From 1fb9504f8d9f61b2dadc50b9d47d9f6508206412 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 21 Apr 2024 02:03:21 +0000 Subject: [PATCH] Auto-Update: 2024-04-21T02:00:30.106734+00:00 --- CVE-2004/CVE-2004-02xx/CVE-2004-0285.json | 2 +- CVE-2006/CVE-2006-49xx/CVE-2006-4993.json | 2 +- CVE-2007/CVE-2007-01xx/CVE-2007-0171.json | 2 +- CVE-2007/CVE-2007-01xx/CVE-2007-0172.json | 2 +- CVE-2007/CVE-2007-64xx/CVE-2007-6420.json | 2 +- CVE-2019/CVE-2019-39xx/CVE-2019-3900.json | 2 +- CVE-2020/CVE-2020-80xx/CVE-2020-8006.json | 4 + CVE-2022/CVE-2022-11xx/CVE-2022-1153.json | 2 +- CVE-2022/CVE-2022-416xx/CVE-2022-41698.json | 4 + CVE-2022/CVE-2022-463xx/CVE-2022-46337.json | 2 +- CVE-2022/CVE-2022-471xx/CVE-2022-47151.json | 4 + CVE-2023/CVE-2023-248xx/CVE-2023-24847.json | 12 +- CVE-2023/CVE-2023-36xx/CVE-2023-3675.json | 4 + CVE-2023/CVE-2023-385xx/CVE-2023-38511.json | 4 + CVE-2023/CVE-2023-393xx/CVE-2023-39367.json | 4 + CVE-2023/CVE-2023-401xx/CVE-2023-40146.json | 4 + CVE-2023/CVE-2023-434xx/CVE-2023-43491.json | 4 + CVE-2023/CVE-2023-437xx/CVE-2023-43790.json | 4 + CVE-2023/CVE-2023-442xx/CVE-2023-44227.json | 4 + CVE-2023/CVE-2023-443xx/CVE-2023-44396.json | 4 + CVE-2023/CVE-2023-452xx/CVE-2023-45209.json | 4 + CVE-2023/CVE-2023-457xx/CVE-2023-45744.json | 4 + CVE-2023/CVE-2023-458xx/CVE-2023-45808.json | 4 + CVE-2023/CVE-2023-460xx/CVE-2023-46060.json | 4 + CVE-2023/CVE-2023-471xx/CVE-2023-47123.json | 4 + CVE-2023/CVE-2023-476xx/CVE-2023-47622.json | 4 + CVE-2023/CVE-2023-476xx/CVE-2023-47626.json | 4 + CVE-2023/CVE-2023-478xx/CVE-2023-47843.json | 4 + CVE-2023/CVE-2023-47xx/CVE-2023-4759.json | 2 +- CVE-2023/CVE-2023-487xx/CVE-2023-48709.json | 4 + CVE-2023/CVE-2023-487xx/CVE-2023-48710.json | 4 + CVE-2023/CVE-2023-487xx/CVE-2023-48795.json | 2 +- CVE-2023/CVE-2023-48xx/CVE-2023-4855.json | 4 + CVE-2023/CVE-2023-48xx/CVE-2023-4856.json | 4 + CVE-2023/CVE-2023-48xx/CVE-2023-4857.json | 4 + CVE-2023/CVE-2023-497xx/CVE-2023-49768.json | 4 + CVE-2023/CVE-2023-508xx/CVE-2023-50885.json | 4 + CVE-2023/CVE-2023-514xx/CVE-2023-51418.json | 4 + CVE-2023/CVE-2023-515xx/CVE-2023-51500.json | 4 + CVE-2023/CVE-2023-524xx/CVE-2023-52433.json | 2 +- CVE-2023/CVE-2023-524xx/CVE-2023-52442.json | 2 +- CVE-2023/CVE-2023-524xx/CVE-2023-52453.json | 2 +- CVE-2023/CVE-2023-524xx/CVE-2023-52461.json | 2 +- CVE-2023/CVE-2023-526xx/CVE-2023-52642.json | 4 + CVE-2023/CVE-2023-526xx/CVE-2023-52643.json | 4 + CVE-2023/CVE-2023-526xx/CVE-2023-52644.json | 4 + CVE-2023/CVE-2023-526xx/CVE-2023-52645.json | 4 + CVE-2023/CVE-2023-53xx/CVE-2023-5395.json | 4 + CVE-2023/CVE-2023-53xx/CVE-2023-5396.json | 4 + CVE-2023/CVE-2023-53xx/CVE-2023-5397.json | 4 + CVE-2023/CVE-2023-53xx/CVE-2023-5398.json | 4 + CVE-2023/CVE-2023-54xx/CVE-2023-5400.json | 4 + CVE-2023/CVE-2023-54xx/CVE-2023-5401.json | 4 + CVE-2023/CVE-2023-54xx/CVE-2023-5403.json | 4 + CVE-2023/CVE-2023-54xx/CVE-2023-5404.json | 4 + CVE-2023/CVE-2023-54xx/CVE-2023-5405.json | 4 + CVE-2023/CVE-2023-54xx/CVE-2023-5406.json | 4 + CVE-2023/CVE-2023-54xx/CVE-2023-5407.json | 4 + CVE-2023/CVE-2023-66xx/CVE-2023-6683.json | 2 +- CVE-2023/CVE-2023-68xx/CVE-2023-6805.json | 4 + CVE-2023/CVE-2023-68xx/CVE-2023-6892.json | 4 + CVE-2023/CVE-2023-68xx/CVE-2023-6897.json | 4 + CVE-2024/CVE-2024-11xx/CVE-2024-1132.json | 4 + CVE-2024/CVE-2024-11xx/CVE-2024-1135.json | 4 + CVE-2024/CVE-2024-12xx/CVE-2024-1249.json | 4 + CVE-2024/CVE-2024-13xx/CVE-2024-1350.json | 4 + CVE-2024/CVE-2024-16xx/CVE-2024-1661.json | 2 +- CVE-2024/CVE-2024-17xx/CVE-2024-1741.json | 4 + CVE-2024/CVE-2024-19xx/CVE-2024-1902.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21008.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21009.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21010.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21011.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21012.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21013.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21014.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21015.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21016.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21017.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21018.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21019.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21020.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21021.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21022.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21023.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21024.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21025.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21032.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21033.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21034.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21035.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21036.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21037.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21038.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21039.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21040.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21041.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21042.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21043.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21044.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21045.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21046.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21047.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21048.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21049.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21050.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21051.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21052.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21053.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21054.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21055.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21056.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21057.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21058.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21059.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21060.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21061.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21062.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21063.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21064.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21065.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21066.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21067.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21068.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21069.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21070.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21071.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21072.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21073.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21074.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21075.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21076.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21077.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21078.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21079.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21080.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21081.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21082.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21083.json | 4 + CVE-2024/CVE-2024-210xx/CVE-2024-21084.json | 4 + CVE-2024/CVE-2024-220xx/CVE-2024-22014.json | 4 + CVE-2024/CVE-2024-223xx/CVE-2024-22339.json | 4 + CVE-2024/CVE-2024-224xx/CVE-2024-22437.json | 4 + CVE-2024/CVE-2024-224xx/CVE-2024-22438.json | 4 + CVE-2024/CVE-2024-224xx/CVE-2024-22439.json | 4 + CVE-2024/CVE-2024-234xx/CVE-2024-23486.json | 4 + CVE-2024/CVE-2024-235xx/CVE-2024-23559.json | 4 + CVE-2024/CVE-2024-235xx/CVE-2024-23593.json | 4 + CVE-2024/CVE-2024-235xx/CVE-2024-23594.json | 4 + CVE-2024/CVE-2024-239xx/CVE-2024-23911.json | 4 + CVE-2024/CVE-2024-248xx/CVE-2024-24856.json | 4 + CVE-2024/CVE-2024-248xx/CVE-2024-24891.json | 4 + CVE-2024/CVE-2024-248xx/CVE-2024-24898.json | 4 + CVE-2024/CVE-2024-249xx/CVE-2024-24910.json | 4 + CVE-2024/CVE-2024-251xx/CVE-2024-25143.json | 2 +- CVE-2024/CVE-2024-253xx/CVE-2024-25300.json | 2 +- CVE-2024/CVE-2024-253xx/CVE-2024-25301.json | 2 +- CVE-2024/CVE-2024-260xx/CVE-2024-26023.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26818.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26820.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26821.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26822.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26823.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26824.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26825.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26826.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26828.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26829.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26830.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26831.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26832.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26833.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26834.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26835.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26836.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26837.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26838.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26839.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26840.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26841.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26842.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26843.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26844.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26845.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26846.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26847.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26848.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26849.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26850.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26851.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26852.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26853.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26854.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26855.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26856.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26857.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26858.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26859.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26860.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26861.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26862.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26863.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26864.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26865.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26866.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26867.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26868.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26869.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26870.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26871.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26872.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26873.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26874.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26875.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26876.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26877.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26878.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26879.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26880.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26881.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26882.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26883.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26884.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26885.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26886.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26887.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26888.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26889.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26890.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26891.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26892.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26893.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26894.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26895.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26896.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26897.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26898.json | 4 + CVE-2024/CVE-2024-268xx/CVE-2024-26899.json | 4 + CVE-2024/CVE-2024-269xx/CVE-2024-26900.json | 4 + CVE-2024/CVE-2024-269xx/CVE-2024-26901.json | 4 + CVE-2024/CVE-2024-269xx/CVE-2024-26902.json | 4 + CVE-2024/CVE-2024-269xx/CVE-2024-26903.json | 4 + CVE-2024/CVE-2024-269xx/CVE-2024-26904.json | 4 + CVE-2024/CVE-2024-269xx/CVE-2024-26905.json | 4 + CVE-2024/CVE-2024-269xx/CVE-2024-26906.json | 4 + CVE-2024/CVE-2024-269xx/CVE-2024-26907.json | 4 + CVE-2024/CVE-2024-269xx/CVE-2024-26908.json | 4 + CVE-2024/CVE-2024-269xx/CVE-2024-26909.json | 4 + CVE-2024/CVE-2024-269xx/CVE-2024-26910.json | 4 + CVE-2024/CVE-2024-269xx/CVE-2024-26911.json | 4 + CVE-2024/CVE-2024-269xx/CVE-2024-26912.json | 4 + CVE-2024/CVE-2024-269xx/CVE-2024-26913.json | 4 + CVE-2024/CVE-2024-269xx/CVE-2024-26914.json | 4 + CVE-2024/CVE-2024-269xx/CVE-2024-26915.json | 4 + CVE-2024/CVE-2024-269xx/CVE-2024-26916.json | 4 + CVE-2024/CVE-2024-269xx/CVE-2024-26917.json | 4 + CVE-2024/CVE-2024-269xx/CVE-2024-26918.json | 4 + CVE-2024/CVE-2024-26xx/CVE-2024-2659.json | 4 + CVE-2024/CVE-2024-273xx/CVE-2024-27306.json | 4 + CVE-2024/CVE-2024-27xx/CVE-2024-2796.json | 4 + CVE-2024/CVE-2024-280xx/CVE-2024-28056.json | 4 + CVE-2024/CVE-2024-280xx/CVE-2024-28073.json | 4 + CVE-2024/CVE-2024-280xx/CVE-2024-28099.json | 4 + CVE-2024/CVE-2024-281xx/CVE-2024-28185.json | 4 + CVE-2024/CVE-2024-281xx/CVE-2024-28189.json | 4 + CVE-2024/CVE-2024-288xx/CVE-2024-28894.json | 4 + CVE-2024/CVE-2024-289xx/CVE-2024-28957.json | 4 + CVE-2024/CVE-2024-290xx/CVE-2024-29021.json | 4 + CVE-2024/CVE-2024-290xx/CVE-2024-29035.json | 4 + CVE-2024/CVE-2024-290xx/CVE-2024-29052.json | 2 +- CVE-2024/CVE-2024-290xx/CVE-2024-29053.json | 2 +- CVE-2024/CVE-2024-290xx/CVE-2024-29054.json | 2 +- CVE-2024/CVE-2024-290xx/CVE-2024-29055.json | 2 +- CVE-2024/CVE-2024-290xx/CVE-2024-29056.json | 2 +- CVE-2024/CVE-2024-290xx/CVE-2024-29061.json | 2 +- CVE-2024/CVE-2024-290xx/CVE-2024-29062.json | 2 +- CVE-2024/CVE-2024-292xx/CVE-2024-29218.json | 4 + CVE-2024/CVE-2024-292xx/CVE-2024-29219.json | 4 + CVE-2024/CVE-2024-299xx/CVE-2024-29950.json | 4 + CVE-2024/CVE-2024-29xx/CVE-2024-2952.json | 4 + CVE-2024/CVE-2024-302xx/CVE-2024-30219.json | 4 + CVE-2024/CVE-2024-302xx/CVE-2024-30220.json | 4 + CVE-2024/CVE-2024-302xx/CVE-2024-30253.json | 4 + CVE-2024/CVE-2024-302xx/CVE-2024-30257.json | 4 + CVE-2024/CVE-2024-305xx/CVE-2024-30546.json | 4 + CVE-2024/CVE-2024-306xx/CVE-2024-30694.json | 4 + CVE-2024/CVE-2024-306xx/CVE-2024-30695.json | 4 + CVE-2024/CVE-2024-306xx/CVE-2024-30696.json | 4 + CVE-2024/CVE-2024-306xx/CVE-2024-30697.json | 4 + CVE-2024/CVE-2024-306xx/CVE-2024-30699.json | 4 + CVE-2024/CVE-2024-307xx/CVE-2024-30701.json | 4 + CVE-2024/CVE-2024-309xx/CVE-2024-30950.json | 4 + CVE-2024/CVE-2024-309xx/CVE-2024-30951.json | 4 + CVE-2024/CVE-2024-309xx/CVE-2024-30952.json | 4 + CVE-2024/CVE-2024-309xx/CVE-2024-30953.json | 4 + CVE-2024/CVE-2024-309xx/CVE-2024-30980.json | 4 + CVE-2024/CVE-2024-309xx/CVE-2024-30981.json | 4 + CVE-2024/CVE-2024-309xx/CVE-2024-30982.json | 4 + CVE-2024/CVE-2024-309xx/CVE-2024-30983.json | 4 + CVE-2024/CVE-2024-309xx/CVE-2024-30985.json | 4 + CVE-2024/CVE-2024-309xx/CVE-2024-30986.json | 4 + CVE-2024/CVE-2024-309xx/CVE-2024-30987.json | 4 + CVE-2024/CVE-2024-309xx/CVE-2024-30988.json | 4 + CVE-2024/CVE-2024-309xx/CVE-2024-30989.json | 4 + CVE-2024/CVE-2024-309xx/CVE-2024-30990.json | 4 + CVE-2024/CVE-2024-30xx/CVE-2024-3054.json | 4 + CVE-2024/CVE-2024-30xx/CVE-2024-3067.json | 4 + CVE-2024/CVE-2024-30xx/CVE-2024-3097.json | 2 +- CVE-2024/CVE-2024-310xx/CVE-2024-31031.json | 4 + CVE-2024/CVE-2024-310xx/CVE-2024-31040.json | 4 + CVE-2024/CVE-2024-310xx/CVE-2024-31041.json | 4 + CVE-2024/CVE-2024-312xx/CVE-2024-31219.json | 4 + CVE-2024/CVE-2024-312xx/CVE-2024-31229.json | 4 + CVE-2024/CVE-2024-313xx/CVE-2024-31302.json | 2 +- CVE-2024/CVE-2024-313xx/CVE-2024-31371.json | 4 + CVE-2024/CVE-2024-313xx/CVE-2024-31372.json | 4 + CVE-2024/CVE-2024-313xx/CVE-2024-31373.json | 4 + CVE-2024/CVE-2024-313xx/CVE-2024-31374.json | 4 + CVE-2024/CVE-2024-313xx/CVE-2024-31376.json | 4 + CVE-2024/CVE-2024-313xx/CVE-2024-31378.json | 4 + CVE-2024/CVE-2024-313xx/CVE-2024-31379.json | 4 + CVE-2024/CVE-2024-313xx/CVE-2024-31381.json | 4 + CVE-2024/CVE-2024-313xx/CVE-2024-31382.json | 4 + CVE-2024/CVE-2024-313xx/CVE-2024-31383.json | 4 + CVE-2024/CVE-2024-313xx/CVE-2024-31384.json | 4 + CVE-2024/CVE-2024-313xx/CVE-2024-31385.json | 4 + CVE-2024/CVE-2024-313xx/CVE-2024-31388.json | 4 + CVE-2024/CVE-2024-313xx/CVE-2024-31389.json | 4 + CVE-2024/CVE-2024-314xx/CVE-2024-31421.json | 4 + CVE-2024/CVE-2024-314xx/CVE-2024-31422.json | 4 + CVE-2024/CVE-2024-314xx/CVE-2024-31424.json | 4 + CVE-2024/CVE-2024-314xx/CVE-2024-31425.json | 4 + CVE-2024/CVE-2024-314xx/CVE-2024-31426.json | 4 + CVE-2024/CVE-2024-314xx/CVE-2024-31427.json | 4 + CVE-2024/CVE-2024-314xx/CVE-2024-31428.json | 4 + CVE-2024/CVE-2024-314xx/CVE-2024-31429.json | 4 + CVE-2024/CVE-2024-314xx/CVE-2024-31431.json | 4 + CVE-2024/CVE-2024-314xx/CVE-2024-31432.json | 4 + CVE-2024/CVE-2024-314xx/CVE-2024-31433.json | 4 + CVE-2024/CVE-2024-314xx/CVE-2024-31434.json | 4 + CVE-2024/CVE-2024-315xx/CVE-2024-31578.json | 4 + CVE-2024/CVE-2024-315xx/CVE-2024-31580.json | 4 + CVE-2024/CVE-2024-315xx/CVE-2024-31581.json | 4 + CVE-2024/CVE-2024-315xx/CVE-2024-31582.json | 4 + CVE-2024/CVE-2024-315xx/CVE-2024-31583.json | 4 + CVE-2024/CVE-2024-315xx/CVE-2024-31585.json | 4 + CVE-2024/CVE-2024-317xx/CVE-2024-31783.json | 2 +- CVE-2024/CVE-2024-319xx/CVE-2024-31920.json | 4 + CVE-2024/CVE-2024-319xx/CVE-2024-31921.json | 4 + CVE-2024/CVE-2024-319xx/CVE-2024-31922.json | 4 + CVE-2024/CVE-2024-319xx/CVE-2024-31923.json | 4 + CVE-2024/CVE-2024-319xx/CVE-2024-31933.json | 4 + CVE-2024/CVE-2024-319xx/CVE-2024-31938.json | 4 + CVE-2024/CVE-2024-319xx/CVE-2024-31940.json | 4 + CVE-2024/CVE-2024-31xx/CVE-2024-3167.json | 2 +- CVE-2024/CVE-2024-321xx/CVE-2024-32126.json | 4 + CVE-2024/CVE-2024-321xx/CVE-2024-32129.json | 4 + CVE-2024/CVE-2024-321xx/CVE-2024-32130.json | 4 + CVE-2024/CVE-2024-321xx/CVE-2024-32161.json | 4 + CVE-2024/CVE-2024-321xx/CVE-2024-32162.json | 4 + CVE-2024/CVE-2024-321xx/CVE-2024-32163.json | 4 + CVE-2024/CVE-2024-322xx/CVE-2024-32281.json | 4 + CVE-2024/CVE-2024-322xx/CVE-2024-32282.json | 4 + CVE-2024/CVE-2024-322xx/CVE-2024-32283.json | 4 + CVE-2024/CVE-2024-322xx/CVE-2024-32285.json | 4 + CVE-2024/CVE-2024-322xx/CVE-2024-32286.json | 4 + CVE-2024/CVE-2024-322xx/CVE-2024-32287.json | 4 + CVE-2024/CVE-2024-322xx/CVE-2024-32288.json | 4 + CVE-2024/CVE-2024-322xx/CVE-2024-32290.json | 4 + CVE-2024/CVE-2024-322xx/CVE-2024-32291.json | 4 + CVE-2024/CVE-2024-322xx/CVE-2024-32292.json | 4 + CVE-2024/CVE-2024-322xx/CVE-2024-32293.json | 4 + CVE-2024/CVE-2024-322xx/CVE-2024-32299.json | 4 + CVE-2024/CVE-2024-323xx/CVE-2024-32301.json | 4 + CVE-2024/CVE-2024-323xx/CVE-2024-32302.json | 4 + CVE-2024/CVE-2024-323xx/CVE-2024-32306.json | 4 + CVE-2024/CVE-2024-323xx/CVE-2024-32307.json | 4 + CVE-2024/CVE-2024-323xx/CVE-2024-32310.json | 4 + CVE-2024/CVE-2024-323xx/CVE-2024-32311.json | 4 + CVE-2024/CVE-2024-323xx/CVE-2024-32312.json | 4 + CVE-2024/CVE-2024-323xx/CVE-2024-32313.json | 4 + CVE-2024/CVE-2024-323xx/CVE-2024-32315.json | 4 + CVE-2024/CVE-2024-323xx/CVE-2024-32325.json | 4 + CVE-2024/CVE-2024-323xx/CVE-2024-32326.json | 4 + CVE-2024/CVE-2024-323xx/CVE-2024-32327.json | 4 + CVE-2024/CVE-2024-323xx/CVE-2024-32332.json | 4 + CVE-2024/CVE-2024-323xx/CVE-2024-32333.json | 4 + CVE-2024/CVE-2024-323xx/CVE-2024-32334.json | 4 + CVE-2024/CVE-2024-323xx/CVE-2024-32335.json | 4 + CVE-2024/CVE-2024-323xx/CVE-2024-32345.json | 2 +- CVE-2024/CVE-2024-324xx/CVE-2024-32456.json | 4 + CVE-2024/CVE-2024-324xx/CVE-2024-32457.json | 4 + CVE-2024/CVE-2024-324xx/CVE-2024-32462.json | 4 + CVE-2024/CVE-2024-324xx/CVE-2024-32470.json | 4 + CVE-2024/CVE-2024-324xx/CVE-2024-32475.json | 4 + CVE-2024/CVE-2024-325xx/CVE-2024-32505.json | 4 + CVE-2024/CVE-2024-325xx/CVE-2024-32508.json | 4 + CVE-2024/CVE-2024-325xx/CVE-2024-32510.json | 4 + CVE-2024/CVE-2024-325xx/CVE-2024-32526.json | 4 + CVE-2024/CVE-2024-325xx/CVE-2024-32527.json | 4 + CVE-2024/CVE-2024-325xx/CVE-2024-32528.json | 4 + CVE-2024/CVE-2024-325xx/CVE-2024-32529.json | 4 + CVE-2024/CVE-2024-325xx/CVE-2024-32530.json | 4 + CVE-2024/CVE-2024-325xx/CVE-2024-32531.json | 4 + CVE-2024/CVE-2024-325xx/CVE-2024-32535.json | 4 + CVE-2024/CVE-2024-325xx/CVE-2024-32551.json | 4 + CVE-2024/CVE-2024-325xx/CVE-2024-32552.json | 4 + CVE-2024/CVE-2024-325xx/CVE-2024-32553.json | 4 + CVE-2024/CVE-2024-326xx/CVE-2024-32600.json | 4 + CVE-2024/CVE-2024-326xx/CVE-2024-32602.json | 4 + CVE-2024/CVE-2024-326xx/CVE-2024-32686.json | 4 + CVE-2024/CVE-2024-326xx/CVE-2024-32689.json | 4 + CVE-2024/CVE-2024-32xx/CVE-2024-3211.json | 4 + CVE-2024/CVE-2024-32xx/CVE-2024-3243.json | 4 + CVE-2024/CVE-2024-33xx/CVE-2024-3323.json | 4 + CVE-2024/CVE-2024-33xx/CVE-2024-3333.json | 4 + CVE-2024/CVE-2024-33xx/CVE-2024-3367.json | 4 + CVE-2024/CVE-2024-36xx/CVE-2024-3672.json | 4 + CVE-2024/CVE-2024-37xx/CVE-2024-3780.json | 4 + CVE-2024/CVE-2024-37xx/CVE-2024-3797.json | 4 + CVE-2024/CVE-2024-38xx/CVE-2024-3802.json | 4 + CVE-2024/CVE-2024-38xx/CVE-2024-3825.json | 4 + CVE-2024/CVE-2024-38xx/CVE-2024-3869.json | 4 + CVE-2024/CVE-2024-39xx/CVE-2024-3900.json | 4 + CVE-2024/CVE-2024-39xx/CVE-2024-3905.json | 4 + CVE-2024/CVE-2024-39xx/CVE-2024-3906.json | 4 + CVE-2024/CVE-2024-39xx/CVE-2024-3907.json | 4 + CVE-2024/CVE-2024-39xx/CVE-2024-3908.json | 4 + CVE-2024/CVE-2024-39xx/CVE-2024-3909.json | 4 + CVE-2024/CVE-2024-39xx/CVE-2024-3910.json | 4 + CVE-2024/CVE-2024-39xx/CVE-2024-3914.json | 4 + CVE-2024/CVE-2024-39xx/CVE-2024-3948.json | 4 + README.md | 34 +- _state.csv | 866 ++++++++++---------- 434 files changed, 2099 insertions(+), 475 deletions(-) diff --git a/CVE-2004/CVE-2004-02xx/CVE-2004-0285.json b/CVE-2004/CVE-2004-02xx/CVE-2004-0285.json index 64194f948de..6dea2a693c1 100644 --- a/CVE-2004/CVE-2004-02xx/CVE-2004-0285.json +++ b/CVE-2004/CVE-2004-02xx/CVE-2004-0285.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2004-11-23T05:00:00.000", "lastModified": "2024-02-08T02:26:13.527", - "vulnStatus": "Analyzed", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2006/CVE-2006-49xx/CVE-2006-4993.json b/CVE-2006/CVE-2006-49xx/CVE-2006-4993.json index 7fc4e5e8f33..96e22a3f4ce 100644 --- a/CVE-2006/CVE-2006-49xx/CVE-2006-4993.json +++ b/CVE-2006/CVE-2006-49xx/CVE-2006-4993.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2006-09-26T02:07:00.000", "lastModified": "2017-10-19T01:29:28.080", - "vulnStatus": "Modified", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2007/CVE-2007-01xx/CVE-2007-0171.json b/CVE-2007/CVE-2007-01xx/CVE-2007-0171.json index 1f3ce58ccbf..6952a17314c 100644 --- a/CVE-2007/CVE-2007-01xx/CVE-2007-0171.json +++ b/CVE-2007/CVE-2007-01xx/CVE-2007-0171.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2007-01-11T00:28:00.000", "lastModified": "2017-10-19T01:29:56.940", - "vulnStatus": "Modified", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2007/CVE-2007-01xx/CVE-2007-0172.json b/CVE-2007/CVE-2007-01xx/CVE-2007-0172.json index 4e09932945b..12e74da6b8e 100644 --- a/CVE-2007/CVE-2007-01xx/CVE-2007-0172.json +++ b/CVE-2007/CVE-2007-01xx/CVE-2007-0172.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2007-01-11T00:28:00.000", "lastModified": "2017-10-19T01:29:56.987", - "vulnStatus": "Modified", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2007/CVE-2007-64xx/CVE-2007-6420.json b/CVE-2007/CVE-2007-64xx/CVE-2007-6420.json index 780e43fd15b..6d56f44c050 100644 --- a/CVE-2007/CVE-2007-64xx/CVE-2007-6420.json +++ b/CVE-2007/CVE-2007-64xx/CVE-2007-6420.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2008-01-12T00:46:00.000", "lastModified": "2023-11-07T02:01:31.087", - "vulnStatus": "Modified", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2019/CVE-2019-39xx/CVE-2019-3900.json b/CVE-2019/CVE-2019-39xx/CVE-2019-3900.json index f1f1bab2c98..da7ceee3712 100644 --- a/CVE-2019/CVE-2019-39xx/CVE-2019-3900.json +++ b/CVE-2019/CVE-2019-39xx/CVE-2019-3900.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secalert@redhat.com", "published": "2019-04-25T15:29:00.407", "lastModified": "2023-02-12T23:38:55.887", - "vulnStatus": "Modified", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2020/CVE-2020-80xx/CVE-2020-8006.json b/CVE-2020/CVE-2020-80xx/CVE-2020-8006.json index c055cd5f188..84e258227d7 100644 --- a/CVE-2020/CVE-2020-80xx/CVE-2020-8006.json +++ b/CVE-2020/CVE-2020-80xx/CVE-2020-8006.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The ocpp1.5 and pwrstudio binaries on the charging station do not use a number of common exploitation mitigations. In particular, there are no stack canaries and they do not use the Position Independent Executable (PIE) format." + }, + { + "lang": "es", + "value": "El servidor en Circontrol Raption hasta 5.11.2 tiene un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria de autenticaci\u00f3n previa que puede explotarse para obtener control en tiempo de ejecuci\u00f3n del dispositivo como root. Los binarios ocpp1.5 y pwrstudio en la estaci\u00f3n de carga no utilizan una serie de mitigaciones de explotaci\u00f3n comunes. En particular, no hay canarios de pila y no utilizan el formato ejecutable independiente de la posici\u00f3n (PIE)." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-11xx/CVE-2022-1153.json b/CVE-2022/CVE-2022-11xx/CVE-2022-1153.json index 2e48335edf7..dc48e5e34a9 100644 --- a/CVE-2022/CVE-2022-11xx/CVE-2022-1153.json +++ b/CVE-2022/CVE-2022-11xx/CVE-2022-1153.json @@ -3,7 +3,7 @@ "sourceIdentifier": "contact@wpscan.com", "published": "2022-04-25T16:16:08.517", "lastModified": "2022-05-03T17:08:05.927", - "vulnStatus": "Analyzed", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-416xx/CVE-2022-41698.json b/CVE-2022/CVE-2022-416xx/CVE-2022-41698.json index 8bda66ba39c..e8427ee6a34 100644 --- a/CVE-2022/CVE-2022-416xx/CVE-2022-41698.json +++ b/CVE-2022/CVE-2022-416xx/CVE-2022-41698.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Layered If Menu.This issue affects If Menu: from n/a through 0.16.3.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de falta de autorizaci\u00f3n en Layered If Menu. Este problema afecta al men\u00fa If: desde n/a hasta 0.16.3." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-463xx/CVE-2022-46337.json b/CVE-2022/CVE-2022-463xx/CVE-2022-46337.json index 3e5b4f461f9..34d3c8d761c 100644 --- a/CVE-2022/CVE-2022-463xx/CVE-2022-46337.json +++ b/CVE-2022/CVE-2022-463xx/CVE-2022-46337.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@apache.org", "published": "2023-11-20T09:15:07.180", "lastModified": "2023-11-30T15:16:14.983", - "vulnStatus": "Analyzed", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-471xx/CVE-2022-47151.json b/CVE-2022/CVE-2022-471xx/CVE-2022-47151.json index 441ae4c1dfd..8620a9025b0 100644 --- a/CVE-2022/CVE-2022-471xx/CVE-2022-47151.json +++ b/CVE-2022/CVE-2022-471xx/CVE-2022-47151.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk \u2013 Best Help Desk & Support Plugin.This issue affects JS Help Desk \u2013 Best Help Desk & Support Plugin: from n/a through 2.7.1.\n\n" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en JS Help Desk JS Help Desk \u2013 Best Help Desk & Support Plugin. Este problema afecta a JS Help Desk: el mejor complemento de soporte y soporte t\u00e9cnico: de n/a hasta 2.7.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-248xx/CVE-2023-24847.json b/CVE-2023/CVE-2023-248xx/CVE-2023-24847.json index 8bf8589991f..3360ac9adaf 100644 --- a/CVE-2023/CVE-2023-248xx/CVE-2023-24847.json +++ b/CVE-2023/CVE-2023-248xx/CVE-2023-24847.json @@ -89,9 +89,9 @@ "negate": false, "cpeMatch": [ { - "vulnerable": false, - "criteria": "cpe:2.3:h:qualcomm:315_5g_iot_modem:-:*:*:*:*:*:*:*", - "matchCriteriaId": "3AC9E0F8-6E27-4F6B-A667-786272632A24" + "vulnerable": true, + "criteria": "cpe:2.3:o:qualcomm:315_5g_iot_modem_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A85141A5-667F-41BB-B84D-908E73A86759" } ] }, @@ -100,9 +100,9 @@ "negate": false, "cpeMatch": [ { - "vulnerable": true, - "criteria": "cpe:2.3:o:qualcomm:315_5g_iot_modem_firmware:-:*:*:*:*:*:*:*", - "matchCriteriaId": "A85141A5-667F-41BB-B84D-908E73A86759" + "vulnerable": false, + "criteria": "cpe:2.3:h:qualcomm:315_5g_iot_modem:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AC9E0F8-6E27-4F6B-A667-786272632A24" } ] } diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3675.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3675.json index 1c878aa3d7b..efa48d4fe85 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3675.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3675.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Secomea GateManager (Web GUI) allows Reading Data from System Resources.This issue affects GateManager: from 11.0.623074018 before 11.0.623373051.\n\n" + }, + { + "lang": "es", + "value": "La limitaci\u00f3n inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido (\"Path Traversal\") en Secomea GateManager (Web GUI) permite leer datos de los recursos del sistema. Este problema afecta a GateManager: desde 11.0.623074018 antes de 11.0.623373051." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38511.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38511.json index dfba8f8de70..f1be7a1527c 100644 --- a/CVE-2023/CVE-2023-385xx/CVE-2023-38511.json +++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38511.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "iTop is an IT service management platform. Dashboard editor : can load multiple files and URL, and full path disclosure on dashboard config file. This vulnerability is fixed in 3.0.4 and 3.1.1.\n" + }, + { + "lang": "es", + "value": "iTop es una plataforma de gesti\u00f3n de servicios de TI. Editor de panel: puede cargar varios archivos y URL, y revelar la ruta completa en el archivo de configuraci\u00f3n del panel. Esta vulnerabilidad se solucion\u00f3 en 3.0.4 y 3.1.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39367.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39367.json index 2ab51305ff5..7871c97786e 100644 --- a/CVE-2023/CVE-2023-393xx/CVE-2023-39367.json +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39367.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en la funcionalidad mac2name de la interfaz web de Peplink Smart Reader v1.2.0 (en QEMU). Una solicitud HTTP especialmente manipulada puede provocar la ejecuci\u00f3n de un comando arbitrario. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-401xx/CVE-2023-40146.json b/CVE-2023/CVE-2023-401xx/CVE-2023-40146.json index f192057e978..c4224576ea1 100644 --- a/CVE-2023/CVE-2023-401xx/CVE-2023-40146.json +++ b/CVE-2023/CVE-2023-401xx/CVE-2023-40146.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocked default busybox functionality to trigger this vulnerability." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de escalada de privilegios en la funcionalidad /bin/login de Peplink Smart Reader v1.2.0 (en QEMU). Un argumento de l\u00ednea de comando especialmente manipulado puede conducir a un escape de shell limitado y capacidades elevadas. Un atacante puede autenticarse con credenciales codificadas y ejecutar la funcionalidad de Busybox predeterminada desbloqueada para desencadenar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-434xx/CVE-2023-43491.json b/CVE-2023/CVE-2023-434xx/CVE-2023-43491.json index 41f5bb15b77..a991711b74f 100644 --- a/CVE-2023/CVE-2023-434xx/CVE-2023-43491.json +++ b/CVE-2023/CVE-2023-434xx/CVE-2023-43491.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la funcionalidad de la interfaz web /cgi-bin/debug_dump.cgi de Peplink Smart Reader v1.2.0 (en QEMU). Una solicitud HTTP especialmente manipulada puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n confidencial. Un atacante puede realizar una solicitud HTTP no autenticada para desencadenar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43790.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43790.json index 1291f66666f..2fa98f838d5 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43790.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43790.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "iTop is an IT service management platform. By manipulating HTTP queries, a user can inject malicious content in the fields used for the object friendlyname value. This vulnerability is fixed in 3.1.1 and 3.2.0.\n" + }, + { + "lang": "es", + "value": "iTop es una plataforma de gesti\u00f3n de servicios de TI. Al manipular las consultas HTTP, un usuario puede inyectar contenido malicioso en los campos utilizados para el valor del nombre descriptivo del objeto. Esta vulnerabilidad se solucion\u00f3 en 3.1.1 y 3.2.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44227.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44227.json index b394ac7b836..941733baa9b 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44227.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44227.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Mitchell Bennis Simple File List.This issue affects Simple File List: from n/a through 6.1.9.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de falta de autorizaci\u00f3n en Mitchell Bennis Simple File List. Este problema afecta a Simple File List: desde n/a hasta 6.1.9." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44396.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44396.json index 5e67245dafc..33b4fad3b95 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44396.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44396.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "iTop is an IT service management platform. Dashlet edits ajax endpoints can be used to produce XSS. Fixed in iTop 2.7.10, 3.0.4, and 3.1.1.\n" + }, + { + "lang": "es", + "value": "iTop es una plataforma de gesti\u00f3n de servicios de TI. Dashlet edita los endpoints ajax y se puede utilizar para producir XSS. Corregido en iTop 2.7.10, 3.0.4 y 3.1.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45209.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45209.json index a8df6c97829..bd51f55dd65 100644 --- a/CVE-2023/CVE-2023-452xx/CVE-2023-45209.json +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45209.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la funcionalidad de la interfaz web /cgi-bin/download_config.cgi de Peplink Smart Reader v1.2.0 (en QEMU). Una solicitud HTTP especialmente manipulada puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n confidencial. Un atacante puede realizar una solicitud HTTP no autenticada para desencadenar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45744.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45744.json index 2c111a88ecc..78c3cda395b 100644 --- a/CVE-2023/CVE-2023-457xx/CVE-2023-45744.json +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45744.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de integridad de datos en la funcionalidad de la interfaz web /cgi-bin/upload_config.cgi de Peplink Smart Reader v1.2.0 (en QEMU). Una solicitud HTTP especialmente manipulada puede provocar una modificaci\u00f3n de la configuraci\u00f3n. Un atacante puede realizar una solicitud HTTP no autenticada para desencadenar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45808.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45808.json index 0384740b0fe..7e007011494 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45808.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45808.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "iTop is an IT service management platform. When creating or updating an object, extkey values aren't checked to be in the current user silo. In other words, by forging an http request, the user can create objects pointing to out of silo objects (for example a UserRequest in an out of scope Organization). Fixed in iTop 2.7.10, 3.0.4, 3.1.1, and 3.2.0." + }, + { + "lang": "es", + "value": "iTop es una plataforma de gesti\u00f3n de servicios de TI. Al crear o actualizar un objeto, no se verifica que los valores de extkey est\u00e9n en el silo de usuario actual. En otras palabras, al falsificar una solicitud http, el usuario puede crear objetos que apunten a objetos fuera del silo (por ejemplo, una UserRequest en una organizaci\u00f3n fuera de alcance). Corregido en iTop 2.7.10, 3.0.4, 3.1.1 y 3.2.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-460xx/CVE-2023-46060.json b/CVE-2023/CVE-2023-460xx/CVE-2023-46060.json index 09c1ec16689..65363a048f4 100644 --- a/CVE-2023/CVE-2023-460xx/CVE-2023-46060.json +++ b/CVE-2023/CVE-2023-460xx/CVE-2023-46060.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "A Buffer Overflow vulnerability in Tenda AC500 v.2.0.1.9 allows a remote attacker to cause a denial of service via the port parameter at the goform/setVlanInfo component." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de desbordamiento de b\u00fafer en Tenda AC500 v.2.0.1.9 permite a un atacante remoto provocar una denegaci\u00f3n de servicio a trav\u00e9s del par\u00e1metro de puerto en el componente goform/setVlanInfo." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47123.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47123.json index 3a480de7376..dfd59912342 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47123.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47123.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "iTop is an IT service management platform. By filling malicious code in an object friendlyname / complementary name, an XSS attack can be performed when this object will displayed as an n:n relation item in another object. This vulnerability is fixed in 3.1.1 and 3.2.0." + }, + { + "lang": "es", + "value": "iTop es una plataforma de gesti\u00f3n de servicios de TI. Al completar c\u00f3digo malicioso en un nombre descriptivo/nombre complementario de un objeto, se puede realizar un ataque XSS cuando este objeto se muestra como un elemento de relaci\u00f3n n:n en otro objeto. Esta vulnerabilidad se solucion\u00f3 en 3.1.1 y 3.2.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47622.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47622.json index da38cf3205c..21d285107f3 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47622.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47622.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "iTop is an IT service management platform. When dashlet are refreshed, XSS attacks are possible. This vulnerability is fixed in 3.0.4 and 3.1.1." + }, + { + "lang": "es", + "value": "iTop es una plataforma de gesti\u00f3n de servicios de TI. Cuando se actualizan los dashlet, es posible realizar ataques XSS. Esta vulnerabilidad se solucion\u00f3 en 3.0.4 y 3.1.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47626.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47626.json index 87e34e184d5..072d4811c79 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47626.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47626.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "iTop is an IT service management platform. When displaying/editing the user's personal tokens, XSS attacks are possible. This vulnerability is fixed in 3.1.1." + }, + { + "lang": "es", + "value": "iTop es una plataforma de gesti\u00f3n de servicios de TI. Al mostrar/editar los tokens personales del usuario, los ataques XSS son posibles. Esta vulnerabilidad se soluciona en 3.1.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47843.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47843.json index 4e851d3b114..062926aec9b 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47843.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47843.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0.\n\n" + }, + { + "lang": "es", + "value": "Limitaci\u00f3n inadecuada de una vulnerabilidad de nombre de ruta a un directorio restringido (\"Path Traversal\") en Zachary Segal CataBlog. Este problema afecta a CataBlog: desde n/a hasta 1.7.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4759.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4759.json index f708360f6c1..578f13c7af5 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4759.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4759.json @@ -3,7 +3,7 @@ "sourceIdentifier": "emo@eclipse.org", "published": "2023-09-12T10:15:29.977", "lastModified": "2024-01-12T16:15:52.087", - "vulnStatus": "Modified", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48709.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48709.json index 12d63e18890..899f7c0d299 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48709.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48709.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "iTop is an IT service management platform. When exporting data from backoffice or portal in CSV or Excel files, users' inputs may include malicious formulas that may be imported into Excel. As Excel 2016 does **not** prevent Remote Code Execution by default, uninformed users may become victims. This vulnerability is fixed in 2.7.9, 3.0.4, 3.1.1, and 3.2.0." + }, + { + "lang": "es", + "value": "iTop es una plataforma de gesti\u00f3n de servicios de TI. Al exportar datos desde el backoffice o el portal en archivos CSV o Excel, las entradas de los usuarios pueden incluir f\u00f3rmulas maliciosas que pueden importarse a Excel. Como Excel 2016 **no** impide la ejecuci\u00f3n remota de c\u00f3digo de forma predeterminada, los usuarios desinformados pueden convertirse en v\u00edctimas. Esta vulnerabilidad se solucion\u00f3 en 2.7.9, 3.0.4, 3.1.1 y 3.2.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48710.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48710.json index 6a15e77dee2..02436dbe703 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48710.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48710.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "iTop is an IT service management platform. Files from the `env-production` folder can be retrieved even though they should have restricted access. Hopefully, there is no sensitive files stored in that folder natively, but there could be from a third-party module. \n The `pages/exec.php` script as been fixed to limit execution of PHP files only. Other file types won't be retrieved and exposed. The vulnerability is fixed in 2.7.10, 3.0.4, 3.1.1, and 3.2.0." + }, + { + "lang": "es", + "value": "iTop es una plataforma de gesti\u00f3n de servicios de TI. Los archivos de la carpeta `env-production` se pueden recuperar aunque tengan acceso restringido. Con suerte, no hay archivos confidenciales almacenados en esa carpeta de forma nativa, pero podr\u00eda haberlos desde un m\u00f3dulo de terceros. El script `pages/exec.php` se ha corregido para limitar la ejecuci\u00f3n de archivos PHP \u00fanicamente. Otros tipos de archivos no se recuperar\u00e1n ni se expondr\u00e1n. La vulnerabilidad se solucion\u00f3 en 2.7.10, 3.0.4, 3.1.1 y 3.2.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48795.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48795.json index 64d6679c579..28f0d4430cf 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48795.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48795.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2023-12-18T16:15:10.897", "lastModified": "2024-03-13T21:15:54.047", - "vulnStatus": "Modified", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-48xx/CVE-2023-4855.json b/CVE-2023/CVE-2023-48xx/CVE-2023-4855.json index c45070b5e5e..f1f54f4b5eb 100644 --- a/CVE-2023/CVE-2023-48xx/CVE-2023-4855.json +++ b/CVE-2023/CVE-2023-48xx/CVE-2023-4855.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "\nA command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute unauthorized commands via IPMI.\n\n" + }, + { + "lang": "es", + "value": "Se identific\u00f3 una vulnerabilidad de inyecci\u00f3n de comandos en SMM/SMM2 y FPC que podr\u00eda permitir que un usuario autenticado con privilegios elevados ejecute comandos no autorizados a trav\u00e9s de IPMI." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-48xx/CVE-2023-4856.json b/CVE-2023/CVE-2023-48xx/CVE-2023-4856.json index 5512770ece5..50e64810ee7 100644 --- a/CVE-2023/CVE-2023-48xx/CVE-2023-4856.json +++ b/CVE-2023/CVE-2023-48xx/CVE-2023-4856.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "\nA format string vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute arbitrary commands on a specific API endpoint. \n\n" + }, + { + "lang": "es", + "value": "Se identific\u00f3 una vulnerabilidad de cadena de formato en SMM/SMM2 y FPC que podr\u00eda permitir a un usuario autenticado ejecutar comandos arbitrarios en un endpoint API espec\u00edfico." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-48xx/CVE-2023-4857.json b/CVE-2023/CVE-2023-48xx/CVE-2023-4857.json index 71b78ec96ca..f4fb37e7832 100644 --- a/CVE-2023/CVE-2023-48xx/CVE-2023-4857.json +++ b/CVE-2023/CVE-2023-48xx/CVE-2023-4857.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "\nAn authentication bypass vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute certain IPMI calls that could lead to exposure of limited system information.\n\n" + }, + { + "lang": "es", + "value": "Se identific\u00f3 una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en SMM/SMM2 y FPC que podr\u00eda permitir a un usuario autenticado ejecutar ciertas llamadas IPMI que podr\u00edan provocar la exposici\u00f3n de informaci\u00f3n limitada del sistema." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-497xx/CVE-2023-49768.json b/CVE-2023/CVE-2023-497xx/CVE-2023-49768.json index c4b1d7d34f8..c08d6ced0ba 100644 --- a/CVE-2023/CVE-2023-497xx/CVE-2023-49768.json +++ b/CVE-2023/CVE-2023-497xx/CVE-2023-49768.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Stored XSS.This issue affects WP-FormAssembly: from n/a through 2.0.10.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en FormAssembly / Drew Buschhorn WP-FormAssembly permite almacenar XSS. Este problema afecta a WP-FormAssembly: desde n/a hasta 2.0.10." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50885.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50885.json index 46651dd0964..a6010bfac00 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50885.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50885.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AGILELOGIX Store Locator WordPress.This issue affects Store Locator WordPress: from n/a through 1.4.14.\n\n" + }, + { + "lang": "es", + "value": "Limitaci\u00f3n inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido (\"Path Traversal\") en AGILELOGIX Store Locator WordPress. Este problema afecta al Store Locator WordPress: desde n/a hasta 1.4.14." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51418.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51418.json index b59e91fb078..fbada0b663c 100644 --- a/CVE-2023/CVE-2023-514xx/CVE-2023-51418.json +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51418.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Joris van Montfort JVM rich text icons.This issue affects JVM rich text icons: from n/a through 1.2.6.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Joris van Montfort JVM rich text icons. Este problema afecta a los \u00edconos de texto enriquecido de JVM: desde n/a hasta 1.2.6." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51500.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51500.json index af94b1f3858..591616eaaef 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51500.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51500.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Undsgn Uncode Core.This issue affects Uncode Core: from n/a through 2.8.8.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Undsgn Uncode Core. Este problema afecta a Uncode Core: desde n/a hasta 2.8.8." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-524xx/CVE-2023-52433.json b/CVE-2023/CVE-2023-524xx/CVE-2023-52433.json index 4f578639c8d..fba1484b1d9 100644 --- a/CVE-2023/CVE-2023-524xx/CVE-2023-52433.json +++ b/CVE-2023/CVE-2023-524xx/CVE-2023-52433.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-20T13:15:08.140", "lastModified": "2024-04-04T14:15:09.057", - "vulnStatus": "Undergoing Analysis", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-524xx/CVE-2023-52442.json b/CVE-2023/CVE-2023-524xx/CVE-2023-52442.json index 846dfb41578..d7dc99b5cda 100644 --- a/CVE-2023/CVE-2023-524xx/CVE-2023-52442.json +++ b/CVE-2023/CVE-2023-524xx/CVE-2023-52442.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-21T08:15:45.547", "lastModified": "2024-02-22T19:07:27.197", - "vulnStatus": "Undergoing Analysis", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-524xx/CVE-2023-52453.json b/CVE-2023/CVE-2023-524xx/CVE-2023-52453.json index d6027913951..9a5f3905204 100644 --- a/CVE-2023/CVE-2023-524xx/CVE-2023-52453.json +++ b/CVE-2023/CVE-2023-524xx/CVE-2023-52453.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-23T15:15:08.083", "lastModified": "2024-02-23T16:14:43.447", - "vulnStatus": "Undergoing Analysis", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-524xx/CVE-2023-52461.json b/CVE-2023/CVE-2023-524xx/CVE-2023-52461.json index b620e6145f9..609ea5ea7b4 100644 --- a/CVE-2023/CVE-2023-524xx/CVE-2023-52461.json +++ b/CVE-2023/CVE-2023-524xx/CVE-2023-52461.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-23T15:15:08.490", "lastModified": "2024-02-23T16:14:43.447", - "vulnStatus": "Undergoing Analysis", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-526xx/CVE-2023-52642.json b/CVE-2023/CVE-2023-526xx/CVE-2023-52642.json index 017a1fc3f0c..fe8c3138cc2 100644 --- a/CVE-2023/CVE-2023-526xx/CVE-2023-52642.json +++ b/CVE-2023/CVE-2023-526xx/CVE-2023-52642.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: bpf attach/detach requires write permission\n\nNote that bpf attach/detach also requires CAP_NET_ADMIN." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medios: rc: bpf adjunto/detach requiere permiso de escritura. Tenga en cuenta que bpf adjunto/detach tambi\u00e9n requiere CAP_NET_ADMIN." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-526xx/CVE-2023-52643.json b/CVE-2023/CVE-2023-526xx/CVE-2023-52643.json index 79f050e5ea7..d5413cc2aa8 100644 --- a/CVE-2023/CVE-2023-526xx/CVE-2023-52643.json +++ b/CVE-2023/CVE-2023-526xx/CVE-2023-52643.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: core: fix memleak in iio_device_register_sysfs\n\nWhen iio_device_register_sysfs_group() fails, we should\nfree iio_dev_opaque->chan_attr_group.attrs to prevent\npotential memleak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: core: corrige memleak en iio_device_register_sysfs Cuando falla iio_device_register_sysfs_group(), debemos liberar iio_dev_opaque->chan_attr_group.attrs para evitar posibles fugas de mem." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-526xx/CVE-2023-52644.json b/CVE-2023/CVE-2023-526xx/CVE-2023-52644.json index 887041a9fb6..5e1b6982ce6 100644 --- a/CVE-2023/CVE-2023-526xx/CVE-2023-52644.json +++ b/CVE-2023/CVE-2023-526xx/CVE-2023-52644.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled\n\nWhen QoS is disabled, the queue priority value will not map to the correct\nieee80211 queue since there is only one queue. Stop/wake queue 0 when QoS\nis disabled to prevent trying to stop/wake a non-existent queue and failing\nto stop/wake the actual queue instantiated.\n\nLog of issue before change (with kernel parameter qos=0):\n [ +5.112651] ------------[ cut here ]------------\n [ +0.000005] WARNING: CPU: 7 PID: 25513 at net/mac80211/util.c:449 __ieee80211_wake_queue+0xd5/0x180 [mac80211]\n [ +0.000067] Modules linked in: b43(O) snd_seq_dummy snd_hrtimer snd_seq snd_seq_device nft_chain_nat xt_MASQUERADE nf_nat xfrm_user xfrm_algo xt_addrtype overlay ccm af_packet amdgpu snd_hda_codec_cirrus snd_hda_codec_generic ledtrig_audio drm_exec amdxcp gpu_sched xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6t_rpfilter ipt_rpfilter xt_pkttype xt_LOG nf_log_syslog xt_tcpudp nft_compat nf_tables nfnetlink sch_fq_codel btusb uinput iTCO_wdt ctr btrtl intel_pmc_bxt i915 intel_rapl_msr mei_hdcp mei_pxp joydev at24 watchdog btintel atkbd libps2 serio radeon btbcm vivaldi_fmap btmtk intel_rapl_common snd_hda_codec_hdmi bluetooth uvcvideo nls_iso8859_1 applesmc nls_cp437 x86_pkg_temp_thermal snd_hda_intel intel_powerclamp vfat videobuf2_vmalloc coretemp fat snd_intel_dspcfg crc32_pclmul uvc polyval_clmulni snd_intel_sdw_acpi loop videobuf2_memops snd_hda_codec tun drm_suballoc_helper polyval_generic drm_ttm_helper drm_buddy tap ecdh_generic videobuf2_v4l2 gf128mul macvlan ttm ghash_clmulni_intel ecc tg3\n [ +0.000044] videodev bridge snd_hda_core rapl crc16 drm_display_helper cec mousedev snd_hwdep evdev intel_cstate bcm5974 hid_appleir videobuf2_common stp mac_hid libphy snd_pcm drm_kms_helper acpi_als mei_me intel_uncore llc mc snd_timer intel_gtt industrialio_triggered_buffer apple_mfi_fastcharge i2c_i801 mei snd lpc_ich agpgart ptp i2c_smbus thunderbolt apple_gmux i2c_algo_bit kfifo_buf video industrialio soundcore pps_core wmi tiny_power_button sbs sbshc button ac cordic bcma mac80211 cfg80211 ssb rfkill libarc4 kvm_intel kvm drm irqbypass fuse backlight firmware_class efi_pstore configfs efivarfs dmi_sysfs ip_tables x_tables autofs4 dm_crypt cbc encrypted_keys trusted asn1_encoder tee tpm rng_core input_leds hid_apple led_class hid_generic usbhid hid sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif crct10dif_generic ahci libahci libata uhci_hcd ehci_pci ehci_hcd crct10dif_pclmul crct10dif_common sha512_ssse3 sha512_generic sha256_ssse3 sha1_ssse3 aesni_intel usbcore scsi_mod libaes crypto_simd cryptd scsi_common\n [ +0.000055] usb_common rtc_cmos btrfs blake2b_generic libcrc32c crc32c_generic crc32c_intel xor raid6_pq dm_snapshot dm_bufio dm_mod dax [last unloaded: b43(O)]\n [ +0.000009] CPU: 7 PID: 25513 Comm: irq/17-b43 Tainted: G W O 6.6.7 #1-NixOS\n [ +0.000003] Hardware name: Apple Inc. MacBookPro8,3/Mac-942459F5819B171B, BIOS 87.0.0.0.0 06/13/2019\n [ +0.000001] RIP: 0010:__ieee80211_wake_queue+0xd5/0x180 [mac80211]\n [ +0.000046] Code: 00 45 85 e4 0f 85 9b 00 00 00 48 8d bd 40 09 00 00 f0 48 0f ba ad 48 09 00 00 00 72 0f 5b 5d 41 5c 41 5d 41 5e e9 cb 6d 3c d0 <0f> 0b 5b 5d 41 5c 41 5d 41 5e c3 cc cc cc cc 48 8d b4 16 94 00 00\n [ +0.000002] RSP: 0018:ffffc90003c77d60 EFLAGS: 00010097\n [ +0.000001] RAX: 0000000000000001 RBX: 0000000000000002 RCX: 0000000000000000\n [ +0.000001] RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff88820b924900\n [ +0.000002] RBP: ffff88820b924900 R08: ffffc90003c77d90 R09: 000000000003bfd0\n [ +0.000001] R10: ffff88820b924900 R11: ffffc90003c77c68 R12: 0000000000000000\n [ +0.000001] R13: 0000000000000000 R14: ffffc90003c77d90 R15: ffffffffc0fa6f40\n [ +0.000001] FS: 0000000000000000(0000) GS:ffff88846fb80000(0000) knlGS:0000000000000000\n [ +0.000001] CS: 0010 DS: 0\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: b43: Detener/activar la cola correcta en la ruta DMA Tx cuando QoS est\u00e1 deshabilitado Cuando QoS est\u00e1 deshabilitado, el valor de prioridad de la cola no se asignar\u00e1 a la cola ieee80211 correcta ya que solo hay una cola. Detener/activar la cola 0 cuando la QoS est\u00e1 deshabilitada para evitar intentar detener/activar una cola inexistente y no poder detener/activar la cola real instanciada. Registro del problema antes del cambio (con el par\u00e1metro del kernel qos=0): [+5.112651] ------------[ cortar aqu\u00ed ]------------ [ +0.000005] ADVERTENCIA: CPU: 7 PID: 25513 en net/mac80211/util.c:449 __ieee80211_wake_queue+0xd5/0x180 [mac80211] [ +0.000067] M\u00f3dulos vinculados en: b43(O) snd_seq_dummy snd_hrtimer snd_seq snd_seq_device nft _chain_nat xt_MASQUERADE nf_nat xfrm_user xfrm_algo xt_addrtype superposici\u00f3n ccm af_packet amdgpu snd_hda_codec_cirrus snd_hda_codec_generic ledtrig_audio drm_exec amdxcp gpu_sched xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6t_rpfilter ipt_rpfilter xt_pkttype xt_LOG nf_log_syslog xt _tcpudp nft_compat nf_tables nfnetlink sch_fq_codel btusb uinput iTCO_wdt ctr btrtl intel_pmc_bxt i915 intel_rapl_msr mei_hdcp mei_pxp joydev at24 watchdog btintel atkbd libps2 serio radeon btbcm vivaldi_fmap btmtk intel _rapl_common snd_hda_codec_hdmi bluetooth uvcvideo nls_iso8859_1 applesmc nls_cp437 x86_pkg_temp_thermal snd_hda_intel intel_powerclamp vfat videobuf2_vmalloc coretemp fat snd_intel_dspcfg crc32_pclmul uvc polyval_clmulni snd_intel_sdw_acpi loop videobuf2_memops snd_hda_codec tun drm_suballoc_helper polyval_generic drm_ttm_helper drm_ buddy tap ecdh_generic videobuf2_v4l2 gf128mul macvlan ttm ghash_clmulni_intel ecc tg3 [+0.000044] videodev bridge snd_hda_core rapl crc16 drm_display_helper cec mousedev snd_hwdep evdev intel_cstate bcm5974 hid_appleir videobuf2_common _hid libphy snd_pcm drm_kms_helper acpi_als mei_me intel_uncore llc mc snd_timer intel_gtt industrialio_triggered_buffer apple_mfi_fastcharge i2c_i801 mei snd lpc_ich agpgart ptp i2c_smbus thunderbolt apple_gmux i2c_algo_bit kfifo_buf video industrialio soundcore pps_core wmi tiny_power_button sbs sbshc bot\u00f3n ac cordic bcma mac80211 cfg80211 ssb rfkill libarc4 kvm_intel kvm drm irqbypass fusible retroiluminaci\u00f3n firmware_class efi_pstore configfs efivarfs dmi_sysfs ip_tables x_tables autofs4 dm_crypt cbc encrypted_keys asn1_encoder tee tpm rng_core input_leds hid_apple led_class hid_generic usbhid hid sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif crct10dif_generic ahci libahci libata uhci_hcd ehci_pci cd crct10dif_pclmul crct10dif_common sha512_ssse3 sha512_generic sha256_ssse3 sha1_ssse3 aesni_intel usbcore scsi_mod libaes crypto_simd cryptd scsi_common [ +0.000055] usb_common rtc_cmos btrfs blake2b_generic libcrc32c crc32c_generic crc32c_intel xor raid6_pq dm_snapshot dm_bufio dm_mod dax [\u00faltima descarga: b43(O)] [ +0.000009] CPU: 7 PID: 25513 Comm: irq/17-b43 Contaminado: GWO 6.6.7 #1-NixOS [ +0.000 003] Hardware nombre: Apple Inc. MacBookPro8,3/Mac-942459F5819B171B, BIOS 87.0.0.0.0 13/06/2019 [+0.000001] RIP: 0010:__ieee80211_wake_queue+0xd5/0x180 [mac80211] [+0.000046] C\u00f3digo: 00 5 85 e4 0f 85 9b 00 00 00 48 8d bd 40 09 00 00 f0 48 0f ba ad 48 09 00 00 00 72 0f 5b 5d 41 5c 41 5d 41 5e e9 cb 6d 3c d0 <0f> 0b 5b 5d 41 41 5d 41 5e c3 cc cc cc cc 48 8d b4 16 94 00 00 [ +0.000002] RSP: 0018:ffffc90003c77d60 EFLAGS: 00010097 [ +0.000001] RAX: 0000000000000001 RBX: 000002 RCX: 0000000000000000 [+0.000001] RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff88820b924900 [ +0.000002] RBP: ffff88820b924900 R08: ffffc90003c77d90 R09: 000000000003bfd0 [ +0.000001] R10: ffff88820b924900 R11: ffffc90003c77c68 R12: 000000000000000 [ +0.000001] R13: 0000000000000000 R14: ffffc90003c77d90 R15: ffffffffc0fa6f40 [ +0.000001] FS: 0000000000000000(0000) GS :ffff88846fb80000(0000) knlGS:0000000000000000 [ +0.000001] CS: 0010 DS: 0 ---truncado---" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-526xx/CVE-2023-52645.json b/CVE-2023/CVE-2023-526xx/CVE-2023-52645.json index 8fe6b9adc60..0477ab12d7b 100644 --- a/CVE-2023/CVE-2023-526xx/CVE-2023-52645.json +++ b/CVE-2023/CVE-2023-526xx/CVE-2023-52645.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: mediatek: fix race conditions with genpd\n\nIf the power domains are registered first with genpd and *after that*\nthe driver attempts to power them on in the probe sequence, then it is\npossible that a race condition occurs if genpd tries to power them on\nin the same time.\nThe same is valid for powering them off before unregistering them\nfrom genpd.\nAttempt to fix race conditions by first removing the domains from genpd\nand *after that* powering down domains.\nAlso first power up the domains and *after that* register them\nto genpd." