20:54:19.760000 +CVE-2025-47244,0,1,ad1e1c4dfd55bab2d736197fba1ed6a6c86b41cee6c4f24c064e7932fb865a5b,2025-05-05T20:54:19.760000 +CVE-2025-47245,0,1,7b2364c00905e8788c2fdd2e6bd15f21012a4e700ac145a877fe64795e90a7fb,2025-05-05T20:54:19.760000 +CVE-2025-47268,0,1,6c5628fc141640947abe09b24f32d1e6e07cdf2a0e6e68cca436c364300bba3f,2025-05-05T20:54:19.760000