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pmdomain: mediatek: corrige las condiciones de ejecuci\u00f3n con genpd, si los dominios de energ\u00eda se registran primero con genpd y *despu\u00e9s de eso* el controlador intenta encenderlos en la secuencia de sonda, entonces es Es posible que se produzca una condici\u00f3n de ejecuci\u00f3n si genpd intenta encenderlos al mismo tiempo. Lo mismo es v\u00e1lido para apagarlos antes de cancelar su registro en genpd. Intente arreglar las condiciones de ejecuci\u00f3n eliminando primero los dominios de genpd y *despu\u00e9s* apagando los dominios. Tambi\u00e9n primero encienda los dominios y *despu\u00e9s* reg\u00edstrelos en genpd." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5395.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5395.json index 577ef0e9894..53d8e5e8cab 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5395.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5395.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Server receiving a malformed message that uses the hostname in an internal table may cause a stack overflow resulting in possible remote code execution.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\n\n" + }, + { + "lang": "es", + "value": "El servidor que recibe un mensaje con formato incorrecto que utiliza el nombre de host en una tabla interna puede causar un desbordamiento de la pila que resulta en una posible ejecuci\u00f3n remota de c\u00f3digo. Consulte la Notificaci\u00f3n de seguridad de Honeywell para obtener recomendaciones sobre actualizaci\u00f3n y control de versiones." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5396.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5396.json index 77d363ee72b..4cabf6961d5 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5396.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5396.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Server receiving a malformed message creates connection for a hostname that may cause a stack overflow resulting in possible remote code execution.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\n\n" + }, + { + "lang": "es", + "value": "El servidor que recibe un mensaje con formato incorrecto crea una conexi\u00f3n para un nombre de host que puede causar un desbordamiento de la pila, lo que resulta en una posible ejecuci\u00f3n remota de c\u00f3digo. Consulte la Notificaci\u00f3n de seguridad de Honeywell para obtener recomendaciones sobre actualizaci\u00f3n y control de versiones." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5397.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5397.json index ab936ed7b5f..1b177ef7247 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5397.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5397.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\n\n" + }, + { + "lang": "es", + "value": "El servidor que recibe un mensaje con formato incorrecto para crear una nueva conexi\u00f3n podr\u00eda provocar que un atacante realice una ejecuci\u00f3n remota de c\u00f3digo o provoque una falla. Consulte la Notificaci\u00f3n de seguridad de Honeywell para obtener recomendaciones sobre actualizaci\u00f3n y control de versiones." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5398.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5398.json index 3ed8bed64c6..5e47bef31e1 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5398.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5398.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Server receiving a malformed message based on a list of IPs resulting in heap corruption causing a denial of service.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\n\n" + }, + { + "lang": "es", + "value": "El servidor recibe un mensaje con formato incorrecto basado en una lista de IP, lo que provoca da\u00f1os en el mont\u00f3n y provoca una denegaci\u00f3n de servicio. Consulte la Notificaci\u00f3n de seguridad de Honeywell para obtener recomendaciones sobre actualizaci\u00f3n y control de versiones." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5400.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5400.json index 517d1f886db..a3576a05334 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5400.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5400.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Server receiving a malformed message based on a using the specified key values can cause a heap overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure.\u00a0\nSee Honeywell Security Notification for recommendations on upgrading and versioning.\n\n" + }, + { + "lang": "es", + "value": "El servidor que recibe un mensaje con formato incorrecto basado en el uso de los valores clave especificados puede causar una vulnerabilidad de desbordamiento del mont\u00f3n que podr\u00eda llevar a que un atacante realice la ejecuci\u00f3n remota de c\u00f3digo o provoque una falla. Consulte la Notificaci\u00f3n de seguridad de Honeywell para obtener recomendaciones sobre actualizaci\u00f3n y control de versiones." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5401.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5401.json index b3a80d79b95..7f3462cdc4f 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5401.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5401.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Server receiving a malformed message based on a using the specified key values can cause a stack overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\n\n" + }, + { + "lang": "es", + "value": "El servidor que recibe un mensaje con formato incorrecto basado en el uso de los valores clave especificados puede causar una vulnerabilidad de desbordamiento de pila que podr\u00eda llevar a que un atacante realice una ejecuci\u00f3n remota de c\u00f3digo o provoque una falla. Consulte la Notificaci\u00f3n de seguridad de Honeywell para obtener recomendaciones sobre actualizaci\u00f3n y control de versiones." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5403.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5403.json index 5344b057c23..5f4c640af66 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5403.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5403.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Server hostname translation to IP address manipulation which could lead to an attacker performing remote code execution or causing a failure.\n\nSee Honeywell Security Notification for recommendations on upgrading and versioning.\n\n" + }, + { + "lang": "es", + "value": "Traducci\u00f3n del nombre de host del servidor a manipulaci\u00f3n de la direcci\u00f3n IP, lo que podr\u00eda llevar a que un atacante realice la ejecuci\u00f3n remota de c\u00f3digo o provoque una falla. Consulte la Notificaci\u00f3n de seguridad de Honeywell para obtener recomendaciones sobre actualizaci\u00f3n y control de versiones." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5404.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5404.json index 308bfa945e7..782cded8f1d 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5404.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5404.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Server receiving a malformed message can cause a pointer to be overwritten which can result in a remote code execution or failure.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\n\n" + }, + { + "lang": "es", + "value": "El servidor que recibe un mensaje con formato incorrecto puede provocar que se sobrescriba un puntero, lo que puede provocar una ejecuci\u00f3n remota del c\u00f3digo o un fallo. Consulte la Notificaci\u00f3n de seguridad de Honeywell para obtener recomendaciones sobre actualizaci\u00f3n y control de versiones." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5405.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5405.json index 8e3de20dfe5..6a5fb78c72a 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5405.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5405.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\n\n" + }, + { + "lang": "es", + "value": "La p\u00e9rdida de informaci\u00f3n del servidor para la memoria de proceso del servidor CDA puede ocurrir cuando se genera un error en respuesta a un mensaje especialmente manipulado. Consulte la Notificaci\u00f3n de seguridad de Honeywell para obtener recomendaciones sobre actualizaci\u00f3n y control de versiones." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5406.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5406.json index 35b5ef612c6..91af0c6f2a4 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5406.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5406.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Server communication with a controller can lead to remote code execution using a specially crafted message from the controller.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\n\n" + }, + { + "lang": "es", + "value": "La comunicaci\u00f3n del servidor con un controlador puede conducir a la ejecuci\u00f3n remota de c\u00f3digo mediante un mensaje especialmente manipulado desde el controlador. Consulte la Notificaci\u00f3n de seguridad de Honeywell para obtener recomendaciones sobre actualizaci\u00f3n y control de versiones." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5407.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5407.json index 73b5c6a4b21..c3aa9b5d1e5 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5407.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5407.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Controller denial of service due to improper handling of a specially crafted message received by the controller.\n\nSee Honeywell Security Notification for recommendations on upgrading and versioning.\n\n" + }, + { + "lang": "es", + "value": "Denegaci\u00f3n de servicio del controlador debido al manejo inadecuado de un mensaje especialmente manipulado recibido por el controlador. Consulte la Notificaci\u00f3n de seguridad de Honeywell para obtener recomendaciones sobre actualizaci\u00f3n y control de versiones." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6683.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6683.json index 64f6dccb0f5..8fe090f2d20 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6683.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6683.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-12T19:15:11.480", "lastModified": "2024-02-23T16:15:46.577", - "vulnStatus": "Modified", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6805.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6805.json index d8f55605816..f27b977c2b0 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6805.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6805.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 4.4.7 via the fetch_feed functionality. This makes it possible for authenticated attackers, with contributor access and above, to make web requests to arbitrary locations originating from the web application and can be used to modify information from internal services. NOTE: This vulnerability, exploitable by contributor-level users, was was fixed in version 4.4.7. The same vulnerability was fixed for author-level users in version 4.4.8." + }, + { + "lang": "es", + "value": "El complemento RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator para WordPress es vulnerable a Blind Server-Side Request Forgery en todas las versiones hasta la 4.4.7 incluida a trav\u00e9s de la funcionalidad fetch_feed. Esto hace posible que atacantes autenticados, con acceso de colaborador y superior, realicen solicitudes web a ubicaciones arbitrarias que se originan en la aplicaci\u00f3n web y pueden usarse para modificar informaci\u00f3n de servicios internos. NOTA: Esta vulnerabilidad, explotable por usuarios de nivel colaborador, se solucion\u00f3 en la versi\u00f3n 4.4.7. La misma vulnerabilidad se solucion\u00f3 para los usuarios de nivel de autor en la versi\u00f3n 4.4.8." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6892.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6892.json index d1576fc7568..a49ea0da54c 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6892.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6892.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "The EAN for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'alg_wc_ean_product_meta' shortcode in all versions up to, and including, 4.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento EAN para WooCommerce para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto 'alg_wc_ean_product_meta' del complemento en todas las versiones hasta la 4.8.7 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6897.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6897.json index a153380e261..8055d6da32c 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6897.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6897.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'alg_wc_ean_product_meta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to expose potentially sensitive post metadata." + }, + { + "lang": "es", + "value": "El complemento EAN para WooCommerce para WordPress es vulnerable a Insecure Direct Object Reference en todas las versiones hasta la 4.9.2 incluida a trav\u00e9s del c\u00f3digo corto 'alg_wc_ean_product_meta' debido a la falta de validaci\u00f3n en una clave controlada por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, expongan metadatos de publicaciones potencialmente confidenciales." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1132.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1132.json index 8bd2b3d770f..26278d821ab 100644 --- a/CVE-2024/CVE-2024-11xx/CVE-2024-1132.json +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1132.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en Keycloak, donde no valida correctamente las URL incluidas en una redirecci\u00f3n. Este problema podr\u00eda permitir a un atacante crear una solicitud maliciosa para eludir la validaci\u00f3n y acceder a otras URL e informaci\u00f3n confidencial dentro del dominio o realizar m\u00e1s ataques. Esta falla afecta a cualquier cliente que utilice un comod\u00edn en el campo URI de redireccionamiento v\u00e1lido y requiere la interacci\u00f3n del usuario dentro de la URL maliciosa." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1135.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1135.json index 4fcf9da0aab..6e161d8a0a1 100644 --- a/CVE-2024/CVE-2024-11xx/CVE-2024-1135.json +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1135.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure." + }, + { + "lang": "es", + "value": "Gunicorn no puede validar correctamente los encabezados Transfer-Encoding, lo que genera vulnerabilidades de contrabando de solicitudes HTTP (HRS). Al manipular solicitudes con encabezados Transfer-Encoding conflictivos, los atacantes pueden eludir las restricciones de seguridad y acceder a endpoints restringidos. Este problema se debe al manejo que hace Gunicorn de los encabezados Transfer-Encoding, donde procesa incorrectamente solicitudes con m\u00faltiples encabezados Transfer-Encoding conflictivos, trat\u00e1ndolos como fragmentados independientemente de la codificaci\u00f3n final especificada. Esta vulnerabilidad permite una variedad de ataques que incluyen envenenamiento de cach\u00e9, manipulaci\u00f3n de sesiones y exposici\u00f3n de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1249.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1249.json index 310e4f9c89d..180ad43910c 100644 --- a/CVE-2024/CVE-2024-12xx/CVE-2024-1249.json +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1249.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "A flaw was found in Keycloak's OIDC component in the \"checkLoginIframe,\" which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en el componente OIDC de Keycloak en \"checkLoginIframe\", que permite mensajes de origen cruzado no validados. Esta falla permite a los atacantes coordinar y enviar millones de solicitudes en segundos usando un c\u00f3digo simple, lo que afecta significativamente la disponibilidad de la aplicaci\u00f3n sin una validaci\u00f3n adecuada del origen de los mensajes entrantes." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1350.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1350.json index 185a5d41eaa..6fb93dea846 100644 --- a/CVE-2024/CVE-2024-13xx/CVE-2024-1350.json +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1350.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Prasidhda Malla Honeypot for WP Comment.This issue affects Honeypot for WP Comment: from n/a through 2.2.3.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Prasidhda Malla Honeypot for WP Comment. Este problema afecta a Honeypot para comentarios de WP: desde n/a hasta 2.2.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1661.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1661.json index 17a8dfe5c86..66da3e85d93 100644 --- a/CVE-2024/CVE-2024-16xx/CVE-2024-1661.json +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1661.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cna@vuldb.com", "published": "2024-02-20T13:15:08.230", "lastModified": "2024-04-11T01:24:28.913", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1741.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1741.json index bcb5986057c..0a990279d24 100644 --- a/CVE-2024/CVE-2024-17xx/CVE-2024-1741.json +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1741.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform operations on prompt templates by sending HTTP requests with their previously captured authorization token. This issue exposes organizations to unauthorized access and manipulation of sensitive template data." + }, + { + "lang": "es", + "value": "lunary-ai/lunary versi\u00f3n 1.0.1 es vulnerable a una autorizaci\u00f3n inadecuada, lo que permite a los miembros eliminados leer, crear, modificar y eliminar plantillas de mensajes utilizando un token de autorizaci\u00f3n antiguo. A pesar de haber sido eliminados de una organizaci\u00f3n, estos miembros a\u00fan pueden realizar operaciones en plantillas de mensajes enviando solicitudes HTTP con su token de autorizaci\u00f3n previamente capturado. Este problema expone a las organizaciones a acceso no autorizado y manipulaci\u00f3n de datos confidenciales de plantillas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-19xx/CVE-2024-1902.json b/CVE-2024/CVE-2024-19xx/CVE-2024-1902.json index f63646391bf..7671454ebc5 100644 --- a/CVE-2024/CVE-2024-19xx/CVE-2024-1902.json +++ b/CVE-2024/CVE-2024-19xx/CVE-2024-1902.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker can exploit this by using an old authorization token to send a PATCH request, modifying the organization's name even after being removed from the organization. This issue is due to incorrect synchronization and affects the orgs.patch route." + }, + { + "lang": "es", + "value": "lunary-ai/lunary es vulnerable a un ataque de reutilizaci\u00f3n de sesi\u00f3n, lo que permite que un usuario eliminado cambie el nombre de la organizaci\u00f3n sin la autorizaci\u00f3n adecuada. La vulnerabilidad surge de la falta de validaci\u00f3n para verificar si un usuario todav\u00eda es parte de una organizaci\u00f3n antes de permitirle realizar cambios. Un atacante puede aprovechar esto utilizando un token de autorizaci\u00f3n antiguo para enviar una solicitud PATCH, modificando el nombre de la organizaci\u00f3n incluso despu\u00e9s de haber sido eliminada de ella. Este problema se debe a una sincronizaci\u00f3n incorrecta y afecta la ruta orgs.patch." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21008.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21008.json index c4a56f95168..5cb28dca2d8 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21008.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21008.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizador). Las versiones compatibles que se ven afectadas son 8.0.36 y anteriores y 8.3.0 y anteriores. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.4 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21009.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21009.json index 1e2d703afa9..bee77ee9ea8 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21009.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21009.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizador). Las versiones compatibles que se ven afectadas son 8.0.36 y anteriores y 8.3.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21010.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21010.json index 5a0678d9a52..46464882679 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21010.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21010.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Hospitality Simphony de Oracle Food and Beverage Applications (componente: Simphony Enterprise Server). Las versiones compatibles que se ven afectadas son 19.1.0-19.5.4. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer Oracle Hospitality Simphony. Si bien la vulnerabilidad est\u00e1 en Oracle Hospitality Simphony, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos a esta vulnerabilidad pueden resultar en la adquisici\u00f3n de Oracle Hospitality Simphony. CVSS 3.1 Puntuaci\u00f3n base 9,9 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21011.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21011.json index 11228626ad3..cba3508ebad 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21011.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21011.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Hotspot). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM para JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 y 21.3.9. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una denegaci\u00f3n de servicio parcial (DOS parcial) de Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se puede aprovechar utilizando API en el componente especificado, por ejemplo, a trav\u00e9s de un servicio web que proporciona datos a las API. Esta vulnerabilidad tambi\u00e9n se aplica a las implementaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en un espacio aislado o subprogramas de Java en un espacio aislado, que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. CVSS 3.1 Puntuaci\u00f3n base 3.7 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21012.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21012.json index 68b2e1d3143..201cfa1d1f5 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21012.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21012.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Redes). Las versiones compatibles que se ven afectadas son Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM para JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 y 21.3.9. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado una actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n no autorizada del acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en espacio aislado o subprogramas de Java en espacio aislado, que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, normalmente en servidores, que cargan y ejecutan s\u00f3lo c\u00f3digo confiable (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.1 Puntaje base 3.7 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21013.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21013.json index a9fadbc1b93..9eead9d5ec5 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21013.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21013.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizador). Las versiones compatibles que se ven afectadas son 8.0.36 y anteriores y 8.3.0 y anteriores. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.4 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21014.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21014.json index f363d6bde8c..18f048cd8f6 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21014.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21014.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Hospitality Simphony de Oracle Food and Beverage Applications (componente: Simphony Enterprise Server). Las versiones compatibles que se ven afectadas son 19.1.0-19.5.4. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometer Oracle Hospitality Simphony. Los ataques exitosos a esta vulnerabilidad pueden resultar en la adquisici\u00f3n de Oracle Hospitality Simphony. CVSS 3.1 Puntuaci\u00f3n base 9,8 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21015.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21015.json index 5fea601e9aa..3054363f094 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21015.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21015.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: DML). Las versiones compatibles que se ven afectadas son 8.0.34 y anteriores y 8.3.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada para provocar un bloqueo o un bloqueo frecuente (DOS completo) del servidor MySQL, as\u00ed como una actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n no autorizada del acceso a algunos de los datos accesibles del servidor MySQL. CVSS 3.1 Puntaje base 5.5 (impactos en integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21016.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21016.json index 11e423c89a1..a4073efb5ab 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21016.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21016.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Complex Maintenance, Repair and Overhaul de Oracle E-Business Suite (componente: LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad se encuentra en el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21017.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21017.json index 62c0ed7d0f2..ef4bd5fb116 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21017.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21017.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Complex Maintenance, Repair and Overhaul de Oracle E-Business Suite (componente: LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad se encuentra en el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21018.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21018.json index d0d52b8c039..3818918e39c 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21018.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21018.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Complex Maintenance, Repair and Overhaul de Oracle E-Business Suite (componente: LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad se encuentra en el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21019.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21019.json index ef9f853786b..7fbd17aa7e6 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21019.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21019.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Complex Maintenance, Repair and Overhaul de Oracle E-Business Suite (componente: LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad se encuentra en el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21020.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21020.json index 599c354666d..0af189b70c2 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21020.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21020.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Complex Maintenance, Repair and Overhaul de Oracle E-Business Suite (componente: LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad se encuentra en el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21021.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21021.json index ef9098d98ce..40df25c9c08 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21021.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21021.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Complex Maintenance, Repair and Overhaul de Oracle E-Business Suite (componente: LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad se encuentra en el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21022.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21022.json index ca154f8c0a0..6ac3f648ffe 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21022.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21022.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Complex Maintenance, Repair and Overhaul de Oracle E-Business Suite (componente: LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad se encuentra en el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21023.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21023.json index c82b506aa73..8e9b7ed084e 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21023.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21023.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Complex Maintenance, Repair and Overhaul de Oracle E-Business Suite (componente: LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad se encuentra en el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21024.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21024.json index d081594aa92..8dae7ad2ffd 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21024.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21024.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Complex Maintenance, Repair and Overhaul de Oracle E-Business Suite (componente: LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad se encuentra en el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21025.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21025.json index 807a1d32f42..db390c4b1d0 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21025.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21025.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Complex Maintenance, Repair and Overhaul de Oracle E-Business Suite (componente: LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad se encuentra en el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21032.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21032.json index 074c9b45868..9b4e0de2a44 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21032.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21032.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Complex Maintenance, Repair and Overhaul de Oracle E-Business Suite (componente: LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad se encuentra en el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21033.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21033.json index bab23baace0..457b12190e1 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21033.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21033.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Complex Maintenance, Repair and Overhaul de Oracle E-Business Suite (componente: LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad se encuentra en el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21034.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21034.json index 58c6db3eb65..28fb3cb8c74 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21034.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21034.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Complex Maintenance, Repair and Overhaul de Oracle E-Business Suite (componente: LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad se encuentra en el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21035.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21035.json index d39b98e6049..b0ad9448258 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21035.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21035.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Complex Maintenance, Repair and Overhaul de Oracle E-Business Suite (componente: LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad se encuentra en el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21036.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21036.json index 4d1ffaca7e5..b8447808efa 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21036.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21036.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Complex Maintenance, Repair and Overhaul de Oracle E-Business Suite (componente: LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad se encuentra en el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21037.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21037.json index 742fb776a42..9fd5bd96b86 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21037.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21037.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Complex Maintenance, Repair and Overhaul de Oracle E-Business Suite (componente: LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad se encuentra en el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21038.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21038.json index a06466d5d7d..37fcd3cf5ac 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21038.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21038.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Complex Maintenance, Repair and Overhaul de Oracle E-Business Suite (componente: LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad se encuentra en el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21039.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21039.json index cdc01c00ddb..eca2df1f396 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21039.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21039.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Complex Maintenance, Repair and Overhaul de Oracle E-Business Suite (componente: LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad se encuentra en el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21040.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21040.json index f11160ea289..01e2124804c 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21040.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21040.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Complex Maintenance, Repair and Overhaul de Oracle E-Business Suite (componente: LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad se encuentra en el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21041.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21041.json index 83118d2f094..082ad576769 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21041.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21041.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Complex Maintenance, Repair and Overhaul de Oracle E-Business Suite (componente: LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad se encuentra en el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21042.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21042.json index bac7b7d59ea..3355c6aa68e 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21042.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21042.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Complex Maintenance, Repair and Overhaul de Oracle E-Business Suite (componente: LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad se encuentra en el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21043.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21043.json index d1630d294d9..38a796bf5a4 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21043.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21043.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Complex Maintenance, Repair and Overhaul de Oracle E-Business Suite (componente: LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad se encuentra en el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21044.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21044.json index 00a1f6fd017..63bd6eb24e3 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21044.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21044.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Complex Maintenance, Repair and Overhaul de Oracle E-Business Suite (componente: LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad se encuentra en el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21045.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21045.json index 30b5fd6bdd7..3f07695b359 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21045.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21045.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Complex Maintenance, Repair and Overhaul de Oracle E-Business Suite (componente: LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad se encuentra en el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21046.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21046.json index cdc3e7e77a5..2cf9352259a 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21046.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21046.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Complex Maintenance, Repair and Overhaul de Oracle E-Business Suite (componente: LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad se encuentra en el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21047.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21047.json index 0e752d9ea90..940c07a0f99 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21047.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21047.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: InnoDB). Las versiones compatibles que se ven afectadas son 8.0.36 y anteriores y 8.3.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21048.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21048.json index b6d56d1d55c..fca24b80bd2 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21048.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21048.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: XML input). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Web Applications Desktop Integrator de Oracle E-Business Suite (componente: entrada XML). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer Oracle Web Applications Desktop Integrator. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Web Applications Desktop Integrator. CVSS 3.1 Puntaje base 4.3 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21049.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21049.json index a97fc0b3b1a..458e86d9a0c 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21049.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21049.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: DML). Las versiones compatibles que se ven afectadas son la 8.0.34 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21050.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21050.json index 339364a6eeb..ff70549ad91 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21050.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21050.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: DML). Las versiones compatibles que se ven afectadas son la 8.0.34 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21051.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21051.json index de62a7e2588..cbc017d0e39 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21051.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21051.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: DML). Las versiones compatibles que se ven afectadas son la 8.0.34 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21052.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21052.json index ab34c40f8ab..6726e97f3a1 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21052.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21052.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: DML). Las versiones compatibles que se ven afectadas son la 8.0.34 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21053.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21053.json index 2cb255df320..cb7f1264174 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21053.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21053.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: DML). Las versiones compatibles que se ven afectadas son la 8.0.34 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21054.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21054.json index 2885b7193fa..ff9fe8ecd83 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21054.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21054.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizador). Las versiones compatibles que se ven afectadas son 8.0.36 y anteriores y 8.3.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21055.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21055.json index 785f98545f0..9c1fbf82871 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21055.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21055.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizador). Las versiones compatibles que se ven afectadas son la 8.0.35 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21056.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21056.json index 802c72ffc5f..368fd451e20 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21056.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21056.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: DML). Las versiones compatibles que se ven afectadas son la 8.0.34 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21057.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21057.json index 388ff58c740..b5ed203b0c2 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21057.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21057.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizador). Las versiones compatibles que se ven afectadas son la 8.0.35 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21058.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21058.json index 82a16237569..c39749c39d6 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21058.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21058.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Unified Audit accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el componente Auditor\u00eda Unificada de Oracle Database Server. Las versiones compatibles que se ven afectadas son 19.3-19.22 y 21.3-21.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con privilegios elevados que tenga privilegios SYSDBA con acceso a la red a trav\u00e9s de Oracle Net comprometa la auditor\u00eda unificada. Los ataques exitosos de esta vulnerabilidad pueden resultar en la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizada del acceso a datos cr\u00edticos o a todos los datos accesibles de Unified Audit. CVSS 3.1 Puntaje base 4.9 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21059.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21059.json index a5baa3b834c..8363491fa0d 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21059.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21059.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Solaris de Oracle Systems (componente: Utility). La versi\u00f3n compatible que se ve afectada es la 11. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante con pocos privilegios inicie sesi\u00f3n en la infraestructura donde se ejecuta Oracle Solaris para comprometer Oracle Solaris. Si bien la vulnerabilidad est\u00e1 en Oracle Solaris, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos a esta vulnerabilidad pueden resultar en la adquisici\u00f3n de Oracle Solaris. CVSS 3.1 Puntuaci\u00f3n base 7,8 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21060.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21060.json index a87a4ec062c..4d297395c3a 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21060.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21060.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Diccionario de datos). Las versiones compatibles que se ven afectadas son 8.0.36 y anteriores y 8.3.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21061.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21061.json index a538d62fbab..8b4dee84baa 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21061.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21061.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Complemento de auditor\u00eda). Las versiones compatibles que se ven afectadas son la 8.0.35 y anteriores y la 8.2.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21062.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21062.json index fd14ddbdfe9..c3457ffd2d3 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21062.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21062.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizador). Las versiones compatibles que se ven afectadas son 8.0.36 y anteriores y 8.3.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21063.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21063.json index 32768001e0b..968fea6b431 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21063.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21063.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the PeopleSoft Enterprise HCM Benefits Administration product of Oracle PeopleSoft (component: Benefits Administration). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise HCM Benefits Administration executes to compromise PeopleSoft Enterprise HCM Benefits Administration. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Benefits Administration accessible data as well as unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Benefits Administration accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise HCM Benefits Administration. CVSS 3.1 Base Score 6.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en PeopleSoft Enterprise HCM Benefits Administration product of Oracle PeopleSoft (componente: Administraci\u00f3n de Beneficios). La versi\u00f3n compatible que se ve afectada es la 9.2. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios iniciar sesi\u00f3n en la infraestructura donde se ejecuta PeopleSoft Enterprise HCM Benefits Administration para comprometer PeopleSoft Enterprise HCM Benefits Administration. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos cr\u00edticos o acceso completo a todos los datos accesibles de PeopleSoft Enterprise HCM Benefits Administration, as\u00ed como acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de PeopleSoft Enterprise HCM Benefits Administration y capacidad no autorizada de causar una denegaci\u00f3n parcial de servicio (DOS parcial) de PeopleSoft Enterprise HCM Administraci\u00f3n de Beneficios. CVSS 3.1 Puntuaci\u00f3n base 6.1 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21064.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21064.json index a86d10f09b1..376417580fa 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21064.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21064.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Answers). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Business Intelligence Enterprise Edition de Oracle Analytics (componente: Analytics Web Answers). Las versiones compatibles que se ven afectadas son 7.0.0.0.0 y 12.2.1.4.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer Oracle Business Intelligence Enterprise Edition. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en Oracle Business Intelligence Enterprise Edition, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle Business Intelligence Enterprise Edition, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Puntaje base 5.4 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21065.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21065.json index 51450deb18c..14addd76150 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21065.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21065.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Workflow). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto PeopleSoft Enterprise PeopleTools de Oracle PeopleSoft (componente: Workflow). Las versiones compatibles que se ven afectadas son 8.59, 8.60 y 8.61. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometer PeopleSoft Enterprise PeopleTools. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en PeopleSoft Enterprise PeopleTools, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos a esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de PeopleSoft Enterprise PeopleTools, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de PeopleSoft Enterprise PeopleTools. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21066.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21066.json index 94f1364e656..f685b4fe672 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21066.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21066.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having Authenticated User privilege with logon to the infrastructure where RDBMS executes to compromise RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS accessible data. CVSS 3.1 Base Score 4.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el componente RDBMS de Oracle Database Server. Las versiones compatibles que se ven afectadas son 19.3-19.22 y 21.3-21.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios tenga permisos de usuario autenticado e inicie sesi\u00f3n en la infraestructura donde se ejecuta RDBMS para comprometer RDBMS. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o un acceso completo a todos los datos accesibles del RDBMS. CVSS 3.1 Puntaje base 4.2 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N). " } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21067.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21067.json index 3d590107fbf..665113c318c 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21067.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21067.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Enterprise Manager Base Platform executes to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Enterprise Manager Base Platform de Oracle Enterprise Manager (componente: Host Management). La versi\u00f3n compatible afectada es 13.5.0.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios iniciar sesi\u00f3n en la infraestructura donde se ejecuta la plataforma base de Oracle Enterprise Manager para comprometer la plataforma base de Oracle Enterprise Manager. Si bien la vulnerabilidad est\u00e1 en la plataforma base de Oracle Enterprise Manager, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos a esta vulnerabilidad pueden resultar en la adquisici\u00f3n de la plataforma base Oracle Enterprise Manager. CVSS 3.1 Puntuaci\u00f3n base 8,8 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21068.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21068.json index 3bc245a5e6f..76954357360 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21068.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21068.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Hotspot). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM para JDK: 17.0.10, 21.0.2 y 22; Edici\u00f3n empresarial de Oracle GraalVM: 21.3.9. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado una actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n no autorizada del acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se puede aprovechar utilizando API en el componente especificado, por ejemplo, a trav\u00e9s de un servicio web que proporciona datos a las API. Esta vulnerabilidad tambi\u00e9n se aplica a las implementaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en un espacio aislado o subprogramas de Java en un espacio aislado, que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. CVSS 3.1 Puntaje base 3.7 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21069.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21069.json index 1f584842b8d..1f51ecd3a7c 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21069.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21069.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: DDL). Las versiones compatibles que se ven afectadas son 8.0.36 y anteriores y 8.3.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21070.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21070.json index a4ddfc95879..4f514a7453f 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21070.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21070.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Search Framework). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto PeopleSoft Enterprise PeopleTools de Oracle PeopleSoft (componente: Search Framework). Las versiones compatibles que se ven afectadas son 8.59, 8.60 y 8.61. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometer PeopleSoft Enterprise PeopleTools. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante. Los ataques exitosos a esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de PeopleSoft Enterprise PeopleTools, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de PeopleSoft Enterprise PeopleTools. CVSS 3.1 Puntaje base 5.4 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21071.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21071.json index 555eadb6dfd..6d7a3d8a7d8 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21071.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21071.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow. While the vulnerability is in Oracle Workflow, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Workflow. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Workflow de Oracle E-Business Suite (componente: Pantallas de administraci\u00f3n y UI de subvenciones). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de HTTP comprometa Oracle Workflow. Si bien la vulnerabilidad est\u00e1 en Oracle Workflow, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos a esta vulnerabilidad pueden resultar en la adquisici\u00f3n de Oracle Workflow. CVSS 3.1 Puntuaci\u00f3n base 9.1 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21072.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21072.json index 76b3994ce83..ebd3e23f5cd 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21072.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21072.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Data Provider UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Installed Base de Oracle E-Business Suite (componente: UI del proveedor de datos). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa la base instalada de Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en la base instalada de Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle Installed Base, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Installed Base. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21073.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21073.json index e863f0f8c42..5fa5dcb1a28 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21073.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21073.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Claim LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Trade Management de Oracle E-Business Suite (componente: Claim LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa Oracle Trade Management. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o un acceso completo a todos los datos accesibles de Oracle Trade Management. CVSS 3.1 Puntaje base 7.5 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21074.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21074.json index 5a8e36e998c..d30ac281550 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21074.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21074.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Finance LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Trade Management de Oracle E-Business Suite (componente: Finance LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa Oracle Trade Management. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o un acceso completo a todos los datos accesibles de Oracle Trade Management. CVSS 3.1 Puntaje base 7.5 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21075.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21075.json index 245284cc2bb..153c9c2a2d4 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21075.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21075.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Claim Line LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Trade Management de Oracle E-Business Suite (componente: Claim Line LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa Oracle Trade Management. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o un acceso completo a todos los datos accesibles de Oracle Trade Management. CVSS 3.1 Puntaje base 7.5 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21076.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21076.json index d2fd82c5a77..a25396bb993 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21076.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21076.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Offer LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Trade Management de Oracle E-Business Suite (componente: Oferta LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa Oracle Trade Management. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o un acceso completo a todos los datos accesibles de Oracle Trade Management. CVSS 3.1 Puntaje base 7.5 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21077.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21077.json index c175a8682c6..efa29367d23 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21077.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21077.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: GL Accounts LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Trade Management de Oracle E-Business Suite (componente: GL Accounts LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa Oracle Trade Management. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o un acceso completo a todos los datos accesibles de Oracle Trade Management. CVSS 3.1 Puntaje base 7.5 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21078.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21078.json index 24a7ef8d20a..6996484509f 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21078.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21078.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Campaign LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Marketing de Oracle E-Business Suite (componente: Campaign LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa Oracle Marketing. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o un acceso completo a todos los datos accesibles de Oracle Marketing. CVSS 3.1 Puntaje base 7.5 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21079.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21079.json index 1b1c8f39320..245377163ff 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21079.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21079.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Campaign LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Marketing de Oracle E-Business Suite (componente: Campaign LOV). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa Oracle Marketing. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o un acceso completo a todos los datos accesibles de Oracle Marketing. CVSS 3.1 Puntaje base 7.5 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21080.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21080.json index b72587f5aac..96e7a04248f 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21080.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21080.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: REST Services). Supported versions that are affected are 12.2.9-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Framework accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Applications Framework de Oracle E-Business Suite (componente: Servicios REST). Las versiones compatibles que se ven afectadas son 12.2.9-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer Oracle Applications Framework. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o un acceso completo a todos los datos accesibles de Oracle Applications Framework. CVSS 3.1 Puntaje base 6.5 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21081.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21081.json index 3613a09bd3e..8a4d3905c8a 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21081.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21081.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle Partner Management product of Oracle E-Business Suite (component: Attribute Admin Setup). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Partner Management de Oracle E-Business Suite (componente: Configuraci\u00f3n de administraci\u00f3n de atributos). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa Oracle Partner Management. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en Oracle Partner Management, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos a esta vulnerabilidad pueden resultar en actualizaciones no autorizadas, inserci\u00f3n o eliminaci\u00f3n del acceso a algunos de los datos accesibles de Oracle Partner Management. CVSS 3.1 Puntaje base 4.7 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21082.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21082.json index 78d6483af0d..594a69a0f6a 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21082.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21082.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle BI Publisher de Oracle Analytics (componente: Servicios XML). Las versiones compatibles que se ven afectadas son 7.0.0.0.0 y 12.2.1.4.0. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa Oracle BI Publisher. Los ataques exitosos a esta vulnerabilidad pueden resultar en la adquisici\u00f3n de Oracle BI Publisher. CVSS 3.1 Puntuaci\u00f3n base 9,8 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21083.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21083.json index 00ee1f54cba..20c5285f6b5 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21083.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21083.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Script Engine). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle BI Publisher de Oracle Analytics (componente: Script Engine). Las versiones compatibles que se ven afectadas son 7.0.0.0.0 y 12.2.1.4.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con altos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer Oracle BI Publisher. Los ataques exitosos a esta vulnerabilidad pueden resultar en la adquisici\u00f3n de Oracle BI Publisher. CVSS 3.1 Puntuaci\u00f3n base 7.2 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21084.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21084.json index f08a89aec65..08b03b404c2 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21084.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21084.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Service Gateway). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. While the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle BI Publisher de Oracle Analytics (componente: Service Gateway). Las versiones compatibles que se ven afectadas son 7.0.0.0.0 y 12.2.1.4.0. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa Oracle BI Publisher. Si bien la vulnerabilidad est\u00e1 en Oracle BI Publisher, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle BI Publisher. CVSS 3.1 Puntaje base 5.8 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-220xx/CVE-2024-22014.json b/CVE-2024/CVE-2024-220xx/CVE-2024-22014.json index 1ffa8427fe9..017eaa8a852 100644 --- a/CVE-2024/CVE-2024-220xx/CVE-2024-22014.json +++ b/CVE-2024/CVE-2024-220xx/CVE-2024-22014.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete." + }, + { + "lang": "es", + "value": "Un problema descubierto en 360 Total Security Antivirus hasta la versi\u00f3n 11.0.0.1061 para Windows permite a los atacantes obtener privilegios aumentados a trav\u00e9s de Symbolic Link Follow hasta la eliminaci\u00f3n arbitraria de archivos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22339.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22339.json index 9a7f96d0b43..0a28182e752 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22339.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22339.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM X-Force ID: 279979." + }, + { + "lang": "es", + "value": "IBM UrbanCode Deploy (UCD) 7.0 a 7.0.5.20, 7.1 a 7.1.2.16, 7.2 a 7.2.3.9, 7.3 a 7.3.2.4 e IBM DevOps Deploy 8.0 a 8.0.0.1 es vulnerable a informaci\u00f3n confidencial debido a una ofuscaci\u00f3n insuficiente de la informaci\u00f3n confidencial. valores de algunos archivos de registro. ID de IBM X-Force: 279979." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-224xx/CVE-2024-22437.json b/CVE-2024/CVE-2024-224xx/CVE-2024-22437.json index 9aef9eb327c..60f6a7dcbeb 100644 --- a/CVE-2024/CVE-2024-224xx/CVE-2024-22437.json +++ b/CVE-2024/CVE-2024-224xx/CVE-2024-22437.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "\nA potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This vulnerability could be exploited to gain elevated privilege on the system.\n\n" + }, + { + "lang": "es", + "value": "Se ha identificado una posible vulnerabilidad de seguridad en el software VSS Provider y CAPI Proxy para ciertos productos de almacenamiento HPE MSA. Esta vulnerabilidad podr\u00eda explotarse para obtener privilegios elevados en el sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-224xx/CVE-2024-22438.json b/CVE-2024/CVE-2024-224xx/CVE-2024-22438.json index 79094c13859..77525b88e3f 100644 --- a/CVE-2024/CVE-2024-224xx/CVE-2024-22438.json +++ b/CVE-2024/CVE-2024-224xx/CVE-2024-22438.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "\nA potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820 Network switches. The vulnerability could be remotely exploited to allow execution of malicious code.\n\n" + }, + { + "lang": "es", + "value": "Se ha identificado una posible vulnerabilidad de seguridad en los conmutadores de red Hewlett Packard Enterprise OfficeConnect 1820. La vulnerabilidad podr\u00eda explotarse de forma remota para permitir la ejecuci\u00f3n de c\u00f3digo malicioso." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-224xx/CVE-2024-22439.json b/CVE-2024/CVE-2024-224xx/CVE-2024-22439.json index 0fdea8ded8a..32d631b253b 100644 --- a/CVE-2024/CVE-2024-224xx/CVE-2024-22439.json +++ b/CVE-2024/CVE-2024-224xx/CVE-2024-22439.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "\nA potential security vulnerability has been identified in HPE FlexFabric and FlexNetwork series products. This vulnerability could be exploited to gain privileged access to switches resulting in information disclosure.\n\n" + }, + { + "lang": "es", + "value": "Se ha identificado una posible vulnerabilidad de seguridad en los productos de las series HPE FlexFabric y FlexNetwork. Esta vulnerabilidad podr\u00eda aprovecharse para obtener acceso privilegiado a conmutadores, lo que dar\u00eda como resultado la divulgaci\u00f3n de informaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-234xx/CVE-2024-23486.json b/CVE-2024/CVE-2024-234xx/CVE-2024-23486.json index 3b3a2c207e8..2cb188f5f0a 100644 --- a/CVE-2024/CVE-2024-234xx/CVE-2024-23486.json +++ b/CVE-2024/CVE-2024-234xx/CVE-2024-23486.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials." + }, + { + "lang": "es", + "value": "Existe un problema de almacenamiento de texto plano de contrase\u00f1a en los routers LAN inal\u00e1mbricos BUFFALO, lo que puede permitir que un atacante no autenticado adyacente a la red con acceso a la p\u00e1gina de inicio de sesi\u00f3n del producto pueda obtener las credenciales configuradas." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-235xx/CVE-2024-23559.json b/CVE-2024/CVE-2024-235xx/CVE-2024-23559.json index 0ee9ac0dc2c..32b86f6b0c7 100644 --- a/CVE-2024/CVE-2024-235xx/CVE-2024-23559.json +++ b/CVE-2024/CVE-2024-235xx/CVE-2024-23559.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "HCL DevOps Deploy / Launch is generating an obsolete HTTP header.\n" + }, + { + "lang": "es", + "value": "HCL DevOps Deploy/Launch est\u00e1 generando un encabezado HTTP obsoleto." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-235xx/CVE-2024-23593.json b/CVE-2024/CVE-2024-235xx/CVE-2024-23593.json index 75f570b1452..19f7e54cbb2 100644 --- a/CVE-2024/CVE-2024-235xx/CVE-2024-23593.json +++ b/CVE-2024/CVE-2024-235xx/CVE-2024-23593.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "\nA vulnerability was reported\n\nin a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014\n\n that could allow a privileged attacker with local access to modify the boot manager and escalate privileges. \n\n" + }, + { + "lang": "es", + "value": "Se inform\u00f3 una vulnerabilidad en un gestor de arranque de recuperaci\u00f3n del sistema que formaba parte de los sistemas operativos Windows 7 y 8 precargados de Lenovo de 2012 a 2014 que podr\u00eda permitir a un atacante privilegiado con acceso local modificar el administrador de arranque y escalar privilegios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-235xx/CVE-2024-23594.json b/CVE-2024/CVE-2024-235xx/CVE-2024-23594.json index 7d33ceb521c..add48c5f707 100644 --- a/CVE-2024/CVE-2024-235xx/CVE-2024-23594.json +++ b/CVE-2024/CVE-2024-235xx/CVE-2024-23594.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "\nA buffer overflow vulnerability was reported\n\nin a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014\n\n\n that could allow a privileged attacker with local access to execute arbitrary code. \n\n" + }, + { + "lang": "es", + "value": "Se inform\u00f3 una vulnerabilidad de desbordamiento de b\u00fafer en un gestor de arranque de recuperaci\u00f3n del sistema que formaba parte de los sistemas operativos Windows 7 y 8 precargados de Lenovo de 2012 a 2014 y que podr\u00eda permitir que un atacante privilegiado con acceso local ejecutara c\u00f3digo arbitrario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-239xx/CVE-2024-23911.json b/CVE-2024/CVE-2024-239xx/CVE-2024-23911.json index d3833adebbc..7e361411d31 100644 --- a/CVE-2024/CVE-2024-239xx/CVE-2024-23911.json +++ b/CVE-2024/CVE-2024-239xx/CVE-2024-23911.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 NDP packets exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted packet." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de lectura fuera de los l\u00edmites causada por una verificaci\u00f3n incorrecta de los valores de longitud de las opciones en los paquetes IPv6 NDP en la serie de redes TCP/IP del middleware Cente, lo que puede permitir que un atacante no autenticado detenga las operaciones del dispositivo enviando un paquete especialmente manipulado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24856.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24856.json index 2207b294ef7..cb43a436a1b 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24856.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24856.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a\nsuccessful allocation, but the subsequent code directly dereferences the\npointer that receives it, which may lead to null pointer dereference.\n\nTo fix this issue, a null pointer check should be added. If it is null, \nreturn exception code AE_NO_MEMORY.\n\n" + }, + { + "lang": "es", + "value": "La funci\u00f3n de asignaci\u00f3n de memoria ACPI_ALLOCATE_ZEROED no garantiza una asignaci\u00f3n exitosa, pero el c\u00f3digo posterior desreferencia directamente el puntero que la recibe, lo que puede provocar una desreferencia del puntero nulo. Para solucionar este problema, se debe agregar una verificaci\u00f3n de puntero nulo. Si es nulo, devuelve el c\u00f3digo de excepci\u00f3n AE_NO_MEMORY." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24891.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24891.json index 2ff20f3176d..506c7f446b4 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24891.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24891.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure. This vulnerability is associated with program files https://gitee.Com/openeuler/kernel/blob/openEuler-1.0-LTS/drivers/staging/gmjstcm/tcm.C.\n\nThis issue affects kernel: from 4.19.90-2109.1.0.0108 before 4.19.90-2403.4.0.0244.\n\n" + }, + { + "lang": "es", + "value": "La exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en el kernel openEuler en Linux permite la exposici\u00f3n a fugas de recursos. Esta vulnerabilidad est\u00e1 asociada con archivos de programa https://gitee.Com/openeuler/kernel/blob/openEuler-1.0-LTS/drivers/staging/gmjstcm/tcm.C. Este problema afecta al kernel: desde 4.19.90-2109.1.0.0108 antes de 4.19.90-2403.4.0.0244." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24898.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24898.json index 0c46fd9d185..50f429407cc 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24898.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24898.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure. This vulnerability is associated with program files https://gitee.Com/openeuler/kernel/blob/openEuler-1.0-LTS/drivers/staging/gmjstcm/tcm.C.\n\nThis issue affects kernel: from 4.19.90-2109.1.0.0108 before 4.19.90-2403.4.0.0244.\n\n" + }, + { + "lang": "es", + "value": "La exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en el kernel openEuler en Linux permite la exposici\u00f3n a fugas de recursos. Esta vulnerabilidad est\u00e1 asociada con archivos de programa https://gitee.Com/openeuler/kernel/blob/openEuler-1.0-LTS/drivers/staging/gmjstcm/tcm.C. Este problema afecta al kernel: desde 4.19.90-2109.1.0.0108 antes de 4.19.90-2403.4.0.0244." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-249xx/CVE-2024-24910.json b/CVE-2024/CVE-2024-249xx/CVE-2024-24910.json index d26098f5cc5..7689596abc2 100644 --- a/CVE-2024/CVE-2024-249xx/CVE-2024-24910.json +++ b/CVE-2024/CVE-2024-249xx/CVE-2024-24910.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "A local attacker can escalate privileges on affected Check Point ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system." + }, + { + "lang": "es", + "value": "Un atacante local puede escalar privilegios en Check Point ZoneAlarm Extreme Security NextGen, Identity Agent para Windows y Identity Agent para Windows Terminal Server afectados. Para aprovechar esta vulnerabilidad, un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo privilegiado local en el sistema de destino." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-251xx/CVE-2024-25143.json b/CVE-2024/CVE-2024-251xx/CVE-2024-25143.json index bbe0803d9c0..622fe588c34 100644 --- a/CVE-2024/CVE-2024-251xx/CVE-2024-25143.json +++ b/CVE-2024/CVE-2024-251xx/CVE-2024-25143.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@liferay.com", "published": "2024-02-07T15:15:08.907", "lastModified": "2024-02-07T17:04:54.407", - "vulnStatus": "Undergoing Analysis", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-253xx/CVE-2024-25300.json b/CVE-2024/CVE-2024-253xx/CVE-2024-25300.json index f7124926a7e..d46a467e39d 100644 --- a/CVE-2024/CVE-2024-253xx/CVE-2024-25300.json +++ b/CVE-2024/CVE-2024-253xx/CVE-2024-25300.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-02-14T19:15:10.213", "lastModified": "2024-02-15T06:23:39.303", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-253xx/CVE-2024-25301.json b/CVE-2024/CVE-2024-253xx/CVE-2024-25301.json index 76106c269e6..b79697b17f9 100644 --- a/CVE-2024/CVE-2024-253xx/CVE-2024-25301.json +++ b/CVE-2024/CVE-2024-253xx/CVE-2024-25301.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-02-14T19:15:10.277", "lastModified": "2024-02-15T06:23:39.303", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-260xx/CVE-2024-26023.json b/CVE-2024/CVE-2024-260xx/CVE-2024-26023.json index 37c98ebd40d..3e37ef1dbfe 100644 --- a/CVE-2024/CVE-2024-260xx/CVE-2024-26023.json +++ b/CVE-2024/CVE-2024-260xx/CVE-2024-26023.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en routers LAN inal\u00e1mbricos BUFFALO permite que un usuario que haya iniciado sesi\u00f3n ejecute comandos arbitrarios del sistema operativo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26818.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26818.json index ca3d2d4cbad..2936e280fa6 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26818.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26818.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntools/rtla: Fix clang warning about mount_point var size\n\nclang is reporting this warning:\n\n$ make HOSTCC=clang CC=clang LLVM_IAS=1\n[...]\nclang -O -g -DVERSION=\\\"6.8.0-rc3\\\" -flto=auto -fexceptions\n\t-fstack-protector-strong -fasynchronous-unwind-tables\n\t-fstack-clash-protection -Wall -Werror=format-security\n\t-Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS\n\t$(pkg-config --cflags libtracefs) -c -o src/utils.o src/utils.c\n\nsrc/utils.c:548:66: warning: 'fscanf' may overflow; destination buffer in argument 3 has size 1024, but the corresponding specifier may require size 1025 [-Wfortify-source]\n 548 | while (fscanf(fp, \"%*s %\" STR(MAX_PATH) \"s %99s %*s %*d %*d\\n\", mount_point, type) == 2) {\n | ^\n\nIncrease mount_point variable size to MAX_PATH+1 to avoid the overflow." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: herramientas/rtla: Repare la advertencia de clang sobre el tama\u00f1o de var de mount_point clang informa esta advertencia: $ make HOSTCC=clang CC=clang LLVM_IAS=1 [...] clang -O -g -DVERSION=\\\"6.8.0-rc3\\\" -flto=auto -fExceptions -fstack-protector-strong -fasynchronous-unwind-tables -fstack-clash-protection -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE= 2 -Wp,-D_GLIBCXX_ASSERTIONS $(pkg-config --cflags libtracefs) -c -o src/utils.o src/utils.c src/utils.c:548:66: advertencia: 'fscanf' puede desbordarse; el b\u00fafer de destino en el argumento 3 tiene un tama\u00f1o 1024, pero el especificador correspondiente puede requerir un tama\u00f1o 1025 [-Wfortify-source] 548 | while (fscanf(fp, \"%*s %\" STR(MAX_PATH) \"s %99s %*s %*d %*d\\n\", punto_montaje, tipo) == 2) { | ^ Aumente el tama\u00f1o de la variable mount_point a MAX_PATH+1 para evitar el desbordamiento." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26820.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26820.json index 8f642b95fca..50a0be97622 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26820.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26820.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed\n\nIf hv_netvsc driver is unloaded and reloaded, the NET_DEVICE_REGISTER\nhandler cannot perform VF register successfully as the register call\nis received before netvsc_probe is finished. This is because we\nregister register_netdevice_notifier() very early( even before\nvmbus_driver_register()).\nTo fix this, we try to register each such matching VF( if it is visible\nas a netdevice) at the end of netvsc_probe." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: hv_netvsc: registre VF en netvsc_probe si se perdi\u00f3 NET_DEVICE_REGISTER. Si el controlador hv_netvsc se descarga y se vuelve a cargar, el controlador NET_DEVICE_REGISTER no puede realizar el registro VF exitosamente ya que la llamada de registro se recibe antes de que finalice netvsc_probe. Esto se debe a que registramos Register_netdevice_notifier() muy temprano (incluso antes de vmbus_driver_register()). Para solucionar este problema, intentamos registrar cada VF coincidente (si es visible como un dispositivo de red) al final de netvsc_probe." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26821.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26821.json index 7e05f86a920..87ebe4f7daa 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26821.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26821.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: relax mount_setattr() permission checks\n\nWhen we added mount_setattr() I added additional checks compared to the\nlegacy do_reconfigure_mnt() and do_change_type() helpers used by regular\nmount(2). If that mount had a parent then verify that the caller and the\nmount namespace the mount is attached to match and if not make sure that\nit's an anonymous mount.\n\nThe real rootfs falls into neither category. It is neither an anoymous\nmount because it is obviously attached to the initial mount namespace\nbut it also obviously doesn't have a parent mount. So that means legacy\nmount(2) allows changing mount properties on the real rootfs but\nmount_setattr(2) blocks this. I never thought much about this but of\ncourse someone on this planet of earth changes properties on the real\nrootfs as can be seen in [1].\n\nSince util-linux finally switched to the new mount api in 2.39 not so\nlong ago it also relies on mount_setattr() and that surfaced this issue\nwhen Fedora 39 finally switched to it. Fix this." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs: relajar las comprobaciones de permisos de mount_setattr() Cuando agregamos mount_setattr(), agregu\u00e9 comprobaciones adicionales en comparaci\u00f3n con los ayudantes heredados do_reconfigure_mnt() y do_change_type() utilizados por el mount(2) normal. Si ese montaje ten\u00eda un padre, verifique que la persona que llama y el espacio de nombres del montaje coincidan y, de lo contrario, aseg\u00farese de que sea un montaje an\u00f3nimo. Los rootfs reales no entran en ninguna de las dos categor\u00edas. No es un montaje an\u00f3nimo porque obviamente est\u00e1 adjunto al espacio de nombres de montaje inicial pero obviamente tampoco tiene un montaje principal. Eso significa que el montaje heredado (2) permite cambiar las propiedades de montaje en los rootfs reales, pero mount_setattr (2) bloquea esto. Nunca pens\u00e9 mucho en esto pero, por supuesto, alguien en este planeta tierra cambia las propiedades de las ra\u00edces reales como se puede ver en [1]. Dado que util-linux finalmente cambi\u00f3 a la nueva API de montaje en 2.39 no hace mucho, tambi\u00e9n depende de mount_setattr() y surgi\u00f3 este problema cuando Fedora 39 finalmente cambi\u00f3 a ella. Arregla esto." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26822.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26822.json index 81956cebef6..df512430fcc 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26822.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26822.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: set correct id, uid and cruid for multiuser automounts\n\nWhen uid, gid and cruid are not specified, we need to dynamically\nset them into the filesystem context used for automounting otherwise\nthey'll end up reusing the values from the parent mount." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: configure el id, uid y cruid correctos para montajes autom\u00e1ticos multiusuario Cuando no se especifican uid, gid y cruid, debemos configurarlos din\u00e1micamente en el contexto del sistema de archivos utilizado para el montaje autom\u00e1tico, de lo contrario terminar\u00e1n reutilizando los valores del montaje principal." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26823.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26823.json index a0ea8c7f3b1..a7900e527cd 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26823.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26823.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/gic-v3-its: Restore quirk probing for ACPI-based systems\n\nWhile refactoring the way the ITSs are probed, the handling of quirks\napplicable to ACPI-based platforms was lost. As a result, systems such as\nHIP07 lose their GICv4 functionnality, and some other may even fail to\nboot, unless they are configured to boot with DT.\n\nMove the enabling of quirks into its_probe_one(), making it common to all\nfirmware implementations." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: irqchip/gic-v3-its: restaurar el sondeo de peculiaridades para sistemas basados en ACPI Al refactorizar la forma en que se sondean los ITS, se perdi\u00f3 el manejo de peculiaridades aplicables a plataformas basadas en ACPI. Como resultado, sistemas como HIP07 pierden su funcionalidad GICv4 y es posible que algunos otros incluso no arranquen, a menos que est\u00e9n configurados para arrancar con DT. Mueva la habilitaci\u00f3n de peculiaridades a its_probe_one(), haci\u00e9ndola com\u00fan a todas las implementaciones de firmware." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26824.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26824.json index ac4bc86cba7..7dd605b1f84 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26824.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26824.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_hash - Remove bogus SGL free on zero-length error path\n\nWhen a zero-length message is hashed by algif_hash, and an error\nis triggered, it tries to free an SG list that was never allocated\nin the first place. Fix this by not freeing the SG list on the\nzero-length error path." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: algif_hash - Eliminar SGL falso libre en ruta de error de longitud cero Cuando algif_hash codifica un mensaje de longitud cero y se activa un error, intenta liberar una lista de SG que nunca fue asignado en primer lugar. Solucione este problema al no liberar la lista SG en la ruta de error de longitud cero." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26825.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26825.json index 882229fed84..fb63896fd45 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26825.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26825.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: free rx_data_reassembly skb on NCI device cleanup\n\nrx_data_reassembly skb is stored during NCI data exchange for processing\nfragmented packets. It is dropped only when the last fragment is processed\nor when an NTF packet with NCI_OP_RF_DEACTIVATE_NTF opcode is received.\nHowever, the NCI device may be deallocated before that which leads to skb\nleak.\n\nAs by design the rx_data_reassembly skb is bound to the NCI device and\nnothing prevents the device to be freed before the skb is processed in\nsome way and cleaned, free it on the NCI device cleanup.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfc: nci: rx_data_reassembly skb gratuito en la limpieza del dispositivo NCI rx_data_reassembly skb se almacena durante el intercambio de datos NCI para procesar paquetes fragmentados. Se elimina solo cuando se procesa el \u00faltimo fragmento o cuando se recibe un paquete NTF con el c\u00f3digo de operaci\u00f3n NCI_OP_RF_DEACTIVATE_NTF. Sin embargo, el dispositivo NCI puede desasignarse antes de lo que provoca una fuga de skb. Como por dise\u00f1o el skb rx_data_reassembly est\u00e1 vinculado al dispositivo NCI y nada impide que el dispositivo se libere antes de que el skb se procese y limpie de alguna manera, lib\u00e9relo en la limpieza del dispositivo NCI. Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con Syzkaller." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26826.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26826.json index 1608d1d24c6..1e4d8ac8b22 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26826.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26826.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix data re-injection from stale subflow\n\nWhen the MPTCP PM detects that a subflow is stale, all the packet\nscheduler must re-inject all the mptcp-level unacked data. To avoid\nacquiring unneeded locks, it first try to check if any unacked data\nis present at all in the RTX queue, but such check is currently\nbroken, as it uses TCP-specific helper on an MPTCP socket.\n\nFunnily enough fuzzers and static checkers are happy, as the accessed\nmemory still belongs to the mptcp_sock struct, and even from a\nfunctional perspective the recovery completed successfully, as\nthe short-cut test always failed.\n\nA recent unrelated TCP change - commit d5fed5addb2b (\"tcp: reorganize\ntcp_sock fast path variables\") - exposed the issue, as the tcp field\nreorganization makes the mptcp code always skip the re-inection.\n\nFix the issue dropping the bogus call: we are on a slow path, the early\noptimization proved once again to be evil." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: corrige la reinyecci\u00f3n de datos desde un subflujo obsoleto Cuando MPTCP PM detecta que un subflujo est\u00e1 obsoleto, todo el programador de paquetes debe reinyectar todos los datos no codificados del nivel mptcp. Para evitar adquirir bloqueos innecesarios, primero intenta verificar si hay datos no bloqueados presentes en la cola RTX, pero dicha verificaci\u00f3n actualmente no funciona, ya que utiliza un asistente espec\u00edfico de TCP en un socket MPTCP. Curiosamente, los fuzzers y los comprobadores est\u00e1ticos est\u00e1n contentos, ya que la memoria a la que se accede todav\u00eda pertenece a la estructura mptcp_sock, e incluso desde una perspectiva funcional la recuperaci\u00f3n se complet\u00f3 con \u00e9xito, ya que la prueba de acceso directo siempre fallaba. Un cambio reciente de TCP no relacionado (commit d5fed5addb2b (\"tcp: reorganizar las variables de ruta r\u00e1pida de tcp_sock\")) expuso el problema, ya que la reorganizaci\u00f3n del campo tcp hace que el c\u00f3digo mptcp siempre omita la reinecci\u00f3n. Solucione el problema eliminando la llamada falsa: estamos en un camino lento, la optimizaci\u00f3n inicial demostr\u00f3 una vez m\u00e1s ser mala." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26828.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26828.json index 9c7a0441c40..b7d6c8a754a 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26828.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26828.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix underflow in parse_server_interfaces()\n\nIn this loop, we step through the buffer and after each item we check\nif the size_left is greater than the minimum size we need. However,\nthe problem is that \"bytes_left\" is type ssize_t while sizeof() is type\nsize_t. That means that because of type promotion, the comparison is\ndone as an unsigned and if we have negative bytes left the loop\ncontinues instead of ending." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: corrige el desbordamiento insuficiente en parse_server_interfaces() En este bucle, recorremos el b\u00fafer y despu\u00e9s de cada elemento comprobamos si size_left es mayor que el tama\u00f1o m\u00ednimo que necesitamos. Sin embargo, el problema es que \"bytes_left\" es del tipo ssize_t mientras que sizeof() es del tipo size_t. Eso significa que debido a la promoci\u00f3n de tipo, la comparaci\u00f3n se realiza sin firmar y si nos quedan bytes negativos, el ciclo contin\u00faa en lugar de finalizar." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26829.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26829.json index df71178637b..96317244e92 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26829.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26829.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ir_toy: fix a memleak in irtoy_tx\n\nWhen irtoy_command fails, buf should be freed since it is allocated by\nirtoy_tx, or there is a memleak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: ir_toy: corrige una fuga de mem en irtoy_tx Cuando falla irtoy_command, se debe liberar buf ya que est\u00e1 asignado por irtoy_tx, o hay una fuga de mem." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26830.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26830.json index 10a1121c97c..8c505e2c9d6 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26830.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26830.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Do not allow untrusted VF to remove administratively set MAC\n\nCurrently when PF administratively sets VF's MAC address and the VF\nis put down (VF tries to delete all MACs) then the MAC is removed\nfrom MAC filters and primary VF MAC is zeroed.\n\nDo not allow untrusted VF to remove primary MAC when it was set\nadministratively by PF.\n\nReproducer:\n1) Create VF\n2) Set VF interface up\n3) Administratively set the VF's MAC\n4) Put VF interface down\n\n[root@host ~]# echo 1 > /sys/class/net/enp2s0f0/device/sriov_numvfs\n[root@host ~]# ip link set enp2s0f0v0 up\n[root@host ~]# ip link set enp2s0f0 vf 0 mac fe:6c:b5:da:c7:7d\n[root@host ~]# ip link show enp2s0f0\n23: enp2s0f0: mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000\n link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff\n vf 0 link/ether fe:6c:b5:da:c7:7d brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off\n[root@host ~]# ip link set enp2s0f0v0 down\n[root@host ~]# ip link show enp2s0f0\n23: enp2s0f0: mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000\n link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff\n vf 0 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i40e: No permitir que VF que no es de confianza elimine la MAC configurada administrativamente. Actualmente, cuando PF configura administrativamente la direcci\u00f3n MAC de VF y el VF se desactiva (VF intenta eliminar todas las MAC), entonces la MAC se eliminado de los filtros MAC y el MAC VF primario se pone a cero. No permita que VF que no es de confianza elimine la MAC principal cuando PF la configur\u00f3 administrativamente. Reproductor: 1) Crear VF 2) Configurar la interfaz VF 3) Configurar administrativamente la MAC del VF 4) Colocar la interfaz VF [root@host ~]# echo 1 > /sys/class/net/enp2s0f0/device/sriov_numvfs [root@ host ~]# enlace ip establecido enp2s0f0v0 up [root@host ~]# enlace ip establecido enp2s0f0 vf 0 mac fe:6c:b5:da:c7:7d [root@host ~]# enlace ip show enp2s0f0 23: enp2s0f0: < BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq estado Modo UP DEFAULT grupo predeterminado qlen 1000 enlace/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff vf 0 enlace/ ether fe:6c:b5:da:c7:7d brd ff:ff:ff:ff:ff:ff, verificaci\u00f3n de suplantaci\u00f3n de identidad activada, estado de enlace autom\u00e1tico, confianza desactivada [root@host ~]# enlace IP configurado enp2s0f0v0 inactivo [ra\u00edz @host ~]# ip link show enp2s0f0 23: enp2s0f0: mtu 1500 qdisc mq state Modo UP DEFAULT grupo predeterminado qlen 1000 link/ether 3c:ec:ef:b7:dd:04 brd ff :ff:ff:ff:ff:ff vf 0 enlace/\u00e9ter 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff, verificaci\u00f3n de suplantaci\u00f3n de identidad activada, estado de enlace autom\u00e1tico, confianza desactivada" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26831.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26831.json index ffa3422545c..f3160c864ed 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26831.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26831.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/handshake: Fix handshake_req_destroy_test1\n\nRecently, handshake_req_destroy_test1 started failing:\n\nExpected handshake_req_destroy_test == req, but\n handshake_req_destroy_test == 0000000000000000\n req == 0000000060f99b40\nnot ok 11 req_destroy works\n\nThis is because \"sock_release(sock)\" was replaced with \"fput(filp)\"\nto address a memory leak. Note that sock_release() is synchronous\nbut fput() usually delays the final close and clean-up.\n\nThe delay is not consequential in the other cases that were changed\nbut handshake_req_destroy_test1 is testing that handshake_req_cancel()\nfollowed by closing the file actually does call the ->hp_destroy\nmethod. Thus the PTR_EQ test at the end has to be sure that the\nfinal close is complete before it checks the pointer.\n\nWe cannot use a completion here because if ->hp_destroy is never\ncalled (ie, there is an API bug) then the test will hang.\n\nReported by: Guenter Roeck " + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/handshake: Fix handshake_req_destroy_test1 Recientemente, handshake_req_destroy_test1 comenz\u00f3 a fallar: Se esperaba handshake_req_destroy_test == req, pero handshake_req_destroy_test == 0000000000000000 req == 0000000060f99b40 no ok 11 req_destroy funciona Esto se debe a que \"sock_release( calcet\u00edn)\" fue reemplazado por \"fput(filp)\" para solucionar una p\u00e9rdida de memoria. Tenga en cuenta que sock_release() es sincr\u00f3nico pero fput() normalmente retrasa el cierre y la limpieza finales. El retraso no tiene consecuencias en los otros casos que se cambiaron, pero handshake_req_destroy_test1 est\u00e1 probando que handshake_req_cancel() seguido del cierre del archivo realmente llama al m\u00e9todo ->hp_destroy. Por lo tanto, la prueba PTR_EQ al final debe asegurarse de que el cierre final est\u00e9 completo antes de verificar el puntero. No podemos usar una finalizaci\u00f3n aqu\u00ed porque si nunca se llama a ->hp_destroy (es decir, hay un error de API), la prueba se bloquear\u00e1. Reportado por: Guenter Roeck " } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26832.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26832.json index d38287fb1dd..e2ba6eecab0 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26832.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26832.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: zswap: fix missing folio cleanup in writeback race path\n\nIn zswap_writeback_entry(), after we get a folio from\n__read_swap_cache_async(), we grab the tree lock again to check that the\nswap entry was not invalidated and recycled. If it was, we delete the\nfolio we just added to the swap cache and exit.\n\nHowever, __read_swap_cache_async() returns the folio locked when it is\nnewly allocated, which is always true for this path, and the folio is\nref'd. Make sure to unlock and put the folio before returning.\n\nThis was discovered by code inspection, probably because this path handles\na race condition that should not happen often, and the bug would not crash\nthe system, it will only strand the folio indefinitely." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mm: zswap: corrige la limpieza de folio faltante en la ruta de carrera de escritura diferida En zswap_writeback_entry(), despu\u00e9s de obtener un folio de __read_swap_cache_async(), tomamos el bloqueo del \u00e1rbol nuevamente para verificar que el intercambio la entrada no fue invalidada y reciclada. Si as\u00ed fuera, eliminamos la publicaci\u00f3n que acabamos de agregar al cach\u00e9 de intercambio y salimos. Sin embargo, __read_swap_cache_async() devuelve la publicaci\u00f3n bloqueada cuando se asigna recientemente, lo que siempre es cierto para esta ruta, y la publicaci\u00f3n se ref. Aseg\u00farate de desbloquear y colocar el folio antes de regresar. Esto se descubri\u00f3 mediante la inspecci\u00f3n del c\u00f3digo, probablemente porque esta ruta maneja una condici\u00f3n de carrera que no deber\u00eda ocurrir con frecuencia, y el error no bloquear\u00eda el sistema, solo bloquear\u00e1 la publicaci\u00f3n indefinidamente." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26833.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26833.json index 0c7ff55c357..1e41528a892 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26833.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26833.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix memory leak in dm_sw_fini()\n\nAfter destroying dmub_srv, the memory associated with it is\nnot freed, causing a memory leak:\n\nunreferenced object 0xffff896302b45800 (size 1024):\n comm \"(udev-worker)\", pid 222, jiffies 4294894636\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 6265fd77):\n [] kmalloc_trace+0x29d/0x340\n [] dm_dmub_sw_init+0xb4/0x450 [amdgpu]\n [] dm_sw_init+0x15/0x2b0 [amdgpu]\n [] amdgpu_device_init+0x1417/0x24e0 [amdgpu]\n [] amdgpu_driver_load_kms+0x15/0x190 [amdgpu]\n [] amdgpu_pci_probe+0x187/0x4e0 [amdgpu]\n [] local_pci_probe+0x3e/0x90\n [] pci_device_probe+0xc3/0x230\n [] really_probe+0xe2/0x480\n [] __driver_probe_device+0x78/0x160\n [] driver_probe_device+0x1f/0x90\n [] __driver_attach+0xce/0x1c0\n [] bus_for_each_dev+0x70/0xc0\n [] bus_add_driver+0x112/0x210\n [] driver_register+0x55/0x100\n [] do_one_initcall+0x41/0x300\n\nFix this by freeing dmub_srv after destroying it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: corrige la p\u00e9rdida de memoria en dm_sw_fini() Despu\u00e9s de destruir dmub_srv, la memoria asociada a \u00e9l no se libera, lo que provoca una p\u00e9rdida de memoria: objeto sin referencia 0xffff896302b45800 (tama\u00f1o 1024) : comm \"(udev-worker)\", pid 222, sjiffies 4294894636 volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........... ..... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ retroceso (crc 6265fd77): [] kmalloc_trace+ 0x29d/0x340 [] dm_dmub_sw_init+0xb4/0x450 [amdgpu] [] dm_sw_init+0x15/0x2b0 [amdgpu] [] 1417/0x24e0 [amdgpu] [] amdgpu_driver_load_kms+0x15 /0x190 [amdgpu] [] amdgpu_pci_probe+0x187/0x4e0 [amdgpu] [] local_pci_probe+0x3e/0x90 [] pci_device_probe+0xc3/0x230 [ ] realmente_probe+0xe2/0x480 [< ffffffff99805c98>] __driver_probe_device+0x78/0x160 [] driver_probe_device+0x1f/0x90 [] __driver_attach+0xce/0x1c0 [] v+0x70/0xc0 [] bus_add_driver+0x112/0x210 [< ffffffff99807245>] driver_register+0x55/0x100 [] do_one_initcall+0x41/0x300 Solucione este problema liberando dmub_srv despu\u00e9s de destruirlo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26834.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26834.json index afce26b323b..34d651922f7 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26834.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26834.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_flow_offload: release dst in case direct xmit path is used\n\nDirect xmit does not use it since it calls dev_queue_xmit() to send\npackets, hence it calls dst_release().\n\nkmemleak reports:\n\nunreferenced object 0xffff88814f440900 (size 184):\n comm \"softirq\", pid 0, jiffies 4294951896\n hex dump (first 32 bytes):\n 00 60 5b 04 81 88 ff ff 00 e6 e8 82 ff ff ff ff .`[.............\n 21 0b 50 82 ff ff ff ff 00 00 00 00 00 00 00 00 !.P.............\n backtrace (crc cb2bf5d6):\n [<000000003ee17107>] kmem_cache_alloc+0x286/0x340\n [<0000000021a5de2c>] dst_alloc+0x43/0xb0\n [<00000000f0671159>] rt_dst_alloc+0x2e/0x190\n [<00000000fe5092c9>] __mkroute_output+0x244/0x980\n [<000000005fb96fb0>] ip_route_output_flow+0xc0/0x160\n [<0000000045367433>] nf_ip_route+0xf/0x30\n [<0000000085da1d8e>] nf_route+0x2d/0x60\n [<00000000d1ecd1cb>] nft_flow_route+0x171/0x6a0 [nft_flow_offload]\n [<00000000d9b2fb60>] nft_flow_offload_eval+0x4e8/0x700 [nft_flow_offload]\n [<000000009f447dbb>] expr_call_ops_eval+0x53/0x330 [nf_tables]\n [<00000000072e1be6>] nft_do_chain+0x17c/0x840 [nf_tables]\n [<00000000d0551029>] nft_do_chain_inet+0xa1/0x210 [nf_tables]\n [<0000000097c9d5c6>] nf_hook_slow+0x5b/0x160\n [<0000000005eccab1>] ip_forward+0x8b6/0x9b0\n [<00000000553a269b>] ip_rcv+0x221/0x230\n [<00000000412872e5>] __netif_receive_skb_one_core+0xfe/0x110" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nft_flow_offload: libera dst en caso de que se use la ruta de xmit directa Direct xmit no la usa ya que llama a dev_queue_xmit() para enviar paquetes, por lo tanto llama a dst_release(). informes kmemleak: objeto sin referencia 0xffff88814f440900 (tama\u00f1o 184): comm \"softirq\", pid 0, jiffies 4294951896 volcado hexadecimal (primeros 32 bytes): 00 60 5b 04 81 88 ff ff 00 e6 e8 82 ff ff ff ff .`[.. ........... 21 0b 50 82 ff ff ff ff 00 00 00 00 00 00 00 00 !.P................. retroceso (crc cb2bf5d6): [ <000000003ee17107>] kmem_cache_alloc+0x286/0x340 [<0000000021a5de2c>] dst_alloc+0x43/0xb0 [<00000000f0671159>] rt_dst_alloc+0x2e/0x190 [<00000000fe50 92c9>] __mkroute_output+0x244/0x980 [<000000005fb96fb0>] ip_route_output_flow+0xc0/0x160 [ <0000000045367433>] nf_ip_route+0xf/0x30 [<0000000085da1d8e>] nf_route+0x2d/0x60 [<00000000d1ecd1cb>] nft_flow_route+0x171/0x6a0 [nft_flow_offload] 0000d9b2fb60>] nft_flow_offload_eval+0x4e8/0x700 [nft_flow_offload] [<000000009f447dbb>] expr_call_ops_eval+0x53/0x330 [nf_tables] [<00000000072e1be6>] nft_do_chain+0x17c/0x840 [nf_tables] [<00000000d0551029>] nft_do_chain_inet+0xa1/0x210 [nf_tables] [ <0000000097c9d5c6>] nf_hook_slow+0x5b/0x160 [<0000000005eccab1>] ip_forward +0x8b6/0x9b0 [<00000000553a269b>] ip_rcv+0x221/0x230 [<00000000412872e5>] __netif_receive_skb_one_core+0xfe/0x110" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26835.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26835.json index 285555d6662..5046c2272a2 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26835.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26835.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: set dormant flag on hook register failure\n\nWe need to set the dormant flag again if we fail to register\nthe hooks.\n\nDuring memory pressure hook registration can fail and we end up\nwith a table marked as active but no registered hooks.\n\nOn table/base chain deletion, nf_tables will attempt to unregister\nthe hook again which yields a warn splat from the nftables core." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: establece el indicador inactivo en caso de error en el registro del enlace. Necesitamos configurar el indicador inactivo nuevamente si no logramos registrar los enlaces. Durante la presi\u00f3n de la memoria, el registro de ganchos puede fallar y terminamos con una tabla marcada como activa pero sin ganchos registrados. Al eliminar la tabla/cadena base, nf_tables intentar\u00e1 cancelar el registro del gancho nuevamente, lo que genera un s\u00edmbolo de advertencia desde el n\u00facleo de nftables." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26836.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26836.json index 56671c8bc53..c48efac884d 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26836.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26836.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: think-lmi: Fix password opcode ordering for workstations\n\nThe Lenovo workstations require the password opcode to be run before\nthe attribute value is changed (if Admin password is enabled).\n\nTested on some Thinkpads to confirm they are OK with this order too." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: plataforma/x86: think-lmi: corrige el orden del c\u00f3digo de operaci\u00f3n de contrase\u00f1a para las estaciones de trabajo Las estaciones de trabajo Lenovo requieren que se ejecute el c\u00f3digo de operaci\u00f3n de la contrase\u00f1a antes de cambiar el valor del atributo (si la contrase\u00f1a de administrador est\u00e1 habilitada). Probado en algunos Thinkpads para confirmar que tambi\u00e9n est\u00e1n de acuerdo con este pedido." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26837.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26837.json index 539fba19b27..8086fd11013 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26837.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26837.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: switchdev: Skip MDB replays of deferred events on offload\n\nBefore this change, generation of the list of MDB events to replay\nwould race against the creation of new group memberships, either from\nthe IGMP/MLD snooping logic or from user configuration.\n\nWhile new memberships are immediately visible to walkers of\nbr->mdb_list, the notification of their existence to switchdev event\nsubscribers is deferred until a later point in time. So if a replay\nlist was generated during a time that overlapped with such a window,\nit would also contain a replay of the not-yet-delivered event.\n\nThe driver would thus receive two copies of what the bridge internally\nconsidered to be one single event. On destruction of the bridge, only\na single membership deletion event was therefore sent. As a\nconsequence of this, drivers which reference count memberships (at\nleast DSA), would be left with orphan groups in their hardware\ndatabase when the bridge was destroyed.\n\nThis is only an issue when replaying additions. While deletion events\nmay still be pending on the deferred queue, they will already have\nbeen removed from br->mdb_list, so no duplicates can be generated in\nthat scenario.\n\nTo a user this meant that old group memberships, from a bridge in\nwhich a port was previously attached, could be reanimated (in\nhardware) when the port joined a new bridge, without the new bridge's\nknowledge.\n\nFor example, on an mv88e6xxx system, create a snooping bridge and\nimmediately add a port to it:\n\n root@infix-06-0b-00:~$ ip link add dev br0 up type bridge mcast_snooping 1 && \\\n > ip link set dev x3 up master br0\n\nAnd then destroy the bridge:\n\n root@infix-06-0b-00:~$ ip link del dev br0\n root@infix-06-0b-00:~$ mvls atu\n ADDRESS FID STATE Q F 0 1 2 3 4 5 6 7 8 9 a\n DEV:0 Marvell 88E6393X\n 33:33:00:00:00:6a 1 static - - 0 . . . . . . . . . .\n 33:33:ff:87:e4:3f 1 static - - 0 . . . . . . . . . .\n ff:ff:ff:ff:ff:ff 1 static - - 0 1 2 3 4 5 6 7 8 9 a\n root@infix-06-0b-00:~$\n\nThe two IPv6 groups remain in the hardware database because the\nport (x3) is notified of the host's membership twice: once via the\noriginal event and once via a replay. Since only a single delete\nnotification is sent, the count remains at 1 when the bridge is\ndestroyed.\n\nThen add the same port (or another port belonging to the same hardware\ndomain) to a new bridge, this time with snooping disabled:\n\n root@infix-06-0b-00:~$ ip link add dev br1 up type bridge mcast_snooping 0 && \\\n > ip link set dev x3 up master br1\n\nAll multicast, including the two IPv6 groups from br0, should now be\nflooded, according to the policy of br1. But instead the old\nmemberships are still active in the hardware database, causing the\nswitch to only forward traffic to those groups towards the CPU (port\n0).\n\nEliminate the race in two steps:\n\n1. Grab the write-side lock of the MDB while generating the replay\n list.\n\nThis prevents new memberships from showing up while we are generating\nthe replay list. But it leaves the scenario in which a deferred event\nwas already generated, but not delivered, before we grabbed the\nlock. Therefore:\n\n2. Make sure that no deferred version of a replay event is already\n enqueued to the switchdev deferred queue, before adding it to the\n replay list, when replaying additions." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: bridge: switchdev: omitir repeticiones MDB de eventos diferidos durante la descarga. Antes de este cambio, la generaci\u00f3n de la lista de eventos MDB para reproducir competir\u00eda con la creaci\u00f3n de nuevas membres\u00edas de grupos, ya sea desde la l\u00f3gica de espionaje IGMP/MLD o desde la configuraci\u00f3n del usuario. Si bien las nuevas membres\u00edas son visibles inmediatamente para los caminantes de br->mdb_list, la notificaci\u00f3n de su existencia a los suscriptores del evento switchdev se difiere hasta un momento posterior. Entonces, si se gener\u00f3 una lista de reproducci\u00f3n durante un tiempo que se superpuso con dicha ventana, tambi\u00e9n contendr\u00eda una repetici\u00f3n del evento a\u00fan no entregado. El conductor recibir\u00eda as\u00ed dos copias de lo que internamente el puente consideraba un \u00fanico evento. Por lo tanto, tras la destrucci\u00f3n del puente, solo se envi\u00f3 un evento de eliminaci\u00f3n de membres\u00eda. Como consecuencia de esto, los controladores que hacen referencia al recuento de membres\u00edas (al menos DSA) quedar\u00edan con grupos hu\u00e9rfanos en su base de datos de hardware cuando se destruyera el puente. Esto s\u00f3lo es un problema al reproducir adiciones. Si bien es posible que los eventos de eliminaci\u00f3n a\u00fan est\u00e9n pendientes en la cola diferida, ya se habr\u00e1n eliminado de br->mdb_list, por lo que no se pueden generar duplicados en ese escenario. Para un usuario, esto significaba que las antiguas membres\u00edas de grupos, de un puente al que previamente se hab\u00eda conectado un puerto, pod\u00edan reanimarse (en hardware) cuando el puerto se un\u00eda a un nuevo puente, sin el conocimiento del nuevo puente. Por ejemplo, en un sistema mv88e6xxx, cree un puente de vigilancia e inmediatamente agr\u00e9guele un puerto: root@infix-06-0b-00:~$ ip link add dev br0 up type bridge mcast_snooping 1 && \\ > ip link set dev x3 up master br0 Y luego destruye el puente: root@infix-06-0b-00:~$ ip link del dev br0 root@infix-06-0b-00:~$ mvls atu DIRECCI\u00d3N FID ESTADO QF 0 1 2 3 4 5 6 7 8 9 a DEV:0 Marvell 88E6393X 33:33:00:00:00:6a 1 est\u00e1tico - - 0 . . . . . . . . . . 33:33:ff:87:e4:3f 1 est\u00e1tico - - 0 . . . . . . . . . . ff:ff:ff:ff:ff:ff 1 static - - 0 1 2 3 4 5 6 7 8 9 a root@infix-06-0b-00:~$ Los dos grupos IPv6 permanecen en la base de datos de hardware porque el puerto (x3) recibe dos notificaciones sobre la membres\u00eda del anfitri\u00f3n: una vez a trav\u00e9s del evento original y otra a trav\u00e9s de una repetici\u00f3n. Dado que solo se env\u00eda una notificaci\u00f3n de eliminaci\u00f3n, el recuento permanece en 1 cuando se destruye el puente. Luego agregue el mismo puerto (u otro puerto que pertenezca al mismo dominio de hardware) a un nuevo puente, esta vez con el snooping deshabilitado: root@infix-06-0b-00:~$ ip link add dev br1 up type bridge mcast_snooping 0 && \\ > ip link set dev x3 up master br1 Toda la multidifusi\u00f3n, incluidos los dos grupos IPv6 de br0, ahora deber\u00eda estar inundada, de acuerdo con la pol\u00edtica de br1. Pero, en cambio, las membres\u00edas antiguas todav\u00eda est\u00e1n activas en la base de datos del hardware, lo que hace que el conmutador solo reenv\u00ede el tr\u00e1fico a esos grupos hacia la CPU (puerto 0). Elimine la carrera en dos pasos: 1. Tome el bloqueo del lado de escritura del MDB mientras genera la lista de reproducci\u00f3n. Esto evita que aparezcan nuevas membres\u00edas mientras generamos la lista de reproducci\u00f3n. Pero deja el escenario en el que ya se gener\u00f3 un evento diferido, pero no se entreg\u00f3, antes de que tom\u00e1ramos el bloqueo. Por lo tanto: 2. Aseg\u00farese de que ninguna versi\u00f3n diferida de un evento de reproducci\u00f3n ya est\u00e9 en cola en la cola diferida de switchdev, antes de agregarla a la lista de reproducci\u00f3n, al reproducir adiciones." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26838.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26838.json index bef3a250510..8c12ccad304 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26838.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26838.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix KASAN issue with tasklet\n\nKASAN testing revealed the following issue assocated with freeing an IRQ.\n\n[50006.466686] Call Trace:\n[50006.466691] \n[50006.489538] dump_stack+0x5c/0x80\n[50006.493475] print_address_description.constprop.6+0x1a/0x150\n[50006.499872] ? irdma_sc_process_ceq+0x483/0x790 [irdma]\n[50006.505742] ? irdma_sc_process_ceq+0x483/0x790 [irdma]\n[50006.511644] kasan_report.cold.11+0x7f/0x118\n[50006.516572] ? irdma_sc_process_ceq+0x483/0x790 [irdma]\n[50006.522473] irdma_sc_process_ceq+0x483/0x790 [irdma]\n[50006.528232] irdma_process_ceq+0xb2/0x400 [irdma]\n[50006.533601] ? irdma_hw_flush_wqes_callback+0x370/0x370 [irdma]\n[50006.540298] irdma_ceq_dpc+0x44/0x100 [irdma]\n[50006.545306] tasklet_action_common.isra.14+0x148/0x2c0\n[50006.551096] __do_softirq+0x1d0/0xaf8\n[50006.555396] irq_exit_rcu+0x219/0x260\n[50006.559670] irq_exit+0xa/0x20\n[50006.563320] smp_apic_timer_interrupt+0x1bf/0x690\n[50006.568645] apic_timer_interrupt+0xf/0x20\n[50006.573341] \n\nThe issue is that a tasklet could be pending on another core racing\nthe delete of the irq.\n\nFix by insuring any scheduled tasklet is killed after deleting the\nirq." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: RDMA/irdma: solucione el problema de KASAN con el tasklet Las pruebas de KASAN revelaron el siguiente problema asociado con la liberaci\u00f3n de una IRQ. [50006.466686] Seguimiento de llamadas: [50006.466691] [50006.489538] dump_stack+0x5c/0x80 [50006.493475] print_address_description.constprop.6+0x1a/0x150 [50006.499872] ? irdma_sc_process_ceq+0x483/0x790 [irdma] [50006.505742] ? irdma_sc_process_ceq+0x483/0x790 [irdma] [50006.511644] kasan_report.cold.11+0x7f/0x118 [50006.516572] ? irdma_sc_process_ceq+0x483/0x790 [irdma] [50006.522473] irdma_sc_process_ceq+0x483/0x790 [irdma] [50006.528232] irdma_process_ceq+0xb2/0x400 [irdma] [50006.536.53601 irdma_hw_flush_wqes_callback+0x370/0x370 [irdma] [50006.540298] irdma_ceq_dpc+0x44/0x100 [irdma] [50006.545306] tasklet_action_common.isra.14+0x148/0x2c0 [50006.551096 ] __do_softirq+0x1d0/0xaf8 [50006.555396] irq_exit_rcu+0x219/0x260 [50006.559670] irq_exit+0xa/0x20 [50006.563320] smp_apic_timer_interrupt+0x1bf/0x690 [50006.568645] apic_timer_interrupt+0xf/0x20 [50006.573341] El problema es que un tasklet podr\u00eda estar pendiente en otro n\u00facleo acelerando la eliminaci\u00f3n del irq. Soluci\u00f3n asegur\u00e1ndose de que cualquier tasklet programado se elimine despu\u00e9s de eliminar el irq." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26839.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26839.json index 42c133df8a5..70634aed9b0 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26839.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26839.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix a memleak in init_credit_return\n\nWhen dma_alloc_coherent fails to allocate dd->cr_base[i].va,\ninit_credit_return should deallocate dd->cr_base and\ndd->cr_base[i] that allocated before. Or those resources\nwould be never freed and a memleak is triggered." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: IB/hfi1: corrige una fuga de mem en init_credit_return Cuando dma_alloc_coherent no puede asignar dd->cr_base[i].va, init_credit_return deber\u00eda desasignar dd->cr_base y dd->cr_base[i]. ] el asignado antes. O esos recursos nunca se liberar\u00edan y se desencadenar\u00eda una fuga de memoria." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26840.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26840.json index e5c790dba8b..c5080312c92 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26840.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26840.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix memory leak in cachefiles_add_cache()\n\nThe following memory leak was reported after unbinding /dev/cachefiles:\n\n==================================================================\nunreferenced object 0xffff9b674176e3c0 (size 192):\n comm \"cachefilesd2\", pid 680, jiffies 4294881224\n hex dump (first 32 bytes):\n 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc ea38a44b):\n [] kmem_cache_alloc+0x2d5/0x370\n [] prepare_creds+0x26/0x2e0\n [] cachefiles_determine_cache_security+0x1f/0x120\n [] cachefiles_add_cache+0x13c/0x3a0\n [] cachefiles_daemon_write+0x146/0x1c0\n [] vfs_write+0xcb/0x520\n [] ksys_write+0x69/0xf0\n [] do_syscall_64+0x72/0x140\n [] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n==================================================================\n\nPut the reference count of cache_cred in cachefiles_daemon_unbind() to\nfix the problem. And also put cache_cred in cachefiles_add_cache() error\nbranch to avoid memory leaks." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cachefiles: corrige la p\u00e9rdida de memoria en cachefiles_add_cache() Se inform\u00f3 la siguiente p\u00e9rdida de memoria despu\u00e9s de desvincular /dev/cachefiles: ================= ==================================================== objeto sin referencia 0xffff9b674176e3c0 (tama\u00f1o 192): comm \"cachefilesd2\", pid 680, jiffies 4294881224 volcado hexadecimal (primeros 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ retroceso (crc ea38a44b): [ ] kmem_cache_alloc+0x2d5/0x370 [] prepare_creds+0x26/0x2e0 [] cachefiles_determine_cache_security+0x1f/0x120 [] cachefiles_add_cache+0x13c/0x 3a0 [] cachefiles_daemon_write+0x146/0x1c0 [ ] vfs_write+0xcb/0x520 [] ksys_write+0x69/0xf0 [] do_syscall_64+0x72/0x140 [] Entry_SYSCALL_64_after_hwframe+0x6e/0x76 =============== ==================================================== == Coloque el recuento de referencias de cache_cred en cachefiles_daemon_unbind() para solucionar el problema. Y tambi\u00e9n coloque cache_cred en la rama de error cachefiles_add_cache() para evitar p\u00e9rdidas de memoria." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26841.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26841.json index f7a90b5e00e..4010d3cc924 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26841.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26841.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Update cpu_sibling_map when disabling nonboot CPUs\n\nUpdate cpu_sibling_map when disabling nonboot CPUs by defining & calling\nclear_cpu_sibling_map(), otherwise we get such errors on SMT systems:\n\njump label: negative count!\nWARNING: CPU: 6 PID: 45 at kernel/jump_label.c:263 __static_key_slow_dec_cpuslocked+0xec/0x100\nCPU: 6 PID: 45 Comm: cpuhp/6 Not tainted 6.8.0-rc5+ #1340\npc 90000000004c302c ra 90000000004c302c tp 90000001005bc000 sp 90000001005bfd20\na0 000000000000001b a1 900000000224c278 a2 90000001005bfb58 a3 900000000224c280\na4 900000000224c278 a5 90000001005bfb50 a6 0000000000000001 a7 0000000000000001\nt0 ce87a4763eb5234a t1 ce87a4763eb5234a t2 0000000000000000 t3 0000000000000000\nt4 0000000000000006 t5 0000000000000000 t6 0000000000000064 t7 0000000000001964\nt8 000000000009ebf6 u0 9000000001f2a068 s9 0000000000000000 s0 900000000246a2d8\ns1 ffffffffffffffff s2 ffffffffffffffff s3 90000000021518c0 s4 0000000000000040\ns5 9000000002151058 s6 9000000009828e40 s7 00000000000000b4 s8 0000000000000006\n ra: 90000000004c302c __static_key_slow_dec_cpuslocked+0xec/0x100\n ERA: 90000000004c302c __static_key_slow_dec_cpuslocked+0xec/0x100\n CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)\n PRMD: 00000004 (PPLV0 +PIE -PWE)\n EUEN: 00000000 (-FPE -SXE -ASXE -BTE)\n ECFG: 00071c1c (LIE=2-4,10-12 VS=7)\nESTAT: 000c0000 [BRK] (IS= ECode=12 EsubCode=0)\n PRID: 0014d000 (Loongson-64bit, Loongson-3A6000-HV)\nCPU: 6 PID: 45 Comm: cpuhp/6 Not tainted 6.8.0-rc5+ #1340\nStack : 0000000000000000 900000000203f258 900000000179afc8 90000001005bc000\n 90000001005bf980 0000000000000000 90000001005bf988 9000000001fe0be0\n 900000000224c280 900000000224c278 90000001005bf8c0 0000000000000001\n 0000000000000001 ce87a4763eb5234a 0000000007f38000 90000001003f8cc0\n 0000000000000000 0000000000000006 0000000000000000 4c206e6f73676e6f\n 6f4c203a656d616e 000000000009ec99 0000000007f38000 0000000000000000\n 900000000214b000 9000000001fe0be0 0000000000000004 0000000000000000\n 0000000000000107 0000000000000009 ffffffffffafdabe 00000000000000b4\n 0000000000000006 90000000004c302c 9000000000224528 00005555939a0c7c\n 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c\n ...\nCall Trace:\n[<9000000000224528>] show_stack+0x48/0x1a0\n[<900000000179afc8>] dump_stack_lvl+0x78/0xa0\n[<9000000000263ed0>] __warn+0x90/0x1a0\n[<90000000017419b8>] report_bug+0x1b8/0x280\n[<900000000179c564>] do_bp+0x264/0x420\n[<90000000004c302c>] __static_key_slow_dec_cpuslocked+0xec/0x100\n[<90000000002b4d7c>] sched_cpu_deactivate+0x2fc/0x300\n[<9000000000266498>] cpuhp_invoke_callback+0x178/0x8a0\n[<9000000000267f70>] cpuhp_thread_fun+0xf0/0x240\n[<90000000002a117c>] smpboot_thread_fn+0x1dc/0x2e0\n[<900000000029a720>] kthread+0x140/0x160\n[<9000000000222288>] ret_from_kernel_thread+0xc/0xa4" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: LoongArch: actualice cpu_sibling_map al deshabilitar las CPU que no son de arranque. Actualice cpu_sibling_map al deshabilitar las CPU que no son de arranque definiendo y llamando a clear_cpu_sibling_map(); de lo contrario, obtenemos este tipo de errores en los sistemas SMT: etiqueta de salto: recuento negativo. ADVERTENCIA: CPU: 6 PID: 45 en kernel/jump_label.c:263 __static_key_slow_dec_cpuslocked+0xec/0x100 CPU: 6 PID: 45 Comm: cpuhp/6 No contaminado 6.8.0-rc5+ #1340 pc 90000000004c302c ra 90000000004c3 02c tp 90000001005bc000 sp 90000001005bfd20 a0 000000000000001B A1 900000000224C278 A2 90000001005BFB58 A3 900000000224C280 A4 900000000224C278 A5 90000001005BFB50 A6 00000000000001 A7 00000000000001 T0 763EB5234A T2 0000000000000000 T3 000000000000000000 T4 000000000000000006 T5 00000000000000 T6 0000000000000064 T7 000000000000001964 T8 46a2d8 S1 fffffffffffffff S2 fffffffffffffff S3 90000000021518C0 S4 0000000000000040 S5 9000000002151058 S6 9000000009828e40 s7 00000000000000b4 s8 0000000000000006 ra: 90000000004c302c __static_key_slow_dec_cpuslocked+0xec/0x100 ERA: 90000000004c302c _key_slow_dec_cpuslocked+0xec/0x100 CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) PRMD: 00000004 (PPLV0 +PIE -PWE ) EUEN: 00000000 (-FPE -SXE -ASXE -BTE) ECFG: 00071c1c (LIE=2-4,10-12 VS=7) ESTAT: 000c0000 [BRK] (IS= ECode=12 EssubCode=0) PRID: 0014d000 (Loongson-64bit, Loongson-3A6000-HV) CPU: 6 PID: 45 Comm: CPUHP/6 No contaminado 6.8.0-RC5+ #1340 Pila: 000000000000000000 90000000000203F258 90000000000179AFC8 90000005BC000 900001005BF980 005bf988 900000000001FE0BE0 900000000224C280 90000000000224C278 9000000001005BF8C0 0000000000000001 0000000000000001 CE87A4763EB5234A 0000000007F38000 90000000033F8CA0000000000000000000000000000000000 MUTITOS. 0000000000000006 0000000000000000 4C206E6F73676E6F 6F4C203A656D616E 000000000009EC99 0000000007F38000 000000000000000000000000214BECT 0000000000000009 FFFFFFFFFFFAFDABE 00000000000000B4 000000000000000006 90000000004C302C 9000000000224528 00005555939A0C7C 0000000000000000B0 00000000000004 4528>] show_stack+0x48/0x1a0 [<900000000179AFC8>] dump_stack_lvl+0x78/0xa0 [ <9000000000263ed0>] __warn+0x90/0x1a0 [<90000000017419b8>] report_bug+0x1b8/0x280 [<900000000179c564>] do_bp+0x264/0x420 [<90000000004c302c>] __static_key_slow_dec_cpuslocked+0xec/0x100 [<90000000002b4d7c>] sched_cpu_deactivate+0x2fc/0x300 [ <9000000000266498>] cpuhp_invoke_callback+0x178/0x8a0 [<9000000000267f70>] cpuhp_thread_fun+0xf0/0x240 [<90000000002a117c>] smpboot_thread_fn+0x1dc/0x2e0 [<900000000029a720>] kthread+0x140/0x160 [<9000000000222288>] ret_from_kernel_thread+0xc/0xa4" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26842.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26842.json index e0bdf606f6f..0e4d35f278e 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26842.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26842.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix shift issue in ufshcd_clear_cmd()\n\nWhen task_tag >= 32 (in MCQ mode) and sizeof(unsigned int) == 4, 1U <<\ntask_tag will out of bounds for a u32 mask. Fix this up to prevent\nSHIFT_ISSUE (bitwise shifts that are out of bounds for their data type).\n\n[name:debug_monitors&]Unexpected kernel BRK exception at EL1\n[name:traps&]Internal error: BRK handler: 00000000f2005514 [#1] PREEMPT SMP\n[name:mediatek_cpufreq_hw&]cpufreq stop DVFS log done\n[name:mrdump&]Kernel Offset: 0x1ba5800000 from 0xffffffc008000000\n[name:mrdump&]PHYS_OFFSET: 0x80000000\n[name:mrdump&]pstate: 22400005 (nzCv daif +PAN -UAO)\n[name:mrdump&]pc : [0xffffffdbaf52bb2c] ufshcd_clear_cmd+0x280/0x288\n[name:mrdump&]lr : [0xffffffdbaf52a774] ufshcd_wait_for_dev_cmd+0x3e4/0x82c\n[name:mrdump&]sp : ffffffc0081471b0\n\nWorkqueue: ufs_eh_wq_0 ufshcd_err_handler\nCall trace:\n dump_backtrace+0xf8/0x144\n show_stack+0x18/0x24\n dump_stack_lvl+0x78/0x9c\n dump_stack+0x18/0x44\n mrdump_common_die+0x254/0x480 [mrdump]\n ipanic_die+0x20/0x30 [mrdump]\n notify_die+0x15c/0x204\n die+0x10c/0x5f8\n arm64_notify_die+0x74/0x13c\n do_debug_exception+0x164/0x26c\n el1_dbg+0x64/0x80\n el1h_64_sync_handler+0x3c/0x90\n el1h_64_sync+0x68/0x6c\n ufshcd_clear_cmd+0x280/0x288\n ufshcd_wait_for_dev_cmd+0x3e4/0x82c\n ufshcd_exec_dev_cmd+0x5bc/0x9ac\n ufshcd_verify_dev_init+0x84/0x1c8\n ufshcd_probe_hba+0x724/0x1ce0\n ufshcd_host_reset_and_restore+0x260/0x574\n ufshcd_reset_and_restore+0x138/0xbd0\n ufshcd_err_handler+0x1218/0x2f28\n process_one_work+0x5fc/0x1140\n worker_thread+0x7d8/0xe20\n kthread+0x25c/0x468\n ret_from_fork+0x10/0x20" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: scsi: ufs: core: solucione el problema de cambio en ufshcd_clear_cmd() Cuando task_tag >= 32 (en modo MCQ) y sizeof(unsigned int) == 4, 1U << task_tag ser\u00e1 fuera de los l\u00edmites para una m\u00e1scara u32. Solucione esto para evitar SHIFT_ISSUE (desplazamientos bit a bit que est\u00e1n fuera de los l\u00edmites de su tipo de datos). [nombre:debug_monitors&]Excepci\u00f3n inesperada de BRK del kernel en EL1 [nombre:traps&]Error interno: controlador BRK: 00000000f2005514 [#1] PREEMPT SMP [nombre:mediatek_cpufreq_hw&]cpufreq detiene el registro DVFS hecho [nombre:mrdump&]Kernel Offset: 0x1ba5800000 de 0xffffffc0 08000000 [nombre:mrdump&]PHYS_OFFSET: 0x80000000 [nombre:mrdump&]pstate: 22400005 (nzCv daif +PAN -UAO) [nombre:mrdump&]pc: [0xffffffdbaf52bb2c] ufshcd_clear_cmd+0x280/0x288 [nombre:mrdump&]lr: [0xffffffdbaf52 a774] ufshcd_wait_for_dev_cmd +0x3e4/0x82c [nombre:mrdump&]sp: ffffffc0081471b0 Cola de trabajo: ufs_eh_wq_0 ufshcd_err_handler Rastreo de llamadas: dump_backtrace+0xf8/0x144 show_stack+0x18/0x24 dump_stack_lvl+0x78/0x9c dump_stack+0x1 8/0x44 mrdump_common_die+0x254/0x480 [mrdump] ipanic_die+0x20/0x30 [mrdump] notify_die+0x15c/0x204 die+0x10c/0x5f8 arm64_notify_die+0x74/0x13c do_debug_exception+0x164/0x26c el1_dbg+0x64/0x80 el1h_64_sync_handler+0x3c/0x90 el 1h_64_sync+0x68/0x6c ufshcd_clear_cmd+0x280/0x288 ufshcd_wait_for_dev_cmd+ 0x3e4/0x82c ufshcd_exec_dev_cmd+0x5bc/0x9ac ufshcd_verify_dev_init+0x84/0x1c8 ufshcd_probe_hba+0x724/0x1ce0 ufshcd_host_reset_and_restore+0x260/0x574 ufshcd_reset_and_restore+0x13 8/0xbd0 ufshcd_err_handler+0x1218/0x2f28 proceso_one_work+0x5fc/0x1140 trabajador_thread+0x7d8/0xe20 kthread+0x25c/0x468 ret_from_fork+ 0x10/0x20" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26843.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26843.json index e76b02769e3..e7955ac4c74 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26843.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26843.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: runtime: Fix potential overflow of soft-reserved region size\n\nmd_size will have been narrowed if we have >= 4GB worth of pages in a\nsoft-reserved region." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: efi: runtime: corrige el posible desbordamiento del tama\u00f1o de la regi\u00f3n reservada por software. md_size se habr\u00e1 reducido si tenemos >= 4 GB de p\u00e1ginas en una regi\u00f3n reservada por software." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26844.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26844.json index fd9456a6b95..6f29461179a 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26844.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26844.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix WARNING in _copy_from_iter\n\nSyzkaller reports a warning in _copy_from_iter because an\niov_iter is supposedly used in the wrong direction. The reason\nis that syzcaller managed to generate a request with\na transfer direction of SG_DXFER_TO_FROM_DEV. This instructs\nthe kernel to copy user buffers into the kernel, read into\nthe copied buffers and then copy the data back to user space.\n\nThus the iovec is used in both directions.\n\nDetect this situation in the block layer and construct a new\niterator with the correct direction for the copy-in." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bloque: Reparar ADVERTENCIA en _copy_from_iter Syzkaller informa una advertencia en _copy_from_iter porque supuestamente se usa un iov_iter en la direcci\u00f3n incorrecta. La raz\u00f3n es que syzcaller logr\u00f3 generar una solicitud con una direcci\u00f3n de transferencia de SG_DXFER_TO_FROM_DEV. Esto le indica al kernel que copie los buffers del usuario en el kernel, los lea en los buffers copiados y luego copie los datos nuevamente al espacio del usuario. Por tanto, el iovec se utiliza en ambas direcciones. Detecte esta situaci\u00f3n en la capa de bloque y construya un nuevo iterador con la direcci\u00f3n correcta para la copia." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26845.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26845.json index 9de96e8199e..49c14d00346 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26845.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26845.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: core: Add TMF to tmr_list handling\n\nAn abort that is responded to by iSCSI itself is added to tmr_list but does\nnot go to target core. A LUN_RESET that goes through tmr_list takes a\nrefcounter on the abort and waits for completion. However, the abort will\nbe never complete because it was not started in target core.\n\n Unable to locate ITT: 0x05000000 on CID: 0\n Unable to locate RefTaskTag: 0x05000000 on CID: 0.\n wait_for_tasks: Stopping tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop\n wait for tasks: tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop\n...\n INFO: task kworker/0:2:49 blocked for more than 491 seconds.\n task:kworker/0:2 state:D stack: 0 pid: 49 ppid: 2 flags:0x00000800\n Workqueue: events target_tmr_work [target_core_mod]\nCall Trace:\n __switch_to+0x2c4/0x470\n _schedule+0x314/0x1730\n schedule+0x64/0x130\n schedule_timeout+0x168/0x430\n wait_for_completion+0x140/0x270\n target_put_cmd_and_wait+0x64/0xb0 [target_core_mod]\n core_tmr_lun_reset+0x30/0xa0 [target_core_mod]\n target_tmr_work+0xc8/0x1b0 [target_core_mod]\n process_one_work+0x2d4/0x5d0\n worker_thread+0x78/0x6c0\n\nTo fix this, only add abort to tmr_list if it will be handled by target\ncore." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: scsi: target: core: agregar TMF al manejo de tmr_list. Una cancelaci\u00f3n a la que responde iSCSI se agrega a tmr_list pero no va al n\u00facleo de destino. Un LUN_RESET que pasa por tmr_list toma un refcounter al cancelar y espera a que se complete. Sin embargo, la cancelaci\u00f3n nunca se completar\u00e1 porque no se inici\u00f3 en el n\u00facleo de destino. No se puede ubicar ITT: 0x05000000 en CID: 0 No se puede ubicar RefTaskTag: 0x05000000 en CID: 0. wait_for_tasks: Deteniendo tmf LUN_RESET con etiqueta 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop esperar tareas: t mf LUN_RESET con etiqueta 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop ... INFORMACI\u00d3N: tarea kworker/0:2:49 bloqueada durante m\u00e1s de 491 segundos. tarea:kworker/0:2 estado:D pila: 0 pid: 49 ppid: 2 banderas:0x00000800 Cola de trabajo: eventos target_tmr_work [target_core_mod] Seguimiento de llamadas: __switch_to+0x2c4/0x470 _schedule+0x314/0x1730 Schedule+0x64/0x130 Schedule_timeout+0x168 /0x430 wait_for_completion+0x140/0x270 target_put_cmd_and_wait+0x64/0xb0 [target_core_mod] core_tmr_lun_reset+0x30/0xa0 [target_core_mod] target_tmr_work+0xc8/0x1b0 [target_core_mod] work_thread+0x78/0x6c0 Para solucionar este problema, solo agregue abort a tmr_list si ser\u00e1 manejado por el n\u00facleo objetivo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26846.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26846.json index e497e24c39a..c3b9f090fda 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26846.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26846.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fc: do not wait in vain when unloading module\n\nThe module exit path has race between deleting all controllers and\nfreeing 'left over IDs'. To prevent double free a synchronization\nbetween nvme_delete_ctrl and ida_destroy has been added by the initial\ncommit.\n\nThere is some logic around trying to prevent from hanging forever in\nwait_for_completion, though it does not handling all cases. E.g.\nblktests is able to reproduce the situation where the module unload\nhangs forever.\n\nIf we completely rely on the cleanup code executed from the\nnvme_delete_ctrl path, all IDs will be freed eventually. This makes\ncalling ida_destroy unnecessary. We only have to ensure that all\nnvme_delete_ctrl code has been executed before we leave\nnvme_fc_exit_module. This is done by flushing the nvme_delete_wq\nworkqueue.\n\nWhile at it, remove the unused nvme_fc_wq workqueue too." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvme-fc: no espere en vano al descargar el m\u00f3dulo. La ruta de salida del m\u00f3dulo tiene una carrera entre eliminar todos los controladores y liberar los 'ID sobrantes'. Para evitar la doble liberaci\u00f3n, la confirmaci\u00f3n inicial agreg\u00f3 una sincronizaci\u00f3n entre nvme_delete_ctrl e ida_destroy. Existe cierta l\u00f3gica al tratar de evitar que se cuelgue para siempre en wait_for_completion, aunque no maneja todos los casos. Por ejemplo, blktests puede reproducir la situaci\u00f3n en la que la descarga del m\u00f3dulo se bloquea para siempre. Si confiamos completamente en el c\u00f3digo de limpieza ejecutado desde la ruta nvme_delete_ctrl, eventualmente se liberar\u00e1n todas las ID. Esto hace que llamar a ida_destroy sea innecesario. Solo tenemos que asegurarnos de que todo el c\u00f3digo nvme_delete_ctrl se haya ejecutado antes de salir de nvme_fc_exit_module. Esto se hace vaciando la cola de trabajo nvme_delete_wq. Mientras lo hace, elimine tambi\u00e9n la cola de trabajo nvme_fc_wq no utilizada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26847.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26847.json index 561ac1c4528..d6413575601 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26847.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26847.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas: use correct function name for resetting TCE tables\n\nThe PAPR spec spells the function name as\n\n \"ibm,reset-pe-dma-windows\"\n\nbut in practice firmware uses the singular form:\n\n \"ibm,reset-pe-dma-window\"\n\nin the device tree. Since we have the wrong spelling in the RTAS\nfunction table, reverse lookups (token -> name) fail and warn:\n\n unexpected failed lookup for token 86\n WARNING: CPU: 1 PID: 545 at arch/powerpc/kernel/rtas.c:659 __do_enter_rtas_trace+0x2a4/0x2b4\n CPU: 1 PID: 545 Comm: systemd-udevd Not tainted 6.8.0-rc4 #30\n Hardware name: IBM,9105-22A POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NL1060_028) hv:phyp pSeries\n NIP [c0000000000417f0] __do_enter_rtas_trace+0x2a4/0x2b4\n LR [c0000000000417ec] __do_enter_rtas_trace+0x2a0/0x2b4\n Call Trace:\n __do_enter_rtas_trace+0x2a0/0x2b4 (unreliable)\n rtas_call+0x1f8/0x3e0\n enable_ddw.constprop.0+0x4d0/0xc84\n dma_iommu_dma_supported+0xe8/0x24c\n dma_set_mask+0x5c/0xd8\n mlx5_pci_init.constprop.0+0xf0/0x46c [mlx5_core]\n probe_one+0xfc/0x32c [mlx5_core]\n local_pci_probe+0x68/0x12c\n pci_call_probe+0x68/0x1ec\n pci_device_probe+0xbc/0x1a8\n really_probe+0x104/0x570\n __driver_probe_device+0xb8/0x224\n driver_probe_device+0x54/0x130\n __driver_attach+0x158/0x2b0\n bus_for_each_dev+0xa8/0x120\n driver_attach+0x34/0x48\n bus_add_driver+0x174/0x304\n driver_register+0x8c/0x1c4\n __pci_register_driver+0x68/0x7c\n mlx5_init+0xb8/0x118 [mlx5_core]\n do_one_initcall+0x60/0x388\n do_init_module+0x7c/0x2a4\n init_module_from_file+0xb4/0x108\n idempotent_init_module+0x184/0x34c\n sys_finit_module+0x90/0x114\n\nAnd oopses are possible when lockdep is enabled or the RTAS\ntracepoints are active, since those paths dereference the result of\nthe lookup.\n\nUse the correct spelling to match firmware's behavior, adjusting the\nrelated constants to match." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/rtas: use el nombre de funci\u00f3n correcto para restablecer las tablas TCE La especificaci\u00f3n PAPR escribe el nombre de la funci\u00f3n como \"ibm,reset-pe-dma-windows\" pero en la pr\u00e1ctica el firmware usa el singular formulario: \"ibm,reset-pe-dma-window\" en el \u00e1rbol de dispositivos. Dado que tenemos una ortograf\u00eda incorrecta en la tabla de funciones RTAS, las b\u00fasquedas inversas (token -> nombre) fallan y advierten: b\u00fasqueda fallida inesperada del token 86 ADVERTENCIA: CPU: 1 PID: 545 en arch/powerpc/kernel/rtas.c:659 __do_enter_rtas_trace+0x2a4/0x2b4 cpu: 1 pid: 545 com: systemd-udevd no contaminado 6.8.0-rc4 #30 Nombre de hardware: IBM, 9105-22A Power10 (RAW) 0x800200 0xf000006 de: IBM, FW1060.00 (NL10606060) :phyp pSeries NIP [c0000000000417f0] __do_enter_rtas_trace+0x2a4/0x2b4 LR [c0000000000417ec] __do_enter_rtas_trace+0x2a0/0x2b4 Seguimiento de llamadas: __do_enter_rtas_trace+0x2a0/0x2b4 (no confiable) tas_call+0x1f8/0x3e0 enable_ddw.constprop.0+0x4d0/0xc84 dma_iommu_dma_supported+0xe8/ 0x24c dma_set_mask+0x5c/0xd8 mlx5_pci_init.constprop.0+0xf0/0x46c [mlx5_core] probe_one+0xfc/0x32c [mlx5_core] local_pci_probe+0x68/0x12c pci_call_probe+0x68/0x1ec pci_device_probe+0xbc /0x1a8 realmente_probe+0x104/0x570 __driver_probe_device+0xb8/ 0x224 driver_probe_device+0x54/0x130 __driver_attach+0x158/0x2b0 bus_for_each_dev+0xa8/0x120 driver_attach+0x34/0x48 bus_add_driver+0x174/0x304 driver_register+0x8c/0x1c4 __pci_register_driver+0x68 /0x7c mlx5_init+0xb8/0x118 [mlx5_core] do_one_initcall+0x60/0x388 do_init_module +0x7c/0x2a4 init_module_from_file+0xb4/0x108 idempotent_init_module+0x184/0x34c sys_finit_module+0x90/0x114 Y es posible que haya errores cuando lockdep est\u00e1 habilitado o los puntos de seguimiento RTAS est\u00e1n activos, ya que esas rutas eliminan la referencia al resultado de la b\u00fasqueda. Utilice la ortograf\u00eda correcta para que coincida con el comportamiento del firmware, ajustando las constantes relacionadas para que coincidan." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26848.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26848.json index 8297d52aef8..8dc28819ac5 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26848.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26848.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix endless loop in directory parsing\n\nIf a directory has a block with only \".__afsXXXX\" files in it (from\nuncompleted silly-rename), these .__afsXXXX files are skipped but without\nadvancing the file position in the dir_context. This leads to\nafs_dir_iterate() repeating the block again and again.\n\nFix this by making the code that skips the .__afsXXXX file also manually\nadvance the file position.\n\nThe symptoms are a soft lookup:\n\n watchdog: BUG: soft lockup - CPU#3 stuck for 52s! [check:5737]\n ...\n RIP: 0010:afs_dir_iterate_block+0x39/0x1fd\n ...\n ? watchdog_timer_fn+0x1a6/0x213\n ...\n ? asm_sysvec_apic_timer_interrupt+0x16/0x20\n ? afs_dir_iterate_block+0x39/0x1fd\n afs_dir_iterate+0x10a/0x148\n afs_readdir+0x30/0x4a\n iterate_dir+0x93/0xd3\n __do_sys_getdents64+0x6b/0xd4\n\nThis is almost certainly the actual fix for:\n\n https://bugzilla.kernel.org/show_bug.cgi?id=218496" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: afs: corrige el bucle sin fin en el an\u00e1lisis de directorios. Si un directorio tiene un bloque con solo archivos \".__afsXXXX\" (de un cambio de nombre incompleto), estos archivos .__afsXXXX se omiten, pero sin avanzar la posici\u00f3n del archivo en dir_context. Esto lleva a que afs_dir_iterate() repita el bloque una y otra vez. Solucione este problema haciendo que el c\u00f3digo que omite el archivo .__afsXXXX tambi\u00e9n avance manualmente la posici\u00f3n del archivo. Los s\u00edntomas son una b\u00fasqueda suave: perro guardi\u00e1n: ERROR: bloqueo suave - \u00a1CPU n.\u00b0 3 bloqueada durante 52 segundos! [verificaci\u00f3n: 5737]... RIP: 0010:afs_dir_iterate_block+0x39/0x1fd...? watchdog_timer_fn+0x1a6/0x213...? asm_sysvec_apic_timer_interrupt+0x16/0x20? AFS_DIR_ITERATE_BLOCK+0x39/0x1fd AFS_DIR_ITERATE+0x10a/0x148 AFS_READDIR+0X30/0X4A ITERE_DIR+0X93/0XD3 __DO_SYS_GETDENTS64+0x6b/0xd4 Esto es casi seguro que es casi seguro el fianza real: bug.cgi? id = 218496" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26849.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26849.json index 4837f23db7b..c976ad66075 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26849.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26849.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: add nla be16/32 types to minlen array\n\nBUG: KMSAN: uninit-value in nla_validate_range_unsigned lib/nlattr.c:222 [inline]\nBUG: KMSAN: uninit-value in nla_validate_int_range lib/nlattr.c:336 [inline]\nBUG: KMSAN: uninit-value in validate_nla lib/nlattr.c:575 [inline]\nBUG: KMSAN: uninit-value in __nla_validate_parse+0x2e20/0x45c0 lib/nlattr.c:631\n nla_validate_range_unsigned lib/nlattr.c:222 [inline]\n nla_validate_int_range lib/nlattr.c:336 [inline]\n validate_nla lib/nlattr.c:575 [inline]\n...\n\nThe message in question matches this policy:\n\n [NFTA_TARGET_REV] = NLA_POLICY_MAX(NLA_BE32, 255),\n\nbut because NLA_BE32 size in minlen array is 0, the validation\ncode will read past the malformed (too small) attribute.\n\nNote: Other attributes, e.g. BITFIELD32, SINT, UINT.. are also missing:\nthose likely should be added too." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netlink: agregue tipos nla be16/32 a la matriz minlen ERROR: KMSAN: valor uninit en nla_validate_range_unsigned lib/nlattr.c:222 [en l\u00ednea] ERROR: KMSAN: valor uninit en nla_validate_int_range lib/nlattr.c:336 [en l\u00ednea] ERROR: KMSAN: valor uninit en validar_nla lib/nlattr.c:575 [en l\u00ednea] ERROR: KMSAN: valor uninit en __nla_validate_parse+0x2e20/0x45c0 lib/nlattr.c:631 nla_validate_range_unsigned lib/nlattr.c:222 [en l\u00ednea] nla_validate_int_range lib/nlattr.c:336 [en l\u00ednea] validar_nla lib/nlattr.c:575 [en l\u00ednea] ... El mensaje en cuesti\u00f3n coincide con esta pol\u00edtica: [NFTA_TARGET_REV] = NLA_POLICY_MAX( NLA_BE32, 255), pero debido a que el tama\u00f1o de NLA_BE32 en la matriz minlen es 0, el c\u00f3digo de validaci\u00f3n leer\u00e1 m\u00e1s all\u00e1 del atributo con formato incorrecto (demasiado peque\u00f1o). Nota: Tambi\u00e9n faltan otros atributos, por ejemplo, BITFIELD32, SINT, UINT...: probablemente tambi\u00e9n deber\u00edan agregarse." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26850.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26850.json index 5a1be3cad04..df1aae6a804 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26850.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26850.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/debug_vm_pgtable: fix BUG_ON with pud advanced test\n\nArchitectures like powerpc add debug checks to ensure we find only devmap\nPUD pte entries. These debug checks are only done with CONFIG_DEBUG_VM. \nThis patch marks the ptes used for PUD advanced test devmap pte entries so\nthat we don't hit on debug checks on architecture like ppc64 as below.\n\nWARNING: CPU: 2 PID: 1 at arch/powerpc/mm/book3s64/radix_pgtable.c:1382 radix__pud_hugepage_update+0x38/0x138\n....\nNIP [c0000000000a7004] radix__pud_hugepage_update+0x38/0x138\nLR [c0000000000a77a8] radix__pudp_huge_get_and_clear+0x28/0x60\nCall Trace:\n[c000000004a2f950] [c000000004a2f9a0] 0xc000000004a2f9a0 (unreliable)\n[c000000004a2f980] [000d34c100000000] 0xd34c100000000\n[c000000004a2f9a0] [c00000000206ba98] pud_advanced_tests+0x118/0x334\n[c000000004a2fa40] [c00000000206db34] debug_vm_pgtable+0xcbc/0x1c48\n[c000000004a2fc10] [c00000000000fd28] do_one_initcall+0x60/0x388\n\nAlso\n\n kernel BUG at arch/powerpc/mm/book3s64/pgtable.c:202!\n ....\n\n NIP [c000000000096510] pudp_huge_get_and_clear_full+0x98/0x174\n LR [c00000000206bb34] pud_advanced_tests+0x1b4/0x334\n Call Trace:\n [c000000004a2f950] [000d34c100000000] 0xd34c100000000 (unreliable)\n [c000000004a2f9a0] [c00000000206bb34] pud_advanced_tests+0x1b4/0x334\n [c000000004a2fa40] [c00000000206db34] debug_vm_pgtable+0xcbc/0x1c48\n [c000000004a2fc10] [c00000000000fd28] do_one_initcall+0x60/0x388" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mm/debug_vm_pgtable: corrige BUG_ON con la prueba avanzada de pud. Las arquitecturas como powerpc agregan comprobaciones de depuraci\u00f3n para garantizar que solo encontremos entradas devmap PUD pte. Estas comprobaciones de depuraci\u00f3n s\u00f3lo se realizan con CONFIG_DEBUG_VM. Este parche marca los ptes utilizados para las entradas de pte devmap de prueba avanzada de PUD para que no realicemos comprobaciones de depuraci\u00f3n en arquitectura como ppc64 como se muestra a continuaci\u00f3n. ADVERTENCIA: CPU: 2 PID: 1 en arch/powerpc/mm/book3s64/radix_pgtable.c:1382 radix__pud_hugepage_update+0x38/0x138 .... NIP [c0000000000a7004] radix__pud_hugepage_update+0x38/0x138 LR [c0000000000a7 7a8] radix__pudp_huge_get_and_clear+0x28/0x60 Llamada Trace: [C00000000004A2F950] [C000000004A2F9A0] 0xC00000000004A2F9A0 (poco confiable) [C00000000004A2F980] [000D34C10000000000] 0XD34C100000000 [C0000004A2F9A0] 118/0x334 [C000000004A2FA40] [C000000002206DB34] DEBUG_VM_PGTABLE+0XCBC/0X1C48 [C000000004A2FC10] [C00000000000FD28] Do_Onitcall+0x60 /0x388 \u00a1Tambi\u00e9n ERROR del kernel en arch/powerpc/mm/book3s64/pgtable.c:202! .... NIP [c000000000096510] pudp_huge_get_and_clear_full+0x98/0x174 LR [c00000000206bb34] pud_advanced_tests+0x1b4/0x334 Seguimiento de llamadas: [c000000004a2f950] 000] 0xd34c100000000 (no confiable) [c000000004a2f9a0] [c00000000206bb34] pud_advanced_tests+0x1b4/0x334 [c000000004a2fa40] [ c00000000206db34] debug_vm_pgtable+0xcbc/0x1c48 [c000000004a2fc10] [c00000000000fd28] do_one_initcall+0x60/0x388" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26851.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26851.json index 9ffe857ffb5..a034cfbdb42 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26851.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26851.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conntrack_h323: Add protection for bmp length out of range\n\nUBSAN load reports an exception of BRK#5515 SHIFT_ISSUE:Bitwise shifts\nthat are out of bounds for their data type.\n\nvmlinux get_bitmap(b=75) + 712\n\nvmlinux decode_seq(bs=0xFFFFFFD008037000, f=0xFFFFFFD008037018, level=134443100) + 1956\n\nvmlinux decode_choice(base=0xFFFFFFD0080370F0, level=23843636) + 1216\n\nvmlinux decode_seq(f=0xFFFFFFD0080371A8, level=134443500) + 812\n\nvmlinux decode_choice(base=0xFFFFFFD008037280, level=0) + 1216\n\nvmlinux DecodeRasMessage() + 304\n\nvmlinux ras_help() + 684\n\nvmlinux nf_confirm() + 188\n\n\nDue to abnormal data in skb->data, the extension bitmap length\nexceeds 32 when decoding ras message then uses the length to make\na shift operation. It will change into negative after several loop.\nUBSAN load could detect a negative shift as an undefined behaviour\nand reports exception.\nSo we add the protection to avoid the length exceeding 32. Or else\nit will return out of range error and stop decoding." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: netfilter: nf_conntrack_h323: Agregar protecci\u00f3n para longitud de bmp fuera de rango La carga de UBSAN informa una excepci\u00f3n de BRK#5515 SHIFT_ISSUE: desplazamientos bit a bit que est\u00e1n fuera de los l\u00edmites para su tipo de datos. vmlinux get_bitmap(b=75) + 712 vmlinux decode_seq(bs=0xFFFFFFD008037000, f=0xFFFFFFD008037018, nivel=134443100) + 1956 vmlinux decode_choice (base=0xFFFFFFD0080370F0, nivel=23843636) + 1216 vmlinux decode_seq(f=0xFFFFFFD0080371A8, nivel=134443500) + 812 vmlinux decode_choice(base =0xFFFFFFD008037280, nivel=0) + 1216 vmlinux DecodeRasMessage() + 304 vmlinux ras_help() + 684 vmlinux nf_confirm() + 188 Debido a datos anormales en skb->data, la longitud del mapa de bits de la extensi\u00f3n excede 32 cuando se decodifica el mensaje ras y luego usa la longitud para realizar una operaci\u00f3n de cambio . Cambiar\u00e1 a negativo despu\u00e9s de varios bucles. La carga de UBSAN podr\u00eda detectar un cambio negativo como un comportamiento indefinido e informar una excepci\u00f3n. Por lo tanto, agregamos la protecci\u00f3n para evitar que la longitud exceda 32. De lo contrario, devolver\u00e1 un error fuera de rango y dejar\u00e1 de decodificar." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26852.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26852.json index f6698e369e2..42dee79c26b 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26852.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26852.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/ipv6: avoid possible UAF in ip6_route_mpath_notify()\n\nsyzbot found another use-after-free in ip6_route_mpath_notify() [1]\n\nCommit f7225172f25a (\"net/ipv6: prevent use after free in\nip6_route_mpath_notify\") was not able to fix the root cause.\n\nWe need to defer the fib6_info_release() calls after\nip6_route_mpath_notify(), in the cleanup phase.\n\n[1]\nBUG: KASAN: slab-use-after-free in rt6_fill_node+0x1460/0x1ac0\nRead of size 4 at addr ffff88809a07fc64 by task syz-executor.2/23037\n\nCPU: 0 PID: 23037 Comm: syz-executor.2 Not tainted 6.8.0-rc4-syzkaller-01035-gea7f3cfaa588 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x167/0x540 mm/kasan/report.c:488\n kasan_report+0x142/0x180 mm/kasan/report.c:601\n rt6_fill_node+0x1460/0x1ac0\n inet6_rt_notify+0x13b/0x290 net/ipv6/route.c:6184\n ip6_route_mpath_notify net/ipv6/route.c:5198 [inline]\n ip6_route_multipath_add net/ipv6/route.c:5404 [inline]\n inet6_rtm_newroute+0x1d0f/0x2300 net/ipv6/route.c:5517\n rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6597\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543\n netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367\n netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:745\n ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584\n ___sys_sendmsg net/socket.c:2638 [inline]\n __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\nRIP: 0033:0x7f73dd87dda9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f73de6550c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f73dd9ac050 RCX: 00007f73dd87dda9\nRDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000005\nRBP: 00007f73dd8ca47a R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000006e R14: 00007f73dd9ac050 R15: 00007ffdbdeb7858\n \n\nAllocated by task 23037:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:372 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:389\n kasan_kmalloc include/linux/kasan.h:211 [inline]\n __do_kmalloc_node mm/slub.c:3981 [inline]\n __kmalloc+0x22e/0x490 mm/slub.c:3994\n kmalloc include/linux/slab.h:594 [inline]\n kzalloc include/linux/slab.h:711 [inline]\n fib6_info_alloc+0x2e/0xf0 net/ipv6/ip6_fib.c:155\n ip6_route_info_create+0x445/0x12b0 net/ipv6/route.c:3758\n ip6_route_multipath_add net/ipv6/route.c:5298 [inline]\n inet6_rtm_newroute+0x744/0x2300 net/ipv6/route.c:5517\n rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6597\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543\n netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367\n netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:745\n ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584\n ___sys_sendmsg net/socket.c:2638 [inline]\n __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n\nFreed by task 16:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x4e/0x60 mm/kasan/generic.c:640\n poison_slab_object+0xa6/0xe0 m\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: net/ipv6: evita posible UAF en ip6_route_mpath_notify() syzbot encontr\u00f3 otro use-after-free en ip6_route_mpath_notify() [1] Commit f7225172f25a (\"net/ipv6: previene el use-after-free in ip6_route_mpath_notify\") no pudo solucionar la causa ra\u00edz. Necesitamos diferir las llamadas a fib6_info_release() despu\u00e9s de ip6_route_mpath_notify(), en la fase de limpieza. [1] ERROR: KASAN: slab-use-after-free en rt6_fill_node+0x1460/0x1ac0 Lectura de tama\u00f1o 4 en la direcci\u00f3n ffff88809a07fc64 mediante la tarea syz-executor.2/23037 CPU: 0 PID: 23037 Comm: syz-executor.2 Not tainted 6.8.0-rc4-syzkaller-01035-gea7f3cfaa588 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 25/01/2024 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:377 [en l\u00ednea] print_report+0x167/0x540 mm/kasan/report.c:488 kasan_report+0x142/0x180 mm/kasan/report. c:601 rt6_fill_node+0x1460/0x1ac0 inet6_rt_notify+0x13b/0x290 net/ipv6/route.c:6184 ip6_route_mpath_notify net/ipv6/route.c:5198 [en l\u00ednea] ip6_route_multipath_add net/ipv6/route.c:5404 et6_rtm_nuevaruta+ 0x1d0f/0x2300 net/ipv6/route.c:5517 rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6597 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543 netlink_unicast_kernel net/netlink/af_netlink.c:1 341 [en l\u00ednea] netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367 netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:730 [en l\u00ednea] __sock_sendmsg+0x221/0x270 net/socket .c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [en l\u00ednea] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667 do_syscall_64+0xf9/0x240 entrada_SYSC ALL_64_after_hwframe+0x6f/0x77 RIP : 0033:0x7f73dd87dda9 C\u00f3digo: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 24 08 0f 05 <48 > 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f73de6550c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: de RBX: 00007f73dd9ac050 RCX: 00007f73dd87dda9 RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000005 RBP: 00007f73dd8ca47a R08: 0000000000000000 R09: 0000000000000000 R10: 00000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000006e R14: 00007f73dd9ac050 R15: 00007ffdbdeb7858 Asignado por tarea 23037: kasan_save_stack mm/kasan/common.c:47 [en l\u00ednea] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 veneno_kmalloc_redzone mm/kasan/common.c:372 [en l\u00ednea] __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:389 kasan_kmalloc include/linux/kasan.h: 211 [en l\u00ednea] __do_kmalloc_node mm/slub.c:3981 [en l\u00ednea] __kmalloc+0x22e/0x490 mm/slub.c:3994 kmalloc include/linux/slab.h:594 [en l\u00ednea] kzalloc include/linux/slab.h:711 [en l\u00ednea] fib6_info_alloc+0x2e/0xf0 net/ipv6/ip6_fib.c:155 ip6_route_info_create+0x445/0x12b0 net/ipv6/route.c:3758 ip6_route_multipath_add net/ipv6/route.c:5298 [inet6_rtm_newroute+0x74 4/0x2300 neto /ipv6/route.c:5517 rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6597 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [en l\u00ednea] netlink_unicast +0x7ea/0x980 net/netlink/af_netlink.c:1367 netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:730 [en l\u00ednea] __sock_sendmsg+0x221/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [en l\u00ednea] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667 do_syscall_64+0xf9/0x240 entrada_SYSCALL_64_after_ hwframe+0x6f/0x77 Liberado por la tarea 16: kasan_save_stack mm/kasan/common.c:47 [en l\u00ednea] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x4e/0x60 mm/kasan/generic.c:640 veneno_slab_object+0xa6/0xe0 m --- truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26853.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26853.json index b273f08ba02..9036a2c9cdf 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26853.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26853.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigc: avoid returning frame twice in XDP_REDIRECT\n\nWhen a frame can not be transmitted in XDP_REDIRECT\n(e.g. due to a full queue), it is necessary to free\nit by calling xdp_return_frame_rx_napi.\n\nHowever, this is the responsibility of the caller of\nthe ndo_xdp_xmit (see for example bq_xmit_all in\nkernel/bpf/devmap.c) and thus calling it inside\nigc_xdp_xmit (which is the ndo_xdp_xmit of the igc\ndriver) as well will lead to memory corruption.\n\nIn fact, bq_xmit_all expects that it can return all\nframes after the last successfully transmitted one.\nTherefore, break for the first not transmitted frame,\nbut do not call xdp_return_frame_rx_napi in igc_xdp_xmit.\nThis is equally implemented in other Intel drivers\nsuch as the igb.\n\nThere are two alternatives to this that were rejected:\n1. Return num_frames as all the frames would have been\n transmitted and release them inside igc_xdp_xmit.\n While it might work technically, it is not what\n the return value is meant to represent (i.e. the\n number of SUCCESSFULLY transmitted packets).\n2. Rework kernel/bpf/devmap.c and all drivers to\n support non-consecutively dropped packets.\n Besides being complex, it likely has a negative\n performance impact without a significant gain\n since it is anyway unlikely that the next frame\n can be transmitted if the previous one was dropped.\n\nThe memory corruption can be reproduced with\nthe following script which leads to a kernel panic\nafter a few seconds. It basically generates more\ntraffic than a i225 NIC can transmit and pushes it\nvia XDP_REDIRECT from a virtual interface to the\nphysical interface where frames get dropped.\n\n #!/bin/bash\n INTERFACE=enp4s0\n INTERFACE_IDX=`cat /sys/class/net/$INTERFACE/ifindex`\n\n sudo ip link add dev veth1 type veth peer name veth2\n sudo ip link set up $INTERFACE\n sudo ip link set up veth1\n sudo ip link set up veth2\n\n cat << EOF > redirect.bpf.c\n\n SEC(\"prog\")\n int redirect(struct xdp_md *ctx)\n {\n return bpf_redirect($INTERFACE_IDX, 0);\n }\n\n char _license[] SEC(\"license\") = \"GPL\";\n EOF\n clang -O2 -g -Wall -target bpf -c redirect.bpf.c -o redirect.bpf.o\n sudo ip link set veth2 xdp obj redirect.bpf.o\n\n cat << EOF > pass.bpf.c\n\n SEC(\"prog\")\n int pass(struct xdp_md *ctx)\n {\n return XDP_PASS;\n }\n\n char _license[] SEC(\"license\") = \"GPL\";\n EOF\n clang -O2 -g -Wall -target bpf -c pass.bpf.c -o pass.bpf.o\n sudo ip link set $INTERFACE xdp obj pass.bpf.o\n\n cat << EOF > trafgen.cfg\n\n {\n /* Ethernet Header */\n 0xe8, 0x6a, 0x64, 0x41, 0xbf, 0x46,\n 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,\n const16(ETH_P_IP),\n\n /* IPv4 Header */\n 0b01000101, 0, # IPv4 version, IHL, TOS\n const16(1028), # IPv4 total length (UDP length + 20 bytes (IP header))\n const16(2), # IPv4 ident\n 0b01000000, 0, # IPv4 flags, fragmentation off\n 64, # IPv4 TTL\n 17, # Protocol UDP\n csumip(14, 33), # IPv4 checksum\n\n /* UDP Header */\n 10, 0, 1, 1, # IP Src - adapt as needed\n 10, 0, 1, 2, # IP Dest - adapt as needed\n const16(6666), # UDP Src Port\n const16(6666), # UDP Dest Port\n const16(1008), # UDP length (UDP header 8 bytes + payload length)\n csumudp(14, 34), # UDP checksum\n\n /* Payload */\n fill('W', 1000),\n }\n EOF\n\n sudo trafgen -i trafgen.cfg -b3000MB -o veth1 --cpp" + }, + { + "lang": "es", + "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: igc: evita devolver la trama dos veces en XDP_REDIRECT Cuando una trama no se puede transmitir en XDP_REDIRECT (por ejemplo, debido a una cola llena), es necesario liberarla llamando a xdp_return_frame_rx_napi. Sin embargo, esto es responsabilidad de quien llama a ndo_xdp_xmit (ver, por ejemplo, bq_xmit_all en kernel/bpf/devmap.c) y, por lo tanto, llamarlo dentro de igc_xdp_xmit (que es el ndo_xdp_xmit del controlador igc) tambi\u00e9n provocar\u00e1 da\u00f1os en la memoria. De hecho, bq_xmit_all espera poder devolver todas las tramas despu\u00e9s de la \u00faltima transmitida con \u00e9xito. Por lo tanto, interrumpa el primer cuadro no transmitido, pero no llame a xdp_return_frame_rx_napi en igc_xdp_xmit. Esto se implementa igualmente en otros controladores Intel como el igb. Hay dos alternativas a esto que fueron rechazadas: 1. Devolver num_frames ya que se habr\u00edan transmitido todas las tramas y liberarlas dentro de igc_xdp_xmit. Si bien podr\u00eda funcionar t\u00e9cnicamente, no es lo que debe representar el valor de retorno (es decir, el n\u00famero de paquetes transmitidos CON \u00c9XITO). 2. Vuelva a trabajar kernel/bpf/devmap.c y todos los controladores para admitir paquetes descartados no consecutivos. Adem\u00e1s de ser complejo, es probable que tenga un impacto negativo en el rendimiento sin una ganancia significativa, ya que de todos modos es poco probable que se pueda transmitir la siguiente trama si se elimin\u00f3 la anterior. La corrupci\u00f3n de la memoria se puede reproducir con el siguiente script, lo que provoca un p\u00e1nico en el kernel despu\u00e9s de unos segundos. B\u00e1sicamente, genera m\u00e1s tr\u00e1fico del que puede transmitir una NIC i225 y lo env\u00eda a trav\u00e9s de XDP_REDIRECT desde una interfaz virtual a la interfaz f\u00edsica donde se eliminan las tramas. #!/bin/bash INTERFACE=enp4s0 INTERFACE_IDX=`cat /sys/class/net/$INTERFACE/ifindex` sudo ip link agregar dev veth1 tipo veth nombre del par veth2 sudo ip link set up $INTERFACE sudo ip link set up veth1 sudo enlace ip configurado veth2 cat << EOF > redirecci\u00f3n.bpf.c SEC(\"prog\") int redirecci\u00f3n(struct xdp_md *ctx) { return bpf_redirect($INTERFACE_IDX, 0); } char _license[] SEC(\"licencia\") = \"GPL\"; EOF clang -O2 -g -Wall -target bpf -c redirecci\u00f3n.bpf.c -o redirecci\u00f3n.bpf.o sudo ip link set veth2 xdp obj redirecci\u00f3n.bpf.o cat << EOF > pass.bpf.c SEC(\" prog\") int pass(struct xdp_md *ctx) { return XDP_PASS; } char _license[] SEC(\"licencia\") = \"GPL\"; EOF clang -O2 -g -Wall -target bpf -c pass.bpf.c -o pass.bpf.o sudo ip link set $INTERFACE xdp obj pass.bpf.o cat << EOF > trafgen.cfg { /* Ethernet Encabezado */ 0xe8, 0x6a, 0x64, 0x41, 0xbf, 0x46, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, const16(ETH_P_IP), /* Encabezado IPv4 */ 0b01000101, 0, # Versi\u00f3n IPv4, IHL, TOS const16 (1028), # Longitud total de IPv4 (longitud UDP + 20 bytes (encabezado IP)) const16(2), # Identificador de IPv4 0b01000000, 0, # Banderas de IPv4, fragmentaci\u00f3n desactivada 64, # IPv4 TTL 17, # Protocolo UDP csumip(14 , 33), # Suma de comprobaci\u00f3n IPv4 /* Encabezado UDP */ 10, 0, 1, 1, # IP Src - adaptar seg\u00fan sea necesario 10, 0, 1, 2, # IP Dest - adaptar seg\u00fan sea necesario const16(6666), # UDP Puerto Src const16(6666), # Puerto de destino UDP const16(1008), # Longitud UDP (encabezado UDP 8 bytes + longitud de carga \u00fatil) csumudp(14, 34), # Suma de comprobaci\u00f3n UDP /* Carga \u00fatil */ fill('W', 1000 ), } EOF sudo trafgen -i trafgen.cfg -b3000MB -o veth1 --cpp" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26854.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26854.json index 9699f2fb58e..10ced18ab0f 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26854.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26854.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix uninitialized dplls mutex usage\n\nThe pf->dplls.lock mutex is initialized too late, after its first use.\nMove it to the top of ice_dpll_init.\nNote that the \"err_exit\" error path destroys the mutex. And the mutex is\nthe last thing destroyed in ice_dpll_deinit.\nThis fixes the following warning with CONFIG_DEBUG_MUTEXES:\n\n ice 0000:10:00.0: The DDP package was successfully loaded: ICE OS Default Package version 1.3.36.0\n ice 0000:10:00.0: 252.048 Gb/s available PCIe bandwidth (16.0 GT/s PCIe x16 link)\n ice 0000:10:00.0: PTP init successful\n ------------[ cut here ]------------\n DEBUG_LOCKS_WARN_ON(lock->magic != lock)\n WARNING: CPU: 0 PID: 410 at kernel/locking/mutex.c:587 __mutex_lock+0x773/0xd40\n Modules linked in: crct10dif_pclmul crc32_pclmul crc32c_intel polyval_clmulni polyval_generic ice(+) nvme nvme_c>\n CPU: 0 PID: 410 Comm: kworker/0:4 Not tainted 6.8.0-rc5+ #3\n Hardware name: HPE ProLiant DL110 Gen10 Plus/ProLiant DL110 Gen10 Plus, BIOS U56 10/19/2023\n Workqueue: events work_for_cpu_fn\n RIP: 0010:__mutex_lock+0x773/0xd40\n Code: c0 0f 84 1d f9 ff ff 44 8b 35 0d 9c 69 01 45 85 f6 0f 85 0d f9 ff ff 48 c7 c6 12 a2 a9 85 48 c7 c7 12 f1 a>\n RSP: 0018:ff7eb1a3417a7ae0 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000\n RDX: 0000000000000002 RSI: ffffffff85ac2bff RDI: 00000000ffffffff\n RBP: ff7eb1a3417a7b80 R08: 0000000000000000 R09: 00000000ffffbfff\n R10: ff7eb1a3417a7978 R11: ff32b80f7fd2e568 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: ff32b7f02c50e0d8\n FS: 0000000000000000(0000) GS:ff32b80efe800000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055b5852cc000 CR3: 000000003c43a004 CR4: 0000000000771ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \n ? __warn+0x84/0x170\n ? __mutex_lock+0x773/0xd40\n ? report_bug+0x1c7/0x1d0\n ? prb_read_valid+0x1b/0x30\n ? handle_bug+0x42/0x70\n ? exc_invalid_op+0x18/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? __mutex_lock+0x773/0xd40\n ? rcu_is_watching+0x11/0x50\n ? __kmalloc_node_track_caller+0x346/0x490\n ? ice_dpll_lock_status_get+0x28/0x50 [ice]\n ? __pfx_ice_dpll_lock_status_get+0x10/0x10 [ice]\n ? ice_dpll_lock_status_get+0x28/0x50 [ice]\n ice_dpll_lock_status_get+0x28/0x50 [ice]\n dpll_device_get_one+0x14f/0x2e0\n dpll_device_event_send+0x7d/0x150\n dpll_device_register+0x124/0x180\n ice_dpll_init_dpll+0x7b/0xd0 [ice]\n ice_dpll_init+0x224/0xa40 [ice]\n ? _dev_info+0x70/0x90\n ice_load+0x468/0x690 [ice]\n ice_probe+0x75b/0xa10 [ice]\n ? _raw_spin_unlock_irqrestore+0x4f/0x80\n ? process_one_work+0x1a3/0x500\n local_pci_probe+0x47/0xa0\n work_for_cpu_fn+0x17/0x30\n process_one_work+0x20d/0x500\n worker_thread+0x1df/0x3e0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x103/0x140\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n \n irq event stamp: 125197\n hardirqs last enabled at (125197): [] finish_task_switch.isra.0+0x12d/0x3d0\n hardirqs last disabled at (125196): [] __schedule+0xea4/0x19f0\n softirqs last enabled at (105334): [] napi_get_frags_check+0x1a/0x60\n softirqs last disabled at (105332): [] napi_get_frags_check+0x1a/0x60\n ---[ end trace 0000000000000000 ]---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: corrige el uso del mutex dplls no inicializado El mutex pf->dplls.lock se inicializa demasiado tarde, despu\u00e9s de su primer uso. Mu\u00e9valo a la parte superior de ice_dpll_init. Tenga en cuenta que la ruta de error \"err_exit\" destruye el mutex. Y el mutex es lo \u00faltimo que se destruye en ice_dpll_deinit. Esto corrige la siguiente advertencia con CONFIG_DEBUG_MUTEXES: ice 0000:10:00.0: El paquete DDP se carg\u00f3 correctamente: Paquete predeterminado de ICE OS versi\u00f3n 1.3.36.0 ice 0000:10:00.0: Ancho de banda PCIe disponible de 252,048 Gb/s (PCIe de 16,0 GT/s enlace x16) ice 0000:10:00.0: inicio de PTP exitoso ------------[ cortar aqu\u00ed ]------------ DEBUG_LOCKS_WARN_ON(lock->magic != lock ) Advertencia: CPU: 0 PID: 410 AT KERNEL/Locking/Mutex.C: 587 __mutex_lock+0x773/0xd40 M\u00f3dulos vinculados en: CRCT10DIF_PCLMUL CRC32_PCLMUL CRC32C_Tel Polyval_clmulni Polyval_Gener KWorker/ 0:4 No contaminado 6.8.0-rc5+ #3 Nombre del hardware: HPE ProLiant DL110 Gen10 Plus/ProLiant DL110 Gen10 Plus, BIOS U56 19/10/2023 Cola de trabajo: eventos work_for_cpu_fn RIP: 0010:__mutex_lock+0x773/0xd40 C\u00f3digo: c0 0f 84 1d f9 ff ff 44 8b 35 0d 9c 69 01 45 85 f6 0f 85 0d f9 ff ff 48 c7 c6 12 a2 a9 85 48 c7 c7 12 f1 a> RSP: 0018:ff7eb1a3417a7ae0 EFLAGS: X: 0000000000000000 RBX: 0000000000000002 RCX : 0000000000000000 RDX: 0000000000000002 RSI: ffffffff85ac2bff RDI: 00000000ffffffff RBP: ff7eb1a3417a7b80 R08: 0000000000000000 R09: 00000000ffffb fff R10: ff7eb1a3417a7978 R11: ff32b80f7fd2e568 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ff32b7f02c50e0d8 FS: 0000000000000000(0000) GS:ff32b80efe800000(0000) KNLGS: 00000000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000000080050033 CR2: 000055B5852CC000 00 DR3: 000000000000000000 DR6: 0000000000FFFE0FF0 DR7: 000000000000000400 PKRU: 555555554 Trace de llamadas: ? __advertir+0x84/0x170 ? __mutex_lock+0x773/0xd40? report_bug+0x1c7/0x1d0? prb_read_valid+0x1b/0x30? handle_bug+0x42/0x70? exc_invalid_op+0x18/0x70? asm_exc_invalid_op+0x1a/0x20? __mutex_lock+0x773/0xd40? rcu_is_watching+0x11/0x50? __kmalloc_node_track_caller+0x346/0x490 ? ice_dpll_lock_status_get+0x28/0x50 [hielo]? __pfx_ice_dpll_lock_status_get+0x10/0x10 [hielo]? ice_dpll_lock_status_get+0x28/0x50 [ice] ice_dpll_lock_status_get+0x28/0x50 [ice] dpll_device_get_one+0x14f/0x2e0 dpll_device_event_send+0x7d/0x150 dpll_device_register+0x124/0x180 init_dpll+0x7b/0xd0 [hielo] ice_dpll_init+0x224/0xa40 [hielo] ? _dev_info+0x70/0x90 ice_load+0x468/0x690 [hielo] ice_probe+0x75b/0xa10 [hielo] ? _raw_spin_unlock_irqrestore+0x4f/0x80 ? Process_one_work+0x1a3/0x500 local_pci_probe+0x47/0xa0 work_for_cpu_fn+0x17/0x30 Process_one_work+0x20d/0x500 trabajador_thread+0x1df/0x3e0 ? __pfx_worker_thread+0x10/0x10 kthread+0x103/0x140 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 sello de evento irq: 125197 hardirqs habilitado por \u00faltima vez en (125197): [] Finish_task_switch.isra.0+0x12d/0x3d0 hardirqs deshabilitado por \u00faltima vez en (1251 96): [ ] __schedule+0xea4/0x19f0 softirqs habilitado por \u00faltima vez en (105334): [] napi_get_frags_check+0x1a/0x60 softirqs deshabilitado por \u00faltima vez en (105332): [] x1a/0x60 ---[ fin traza 0000000000000000 ]---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26855.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26855.json index 5e37cbcb2cc..156960fc5fa 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26855.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26855.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()\n\nThe function ice_bridge_setlink() may encounter a NULL pointer dereference\nif nlmsg_find_attr() returns NULL and br_spec is dereferenced subsequently\nin nla_for_each_nested(). To address this issue, add a check to ensure that\nbr_spec is not NULL before proceeding with the nested attribute iteration." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ice: corrige una posible desreferencia de puntero NULL en ice_bridge_setlink() La funci\u00f3n ice_bridge_setlink() puede encontrar una desreferencia de puntero NULL si nlmsg_find_attr() devuelve NULL y br_spec se desreferencia posteriormente en nla_for_each_nested( ). Para solucionar este problema, agregue una verificaci\u00f3n para garantizar que br_spec no sea NULL antes de continuar con la iteraci\u00f3n del atributo anidado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26856.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26856.json index b71fe66451d..bb28552c137 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26856.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26856.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sparx5: Fix use after free inside sparx5_del_mact_entry\n\nBased on the static analyzis of the code it looks like when an entry\nfrom the MAC table was removed, the entry was still used after being\nfreed. More precise the vid of the mac_entry was used after calling\ndevm_kfree on the mac_entry.\nThe fix consists in first using the vid of the mac_entry to delete the\nentry from the HW and after that to free it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: sparx5: corrige el use after free dentro de sparx5_del_mact_entry Seg\u00fan el an\u00e1lisis est\u00e1tico del c\u00f3digo, parece que cuando se elimin\u00f3 una entrada de la tabla MAC, la entrada todav\u00eda se us\u00f3 despu\u00e9s de ser liberado. M\u00e1s precisamente, el video de mac_entry se us\u00f3 despu\u00e9s de llamar a devm_kfree en mac_entry. La soluci\u00f3n consiste en utilizar primero el vid de mac_entry para eliminar la entrada del HW y luego liberarla." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26857.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26857.json index ed3fd3cfe81..6eb2c1ccc1b 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26857.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26857.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngeneve: make sure to pull inner header in geneve_rx()\n\nsyzbot triggered a bug in geneve_rx() [1]\n\nIssue is similar to the one I fixed in commit 8d975c15c0cd\n(\"ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()\")\n\nWe have to save skb->network_header in a temporary variable\nin order to be able to recompute the network_header pointer\nafter a pskb_inet_may_pull() call.\n\npskb_inet_may_pull() makes sure the needed headers are in skb->head.\n\n[1]\nBUG: KMSAN: uninit-value in IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]\n BUG: KMSAN: uninit-value in geneve_rx drivers/net/geneve.c:279 [inline]\n BUG: KMSAN: uninit-value in geneve_udp_encap_recv+0x36f9/0x3c10 drivers/net/geneve.c:391\n IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]\n geneve_rx drivers/net/geneve.c:279 [inline]\n geneve_udp_encap_recv+0x36f9/0x3c10 drivers/net/geneve.c:391\n udp_queue_rcv_one_skb+0x1d39/0x1f20 net/ipv4/udp.c:2108\n udp_queue_rcv_skb+0x6ae/0x6e0 net/ipv4/udp.c:2186\n udp_unicast_rcv_skb+0x184/0x4b0 net/ipv4/udp.c:2346\n __udp4_lib_rcv+0x1c6b/0x3010 net/ipv4/udp.c:2422\n udp_rcv+0x7d/0xa0 net/ipv4/udp.c:2604\n ip_protocol_deliver_rcu+0x264/0x1300 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x2b8/0x440 net/ipv4/ip_input.c:233\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254\n dst_input include/net/dst.h:461 [inline]\n ip_rcv_finish net/ipv4/ip_input.c:449 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip_rcv+0x46f/0x760 net/ipv4/ip_input.c:569\n __netif_receive_skb_one_core net/core/dev.c:5534 [inline]\n __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5648\n process_backlog+0x480/0x8b0 net/core/dev.c:5976\n __napi_poll+0xe3/0x980 net/core/dev.c:6576\n napi_poll net/core/dev.c:6645 [inline]\n net_rx_action+0x8b8/0x1870 net/core/dev.c:6778\n __do_softirq+0x1b7/0x7c5 kernel/softirq.c:553\n do_softirq+0x9a/0xf0 kernel/softirq.c:454\n __local_bh_enable_ip+0x9b/0xa0 kernel/softirq.c:381\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:820 [inline]\n __dev_queue_xmit+0x2768/0x51c0 net/core/dev.c:4378\n dev_queue_xmit include/linux/netdevice.h:3171 [inline]\n packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3081 [inline]\n packet_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3819 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n kmem_cache_alloc_node+0x5cb/0xbc0 mm/slub.c:3903\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560\n __alloc_skb+0x352/0x790 net/core/skbuff.c:651\n alloc_skb include/linux/skbuff.h:1296 [inline]\n alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6394\n sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2783\n packet_alloc_skb net/packet/af_packet.c:2930 [inline]\n packet_snd net/packet/af_packet.c:3024 [inline]\n packet_sendmsg+0x70c2/0x9f10 net/packet/af_packet.c:3113\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: geneve: aseg\u00farese de extraer el encabezado interno en geneve_rx() syzbot desencaden\u00f3 un error en geneve_rx() [1] El problema es similar al que solucion\u00e9 en la confirmaci\u00f3n 8d975c15c0cd (\"ip6_tunnel: aseg\u00farese de extraer el encabezado interno en __ip6_tnl_rcv()\"). Tenemos que guardar skb->network_header en una variable temporal para poder volver a calcular el puntero network_header despu\u00e9s de una llamada a pskb_inet_may_pull(). pskb_inet_may_pull() se asegura de que los encabezados necesarios est\u00e9n en skb->head. [1] ERROR: KMSAN: valor uninit en IP_ECN_decapsulate include/net/inet_ecn.h:302 [en l\u00ednea] ERROR: KMSAN: valor uninit en geneve_rx drivers/net/geneve.c:279 [en l\u00ednea] ERROR: KMSAN: uninit -valor en geneve_udp_encap_recv+0x36f9/0x3c10 drivers/net/geneve.c:391 IP_ECN_decapsulate include/net/inet_ecn.h:302 [en l\u00ednea] geneve_rx drivers/net/geneve.c:279 [en l\u00ednea] geneve_udp_encap_recv+0x36f9/0x3c10 drivers/ net/geneve.c:391 udp_queue_rcv_one_skb+0x1d39/0x1f20 net/ipv4/udp.c:2108 udp_queue_rcv_skb+0x6ae/0x6e0 net/ipv4/udp.c:2186 udp_unicast_rcv_skb+0x184/0x4b0 net/ipv4/udp. c:2346 __udp4_lib_rcv +0x1c6b/0x3010 net/ipv4/udp.c:2422 udp_rcv+0x7d/0xa0 net/ipv4/udp.c:2604 ip_protocol_deliver_rcu+0x264/0x1300 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x2b8/0x440 net/ ipv4/ ip_input.c:233 NF_HOOK include/linux/netfilter.h:314 [en l\u00ednea] ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254 dst_input include/net/dst.h:461 [en l\u00ednea] ip_rcv_finish net/ipv4/ ip_input.c:449 [en l\u00ednea] NF_HOOK include/linux/netfilter.h:314 [en l\u00ednea] ip_rcv+0x46f/0x760 net/ipv4/ip_input.c:569 __netif_receive_skb_one_core net/core/dev.c:5534 [en l\u00ednea] __netif_receive_skb+ 0x1a6/0x5a0 net/core/dev.c:5648 Process_backlog+0x480/0x8b0 net/core/dev.c:5976 __napi_poll+0xe3/0x980 net/core/dev.c:6576 napi_poll net/core/dev.c:6645 [en l\u00ednea] net_rx_action+0x8b8/0x1870 net/core/dev.c:6778 __do_softirq+0x1b7/0x7c5 kernel/softirq.c:553 do_softirq+0x9a/0xf0 kernel/softirq.c:454 __local_bh_enable_ip+0x9b/0xa0 kernel/softirq. c:381 local_bh_enable include/linux/bottom_half.h:33 [en l\u00ednea] rcu_read_unlock_bh include/linux/rcupdate.h:820 [en l\u00ednea] __dev_queue_xmit+0x2768/0x51c0 net/core/dev.c:4378 dev_queue_xmit include/linux/netdevice. h:3171 [en l\u00ednea] paquete_xmit+0x9c/0x6b0 net/packet/af_packet.c:276 paquete_snd net/packet/af_packet.c:3081 [en l\u00ednea] paquete_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113 sock_sendmsg_nosec net/ socket.c:730 [en l\u00ednea] __sock_sendmsg net/socket.c:745 [en l\u00ednea] __sys_sendto+0x735/0xa10 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [en l\u00ednea] __se_sys_sendto net/socket.c:2199 [en l\u00ednea] __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x63 / 0x6b Uninit se cre\u00f3 en: slab_post_alloc_hook mm/slub.c:3819 [en l\u00ednea] slab_alloc_node mm/slub.c:3860 [en l\u00ednea] kmem_cache_alloc_node+0x5cb/0xbc0 mm/slub.c:3903 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff .c:560 __alloc_skb+0x352/0x790 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1296 [en l\u00ednea] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6394 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2783 paquete_alloc_skb net/packet/af_packet.c:2930 [en l\u00ednea] paquete_snd net/packet/af_packet.c:3024 [en l\u00ednea] paquete_sendmsg+0x70c2/0x9f10 net/packet/af_packet.c:3113 sock_sendmsg_nosec net/socket.c:730 [en l\u00ednea] __sock_sendmsg net/socket.c:745 [en l\u00ednea] __sys_sendto+0x735/0xa10 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [en l\u00ednea] __se_sys_sendto net/socket.c :2199 [en l\u00ednea] __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe + 0x63/0x6b" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26858.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26858.json index 28e9fc3f03a..4fb27d9c867 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26858.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26858.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map\n\nJust simply reordering the functions mlx5e_ptp_metadata_map_put and\nmlx5e_ptpsq_track_metadata in the mlx5e_txwqe_complete context is not good\nenough since both the compiler and CPU are free to reorder these two\nfunctions. If reordering does occur, the issue that was supposedly fixed by\n7e3f3ba97e6c (\"net/mlx5e: Track xmit submission to PTP WQ after populating\nmetadata map\") will be seen. This will lead to NULL pointer dereferences in\nmlx5e_ptpsq_mark_ts_cqes_undelivered in the NAPI polling context due to the\ntracking list being populated before the metadata map." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5e: use una barrera de memoria para aplicar PTP WQ. El seguimiento de env\u00edo xmit ocurre despu\u00e9s de completar metadata_map. Simplemente reordenar las funciones mlx5e_ptp_metadata_map_put y mlx5e_ptpsq_track_metadata en el contexto mlx5e_txwqe_complete no es lo suficientemente bueno ya que ambas el compilador y la CPU son libres de reordenar estas dos funciones. Si se produce un reordenamiento, se ver\u00e1 el problema que supuestamente fue solucionado por 7e3f3ba97e6c (\"net/mlx5e: Seguimiento del env\u00edo de xmit a PTP WQ despu\u00e9s de completar el mapa de metadatos\"). Esto dar\u00e1 lugar a desreferencias de puntero NULL en mlx5e_ptpsq_mark_ts_cqes_undelivered en el contexto de sondeo NAPI debido a que la lista de seguimiento se completa antes del mapa de metadatos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26859.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26859.json index 73a8cc691a3..dd3f217c413 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26859.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26859.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/bnx2x: Prevent access to a freed page in page_pool\n\nFix race condition leading to system crash during EEH error handling\n\nDuring EEH error recovery, the bnx2x driver's transmit timeout logic\ncould cause a race condition when handling reset tasks. The\nbnx2x_tx_timeout() schedules reset tasks via bnx2x_sp_rtnl_task(),\nwhich ultimately leads to bnx2x_nic_unload(). In bnx2x_nic_unload()\nSGEs are freed using bnx2x_free_rx_sge_range(). However, this could\noverlap with the EEH driver's attempt to reset the device using\nbnx2x_io_slot_reset(), which also tries to free SGEs. This race\ncondition can result in system crashes due to accessing freed memory\nlocations in bnx2x_free_rx_sge()\n\n799 static inline void bnx2x_free_rx_sge(struct bnx2x *bp,\n800\t\t\t\tstruct bnx2x_fastpath *fp, u16 index)\n801 {\n802\tstruct sw_rx_page *sw_buf = &fp->rx_page_ring[index];\n803 struct page *page = sw_buf->page;\n....\nwhere sw_buf was set to NULL after the call to dma_unmap_page()\nby the preceding thread.\n\n EEH: Beginning: 'slot_reset'\n PCI 0011:01:00.0#10000: EEH: Invoking bnx2x->slot_reset()\n bnx2x: [bnx2x_io_slot_reset:14228(eth1)]IO slot reset initializing...\n bnx2x 0011:01:00.0: enabling device (0140 -> 0142)\n bnx2x: [bnx2x_io_slot_reset:14244(eth1)]IO slot reset --> driver unload\n Kernel attempted to read user page (0) - exploit attempt? (uid: 0)\n BUG: Kernel NULL pointer dereference on read at 0x00000000\n Faulting instruction address: 0xc0080000025065fc\n Oops: Kernel access of bad area, sig: 11 [#1]\n .....\n Call Trace:\n [c000000003c67a20] [c00800000250658c] bnx2x_io_slot_reset+0x204/0x610 [bnx2x] (unreliable)\n [c000000003c67af0] [c0000000000518a8] eeh_report_reset+0xb8/0xf0\n [c000000003c67b60] [c000000000052130] eeh_pe_report+0x180/0x550\n [c000000003c67c70] [c00000000005318c] eeh_handle_normal_event+0x84c/0xa60\n [c000000003c67d50] [c000000000053a84] eeh_event_handler+0xf4/0x170\n [c000000003c67da0] [c000000000194c58] kthread+0x1c8/0x1d0\n [c000000003c67e10] [c00000000000cf64] ret_from_kernel_thread+0x5c/0x64\n\nTo solve this issue, we need to verify page pool allocations before\nfreeing." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/bnx2x: impide el acceso a una p\u00e1gina liberada en page_pool. Repara la condici\u00f3n de carrera que provoca un bloqueo del sistema durante el manejo de errores EEH. Durante la recuperaci\u00f3n de errores EEH, la l\u00f3gica de tiempo de espera de transmisi\u00f3n del controlador bnx2x podr\u00eda provocar una carrera. condici\u00f3n al manejar tareas de reinicio. El bnx2x_tx_timeout() programa tareas de reinicio a trav\u00e9s de bnx2x_sp_rtnl_task(), lo que finalmente conduce a bnx2x_nic_unload(). En bnx2x_nic_unload(), los SGE se liberan utilizando bnx2x_free_rx_sge_range(). Sin embargo, esto podr\u00eda superponerse con el intento del controlador EEH de restablecer el dispositivo usando bnx2x_io_slot_reset(), que tambi\u00e9n intenta liberar los SGE. This race condition can result in system crashes due to accessing freed memory locations in bnx2x_free_rx_sge() 799 static inline void bnx2x_free_rx_sge(struct bnx2x *bp, 800 struct bnx2x_fastpath *fp, u16 index) 801 { 802 struct sw_rx_page *sw_buf = &fp->rx_page_ring [\u00edndice]; 803 p\u00e1gina de estructura *p\u00e1gina = sw_buf->p\u00e1gina; .... donde sw_buf se configur\u00f3 en NULL despu\u00e9s de la llamada a dma_unmap_page() por el hilo anterior. EEH: Comienzo: 'slot_reset' PCI 0011:01:00.0#10000: EEH: Invocando bnx2x->slot_reset() bnx2x: [bnx2x_io_slot_reset:14228(eth1)]Reinicio de ranura IO inicializando... bnx2x 0011:01:00.0: habilitando dispositivo (0140 -> 0142) bnx2x: [bnx2x_io_slot_reset:14244(eth1)]Restablecimiento de ranura IO --> descarga del controlador El kernel intent\u00f3 leer la p\u00e1gina del usuario (0): \u00bfintento de explotaci\u00f3n? (uid: 0) ERROR: Desreferencia del puntero NULL del kernel al leer en 0x00000000 Direcci\u00f3n de instrucci\u00f3n err\u00f3nea: 0xc0080000025065fc Ups: Acceso al kernel del \u00e1rea defectuosa, firma: 11 [#1] ..... Seguimiento de llamadas: [c000000003c67a20] [c00800000250658c] 2x_io_slot_reset +0x204/0x610 [bnx2x] (no confiable) [c000000003c67af0] [c0000000000518a8] eeh_report_reset+0xb8/0xf0 [c000000003c67b60] [c000000000052130] 180/0x550 [c000000003c67c70] [c00000000005318c] eeh_handle_normal_event+0x84c/0xa60 [c000000003c67d50] [c000000000053a84] eeh_event_handler +0xf4/0x170 [c000000003c67da0] [c000000000194c58] kthread+0x1c8/0x1d0 [c000000003c67e10] [c00000000000cf64] ret_from_kernel_thread+0x5c/0x64 Para resolver este problema, necesitamos verifique las asignaciones del grupo de p\u00e1ginas antes de liberarlas." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26860.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26860.json index e6ae565d12b..1cf2acca38e 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26860.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26860.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-integrity: fix a memory leak when rechecking the data\n\nMemory for the \"checksums\" pointer will leak if the data is rechecked\nafter checksum failure (because the associated kfree won't happen due\nto 'goto skip_io').\n\nFix this by freeing the checksums memory before recheck, and just use\nthe \"checksum_onstack\" memory for storing checksum during recheck." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm-integrity: soluciona una p\u00e9rdida de memoria al volver a verificar los datos. La memoria para el puntero de \"sumas de verificaci\u00f3n\" se perder\u00e1 si los datos se vuelven a verificar despu\u00e9s de una falla en la suma de verificaci\u00f3n (porque el kfree asociado no suceder\u00e1). debido a 'goto skip_io'). Solucione este problema liberando la memoria de sumas de verificaci\u00f3n antes de volver a verificar y simplemente use la memoria \"checksum_onstack\" para almacenar la suma de verificaci\u00f3n durante la nueva verificaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26861.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26861.json index 38b35402c87..ed1f7f7cb12 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26861.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26861.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwireguard: receive: annotate data-race around receiving_counter.counter\n\nSyzkaller with KCSAN identified a data-race issue when accessing\nkeypair->receiving_counter.counter. Use READ_ONCE() and WRITE_ONCE()\nannotations to mark the data race as intentional.\n\n BUG: KCSAN: data-race in wg_packet_decrypt_worker / wg_packet_rx_poll\n\n write to 0xffff888107765888 of 8 bytes by interrupt on cpu 0:\n counter_validate drivers/net/wireguard/receive.c:321 [inline]\n wg_packet_rx_poll+0x3ac/0xf00 drivers/net/wireguard/receive.c:461\n __napi_poll+0x60/0x3b0 net/core/dev.c:6536\n napi_poll net/core/dev.c:6605 [inline]\n net_rx_action+0x32b/0x750 net/core/dev.c:6738\n __do_softirq+0xc4/0x279 kernel/softirq.c:553\n do_softirq+0x5e/0x90 kernel/softirq.c:454\n __local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381\n __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]\n _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n ptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline]\n wg_packet_decrypt_worker+0x6c5/0x700 drivers/net/wireguard/receive.c:499\n process_one_work kernel/workqueue.c:2633 [inline]\n ...\n\n read to 0xffff888107765888 of 8 bytes by task 3196 on cpu 1:\n decrypt_packet drivers/net/wireguard/receive.c:252 [inline]\n wg_packet_decrypt_worker+0x220/0x700 drivers/net/wireguard/receive.c:501\n process_one_work kernel/workqueue.c:2633 [inline]\n process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706\n worker_thread+0x525/0x730 kernel/workqueue.c:2787\n ..." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: wireguard: recibir: anotar carrera de datos alrededor de recibir_counter.counter Syzkaller con KCSAN identific\u00f3 un problema de carrera de datos al acceder al par de claves->receiving_counter.counter. Utilice las anotaciones READ_ONCE() y WRITE_ONCE() para marcar la carrera de datos como intencional. ERROR: KCSAN: carrera de datos en wg_packet_decrypt_worker/wg_packet_rx_poll escribir en 0xffff888107765888 de 8 bytes por interrupci\u00f3n en la CPU 0: counter_validate drivers/net/wireguard/receive.c:321 [en l\u00ednea] wg_packet_rx_poll+0x3ac/0xf00 .c:461 __napi_poll+0x60/0x3b0 net/core/dev.c:6536 napi_poll net/core/dev.c:6605 [en l\u00ednea] net_rx_action+0x32b/0x750 net/core/dev.c:6738 __do_softirq+0xc4/0x279 kernel/softirq.c:553 do_softirq+0x5e/0x90 kernel/softirq.c:454 __local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [en l\u00ednea] _raw_spin_unlock_bh+0x36/0x 40 granos /locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [en l\u00ednea] ptr_ring_consume_bh include/linux/ptr_ring.h:367 [en l\u00ednea] wg_packet_decrypt_worker+0x6c5/0x700 drivers/net/wireguard/receive.c:499 Process_one_work kernel/workqueue.c:2633 [en l\u00ednea] ... le\u00eddo en 0xffff888107765888 de 8 bytes por tarea 3196 en la CPU 1: decrypt_packet drivers/net/wireguard/receive.c:252 [en l\u00ednea] wg_packet_decrypt_worker+0x220/0x700 drivers/net /wireguard/receive.c:501 Process_one_work kernel/workqueue.c:2633 [en l\u00ednea] Process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706 Workers_thread+0x525/0x730 kernel/workqueue.c:2787 ..." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26862.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26862.json index 6e590d2f337..eb36273f1d6 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26862.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26862.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npacket: annotate data-races around ignore_outgoing\n\nignore_outgoing is read locklessly from dev_queue_xmit_nit()\nand packet_getsockopt()\n\nAdd appropriate READ_ONCE()/WRITE_ONCE() annotations.\n\nsyzbot reported:\n\nBUG: KCSAN: data-race in dev_queue_xmit_nit / packet_setsockopt\n\nwrite to 0xffff888107804542 of 1 bytes by task 22618 on cpu 0:\n packet_setsockopt+0xd83/0xfd0 net/packet/af_packet.c:4003\n do_sock_setsockopt net/socket.c:2311 [inline]\n __sys_setsockopt+0x1d8/0x250 net/socket.c:2334\n __do_sys_setsockopt net/socket.c:2343 [inline]\n __se_sys_setsockopt net/socket.c:2340 [inline]\n __x64_sys_setsockopt+0x66/0x80 net/socket.c:2340\n do_syscall_64+0xd3/0x1d0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nread to 0xffff888107804542 of 1 bytes by task 27 on cpu 1:\n dev_queue_xmit_nit+0x82/0x620 net/core/dev.c:2248\n xmit_one net/core/dev.c:3527 [inline]\n dev_hard_start_xmit+0xcc/0x3f0 net/core/dev.c:3547\n __dev_queue_xmit+0xf24/0x1dd0 net/core/dev.c:4335\n dev_queue_xmit include/linux/netdevice.h:3091 [inline]\n batadv_send_skb_packet+0x264/0x300 net/batman-adv/send.c:108\n batadv_send_broadcast_skb+0x24/0x30 net/batman-adv/send.c:127\n batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:392 [inline]\n batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:420 [inline]\n batadv_iv_send_outstanding_bat_ogm_packet+0x3f0/0x4b0 net/batman-adv/bat_iv_ogm.c:1700\n process_one_work kernel/workqueue.c:3254 [inline]\n process_scheduled_works+0x465/0x990 kernel/workqueue.c:3335\n worker_thread+0x526/0x730 kernel/workqueue.c:3416\n kthread+0x1d1/0x210 kernel/kthread.c:388\n ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243\n\nvalue changed: 0x00 -> 0x01\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 1 PID: 27 Comm: kworker/u8:1 Tainted: G W 6.8.0-syzkaller-08073-g480e035fc4c7 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\nWorkqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: paquete: anotar carreras de datos alrededor de ignore_outgoing ignore_outgoing se lee sin bloqueo desde dev_queue_xmit_nit() y paquete_getsockopt() Agregue las anotaciones READ_ONCE()/WRITE_ONCE() apropiadas. syzbot inform\u00f3: ERROR: KCSAN: carrera de datos en dev_queue_xmit_nit/packet_setsockopt escribir en 0xffff888107804542 de 1 bytes por tarea 22618 en la CPU 0: paquete_setsockopt+0xd83/0xfd0 net/packet/af_packet.c:4003 do_sock_setsockopt net/socket.c :2311 [ en l\u00ednea] __sys_setsockopt+0x1d8/0x250 net/socket.c:2334 __do_sys_setsockopt net/socket.c:2343 [en l\u00ednea] __se_sys_setsockopt net/socket.c:2340 [en l\u00ednea] __x64_sys_setsockopt+0x66/0x80 :2340 do_syscall_64+ 0xd3/0x1d0 Entry_SYSCALL_64_after_hwframe+0x6d/0x75 le\u00eddo en 0xffff888107804542 de 1 byte por tarea 27 en la CPU 1: dev_queue_xmit_nit+0x82/0x620 net/core/dev.c:2248 xmit_one net/core/dev.c:3527 l\u00ednea] dev_hard_start_xmit+ 0xcc/0x3f0 net/core/dev.c:3547 __dev_queue_xmit+0xf24/0x1dd0 net/core/dev.c:4335 dev_queue_xmit include/linux/netdevice.h:3091 [en l\u00ednea] batadv_send_skb_packet+0x264/0x300 net/batman-adv/ send.c:108 batadv_send_broadcast_skb+0x24/0x30 net/batman-adv/send.c:127 batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:392 [en l\u00ednea] batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:420 [en l\u00ednea ] batadv_iv_send_outstanding_bat_ogm_packet+0x3f0/0x4b0 net/batman-adv/bat_iv_ogm.c:1700 Process_one_work kernel/workqueue.c:3254 [en l\u00ednea] Process_scheduled_works+0x465/0x990 kernel/workqueue.c:3335 trabajador_thread+0x526/0x730 n\u00facleo/cola de trabajo.c :3416 kthread+0x1d1/0x210 kernel/kthread.c:388 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 valor cambiado: 0x00 -> 0x01 Reportado por Kernel Concurrency Sanitizer en: CPU: 1 PID: 27 Comm: kworker/u8:1 Contaminado: GW 6.8.0-syzkaller-08073-g480e035fc4c7 #0 Nombre de hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 29/02/2024 Cola de trabajo: bat_events batadv_iv_send_outstanding_bat_ogm_packet" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26863.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26863.json index b6b35a0e8d4..06f8cbb2e0e 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26863.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26863.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhsr: Fix uninit-value access in hsr_get_node()\n\nKMSAN reported the following uninit-value access issue [1]:\n\n=====================================================\nBUG: KMSAN: uninit-value in hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246\n hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246\n fill_frame_info net/hsr/hsr_forward.c:577 [inline]\n hsr_forward_skb+0xe12/0x30e0 net/hsr/hsr_forward.c:615\n hsr_dev_xmit+0x1a1/0x270 net/hsr/hsr_device.c:223\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3548 [inline]\n dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564\n __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3087 [inline]\n packet_sendmsg+0x8b1d/0x9f30 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\n slab_alloc_node mm/slub.c:3478 [inline]\n kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560\n __alloc_skb+0x318/0x740 net/core/skbuff.c:651\n alloc_skb include/linux/skbuff.h:1286 [inline]\n alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334\n sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787\n packet_alloc_skb net/packet/af_packet.c:2936 [inline]\n packet_snd net/packet/af_packet.c:3030 [inline]\n packet_sendmsg+0x70e8/0x9f30 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nCPU: 1 PID: 5033 Comm: syz-executor334 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\n=====================================================\n\nIf the packet type ID field in the Ethernet header is either ETH_P_PRP or\nETH_P_HSR, but it is not followed by an HSR tag, hsr_get_skb_sequence_nr()\nreads an invalid value as a sequence number. This causes the above issue.\n\nThis patch fixes the issue by returning NULL if the Ethernet header is not\nfollowed by an HSR tag." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: hsr: corrigi\u00f3 el acceso a valores uninit en hsr_get_node() KMSAN inform\u00f3 el siguiente problema de acceso a valores uninit [1]: ============== ======================================= ERROR: KMSAN: valor uninit en hsr_get_node+0xa2e /0xa40 net/hsr/hsr_framereg.c:246 hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246 fill_frame_info net/hsr/hsr_forward.c:577 [en l\u00ednea] hsr_forward_skb+0xe12/0x30e0 net/hsr/hsr_forward.c :615 hsr_dev_xmit+0x1a1/0x270 net/hsr/hsr_device.c:223 __netdev_start_xmit include/linux/netdevice.h:4940 [en l\u00ednea] netdev_start_xmit include/linux/netdevice.h:4954 [en l\u00ednea] xmit_one net/core/dev.c :3548 [en l\u00ednea] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [en l\u00ednea] paquete_xmit+0x9c/ 0x6b0 net/packet/af_packet.c:276 paquete_snd net/packet/af_packet.c:3087 [en l\u00ednea] paquete_sendmsg+0x8b1d/0x9f30 net/packet/af_packet.c:3119 sock_sendmsg_nosec net/socket.c:730 [en l\u00ednea] __sock_sendmsg neto /socket.c:745 [en l\u00ednea] __sys_sendto+0x735/0xa10 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [en l\u00ednea] __se_sys_sendto net/socket.c:2199 [en l\u00ednea] __x64_sys_sendto+0x125/0x1c0 socket.c:2199 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit se cre\u00f3 en slab_post_alloc_hook+0x129/ 0xa70 mm/slab.h: 768 slab_alloc_node mm/slub.c: 3478 [inline] kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c: 3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c: 560 __b.biloc. 740 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1286 [en l\u00ednea] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787 paquete_alloc_skb net/packet/af_packet.c:2936 [en l\u00ednea] paquete_snd net/packet/af_packet.c:3030 [en l\u00ednea] paquete_sendmsg+0x70e8/0x9f30 net/packet/af_packet.c:3119 sock_sendmsg_nosec net/socket.c:730 [en l\u00ednea ] __sock_sendmsg net/socket.c:745 [en l\u00ednea] __sys_sendto+0x735/0xa10 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [en l\u00ednea] __se_sys_sendto net/socket.c:2199 [en l\u00ednea] x125/ 0x1c0 net/socket.c:2199 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x63/0x6b CPU: 1 PID: 5033 Comm: syz-executor334 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 17/11/2023 ============== ======================================== Si el campo ID de tipo de paquete en el encabezado Ethernet es ETH_P_PRP o ETH_P_HSR, pero no va seguido de una etiqueta HSR, hsr_get_skb_sequence_nr() lee un valor no v\u00e1lido como un n\u00famero de secuencia. Esto causa el problema anterior. Este parche soluciona el problema al devolver NULL si el encabezado Ethernet no va seguido de una etiqueta HSR." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26864.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26864.json index 9d0ac38c7d8..5b55c40f700 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26864.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26864.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Fix refcnt handling in __inet_hash_connect().\n\nsyzbot reported a warning in sk_nulls_del_node_init_rcu().\n\nThe commit 66b60b0c8c4a (\"dccp/tcp: Unhash sk from ehash for tb2 alloc\nfailure after check_estalblished().\") tried to fix an issue that an\nunconnected socket occupies an ehash entry when bhash2 allocation fails.\n\nIn such a case, we need to revert changes done by check_established(),\nwhich does not hold refcnt when inserting socket into ehash.\n\nSo, to revert the change, we need to __sk_nulls_add_node_rcu() instead\nof sk_nulls_add_node_rcu().\n\nOtherwise, sock_put() will cause refcnt underflow and leak the socket.\n\n[0]:\nWARNING: CPU: 0 PID: 23948 at include/net/sock.h:799 sk_nulls_del_node_init_rcu+0x166/0x1a0 include/net/sock.h:799\nModules linked in:\nCPU: 0 PID: 23948 Comm: syz-executor.2 Not tainted 6.8.0-rc6-syzkaller-00159-gc055fc00c07b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nRIP: 0010:sk_nulls_del_node_init_rcu+0x166/0x1a0 include/net/sock.h:799\nCode: e8 7f 71 c6 f7 83 fb 02 7c 25 e8 35 6d c6 f7 4d 85 f6 0f 95 c0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 1b 6d c6 f7 90 <0f> 0b 90 eb b2 e8 10 6d c6 f7 4c 89 e7 be 04 00 00 00 e8 63 e7 d2\nRSP: 0018:ffffc900032d7848 EFLAGS: 00010246\nRAX: ffffffff89cd0035 RBX: 0000000000000001 RCX: 0000000000040000\nRDX: ffffc90004de1000 RSI: 000000000003ffff RDI: 0000000000040000\nRBP: 1ffff1100439ac26 R08: ffffffff89ccffe3 R09: 1ffff1100439ac28\nR10: dffffc0000000000 R11: ffffed100439ac29 R12: ffff888021cd6140\nR13: dffffc0000000000 R14: ffff88802a9bf5c0 R15: ffff888021cd6130\nFS: 00007f3b823f16c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f3b823f0ff8 CR3: 000000004674a000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n __inet_hash_connect+0x140f/0x20b0 net/ipv4/inet_hashtables.c:1139\n dccp_v6_connect+0xcb9/0x1480 net/dccp/ipv6.c:956\n __inet_stream_connect+0x262/0xf30 net/ipv4/af_inet.c:678\n inet_stream_connect+0x65/0xa0 net/ipv4/af_inet.c:749\n __sys_connect_file net/socket.c:2048 [inline]\n __sys_connect+0x2df/0x310 net/socket.c:2065\n __do_sys_connect net/socket.c:2075 [inline]\n __se_sys_connect net/socket.c:2072 [inline]\n __x64_sys_connect+0x7a/0x90 net/socket.c:2072\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\nRIP: 0033:0x7f3b8167dda9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f3b823f10c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 00007f3b817abf80 RCX: 00007f3b8167dda9\nRDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000003\nRBP: 00007f3b823f1120 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001\nR13: 000000000000000b R14: 00007f3b817abf80 R15: 00007ffd3beb57b8\n " + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tcp: corrige el manejo de refcnt en __inet_hash_connect(). syzbot inform\u00f3 una advertencia en sk_nulls_del_node_init_rcu(). La confirmaci\u00f3n 66b60b0c8c4a (\"dccp/tcp: Unhash sk de ehash para falla de asignaci\u00f3n de tb2 despu\u00e9s de check_estalblished().\") intent\u00f3 solucionar un problema por el cual un socket no conectado ocupa una entrada de ehash cuando falla la asignaci\u00f3n de bhash2. En tal caso, necesitamos revertir los cambios realizados por check_establecido(), que no retiene refcnt al insertar el socket en ehash. Entonces, para revertir el cambio, necesitamos __sk_nulls_add_node_rcu() en lugar de sk_nulls_add_node_rcu(). De lo contrario, sock_put() provocar\u00e1 un desbordamiento insuficiente y filtrar\u00e1 el socket. [0]: ADVERTENCIA: CPU: 0 PID: 23948 en include/net/sock.h:799 sk_nulls_del_node_init_rcu+0x166/0x1a0 include/net/sock.h:799 M\u00f3dulos vinculados en: CPU: 0 PID: 23948 Comm: syz- executor.2 No contaminado 6.8.0-rc6-syzkaller-00159-gc055fc00c07b #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 25/01/2024 RIP: 0010:sk_nulls_del_node_init_rcu+0x166/0x1a0 include/net/ calcet\u00edn.h:799 C\u00f3digo: e8 7f 71 c6 f7 83 fb 02 7c 25 e8 35 6d c6 f7 4d 85 f6 0f 95 c0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 1b 6d c6 f7 90 < 0f> 0b 90 eb b2 e8 10 6d c6 f7 4c 89 e7 be 04 00 00 00 e8 63 e7 d2 RSP: 0018:ffffc900032d7848 EFLAGS: 00010246 RAX: ffffffff89cd0035 RBX: 00001 RCX: 0000000000040000 RDX: ffffc90004de1000 RSI: 000000000003ffff RDI: 0000000000040000 RBP : 1ffff1100439ac26 R08: ffffffff89ccffe3 R09: 1ffff1100439ac28 R10: dffffc0000000000 R11: ffffed100439ac29 R12: ffff888021cd6140 R13: dffffc0000000000 ff ff88802a9bf5c0 R15: ffff888021cd6130 FS: 00007f3b823f16c0(0000) GS:ffff8880b9400000(0000) knlGS:00000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f3b823f0ff8 CR3: 000000004674a000 CR4: 00000000003506f0 DR0: 00000000000000000 DR1: 0000000000000000 DR2: 000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas: __inet_hash_connect+0x140f/0x20b0 net/ipv4/inet_hashtables.c:1139 dccp_v6_connect+0xcb9/0x1480 net/dccp/ipv6.c:956 __inet_stream_connect+0x262/0xf30 net/ipv4/af_inet.c:678 inet_stream_connect+0x65/0xa0 net/ipv4/af_inet.c:749 __sys_connect_file net/socket.c:2048 [en l\u00ednea] __sys_connect+0x2df/0x310 net/socket.c:2065 __do_sys_connect net/socket.c:2075 [en l\u00ednea] __se_sys_connect net/socket.c:2072 [en l\u00ednea] __x64_sys_connect+0x7a/0x90 net/socket.c:2072 +0xf9/0x240 Entry_SYSCALL_64_after_hwframe+0x6f/0x77 RIP: 0033:0x7f3b8167dda9 C\u00f3digo: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 4 8 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f3b823f10c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a RAX: ffffffffffffffda RBX: 00007f3b817abf80 RCX : 00007f3b8167dda9 RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000003 RBP: 00007f3b823f1120 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 0000000000000000b R14: 00007f3b817abf80 00007ffd3beb57b8 " } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26865.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26865.json index be9d3d60c41..d0206dffc61 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26865.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26865.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrds: tcp: Fix use-after-free of net in reqsk_timer_handler().\n\nsyzkaller reported a warning of netns tracker [0] followed by KASAN\nsplat [1] and another ref tracker warning [1].\n\nsyzkaller could not find a repro, but in the log, the only suspicious\nsequence was as follows:\n\n 18:26:22 executing program 1:\n r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)\n ...\n connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4001, 0x0, @loopback}, 0x1c) (async)\n\nThe notable thing here is 0x4001 in connect(), which is RDS_TCP_PORT.\n\nSo, the scenario would be:\n\n 1. unshare(CLONE_NEWNET) creates a per netns tcp listener in\n rds_tcp_listen_init().\n 2. syz-executor connect()s to it and creates a reqsk.\n 3. syz-executor exit()s immediately.\n 4. netns is dismantled. [0]\n 5. reqsk timer is fired, and UAF happens while freeing reqsk. [1]\n 6. listener is freed after RCU grace period. [2]\n\nBasically, reqsk assumes that the listener guarantees netns safety\nuntil all reqsk timers are expired by holding the listener's refcount.\nHowever, this was not the case for kernel sockets.\n\nCommit 740ea3c4a0b2 (\"tcp: Clean up kernel listener's reqsk in\ninet_twsk_purge()\") fixed this issue only for per-netns ehash.\n\nLet's apply the same fix for the global ehash.\n\n[0]:\nref_tracker: net notrefcnt@0000000065449cc3 has 1/1 users at\n sk_alloc (./include/net/net_namespace.h:337 net/core/sock.c:2146)\n inet6_create (net/ipv6/af_inet6.c:192 net/ipv6/af_inet6.c:119)\n __sock_create (net/socket.c:1572)\n rds_tcp_listen_init (net/rds/tcp_listen.c:279)\n rds_tcp_init_net (net/rds/tcp.c:577)\n ops_init (net/core/net_namespace.c:137)\n setup_net (net/core/net_namespace.c:340)\n copy_net_ns (net/core/net_namespace.c:497)\n create_new_namespaces (kernel/nsproxy.c:110)\n unshare_nsproxy_namespaces (kernel/nsproxy.c:228 (discriminator 4))\n ksys_unshare (kernel/fork.c:3429)\n __x64_sys_unshare (kernel/fork.c:3496)\n do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129)\n...\nWARNING: CPU: 0 PID: 27 at lib/ref_tracker.c:179 ref_tracker_dir_exit (lib/ref_tracker.c:179)\n\n[1]:\nBUG: KASAN: slab-use-after-free in inet_csk_reqsk_queue_drop (./include/net/inet_hashtables.h:180 net/ipv4/inet_connection_sock.c:952 net/ipv4/inet_connection_sock.c:966)\nRead of size 8 at addr ffff88801b370400 by task swapper/0/0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \n dump_stack_lvl (lib/dump_stack.c:107 (discriminator 1))\n print_report (mm/kasan/report.c:378 mm/kasan/report.c:488)\n kasan_report (mm/kasan/report.c:603)\n inet_csk_reqsk_queue_drop (./include/net/inet_hashtables.h:180 net/ipv4/inet_connection_sock.c:952 net/ipv4/inet_connection_sock.c:966)\n reqsk_timer_handler (net/ipv4/inet_connection_sock.c:979 net/ipv4/inet_connection_sock.c:1092)\n call_timer_fn (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/timer.h:127 kernel/time/timer.c:1701)\n __run_timers.part.0 (kernel/time/timer.c:1752 kernel/time/timer.c:2038)\n run_timer_softirq (kernel/time/timer.c:2053)\n __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:554)\n irq_exit_rcu (kernel/softirq.c:427 kernel/softirq.c:632 kernel/softirq.c:644)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1076 (discriminator 14))\n \n\nAllocated by task 258 on cpu 0 at 83.612050s:\n kasan_save_stack (mm/kasan/common.c:48)\n kasan_save_track (mm/kasan/common.c:68)\n __kasan_slab_alloc (mm/kasan/common.c:343)\n kmem_cache_alloc (mm/slub.c:3813 mm/slub.c:3860 mm/slub.c:3867)\n copy_net_ns (./include/linux/slab.h:701 net/core/net_namespace.c:421 net/core/net_namespace.c:480)\n create_new_namespaces (kernel/nsproxy.c:110)\n unshare_nsproxy_name\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: rds: tcp: Se corrige el use-after-free de red en reqsk_timer_handler(). syzkaller inform\u00f3 una advertencia de netns tracker [0] seguida de KASAN splat [1] y otra advertencia de ref tracker [1]. syzkaller no pudo encontrar una reproducci\u00f3n, pero en el registro, la \u00fanica secuencia sospechosa fue la siguiente: 18:26:22 ejecutando el programa 1: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ... connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4001, 0x0, @loopback}, 0x1c) (async) Lo notable aqu\u00ed es 0x4001 en connect(), que es RDS_TCP_PORT. Entonces, el escenario ser\u00eda: 1. unshare(CLONE_NEWNET) crea un oyente tcp por red en rds_tcp_listen_init(). 2. syz-executor se conecta a \u00e9l y crea una solicitud. 3. syz-executor sale () inmediatamente. 4. La red est\u00e1 desmantelada. [0] 5. Se activa el temporizador de reqsk y se produce UAF mientras se libera reqsk. [1] 6. El oyente se libera despu\u00e9s del per\u00edodo de gracia de RCU. [2] B\u00e1sicamente, reqsk supone que el oyente garantiza la seguridad de la red hasta que expiren todos los temporizadores de reqsk manteniendo el refcount del oyente. Sin embargo, este no fue el caso de los sockets del kernel. La confirmaci\u00f3n 740ea3c4a0b2 (\"tcp: Limpiar la solicitud del oyente del kernel en inet_twsk_purge()\") solucion\u00f3 este problema solo para ehash por red. Apliquemos la misma soluci\u00f3n para el ehash global. [0]: ref_tracker: net notrefcnt@0000000065449cc3 tiene 1/1 usuarios en sk_alloc (./include/net/net_namespace.h:337 net/core/sock.c:2146) inet6_create (net/ipv6/af_inet6.c:192 net/ipv6/af_inet6.c:119) __sock_create (net/socket.c:1572) rds_tcp_listen_init (net/rds/tcp_listen.c:279) rds_tcp_init_net (net/rds/tcp.c:577) ops_init (net/core/ net_namespace.c:137) setup_net (net/core/net_namespace.c:340) copy_net_ns (net/core/net_namespace.c:497) create_new_namespaces (kernel/nsproxy.c:110) unshare_nsproxy_namespaces (kernel/nsproxy.c:228 ( discriminador 4)) ksys_unshare (kernel/fork.c:3429) __x64_sys_unshare (kernel/fork.c:3496) do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) Entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129) ... ADVERTENCIA: CPU: 0 PID: 27 en lib/ref_tracker.c:179 ref_tracker_dir_exit (lib/ref_tracker.c:179) [1]: ERROR: KASAN: slab-use-after-free en inet_csk_reqsk_queue_drop (./include/net/inet_hashtables.h:180 net/ipv4/inet_connection_sock.c:952 net/ipv4/inet_connection_sock.c:966) Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff88801b370400 mediante el intercambiador de tareas /0/0 Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 01/04/2014 Seguimiento de llamadas: dump_stack_lvl (lib/dump_stack .c:107 (discriminador 1)) print_report (mm/kasan/report.c:378 mm/kasan/report.c:488) kasan_report (mm/kasan/report.c:603) inet_csk_reqsk_queue_drop (./include/net/ inet_hashtables.h:180 net/ipv4/inet_connection_sock.c:952 net/ipv4/inet_connection_sock.c:966) reqsk_timer_handler (net/ipv4/inet_connection_sock.c:979 net/ipv4/inet_connection_sock.c:1092) call_timer_fn (./arch /x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/timer.h:127 kernel/time/timer.c:1701) __run_timers.part. 0 (kernel/time/timer.c:1752 kernel/time/timer.c:2038) run_timer_softirq (kernel/time/timer.c:2053) __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:554) irq_exit_rcu (kernel/softirq.c:427 kernel/softirq.c:632 kernel/ softirq.c:644) sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1076 (discriminator 14)) Asignado por la tarea 258 en la CPU 0 a 83.612050s: kasan_save_stack (mm/kasan/common.c :48) kasan_save_track (mm/kasan/common.c:68) __kasan_slab_alloc (mm/kasan/common.c:343) kmem_cache_alloc (mm/slub.c:3813 mm/slub.c:3860 mm/slub.c:3867 ) copy_net_ns (./include/linux/slab.h:701 net/core/net_namespace.c:421 net/core/net_namespace.c:480) create_new_namespaces (kernel/nsproxy.c:110) unshare_nsproxy_name ---truncado-- -" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26866.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26866.json index d11b30e0603..b3e842e6380 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26866.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26866.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: lpspi: Avoid potential use-after-free in probe()\n\nfsl_lpspi_probe() is allocating/disposing memory manually with\nspi_alloc_host()/spi_alloc_target(), but uses\ndevm_spi_register_controller(). In case of error after the latter call the\nmemory will be explicitly freed in the probe function by\nspi_controller_put() call, but used afterwards by \"devm\" management outside\nprobe() (spi_unregister_controller() <- devm_spi_unregister() below).\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000070\n...\nCall trace:\n kernfs_find_ns\n kernfs_find_and_get_ns\n sysfs_remove_group\n sysfs_remove_groups\n device_remove_attrs\n device_del\n spi_unregister_controller\n devm_spi_unregister\n release_nodes\n devres_release_all\n really_probe\n driver_probe_device\n __device_attach_driver\n bus_for_each_drv\n __device_attach\n device_initial_probe\n bus_probe_device\n deferred_probe_work_func\n process_one_work\n worker_thread\n kthread\n ret_from_fork" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: lpspi: evita el posible use-after-free en probe() fsl_lpspi_probe() est\u00e1 asignando/eliminando memoria manualmente con spi_alloc_host()/spi_alloc_target(), pero usa devm_spi_register_controller() . En caso de error despu\u00e9s de la \u00faltima llamada, la memoria se liberar\u00e1 expl\u00edcitamente en la funci\u00f3n de sonda mediante la llamada a spi_controller_put(), pero la administraci\u00f3n \"devm\" externa a probe() la utilizar\u00e1 despu\u00e9s (spi_unregister_controller() <- devm_spi_unregister() a continuaci\u00f3n). No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000070... Rastreo de llamadas: kernfs_find_ns kernfs_find_and_get_ns sysfs_remove_group sysfs_remove_groups device_remove_attrs device_del spi_unregister_controller devm_spi_unregister release_nodes devres_release _todos realmente_probe driver_probe_device __device_attach_driver bus_for_each_drv __device_attach dispositivo_initial_probe bus_probe_device deferred_probe_work_func proceso_one_work trabajador_hilo kthread ret_from_fork" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26867.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26867.json index 3a36ea53b48..528e5beb1b4 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26867.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26867.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: comedi_8255: Correct error in subdevice initialization\n\nThe refactoring done in commit 5c57b1ccecc7 (\"comedi: comedi_8255: Rework\nsubdevice initialization functions\") to the initialization of the io\nfield of struct subdev_8255_private broke all cards using the\ndrivers/comedi/drivers/comedi_8255.c module.\n\nPrior to 5c57b1ccecc7, __subdev_8255_init() initialized the io field\nin the newly allocated struct subdev_8255_private to the non-NULL\ncallback given to the function, otherwise it used a flag parameter to\nselect between subdev_8255_mmio and subdev_8255_io. The refactoring\nremoved that logic and the flag, as subdev_8255_mm_init() and\nsubdev_8255_io_init() now explicitly pass subdev_8255_mmio and\nsubdev_8255_io respectively to __subdev_8255_init(), only\n__subdev_8255_init() never sets spriv->io to the supplied\ncallback. That spriv->io is NULL leads to a later BUG:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0010 [#1] SMP PTI\nCPU: 1 PID: 1210 Comm: systemd-udevd Not tainted 6.7.3-x86_64 #1\nHardware name: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\nRIP: 0010:0x0\nCode: Unable to access opcode bytes at 0xffffffffffffffd6.\nRSP: 0018:ffffa3f1c02d7b78 EFLAGS: 00010202\nRAX: 0000000000000000 RBX: ffff91f847aefd00 RCX: 000000000000009b\nRDX: 0000000000000003 RSI: 0000000000000001 RDI: ffff91f840f6fc00\nRBP: ffff91f840f6fc00 R08: 0000000000000000 R09: 0000000000000001\nR10: 0000000000000000 R11: 000000000000005f R12: 0000000000000000\nR13: 0000000000000000 R14: ffffffffc0102498 R15: ffff91f847ce6ba8\nFS: 00007f72f4e8f500(0000) GS:ffff91f8d5c80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffffffffffffd6 CR3: 000000010540e000 CR4: 00000000000406f0\nCall Trace:\n \n ? __die_body+0x15/0x57\n ? page_fault_oops+0x2ef/0x33c\n ? insert_vmap_area.constprop.0+0xb6/0xd5\n ? alloc_vmap_area+0x529/0x5ee\n ? exc_page_fault+0x15a/0x489\n ? asm_exc_page_fault+0x22/0x30\n __subdev_8255_init+0x79/0x8d [comedi_8255]\n pci_8255_auto_attach+0x11a/0x139 [8255_pci]\n comedi_auto_config+0xac/0x117 [comedi]\n ? __pfx___driver_attach+0x10/0x10\n pci_device_probe+0x88/0xf9\n really_probe+0x101/0x248\n __driver_probe_device+0xbb/0xed\n driver_probe_device+0x1a/0x72\n __driver_attach+0xd4/0xed\n bus_for_each_dev+0x76/0xb8\n bus_add_driver+0xbe/0x1be\n driver_register+0x9a/0xd8\n comedi_pci_driver_register+0x28/0x48 [comedi_pci]\n ? __pfx_pci_8255_driver_init+0x10/0x10 [8255_pci]\n do_one_initcall+0x72/0x183\n do_init_module+0x5b/0x1e8\n init_module_from_file+0x86/0xac\n __do_sys_finit_module+0x151/0x218\n do_syscall_64+0x72/0xdb\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\nRIP: 0033:0x7f72f50a0cb9\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 47 71 0c 00 f7 d8 64 89 01 48\nRSP: 002b:00007ffd47e512d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\nRAX: ffffffffffffffda RBX: 0000562dd06ae070 RCX: 00007f72f50a0cb9\nRDX: 0000000000000000 RSI: 00007f72f52d32df RDI: 000000000000000e\nRBP: 0000000000000000 R08: 00007f72f5168b20 R09: 0000000000000000\nR10: 0000000000000050 R11: 0000000000000246 R12: 00007f72f52d32df\nR13: 0000000000020000 R14: 0000562dd06785c0 R15: 0000562dcfd0e9a8\n \nModules linked in: 8255_pci(+) comedi_8255 comedi_pci comedi intel_gtt e100(+) acpi_cpufreq rtc_cmos usbhid\nCR2: 0000000000000000\n---[ end trace 0000000000000000 ]---\nRIP: 0010:0x0\nCode: Unable to access opcode bytes at 0xffffffffffffffd6.\nRSP: 0018:ffffa3f1c02d7b78 EFLAGS: 00010202\nRAX: 0000000000000000 RBX: ffff91f847aefd00 RCX: 000000000000009b\nRDX: 0000000000000003 RSI: 0000000000000001 RDI: ffff91f840f6fc00\nRBP: ffff91f840f6fc00 R08: 0000000000000000 R09: 0000000000000001\nR10: 0000000000000000 R11: 000000000000005f R12: 0000000000000000\nR13: 0000000000000000 R14: ffffffffc0102498 R15: ffff91f847ce6ba8\nFS: \n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: comedi: comedi_8255: Corregir error en la inicializaci\u00f3n del subdispositivo La refactorizaci\u00f3n realizada en el commit 5c57b1ccecc7 (\"comedi: comedi_8255: Rework subdevice inicializationfunctions\") a la inicializaci\u00f3n del campo io de la estructura subdev_8255_private se rompi\u00f3 todas las tarjetas que utilizan el m\u00f3dulo drivers/comedi/drivers/comedi_8255.c. Antes de 5c57b1ccecc7, __subdev_8255_init() inicializaba el campo io en la estructura subdev_8255_private reci\u00e9n asignada a la devoluci\u00f3n de llamada no NULL proporcionada a la funci\u00f3n; de lo contrario, usaba un par\u00e1metro de marca para seleccionar entre subdev_8255_mmio y subdev_8255_io. La refactorizaci\u00f3n elimin\u00f3 esa l\u00f3gica y la bandera, ya que subdev_8255_mm_init() y subdev_8255_io_init() ahora pasan expl\u00edcitamente subdev_8255_mmio y subdev_8255_io respectivamente a __subdev_8255_init(), solo __subdev_8255_init() nunca establece spriv->io en la devoluci\u00f3n de llamada proporcionada. Que spriv->io sea NULL conduce a un ERROR posterior: ERROR: desreferencia del puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000000 PGD 0 P4D 0 Ups: 0010 [#1] SMP PTI CPU: 1 PID: 1210 Comm: systemd-udevd No contaminado 6.7 .3-x86_64 #1 Nombre de hardware: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX RIP: 0010:0x0 C\u00f3digo: No se puede acceder a los bytes del c\u00f3digo de operaci\u00f3n en 0xffffffffffffffd6. RSP: 0018: FFFFA3F1C02D7B78 EFLAGS: 00010202 RAX: 000000000000000000 RBX: FFFF91F847AEFD00 RCX: 00000000000000009B RDX: 00000000000003 RSI: 00000000000001 RDI: FFF91F840F6FC00 R08: 000000000000000000 R09: 000000000000000001 R10: 000000000000000000 R11: 000000000000005F R12: 0000000000000000000000000000: 0000000000000000 RUBI R15: ffff91f847ce6ba8 FS: 00007f72f4e8f500(0000) GS:ffff91f8d5c80000(0000) knlGS:00000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050 033 CR2: ffffffffffffffd6 CR3: 000000010540e000 CR4: 00000000000406f0 Seguimiento de llamadas: ? __die_body+0x15/0x57 ? page_fault_oops+0x2ef/0x33c? insert_vmap_area.constprop.0+0xb6/0xd5? alloc_vmap_area+0x529/0x5ee? exc_page_fault+0x15a/0x489? asm_exc_page_fault+0x22/0x30 __subdev_8255_init+0x79/0x8d [comedi_8255] pci_8255_auto_attach+0x11a/0x139 [8255_pci] comedi_auto_config+0xac/0x117 [comedi] ? __pfx___driver_attach+0x10/0x10 pci_device_probe+0x88/0xf9 very_probe+0x101/0x248 __driver_probe_device+0xbb/0xed driver_probe_device+0x1a/0x72 __driver_attach+0xd4/0xed bus_for_each_dev+0x76/0xb 8 bus_add_driver+0xbe/0x1be driver_register+0x9a/0xd8 comedi_pci_driver_register+0x28/0x48 [comedia_pci] ? __pfx_pci_8255_driver_init+0x10/0x10 [8255_pci] do_one_initcall+0x72/0x183 do_init_module+0x5b/0x1e8 init_module_from_file+0x86/0xac __do_sys_finit_module+0x151/0x218 do_syscall_ 64+0x72/0xdb Entry_SYSCALL_64_after_hwframe+0x6e/0x76 RIP: 0033:0x7f72f50a0cb9 C\u00f3digo: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 47 71 0c 00 f7 d8 64 89 01 48 RSP: 002b:00007ffd47e512d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 RAX: ffffffffffffffda RBX: X: 00007f72f50a0cb9 RDX: 0000000000000000 RSI: 00007f72f52d32df RDI: 000000000000000e RBP: 00000000000000000 R08: 00007f72f5168b20 0000000000000000 R10 : 0000000000000050 R11: 0000000000000246 R12: 00007f72f52d32df R13: 0000000000020000 R14: 0000562dd06785c0 R15: 0000562dcfd0e9a8 K> M\u00f3dulos vinculados en: 8255_pci(+) comedi_8255 comedi_pci comedi intel_gtt e100(+) acpi_cpufreq rtc_cmos usbhid CR2: 00000000000000000 ---[ end trace 0000000000000000 ]--- RIP: 0010:0x0 C\u00f3digo: No se puede acceder a los bytes del c\u00f3digo de operaci\u00f3n en 0xffffffffffffffd6. RSP: 0018: FFFFA3F1C02D7B78 EFLAGS: 00010202 RAX: 000000000000000000 RBX: FFFF91F847AEFD00 RCX: 00000000000000009B RDX: 00000000000003 RSI: 00000000000001 RDI: FFF91F840F6FC00 ---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26868.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26868.json index 0b96dabfeeb..bdb189eedbd 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26868.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26868.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: fix panic when nfs4_ff_layout_prepare_ds() fails\n\nWe've been seeing the following panic in production\n\nBUG: kernel NULL pointer dereference, address: 0000000000000065\nPGD 2f485f067 P4D 2f485f067 PUD 2cc5d8067 PMD 0\nRIP: 0010:ff_layout_cancel_io+0x3a/0x90 [nfs_layout_flexfiles]\nCall Trace:\n \n ? __die+0x78/0xc0\n ? page_fault_oops+0x286/0x380\n ? __rpc_execute+0x2c3/0x470 [sunrpc]\n ? rpc_new_task+0x42/0x1c0 [sunrpc]\n ? exc_page_fault+0x5d/0x110\n ? asm_exc_page_fault+0x22/0x30\n ? ff_layout_free_layoutreturn+0x110/0x110 [nfs_layout_flexfiles]\n ? ff_layout_cancel_io+0x3a/0x90 [nfs_layout_flexfiles]\n ? ff_layout_cancel_io+0x6f/0x90 [nfs_layout_flexfiles]\n pnfs_mark_matching_lsegs_return+0x1b0/0x360 [nfsv4]\n pnfs_error_mark_layout_for_return+0x9e/0x110 [nfsv4]\n ? ff_layout_send_layouterror+0x50/0x160 [nfs_layout_flexfiles]\n nfs4_ff_layout_prepare_ds+0x11f/0x290 [nfs_layout_flexfiles]\n ff_layout_pg_init_write+0xf0/0x1f0 [nfs_layout_flexfiles]\n __nfs_pageio_add_request+0x154/0x6c0 [nfs]\n nfs_pageio_add_request+0x26b/0x380 [nfs]\n nfs_do_writepage+0x111/0x1e0 [nfs]\n nfs_writepages_callback+0xf/0x30 [nfs]\n write_cache_pages+0x17f/0x380\n ? nfs_pageio_init_write+0x50/0x50 [nfs]\n ? nfs_writepages+0x6d/0x210 [nfs]\n ? nfs_writepages+0x6d/0x210 [nfs]\n nfs_writepages+0x125/0x210 [nfs]\n do_writepages+0x67/0x220\n ? generic_perform_write+0x14b/0x210\n filemap_fdatawrite_wbc+0x5b/0x80\n file_write_and_wait_range+0x6d/0xc0\n nfs_file_fsync+0x81/0x170 [nfs]\n ? nfs_file_mmap+0x60/0x60 [nfs]\n __x64_sys_fsync+0x53/0x90\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nInspecting the core with drgn I was able to pull this\n\n >>> prog.crashed_thread().stack_trace()[0]\n #0 at 0xffffffffa079657a (ff_layout_cancel_io+0x3a/0x84) in ff_layout_cancel_io at fs/nfs/flexfilelayout/flexfilelayout.c:2021:27\n >>> prog.crashed_thread().stack_trace()[0]['idx']\n (u32)1\n >>> prog.crashed_thread().stack_trace()[0]['flseg'].mirror_array[1].mirror_ds\n (struct nfs4_ff_layout_ds *)0xffffffffffffffed\n\nThis is clear from the stack trace, we call nfs4_ff_layout_prepare_ds()\nwhich could error out initializing the mirror_ds, and then we go to\nclean it all up and our check is only for if (!mirror->mirror_ds). This\nis inconsistent with the rest of the users of mirror_ds, which have\n\n if (IS_ERR_OR_NULL(mirror_ds))\n\nto keep from tripping over this exact scenario. Fix this up in\nff_layout_cancel_io() to make sure we don't panic when we get an error.\nI also spot checked all the other instances of checking mirror_ds and we\nappear to be doing the correct checks everywhere, only unconditionally\ndereferencing mirror_ds when we know it would be valid." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfs: soluciona el p\u00e1nico cuando falla nfs4_ff_layout_prepare_ds() Hemos estado viendo el siguiente error de p\u00e1nico en producci\u00f3n: desreferencia del puntero NULL del kernel, direcci\u00f3n: 0000000000000065 PGD 2f485f067 P4D 2f485f067 PUD 2cc5d8067 PMD RIP : 0010:ff_layout_cancel_io+0x3a/0x90 [nfs_layout_flexfiles] Seguimiento de llamadas: ? __die+0x78/0xc0 ? page_fault_oops+0x286/0x380? __rpc_execute+0x2c3/0x470 [sunrpc] ? rpc_new_task+0x42/0x1c0 [sunrpc] ? exc_page_fault+0x5d/0x110? asm_exc_page_fault+0x22/0x30? ff_layout_free_layoutreturn+0x110/0x110 [nfs_layout_flexfiles]? ff_layout_cancel_io+0x3a/0x90 [nfs_layout_flexfiles]? ff_layout_cancel_io+0x6f/0x90 [nfs_layout_flexfiles] pnfs_mark_matching_lsegs_return+0x1b0/0x360 [nfsv4] pnfs_error_mark_layout_for_return+0x9e/0x110 [nfsv4] ? ff_layout_send_layouterror+0x50/0x160 [nfs_layout_flexfiles] nfs4_ff_layout_prepare_ds+0x11f/0x290 [nfs_layout_flexfiles] ff_layout_pg_init_write+0xf0/0x1f0 [nfs_layout_flexfiles] __nfs_pageio_add_re b\u00fasqueda+0x154/0x6c0 [nfs] nfs_pageio_add_request+0x26b/0x380 [nfs] nfs_do_writepage+0x111/0x1e0 [nfs] nfs_writepages_callback+ 0xf/0x30 [nfs] write_cache_pages+0x17f/0x380 ? nfs_pageio_init_write+0x50/0x50 [nfs] ? nfs_writepages+0x6d/0x210 [nfs]? nfs_writepages+0x6d/0x210 [nfs] nfs_writepages+0x125/0x210 [nfs] do_writepages+0x67/0x220? generic_perform_write+0x14b/0x210 filemap_fdatawrite_wbc+0x5b/0x80 file_write_and_wait_range+0x6d/0xc0 nfs_file_fsync+0x81/0x170 [nfs] ? nfs_file_mmap+0x60/0x60 [nfs] __x64_sys_fsync+0x53/0x90 do_syscall_64+0x3d/0x90 Entry_SYSCALL_64_after_hwframe+0x46/0xb0 Inspeccionando el n\u00facleo con drgn pude extraer esto >>> prog.crashed_thread().stack_trace()[0 ] # 0 en 0xffffffffa079657a (ff_layout_cancel_io+0x3a/0x84) en ff_layout_cancel_io en fs/nfs/flexfilelayout/flexfilelayout.c:2021:27 >>> prog.crashed_thread().stack_trace()[0]['idx'] (u32)1 >>> prog.crashed_thread().stack_trace()[0]['flseg'].mirror_array[1].mirror_ds (struct nfs4_ff_layout_ds *)0xffffffffffffffed Esto queda claro en el seguimiento de la pila, llamamos a nfs4_ff_layout_prepare_ds(), lo que podr\u00eda generar un error inicializando mirror_ds, y luego vamos a limpiarlo todo y nuestra verificaci\u00f3n es solo para if (!mirror->mirror_ds). Esto es inconsistente con el resto de usuarios de mirror_ds, que tienen if (IS_ERR_OR_NULL(mirror_ds)) para evitar tropezar con este escenario exacto. Solucione esto en ff_layout_cancel_io() para asegurarnos de que no entremos en p\u00e1nico cuando recibamos un error. Tambi\u00e9n revis\u00e9 todas las dem\u00e1s instancias de verificaci\u00f3n de mirror_ds y parece que estamos haciendo las verificaciones correctas en todas partes, solo desreferenciando incondicionalmente mirror_ds cuando sabemos que ser\u00eda v\u00e1lido." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26869.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26869.json index fee284f9148..e1e4f2d78fc 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26869.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26869.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to truncate meta inode pages forcely\n\nBelow race case can cause data corruption:\n\nThread A\t\t\t\tGC thread\n\t\t\t\t\t- gc_data_segment\n\t\t\t\t\t - ra_data_block\n\t\t\t\t\t - locked meta_inode page\n- f2fs_inplace_write_data\n - invalidate_mapping_pages\n : fail to invalidate meta_inode page\n due to lock failure or dirty|writeback\n status\n - f2fs_submit_page_bio\n : write last dirty data to old blkaddr\n\t\t\t\t\t - move_data_block\n\t\t\t\t\t - load old data from meta_inode page\n\t\t\t\t\t - f2fs_submit_page_write\n\t\t\t\t\t : write old data to new blkaddr\n\nBecause invalidate_mapping_pages() will skip invalidating page which\nhas unclear status including locked, dirty, writeback and so on, so\nwe need to use truncate_inode_pages_range() instead of\ninvalidate_mapping_pages() to make sure meta_inode page will be dropped." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: correcci\u00f3n para truncar las p\u00e1ginas de meta-inodo a la fuerza El siguiente caso de carrera puede causar corrupci\u00f3n de datos: Hilo Un hilo de GC - gc_data_segment - ra_data_block - p\u00e1gina de meta_inodo bloqueada - f2fs_inplace_write_data - invalidate_mapping_pages: no se puede invalidar meta_inode p\u00e1gina debido a falla de bloqueo o estado sucio|reescritura - f2fs_submit_page_bio: escribe los \u00faltimos datos sucios en el blkaddr antiguo - move_data_block - carga datos antiguos de la p\u00e1gina meta_inode - f2fs_submit_page_write: escribe datos antiguos en el blkaddr nuevo Porque invalidate_mapping_pages() omitir\u00e1 la p\u00e1gina de invalidaci\u00f3n cuyo estado no est\u00e1 claro incluyendo bloqueado, sucio, reescritura, etc., por lo que debemos usar truncate_inode_pages_range() en lugar de invalidate_mapping_pages() para asegurarnos de que la p\u00e1gina meta_inode se elimine." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26870.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26870.json index 14c2142fe2b..cc482d12ecc 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26870.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26870.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102\n\nA call to listxattr() with a buffer size = 0 returns the actual\nsize of the buffer needed for a subsequent call. When size > 0,\nnfs4_listxattr() does not return an error because either\ngeneric_listxattr() or nfs4_listxattr_nfs4_label() consumes\nexactly all the bytes then size is 0 when calling\nnfs4_listxattr_nfs4_user() which then triggers the following\nkernel BUG:\n\n [ 99.403778] kernel BUG at mm/usercopy.c:102!\n [ 99.404063] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n [ 99.408463] CPU: 0 PID: 3310 Comm: python3 Not tainted 6.6.0-61.fc40.aarch64 #1\n [ 99.415827] Call trace:\n [ 99.415985] usercopy_abort+0x70/0xa0\n [ 99.416227] __check_heap_object+0x134/0x158\n [ 99.416505] check_heap_object+0x150/0x188\n [ 99.416696] __check_object_size.part.0+0x78/0x168\n [ 99.416886] __check_object_size+0x28/0x40\n [ 99.417078] listxattr+0x8c/0x120\n [ 99.417252] path_listxattr+0x78/0xe0\n [ 99.417476] __arm64_sys_listxattr+0x28/0x40\n [ 99.417723] invoke_syscall+0x78/0x100\n [ 99.417929] el0_svc_common.constprop.0+0x48/0xf0\n [ 99.418186] do_el0_svc+0x24/0x38\n [ 99.418376] el0_svc+0x3c/0x110\n [ 99.418554] el0t_64_sync_handler+0x120/0x130\n [ 99.418788] el0t_64_sync+0x194/0x198\n [ 99.418994] Code: aa0003e3 d000a3e0 91310000 97f49bdb (d4210000)\n\nIssue is reproduced when generic_listxattr() returns 'system.nfs4_acl',\nthus calling lisxattr() with size = 16 will trigger the bug.\n\nAdd check on nfs4_listxattr() to return ERANGE error when it is\ncalled with size > 0 and the return value is greater than size." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: NFSv4.2: corrige el ERROR del kernel nfs4_listxattr en mm/usercopy.c:102 Una llamada a listxattr() con un tama\u00f1o de b\u00fafer = 0 devuelve el tama\u00f1o real del b\u00fafer necesario para un convocatoria posterior. Cuando el tama\u00f1o > 0, nfs4_listxattr() no devuelve un error porque generic_listxattr() o nfs4_listxattr_nfs4_label() consume exactamente todos los bytes, entonces el tama\u00f1o es 0 al llamar a nfs4_listxattr_nfs4_user(), lo que luego activa el siguiente ERROR del kernel: [99.403778] ERROR del kernel en mm/usercopy.c:102! [99.404063] Error interno: Ups - ERROR: 00000000f2000800 [#1] SMP [99.408463] CPU: 0 PID: 3310 Comm: python3 No contaminado 6.6.0-61.fc40.aarch64 #1 [ 99.415827] Seguimiento de llamadas: [ 99.41 5985] usercopy_abort+0x70/0xa0 [ 99.416227] __check_heap_object+0x134/0x158 [ 99.416505] check_heap_object+0x150/0x188 [ 99.416696] __check_object_size.part.0+0x78/0x168 [ 99.416886 ] __check_object_size+0x28/0x40 [ 99.417078] listxattr+0x8c/0x120 [ 99.417252] path_listxattr+0x78/0xe0 [ 99.417476] __arm64_sys_listxattr+0x28/0x40 [ 99.417723] invoke_syscall+0x78/0x100 [ 99.417929] 48/0xf0 [ 99.418186] do_el0_svc+0x24/0x38 [ 99.418376] el0_svc+0x3c/ 0x110 [ 99.418554] el0t_64_sync_handler+0x120/0x130 [ 99.418788] el0t_64_sync+0x194/0x198 [ 99.418994] C\u00f3digo: aa0003e3 d000a3e0 91310000 97f49bdb (d42 10000) El problema se reproduce cuando generic_listxattr() devuelve 'system.nfs4_acl', llamando as\u00ed a lisxattr() con tama\u00f1o = 16 activar\u00e1 el error. Agregue verificaci\u00f3n en nfs4_listxattr() para devolver el error ERANGE cuando se llama con un tama\u00f1o > 0 y el valor de retorno es mayor que el tama\u00f1o." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26871.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26871.json index ee6b12eccf5..a4b428e152c 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26871.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26871.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix NULL pointer dereference in f2fs_submit_page_write()\n\nBUG: kernel NULL pointer dereference, address: 0000000000000014\nRIP: 0010:f2fs_submit_page_write+0x6cf/0x780 [f2fs]\nCall Trace:\n\n? show_regs+0x6e/0x80\n? __die+0x29/0x70\n? page_fault_oops+0x154/0x4a0\n? prb_read_valid+0x20/0x30\n? __irq_work_queue_local+0x39/0xd0\n? irq_work_queue+0x36/0x70\n? do_user_addr_fault+0x314/0x6c0\n? exc_page_fault+0x7d/0x190\n? asm_exc_page_fault+0x2b/0x30\n? f2fs_submit_page_write+0x6cf/0x780 [f2fs]\n? f2fs_submit_page_write+0x736/0x780 [f2fs]\ndo_write_page+0x50/0x170 [f2fs]\nf2fs_outplace_write_data+0x61/0xb0 [f2fs]\nf2fs_do_write_data_page+0x3f8/0x660 [f2fs]\nf2fs_write_single_data_page+0x5bb/0x7a0 [f2fs]\nf2fs_write_cache_pages+0x3da/0xbe0 [f2fs]\n...\nIt is possible that other threads have added this fio to io->bio\nand submitted the io->bio before entering f2fs_submit_page_write().\nAt this point io->bio = NULL.\nIf is_end_zone_blkaddr(sbi, fio->new_blkaddr) of this fio is true,\nthen an NULL pointer dereference error occurs at bio_get(io->bio).\nThe original code for determining zone end was after \"out:\",\nwhich would have missed some fio who is zone end. I've moved\n this code before \"skip:\" to make sure it's done for each fio." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: corrige la desreferencia del puntero NULL en f2fs_submit_page_write() ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 0000000000000014 RIP: 0010:f2fs_submit_page_write+0x6cf/0x780 [f2fs] Seguimiento de llamadas: ? show_regs+0x6e/0x80? __morir+0x29/0x70 ? page_fault_oops+0x154/0x4a0? prb_read_valid+0x20/0x30? __irq_work_queue_local+0x39/0xd0 ? irq_work_queue+0x36/0x70? do_user_addr_fault+0x314/0x6c0? exc_page_fault+0x7d/0x190? asm_exc_page_fault+0x2b/0x30? f2fs_submit_page_write+0x6cf/0x780 [f2fs] ? f2fs_submit_page_write+0x736/0x780 [f2fs] do_write_page+0x50/0x170 [f2fs] f2fs_outplace_write_data+0x61/0xb0 [f2fs] f2fs_do_write_data_page+0x3f8/0x660 [f2fs] f2fs_write_single_data_page+0 x5bb/0x7a0 [f2fs] f2fs_write_cache_pages+0x3da/0xbe0 [f2fs] .. Es posible que otros hilos hayan agregado este fio a io->bio y hayan enviado el io->bio antes de ingresar a f2fs_submit_page_write(). En este punto io->bio = NULL. Si is_end_zone_blkaddr(sbi, fio->new_blkaddr) de este fio es verdadero, entonces se produce un error de desreferencia de puntero NULL en bio_get(io->bio). El c\u00f3digo original para determinar el final de la zona estaba despu\u00e9s de \"out:\", lo que habr\u00eda pasado por alto a alg\u00fan fio que es el final de la zona. Mov\u00ed este c\u00f3digo antes de \"omitir:\" para asegurarme de que est\u00e9 hecho para cada fio." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26872.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26872.json index 3e0fa20ab39..e5e0633c709 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26872.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26872.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/srpt: Do not register event handler until srpt device is fully setup\n\nUpon rare occasions, KASAN reports a use-after-free Write\nin srpt_refresh_port().\n\nThis seems to be because an event handler is registered before the\nsrpt device is fully setup and a race condition upon error may leave a\npartially setup event handler in place.\n\nInstead, only register the event handler after srpt device initialization\nis complete." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: RDMA/srpt: no registrar el controlador de eventos hasta que el dispositivo srpt est\u00e9 completamente configurado. En raras ocasiones, KASAN informa una escritura de use-after-free en srpt_refresh_port(). Esto parece deberse a que se registra un controlador de eventos antes de que el dispositivo srpt est\u00e9 completamente configurado y una condici\u00f3n de carrera en caso de error puede dejar en su lugar un controlador de eventos parcialmente configurado. En su lugar, registre el controlador de eventos solo despu\u00e9s de que se complete la inicializaci\u00f3n del dispositivo srpt." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26873.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26873.json index 55f79d176f4..6aeccf2e716 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26873.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26873.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Fix a deadlock issue related to automatic dump\n\nIf we issue a disabling PHY command, the device attached with it will go\noffline, if a 2 bit ECC error occurs at the same time, a hung task may be\nfound:\n\n[ 4613.652388] INFO: task kworker/u256:0:165233 blocked for more than 120 seconds.\n[ 4613.666297] \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.674809] task:kworker/u256:0 state:D stack: 0 pid:165233 ppid: 2 flags:0x00000208\n[ 4613.683959] Workqueue: 0000:74:02.0_disco_q sas_revalidate_domain [libsas]\n[ 4613.691518] Call trace:\n[ 4613.694678] __switch_to+0xf8/0x17c\n[ 4613.698872] __schedule+0x660/0xee0\n[ 4613.703063] schedule+0xac/0x240\n[ 4613.706994] schedule_timeout+0x500/0x610\n[ 4613.711705] __down+0x128/0x36c\n[ 4613.715548] down+0x240/0x2d0\n[ 4613.719221] hisi_sas_internal_abort_timeout+0x1bc/0x260 [hisi_sas_main]\n[ 4613.726618] sas_execute_internal_abort+0x144/0x310 [libsas]\n[ 4613.732976] sas_execute_internal_abort_dev+0x44/0x60 [libsas]\n[ 4613.739504] hisi_sas_internal_task_abort_dev.isra.0+0xbc/0x1b0 [hisi_sas_main]\n[ 4613.747499] hisi_sas_dev_gone+0x174/0x250 [hisi_sas_main]\n[ 4613.753682] sas_notify_lldd_dev_gone+0xec/0x2e0 [libsas]\n[ 4613.759781] sas_unregister_common_dev+0x4c/0x7a0 [libsas]\n[ 4613.765962] sas_destruct_devices+0xb8/0x120 [libsas]\n[ 4613.771709] sas_do_revalidate_domain.constprop.0+0x1b8/0x31c [libsas]\n[ 4613.778930] sas_revalidate_domain+0x60/0xa4 [libsas]\n[ 4613.784716] process_one_work+0x248/0x950\n[ 4613.789424] worker_thread+0x318/0x934\n[ 4613.793878] kthread+0x190/0x200\n[ 4613.797810] ret_from_fork+0x10/0x18\n[ 4613.802121] INFO: task kworker/u256:4:316722 blocked for more than 120 seconds.\n[ 4613.816026] \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.824538] task:kworker/u256:4 state:D stack: 0 pid:316722 ppid: 2 flags:0x00000208\n[ 4613.833670] Workqueue: 0000:74:02.0 hisi_sas_rst_work_handler [hisi_sas_main]\n[ 4613.841491] Call trace:\n[ 4613.844647] __switch_to+0xf8/0x17c\n[ 4613.848852] __schedule+0x660/0xee0\n[ 4613.853052] schedule+0xac/0x240\n[ 4613.856984] schedule_timeout+0x500/0x610\n[ 4613.861695] __down+0x128/0x36c\n[ 4613.865542] down+0x240/0x2d0\n[ 4613.869216] hisi_sas_controller_prereset+0x58/0x1fc [hisi_sas_main]\n[ 4613.876324] hisi_sas_rst_work_handler+0x40/0x8c [hisi_sas_main]\n[ 4613.883019] process_one_work+0x248/0x950\n[ 4613.887732] worker_thread+0x318/0x934\n[ 4613.892204] kthread+0x190/0x200\n[ 4613.896118] ret_from_fork+0x10/0x18\n[ 4613.900423] INFO: task kworker/u256:1:348985 blocked for more than 121 seconds.\n[ 4613.914341] \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.922852] task:kworker/u256:1 state:D stack: 0 pid:348985 ppid: 2 flags:0x00000208\n[ 4613.931984] Workqueue: 0000:74:02.0_event_q sas_port_event_worker [libsas]\n[ 4613.939549] Call trace:\n[ 4613.942702] __switch_to+0xf8/0x17c\n[ 4613.946892] __schedule+0x660/0xee0\n[ 4613.951083] schedule+0xac/0x240\n[ 4613.955015] schedule_timeout+0x500/0x610\n[ 4613.959725] wait_for_common+0x200/0x610\n[ 4613.964349] wait_for_completion+0x3c/0x5c\n[ 4613.969146] flush_workqueue+0x198/0x790\n[ 4613.973776] sas_porte_broadcast_rcvd+0x1e8/0x320 [libsas]\n[ 4613.979960] sas_port_event_worker+0x54/0xa0 [libsas]\n[ 4613.985708] process_one_work+0x248/0x950\n[ 4613.990420] worker_thread+0x318/0x934\n[ 4613.994868] kthread+0x190/0x200\n[ 4613.998800] ret_from_fork+0x10/0x18\n\nThis is because when the device goes offline, we obtain the hisi_hba\nsemaphore and send the ABORT_DEV command to the device. However, the\ninternal abort timed out due to the 2 bit ECC error and triggers automatic\ndump. In addition, since the hisi_hba semaphore has been obtained, the dump\ncannot be executed and the controller cannot be reset.\n\nTherefore, the deadlocks occur on the following circular dependencies\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: hisi_sas: soluciona un problema de interbloqueo relacionado con el volcado autom\u00e1tico. Si emitimos un comando de desactivaci\u00f3n PHY, el dispositivo conectado se desconectar\u00e1 si se produce un error ECC de 2 bits en el Al mismo tiempo, se puede encontrar una tarea colgada: [ 4613.652388] INFORMACI\u00d3N: tarea kworker/u256:0:165233 bloqueada durante m\u00e1s de 120 segundos. [4613.666297] \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" desactiva este mensaje. [ 4613.674809] tarea:kworker/u256:0 estado:D pila: 0 pid:165233 ppid: 2 banderas:0x00000208 [ 4613.683959] Cola de trabajo: 0000:74:02.0_disco_q sas_revalidate_domain [libsas] [ 4613.691518] Rastreo de llamadas: [4613.694678] __switch_to +0xf8/0x17c [ 4613.698872] __programaci\u00f3n+0x660/0xee0 [ 4613.703063] programaci\u00f3n+0xac/0x240 [ 4613.706994] programaci\u00f3n_timeout+0x500/0x610 [ 4613.711705] c [ 4613.715548] abajo+0x240/0x2d0 [ 4613.719221] hisi_sas_internal_abort_timeout+0x1bc /0x260 [hisi_sas_main] [ 4613.726618] sas_execute_internal_abort+0x144/0x310 [libsas] [ 4613.732976] sas_execute_internal_abort_dev+0x44/0x60 [libsas] [ 4613.739504] _dev.isra.0+0xbc/0x1b0 [hisi_sas_main] [ 4613.747499] hisi_sas_dev_gone+0x174/0x250 [hisi_sas_main] [ 4613.753682] sas_notify_lldd_dev_gone+0xec/0x2e0 [libsas] [ 4613.759781] sas_unregister_common_dev+0x4c/0x7a0 [libsas] [ 4613.765962] sas_destruct_devices+0xb8/0x120 [libsas] [ 4613.771709] sas_do_revalidate_domain.constprop.0+0x1b8/0x31c [libsas ] [ 4613.778930] sas_revalidate_domain+0x60/0xa4 [libsas] [ 4613.784716] Process_one_work+0x248/0x950 [ 4613.789424] trabajador_thread+0x318/0x934 [ 4613.793878] 0x200 [4613.797810] ret_from_fork+0x10/0x18 [4613.802121] INFORMACI\u00d3N: tarea kworker/u256:4:316722 bloqueado durante m\u00e1s de 120 segundos. [4613.816026] \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" desactiva este mensaje. [ 4613.824538] tarea:kworker/u256:4 estado:D pila: 0 pid:316722 ppid: 2 banderas:0x00000208 [ 4613.833670] Cola de trabajo: 0000:74:02.0 hisi_sas_rst_work_handler [hisi_sas_main] [ 4613.841491 ] Rastreo de llamadas: [4613.844647] __switch_to+ 0xf8/0x17c [ 4613.848852] __programaci\u00f3n+0x660/0xee0 [ 4613.853052] programaci\u00f3n+0xac/0x240 [ 4613.856984] programaci\u00f3n_timeout+0x500/0x610 [ 4613.861695] c [ 4613.865542] abajo+0x240/0x2d0 [ 4613.869216] hisi_sas_controller_prereset+0x58/ 0x1fc [hisi_sas_main] [ 4613.876324] hisi_sas_rst_work_handler+0x40/0x8c [hisi_sas_main] [ 4613.883019] Process_one_work+0x248/0x950 [ 4613.887732] trabajador_thread+0x318/0x934 [ 461 3.892204] kthread+0x190/0x200 [ 4613.896118] ret_from_fork+0x10/0x18 [ 4613.900423] INFORMACI\u00d3N: tarea kworker/u256:1:348985 bloqueada durante m\u00e1s de 121 segundos. [4613.914341] \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" desactiva este mensaje. [ 4613.922852] tarea:kworker/u256:1 estado:D pila: 0 pid:348985 ppid: 2 banderas:0x00000208 [ 4613.931984] Cola de trabajo: 0000:74:02.0_event_q sas_port_event_worker [libsas] [ 4613.939549] Rastreo de llamadas: [4613.942702] __switch_to +0xf8/0x17c [ 4613.946892] __schedule+0x660/0xee0 [ 4613.951083] Schedule+0xac/0x240 [ 4613.955015] Schedule_timeout+0x500/0x610 [ 4613.959725] x610 [ 4613.964349] espera_para_compleci\u00f3n+0x3c/0x5c [ 4613.969146] descarga_cola de trabajo+0x198 /0x790 [ 4613.973776] sas_porte_broadcast_rcvd+0x1e8/0x320 [libsas] [ 4613.979960] sas_port_event_worker+0x54/0xa0 [libsas] [ 4613.985708] Process_one_work+0x248/0x950 [ 4613.9 90420] hilo_trabajador+0x318/0x934 [ 4613.994868] kthread+0x190/0x200 [ 4613.998800 ] ret_from_fork+0x10/0x18 Esto se debe a que cuando el dispositivo se desconecta, obtenemos el sem\u00e1foro hisi_hba y enviamos el comando ABORT_DEV al dispositivo. Sin embargo, el aborto interno expir\u00f3 debido al error ECC de 2 bits y activa el volcado autom\u00e1tico. Adem\u00e1s, dado que se obtuvo el sem\u00e1foro hisi_hba, el volcado no se puede ejecutar y el controlador no se puede restablecer. Por lo tanto, los interbloqueos ocurren en las siguientes dependencias circulares ---truncadas---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26874.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26874.json index eb4166f1cc9..102dd1b3af4 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26874.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26874.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip\n\nIt's possible that mtk_crtc->event is NULL in\nmtk_drm_crtc_finish_page_flip().\n\npending_needs_vblank value is set by mtk_crtc->event, but in\nmtk_drm_crtc_atomic_flush(), it's is not guarded by the same\nlock in mtk_drm_finish_page_flip(), thus a race condition happens.\n\nConsider the following case:\n\nCPU1 CPU2\nstep 1:\nmtk_drm_crtc_atomic_begin()\nmtk_crtc->event is not null,\n step 1:\n mtk_drm_crtc_atomic_flush:\n mtk_drm_crtc_update_config(\n !!mtk_crtc->event)\nstep 2:\nmtk_crtc_ddp_irq ->\nmtk_drm_finish_page_flip:\nlock\nmtk_crtc->event set to null,\npending_needs_vblank set to false\nunlock\n pending_needs_vblank set to true,\n\n step 2:\n mtk_crtc_ddp_irq ->\n mtk_drm_finish_page_flip called again,\n pending_needs_vblank is still true\n //null pointer\n\nInstead of guarding the entire mtk_drm_crtc_atomic_flush(), it's more\nefficient to just check if mtk_crtc->event is null before use." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/mediatek: corrige un fallo del puntero nulo en mtk_drm_crtc_finish_page_flip Es posible que mtk_crtc->event sea NULL en mtk_drm_crtc_finish_page_flip(). El valor pendiente_needs_vblank lo establece mtk_crtc->event, pero en mtk_drm_crtc_atomic_flush(), no est\u00e1 protegido por el mismo bloqueo en mtk_drm_finish_page_flip(), por lo que ocurre una condici\u00f3n de carrera. Considere el siguiente caso: CPU1 CPU2 paso 1: mtk_drm_crtc_atomic_begin() mtk_crtc->event is not null, paso 1: mtk_drm_crtc_atomic_flush: mtk_drm_crtc_update_config( !!mtk_crtc->event) paso 2: mtk_crtc_ddp_irq -> mtk_drm_finish _page_flip: bloquear mtk_crtc->evento establecido en nulo, pendiente_needs_vblank configurado en falso desbloqueo pendiente_needs_vblank configurado en verdadero, paso 2: mtk_crtc_ddp_irq -> mtk_drm_finish_page_flip llamado nuevamente, pendiente_needs_vblank sigue siendo verdadero //puntero nulo En lugar de proteger todo el mtk_drm_crtc_atomic_flush(), es m\u00e1s eficiente simplemente verificar si mtk_crtc->even t es nulo antes de su uso." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26875.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26875.json index 449df9801e1..a68806a3ef9 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26875.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26875.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pvrusb2: fix uaf in pvr2_context_set_notify\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in pvr2_context_set_notify+0x2c4/0x310 drivers/media/usb/pvrusb2/pvrusb2-context.c:35\nRead of size 4 at addr ffff888113aeb0d8 by task kworker/1:1/26\n\nCPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.8.0-rc1-syzkaller-00046-gf1a27f081c1f #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nWorkqueue: usb_hub_wq hub_event\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc4/0x620 mm/kasan/report.c:488\n kasan_report+0xda/0x110 mm/kasan/report.c:601\n pvr2_context_set_notify+0x2c4/0x310 drivers/media/usb/pvrusb2/pvrusb2-context.c:35\n pvr2_context_notify drivers/media/usb/pvrusb2/pvrusb2-context.c:95 [inline]\n pvr2_context_disconnect+0x94/0xb0 drivers/media/usb/pvrusb2/pvrusb2-context.c:272\n\nFreed by task 906:\nkasan_save_stack+0x33/0x50 mm/kasan/common.c:47\nkasan_save_track+0x14/0x30 mm/kasan/common.c:68\nkasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640\npoison_slab_object mm/kasan/common.c:241 [inline]\n__kasan_slab_free+0x106/0x1b0 mm/kasan/common.c:257\nkasan_slab_free include/linux/kasan.h:184 [inline]\nslab_free_hook mm/slub.c:2121 [inline]\nslab_free mm/slub.c:4299 [inline]\nkfree+0x105/0x340 mm/slub.c:4409\npvr2_context_check drivers/media/usb/pvrusb2/pvrusb2-context.c:137 [inline]\npvr2_context_thread_func+0x69d/0x960 drivers/media/usb/pvrusb2/pvrusb2-context.c:158\n\n[Analyze]\nTask A set disconnect_flag = !0, which resulted in Task B's condition being met\nand releasing mp, leading to this issue.\n\n[Fix]\nPlace the disconnect_flag assignment operation after all code in pvr2_context_disconnect()\nto avoid this issue." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: pvrusb2: corrige uaf en pvr2_context_set_notify [Syzbot inform\u00f3] ERROR: KASAN: slab-use-after-free en pvr2_context_set_notify+0x2c4/0x310 drivers/media/usb/pvrusb2/pvrusb2 -context.c:35 Lectura del tama\u00f1o 4 en la direcci\u00f3n ffff888113aeb0d8 por tarea kworker/1:1/26 CPU: 1 PID: 26 Comm: kworker/1:1 No contaminado 6.8.0-rc1-syzkaller-00046-gf1a27f081c1f #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 25/01/2024 Cola de trabajo: usb_hub_wq hub_event Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c :106 print_address_description mm/kasan/report.c:377 [en l\u00ednea] print_report+0xc4/0x620 mm/kasan/report.c:488 kasan_report+0xda/0x110 mm/kasan/report.c:601 pvr2_context_set_notify+0x2c4/0x310 controladores/ media/usb/pvrusb2/pvrusb2-context.c:35 pvr2_context_notify controladores/media/usb/pvrusb2/pvrusb2-context.c:95 [en l\u00ednea] pvr2_context_disconnect+0x94/0xb0 controladores/media/usb/pvrusb2/pvrusb2-context.c :272 Liberado por la tarea 906: kasan_save_stack+0x33/0x50 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 kasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640 veneno_slab_object mm/kasan/common.c:241 [en l\u00ednea] __kasan_slab_free+0x106/0x1b0 mm/kasan/common.c:257 kasan_slab_free include/linux/kasan.h:184 [en l\u00ednea] slab_free_hook mm/slub.c:2121 [en l\u00ednea] slab_free mm/slub.c:4299 [en l\u00ednea] kfree+0x105/0x340 mm/slub.c:4409 pvr2_context_check drivers/media/usb/pvrusb2/pvrusb2-context.c:137 [en l\u00ednea] pvr2_context_thread_func+0x69d/0x960 controladores/medios /usb/pvrusb2/pvrusb2-context.c:158 [Analizar] La tarea A estableci\u00f3 desconectar_flag = !0, lo que result\u00f3 en que se cumpliera la condici\u00f3n de la tarea B y se liberara mp, lo que gener\u00f3 este problema. [Soluci\u00f3n] Coloque la operaci\u00f3n de asignaci\u00f3nconnect_flag despu\u00e9s de todo el c\u00f3digo en pvr2_context_disconnect() para evitar este problema." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26876.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26876.json index fe637e78735..ee52edbbd99 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26876.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26876.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: adv7511: fix crash on irq during probe\n\nMoved IRQ registration down to end of adv7511_probe().\n\nIf an IRQ already is pending during adv7511_probe\n(before adv7511_cec_init) then cec_received_msg_ts\ncould crash using uninitialized data:\n\n Unable to handle kernel read from unreadable memory at virtual address 00000000000003d5\n Internal error: Oops: 96000004 [#1] PREEMPT_RT SMP\n Call trace:\n cec_received_msg_ts+0x48/0x990 [cec]\n adv7511_cec_irq_process+0x1cc/0x308 [adv7511]\n adv7511_irq_process+0xd8/0x120 [adv7511]\n adv7511_irq_handler+0x1c/0x30 [adv7511]\n irq_thread_fn+0x30/0xa0\n irq_thread+0x14c/0x238\n kthread+0x190/0x1a8" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/bridge: adv7511: corrige el fallo en irq durante la sonda Se movi\u00f3 el registro de IRQ al final de adv7511_probe(). Si ya hay una IRQ pendiente durante adv7511_probe (antes de adv7511_cec_init), entonces cec_received_msg_ts podr\u00eda fallar usando datos no inicializados: No se puede manejar la lectura del kernel desde memoria ilegible en la direcci\u00f3n virtual 00000000000003d5 Error interno: Ups: 96000004 [#1] PREEMPT_RT SMP Seguimiento de llamadas: _ts+0x48 /0x990 [cec] adv7511_cec_irq_process+0x1cc/0x308 [adv7511] adv7511_irq_process+0xd8/0x120 [adv7511] adv7511_irq_handler+0x1c/0x30 [adv7511] irq_thread_fn+0x30/0xa0 leer+0x14c/0x238 khilo+0x190/0x1a8" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26877.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26877.json index f1e33374de8..2904ec1b762 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26877.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26877.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: xilinx - call finalize with bh disabled\n\nWhen calling crypto_finalize_request, BH should be disabled to avoid\ntriggering the following calltrace:\n\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 74 at crypto/crypto_engine.c:58 crypto_finalize_request+0xa0/0x118\n Modules linked in: cryptodev(O)\n CPU: 2 PID: 74 Comm: firmware:zynqmp Tainted: G O 6.8.0-rc1-yocto-standard #323\n Hardware name: ZynqMP ZCU102 Rev1.0 (DT)\n pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : crypto_finalize_request+0xa0/0x118\n lr : crypto_finalize_request+0x104/0x118\n sp : ffffffc085353ce0\n x29: ffffffc085353ce0 x28: 0000000000000000 x27: ffffff8808ea8688\n x26: ffffffc081715038 x25: 0000000000000000 x24: ffffff880100db00\n x23: ffffff880100da80 x22: 0000000000000000 x21: 0000000000000000\n x20: ffffff8805b14000 x19: ffffff880100da80 x18: 0000000000010450\n x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n x14: 0000000000000003 x13: 0000000000000000 x12: ffffff880100dad0\n x11: 0000000000000000 x10: ffffffc0832dcd08 x9 : ffffffc0812416d8\n x8 : 00000000000001f4 x7 : ffffffc0830d2830 x6 : 0000000000000001\n x5 : ffffffc082091000 x4 : ffffffc082091658 x3 : 0000000000000000\n x2 : ffffffc7f9653000 x1 : 0000000000000000 x0 : ffffff8802d20000\n Call trace:\n crypto_finalize_request+0xa0/0x118\n crypto_finalize_aead_request+0x18/0x30\n zynqmp_handle_aes_req+0xcc/0x388\n crypto_pump_work+0x168/0x2d8\n kthread_worker_fn+0xfc/0x3a0\n kthread+0x118/0x138\n ret_from_fork+0x10/0x20\n irq event stamp: 40\n hardirqs last enabled at (39): [] _raw_spin_unlock_irqrestore+0x70/0xb0\n hardirqs last disabled at (40): [] el1_dbg+0x28/0x90\n softirqs last enabled at (36): [] kernel_neon_begin+0x8c/0xf0\n softirqs last disabled at (34): [] kernel_neon_begin+0x60/0xf0\n ---[ end trace 0000000000000000 ]---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: xilinx - llamada a finalizar con bh deshabilitado Al llamar a crypto_finalize_request, BH debe estar deshabilitado para evitar que se active el siguiente seguimiento de llamadas: ------------[ cut aqu\u00ed ]------------ ADVERTENCIA: CPU: 2 PID: 74 en crypto/crypto_engine.c:58 crypto_finalize_request+0xa0/0x118 M\u00f3dulos vinculados en: cryptodev(O) CPU: 2 PID: 74 Comm : firmware:zynqmp Contaminado: GO 6.8.0-rc1-yocto-standard #323 Nombre del hardware: ZynqMP ZCU102 Rev1.0 (DT) pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc: crypto_finalize_request+0xa0/0x118 lr: crypto_finalize_request+0x104/0x118 sp: ffffffc085353ce0 x29: ffffffc085353ce0 x28: 00000000000000000 x27: ffffff8808ea8688 x26: 15038 x25: 0000000000000000 x24: ffffff880100db00 x23: ffffff880100da80 x22: 0000000000000000 x21: 0000000000000000 x20: ffffff8805b14000 x19: ffffff880100da80 x18: 0000000000010450 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000003 x13: 0000000000000000 x12: ffffff880100dad0 x11: 0000000000000000 x10: ffffffc0832dcd08 x9 : ffffffc0812416d8 x8 : 00000000000001f4 x7 : ffffffc0830d2830 x6 : 0000000000000001 x5 : ffffffc082091000 x4 : ffffffc082091658 x3 : 0000000000000000 x2 : ffffffc7f9653000 x1: 0000000000000000 x0: ffffff8802d20000 Rastreo de llamadas: crypto_finalize_request+0xa0/0x118 crypto_finalize_aead_request+0x18/0x30 zynqmp_handle_aes_req+0xcc/0x388 crypto_pump_work+0x 168/0x2d8 kthread_worker_fn+0xfc/0x3a0 kthread+0x118/0x138 ret_from_fork+0x10/0x20 sello de evento irq: 40 hardirqs habilitado por \u00faltima vez en (39): [] _raw_spin_unlock_irqrestore+0x70/0xb0 hardirqs habilitado por \u00faltima vez en (40): [] el1_dbg+0x28/0x90 softirqs habilitado por \u00faltima vez en (36): [] _comenzar +0x8c/0xf0 softirqs se deshabilit\u00f3 por \u00faltima vez en (34): [] kernel_neon_begin+0x60/0xf0 ---[ final de seguimiento 0000000000000000 ]---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26878.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26878.json index 21efd499fac..58718822d48 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26878.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26878.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nquota: Fix potential NULL pointer dereference\n\nBelow race may cause NULL pointer dereference\n\nP1\t\t\t\t\tP2\ndquot_free_inode\t\t\tquota_off\n\t\t\t\t\t drop_dquot_ref\n\t\t\t\t\t remove_dquot_ref\n\t\t\t\t\t dquots = i_dquot(inode)\n dquots = i_dquot(inode)\n srcu_read_lock\n dquots[cnt]) != NULL (1)\n\t\t\t\t\t dquots[type] = NULL (2)\n spin_lock(&dquots[cnt]->dq_dqb_lock) (3)\n ....\n\nIf dquot_free_inode(or other routines) checks inode's quota pointers (1)\nbefore quota_off sets it to NULL(2) and use it (3) after that, NULL pointer\ndereference will be triggered.\n\nSo let's fix it by using a temporary pointer to avoid this issue." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cuota: corrige una posible desreferencia del puntero NULL La siguiente carrera puede causar una desreferencia del puntero NULL P1 P2 dquot_free_inode quote_off drop_dquot_ref remove_dquot_ref dquots = i_dquot(inode) dquots = i_dquot(inode) srcu_read_lock dquots[cnt]) != NULL (1) dquots[tipo] = NULL (2) spin_lock(&dquots[cnt]->dq_dqb_lock) (3) .... Si dquot_free_inode(u otras rutinas) verifica los punteros de cuota del inodo (1) antes de que cuota_off lo establezca a NULL(2) y usarlo (3) despu\u00e9s de eso, se activar\u00e1 la desreferencia del puntero NULL. Entonces, solucion\u00e9moslo usando un puntero temporal para evitar este problema." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26879.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26879.json index 8911578ceb8..24a9cac50dc 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26879.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26879.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: meson: Add missing clocks to axg_clk_regmaps\n\nSome clocks were missing from axg_clk_regmaps, which caused kernel panic\nduring cat /sys/kernel/debug/clk/clk_summary\n\n[ 57.349402] Unable to handle kernel NULL pointer dereference at virtual address 00000000000001fc\n...\n[ 57.430002] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 57.436900] pc : regmap_read+0x1c/0x88\n[ 57.440608] lr : clk_regmap_gate_is_enabled+0x3c/0xb0\n[ 57.445611] sp : ffff800082f1b690\n[ 57.448888] x29: ffff800082f1b690 x28: 0000000000000000 x27: ffff800080eb9a70\n[ 57.455961] x26: 0000000000000007 x25: 0000000000000016 x24: 0000000000000000\n[ 57.463033] x23: ffff800080e8b488 x22: 0000000000000015 x21: ffff00000e7e7000\n[ 57.470106] x20: ffff00000400ec00 x19: 0000000000000000 x18: ffffffffffffffff\n[ 57.477178] x17: 0000000000000000 x16: 0000000000000000 x15: ffff0000042a3000\n[ 57.484251] x14: 0000000000000000 x13: ffff0000042a2fec x12: 0000000005f5e100\n[ 57.491323] x11: abcc77118461cefd x10: 0000000000000020 x9 : ffff8000805e4b24\n[ 57.498396] x8 : ffff0000028063c0 x7 : ffff800082f1b710 x6 : ffff800082f1b710\n[ 57.505468] x5 : 00000000ffffffd0 x4 : ffff800082f1b6e0 x3 : 0000000000001000\n[ 57.512541] x2 : ffff800082f1b6e4 x1 : 000000000000012c x0 : 0000000000000000\n[ 57.519615] Call trace:\n[ 57.522030] regmap_read+0x1c/0x88\n[ 57.525393] clk_regmap_gate_is_enabled+0x3c/0xb0\n[ 57.530050] clk_core_is_enabled+0x44/0x120\n[ 57.534190] clk_summary_show_subtree+0x154/0x2f0\n[ 57.538847] clk_summary_show_subtree+0x220/0x2f0\n[ 57.543505] clk_summary_show_subtree+0x220/0x2f0\n[ 57.548162] clk_summary_show_subtree+0x220/0x2f0\n[ 57.552820] clk_summary_show_subtree+0x220/0x2f0\n[ 57.557477] clk_summary_show_subtree+0x220/0x2f0\n[ 57.562135] clk_summary_show_subtree+0x220/0x2f0\n[ 57.566792] clk_summary_show_subtree+0x220/0x2f0\n[ 57.571450] clk_summary_show+0x84/0xb8\n[ 57.575245] seq_read_iter+0x1bc/0x4b8\n[ 57.578954] seq_read+0x8c/0xd0\n[ 57.582059] full_proxy_read+0x68/0xc8\n[ 57.585767] vfs_read+0xb0/0x268\n[ 57.588959] ksys_read+0x70/0x108\n[ 57.592236] __arm64_sys_read+0x24/0x38\n[ 57.596031] invoke_syscall+0x50/0x128\n[ 57.599740] el0_svc_common.constprop.0+0x48/0xf8\n[ 57.604397] do_el0_svc+0x28/0x40\n[ 57.607675] el0_svc+0x34/0xb8\n[ 57.610694] el0t_64_sync_handler+0x13c/0x158\n[ 57.615006] el0t_64_sync+0x190/0x198\n[ 57.618635] Code: a9bd7bfd 910003fd a90153f3 aa0003f3 (b941fc00)\n[ 57.624668] ---[ end trace 0000000000000000 ]---\n\n[jbrunet: add missing Fixes tag]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: clk: meson: Agregar relojes faltantes a axg_clk_regmaps Faltaban algunos relojes en axg_clk_regmaps, lo que provoc\u00f3 p\u00e1nico en el kernel durante cat /sys/kernel/debug/clk/clk_summary [ 57.349402] No se puede manejar Kernel Null Pointer Derferencia en la direcci\u00f3n virtual 0000000000000001FC ... [57.430002] PState: 6000000005 (NZCV DAIF -PAN -UAO -TCO -DIT -SSBS BTYPE = -) [57.436900] PC: RegMap_read+0x1c/0x888 [57.44060608] CLK_REGMAP_GATE_IS_Enabled+0x3c/0xb0 [57.445611] SP: FFFFF800082F1B690 [57.448888] x29: ffff800082f1b690 x28: 0000000000000000000000000000808080B9A70 [57. 000000000007 x25: 000000000000000016 X24: 000000000000000000 [57.463033] X23: FFFF800080E8B488 X22: 000000000000000015 X21: FFFFFF00000E7E7000 [57.470106] X20: FFFF00000400EC00 X19: 000000000000000000 X18: FFFFFFFFFFFFFFF [57.477178] x17: 00000000000000000000000016: 000000000000000000 X15: FFFFFFFF0000042A3000 [57.484251] X14 2fec x12: 000000000005F5E100 [57.491323] x11: ABCC77118461CEFD x10: 0000000000000020 X9: FFFF8000805E4B24 [57.498396] x8: FFFF0000028063C0 X7: FFFF800082F1B710 X6: FFFF800082F1B710 [57.505468] x5: 0000000000ffffd0 x4: ffffff800082f1b6e0 x3: 00000000001000 [57.512541] 0000000000012C x0: 000000000000000000 [57.519615] Traza de llamada: [57.522030] regMap_read+0x1c/0x88 [57.525393] clk_regmap_gate_is_enabled+ 0x3c/0xb0 [ 57.530050] clk_core_is_enabled+0x44/0x120 [ 57.534190] clk_summary_show_subtree+0x154/0x2f0 [ 57.538847] clk_summary_show_subtree+0x220/0x2f0 [ 57.543505 ] clk_summary_show_subtree+0x220/0x2f0 [ 57.548162] clk_summary_show_subtree+0x220/0x2f0 [ 57.552820] clk_summary_show_subtree+0x220/ 0x2f0 [ 57.557477] clk_summary_show_subtree+0x220/0x2f0 [ 57.562135] clk_summary_show_subtree+0x220/0x2f0 [ 57.566792] clk_summary_show_subtree+0x220/0x2f0 [ 57.571450] cl k_summary_show+0x84/0xb8 [ 57.575245] seq_read_iter+0x1bc/0x4b8 [ 57.578954] seq_read+0x8c/0xd0 [ 57.582059] full_proxy_read+0x68/0xc8 [ 57.585767] vfs_read+0xb0/0x268 [ 57.588959] ksys_read+0x70/0x108 [ 57.592236] __arm64_sys_read+0x24/0x38 [ 57.59 6031] invoke_syscall+0x50/0x128 [ 57.599740] el0_svc_common.constprop.0+0x48/ 0xf8 [ 57.604397] do_el0_svc+0x28/0x40 [ 57.607675] el0_svc+0x34/0xb8 [ 57.610694] el0t_64_sync_handler+0x13c/0x158 [ 57.615006] /0x198 [ 57.618635] C\u00f3digo: a9bd7bfd 910003fd a90153f3 aa0003f3 (b941fc00) [ 57.624668] -- -[ seguimiento final 0000000000000000 ]--- [jbrunet: agregar etiqueta de correcciones faltantes]" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26880.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26880.json index e78768f4ade..1a0a4adfb89 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26880.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26880.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: call the resume method on internal suspend\n\nThere is this reported crash when experimenting with the lvm2 testsuite.\nThe list corruption is caused by the fact that the postsuspend and resume\nmethods were not paired correctly; there were two consecutive calls to the\norigin_postsuspend function. The second call attempts to remove the\n\"hash_list\" entry from a list, while it was already removed by the first\ncall.\n\nFix __dm_internal_resume so that it calls the preresume and resume\nmethods of the table's targets.\n\nIf a preresume method of some target fails, we are in a tricky situation.\nWe can't return an error because dm_internal_resume isn't supposed to\nreturn errors. We can't return success, because then the \"resume\" and\n\"postsuspend\" methods would not be paired correctly. So, we set the\nDMF_SUSPENDED flag and we fake normal suspend - it may confuse userspace\ntools, but it won't cause a kernel crash.\n\n------------[ cut here ]------------\nkernel BUG at lib/list_debug.c:56!\ninvalid opcode: 0000 [#1] PREEMPT SMP\nCPU: 1 PID: 8343 Comm: dmsetup Not tainted 6.8.0-rc6 #4\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\nRIP: 0010:__list_del_entry_valid_or_report+0x77/0xc0\n\nRSP: 0018:ffff8881b831bcc0 EFLAGS: 00010282\nRAX: 000000000000004e RBX: ffff888143b6eb80 RCX: 0000000000000000\nRDX: 0000000000000001 RSI: ffffffff819053d0 RDI: 00000000ffffffff\nRBP: ffff8881b83a3400 R08: 00000000fffeffff R09: 0000000000000058\nR10: 0000000000000000 R11: ffffffff81a24080 R12: 0000000000000001\nR13: ffff88814538e000 R14: ffff888143bc6dc0 R15: ffffffffa02e4bb0\nFS: 00000000f7c0f780(0000) GS:ffff8893f0a40000(0000) knlGS:0000000000000000\nCS: 0010 DS: 002b ES: 002b CR0: 0000000080050033\nCR2: 0000000057fb5000 CR3: 0000000143474000 CR4: 00000000000006b0\nCall Trace:\n \n ? die+0x2d/0x80\n ? do_trap+0xeb/0xf0\n ? __list_del_entry_valid_or_report+0x77/0xc0\n ? do_error_trap+0x60/0x80\n ? __list_del_entry_valid_or_report+0x77/0xc0\n ? exc_invalid_op+0x49/0x60\n ? __list_del_entry_valid_or_report+0x77/0xc0\n ? asm_exc_invalid_op+0x16/0x20\n ? table_deps+0x1b0/0x1b0 [dm_mod]\n ? __list_del_entry_valid_or_report+0x77/0xc0\n origin_postsuspend+0x1a/0x50 [dm_snapshot]\n dm_table_postsuspend_targets+0x34/0x50 [dm_mod]\n dm_suspend+0xd8/0xf0 [dm_mod]\n dev_suspend+0x1f2/0x2f0 [dm_mod]\n ? table_deps+0x1b0/0x1b0 [dm_mod]\n ctl_ioctl+0x300/0x5f0 [dm_mod]\n dm_compat_ctl_ioctl+0x7/0x10 [dm_mod]\n __x64_compat_sys_ioctl+0x104/0x170\n do_syscall_64+0x184/0x1b0\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\nRIP: 0033:0xf7e6aead\n\n---[ end trace 0000000000000000 ]---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: dm: llamar al m\u00e9todo de reanudaci\u00f3n en suspensi\u00f3n interna. Se inform\u00f3 este bloqueo al experimentar con el conjunto de pruebas lvm2. La corrupci\u00f3n de la lista se debe al hecho de que los m\u00e9todos de possuspensi\u00f3n y reanudaci\u00f3n no se emparejaron correctamente; hubo dos llamadas consecutivas a la funci\u00f3n origin_postsuspend. La segunda llamada intenta eliminar la entrada \"hash_list\" de una lista, mientras que la primera llamada ya la elimin\u00f3. Corrige __dm_internal_resume para que llame a los m\u00e9todos preresume y resume de los objetivos de la tabla. Si falla un m\u00e9todo de reanudaci\u00f3n previa de alg\u00fan objetivo, estamos en una situaci\u00f3n complicada. No podemos devolver un error porque se supone que dm_internal_resume no devuelve errores. No podemos devolver el \u00e9xito, porque entonces los m\u00e9todos \"reanudar\" y \"postsuspender\" no se emparejar\u00edan correctamente. Entonces, configuramos el indicador DMF_SUSPENDED y simulamos una suspensi\u00f3n normal; puede confundir las herramientas del espacio de usuario, pero no causar\u00e1 una falla del kernel. ------------[ cortar aqu\u00ed ]------------ \u00a1ERROR del kernel en lib/list_debug.c:56! c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] PREEMPT SMP CPU: 1 PID: 8343 Comm: dmsetup Not tainted 6.8.0-rc6 #4 Nombre de hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/ 01/2014 RIP: 0010:__list_del_entry_valid_or_report+0x77/0xc0 RSP: 0018:ffff8881b831bcc0 EFLAGS: 00010282 RAX: 000000000000004e RBX: ffff888143b6eb80 0000000000000000 RDX: 0000000000000001 RSI: ffffffff819053d0 RDI: 00000000ffffffff RBP: ffff8881b83a3400 R08: 00000000fffeffff R09: 8 R10: 0000000000000000 R11: ffffffff81a24080 R12: 0000000000000001 R13: ffff88814538e000 R14: ffff888143bc6dc0 R15: fffffffa02e4bb0 FS: 7c0f780(0000) GS:ffff8893f0a40000(0000) knlGS:0000000000000000 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 0000000057fb5000 CR3: 0000000143474000 CR4: 00000000000006b0 Seguimiento de llamadas: ? morir+0x2d/0x80? do_trap+0xeb/0xf0? __list_del_entry_valid_or_report+0x77/0xc0 ? do_error_trap+0x60/0x80? __list_del_entry_valid_or_report+0x77/0xc0 ? exc_invalid_op+0x49/0x60? __list_del_entry_valid_or_report+0x77/0xc0 ? asm_exc_invalid_op+0x16/0x20? table_deps+0x1b0/0x1b0 [dm_mod] ? __list_del_entry_valid_or_report+0x77/0xc0 origin_postsuspend+0x1a/0x50 [dm_snapshot] dm_table_postsuspend_targets+0x34/0x50 [dm_mod] dm_suspend+0xd8/0xf0 [dm_mod] dev_suspend+0x1f2/0x2f0 modo] ? table_deps+0x1b0/0x1b0 [dm_mod] ctl_ioctl+0x300/0x5f0 [dm_mod] dm_compat_ctl_ioctl+0x7/0x10 [dm_mod] __x64_compat_sys_ioctl+0x104/0x170 do_syscall_64+0x184/0x1b0 entrada _SYSCALL_64_after_hwframe+0x46/0x4e RIP: 0033:0xf7e6aead --- [fin de seguimiento 0000000000000000]---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26881.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26881.json index a34b71539d8..d995fca6f11 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26881.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26881.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when 1588 is received on HIP08 devices\n\nThe HIP08 devices does not register the ptp devices, so the\nhdev->ptp is NULL, but the hardware can receive 1588 messages,\nand set the HNS3_RXD_TS_VLD_B bit, so, if match this case, the\naccess of hdev->ptp->flags will cause a kernel crash:\n\n[ 5888.946472] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018\n[ 5888.946475] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018\n...\n[ 5889.266118] pc : hclge_ptp_get_rx_hwts+0x40/0x170 [hclge]\n[ 5889.272612] lr : hclge_ptp_get_rx_hwts+0x34/0x170 [hclge]\n[ 5889.279101] sp : ffff800012c3bc50\n[ 5889.283516] x29: ffff800012c3bc50 x28: ffff2040002be040\n[ 5889.289927] x27: ffff800009116484 x26: 0000000080007500\n[ 5889.296333] x25: 0000000000000000 x24: ffff204001c6f000\n[ 5889.302738] x23: ffff204144f53c00 x22: 0000000000000000\n[ 5889.309134] x21: 0000000000000000 x20: ffff204004220080\n[ 5889.315520] x19: ffff204144f53c00 x18: 0000000000000000\n[ 5889.321897] x17: 0000000000000000 x16: 0000000000000000\n[ 5889.328263] x15: 0000004000140ec8 x14: 0000000000000000\n[ 5889.334617] x13: 0000000000000000 x12: 00000000010011df\n[ 5889.340965] x11: bbfeff4d22000000 x10: 0000000000000000\n[ 5889.347303] x9 : ffff800009402124 x8 : 0200f78811dfbb4d\n[ 5889.353637] x7 : 2200000000191b01 x6 : ffff208002a7d480\n[ 5889.359959] x5 : 0000000000000000 x4 : 0000000000000000\n[ 5889.366271] x3 : 0000000000000000 x2 : 0000000000000000\n[ 5889.372567] x1 : 0000000000000000 x0 : ffff20400095c080\n[ 5889.378857] Call trace:\n[ 5889.382285] hclge_ptp_get_rx_hwts+0x40/0x170 [hclge]\n[ 5889.388304] hns3_handle_bdinfo+0x324/0x410 [hns3]\n[ 5889.394055] hns3_handle_rx_bd+0x60/0x150 [hns3]\n[ 5889.399624] hns3_clean_rx_ring+0x84/0x170 [hns3]\n[ 5889.405270] hns3_nic_common_poll+0xa8/0x220 [hns3]\n[ 5889.411084] napi_poll+0xcc/0x264\n[ 5889.415329] net_rx_action+0xd4/0x21c\n[ 5889.419911] __do_softirq+0x130/0x358\n[ 5889.424484] irq_exit+0x134/0x154\n[ 5889.428700] __handle_domain_irq+0x88/0xf0\n[ 5889.433684] gic_handle_irq+0x78/0x2c0\n[ 5889.438319] el1_irq+0xb8/0x140\n[ 5889.442354] arch_cpu_idle+0x18/0x40\n[ 5889.446816] default_idle_call+0x5c/0x1c0\n[ 5889.451714] cpuidle_idle_call+0x174/0x1b0\n[ 5889.456692] do_idle+0xc8/0x160\n[ 5889.460717] cpu_startup_entry+0x30/0xfc\n[ 5889.465523] secondary_start_kernel+0x158/0x1ec\n[ 5889.470936] Code: 97ffab78 f9411c14 91408294 f9457284 (f9400c80)\n[ 5889.477950] SMP: stopping secondary CPUs\n[ 5890.514626] SMP: failed to stop secondary CPUs 0-69,71-95\n[ 5890.522951] Starting crashdump kernel..." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: hns3: soluciona el fallo del kernel cuando se recibe 1588 en dispositivos HIP08 Los dispositivos HIP08 no registran los dispositivos ptp, por lo que hdev->ptp es NULL, pero el hardware puede recibir 1588 y configure el bit HNS3_RXD_TS_VLD_B, por lo que, si coincide con este caso, el acceso a hdev->ptp->flags provocar\u00e1 una falla del kernel: [5888.946472] No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 00000000000000018 [5888.946475] No se puede para manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000018 ... [ 5889.266118 ] pc : hclge_ptp_get_rx_hwts+0x40/0x170 [hclge] [ 5889.272612] lr : hclge_ptp_get_rx_hwts+0x34/0x170 ge] [5889.279101] sp: ffff800012c3bc50 [5889.283516] x29: ffff800012c3bc50 x28: ffff2040002be040 [ 5889.289927] x27: ffff800009116484 x26: 0000000080007500 [ 5889.296333] x25: 0000000000000000 x24 : ffff204001c6f000 [ 5889.302738] x23: ffff204144f53c00 x22: 0000000000000000 [ 5889.309134] x21: 0000000000000000 x20: ffff204004220080 [ 5889.315520] x19: ffff204144f53c00 x18: 0000000000000000 [ 5889.321897] x17: 0000000000000000 x16: 0000000000000000 [ 5889.328263] x15: 0000004000140ec8 x14: 0000000000000000 [ 5889.334617] x13: 0000000000000000 x12: 00000000010011df [5889.340965] x11: bbfeff4d22000000 x10: 00000000000000000 [5889.347303] x9: ffff8000094021 24 x8: 0200f78811dfbb4d [5889.353637] x7: 2200000000191b01 x6: FFFF208002A7D480 [5889.359959] x5: 000000000000000000 X4: 0000000000000000 [5889.366271] x3: 0000000000000000 X2: 00000000000000000000000000000000000000000000000000 ABRIBA 80 [5889.378857] Lista de llamada: [5889.382285] HCLGE_PTP_GET_RX_HWTS+0x40/0x170 [HCLGE] [5889.388304] hns3_handle_bdinfo+0x324/0x410 [hns3] [ 5889.394055] hns3_handle_rx_bd+0x60/0x150 [hns3] [ 5889.399624] hns3_clean_rx_ring+0x84/0x170 [hns3] [ 0] hns3_nic_common_poll+0xa8/0x220 [hns3] [ 5889.411084] napi_poll+0xcc/0x264 [ 5889.415329] net_rx_action+0xd4/0x21c [ 5889.419911] __do_softirq+0x130/0x358 [ 5889.424484] irq_exit+0x134/0x154 [ 5889.428700] 0xf0 [ 5889.433684] gic_handle_irq+0x78/0x2c0 [ 5889.438319] el1_irq+0xb8/0x140 [ 5889.442354] arch_cpu_idle+0x18/0x40 [ 5889.446816] default_idle_call+0x5c/0x1c0 [ 5889.451714] cpuidle_idle_call+0x174/0x1b0 [ 5889.456692] do_idle+0xc8/0x160 [ 5889.46071 7] cpu_startup_entry+0x30/0xfc [ 5889.465523] second_start_kernel+0x158/0x1ec [ 5889.470936] C\u00f3digo: 97ffab78 f9411c14 91408294 f9457284 (f9400c80) [5889.477950] SMP: deteniendo las CPU secundarias [5890.514626] SMP: no se pudieron detener las CPU secundarias 0-69,71-95 [5890.522951] Iniciando el kernel de crashdump..." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26882.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26882.json index 3cb82a11b57..ae4849ae1ed 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26882.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26882.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()\n\nApply the same fix than ones found in :\n\n8d975c15c0cd (\"ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()\")\n1ca1ba465e55 (\"geneve: make sure to pull inner header in geneve_rx()\")\n\nWe have to save skb->network_header in a temporary variable\nin order to be able to recompute the network_header pointer\nafter a pskb_inet_may_pull() call.\n\npskb_inet_may_pull() makes sure the needed headers are in skb->head.\n\nsyzbot reported:\nBUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]\n BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]\n BUG: KMSAN: uninit-value in IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]\n BUG: KMSAN: uninit-value in ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409\n __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]\n INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]\n IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]\n ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409\n __ipgre_rcv+0x9bc/0xbc0 net/ipv4/ip_gre.c:389\n ipgre_rcv net/ipv4/ip_gre.c:411 [inline]\n gre_rcv+0x423/0x19f0 net/ipv4/ip_gre.c:447\n gre_rcv+0x2a4/0x390 net/ipv4/gre_demux.c:163\n ip_protocol_deliver_rcu+0x264/0x1300 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x2b8/0x440 net/ipv4/ip_input.c:233\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254\n dst_input include/net/dst.h:461 [inline]\n ip_rcv_finish net/ipv4/ip_input.c:449 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip_rcv+0x46f/0x760 net/ipv4/ip_input.c:569\n __netif_receive_skb_one_core net/core/dev.c:5534 [inline]\n __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5648\n netif_receive_skb_internal net/core/dev.c:5734 [inline]\n netif_receive_skb+0x58/0x660 net/core/dev.c:5793\n tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1556\n tun_get_user+0x53b9/0x66e0 drivers/net/tun.c:2009\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2055\n call_write_iter include/linux/fs.h:2087 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xb6b/0x1520 fs/read_write.c:590\n ksys_write+0x20f/0x4c0 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x93/0xd0 fs/read_write.c:652\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590\n alloc_pages_mpol+0x62b/0x9d0 mm/mempolicy.c:2133\n alloc_pages+0x1be/0x1e0 mm/mempolicy.c:2204\n skb_page_frag_refill+0x2bf/0x7c0 net/core/sock.c:2909\n tun_build_skb drivers/net/tun.c:1686 [inline]\n tun_get_user+0xe0a/0x66e0 drivers/net/tun.c:1826\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2055\n call_write_iter include/linux/fs.h:2087 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xb6b/0x1520 fs/read_write.c:590\n ksys_write+0x20f/0x4c0 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x93/0xd0 fs/read_write.c:652\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ip_tunnel: aseg\u00farese de extraer el encabezado interno en ip_tunnel_rcv(). Aplique la misma soluci\u00f3n que las encontradas en: 8d975c15c0cd (\"ip6_tunnel: aseg\u00farese de extraer el encabezado interno en __ip6_tnl_rcv() \") 1ca1ba465e55 (\"geneve: aseg\u00farese de extraer el encabezado interno en geneve_rx()\") Tenemos que guardar skb->network_header en una variable temporal para poder volver a calcular el puntero network_header despu\u00e9s de una llamada a pskb_inet_may_pull(). pskb_inet_may_pull() se asegura de que los encabezados necesarios est\u00e9n en skb->head. syzbot inform\u00f3: ERROR: KMSAN: valor uninit en __INET_ECN_decapsulate include/net/inet_ecn.h:253 [en l\u00ednea] ERROR: KMSAN: valor uninit en INET_ECN_decapsulate include/net/inet_ecn.h:275 [en l\u00ednea] ERROR: KMSAN: uninit -valor en IP_ECN_decapsulate include/net/inet_ecn.h:302 [en l\u00ednea] ERROR: KMSAN: valor uninit en ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409 __INET_ECN_decapsulate include/net/inet_ecn.h:253 [en l\u00ednea ] INET_ECN_decapsulate include/net/inet_ecn.h:275 [en l\u00ednea] IP_ECN_decapsulate include/net/inet_ecn.h:302 [en l\u00ednea] ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409 __ipgre_rcv+0x9bc/0xbc0 net/ipv4/ ip_gre.c:389 ipgre_rcv net/ipv4/ip_gre.c:411 [en l\u00ednea] gre_rcv+0x423/0x19f0 net/ipv4/ip_gre.c:447 gre_rcv+0x2a4/0x390 net/ipv4/gre_demux.c:163 ip_protocol_deliver_rcu+0x264/ 0x1300 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x2b8/0x440 net/ipv4/ip_input.c:233 NF_HOOK include/linux/netfilter.h:314 [en l\u00ednea] ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c: 254 dst_input include/net/dst.h:461 [en l\u00ednea] ip_rcv_finish net/ipv4/ip_input.c:449 [en l\u00ednea] NF_HOOK include/linux/netfilter.h:314 [en l\u00ednea] ip_rcv+0x46f/0x760 net/ipv4/ip_input .c:569 __netif_receive_skb_one_core net/core/dev.c:5534 [en l\u00ednea] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5648 netif_receive_skb_internal net/core/dev.c:5734 [en l\u00ednea] neto /core/dev.c:5793 tun_rx_batched+0x3ee/0x980 controladores/net/tun.c:1556 tun_get_user+0x53b9/0x66e0 controladores/net/tun.c:2009 tun_chr_write_iter+0x3af/0x5d0 controladores/net/tun.c:2055 call_write_iter include/linux/fs.h:2087 [en l\u00ednea] new_sync_write fs/read_write.c:497 [en l\u00ednea] vfs_write+0xb6b/0x1520 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs /read_write.c:655 [en l\u00ednea] __se_sys_write fs/read_write.c:652 [en l\u00ednea] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xcf /0x1e0 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit se cre\u00f3 en: __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590 alloc_pages_mpol+0x62b/0x9d0 mm/mempolicy.c:2133 alloc_pages+ 0x1be /0x1e0 mm/mempolicy.c:2204 skb_page_frag_refill+0x2bf/0x7c0 net/core/sock.c:2909 tun_build_skb drivers/net/tun.c:1686 [en l\u00ednea] tun_get_user+0xe0a/0x66e0 drivers/net/tun.c:1826 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2055 call_write_iter include/linux/fs.h:2087 [en l\u00ednea] new_sync_write fs/read_write.c:497 [en l\u00ednea] vfs_write+0xb6b/0x1520 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [en l\u00ednea] __se_sys_write fs/read_write.c:652 [en l\u00ednea] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch /x86 /entry/common.c:52 [en l\u00ednea] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x63/0x6b" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26883.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26883.json index 3fad3b9d7bf..ecca39bde0a 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26883.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26883.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix stackmap overflow check on 32-bit arches\n\nThe stackmap code relies on roundup_pow_of_two() to compute the number\nof hash buckets, and contains an overflow check by checking if the\nresulting value is 0. However, on 32-bit arches, the roundup code itself\ncan overflow by doing a 32-bit left-shift of an unsigned long value,\nwhich is undefined behaviour, so it is not guaranteed to truncate\nneatly. This was triggered by syzbot on the DEVMAP_HASH type, which\ncontains the same check, copied from the hashtab code.\n\nThe commit in the fixes tag actually attempted to fix this, but the fix\ndid not account for the UB, so the fix only works on CPUs where an\noverflow does result in a neat truncation to zero, which is not\nguaranteed. Checking the value before rounding does not have this\nproblem." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: bpf: corrige la verificaci\u00f3n de desbordamiento del mapa de pila en arcos de 32 bits. El c\u00f3digo del mapa de pila se basa en roundup_pow_of_two() para calcular el n\u00famero de dep\u00f3sitos de hash y contiene una verificaci\u00f3n de desbordamiento verificando si el valor resultante es 0. Sin embargo, en arcos de 32 bits, el c\u00f3digo de resumen en s\u00ed puede desbordarse al realizar un desplazamiento hacia la izquierda de 32 bits de un valor largo sin signo, lo cual es un comportamiento indefinido, por lo que no se garantiza que se trunque claramente. Esto fue activado por syzbot en el tipo DEVMAP_HASH, que contiene la misma verificaci\u00f3n, copiada del c\u00f3digo hashtab. La confirmaci\u00f3n en la etiqueta de correcciones en realidad intent\u00f3 solucionar este problema, pero la correcci\u00f3n no tuvo en cuenta la UB, por lo que la correcci\u00f3n solo funciona en CPU donde un desbordamiento resulta en un truncamiento claro a cero, lo cual no est\u00e1 garantizado. Verificar el valor antes de redondear no tiene este problema." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26884.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26884.json index 9e1fa989573..62574df65e2 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26884.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26884.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix hashtab overflow check on 32-bit arches\n\nThe hashtab code relies on roundup_pow_of_two() to compute the number of\nhash buckets, and contains an overflow check by checking if the\nresulting value is 0. However, on 32-bit arches, the roundup code itself\ncan overflow by doing a 32-bit left-shift of an unsigned long value,\nwhich is undefined behaviour, so it is not guaranteed to truncate\nneatly. This was triggered by syzbot on the DEVMAP_HASH type, which\ncontains the same check, copied from the hashtab code. So apply the same\nfix to hashtab, by moving the overflow check to before the roundup." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: corrige la comprobaci\u00f3n de desbordamiento de hashtab en arcos de 32 bits. El c\u00f3digo hashtab se basa en roundup_pow_of_two() para calcular el n\u00famero de dep\u00f3sitos de hash y contiene una comprobaci\u00f3n de desbordamiento comprobando si el valor resultante es 0. Sin embargo, en arcos de 32 bits, el c\u00f3digo de resumen en s\u00ed puede desbordarse al realizar un desplazamiento hacia la izquierda de 32 bits de un valor largo sin signo, lo cual es un comportamiento indefinido, por lo que no se garantiza que se trunque claramente. Esto fue activado por syzbot en el tipo DEVMAP_HASH, que contiene la misma verificaci\u00f3n, copiada del c\u00f3digo hashtab. As\u00ed que aplique la misma soluci\u00f3n a hashtab, moviendo la verificaci\u00f3n de desbordamiento antes del resumen." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26885.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26885.json index 89cf4c66cfd..87e28bf21d5 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26885.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26885.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix DEVMAP_HASH overflow check on 32-bit arches\n\nThe devmap code allocates a number hash buckets equal to the next power\nof two of the max_entries value provided when creating the map. When\nrounding up to the next power of two, the 32-bit variable storing the\nnumber of buckets can overflow, and the code checks for overflow by\nchecking if the truncated 32-bit value is equal to 0. However, on 32-bit\narches the rounding up itself can overflow mid-way through, because it\nends up doing a left-shift of 32 bits on an unsigned long value. If the\nsize of an unsigned long is four bytes, this is undefined behaviour, so\nthere is no guarantee that we'll end up with a nice and tidy 0-value at\nthe end.\n\nSyzbot managed to turn this into a crash on arm32 by creating a\nDEVMAP_HASH with max_entries > 0x80000000 and then trying to update it.\nFix this by moving the overflow check to before the rounding up\noperation." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: bpf: corrige la verificaci\u00f3n de desbordamiento de DEVMAP_HASH en arcos de 32 bits. El c\u00f3digo devmap asigna un n\u00famero de dep\u00f3sitos de hash igual a la siguiente potencia de dos del valor max_entries proporcionado al crear el mapa. Al redondear a la siguiente potencia de dos, la variable de 32 bits que almacena el n\u00famero de dep\u00f3sitos puede desbordarse, y el c\u00f3digo verifica el desbordamiento comprobando si el valor truncado de 32 bits es igual a 0. Sin embargo, en arcos de 32 bits el redondeo hacia arriba puede desbordarse a mitad de camino, porque termina haciendo un desplazamiento hacia la izquierda de 32 bits en un valor largo sin signo. Si el tama\u00f1o de un largo sin firmar es de cuatro bytes, este es un comportamiento indefinido, por lo que no hay garant\u00eda de que terminemos con un valor 0 agradable y ordenado al final. Syzbot logr\u00f3 convertir esto en un bloqueo en arm32 creando un DEVMAP_HASH con max_entries > 0x80000000 y luego intentando actualizarlo. Solucione este problema moviendo la verificaci\u00f3n de desbordamiento antes de la operaci\u00f3n de redondeo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26886.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26886.json index 058aa6a3aa5..37c3c4069f7 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26886.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26886.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: af_bluetooth: Fix deadlock\n\nAttemting to do sock_lock on .recvmsg may cause a deadlock as shown\nbellow, so instead of using sock_sock this uses sk_receive_queue.lock\non bt_sock_ioctl to avoid the UAF:\n\nINFO: task kworker/u9:1:121 blocked for more than 30 seconds.\n Not tainted 6.7.6-lemon #183\nWorkqueue: hci0 hci_rx_work\nCall Trace:\n \n __schedule+0x37d/0xa00\n schedule+0x32/0xe0\n __lock_sock+0x68/0xa0\n ? __pfx_autoremove_wake_function+0x10/0x10\n lock_sock_nested+0x43/0x50\n l2cap_sock_recv_cb+0x21/0xa0\n l2cap_recv_frame+0x55b/0x30a0\n ? psi_task_switch+0xeb/0x270\n ? finish_task_switch.isra.0+0x93/0x2a0\n hci_rx_work+0x33a/0x3f0\n process_one_work+0x13a/0x2f0\n worker_thread+0x2f0/0x410\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xe0/0x110\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2c/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n " + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: Bluetooth: af_bluetooth: Reparar interbloqueo Intentar ejecutar sock_lock en .recvmsg puede causar un interbloqueo como se muestra a continuaci\u00f3n, por lo que en lugar de usar sock_sock, usa sk_receive_queue.lock en bt_sock_ioctl para evitar el UAF: INFORMACI\u00d3N: tarea kworker/u9:1:121 bloqueada durante m\u00e1s de 30 segundos. No contaminado 6.7.6-lemon #183 Cola de trabajo: hci0 hci_rx_work Seguimiento de llamadas: __schedule+0x37d/0xa00 Schedule+0x32/0xe0 __lock_sock+0x68/0xa0 ? __pfx_autoremove_wake_function+0x10/0x10 lock_sock_nested+0x43/0x50 l2cap_sock_recv_cb+0x21/0xa0 l2cap_recv_frame+0x55b/0x30a0 ? psi_task_switch+0xeb/0x270? terminar_task_switch.isra.0+0x93/0x2a0 hci_rx_work+0x33a/0x3f0 proceso_one_work+0x13a/0x2f0 trabajador_thread+0x2f0/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe0/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2c/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 " } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26887.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26887.json index 04f85d89603..c48fe6d9cf5 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26887.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26887.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btusb: Fix memory leak\n\nThis checks if CONFIG_DEV_COREDUMP is enabled before attempting to clone\nthe skb and also make sure btmtk_process_coredump frees the skb passed\nfollowing the same logic." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: Bluetooth: btusb: corrige la p\u00e9rdida de memoria. Esto verifica si CONFIG_DEV_COREDUMP est\u00e1 habilitado antes de intentar clonar el skb y tambi\u00e9n se asegura de que btmtk_process_coredump libere el skb pasado siguiendo la misma l\u00f3gica." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26888.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26888.json index d23a3bd00c3..0fe92ccc36b 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26888.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26888.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: msft: Fix memory leak\n\nFix leaking buffer allocated to send MSFT_OP_LE_MONITOR_ADVERTISEMENT." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: msft: Reparar p\u00e9rdida de memoria Reparar p\u00e9rdida de b\u00fafer asignado para enviar MSFT_OP_LE_MONITOR_ADVERTISEMENT." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26889.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26889.json index 7c168f04d10..6174758586a 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26889.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26889.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: Fix possible buffer overflow\n\nstruct hci_dev_info has a fixed size name[8] field so in the event that\nhdev->name is bigger than that strcpy would attempt to write past its\nsize, so this fixes this problem by switching to use strscpy." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: Bluetooth: hci_core: soluciona un posible desbordamiento del b\u00fafer struct hci_dev_info tiene un campo de nombre de tama\u00f1o fijo[8], por lo que en caso de que hdev->name sea mayor que strcpy intentar\u00eda escribir m\u00e1s all\u00e1 su tama\u00f1o, por lo que esto soluciona este problema cambiando al uso de strscpy." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26890.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26890.json index 4861f04f350..47042864741 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26890.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26890.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btrtl: fix out of bounds memory access\n\nThe problem is detected by KASAN.\nbtrtl driver uses private hci data to store 'struct btrealtek_data'.\nIf btrtl driver is used with btusb, then memory for private hci data\nis allocated in btusb. But no private data is allocated after hci_dev,\nwhen btrtl is used with hci_h5.\n\nThis commit adds memory allocation for hci_h5 case.\n\n ==================================================================\n BUG: KASAN: slab-out-of-bounds in btrtl_initialize+0x6cc/0x958 [btrtl]\n Write of size 8 at addr ffff00000f5a5748 by task kworker/u9:0/76\n\n Hardware name: Pine64 PinePhone (1.2) (DT)\n Workqueue: hci0 hci_power_on [bluetooth]\n Call trace:\n dump_backtrace+0x9c/0x128\n show_stack+0x20/0x38\n dump_stack_lvl+0x48/0x60\n print_report+0xf8/0x5d8\n kasan_report+0x90/0xd0\n __asan_store8+0x9c/0xc0\n \t [btrtl]\n h5_btrtl_setup+0xd0/0x2f8 [hci_uart]\n h5_setup+0x50/0x80 [hci_uart]\n hci_uart_setup+0xd4/0x260 [hci_uart]\n hci_dev_open_sync+0x1cc/0xf68 [bluetooth]\n hci_dev_do_open+0x34/0x90 [bluetooth]\n hci_power_on+0xc4/0x3c8 [bluetooth]\n process_one_work+0x328/0x6f0\n worker_thread+0x410/0x778\n kthread+0x168/0x178\n ret_from_fork+0x10/0x20\n\n Allocated by task 53:\n kasan_save_stack+0x3c/0x68\n kasan_save_track+0x20/0x40\n kasan_save_alloc_info+0x68/0x78\n __kasan_kmalloc+0xd4/0xd8\n __kmalloc+0x1b4/0x3b0\n hci_alloc_dev_priv+0x28/0xa58 [bluetooth]\n hci_uart_register_device+0x118/0x4f8 [hci_uart]\n h5_serdev_probe+0xf4/0x178 [hci_uart]\n serdev_drv_probe+0x54/0xa0\n really_probe+0x254/0x588\n __driver_probe_device+0xc4/0x210\n driver_probe_device+0x64/0x160\n __driver_attach_async_helper+0x88/0x158\n async_run_entry_fn+0xd0/0x388\n process_one_work+0x328/0x6f0\n worker_thread+0x410/0x778\n kthread+0x168/0x178\n ret_from_fork+0x10/0x20\n\n Last potentially related work creation:\n kasan_save_stack+0x3c/0x68\n __kasan_record_aux_stack+0xb0/0x150\n kasan_record_aux_stack_noalloc+0x14/0x20\n __queue_work+0x33c/0x960\n queue_work_on+0x98/0xc0\n hci_recv_frame+0xc8/0x1e8 [bluetooth]\n h5_complete_rx_pkt+0x2c8/0x800 [hci_uart]\n h5_rx_payload+0x98/0xb8 [hci_uart]\n h5_recv+0x158/0x3d8 [hci_uart]\n hci_uart_receive_buf+0xa0/0xe8 [hci_uart]\n ttyport_receive_buf+0xac/0x178\n flush_to_ldisc+0x130/0x2c8\n process_one_work+0x328/0x6f0\n worker_thread+0x410/0x778\n kthread+0x168/0x178\n ret_from_fork+0x10/0x20\n\n Second to last potentially related work creation:\n kasan_save_stack+0x3c/0x68\n __kasan_record_aux_stack+0xb0/0x150\n kasan_record_aux_stack_noalloc+0x14/0x20\n __queue_work+0x788/0x960\n queue_work_on+0x98/0xc0\n __hci_cmd_sync_sk+0x23c/0x7a0 [bluetooth]\n __hci_cmd_sync+0x24/0x38 [bluetooth]\n btrtl_initialize+0x760/0x958 [btrtl]\n h5_btrtl_setup+0xd0/0x2f8 [hci_uart]\n h5_setup+0x50/0x80 [hci_uart]\n hci_uart_setup+0xd4/0x260 [hci_uart]\n hci_dev_open_sync+0x1cc/0xf68 [bluetooth]\n hci_dev_do_open+0x34/0x90 [bluetooth]\n hci_power_on+0xc4/0x3c8 [bluetooth]\n process_one_work+0x328/0x6f0\n worker_thread+0x410/0x778\n kthread+0x168/0x178\n ret_from_fork+0x10/0x20\n ==================================================================" + }, + { + "lang": "es", + "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: Bluetooth: btrtl: arreglar acceso a memoria fuera de los l\u00edmites El problema es detectado por KASAN. El controlador btrtl utiliza datos privados de hci para almacenar 'struct btrealtek_data'. Si se utiliza el controlador btrtl con btusb, entonces la memoria para los datos privados de hci se asigna en btusb. Pero no se asignan datos privados despu\u00e9s de hci_dev, cuando se usa btrtl con hci_h5. Esta confirmaci\u00f3n agrega asignaci\u00f3n de memoria para el caso hci_h5. ==================================================== ================ ERROR: KASAN: losa fuera de los l\u00edmites en btrtl_initialize+0x6cc/0x958 [btrtl] Escritura de tama\u00f1o 8 en la direcci\u00f3n ffff00000f5a5748 por tarea kworker/u9:0 /76 Nombre del hardware: Pine64 PinePhone (1.2) (DT) Cola de trabajo: hci0 hci_power_on [bluetooth] Rastreo de llamadas: dump_backtrace+0x9c/0x128 show_stack+0x20/0x38 dump_stack_lvl+0x48/0x60 print_report+0xf8/0x5d8 kasan_report+0x90/0xd0 __asan_store8 + 0x9c/0xc0 [btrtl] h5_btrtl_setup+0xd0/0x2f8 [hci_uart] h5_setup+0x50/0x80 [hci_uart] hci_uart_setup+0xd4/0x260 [hci_uart] hci_dev_open_sync+0x1cc/0xf68 [bluetooth] abierto+0x34/0x90 [bluetooth] hci_power_on+0xc4/ 0x3c8 [bluetooth] Process_one_work+0x328/0x6f0 trabajador_thread+0x410/0x778 kthread+0x168/0x178 ret_from_fork+0x10/0x20 Asignado por tarea 53: kasan_save_stack+0x3c/0x68 kasan_save_track+0x20/0x40 _alloc_info+0x68/0x78 __kasan_kmalloc+0xd4/0xd8 __kmalloc +0x1b4/0x3b0 hci_alloc_dev_priv+0x28/0xa58 [bluetooth] hci_uart_register_device+0x118/0x4f8 [hci_uart] h5_serdev_probe+0xf4/0x178 [hci_uart] serdev_drv_probe+0x54/0xa0realmente_probe+0x254/ 0x588 __driver_probe_device+0xc4/0x210 driver_probe_device+0x64/0x160 __driver_attach_async_helper+ 0x88/0x158 async_run_entry_fn+0xd0/0x388 Process_one_work+0x328/0x6f0 trabajador_thread+0x410/0x778 kthread+0x168/0x178 ret_from_fork+0x10/0x20 \u00daltima creaci\u00f3n de trabajo potencialmente relacionado: kasan_save_stack+0x3c/0x68 san_record_aux_stack+0xb0/0x150 kasan_record_aux_stack_noalloc+0x14/0x20 __queue_work +0x33c/0x960 queue_work_on+0x98/0xc0 hci_recv_frame+0xc8/0x1e8 [bluetooth] h5_complete_rx_pkt+0x2c8/0x800 [hci_uart] h5_rx_payload+0x98/0xb8 [hci_uart] h5_recv+0x158/0x3d8 [ hci_uart] hci_uart_receive_buf+0xa0/0xe8 [hci_uart] ttyport_receive_buf +0xac/0x178 Flush_to_ldisc+0x130/0x2c8 Process_one_work+0x328/0x6f0 trabajador_thread+0x410/0x778 kthread+0x168/0x178 ret_from_fork+0x10/0x20 Pen\u00faltima creaci\u00f3n de trabajo potencialmente relacionado: kasan_save_stack+0x3c/0x68 _record_aux_stack+0xb0/0x150 kasan_record_aux_stack_noalloc+0x14 /0x20 __queue_work+0x788/0x960 queue_work_on+0x98/0xc0 __hci_cmd_sync_sk+0x23c/0x7a0 [bluetooth] __hci_cmd_sync+0x24/0x38 [bluetooth] btrtl_initialize+0x760/0x958 [btrtl] arriba+0xd0/0x2f8 [hci_uart] h5_setup+0x50/0x80 [ hci_uart] hci_uart_setup+0xd4/0x260 [hci_uart] hci_dev_open_sync+0x1cc/0xf68 [bluetooth] hci_dev_do_open+0x34/0x90 [bluetooth] hci_power_on+0xc4/0x3c8 [bluetooth] Process_one_work+0x328/0x6f0 trabajador_thread+0x 410/0x778 kthread+0x168/0x178 ret_from_fork +0x10/0x20 ================================================ =====================" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26891.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26891.json index 9b186b36dd8..b1d9a5b9260 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26891.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26891.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Don't issue ATS Invalidation request when device is disconnected\n\nFor those endpoint devices connect to system via hotplug capable ports,\nusers could request a hot reset to the device by flapping device's link\nthrough setting the slot's link control register, as pciehp_ist() DLLSC\ninterrupt sequence response, pciehp will unload the device driver and\nthen power it off. thus cause an IOMMU device-TLB invalidation (Intel\nVT-d spec, or ATS Invalidation in PCIe spec r6.1) request for non-existence\ntarget device to be sent and deadly loop to retry that request after ITE\nfault triggered in interrupt context.\n\nThat would cause following continuous hard lockup warning and system hang\n\n[ 4211.433662] pcieport 0000:17:01.0: pciehp: Slot(108): Link Down\n[ 4211.433664] pcieport 0000:17:01.0: pciehp: Slot(108): Card not present\n[ 4223.822591] NMI watchdog: Watchdog detected hard LOCKUP on cpu 144\n[ 4223.822622] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: loaded Tainted: G S\n OE kernel version xxxx\n[ 4223.822623] Hardware name: vendorname xxxx 666-106,\nBIOS 01.01.02.03.01 05/15/2023\n[ 4223.822623] RIP: 0010:qi_submit_sync+0x2c0/0x490\n[ 4223.822624] Code: 48 be 00 00 00 00 00 08 00 00 49 85 74 24 20 0f 95 c1 48 8b\n 57 10 83 c1 04 83 3c 1a 03 0f 84 a2 01 00 00 49 8b 04 24 8b 70 34 <40> f6 c6 1\n0 74 17 49 8b 04 24 8b 80 80 00 00 00 89 c2 d3 fa 41 39\n[ 4223.822624] RSP: 0018:ffffc4f074f0bbb8 EFLAGS: 00000093\n[ 4223.822625] RAX: ffffc4f040059000 RBX: 0000000000000014 RCX: 0000000000000005\n[ 4223.822625] RDX: ffff9f3841315800 RSI: 0000000000000000 RDI: ffff9f38401a8340\n[ 4223.822625] RBP: ffff9f38401a8340 R08: ffffc4f074f0bc00 R09: 0000000000000000\n[ 4223.822626] R10: 0000000000000010 R11: 0000000000000018 R12: ffff9f384005e200\n[ 4223.822626] R13: 0000000000000004 R14: 0000000000000046 R15: 0000000000000004\n[ 4223.822626] FS: 0000000000000000(0000) GS:ffffa237ae400000(0000)\nknlGS:0000000000000000\n[ 4223.822627] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 4223.822627] CR2: 00007ffe86515d80 CR3: 000002fd3000a001 CR4: 0000000000770ee0\n[ 4223.822627] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 4223.822628] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n[ 4223.822628] PKRU: 55555554\n[ 4223.822628] Call Trace:\n[ 4223.822628] qi_flush_dev_iotlb+0xb1/0xd0\n[ 4223.822628] __dmar_remove_one_dev_info+0x224/0x250\n[ 4223.822629] dmar_remove_one_dev_info+0x3e/0x50\n[ 4223.822629] intel_iommu_release_device+0x1f/0x30\n[ 4223.822629] iommu_release_device+0x33/0x60\n[ 4223.822629] iommu_bus_notifier+0x7f/0x90\n[ 4223.822630] blocking_notifier_call_chain+0x60/0x90\n[ 4223.822630] device_del+0x2e5/0x420\n[ 4223.822630] pci_remove_bus_device+0x70/0x110\n[ 4223.822630] pciehp_unconfigure_device+0x7c/0x130\n[ 4223.822631] pciehp_disable_slot+0x6b/0x100\n[ 4223.822631] pciehp_handle_presence_or_link_change+0xd8/0x320\n[ 4223.822631] pciehp_ist+0x176/0x180\n[ 4223.822631] ? irq_finalize_oneshot.part.50+0x110/0x110\n[ 4223.822632] irq_thread_fn+0x19/0x50\n[ 4223.822632] irq_thread+0x104/0x190\n[ 4223.822632] ? irq_forced_thread_fn+0x90/0x90\n[ 4223.822632] ? irq_thread_check_affinity+0xe0/0xe0\n[ 4223.822633] kthread+0x114/0x130\n[ 4223.822633] ? __kthread_cancel_work+0x40/0x40\n[ 4223.822633] ret_from_fork+0x1f/0x30\n[ 4223.822633] Kernel panic - not syncing: Hard LOCKUP\n[ 4223.822634] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: loaded Tainted: G S\n OE kernel version xxxx\n[ 4223.822634] Hardware name: vendorname xxxx 666-106,\nBIOS 01.01.02.03.01 05/15/2023\n[ 4223.822634] Call Trace:\n[ 4223.822634] \n[ 4223.822635] dump_stack+0x6d/0x88\n[ 4223.822635] panic+0x101/0x2d0\n[ 4223.822635] ? ret_from_fork+0x11/0x30\n[ 4223.822635] nmi_panic.cold.14+0xc/0xc\n[ 4223.822636] watchdog_overflow_callback.cold.8+0x6d/0x81\n[ 4223.822636] __perf_event_overflow+0x4f/0xf0\n[ 4223.822636] handle_pmi_common\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: iommu/vt-d: no emitir solicitud de invalidaci\u00f3n de ATS cuando el dispositivo est\u00e1 desconectado. Para aquellos dispositivos terminales que se conectan al sistema a trav\u00e9s de puertos con capacidad de conexi\u00f3n en caliente, los usuarios pueden solicitar un reinicio en caliente del dispositivo. Al agitar el enlace del dispositivo configurando el registro de control de enlace de la ranura, como respuesta de secuencia de interrupci\u00f3n DLLSC pciehp_ist(), pciehp descargar\u00e1 el controlador del dispositivo y luego lo apagar\u00e1. por lo tanto, causa una solicitud de invalidaci\u00f3n de TLB de dispositivo IOMMU (especificaci\u00f3n Intel VT-d o invalidaci\u00f3n ATS en especificaci\u00f3n PCIe r6.1) para que se env\u00ede un dispositivo de destino inexistente y un bucle mortal para reintentar esa solicitud despu\u00e9s de que se active una falla de ITE en el contexto de interrupci\u00f3n. Eso provocar\u00eda la siguiente advertencia continua de bloqueo duro y el sistema se bloquear\u00eda [ 4211.433662] pcieport 0000:17:01.0: pciehp: Slot(108): Link Down [ 4211.433664] pcieport 0000:17:01.0: pciehp: Slot(108): Card not present [ 4223.822591] Vigilancia NMI: Vigilancia detect\u00f3 BLOQUEO duro en la CPU 144 [ 4223.822622 ] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: cargado Contaminado: versi\u00f3n del kernel GS OE xxxx [ 4223.822623] Nombre del hardware: nombre del proveedor xxxx 666-106 , BIOS 01.01.02.03.01 15/05/2023 [ 4223.822623] RIP: 0010:qi_submit_sync+0x2c0/0x490 [ 4223.822624] C\u00f3digo: 48 be 00 00 00 00 00 08 00 00 49 85 24 20 0f 95 c1 48 8b 57 10 83 c1 04 83 3c 1a 03 0f 84 a2 01 00 00 49 8b 04 24 8b 70 34 <40> f6 c6 1 0 74 17 49 8b 04 24 8b 80 80 00 00 00 89 c2 d3 fa 41 39 [ 4223.822624] RSP : 0018:ffffc4f074f0bbb8 EFLAGS: 00000093 [ 4223.822625] RAX: ffffc4f040059000 RBX: 00000000000000014 RCX: 0000000000000005 [ 4223.822625] : ffff9f3841315800 RSI: 0000000000000000 RDI: ffff9f38401a8340 [ 4223.822625] RBP: ffff9f38401a8340 R08: ffffc4f074f0bc00 R09: 00000000000000000 [4223.822626] R10: 0000000000000010 R11 : 000000000000000018 R12: FFFF9F384005E200 [4223.822626] R13: 000000000000000004 R14: 00000000000000000046 0000) KNLGS: 000000000000000000 [4223.822627] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [4223.822627] CR2: 00007ffe86515d80 CR3: 000002FD3000A001 CR4: 0000000000770EE0 [4223.8222627] DR0: 000000000000000000000000 00000000 DR6: 000000000000FFFE07F0 DR7: 000000000000000400 [4223.822628] PKRU: 555555554 [4223.822628] Lista de llamada: [4223.822628 ] qi_flush_dev_iotlb+0xb1/0xd0 [ 4223.822628] __dmar_remove_one_dev_info+0x224/0x250 [ 4223.822629] dmar_remove_one_dev_info+0x3e/0x50 [ 4223.822629] _device+0x1f/0x30 [ 4223.822629] iommu_release_device+0x33/0x60 [ 4223.822629] iommu_bus_notifier+0x7f/0x90 [ 4223.822630] blocking_notifier_call_chain +0x60/0x90 [ 4223.822630] dispositivo_del+0x2e5/0x420 [ 4223.822630] pci_remove_bus_device+0x70/0x110 [ 4223.822630] pciehp_unconfigure_device+0x7c/0x130 [ 4223.822631 ] pciehp_disable_slot+0x6b/0x100 [ 4223.822631] pciehp_handle_presence_or_link_change+0xd8/0x320 [ 4223.822631] pciehp_ist+0x176 /0x180 [4223.822631] ? irq_finalize_oneshot.part.50+0x110/0x110 [ 4223.822632] irq_thread_fn+0x19/0x50 [ 4223.822632] irq_thread+0x104/0x190 [ 4223.822632] ? irq_forced_thread_fn+0x90/0x90 [4223.822632]? irq_thread_check_affinity+0xe0/0xe0 [ 4223.822633] kthread+0x114/0x130 [ 4223.822633] ? __kthread_cancel_work+0x40/0x40 [ 4223.822633] ret_from_fork+0x1f/0x30 [ 4223.822633] P\u00e1nico del kernel - no se sincroniza: BLOQUEO duro [ 4223.822634] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: cargado Contaminado: versi\u00f3n del kernel GS OE xxxx [ 4223.822634] Nombre del hardware: nombre del proveedor xxxx 666-106, BIOS 01.01.02.03.01 15/05/2023 [ 4223.822634] Seguimiento de llamadas: [ 4223.822634] [ 4223.822635] dump_stack+0x6d/0x88 [ 42 23.822635] p\u00e1nico+0x101/ 0x2d0 [4223.822635]? ret_from_fork+0x11/0x30 [ 4223.822635] nmi_panic.cold.14+0xc/0xc [ 4223.822636] ---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26892.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26892.json index ab7a88538c2..3ceb5d26130 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26892.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26892.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921e: fix use-after-free in free_irq()\n\nFrom commit a304e1b82808 (\"[PATCH] Debug shared irqs\"), there is a test\nto make sure the shared irq handler should be able to handle the unexpected\nevent after deregistration. For this case, let's apply MT76_REMOVED flag to\nindicate the device was removed and do not run into the resource access\nanymore.\n\nBUG: KASAN: use-after-free in mt7921_irq_handler+0xd8/0x100 [mt7921e]\nRead of size 8 at addr ffff88824a7d3b78 by task rmmod/11115\nCPU: 28 PID: 11115 Comm: rmmod Tainted: G W L 5.17.0 #10\nHardware name: Micro-Star International Co., Ltd. MS-7D73/MPG B650I\nEDGE WIFI (MS-7D73), BIOS 1.81 01/05/2024\nCall Trace:\n \n dump_stack_lvl+0x6f/0xa0\n print_address_description.constprop.0+0x1f/0x190\n ? mt7921_irq_handler+0xd8/0x100 [mt7921e]\n ? mt7921_irq_handler+0xd8/0x100 [mt7921e]\n kasan_report.cold+0x7f/0x11b\n ? mt7921_irq_handler+0xd8/0x100 [mt7921e]\n mt7921_irq_handler+0xd8/0x100 [mt7921e]\n free_irq+0x627/0xaa0\n devm_free_irq+0x94/0xd0\n ? devm_request_any_context_irq+0x160/0x160\n ? kobject_put+0x18d/0x4a0\n mt7921_pci_remove+0x153/0x190 [mt7921e]\n pci_device_remove+0xa2/0x1d0\n __device_release_driver+0x346/0x6e0\n driver_detach+0x1ef/0x2c0\n bus_remove_driver+0xe7/0x2d0\n ? __check_object_size+0x57/0x310\n pci_unregister_driver+0x26/0x250\n __do_sys_delete_module+0x307/0x510\n ? free_module+0x6a0/0x6a0\n ? fpregs_assert_state_consistent+0x4b/0xb0\n ? rcu_read_lock_sched_held+0x10/0x70\n ? syscall_enter_from_user_mode+0x20/0x70\n ? trace_hardirqs_on+0x1c/0x130\n do_syscall_64+0x5c/0x80\n ? trace_hardirqs_on_prepare+0x72/0x160\n ? do_syscall_64+0x68/0x80\n ? trace_hardirqs_on_prepare+0x72/0x160\n entry_SYSCALL_64_after_hwframe+0x44/0xae" + }, + { + "lang": "es", + "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: wifi: mt76: mt7921e: fix use-after-free en free_irq() Desde el commit a304e1b82808 (\"[PATCH] Depurar irqs compartidas\"), existe una prueba para asegurarse de que El controlador de irq compartido deber\u00eda poder manejar el evento inesperado despu\u00e9s de la cancelaci\u00f3n del registro. Para este caso, apliquemos el indicador MT76_REMOVED para indicar que el dispositivo fue eliminado y no volver a acceder al recurso. ERROR: KASAN: use-after-free en mt7921_irq_handler+0xd8/0x100 [mt7921e] Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff88824a7d3b78 por tarea rmmod/11115 CPU: 28 PID: 11115 Comm: rmmod Tainted: GWL 5.17.0 #10 Nombre de hardware: Micro-Star International Co., Ltd. MS-7D73/MPG B650I EDGE WIFI (MS-7D73), BIOS 1.81 05/01/2024 Seguimiento de llamadas: dump_stack_lvl+0x6f/0xa0 print_address_description.constprop.0+0x1f/0x190 ? mt7921_irq_handler+0xd8/0x100 [mt7921e] ? mt7921_irq_handler+0xd8/0x100 [mt7921e] kasan_report.cold+0x7f/0x11b ? mt7921_irq_handler+0xd8/0x100 [mt7921e] mt7921_irq_handler+0xd8/0x100 [mt7921e] free_irq+0x627/0xaa0 devm_free_irq+0x94/0xd0 ? devm_request_any_context_irq+0x160/0x160? kobject_put+0x18d/0x4a0 mt7921_pci_remove+0x153/0x190 [mt7921e] pci_device_remove+0xa2/0x1d0 __device_release_driver+0x346/0x6e0 driver_detach+0x1ef/0x2c0 bus_remove_driver+0xe7/0x2d 0 ? __check_object_size+0x57/0x310 pci_unregister_driver+0x26/0x250 __do_sys_delete_module+0x307/0x510 ? m\u00f3dulo_libre+0x6a0/0x6a0? fpregs_assert_state_consistent+0x4b/0xb0? rcu_read_lock_sched_held+0x10/0x70? syscall_enter_from_user_mode+0x20/0x70? trace_hardirqs_on+0x1c/0x130 do_syscall_64+0x5c/0x80? trace_hardirqs_on_prepare+0x72/0x160? do_syscall_64+0x68/0x80? trace_hardirqs_on_prepare+0x72/0x160 entrada_SYSCALL_64_after_hwframe+0x44/0xae" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26893.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26893.json index 7a056c8ca6d..f367b246129 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26893.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26893.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Fix double free in SMC transport cleanup path\n\nWhen the generic SCMI code tears down a channel, it calls the chan_free\ncallback function, defined by each transport. Since multiple protocols\nmight share the same transport_info member, chan_free() might want to\nclean up the same member multiple times within the given SCMI transport\nimplementation. In this case, it is SMC transport. This will lead to a NULL\npointer dereference at the second time:\n\n | scmi_protocol scmi_dev.1: Enabled polling mode TX channel - prot_id:16\n | arm-scmi firmware:scmi: SCMI Notifications - Core Enabled.\n | arm-scmi firmware:scmi: unable to communicate with SCMI\n | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n | Mem abort info:\n | ESR = 0x0000000096000004\n | EC = 0x25: DABT (current EL), IL = 32 bits\n | SET = 0, FnV = 0\n | EA = 0, S1PTW = 0\n | FSC = 0x04: level 0 translation fault\n | Data abort info:\n | ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n | CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n | GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n | user pgtable: 4k pages, 48-bit VAs, pgdp=0000000881ef8000\n | [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n | Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n | Modules linked in:\n | CPU: 4 PID: 1 Comm: swapper/0 Not tainted 6.7.0-rc2-00124-g455ef3d016c9-dirty #793\n | Hardware name: FVP Base RevC (DT)\n | pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n | pc : smc_chan_free+0x3c/0x6c\n | lr : smc_chan_free+0x3c/0x6c\n | Call trace:\n | smc_chan_free+0x3c/0x6c\n | idr_for_each+0x68/0xf8\n | scmi_cleanup_channels.isra.0+0x2c/0x58\n | scmi_probe+0x434/0x734\n | platform_probe+0x68/0xd8\n | really_probe+0x110/0x27c\n | __driver_probe_device+0x78/0x12c\n | driver_probe_device+0x3c/0x118\n | __driver_attach+0x74/0x128\n | bus_for_each_dev+0x78/0xe0\n | driver_attach+0x24/0x30\n | bus_add_driver+0xe4/0x1e8\n | driver_register+0x60/0x128\n | __platform_driver_register+0x28/0x34\n | scmi_driver_init+0x84/0xc0\n | do_one_initcall+0x78/0x33c\n | kernel_init_freeable+0x2b8/0x51c\n | kernel_init+0x24/0x130\n | ret_from_fork+0x10/0x20\n | Code: f0004701 910a0021 aa1403e5 97b91c70 (b9400280)\n | ---[ end trace 0000000000000000 ]---\n\nSimply check for the struct pointer being NULL before trying to access\nits members, to avoid this situation.\n\nThis was found when a transport doesn't really work (for instance no SMC\nservice), the probe routines then tries to clean up, and triggers a crash." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware: arm_scmi: Correcci\u00f3n de doble liberaci\u00f3n en la ruta de limpieza del transporte SMC Cuando el c\u00f3digo SCMI gen\u00e9rico destruye un canal, llama a la funci\u00f3n de devoluci\u00f3n de llamada chan_free, definida por cada transporte. Dado que varios protocolos pueden compartir el mismo miembro transport_info, es posible que chan_free() desee limpiar el mismo miembro varias veces dentro de la implementaci\u00f3n de transporte SCMI determinada. En este caso se trata de transporte SMC. Esto dar\u00e1 lugar a una desreferencia del puntero NULL la segunda vez: | scmi_protocol scmi_dev.1: Canal TX en modo de sondeo habilitado - prot_id:16 | firmware arm-scmi: scmi: Notificaciones SCMI: n\u00facleo habilitado. | firmware arm-scmi: scmi: no se puede comunicar con SCMI | No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000000 | Informaci\u00f3n de cancelaci\u00f3n de memoria: | ESR = 0x0000000096000004 | EC = 0x25: DABT (EL actual), IL = 32 bits | CONJUNTO = 0, FnV = 0 | EA = 0, S1PTW = 0 | FSC = 0x04: error de traducci\u00f3n de nivel 0 | Informaci\u00f3n de cancelaci\u00f3n de datos: | ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 | CM = 0, WnR = 0, TnD = 0, Acceso a etiquetas = 0 | GCS = 0, Superposici\u00f3n = 0, DirtyBit = 0, Xs = 0 | pgtable de usuario: p\u00e1ginas de 4k, VA de 48 bits, pgdp=0000000881ef8000 | [0000000000000000] pgd=0000000000000000, p4d=0000000000000000 | Error interno: Ups: 0000000096000004 [#1] SMP ANTICIPADO | M\u00f3dulos enlazados en: | CPU: 4 PID: 1 Comunicaciones: swapper/0 No contaminado 6.7.0-rc2-00124-g455ef3d016c9-dirty #793 | Nombre del hardware: FVP Base RevC (DT) | pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) | ordenador personal: smc_chan_free+0x3c/0x6c | lr: smc_chan_free+0x3c/0x6c | Rastreo de llamadas: | smc_chan_free+0x3c/0x6c | idr_for_each+0x68/0xf8 | scmi_cleanup_channels.isra.0+0x2c/0x58 | scmi_probe+0x434/0x734 | sonda_plataforma+0x68/0xd8 | realmente_probe+0x110/0x27c | __driver_probe_device+0x78/0x12c | dispositivo_sonda_controlador+0x3c/0x118 | __driver_attach+0x74/0x128 | bus_for_each_dev+0x78/0xe0 | driver_attach+0x24/0x30 | bus_add_driver+0xe4/0x1e8 | registro_controlador+0x60/0x128 | __platform_driver_register+0x28/0x34 | scmi_driver_init+0x84/0xc0 | do_one_initcall+0x78/0x33c | kernel_init_freeable+0x2b8/0x51c | kernel_init+0x24/0x130 | ret_from_fork+0x10/0x20 | C\u00f3digo: f0004701 910a0021 aa1403e5 97b91c70 (b9400280) | ---[ end trace 0000000000000000 ]--- Simplemente verifique que el puntero de estructura sea NULL antes de intentar acceder a sus miembros, para evitar esta situaci\u00f3n. Esto se encontr\u00f3 cuando un transporte realmente no funciona (por ejemplo, sin servicio SMC), las rutinas de la sonda intentan limpiarse y provocan un bloqueo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26894.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26894.json index 895f2c9d0a5..bd5e659b0da 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26894.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26894.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()\n\nAfter unregistering the CPU idle device, the memory associated with\nit is not freed, leading to a memory leak:\n\nunreferenced object 0xffff896282f6c000 (size 1024):\n comm \"swapper/0\", pid 1, jiffies 4294893170\n hex dump (first 32 bytes):\n 00 00 00 00 0b 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 8836a742):\n [] kmalloc_trace+0x29d/0x340\n [] acpi_processor_power_init+0xf3/0x1c0\n [] __acpi_processor_start+0xd3/0xf0\n [] acpi_processor_start+0x2c/0x50\n [] really_probe+0xe2/0x480\n [] __driver_probe_device+0x78/0x160\n [] driver_probe_device+0x1f/0x90\n [] __driver_attach+0xce/0x1c0\n [] bus_for_each_dev+0x70/0xc0\n [] bus_add_driver+0x112/0x210\n [] driver_register+0x55/0x100\n [] acpi_processor_driver_init+0x3b/0xc0\n [] do_one_initcall+0x41/0x300\n [] kernel_init_freeable+0x320/0x470\n [] kernel_init+0x16/0x1b0\n [] ret_from_fork+0x2d/0x50\n\nFix this by freeing the CPU idle device after unregistering it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ACPI: procesador_idle: corrige la p\u00e9rdida de memoria en acpi_processor_power_exit() Despu\u00e9s de cancelar el registro del dispositivo de CPU inactivo, la memoria asociada con \u00e9l no se libera, lo que genera una p\u00e9rdida de memoria: objeto sin referencia 0xffff896282f6c000 (tama\u00f1o 1024): comunicaci\u00f3n \"swapper/0\", pid 1, santiam\u00e9n 4294893170 volcado hexadecimal (primeros 32 bytes): 00 00 00 00 0b 00 00 00 00 00 00 00 00 00 00 00 ........... ..... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ retroceso (crc 8836a742): [] kmalloc_trace+ 0x29d/0x340 [] acpi_processor_power_init+0xf3/0x1c0 [] __acpi_processor_start+0xd3/0xf0 [] acpi_processor_start+0x2c/0x50 [] realmente_probe+0xe2/0x480 [] __driver_probe_device+ 0x78/0x160 [] driver_probe_device+0x1f/0x90 [] __driver_attach+0xce/0x1c0 [] bus_for_each_dev+0x70/0xc0 [] bus_add_driver+0x112/0x210 [] driver_register+ 0x55/0x100 [] acpi_processor_driver_init+0x3b/0xc0 [] do_one_initcall+0x41/0x300 [] kernel_init_freeable+0x320/0x470 [] kernel_init+0x16/0x1b0 [] ret_from_fork+ 0x2d/0x50 Solucione este problema liberando el dispositivo de CPU inactivo despu\u00e9s de cancelar su registro." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26895.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26895.json index e3072e255b9..1d9fb1069fe 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26895.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26895.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces\n\nwilc_netdev_cleanup currently triggers a KASAN warning, which can be\nobserved on interface registration error path, or simply by\nremoving the module/unbinding device from driver:\n\necho spi0.1 > /sys/bus/spi/drivers/wilc1000_spi/unbind\n\n==================================================================\nBUG: KASAN: slab-use-after-free in wilc_netdev_cleanup+0x508/0x5cc\nRead of size 4 at addr c54d1ce8 by task sh/86\n\nCPU: 0 PID: 86 Comm: sh Not tainted 6.8.0-rc1+ #117\nHardware name: Atmel SAMA5\n unwind_backtrace from show_stack+0x18/0x1c\n show_stack from dump_stack_lvl+0x34/0x58\n dump_stack_lvl from print_report+0x154/0x500\n print_report from kasan_report+0xac/0xd8\n kasan_report from wilc_netdev_cleanup+0x508/0x5cc\n wilc_netdev_cleanup from wilc_bus_remove+0xc8/0xec\n wilc_bus_remove from spi_remove+0x8c/0xac\n spi_remove from device_release_driver_internal+0x434/0x5f8\n device_release_driver_internal from unbind_store+0xbc/0x108\n unbind_store from kernfs_fop_write_iter+0x398/0x584\n kernfs_fop_write_iter from vfs_write+0x728/0xf88\n vfs_write from ksys_write+0x110/0x1e4\n ksys_write from ret_fast_syscall+0x0/0x1c\n\n[...]\n\nAllocated by task 1:\n kasan_save_track+0x30/0x5c\n __kasan_kmalloc+0x8c/0x94\n __kmalloc_node+0x1cc/0x3e4\n kvmalloc_node+0x48/0x180\n alloc_netdev_mqs+0x68/0x11dc\n alloc_etherdev_mqs+0x28/0x34\n wilc_netdev_ifc_init+0x34/0x8ec\n wilc_cfg80211_init+0x690/0x910\n wilc_bus_probe+0xe0/0x4a0\n spi_probe+0x158/0x1b0\n really_probe+0x270/0xdf4\n __driver_probe_device+0x1dc/0x580\n driver_probe_device+0x60/0x140\n __driver_attach+0x228/0x5d4\n bus_for_each_dev+0x13c/0x1a8\n bus_add_driver+0x2a0/0x608\n driver_register+0x24c/0x578\n do_one_initcall+0x180/0x310\n kernel_init_freeable+0x424/0x484\n kernel_init+0x20/0x148\n ret_from_fork+0x14/0x28\n\nFreed by task 86:\n kasan_save_track+0x30/0x5c\n kasan_save_free_info+0x38/0x58\n __kasan_slab_free+0xe4/0x140\n kfree+0xb0/0x238\n device_release+0xc0/0x2a8\n kobject_put+0x1d4/0x46c\n netdev_run_todo+0x8fc/0x11d0\n wilc_netdev_cleanup+0x1e4/0x5cc\n wilc_bus_remove+0xc8/0xec\n spi_remove+0x8c/0xac\n device_release_driver_internal+0x434/0x5f8\n unbind_store+0xbc/0x108\n kernfs_fop_write_iter+0x398/0x584\n vfs_write+0x728/0xf88\n ksys_write+0x110/0x1e4\n ret_fast_syscall+0x0/0x1c\n [...]\n\nDavid Mosberger-Tan initial investigation [1] showed that this\nuse-after-free is due to netdevice unregistration during vif list\ntraversal. When unregistering a net device, since the needs_free_netdev has\nbeen set to true during registration, the netdevice object is also freed,\nand as a consequence, the corresponding vif object too, since it is\nattached to it as private netdevice data. The next occurrence of the loop\nthen tries to access freed vif pointer to the list to move forward in the\nlist.\n\nFix this use-after-free thanks to two mechanisms:\n- navigate in the list with list_for_each_entry_safe, which allows to\n safely modify the list as we go through each element. For each element,\n remove it from the list with list_del_rcu\n- make sure to wait for RCU grace period end after each vif removal to make\n sure it is safe to free the corresponding vif too (through\n unregister_netdev)\n\nSince we are in a RCU \"modifier\" path (not a \"reader\" path), and because\nsuch path is expected not to be concurrent to any other modifier (we are\nusing the vif_mutex lock), we do not need to use RCU list API, that's why\nwe can benefit from list_for_each_entry_safe.\n\n[1] https://lore.kernel.org/linux-wireless/ab077dbe58b1ea5de0a3b2ca21f275a07af967d2.camel@egauge.net/" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: wilc1000: evita el use-after-free en vif al limpiar todas las interfaces wilc_netdev_cleanup activa actualmente una advertencia KASAN, que se puede observar en la ruta del error de registro de la interfaz, o simplemente eliminando el m\u00f3dulo/dispositivo de desvinculaci\u00f3n del controlador: echo spi0.1 > /sys/bus/spi/drivers/wilc1000_spi/unbind ========================== ========================================= ERROR: KASAN: uso de losa despu\u00e9s -free en wilc_netdev_cleanup+0x508/0x5cc Lectura de tama\u00f1o 4 en addr c54d1ce8 por tarea sh/86 CPU: 0 PID: 86 Comm: sh Not tainted 6.8.0-rc1+ #117 Nombre de hardware: Atmel SAMA5 unwind_backtrace from show_stack+0x18/0x1c show_stack de dump_stack_lvl+0x34/0x58 dump_stack_lvl de print_report+0x154/0x500 print_report de kasan_report+0xac/0xd8 kasan_report de wilc_netdev_cleanup+0x508/0x5cc wilc_netdev_cleanup de wilc_bus_remove+0xc8/0xec wilc_bus_remove de spi_remove+0x8c/0xac spi_remove de dispositivo_release_driver_internal+0x434/0x5f8 dispositivo_release_driver_internal de unbind_store+0xbc/0x108 unbind_store de kernfs_fop_write_iter+0x398/0x584 kernfs_fop_write_iter de vfs_write+0x728/0xf88 vfs_write de ksys_write+0x110/0x1e4 ksys_write de ret_fast_syscall+0x0/0 x1c [...] Asignado por la tarea 1: kasan_save_track+0x30/0x5c __kasan_kmalloc +0x8c/0x94 __kmalloc_node+0x1cc/0x3e4 kvmalloc_node+0x48/0x180 alloc_netdev_mqs+0x68/0x11dc alloc_etherdev_mqs+0x28/0x34 wilc_netdev_ifc_init+0x34/0x8ec wilc_cfg80211 _init+0x690/0x910 wilc_bus_probe+0xe0/0x4a0 spi_probe+0x158/0x1b0 Actually_probe+0x270/0xdf4 __driver_probe_device +0x1dc/0x580 driver_probe_device+0x60/0x140 __driver_attach+0x228/0x5d4 bus_for_each_dev+0x13c/0x1a8 bus_add_driver+0x2a0/0x608 driver_register+0x24c/0x578 do_one_initcall+0x180/0x310 kernel _init_freeable+0x424/0x484 kernel_init+0x20/0x148 ret_from_fork+0x14/0x28 Liberado por tarea 86: kasan_save_track+0x30/0x5c kasan_save_free_info+0x38/0x58 __kasan_slab_free+0xe4/0x140 kfree+0xb0/0x238 device_release+0xc0/0x2a8 kobject_put+0x1d4/0x46c netdev_run_todo+0x8fc/0x11 d0 wilc_netdev_cleanup+0x1e4/0x5cc wilc_bus_remove+0xc8/0xec spi_remove +0x8c/0xac dispositivo_release_driver_internal+0x434/0x5f8 unbind_store+0xbc/0x108 kernfs_fop_write_iter+0x398/0x584 vfs_write+0x728/0xf88 ksys_write+0x110/0x1e4 ret_fast_syscall+0x0/0x1c [...] La investigaci\u00f3n inicial de David Mosberger-Tan [1] mostr\u00f3 que Este use-after-free se debe a la cancelaci\u00f3n del registro del dispositivo de red durante el recorrido de la lista vif. Al cancelar el registro de un dispositivo de red, dado que need_free_netdev se configur\u00f3 en verdadero durante el registro, el objeto netdevice tambi\u00e9n se libera y, como consecuencia, tambi\u00e9n el objeto vif correspondiente, ya que est\u00e1 adjunto a \u00e9l como datos privados del dispositivo de red. La siguiente aparici\u00f3n del bucle intenta acceder al puntero vif liberado a la lista para avanzar en la lista. Solucionar este use-after-free gracias a dos mecanismos: - navegar en la lista con list_for_each_entry_safe, que permite modificar de forma segura la lista a medida que avanzamos por cada elemento. Para cada elemento, elim\u00ednelo de la lista con list_del_rcu; aseg\u00farese de esperar a que finalice el per\u00edodo de gracia de RCU despu\u00e9s de cada eliminaci\u00f3n de vif para asegurarse de que tambi\u00e9n sea seguro liberar el vif correspondiente (a trav\u00e9s de unregister_netdev). Ya que estamos en un \"modificador\" de RCU. ruta (no una ruta de \"lector\"), y debido a que se espera que dicha ruta no sea concurrente con ning\u00fan otro modificador (estamos usando el bloqueo vif_mutex), no necesitamos usar la API de lista RCU, es por eso que podemos beneficiarnos de list_for_each_entry_safe . [1] https://lore.kernel.org/linux-wireless/ab077dbe58b1ea5de0a3b2ca21f275a07af967d2.camel@egauge.net/" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26896.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26896.json index f8919a47cc5..a5a4bc58587 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26896.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26896.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wfx: fix memory leak when starting AP\n\nKmemleak reported this error:\n\n unreferenced object 0xd73d1180 (size 184):\n comm \"wpa_supplicant\", pid 1559, jiffies 13006305 (age 964.245s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 1e 00 01 00 00 00 00 00 ................\n backtrace:\n [<5ca11420>] kmem_cache_alloc+0x20c/0x5ac\n [<127bdd74>] __alloc_skb+0x144/0x170\n [] __netdev_alloc_skb+0x50/0x180\n [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211]\n [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211]\n [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx]\n [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211]\n [] nl80211_start_ap+0x76c/0x9e0 [cfg80211]\n [<47bd8b68>] genl_rcv_msg+0x198/0x378\n [<453ef796>] netlink_rcv_skb+0xd0/0x130\n [<6b7c977a>] genl_rcv+0x34/0x44\n [<66b2d04d>] netlink_unicast+0x1b4/0x258\n [] netlink_sendmsg+0x1e8/0x428\n [] ____sys_sendmsg+0x1e0/0x274\n [] ___sys_sendmsg+0x80/0xb4\n [<69954f45>] __sys_sendmsg+0x64/0xa8\n unreferenced object 0xce087000 (size 1024):\n comm \"wpa_supplicant\", pid 1559, jiffies 13006305 (age 964.246s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 10 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............\n backtrace:\n [<9a993714>] __kmalloc_track_caller+0x230/0x600\n [] kmalloc_reserve.constprop.0+0x30/0x74\n [] __alloc_skb+0xa0/0x170\n [] __netdev_alloc_skb+0x50/0x180\n [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211]\n [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211]\n [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx]\n [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211]\n [] nl80211_start_ap+0x76c/0x9e0 [cfg80211]\n [<47bd8b68>] genl_rcv_msg+0x198/0x378\n [<453ef796>] netlink_rcv_skb+0xd0/0x130\n [<6b7c977a>] genl_rcv+0x34/0x44\n [<66b2d04d>] netlink_unicast+0x1b4/0x258\n [] netlink_sendmsg+0x1e8/0x428\n [] ____sys_sendmsg+0x1e0/0x274\n [] ___sys_sendmsg+0x80/0xb4\n\nHowever, since the kernel is build optimized, it seems the stack is not\naccurate. It appears the issue is related to wfx_set_mfp_ap(). The issue\nis obvious in this function: memory allocated by ieee80211_beacon_get()\nis never released. Fixing this leak makes kmemleak happy." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: wifi: wfx: corrige la p\u00e9rdida de memoria al iniciar AP Kmemleak inform\u00f3 este error: objeto sin referencia 0xd73d1180 (tama\u00f1o 184): comm \"wpa_supplicant\", pid 1559, jiffies 13006305 (edad 964.245 s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 1e 00 01 00 00 00 00 00 ................ rastreo inverso: [<5ca11420>] kmem_cache_alloc+0x20c/0x5ac [<127bdd74>] __alloc_skb+0x144/0x170 [] __netdev_alloc_skb +0x50/0x180 [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211] [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211] [<41e25cc3>] 8/0x234 [wfx] [<93a70356>] ieee80211_start_ap+ 0x404/0x6b4 [mac80211] [] nl80211_start_ap+0x76c/0x9e0 [cfg80211] [<47bd8b68>] genl_rcv_msg+0x198/0x378 [<453ef796>] 130 [<6b7c977a>] genl_rcv+0x34/0x44 [ <66b2d04d>] netlink_unicast+0x1b4/0x258 [] netlink_sendmsg+0x1e8/0x428 [] ____sys_sendmsg+0x1e0/0x274 [] b4 [<69954f45>] __sys_sendmsg+0x64/0xa8 sin referencia Objeto 0xCE087000 (tama\u00f1o 1024): Comm \"WPA_Supplicant\", PID 1559, Jiffies 13006305 (Edad 964.246s) Volcado hexagonal (Primero 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ... ............ 10 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............ retroceso: [<9a993714> ] __kmalloc_track_caller+0x230/0x600 [] kmalloc_reserve.constprop.0+0x30/0x74 [] __alloc_skb+0xa0/0x170 [] __netdev_alloc_skb+0x50/0x180 9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211] [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211] [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx] [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [ mac80211] [] nl80211_start_ap+0x76c /0x9e0 [cfg80211] [<47bd8b68>] genl_rcv_msg+0x198/0x378 [<453ef796>] netlink_rcv_skb+0xd0/0x130 [<6b7c977a>] genl_rcv+0x34/0x44 [<66b2d04d>] x1b4/0x258 [] netlink_sendmsg+0x1e8/0x428 [] ____sys_sendmsg+0x1e0/0x274 [] ___sys_sendmsg+0x80/0xb4 Sin embargo, dado que el kernel est\u00e1 optimizado, parece que la pila no es precisa. Parece que el problema est\u00e1 relacionado con wfx_set_mfp_ap(). El problema es obvio en esta funci\u00f3n: la memoria asignada por ieee80211_beacon_get() nunca se libera. Arreglar esta fuga hace feliz a kmemleak." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26897.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26897.json index 0192f282894..96aa04cdf43 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26897.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26897.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete\n\nThe ath9k_wmi_event_tasklet() used in ath9k_htc assumes that all the data\nstructures have been fully initialised by the time it runs. However, because of\nthe order in which things are initialised, this is not guaranteed to be the\ncase, because the device is exposed to the USB subsystem before the ath9k driver\ninitialisation is completed.\n\nWe already committed a partial fix for this in commit:\n8b3046abc99e (\"ath9k_htc: fix NULL pointer dereference at ath9k_htc_tx_get_packet()\")\n\nHowever, that commit only aborted the WMI_TXSTATUS_EVENTID command in the event\ntasklet, pairing it with an \"initialisation complete\" bit in the TX struct. It\nseems syzbot managed to trigger the race for one of the other commands as well,\nso let's just move the existing synchronisation bit to cover the whole\ntasklet (setting it at the end of ath9k_htc_probe_device() instead of inside\nath9k_tx_init())." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: ath9k: retrasa todo ath9k_wmi_event_tasklet() hasta que se complete el inicio. El ath9k_wmi_event_tasklet() usado en ath9k_htc supone que todas las estructuras de datos se han inicializado por completo en el momento de su ejecuci\u00f3n. Sin embargo, debido al orden en que se inicializan las cosas, no se garantiza que este sea el caso, porque el dispositivo queda expuesto al subsistema USB antes de que se complete la inicializaci\u00f3n del controlador ath9k. Ya cometimos una soluci\u00f3n parcial para esto en la confirmaci\u00f3n: 8b3046abc99e (\"ath9k_htc: corrige la desreferencia del puntero NULL en ath9k_htc_tx_get_packet()\") Sin embargo, esa confirmaci\u00f3n solo abort\u00f3 el comando WMI_TXSTATUS_EVENTID en el tasklet de eventos, emparej\u00e1ndolo con un bit de \"inicializaci\u00f3n completa\" en la estructura TX. Parece que syzbot tambi\u00e9n logr\u00f3 activar la carrera para uno de los otros comandos, as\u00ed que simplemente movamos el bit de sincronizaci\u00f3n existente para cubrir todo el tasklet (configur\u00e1ndolo al final de ath9k_htc_probe_device() en lugar de dentro de ath9k_tx_init())." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26898.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26898.json index c1e7a9f155b..4424b74087d 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26898.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26898.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naoe: fix the potential use-after-free problem in aoecmd_cfg_pkts\n\nThis patch is against CVE-2023-6270. The description of cve is:\n\n A flaw was found in the ATA over Ethernet (AoE) driver in the Linux\n kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on\n `struct net_device`, and a use-after-free can be triggered by racing\n between the free on the struct and the access through the `skbtxq`\n global queue. This could lead to a denial of service condition or\n potential code execution.\n\nIn aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial\ncode is finished. But the net_device ifp will still be used in\nlater tx()->dev_queue_xmit() in kthread. Which means that the\ndev_put(ifp) should NOT be called in the success path of skb\ninitial code in aoecmd_cfg_pkts(). Otherwise tx() may run into\nuse-after-free because the net_device is freed.\n\nThis patch removed the dev_put(ifp) in the success path in\naoecmd_cfg_pkts(), and added dev_put() after skb xmit in tx()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: aoe: soluciona el posible problema de use-after-free en aoecmd_cfg_pkts. Este parche es contra CVE-2023-6270. La descripci\u00f3n de cve es: Se encontr\u00f3 una falla en el controlador ATA sobre Ethernet (AoE) en el kernel de Linux. La funci\u00f3n aoecmd_cfg_pkts() actualiza incorrectamente el refcnt en `struct net_device`, y se puede activar un use-after-free corriendo entre lo libre en la estructura y el acceso a trav\u00e9s de la cola global `skbtxq`. Esto podr\u00eda provocar una condici\u00f3n de denegaci\u00f3n de servicio o una posible ejecuci\u00f3n de c\u00f3digo. En aoecmd_cfg_pkts(), siempre llama a dev_put(ifp) cuando finaliza el c\u00f3digo inicial de skb. Pero el ifp net_device todav\u00eda se usar\u00e1 en tx()->dev_queue_xmit() posterior en kthread. Lo que significa que NO se debe llamar a dev_put(ifp) en la ruta exitosa del c\u00f3digo inicial de skb en aoecmd_cfg_pkts(). De lo contrario, tx() puede ejecutar use-after-free porque el net_device est\u00e1 liberado. Este parche elimin\u00f3 dev_put(ifp) en la ruta de \u00e9xito en aoecmd_cfg_pkts() y agreg\u00f3 dev_put() despu\u00e9s de skb xmit en tx()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26899.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26899.json index f21061bf79b..f6eb9cc8d7c 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26899.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26899.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix deadlock between bd_link_disk_holder and partition scan\n\n'open_mutex' of gendisk is used to protect open/close block devices. But\nin bd_link_disk_holder(), it is used to protect the creation of symlink\nbetween holding disk and slave bdev, which introduces some issues.\n\nWhen bd_link_disk_holder() is called, the driver is usually in the process\nof initialization/modification and may suspend submitting io. At this\ntime, any io hold 'open_mutex', such as scanning partitions, can cause\ndeadlocks. For example, in raid:\n\nT1 T2\nbdev_open_by_dev\n lock open_mutex [1]\n ...\n efi_partition\n ...\n md_submit_bio\n\t\t\t\tmd_ioctl mddev_syspend\n\t\t\t\t -> suspend all io\n\t\t\t\t md_add_new_disk\n\t\t\t\t bind_rdev_to_array\n\t\t\t\t bd_link_disk_holder\n\t\t\t\t try lock open_mutex [2]\n md_handle_request\n -> wait mddev_resume\n\nT1 scan partition, T2 add a new device to raid. T1 waits for T2 to resume\nmddev, but T2 waits for open_mutex held by T1. Deadlock occurs.\n\nFix it by introducing a local mutex 'blk_holder_mutex' to replace\n'open_mutex'." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bloque: soluciona el punto muerto entre bd_link_disk_holder y el an\u00e1lisis de partici\u00f3n. 'open_mutex' de gendisk se utiliza para proteger dispositivos de bloqueo de apertura/cierre. Pero en bd_link_disk_holder(), se utiliza para proteger la creaci\u00f3n de un enlace simb\u00f3lico entre el disco de retenci\u00f3n y el bdev esclavo, lo que introduce algunos problemas. Cuando se llama a bd_link_disk_holder(), el controlador generalmente est\u00e1 en el proceso de inicializaci\u00f3n/modificaci\u00f3n y puede suspender el env\u00edo de io. En este momento, cualquier retenci\u00f3n de io 'open_mutex', como escanear particiones, puede causar interbloqueos. Por ejemplo, en raid: T1 T2 bdev_open_by_dev lock open_mutex [1] ... efi_partition ... md_submit_bio md_ioctl mddev_syspend -> suspender todo io md_add_new_disk bind_rdev_to_array bd_link_disk_holder try lock open_mutex [2] md_handle_request -> esperar mddev_resume T1 escanear partici\u00f3n, agregar un Nuevo dispositivo para atacar. T1 espera a que T2 reanude mddev, pero T2 espera a open_mutex retenido por T1. Se produce un punto muerto. Solucionarlo introduciendo un mutex local 'blk_holder_mutex' para reemplazar 'open_mutex'." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26900.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26900.json index 6c5cd4d9b02..6774b515ef1 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26900.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26900.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix kmemleak of rdev->serial\n\nIf kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be\nalloc not be freed, and kmemleak occurs.\n\nunreferenced object 0xffff88815a350000 (size 49152):\n comm \"mdadm\", pid 789, jiffies 4294716910\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc f773277a):\n [<0000000058b0a453>] kmemleak_alloc+0x61/0xe0\n [<00000000366adf14>] __kmalloc_large_node+0x15e/0x270\n [<000000002e82961b>] __kmalloc_node.cold+0x11/0x7f\n [<00000000f206d60a>] kvmalloc_node+0x74/0x150\n [<0000000034bf3363>] rdev_init_serial+0x67/0x170\n [<0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220\n [<00000000c3837bf0>] bind_rdev_to_array+0x2af/0x630\n [<0000000073c28560>] md_add_new_disk+0x400/0x9f0\n [<00000000770e30ff>] md_ioctl+0x15bf/0x1c10\n [<000000006cfab718>] blkdev_ioctl+0x191/0x3f0\n [<0000000085086a11>] vfs_ioctl+0x22/0x60\n [<0000000018b656fe>] __x64_sys_ioctl+0xba/0xe0\n [<00000000e54e675e>] do_syscall_64+0x71/0x150\n [<000000008b0ad622>] entry_SYSCALL_64_after_hwframe+0x6c/0x74" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: md: corrige kmemleak de rdev->serial Si kobject_add() falla en bind_rdev_to_array(), 'rdev->serial' se asignar\u00e1 y no se liberar\u00e1, y se produce kmemleak. objeto sin referencia 0xffff88815a350000 (tama\u00f1o 49152): comm \"mdadm\", pid 789, jiffies 4294716910 volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ retroceso (crc f773277a): [<0000000058b0a453> ] kmemleak_alloc+0x61/0xe0 [<00000000366adf14>] __kmalloc_large_node+0x15e/0x270 [<000000002e82961b>] __kmalloc_node.cold+0x11/0x7f [<00000000f206d60a>] loc_node+0x74/0x150 [<0000000034bf3363>] rdev_init_serial+0x67/0x170 [< 0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220 [<00000000c3837bf0>] bind_rdev_to_array+0x2af/0x630 [<0000000073c28560>] md_add_new_disk+0x400/0x9f0 00000000770e30ff>] md_ioctl+0x15bf/0x1c10 [<000000006cfab718>] blkdev_ioctl+0x191/0x3f0 [< 0000000085086a11>] vfs_ioctl+0x22/0x60 [<0000000018b656fe>] __x64_sys_ioctl+0xba/0xe0 [<00000000e54e675e>] do_syscall_64+0x71/0x150 [<00000 0008b0ad622>] entrada_SYSCALL_64_after_hwframe+0x6c/0x74" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26901.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26901.json index 9f16297d054..31d4257a9dc 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26901.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26901.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndo_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak\n\nsyzbot identified a kernel information leak vulnerability in\ndo_sys_name_to_handle() and issued the following report [1].\n\n[1]\n\"BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\nBUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x100 lib/usercopy.c:40\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n _copy_to_user+0xbc/0x100 lib/usercopy.c:40\n copy_to_user include/linux/uaccess.h:191 [inline]\n do_sys_name_to_handle fs/fhandle.c:73 [inline]\n __do_sys_name_to_handle_at fs/fhandle.c:112 [inline]\n __se_sys_name_to_handle_at+0x949/0xb10 fs/fhandle.c:94\n __x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94\n ...\n\nUninit was created at:\n slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\n slab_alloc_node mm/slub.c:3478 [inline]\n __kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517\n __do_kmalloc_node mm/slab_common.c:1006 [inline]\n __kmalloc+0x121/0x3c0 mm/slab_common.c:1020\n kmalloc include/linux/slab.h:604 [inline]\n do_sys_name_to_handle fs/fhandle.c:39 [inline]\n __do_sys_name_to_handle_at fs/fhandle.c:112 [inline]\n __se_sys_name_to_handle_at+0x441/0xb10 fs/fhandle.c:94\n __x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94\n ...\n\nBytes 18-19 of 20 are uninitialized\nMemory access of size 20 starts at ffff888128a46380\nData copied to user address 0000000020000240\"\n\nPer Chuck Lever's suggestion, use kzalloc() instead of kmalloc() to\nsolve the problem." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: do_sys_name_to_handle(): use kzalloc() para reparar kernel-infoleak syzbot identific\u00f3 una vulnerabilidad de fuga de informaci\u00f3n del kernel en do_sys_name_to_handle() y emiti\u00f3 el siguiente informe [1]. [1] \"ERROR: KMSAN: kernel-infoleak en instrument_copy_to_user include/linux/instrumented.h:114 [en l\u00ednea] ERROR: KMSAN: kernel-infoleak en _copy_to_user+0xbc/0x100 lib/usercopy.c:40 instrument_copy_to_user include/linux/ instrumented.h:114 [en l\u00ednea] _copy_to_user+0xbc/0x100 lib/usercopy.c:40 copy_to_user include/linux/uaccess.h:191 [en l\u00ednea] do_sys_name_to_handle fs/fhandle.c:73 [en l\u00ednea] __do_sys_name_to_handle_at fs/fhandle.c :112 [en l\u00ednea] __se_sys_name_to_handle_at+0x949/0xb10 fs/fhandle.c:94 __x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94 ... Uninit se cre\u00f3 en: slab_post_alloc_hook+0x129/0xa70 mm/slab.h: 768 losa_alloc_nodo mm/slub.c:3478 [en l\u00ednea] __kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517 __do_kmalloc_node mm/slab_common.c:1006 [en l\u00ednea] __kmalloc+0x121/0x3c0 mm/slab_common.c:1020 kmalloc include/linux/ slab.h:604 [en l\u00ednea] do_sys_name_to_handle fs/fhandle.c:39 [en l\u00ednea] __do_sys_name_to_handle_at fs/fhandle.c:112 [en l\u00ednea] __se_sys_name_to_handle_at+0x441/0xb10 fs/fhandle.c:94 _handle_at+0xe4/0x140 fs/fhandle .c:94 ... Los bytes 18-19 de 20 no est\u00e1n inicializados El acceso a la memoria de tama\u00f1o 20 comienza en ffff888128a46380 Datos copiados a la direcci\u00f3n de usuario 0000000020000240\" Seg\u00fan la sugerencia de Chuck Lever, use kzalloc() en lugar de kmalloc() para resolver el problema." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26902.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26902.json index 60d75940b2f..dad3c1b33bb 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26902.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26902.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: RISCV: Fix panic on pmu overflow handler\n\n(1 << idx) of int is not desired when setting bits in unsigned long\noverflowed_ctrs, use BIT() instead. This panic happens when running\n'perf record -e branches' on sophgo sg2042.\n\n[ 273.311852] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000098\n[ 273.320851] Oops [#1]\n[ 273.323179] Modules linked in:\n[ 273.326303] CPU: 0 PID: 1475 Comm: perf Not tainted 6.6.0-rc3+ #9\n[ 273.332521] Hardware name: Sophgo Mango (DT)\n[ 273.336878] epc : riscv_pmu_ctr_get_width_mask+0x8/0x62\n[ 273.342291] ra : pmu_sbi_ovf_handler+0x2e0/0x34e\n[ 273.347091] epc : ffffffff80aecd98 ra : ffffffff80aee056 sp : fffffff6e36928b0\n[ 273.354454] gp : ffffffff821f82d0 tp : ffffffd90c353200 t0 : 0000002ade4f9978\n[ 273.361815] t1 : 0000000000504d55 t2 : ffffffff8016cd8c s0 : fffffff6e3692a70\n[ 273.369180] s1 : 0000000000000020 a0 : 0000000000000000 a1 : 00001a8e81800000\n[ 273.376540] a2 : 0000003c00070198 a3 : 0000003c00db75a4 a4 : 0000000000000015\n[ 273.383901] a5 : ffffffd7ff8804b0 a6 : 0000000000000015 a7 : 000000000000002a\n[ 273.391327] s2 : 000000000000ffff s3 : 0000000000000000 s4 : ffffffd7ff8803b0\n[ 273.398773] s5 : 0000000000504d55 s6 : ffffffd905069800 s7 : ffffffff821fe210\n[ 273.406139] s8 : 000000007fffffff s9 : ffffffd7ff8803b0 s10: ffffffd903f29098\n[ 273.413660] s11: 0000000080000000 t3 : 0000000000000003 t4 : ffffffff8017a0ca\n[ 273.421022] t5 : ffffffff8023cfc2 t6 : ffffffd9040780e8\n[ 273.426437] status: 0000000200000100 badaddr: 0000000000000098 cause: 000000000000000d\n[ 273.434512] [] riscv_pmu_ctr_get_width_mask+0x8/0x62\n[ 273.441169] [] handle_percpu_devid_irq+0x98/0x1ee\n[ 273.447562] [] generic_handle_domain_irq+0x28/0x36\n[ 273.454151] [] riscv_intc_irq+0x36/0x4e\n[ 273.459659] [] handle_riscv_irq+0x4a/0x74\n[ 273.465442] [] do_irq+0x62/0x92\n[ 273.470360] Code: 0420 60a2 6402 5529 0141 8082 0013 0000 0013 0000 (6d5c) b783\n[ 273.477921] ---[ end trace 0000000000000000 ]---\n[ 273.482630] Kernel panic - not syncing: Fatal exception in interrupt" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: perf: RISCV: no se desea corregir el p\u00e1nico en el controlador de desbordamiento de pmu (1 << idx) de int al configurar bits en overflowed_ctrs largos sin firmar; use BIT() en su lugar. Este p\u00e1nico ocurre cuando se ejecuta 'perf record -e sucursales' en sophgo sg2042. [273.311852] No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000098 [273.320851] Ups [#1] [273.323179] M\u00f3dulos vinculados en: [273.326303] CPU: 0 PID: 1475 Comm: perf No contaminado 6.6.0- rc3+#9 [ 273.332521] Nombre de hardware: Sophgo Mango (DT) [ 273.336878] epc : riscv_pmu_ctr_get_width_mask+0x8/0x62 [ 273.342291] ra : pmu_sbi_ovf_handler+0x2e0/0x34e [ 273.347091] epc : ffff80aecd98 ra: ffffffff80aee056 sp: ffffff6e36928b0 [273.354454] gp: ffffffff821f82d0 tp : ffffffd90c353200 T0: 0000002ade4f9978 [273.361815] T1: 000000000000504D55 T2: FFFFFFFF8016CD8C S0: FFFFFFF66E3692A70 [273.369180] 1A8E81800000 [273.376540] A2: 0000003C00070198 A3: 0000003C00DB75A4 A4: 000000000000000015 [273.383901] A5: FFFFFFD7FF8804B0 A6: 0000000000000015 a7: 000000000000002a [273.391327] s2: 000000000000ffff s3: 0000000000000000 s4: ffffffd7ff8803b0 [273.398773] s5: 0000000000504d55 s6: ffffffd905069800 s7: ffffffff821fe210 [273.406139] s8: 000000007ffffff s9: ffffffd7ff8803b0 s10: ffffffd903f29098 [273.413660] s11: 00080000000 t3: 0000000000000003 t4: ffffffff8017a0ca [273.421022] t5: ffffffff8023cfc2 t6: ffffffd9040780e8 [273.426437] estado: 0000000200000100 badaddr: 0000000000000098 causa: 00000d [ 273.434512] [] riscv_pmu_ctr_get_width_mask+0x8/0x62 [ 273.441169] [] handle_percpu_devid_irq+0x98/0x1ee [ 273.447562 ] [] generic_handle_domain_irq+0x28/0x36 [ 273.454151] [] riscv_intc_irq+0x36/0x4e [ 273.459659] [] 0x4a/0x74 [ 273.465442] [] do_irq+0x62/0x92 [ 273.470360] C\u00f3digo: 0420 60a2 6402 5529 0141 8082 0013 0000 0013 0000 (6d5c) b783 [ 273.477921] ---[ final de seguimiento 0000000000000000 ]--- 273.482 630] P\u00e1nico del kernel: no se sincroniza: excepci\u00f3n fatal en la interrupci\u00f3n" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26903.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26903.json index 21d40e55608..de40991e3b9 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26903.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26903.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security\n\nDuring our fuzz testing of the connection and disconnection process at the\nRFCOMM layer, we discovered this bug. By comparing the packets from a\nnormal connection and disconnection process with the testcase that\ntriggered a KASAN report. We analyzed the cause of this bug as follows:\n\n1. In the packets captured during a normal connection, the host sends a\n`Read Encryption Key Size` type of `HCI_CMD` packet\n(Command Opcode: 0x1408) to the controller to inquire the length of\nencryption key.After receiving this packet, the controller immediately\nreplies with a Command Completepacket (Event Code: 0x0e) to return the\nEncryption Key Size.\n\n2. In our fuzz test case, the timing of the controller's response to this\npacket was delayed to an unexpected point: after the RFCOMM and L2CAP\nlayers had disconnected but before the HCI layer had disconnected.\n\n3. After receiving the Encryption Key Size Response at the time described\nin point 2, the host still called the rfcomm_check_security function.\nHowever, by this time `struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;`\nhad already been released, and when the function executed\n`return hci_conn_security(conn->hcon, d->sec_level, auth_type, d->out);`,\nspecifically when accessing `conn->hcon`, a null-ptr-deref error occurred.\n\nTo fix this bug, check if `sk->sk_state` is BT_CLOSED before calling\nrfcomm_recv_frame in rfcomm_process_rx." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: Bluetooth: rfcomm: corrija null-ptr-deref en rfcomm_check_security Durante nuestras pruebas preliminares del proceso de conexi\u00f3n y desconexi\u00f3n en la capa RFCOMM, descubrimos este error. Comparando los paquetes de un proceso normal de conexi\u00f3n y desconexi\u00f3n con el caso de prueba que desencaden\u00f3 un informe KASAN. Analizamos la causa de este error de la siguiente manera: 1. En los paquetes capturados durante una conexi\u00f3n normal, el host env\u00eda un paquete `HCI_CMD` del tipo `Read Encryption Key Size` (c\u00f3digo de operaci\u00f3n de comando: 0x1408) al controlador para consultar la longitud. de clave de cifrado. Despu\u00e9s de recibir este paquete, el controlador responde inmediatamente con un paquete de comando completo (c\u00f3digo de evento: 0x0e) para devolver el tama\u00f1o de la clave de cifrado. 2. En nuestro caso de prueba fuzz, el tiempo de respuesta del controlador a este paquete se retras\u00f3 hasta un punto inesperado: despu\u00e9s de que las capas RFCOMM y L2CAP se desconectaran, pero antes de que se desconectara la capa HCI. 3. Despu\u00e9s de recibir la respuesta del tama\u00f1o de la clave de cifrado en el momento descrito en el punto 2, el host a\u00fan llam\u00f3 a la funci\u00f3n rfcomm_check_security. Sin embargo, en ese momento `struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;` ya se hab\u00eda lanzado, y cuando se ejecut\u00f3 la funci\u00f3n `return hci_conn_security(conn->hcon, d->sec_level, auth_type, d ->out);`, espec\u00edficamente al acceder a `conn->hcon`, ocurri\u00f3 un error null-ptr-deref. Para corregir este error, verifique si `sk->sk_state` est\u00e1 BT_CLOSED antes de llamar a rfcomm_recv_frame en rfcomm_process_rx." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26904.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26904.json index 8d18cb280c5..ba1ce6a8e17 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26904.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26904.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix data race at btrfs_use_block_rsv() when accessing block reserve\n\nAt btrfs_use_block_rsv() we read the size of a block reserve without\nlocking its spinlock, which makes KCSAN complain because the size of a\nblock reserve is always updated while holding its spinlock. The report\nfrom KCSAN is the following:\n\n [653.313148] BUG: KCSAN: data-race in btrfs_update_delayed_refs_rsv [btrfs] / btrfs_use_block_rsv [btrfs]\n\n [653.314755] read to 0x000000017f5871b8 of 8 bytes by task 7519 on cpu 0:\n [653.314779] btrfs_use_block_rsv+0xe4/0x2f8 [btrfs]\n [653.315606] btrfs_alloc_tree_block+0xdc/0x998 [btrfs]\n [653.316421] btrfs_force_cow_block+0x220/0xe38 [btrfs]\n [653.317242] btrfs_cow_block+0x1ac/0x568 [btrfs]\n [653.318060] btrfs_search_slot+0xda2/0x19b8 [btrfs]\n [653.318879] btrfs_del_csums+0x1dc/0x798 [btrfs]\n [653.319702] __btrfs_free_extent.isra.0+0xc24/0x2028 [btrfs]\n [653.320538] __btrfs_run_delayed_refs+0xd3c/0x2390 [btrfs]\n [653.321340] btrfs_run_delayed_refs+0xae/0x290 [btrfs]\n [653.322140] flush_space+0x5e4/0x718 [btrfs]\n [653.322958] btrfs_preempt_reclaim_metadata_space+0x102/0x2f8 [btrfs]\n [653.323781] process_one_work+0x3b6/0x838\n [653.323800] worker_thread+0x75e/0xb10\n [653.323817] kthread+0x21a/0x230\n [653.323836] __ret_from_fork+0x6c/0xb8\n [653.323855] ret_from_fork+0xa/0x30\n\n [653.323887] write to 0x000000017f5871b8 of 8 bytes by task 576 on cpu 3:\n [653.323906] btrfs_update_delayed_refs_rsv+0x1a4/0x250 [btrfs]\n [653.324699] btrfs_add_delayed_data_ref+0x468/0x6d8 [btrfs]\n [653.325494] btrfs_free_extent+0x76/0x120 [btrfs]\n [653.326280] __btrfs_mod_ref+0x6a8/0x6b8 [btrfs]\n [653.327064] btrfs_dec_ref+0x50/0x70 [btrfs]\n [653.327849] walk_up_proc+0x236/0xa50 [btrfs]\n [653.328633] walk_up_tree+0x21c/0x448 [btrfs]\n [653.329418] btrfs_drop_snapshot+0x802/0x1328 [btrfs]\n [653.330205] btrfs_clean_one_deleted_snapshot+0x184/0x238 [btrfs]\n [653.330995] cleaner_kthread+0x2b0/0x2f0 [btrfs]\n [653.331781] kthread+0x21a/0x230\n [653.331800] __ret_from_fork+0x6c/0xb8\n [653.331818] ret_from_fork+0xa/0x30\n\nSo add a helper to get the size of a block reserve while holding the lock.\nReading the field while holding the lock instead of using the data_race()\nannotation is used in order to prevent load tearing." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: corrige la carrera de datos en btrfs_use_block_rsv() al acceder a la reserva de bloque En btrfs_use_block_rsv() leemos el tama\u00f1o de una reserva de bloque sin bloquear su spinlock, lo que hace que KCSAN se queje porque el tama\u00f1o de una reserva de bloque siempre se actualiza mientras se mantiene su bloqueo de giro. El informe de KCSAN es el siguiente: [653.313148] ERROR: KCSAN: data-race en btrfs_update_delayed_refs_rsv [btrfs] / btrfs_use_block_rsv [btrfs] [653.314755] le\u00eddo en 0x000000017f5871b8 de 8 bytes por tarea 7519 en 0: [653.314779] btrfs_use_block_rsv+0xe4 /0x2f8 [btrfs] [653.315606] btrfs_alloc_tree_block+0xdc/0x998 [btrfs] [653.316421] btrfs_force_cow_block+0x220/0xe38 [btrfs] [653.317242] 8 [btrfs] [653.318060] btrfs_search_slot+0xda2/0x19b8 [btrfs] [ 653.318879] btrfs_del_csums+0x1dc/0x798 [btrfs] [653.319702] __btrfs_free_extent.isra.0+0xc24/0x2028 [btrfs] [653.320538] __btrfs_run_delayed_refs+0xd3c/0x 2390 [btrfs] [653.321340] btrfs_run_delayed_refs+0xae/0x290 [btrfs] [653.322140] flush_space+0x5e4/0x718 [btrfs] [653.322958] btrfs_preempt_reclaim_metadata_space+0x102/0x2f8 [btrfs] [653.323781] Process_one_work+0x3b6/0x838 [653.323800] trabajador_thread+0x75e/0xb1 0 [653.323817] kthread+0x21a/0x230 [653.323836] __ret_from_fork+0x6c/ 0xb8 [653.323855] ret_from_fork+0xa/0x30 [653.323887] escribe en 0x000000017f5871b8 de 8 bytes por tarea 576 en la CPU 3: [653.323906] [btrfs] [653.324699] btrfs_add_delayed_data_ref+0x468/0x6d8 [btrfs] [653.325494] btrfs_free_extent+0x76/0x120 [btrfs] [653.326280] __btrfs_mod_ref+0x6a8/0x6b8 [btrfs] [653.327064] btrfs_dec_ref+0x50/0x70 [btrfs] [653.327849] 236/0xa50 [btrfs] [653.328633] walk_up_tree+0x21c/0x448 [ btrfs] [653.329418] btrfs_drop_snapshot+0x802/0x1328 [btrfs] [653.330205] btrfs_clean_one_deleted_snapshot+0x184/0x238 [btrfs] [653.330995] clean_kthread+0x2b0/0x2f0 [ btrfs] [653.331781] kthread+0x21a/0x230 [653.331800] __ret_from_fork+0x6c/ 0xb8 [653.331818] ret_from_fork+0xa/0x30 Entonces agregue un ayudante para obtener el tama\u00f1o de una reserva de bloque mientras mantiene el bloqueo. Se utiliza la lectura del campo mientras se mantiene presionado el candado en lugar de usar la anotaci\u00f3n data_race() para evitar el desgarro de la carga." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26905.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26905.json index 9797f2ec353..5a2bce2f596 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26905.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26905.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix data races when accessing the reserved amount of block reserves\n\nAt space_info.c we have several places where we access the ->reserved\nfield of a block reserve without taking the block reserve's spinlock\nfirst, which makes KCSAN warn about a data race since that field is\nalways updated while holding the spinlock.\n\nThe reports from KCSAN are like the following:\n\n [117.193526] BUG: KCSAN: data-race in btrfs_block_rsv_release [btrfs] / need_preemptive_reclaim [btrfs]\n\n [117.195148] read to 0x000000017f587190 of 8 bytes by task 6303 on cpu 3:\n [117.195172] need_preemptive_reclaim+0x222/0x2f0 [btrfs]\n [117.195992] __reserve_bytes+0xbb0/0xdc8 [btrfs]\n [117.196807] btrfs_reserve_metadata_bytes+0x4c/0x120 [btrfs]\n [117.197620] btrfs_block_rsv_add+0x78/0xa8 [btrfs]\n [117.198434] btrfs_delayed_update_inode+0x154/0x368 [btrfs]\n [117.199300] btrfs_update_inode+0x108/0x1c8 [btrfs]\n [117.200122] btrfs_dirty_inode+0xb4/0x140 [btrfs]\n [117.200937] btrfs_update_time+0x8c/0xb0 [btrfs]\n [117.201754] touch_atime+0x16c/0x1e0\n [117.201789] filemap_read+0x674/0x728\n [117.201823] btrfs_file_read_iter+0xf8/0x410 [btrfs]\n [117.202653] vfs_read+0x2b6/0x498\n [117.203454] ksys_read+0xa2/0x150\n [117.203473] __s390x_sys_read+0x68/0x88\n [117.203495] do_syscall+0x1c6/0x210\n [117.203517] __do_syscall+0xc8/0xf0\n [117.203539] system_call+0x70/0x98\n\n [117.203579] write to 0x000000017f587190 of 8 bytes by task 11 on cpu 0:\n [117.203604] btrfs_block_rsv_release+0x2e8/0x578 [btrfs]\n [117.204432] btrfs_delayed_inode_release_metadata+0x7c/0x1d0 [btrfs]\n [117.205259] __btrfs_update_delayed_inode+0x37c/0x5e0 [btrfs]\n [117.206093] btrfs_async_run_delayed_root+0x356/0x498 [btrfs]\n [117.206917] btrfs_work_helper+0x160/0x7a0 [btrfs]\n [117.207738] process_one_work+0x3b6/0x838\n [117.207768] worker_thread+0x75e/0xb10\n [117.207797] kthread+0x21a/0x230\n [117.207830] __ret_from_fork+0x6c/0xb8\n [117.207861] ret_from_fork+0xa/0x30\n\nSo add a helper to get the reserved amount of a block reserve while\nholding the lock. The value may be not be up to date anymore when used by\nneed_preemptive_reclaim() and btrfs_preempt_reclaim_metadata_space(), but\nthat's ok since the worst it can do is cause more reclaim work do be done\nsooner rather than later. Reading the field while holding the lock instead\nof using the data_race() annotation is used in order to prevent load\ntearing." + }, + { + "lang": "es", + "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: btrfs: corrige carreras de datos al acceder a la cantidad reservada de reservas de bloque En space_info.c tenemos varios lugares donde accedemos al campo ->reserved de una reserva de bloque sin tomar la reserva de bloque spinlock primero, lo que hace que KCSAN advierta sobre una carrera de datos ya que ese campo siempre se actualiza mientras se mantiene el spinlock. Los informes de KCSAN son como los siguientes: [117.193526] ERROR: KCSAN: data-race en btrfs_block_rsv_release [btrfs] / need_preemptive_reclaim [btrfs] [117.195148] le\u00eddo en 0x000000017f587190 de 8 bytes por la tarea 6303 en la CPU 3 [117.19: 5172] necesidad_preemptive_reclaim+ 0x222/0x2f0 [btrfs] [117.195992] __reserve_bytes+0xbb0/0xdc8 [btrfs] [117.196807] btrfs_reserve_metadata_bytes+0x4c/0x120 [btrfs] [117.197620] 78/0xa8 [btrfs] [117.198434] btrfs_delayed_update_inode+0x154/0x368 [btrfs] [117.199300] btrfs_update_inode+0x108/0x1c8 [btrfs] [117.200122] btrfs_dirty_inode+0xb4/0x140 [btrfs] [117.200937] btrfs_update_time+0x8c/0xb0 [btrfs] 754] touch_atime+0x16c/0x1e0 [117.201789] filemap_read+0x674/0x728 [ 117.201823] btrfs_file_read_iter+0xf8/0x410 [btrfs] [117.202653] vfs_read+0x2b6/0x498 [117.203454] ksys_read+0xa2/0x150 [117.203473] x68/0x88 [117.203495] do_syscall+0x1c6/0x210 [117.203517] __do_syscall+0xc8/0xf0 [117.203539] system_call+0x70/0x98 [117.203579] escribe en 0x000000017f587190 de 8 bytes por tarea 11 en la CPU 0: [117.203604] btrfs_block_rsv_release+0x2e8/0x578 [btrfs] 32] btrfs_delayed_inode_release_metadata+0x7c/0x1d0 [btrfs] [117.205259] __btrfs_update_delayed_inode +0x37c/0x5e0 [btrfs] [117.206093] btrfs_async_run_delayed_root+0x356/0x498 [btrfs] [117.206917] btrfs_work_helper+0x160/0x7a0 [btrfs] [117.207738] 6/0x838 [117.207768] hilo_trabajador+0x75e/0xb10 [117.207797] khilo+ 0x21a/0x230 [117.207830] __ret_from_fork+0x6c/0xb8 [117.207861] ret_from_fork+0xa/0x30 Entonces agregue un ayudante para obtener la cantidad reservada de una reserva de bloque mientras mantiene el bloqueo. Es posible que el valor ya no est\u00e9 actualizado cuando lo usan need_preemptive_reclaim() y btrfs_preempt_reclaim_metadata_space(), pero est\u00e1 bien ya que lo peor que puede hacer es provocar que se realice m\u00e1s trabajo de recuperaci\u00f3n m\u00e1s temprano que tarde. Se utiliza la lectura del campo mientras se mantiene presionado el candado en lugar de usar la anotaci\u00f3n data_race() para evitar el desgarro de la carga." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26906.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26906.json index c134748cd38..7f63fb7bd68 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26906.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26906.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()\n\nWhen trying to use copy_from_kernel_nofault() to read vsyscall page\nthrough a bpf program, the following oops was reported:\n\n BUG: unable to handle page fault for address: ffffffffff600000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 3231067 P4D 3231067 PUD 3233067 PMD 3235067 PTE 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 PID: 20390 Comm: test_progs ...... 6.7.0+ #58\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) ......\n RIP: 0010:copy_from_kernel_nofault+0x6f/0x110\n ......\n Call Trace:\n \n ? copy_from_kernel_nofault+0x6f/0x110\n bpf_probe_read_kernel+0x1d/0x50\n bpf_prog_2061065e56845f08_do_probe_read+0x51/0x8d\n trace_call_bpf+0xc5/0x1c0\n perf_call_bpf_enter.isra.0+0x69/0xb0\n perf_syscall_enter+0x13e/0x200\n syscall_trace_enter+0x188/0x1c0\n do_syscall_64+0xb5/0xe0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n \n ......\n ---[ end trace 0000000000000000 ]---\n\nThe oops is triggered when:\n\n1) A bpf program uses bpf_probe_read_kernel() to read from the vsyscall\npage and invokes copy_from_kernel_nofault() which in turn calls\n__get_user_asm().\n\n2) Because the vsyscall page address is not readable from kernel space,\na page fault exception is triggered accordingly.\n\n3) handle_page_fault() considers the vsyscall page address as a user\nspace address instead of a kernel space address. This results in the\nfix-up setup by bpf not being applied and a page_fault_oops() is invoked\ndue to SMAP.\n\nConsidering handle_page_fault() has already considered the vsyscall page\naddress as a userspace address, fix the problem by disallowing vsyscall\npage read for copy_from_kernel_nofault()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: x86/mm: no permitir la lectura de la p\u00e1gina vsyscall para copy_from_kernel_nofault() Al intentar usar copy_from_kernel_nofault() para leer la p\u00e1gina vsyscall a trav\u00e9s de un programa bpf, se inform\u00f3 lo siguiente: ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: ffffffffff600000 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente PGD 3231067 P4D 3231067 PUD 3233067 PMD 3235067 PTE 0 Ups: 0000 [#1] PREEMPT SMP PTI CPU: 1 PID: 20390 Comm: test_progs ...... 6.7.0+ #58 Nombre de hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996) ...... RIP: 0010:copy_from_kernel_nofault+0x6f/0x110... ... Seguimiento de llamadas: ? copy_from_kernel_nofault+0x6f/0x110 bpf_probe_read_kernel+0x1d/0x50 bpf_prog_2061065e56845f08_do_probe_read+0x51/0x8d trace_call_bpf+0xc5/0x1c0 perf_call_bpf_enter.isra.0+0x69/0xb 0 perf_syscall_enter+0x13e/0x200 syscall_trace_enter+0x188/0x1c0 do_syscall_64+0xb5/0xe0 Entry_SYSCALL_64_after_hwframe+0x6e/0x76 < /TASK> ...... ---[ end trace 0000000000000000 ]--- Ups se activa cuando: 1) Un programa bpf usa bpf_probe_read_kernel() para leer desde la p\u00e1gina vsyscall e invoca copy_from_kernel_nofault() que a su vez llama __get_user_asm(). 2) Debido a que la direcci\u00f3n de la p\u00e1gina vsyscall no se puede leer desde el espacio del kernel, se activa una excepci\u00f3n de error de p\u00e1gina en consecuencia. 3) handle_page_fault() considera la direcci\u00f3n de la p\u00e1gina vsyscall como una direcci\u00f3n de espacio de usuario en lugar de una direcci\u00f3n de espacio de kernel. Esto da como resultado que no se aplique la configuraci\u00f3n de reparaci\u00f3n mediante bpf y se invoque page_fault_oops() debido a SMAP. Teniendo en cuenta que handle_page_fault() ya ha considerado la direcci\u00f3n de la p\u00e1gina vsyscall como una direcci\u00f3n de espacio de usuario, solucione el problema no permitiendo la lectura de la p\u00e1gina vsyscall para copy_from_kernel_nofault()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26907.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26907.json index 010a56c17af..a5ad85164d1 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26907.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26907.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix fortify source warning while accessing Eth segment\n\n ------------[ cut here ]------------\n memcpy: detected field-spanning write (size 56) of single field \"eseg->inline_hdr.start\" at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 (size 2)\n WARNING: CPU: 0 PID: 293779 at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n Modules linked in: 8021q garp mrp stp llc rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) ib_core(OE) mlx5_core(OE) pci_hyperv_intf mlxdevm(OE) mlx_compat(OE) tls mlxfw(OE) psample nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink mst_pciconf(OE) knem(OE) vfio_pci vfio_pci_core vfio_iommu_type1 vfio iommufd irqbypass cuse nfsv3 nfs fscache netfs xfrm_user xfrm_algo ipmi_devintf ipmi_msghandler binfmt_misc crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel sha512_ssse3 snd_pcsp aesni_intel crypto_simd cryptd snd_pcm snd_timer joydev snd soundcore input_leds serio_raw evbug nfsd auth_rpcgss nfs_acl lockd grace sch_fq_codel sunrpc drm efi_pstore ip_tables x_tables autofs4 psmouse virtio_net net_failover failover floppy\n [last unloaded: mlx_compat(OE)]\n CPU: 0 PID: 293779 Comm: ssh Tainted: G OE 6.2.0-32-generic #32~22.04.1-Ubuntu\n Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\n RIP: 0010:mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n Code: 0c 01 00 a8 01 75 25 48 8b 75 a0 b9 02 00 00 00 48 c7 c2 10 5b fd c0 48 c7 c7 80 5b fd c0 c6 05 57 0c 03 00 01 e8 95 4d 93 da <0f> 0b 44 8b 4d b0 4c 8b 45 c8 48 8b 4d c0 e9 49 fb ff ff 41 0f b7\n RSP: 0018:ffffb5b48478b570 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffb5b48478b628 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: ffffb5b48478b5e8\n R13: ffff963a3c609b5e R14: ffff9639c3fbd800 R15: ffffb5b480475a80\n FS: 00007fc03b444c80(0000) GS:ffff963a3dc00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000556f46bdf000 CR3: 0000000006ac6003 CR4: 00000000003706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \n ? show_regs+0x72/0x90\n ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n ? __warn+0x8d/0x160\n ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n ? report_bug+0x1bb/0x1d0\n ? handle_bug+0x46/0x90\n ? exc_invalid_op+0x19/0x80\n ? asm_exc_invalid_op+0x1b/0x20\n ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n mlx5_ib_post_send_nodrain+0xb/0x20 [mlx5_ib]\n ipoib_send+0x2ec/0x770 [ib_ipoib]\n ipoib_start_xmit+0x5a0/0x770 [ib_ipoib]\n dev_hard_start_xmit+0x8e/0x1e0\n ? validate_xmit_skb_list+0x4d/0x80\n sch_direct_xmit+0x116/0x3a0\n __dev_xmit_skb+0x1fd/0x580\n __dev_queue_xmit+0x284/0x6b0\n ? _raw_spin_unlock_irq+0xe/0x50\n ? __flush_work.isra.0+0x20d/0x370\n ? push_pseudo_header+0x17/0x40 [ib_ipoib]\n neigh_connected_output+0xcd/0x110\n ip_finish_output2+0x179/0x480\n ? __smp_call_single_queue+0x61/0xa0\n __ip_finish_output+0xc3/0x190\n ip_finish_output+0x2e/0xf0\n ip_output+0x78/0x110\n ? __pfx_ip_finish_output+0x10/0x10\n ip_local_out+0x64/0x70\n __ip_queue_xmit+0x18a/0x460\n ip_queue_xmit+0x15/0x30\n __tcp_transmit_skb+0x914/0x9c0\n tcp_write_xmit+0x334/0x8d0\n tcp_push_one+0x3c/0x60\n tcp_sendmsg_locked+0x2e1/0xac0\n tcp_sendmsg+0x2d/0x50\n inet_sendmsg+0x43/0x90\n sock_sendmsg+0x68/0x80\n sock_write_iter+0x93/0x100\n vfs_write+0x326/0x3c0\n ksys_write+0xbd/0xf0\n ? do_syscall_64+0x69/0x90\n __x64_sys_write+0x19/0x30\n do_syscall_\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: RDMA/mlx5: corrige la advertencia de fuente de fortify al acceder al segmento Eth ------------[ cortar aqu\u00ed ]---------- -- memcpy: se detect\u00f3 escritura que abarca todos los campos (tama\u00f1o 56) de un solo campo \"eseg->inline_hdr.start\" en /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/ wr.c:131 (tama\u00f1o 2) ADVERTENCIA: CPU: 0 PID: 293779 en /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 mlx5_ib_post_send+ 0x191b/0x1a60 [mlx5_ib] M\u00f3dulos vinculados en: 8021q garp mrp stp llc rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) ib_core(OE) ) mlx5_core(OE) pci_hyperv_intf mlxdevm(OE) mlx_compat(OE) tls mlxfw(OE) psample nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink mst_pciconf(OE) knem(OE) vfio_pci vfio_pci_core vfio_iommu_type1 vfio iommufd irqbypass cuse nfsv3 nfs fscache netfs xfrm_user xfrm_algo ipmi_devintf ipmi_msghandler binfmt_misc crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel sha512_ssse3 snd_pcsp aesni_intel simd cryptd snd_pcm snd_timer joydev snd soundcore input_leds serio_raw evbug nfsd auth_rpcgss nfs_acl lockd gracia sch_fq_codel sunrpc drm efi_pstore ip_tables x_tables autofs4 psmouse virtio_net net_failover disquete de conmutaci\u00f3n por error [\u00faltima descarga : mlx_compat(OE)] CPU: 0 PID: 293779 Comm: ssh Contaminado: G OE 6.2.0-32-generic #32~22.04.1-Ubuntu Nombre de hardware: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] C\u00f3digo: 0c 01 00 a8 01 75 25 48 8b 75 a0 b9 02 00 00 00 48 c7 c2 10 5b fd c0 48 c7 c7 80 5b fd c0 05 57 0c 03 00 01 e8 95 4d 93 da <0f> 0b 44 8b 4d b0 4c 8b 45 c8 48 8b 4d c0 e9 49 fb ff ff 41 0f b7 RSP: 0018:ffffb5b48478b570 EFLAGS: 00010046 RAX: 0000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffb5b48478b628 R08: 0000000000000000 R09: 00000000000000000 R10: 0000000000000000 R11 : 0000000000000000 R12: ffffb5b48478b5e8 R13: ffff963a3c609b5e R14: ffff9639c3fbd800 R15: ffffb5b480475a80 FS: 00007fc03b444c80(0000) 63a3dc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000556f46bdf000 CR3: 0000000006ac6003 CR4: 00000000003706f0 DR0: 0000000000000000 DR1: 00000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas: ? show_regs+0x72/0x90? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] ? __advertir+0x8d/0x160 ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] ? report_bug+0x1bb/0x1d0? handle_bug+0x46/0x90? exc_invalid_op+0x19/0x80? asm_exc_invalid_op+0x1b/0x20? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] mlx5_ib_post_send_nodrain+0xb/0x20 [mlx5_ib] ipoib_send+0x2ec/0x770 [ib_ipoib] ipoib_start_xmit+0x5a0/0x770 [ib_ipoib] 8e/0x1e0 ? validar_xmit_skb_list+0x4d/0x80 sch_direct_xmit+0x116/0x3a0 __dev_xmit_skb+0x1fd/0x580 __dev_queue_xmit+0x284/0x6b0 ? _raw_spin_unlock_irq+0xe/0x50 ? __flush_work.isra.0+0x20d/0x370 ? push_pseudo_header+0x17/0x40 [ib_ipoib] neigh_connected_output+0xcd/0x110 ip_finish_output2+0x179/0x480 ? __smp_call_single_queue+0x61/0xa0 __ip_finish_output+0xc3/0x190 ip_finish_output+0x2e/0xf0 ip_output+0x78/0x110 ? __pfx_ip_finish_output+0x10/0x10 ip_local_out+0x64/0x70 __ip_queue_xmit+0x18a/0x460 ip_queue_xmit+0x15/0x30 __tcp_transmit_skb+0x914/0x9c0 tcp_write_xmit+0x334/0x8d0 _push_one+0x3c/0x60 tcp_sendmsg_locked+0x2e1/0xac0 tcp_sendmsg+0x2d/0x50 inet_sendmsg+0x43/0x90 sock_sendmsg+0x68/0x80 sock_write_iter+0x93/0x100 vfs_write+0x326/0x3c0 ksys_write+0xbd/0xf0 ? do_syscall_64+0x69/0x90 __x64_sys_write+0x19/0x30 do_syscall_ ---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26908.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26908.json index e24c0486203..feb946275ea 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26908.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26908.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/xen: Add some null pointer checking to smp.c\n\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: x86/xen: agregue alguna verificaci\u00f3n de puntero nulo a smp.c kasprintf() devuelve un puntero a la memoria asignada din\u00e1micamente que puede ser NULL en caso de falla. Aseg\u00farese de que la asignaci\u00f3n se haya realizado correctamente comprobando la validez del puntero." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26909.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26909.json index 7e90e624cfc..85fca33bb76 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26909.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26909.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pmic_glink_altmode: fix drm bridge use-after-free\n\nA recent DRM series purporting to simplify support for \"transparent\nbridges\" and handling of probe deferrals ironically exposed a\nuse-after-free issue on pmic_glink_altmode probe deferral.\n\nThis has manifested itself as the display subsystem occasionally failing\nto initialise and NULL-pointer dereferences during boot of machines like\nthe Lenovo ThinkPad X13s.\n\nSpecifically, the dp-hpd bridge is currently registered before all\nresources have been acquired which means that it can also be\nderegistered on probe deferrals.\n\nIn the meantime there is a race window where the new aux bridge driver\n(or PHY driver previously) may have looked up the dp-hpd bridge and\nstored a (non-reference-counted) pointer to the bridge which is about to\nbe deallocated.\n\nWhen the display controller is later initialised, this triggers a\nuse-after-free when attaching the bridges:\n\n\tdp -> aux -> dp-hpd (freed)\n\nwhich may, for example, result in the freed bridge failing to attach:\n\n\t[drm:drm_bridge_attach [drm]] *ERROR* failed to attach bridge /soc@0/phy@88eb000 to encoder TMDS-31: -16\n\nor a NULL-pointer dereference:\n\n\tUnable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n\t...\n\tCall trace:\n\t drm_bridge_attach+0x70/0x1a8 [drm]\n\t drm_aux_bridge_attach+0x24/0x38 [aux_bridge]\n\t drm_bridge_attach+0x80/0x1a8 [drm]\n\t dp_bridge_init+0xa8/0x15c [msm]\n\t msm_dp_modeset_init+0x28/0xc4 [msm]\n\nThe DRM bridge implementation is clearly fragile and implicitly built on\nthe assumption that bridges may never go away. In this case, the fix is\nto move the bridge registration in the pmic_glink_altmode driver to\nafter all resources have been looked up.\n\nIncidentally, with the new dp-hpd bridge implementation, which registers\nchild devices, this is also a requirement due to a long-standing issue\nin driver core that can otherwise lead to a probe deferral loop (see\ncommit fbc35b45f9f6 (\"Add documentation on meaning of -EPROBE_DEFER\")).\n\n[DB: slightly fixed commit message by adding the word 'commit']" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free Una serie reciente de DRM que pretende simplificar el soporte para \"puentes transparentes\" y el manejo de aplazamientos de sonda expuso ir\u00f3nicamente un uso posterior -Problema gratuito en el aplazamiento de la sonda pmic_glink_altmode. Esto se ha manifestado como que el subsistema de visualizaci\u00f3n ocasionalmente falla al inicializarse y se eliminan las referencias del puntero NULL durante el arranque de m\u00e1quinas como la Lenovo ThinkPad X13s. Espec\u00edficamente, el puente dp-hpd actualmente est\u00e1 registrado antes de que se hayan adquirido todos los recursos, lo que significa que tambi\u00e9n se puede cancelar su registro en caso de aplazamientos de sonda. Mientras tanto, hay una ventana de carrera donde el nuevo controlador del puente auxiliar (o el controlador PHY anteriormente) puede haber buscado el puente dp-hpd y almacenado un puntero (sin recuento de referencias) al puente que est\u00e1 a punto de ser desasignado. Cuando el controlador de pantalla se inicializa posteriormente, esto activa un use-after-free al conectar los puentes: dp -> aux -> dp-hpd (liberado) que puede, por ejemplo, provocar que el puente liberado no se pueda conectar: [drm :drm_bridge_attach [drm]] *ERROR* no se pudo adjuntar el puente /soc@0/phy@88eb000 al codificador TMDS-31: -16 o una desreferencia de puntero NULL: no se puede manejar la desreferencia de puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000000... Seguimiento de llamadas: drm_bridge_attach+0x70/0x1a8 [drm] drm_aux_bridge_attach+0x24/0x38 [aux_bridge] drm_bridge_attach+0x80/0x1a8 [drm] dp_bridge_init+0xa8/0x15c [msm] msm_dp_modeset_init+0x28/0xc4 [msm] El puente DRM la implementaci\u00f3n es claramente fr\u00e1gil e impl\u00edcitamente construido sobre el supuesto de que es posible que los puentes nunca desaparezcan. En este caso, la soluci\u00f3n es mover el registro del puente en el controlador pmic_glink_altmode despu\u00e9s de que se hayan buscado todos los recursos. Por cierto, con la nueva implementaci\u00f3n del puente dp-hpd, que registra dispositivos secundarios, esto tambi\u00e9n es un requisito debido a un problema de larga data en el n\u00facleo del controlador que, de lo contrario, puede provocar un bucle de aplazamiento de la sonda (consulte el compromiso fbc35b45f9f6 (\"Agregar documentaci\u00f3n sobre el significado de -EPROBE_DEFER\")). [DB: mensaje de confirmaci\u00f3n ligeramente corregido agregando la palabra 'compromiso']" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26910.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26910.json index cd7aed4fb05..f4ede9a8fee 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26910.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26910.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: fix performance regression in swap operation\n\nThe patch \"netfilter: ipset: fix race condition between swap/destroy\nand kernel side add/del/test\", commit 28628fa9 fixes a race condition.\nBut the synchronize_rcu() added to the swap function unnecessarily slows\nit down: it can safely be moved to destroy and use call_rcu() instead.\n\nEric Dumazet pointed out that simply calling the destroy functions as\nrcu callback does not work: sets with timeout use garbage collectors\nwhich need cancelling at destroy which can wait. Therefore the destroy\nfunctions are split into two: cancelling garbage collectors safely at\nexecuting the command received by netlink and moving the remaining\npart only into the rcu callback." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: ipset: corrige la regresi\u00f3n de rendimiento en la operaci\u00f3n de intercambio El parche \"netfilter: ipset: corrige la condici\u00f3n de ejecuci\u00f3n entre swap/destroy y add/del/test del lado del kernel\", commit 28628fa9 corrige un condici\u00f3n de ejecuci\u00f3n. Pero elsync_rcu() agregado a la funci\u00f3n swap la ralentiza innecesariamente: se puede mover con seguridad para destruir y usar call_rcu() en su lugar. Eric Dumazet se\u00f1al\u00f3 que simplemente llamar a las funciones de destrucci\u00f3n como devoluci\u00f3n de llamada de rcu no funciona: los conjuntos con tiempo de espera usan recolectores de basura que necesitan cancelarse en la destrucci\u00f3n y que pueden esperar. Por lo tanto, las funciones de destrucci\u00f3n se dividen en dos: cancelar los recolectores de basura de forma segura al ejecutar el comando recibido por netlink y mover la parte restante solo a la devoluci\u00f3n de llamada de rcu." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26911.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26911.json index 6fd56e5e191..1dad0da87c8 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26911.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26911.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/buddy: Fix alloc_range() error handling code\n\nFew users have observed display corruption when they boot\nthe machine to KDE Plasma or playing games. We have root\ncaused the problem that whenever alloc_range() couldn't\nfind the required memory blocks the function was returning\nSUCCESS in some of the corner cases.\n\nThe right approach would be if the total allocated size\nis less than the required size, the function should\nreturn -ENOSPC." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/buddy: corrige el c\u00f3digo de manejo de errores alloc_range() Pocos usuarios han observado da\u00f1os en la pantalla cuando inician la m\u00e1quina en KDE Plasma o juegan juegos. Hemos causado el problema de que cada vez que alloc_range() no pod\u00eda encontrar los bloques de memoria requeridos, la funci\u00f3n devolv\u00eda \u00c9XITO en algunos de los casos de esquina. El enfoque correcto ser\u00eda que si el tama\u00f1o total asignado es menor que el tama\u00f1o requerido, la funci\u00f3n deber\u00eda devolver -ENOSPC." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26912.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26912.json index 017cebc1e42..f4975803b4a 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26912.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26912.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: fix several DMA buffer leaks\n\nNouveau manages GSP-RM DMA buffers with nvkm_gsp_mem objects. Several of\nthese buffers are never dealloced. Some of them can be deallocated\nright after GSP-RM is initialized, but the rest need to stay until the\ndriver unloads.\n\nAlso futher bullet-proof these objects by poisoning the buffer and\nclearing the nvkm_gsp_mem object when it is deallocated. Poisoning\nthe buffer should trigger an error (or crash) from GSP-RM if it tries\nto access the buffer after we've deallocated it, because we were wrong\nabout when it is safe to deallocate.\n\nFinally, change the mem->size field to a size_t because that's the same\ntype that dma_alloc_coherent expects." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/nouveau: corrige varias fugas del b\u00fafer DMA Nouveau administra los buffers DMA GSP-RM con objetos nvkm_gsp_mem. Varios de estos b\u00faferes nunca se desasignan. Algunos de ellos se pueden desasignar inmediatamente despu\u00e9s de que se inicializa GSP-RM, pero el resto debe permanecer hasta que se descargue el controlador. Tambi\u00e9n proteja a\u00fan m\u00e1s estos objetos envenenando el b\u00fafer y limpiando el objeto nvkm_gsp_mem cuando se desasigna. El envenenamiento del b\u00fafer deber\u00eda provocar un error (o bloqueo) de GSP-RM si intenta acceder al b\u00fafer despu\u00e9s de haberlo desasignado, porque nos equivocamos acerca de cu\u00e1ndo es seguro desasignarlo. Finalmente, cambie el campo mem->size a size_t porque es el mismo tipo que espera dma_alloc_coherent." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26913.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26913.json index 42a3deeabea..3a363cbb921 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26913.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26913.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue\n\n[why]\nodm calculation is missing for pipe split policy determination\nand cause Underflow/Corruption issue.\n\n[how]\nAdd the odm calculation." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/amd/display: solucione el problema de corrupci\u00f3n/desbordamiento de dcn35 8k30 [por qu\u00e9] falta el c\u00e1lculo de odm para la determinaci\u00f3n de la pol\u00edtica de divisi\u00f3n de tuber\u00edas y causa un problema de corrupci\u00f3n/desbordamiento. [c\u00f3mo] Agregue el c\u00e1lculo de odm." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26914.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26914.json index 42e56fd8d39..ac162655916 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26914.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26914.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix incorrect mpc_combine array size\n\n[why]\nMAX_SURFACES is per stream, while MAX_PLANES is per asic. The\nmpc_combine is an array that records all the planes per asic. Therefore\nMAX_PLANES should be used as the array size. Using MAX_SURFACES causes\narray overflow when there are more than 3 planes.\n\n[how]\nUse the MAX_PLANES for the mpc_combine array size." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/amd/display: corrige el tama\u00f1o incorrecto de la matriz mpc_combine [por qu\u00e9] MAX_SURFACES es por flujo, mientras que MAX_PLANES es por asic. mpc_combine es una matriz que registra todos los planos por asic. Por lo tanto, se debe utilizar MAX_PLANES como tama\u00f1o de matriz. El uso de MAX_SURFACES provoca el desbordamiento de la matriz cuando hay m\u00e1s de 3 planos. [c\u00f3mo] Utilice MAX_PLANES para el tama\u00f1o de matriz mpc_combine." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26915.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26915.json index 9faaa093e10..9163513136a 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26915.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26915.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Reset IH OVERFLOW_CLEAR bit\n\nAllows us to detect subsequent IH ring buffer overflows as well." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: Restablecer el bit IH OVERFLOW_CLEAR Tambi\u00e9n nos permite detectar desbordamientos posteriores del b\u00fafer en anillo IH." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26916.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26916.json index f4c9e68f479..31aa366d8fa 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26916.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26916.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/amd: flush any delayed gfxoff on suspend entry\"\n\ncommit ab4750332dbe (\"drm/amdgpu/sdma5.2: add begin/end_use ring\ncallbacks\") caused GFXOFF control to be used more heavily and the\ncodepath that was removed from commit 0dee72639533 (\"drm/amd: flush any\ndelayed gfxoff on suspend entry\") now can be exercised at suspend again.\n\nUsers report that by using GNOME to suspend the lockscreen trigger will\ncause SDMA traffic and the system can deadlock.\n\nThis reverts commit 0dee726395333fea833eaaf838bc80962df886c8." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: Revertir \"drm/amd: eliminar cualquier gfxoff retrasado al suspender la entrada\" commit ab4750332dbe (\"drm/amdgpu/sdma5.2: agregar devoluciones de llamada de anillo de inicio/fin de uso\") provoc\u00f3 que el control de GFXOFF se utilizar\u00e1 m\u00e1s intensamente y la ruta de c\u00f3digo que se elimin\u00f3 del commit 0dee72639533 (\"drm/amd: eliminar cualquier gfxoff retrasado al suspender la entrada\") ahora se puede ejercer nuevamente en suspensi\u00f3n. Los usuarios informan que al usar GNOME para suspender el activador de la pantalla de bloqueo provocar\u00e1 tr\u00e1fico SDMA y el sistema puede bloquearse. Esto revierte el commit 0dee726395333fea833eaaf838bc80962df886c8." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26917.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26917.json index f68c2fdd0a6..d5e4a620857 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26917.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26917.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: Revert \"scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock\"\n\nThis reverts commit 1a1975551943f681772720f639ff42fbaa746212.\n\nThis commit causes interrupts to be lost for FCoE devices, since it changed\nsping locks from \"bh\" to \"irqsave\".\n\nInstead, a work queue should be used, and will be addressed in a separate\ncommit." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: scsi: Revertir \"scsi: fcoe: Reparar posible punto muerto en &fip->ctlr_lock\" Esto revierte el commit 1a1975551943f681772720f639ff42fbaa746212. Este commit provoca que se pierdan las interrupciones para los dispositivos FCoE, ya que cambi\u00f3 los bloqueos de sping de \"bh\" a \"irqsave\". En su lugar, se debe utilizar una cola de trabajo, que se abordar\u00e1 en un commit separado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26918.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26918.json index 3861617e313..b461608f0ac 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26918.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26918.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Fix active state requirement in PME polling\n\nThe commit noted in fixes added a bogus requirement that runtime PM managed\ndevices need to be in the RPM_ACTIVE state for PME polling. In fact, only\ndevices in low power states should be polled.\n\nHowever there's still a requirement that the device config space must be\naccessible, which has implications for both the current state of the polled\ndevice and the parent bridge, when present. It's not sufficient to assume\nthe bridge remains in D0 and cases have been observed where the bridge\npasses the D0 test, but the PM state indicates RPM_SUSPENDING and config\nspace of the polled device becomes inaccessible during pci_pme_wakeup().\n\nTherefore, since the bridge is already effectively required to be in the\nRPM_ACTIVE state, formalize this in the code and elevate the PM usage count\nto maintain the state while polling the subordinate device.\n\nThis resolves a regression reported in the bugzilla below where a\nThunderbolt/USB4 hierarchy fails to scan for an attached NVMe endpoint\ndownstream of a bridge in a D3hot power state." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: PCI: corrige el requisito de estado activo en el sondeo de PME. La confirmaci\u00f3n observada en las correcciones agreg\u00f3 un requisito falso de que los dispositivos administrados por PM en tiempo de ejecuci\u00f3n deben estar en el estado RPM_ACTIVE para el sondeo de PME. De hecho, s\u00f3lo se deben sondear los dispositivos en estados de bajo consumo de energ\u00eda. Sin embargo, todav\u00eda existe el requisito de que se pueda acceder al espacio de configuraci\u00f3n del dispositivo, lo que tiene implicaciones tanto para el estado actual del dispositivo sondeado como para el puente principal, cuando est\u00e9 presente. No es suficiente asumir que el puente permanece en D0 y se han observado casos en los que el puente pasa la prueba D0, pero el estado PM indica RPM_SUSPENDING y el espacio de configuraci\u00f3n del dispositivo sondeado se vuelve inaccesible durante pci_pme_wakeup(). Por lo tanto, dado que ya se requiere que el puente est\u00e9 en el estado RPM_ACTIVE, formalice esto en el c\u00f3digo y eleve el recuento de uso de PM para mantener el estado mientras se sondea el dispositivo subordinado. Esto resuelve una regresi\u00f3n reportada en el bugzilla a continuaci\u00f3n donde una jerarqu\u00eda Thunderbolt/USB4 no puede buscar un endpoint NVMe conectado aguas abajo de un puente en un estado de energ\u00eda D3hot." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-26xx/CVE-2024-2659.json b/CVE-2024/CVE-2024-26xx/CVE-2024-2659.json index f039d4b0445..b81bee7b08b 100644 --- a/CVE-2024/CVE-2024-26xx/CVE-2024-2659.json +++ b/CVE-2024/CVE-2024-26xx/CVE-2024-2659.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "\nA command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administrative function.\n\n" + }, + { + "lang": "es", + "value": "Se identific\u00f3 una vulnerabilidad de inyecci\u00f3n de comandos en SMM/SMM2 y FPC que podr\u00eda permitir que un usuario autenticado con privilegios elevados ejecute comandos del sistema al realizar una funci\u00f3n administrativa espec\u00edfica." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27306.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27306.json index 7a3bd3c09ad..d836ae143ce 100644 --- a/CVE-2024/CVE-2024-273xx/CVE-2024-27306.json +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27306.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected. Other users can disable `show_index` if unable to upgrade." + }, + { + "lang": "es", + "value": "aiohttp es un framework cliente/servidor HTTP as\u00edncrono para asyncio y Python. Existe una vulnerabilidad XSS en las p\u00e1ginas de \u00edndice para el manejo de archivos est\u00e1ticos. Esta vulnerabilidad se solucion\u00f3 en 3.9.4. Siempre hemos recomendado utilizar un servidor proxy inverso (por ejemplo, nginx) para servir archivos est\u00e1ticos. Los usuarios que sigan la recomendaci\u00f3n no se ver\u00e1n afectados. Otros usuarios pueden desactivar `show_index` si no pueden actualizar." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-27xx/CVE-2024-2796.json b/CVE-2024/CVE-2024-27xx/CVE-2024-2796.json index c353bc93735..c202522e4a7 100644 --- a/CVE-2024/CVE-2024-27xx/CVE-2024-2796.json +++ b/CVE-2024/CVE-2024-27xx/CVE-2024-2796.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "A server-side request forgery (SSRF) was discovered in the Akana Community Manager Developer Portal in versions prior to and including 2022.1.3. Reported by Jakob Antonsson.\n\n" + }, + { + "lang": "es", + "value": "Se descubri\u00f3 server-side request forgery (SSRF) en Akana Community Manager Developer Portal en versiones anteriores a la 2022.1.3 incluida. Reportado por Jakob Antonsson." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-280xx/CVE-2024-28056.json b/CVE-2024/CVE-2024-280xx/CVE-2024-28056.json index f7f250ee710..fb73a791790 100644 --- a/CVE-2024/CVE-2024-280xx/CVE-2024-28056.json +++ b/CVE-2024/CVE-2024-280xx/CVE-2024-28056.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but \"Effect\":\"Allow\" remains present, and consequently sts:AssumeRoleWithWebIdentity would be available to threat actors with no conditions. Thus, if Amplify CLI had been used to remove the Authentication component from a project built between August 2019 and January 2024, an \"assume role\" may have occurred, and may have been leveraged to obtain unauthorized access to an organization's AWS resources. NOTE: the problem could only occur if an authorized AWS user removed an Authentication component. (The vulnerability did not give a threat actor the ability to remove an Authentication component.) However, in realistic situations, an authorized AWS user may have removed an Authentication component, e.g., if the objective were to stop using built-in Cognito resources, or move to a completely different identity provider." + }, + { + "lang": "es", + "value": "La CLI de Amazon AWS Amplify anterior a 12.10.1 configura incorrectamente la pol\u00edtica de confianza de roles de los roles de IAM asociados con proyectos de Amplify. Cuando se elimina el componente Autenticaci\u00f3n de un proyecto de Amplify, se elimina una propiedad Condici\u00f3n, pero \"Efecto\": \"Permitir\" permanece presente y, en consecuencia, sts:AssumeRoleWithWebIdentity estar\u00eda disponible para los actores de amenazas sin condiciones. Por lo tanto, si se hubiera utilizado la CLI de Amplify para eliminar el componente de autenticaci\u00f3n de un proyecto creado entre agosto de 2019 y enero de 2024, es posible que se haya producido una \"asumici\u00f3n de rol\" y que se haya aprovechado para obtener acceso no autorizado a los recursos de AWS de una organizaci\u00f3n. NOTA: el problema solo podr\u00eda ocurrir si un usuario autorizado de AWS elimin\u00f3 un componente de autenticaci\u00f3n. (La vulnerabilidad no le dio al actor de amenazas la capacidad de eliminar un componente de autenticaci\u00f3n). Sin embargo, en situaciones realistas, un usuario autorizado de AWS puede haber eliminado un componente de autenticaci\u00f3n, por ejemplo, si el objetivo fuera dejar de usar los recursos integrados de Cognito, o cambiar a un proveedor de identidad completamente diferente." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-280xx/CVE-2024-28073.json b/CVE-2024/CVE-2024-280xx/CVE-2024-28073.json index 58b184500fb..69a2e4c6789 100644 --- a/CVE-2024/CVE-2024-280xx/CVE-2024-28073.json +++ b/CVE-2024/CVE-2024-280xx/CVE-2024-28073.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability requires a highly privileged account to be exploited.\n" + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que SolarWinds Serv-U era susceptible a una vulnerabilidad de Directory Traversal Remote Code. Esta vulnerabilidad requiere una cuenta con privilegios elevados para poder explotarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-280xx/CVE-2024-28099.json b/CVE-2024/CVE-2024-280xx/CVE-2024-28099.json index 360e1bf3965..9b40e0d106e 100644 --- a/CVE-2024/CVE-2024-280xx/CVE-2024-28099.json +++ b/CVE-2024/CVE-2024-280xx/CVE-2024-28099.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application." + }, + { + "lang": "es", + "value": "VT STUDIO Ver.8.32 y anteriores contienen un problema con la ruta de b\u00fasqueda de DLL, lo que puede provocar que se carguen bibliotecas de v\u00ednculos din\u00e1micos de forma insegura. Como resultado, se puede ejecutar c\u00f3digo arbitrario con los privilegios de la aplicaci\u00f3n en ejecuci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-281xx/CVE-2024-28185.json b/CVE-2024/CVE-2024-281xx/CVE-2024-28185.json index 5cb6ffd1e6b..398e15049ea 100644 --- a/CVE-2024/CVE-2024-281xx/CVE-2024-28185.json +++ b/CVE-2024/CVE-2024-281xx/CVE-2024-28185.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. When executing a submission, Judge0 writes a `run_script` to the sandbox directory. The security issue is that an attacker can create a symbolic link (symlink) at the path `run_script` before this code is executed, resulting in the `f.write` writing to an arbitrary file on the unsandboxed system. An attacker can leverage this vulnerability to overwrite scripts on the system and gain code execution outside of the sandbox.\n" + }, + { + "lang": "es", + "value": "Judge0 es un sistema de ejecuci\u00f3n de c\u00f3digo en l\u00ednea de c\u00f3digo abierto. La aplicaci\u00f3n no tiene en cuenta los enlaces simb\u00f3licos colocados dentro del directorio de la zona de pruebas, que un atacante puede aprovechar para escribir en archivos arbitrarios y obtener la ejecuci\u00f3n de c\u00f3digo fuera de la zona de pruebas. Al ejecutar un env\u00edo, Judge0 escribe un `run_script` en el directorio sandbox. El problema de seguridad es que un atacante puede crear un enlace simb\u00f3lico (enlace simb\u00f3lico) en la ruta `run_script` antes de que se ejecute este c\u00f3digo, lo que da como resultado que `f.write` escriba en un archivo arbitrario en el sistema sin espacio aislado. Un atacante puede aprovechar esta vulnerabilidad para sobrescribir scripts en el sistema y obtener la ejecuci\u00f3n del c\u00f3digo fuera del entorno limitado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-281xx/CVE-2024-28189.json b/CVE-2024/CVE-2024-281xx/CVE-2024-28189.json index 9a0bf6ad640..ceabee27d23 100644 --- a/CVE-2024/CVE-2024-281xx/CVE-2024-28189.json +++ b/CVE-2024/CVE-2024-281xx/CVE-2024-28189.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link (symlink) to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside of the sandbox. This vulnerability is not impactful on it's own, but it can be used to bypass the patch for CVE-2024-28185 and obtain a complete sandbox escape. This vulnerability is fixed in 1.13.1." + }, + { + "lang": "es", + "value": "Judge0 es un sistema de ejecuci\u00f3n de c\u00f3digo en l\u00ednea de c\u00f3digo abierto. La aplicaci\u00f3n utiliza el comando chown de UNIX en un archivo que no es de confianza dentro del entorno limitado. Un atacante puede abusar de esto creando un enlace simb\u00f3lico (enlace simb\u00f3lico) a un archivo fuera del entorno sandbox, lo que le permite ejecutar chown en archivos arbitrarios fuera del entorno sandbox. Esta vulnerabilidad no tiene un impacto por s\u00ed sola, pero se puede utilizar para omitir el parche CVE-2024-28185 y obtener un escape completo de la zona de pruebas. Esta vulnerabilidad se solucion\u00f3 en 1.13.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-288xx/CVE-2024-28894.json b/CVE-2024/CVE-2024-288xx/CVE-2024-28894.json index 051e0c2ce4e..19d99312a2b 100644 --- a/CVE-2024/CVE-2024-288xx/CVE-2024-28894.json +++ b/CVE-2024/CVE-2024-288xx/CVE-2024-28894.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 headers exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted packet." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de lectura fuera de los l\u00edmites causada por una verificaci\u00f3n incorrecta de los valores de longitud de las opciones en los encabezados IPv6 en la serie de redes TCP/IP del middleware Cente, que puede permitir que un atacante no autenticado detenga las operaciones del dispositivo enviando un paquete especialmente manipulado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-289xx/CVE-2024-28957.json b/CVE-2024/CVE-2024-289xx/CVE-2024-28957.json index 0ffd13ca216..1cc766b4a17 100644 --- a/CVE-2024/CVE-2024-289xx/CVE-2024-28957.json +++ b/CVE-2024/CVE-2024-289xx/CVE-2024-28957.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device." + }, + { + "lang": "es", + "value": "Existe un problema de generaci\u00f3n de identificadores predecibles en la serie de redes TCP/IP del middleware Cente. Si se explota esta vulnerabilidad, un atacante remoto no autenticado puede interferir en las comunicaciones al predecir algunos ID de encabezado de paquete del dispositivo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-290xx/CVE-2024-29021.json b/CVE-2024/CVE-2024-290xx/CVE-2024-29021.json index ae5f128bdf6..0adcd59a297 100644 --- a/CVE-2024/CVE-2024-290xx/CVE-2024-29021.json +++ b/CVE-2024/CVE-2024-290xx/CVE-2024-29021.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Judge0 is an open-source online code execution system. The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server Side Request Forgery (SSRF). This allows an attacker with sufficient access to the Judge0 API to obtain unsandboxed code execution as root on the target machine. This vulnerability is fixed in 1.13.1.\n" + }, + { + "lang": "es", + "value": "Judge0 es un sistema de ejecuci\u00f3n de c\u00f3digo en l\u00ednea de c\u00f3digo abierto. La configuraci\u00f3n predeterminada de Judge0 deja al servicio vulnerable a un escape de la zona de pruebas a trav\u00e9s de Server Side Request Forgery (SSRF). Esto permite a un atacante con suficiente acceso a la API Judge0 obtener la ejecuci\u00f3n de c\u00f3digo sin espacio aislado como root en la m\u00e1quina de destino. Esta vulnerabilidad se solucion\u00f3 en 1.13.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-290xx/CVE-2024-29035.json b/CVE-2024/CVE-2024-290xx/CVE-2024-29035.json index 0667eef4300..799a5a2f189 100644 --- a/CVE-2024/CVE-2024-290xx/CVE-2024-29035.json +++ b/CVE-2024/CVE-2024-290xx/CVE-2024-29035.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Umbraco is an ASP.NET CMS. Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. This vulnerability is fixed in 13.1.1." + }, + { + "lang": "es", + "value": "Umbraco es un CMS ASP.NET. Los registros de webhooks fallidos est\u00e1n disponibles cuando la soluci\u00f3n no est\u00e1 en modo de depuraci\u00f3n. Esos registros pueden contener informaci\u00f3n cr\u00edtica. Esta vulnerabilidad se soluciona en 13.1.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-290xx/CVE-2024-29052.json b/CVE-2024/CVE-2024-290xx/CVE-2024-29052.json index 4b836b93867..61fd1870aeb 100644 --- a/CVE-2024/CVE-2024-290xx/CVE-2024-29052.json +++ b/CVE-2024/CVE-2024-290xx/CVE-2024-29052.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2024-04-09T17:15:58.737", "lastModified": "2024-04-10T13:24:00.070", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-290xx/CVE-2024-29053.json b/CVE-2024/CVE-2024-290xx/CVE-2024-29053.json index 3be375287eb..0524c627a97 100644 --- a/CVE-2024/CVE-2024-290xx/CVE-2024-29053.json +++ b/CVE-2024/CVE-2024-290xx/CVE-2024-29053.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2024-04-09T17:15:58.930", "lastModified": "2024-04-10T13:24:00.070", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-290xx/CVE-2024-29054.json b/CVE-2024/CVE-2024-290xx/CVE-2024-29054.json index 928b4386d93..bdb74398c10 100644 --- a/CVE-2024/CVE-2024-290xx/CVE-2024-29054.json +++ b/CVE-2024/CVE-2024-290xx/CVE-2024-29054.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2024-04-09T17:15:59.123", "lastModified": "2024-04-10T13:24:00.070", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-290xx/CVE-2024-29055.json b/CVE-2024/CVE-2024-290xx/CVE-2024-29055.json index 91587646ad0..b08dbf74996 100644 --- a/CVE-2024/CVE-2024-290xx/CVE-2024-29055.json +++ b/CVE-2024/CVE-2024-290xx/CVE-2024-29055.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2024-04-09T17:15:59.320", "lastModified": "2024-04-10T13:24:00.070", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-290xx/CVE-2024-29056.json b/CVE-2024/CVE-2024-290xx/CVE-2024-29056.json index c84499723b4..6db3bea78f0 100644 --- a/CVE-2024/CVE-2024-290xx/CVE-2024-29056.json +++ b/CVE-2024/CVE-2024-290xx/CVE-2024-29056.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2024-04-09T17:15:59.510", "lastModified": "2024-04-10T13:24:00.070", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-290xx/CVE-2024-29061.json b/CVE-2024/CVE-2024-290xx/CVE-2024-29061.json index a4e068f7269..a46e31f8ef1 100644 --- a/CVE-2024/CVE-2024-290xx/CVE-2024-29061.json +++ b/CVE-2024/CVE-2024-290xx/CVE-2024-29061.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2024-04-09T17:15:59.720", "lastModified": "2024-04-10T13:24:00.070", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-290xx/CVE-2024-29062.json b/CVE-2024/CVE-2024-290xx/CVE-2024-29062.json index ca63a5cbb5f..05634015f4c 100644 --- a/CVE-2024/CVE-2024-290xx/CVE-2024-29062.json +++ b/CVE-2024/CVE-2024-290xx/CVE-2024-29062.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2024-04-09T17:15:59.917", "lastModified": "2024-04-10T13:24:00.070", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-292xx/CVE-2024-29218.json b/CVE-2024/CVE-2024-292xx/CVE-2024-29218.json index 20488028f50..5bb4e56a33e 100644 --- a/CVE-2024/CVE-2024-292xx/CVE-2024-29218.json +++ b/CVE-2024/CVE-2024-292xx/CVE-2024-29218.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Out-of-bounds write vulnerability exists in KV STUDIO Ver.11.64 and earlier and KV REPLAY VIEWER Ver.2.64 and earlier, which may lead to information disclosure or arbitrary code execution by having a user of the affected product open a specially crafted file." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de escritura fuera de los l\u00edmites en KV STUDIO Ver.11.64 y anteriores y en KV REPLAY VIEWER Ver.2.64 y anteriores, lo que puede provocar la divulgaci\u00f3n de informaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario al hacer que un usuario del producto afectado abra un archivo especialmente manipulado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-292xx/CVE-2024-29219.json b/CVE-2024/CVE-2024-292xx/CVE-2024-29219.json index 7382e303e9b..6f170475f57 100644 --- a/CVE-2024/CVE-2024-292xx/CVE-2024-29219.json +++ b/CVE-2024/CVE-2024-292xx/CVE-2024-29219.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Out-of-bounds read vulnerability exists in KV STUDIO Ver.11.64 and earlier and KV REPLAY VIEWER Ver.2.64 and earlier, which may lead to information disclosure or arbitrary code execution by having a user of the affected product open a specially crafted file." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de lectura fuera de los l\u00edmites en KV STUDIO Ver.11.64 y anteriores y en KV REPLAY VIEWER Ver.2.64 y anteriores, lo que puede provocar la divulgaci\u00f3n de informaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario al hacer que un usuario del producto afectado abra un archivo especialmente manipulado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-299xx/CVE-2024-29950.json b/CVE-2024/CVE-2024-299xx/CVE-2024-29950.json index fdcf28396d7..9022a1533ab 100644 --- a/CVE-2024/CVE-2024-299xx/CVE-2024-29950.json +++ b/CVE-2024/CVE-2024-299xx/CVE-2024-29950.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash.\nThe vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack.\n" + }, + { + "lang": "es", + "value": "La clase FileTransfer implementada en Brocade SANnav antes de v2.3.1, v2.3.0a, utiliza el esquema de firma ssh-rsa, que tiene un hash SHA-1. La vulnerabilidad podr\u00eda permitir que un atacante remoto y no autenticado realice un ataque de intermediario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-29xx/CVE-2024-2952.json b/CVE-2024/CVE-2024-29xx/CVE-2024-2952.json index 9e179591f3f..cb84b11e7b0 100644 --- a/CVE-2024/CVE-2024-29xx/CVE-2024-2952.json +++ b/CVE-2024/CVE-2024-29xx/CVE-2024-2952.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` parameter from the `tokenizer_config.json` file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious `tokenizer_config.json` files that execute arbitrary code on the server." + }, + { + "lang": "es", + "value": "BerriAI/litellm es vulnerable a Server-Side Template Injection (SSTI) a trav\u00e9s del endpoint `/completions`. La vulnerabilidad surge del m\u00e9todo `hf_chat_template` que procesa el par\u00e1metro `chat_template` del archivo `tokenizer_config.json` a trav\u00e9s del motor de plantillas Jinja sin una sanitizaci\u00f3n adecuada. Los atacantes pueden aprovechar esto creando archivos maliciosos `tokenizer_config.json` que ejecutan c\u00f3digo arbitrario en el servidor." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-302xx/CVE-2024-30219.json b/CVE-2024/CVE-2024-302xx/CVE-2024-30219.json index 5dd0f8e8452..592b531ee38 100644 --- a/CVE-2024/CVE-2024-302xx/CVE-2024-30219.json +++ b/CVE-2024/CVE-2024-302xx/CVE-2024-30219.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Active debug code vulnerability exists in MZK-MF300N all firmware versions. If a logged-in user who knows how to use the debug function accesses the device's management page, an unintended operation may be performed." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de c\u00f3digo de depuraci\u00f3n activa en todas las versiones de firmware del MZK-MF300N. Si un usuario que ha iniciado sesi\u00f3n y sabe c\u00f3mo utilizar la funci\u00f3n de depuraci\u00f3n accede a la p\u00e1gina de administraci\u00f3n del dispositivo, se puede realizar una operaci\u00f3n no deseada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-302xx/CVE-2024-30220.json b/CVE-2024/CVE-2024-302xx/CVE-2024-30220.json index 98759af9bfe..5ae0062c0b9 100644 --- a/CVE-2024/CVE-2024-302xx/CVE-2024-30220.json +++ b/CVE-2024/CVE-2024-302xx/CVE-2024-30220.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Command injection vulnerability in MZK-MF300N all firmware versions allows a network-adjacent unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port." + }, + { + "lang": "es", + "value": "La vulnerabilidad de inyecci\u00f3n de comandos en MZK-MF300N en todas las versiones de firmware permite que un atacante no autenticado adyacente a la red ejecute un comando arbitrario enviando una solicitud especialmente manipulada a un puerto determinado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-302xx/CVE-2024-30253.json b/CVE-2024/CVE-2024-302xx/CVE-2024-30253.json index a02fee700f3..f24ec1f7b76 100644 --- a/CVE-2024/CVE-2024-302xx/CVE-2024-30253.json +++ b/CVE-2024/CVE-2024-302xx/CVE-2024-30253.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with `@solana/web3.js` will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with `@solana/web3.js`, your application/service may crash, resulting in a loss of availability. This vulnerability is fixed in 1.0.1, 1.10.2, 1.11.1, 1.12.1, 1.1.2, 1.13.1, 1.14.1, 1.15.1, 1.16.2, 1.17.1, 1.18.1, 1.19.1, 1.20.3, 1.21.1, 1.22.1, 1.23.1, 1.24.3, 1.25.1, 1.26.1, 1.27.1, 1.28.1, 1.2.8, 1.29.4, 1.30.3, 1.31.1, 1.3.1, 1.32.3, 1.33.1, 1.34.1, 1.35.2, 1.36.1, 1.37.3, 1.38.1, 1.39.2, 1.40.2, 1.41.11, 1.4.1, 1.42.1, 1.43.7, 1.44.4, 1.45.1, 1.46.1, 1.47.5, 1.48.1, 1.49.1, 1.50.2, 1.51.1, 1.5.1, 1.52.1, 1.53.1, 1.54.2, 1.55.1, 1.56.3, 1.57.1, 1.58.1, 1.59.2, 1.60.1, 1.61.2, 1.6.1, 1.62.2, 1.63.2, 1.64.1, 1.65.1, 1.66.6, 1.67.3, 1.68.2, 1.69.1, 1.70.4, 1.71.1, 1.72.1, 1.7.2, 1.73.5, 1.74.1, 1.75.1, 1.76.1, 1.77.4, 1.78.8, 1.79.1, 1.80.1, 1.81.1, 1.8.1, 1.82.1, 1.83.1, 1.84.1, 1.85.1, 1.86.1, 1.87.7, 1.88.1, 1.89.2, 1.90.2, 1.9.2, and 1.91.3." + }, + { + "lang": "es", + "value": "@solana/web3.js es el SDK de JavaScript de Solana. El uso de entradas particulares con `@solana/web3.js` resultar\u00e1 en un agotamiento de la memoria (OOM). Si tiene un servidor, cliente, producto m\u00f3vil o de escritorio que acepta entradas que no son de confianza para usar con `@solana/web3.js`, su aplicaci\u00f3n/servicio puede fallar, lo que resulta en una p\u00e9rdida de disponibilidad. Esta vulnerabilidad se solucion\u00f3 en 1.0.1, 1.10.2, 1.11.1, 1.12.1, 1.1.2, 1.13.1, 1.14.1, 1.15.1, 1.16.2, 1.17.1, 1.18.1, 1.19. .1, 1.20.3, 1.21.1, 1.22.1, 1.23.1, 1.24.3, 1.25.1, 1.26.1, 1.27.1, 1.28.1, 1.2.8, 1.29.4, 1.30.3 , 1.31.1, 1.3.1, 1.32.3, 1.33.1, 1.34.1, 1.35.2, 1.36.1, 1.37.3, 1.38.1, 1.39.2, 1.40.2, 1.41.11, 1.4 .1, 1.42.1, 1.43.7, 1.44.4, 1.45.1, 1.46.1, 1.47.5, 1.48.1, 1.49.1, 1.50.2, 1.51.1, 1.5.1, 1.52.1 , 1.53.1, 1.54.2, 1.55.1, 1.56.3, 1.57.1, 1.58.1, 1.59.2, 1.60.1, 1.61.2, 1.6.1, 1.62.2, 1.63.2, 1.64 .1, 1.65.1, 1.66.6, 1.67.3, 1.68.2, 1.69.1, 1.70.4, 1.71.1, 1.72.1, 1.7.2, 1.73.5, 1.74.1, 1.75.1 , 1.76.1, 1.77.4, 1.78.8, 1.79.1, 1.80.1, 1.81.1, 1.8.1, 1.82.1, 1.83.1, 1.84.1, 1.85.1, 1.86.1, 1.87 .7, 1.88.1, 1.89.2, 1.90.2, 1.9.2 y 1.91.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-302xx/CVE-2024-30257.json b/CVE-2024/CVE-2024-302xx/CVE-2024-30257.json index 9c6f5544968..c9b3de4218c 100644 --- a/CVE-2024/CVE-2024-302xx/CVE-2024-30257.json +++ b/CVE-2024/CVE-2024-302xx/CVE-2024-30257.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code uses the != symbol instead hmac.Equal. This may lead to a timing attack vulnerability. This vulnerability is fixed in 1.10.3-lts." + }, + { + "lang": "es", + "value": "1Panel es un panel de gesti\u00f3n de operaci\u00f3n y mantenimiento de servidores Linux de c\u00f3digo abierto. La verificaci\u00f3n de contrase\u00f1a en el c\u00f3digo fuente utiliza el s\u00edmbolo! = en lugar de hmac.Equal. Esto puede provocar una vulnerabilidad de ataque sincronizado. Esta vulnerabilidad se solucion\u00f3 en 1.10.3-lts." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-305xx/CVE-2024-30546.json b/CVE-2024/CVE-2024-305xx/CVE-2024-30546.json index ef4e1b3024e..c2d9fead39f 100644 --- a/CVE-2024/CVE-2024-305xx/CVE-2024-30546.json +++ b/CVE-2024/CVE-2024-305xx/CVE-2024-30546.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Login With Ajax.This issue affects Login With Ajax: from n/a through 4.1.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Pixelite Login With Ajax. Este problema afecta el inicio de sesi\u00f3n con Ajax: desde n/a hasta 4.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-306xx/CVE-2024-30694.json b/CVE-2024/CVE-2024-306xx/CVE-2024-30694.json index eb367ed4cf9..7d711880c74 100644 --- a/CVE-2024/CVE-2024-306xx/CVE-2024-30694.json +++ b/CVE-2024/CVE-2024-306xx/CVE-2024-30694.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "A shell injection vulnerability was discovered in ROS2 (Robot Operating System 2) Galactic Geochelone ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, escalate privileges, and obtain sensitive information due to the way ROS2 handles shell command execution in components like command interpreters or interfaces that process external inputs. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n de shell en ROS2 (Robot Operating System 2) Galactic Geochelone ROS_VERSION 2 y ROS_PYTHON_VERSION 3, que permite a los atacantes ejecutar c\u00f3digo arbitrario, escalar privilegios y obtener informaci\u00f3n confidencial debido a la forma en que ROS2 maneja la ejecuci\u00f3n de comandos de shell en componentes como int\u00e9rpretes de comandos o interfaces que procesan entradas externas. NOTA: esto es cuestionado por varios terceros que creen que no hab\u00eda pruebas razonables para determinar la existencia de una vulnerabilidad." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-306xx/CVE-2024-30695.json b/CVE-2024/CVE-2024-306xx/CVE-2024-30695.json index 388b32d0b5d..29b93c6c147 100644 --- a/CVE-2024/CVE-2024-306xx/CVE-2024-30695.json +++ b/CVE-2024/CVE-2024-306xx/CVE-2024-30695.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "An issue was discovered in the default configurations of ROS2 Galactic Geochelone versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows unauthenticated attackers to gain access using default credentials. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en las configuraciones predeterminadas de ROS2 Galactic Geochelone versiones ROS_VERSION 2 y ROS_PYTHON_VERSION 3, que permite a atacantes no autenticados obtener acceso utilizando credenciales predeterminadas. NOTA: esto es cuestionado por varios terceros que creen que no hab\u00eda pruebas razonables para determinar la existencia de una vulnerabilidad." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-306xx/CVE-2024-30696.json b/CVE-2024/CVE-2024-306xx/CVE-2024-30696.json index ec0e2513c20..daff9db6154 100644 --- a/CVE-2024/CVE-2024-306xx/CVE-2024-30696.json +++ b/CVE-2024/CVE-2024-306xx/CVE-2024-30696.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "OS command injection vulnerability in ROS2 Galactic Geochelone in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the command processing or system call components in ROS2, including External Command Execution Modules, System Call Handlers, and Interface Scripts. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en ROS2 Galactic Geochelone en ROS_VERSION 2 y ROS_PYTHON_VERSION 3, permite a atacantes remotos ejecutar c\u00f3digo arbitrario, escalar privilegios y obtener informaci\u00f3n confidencial a trav\u00e9s del procesamiento de comandos o componentes de llamadas al sistema en ROS2, incluidos m\u00f3dulos de ejecuci\u00f3n de comandos externos, controladores de llamadas del sistema y scripts de interfaz. NOTA: esto es cuestionado por varios terceros que creen que no hab\u00eda pruebas razonables para determinar la existencia de una vulnerabilidad." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-306xx/CVE-2024-30697.json b/CVE-2024/CVE-2024-306xx/CVE-2024-30697.json index 52c47567d65..53babbc70ca 100644 --- a/CVE-2024/CVE-2024-306xx/CVE-2024-30697.json +++ b/CVE-2024/CVE-2024-306xx/CVE-2024-30697.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "An issue was discovered in ROS2 Galactic Geochelone in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, where the system transmits messages in plaintext, allowing attackers to access sensitive information via a man-in-the-middle attack. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en ROS2 Galactic Geochelone en ROS_VERSION 2 y ROS_PYTHON_VERSION 3, donde el sistema transmite mensajes en texto sin formato, lo que permite a los atacantes acceder a informaci\u00f3n confidencial a trav\u00e9s de un ataque de intermediario. NOTA: esto es cuestionado por varios terceros que creen que no hab\u00eda pruebas razonables para determinar la existencia de una vulnerabilidad." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-306xx/CVE-2024-30699.json b/CVE-2024/CVE-2024-306xx/CVE-2024-30699.json index b95a585b0a8..2f8eb154139 100644 --- a/CVE-2024/CVE-2024-306xx/CVE-2024-30699.json +++ b/CVE-2024/CVE-2024-306xx/CVE-2024-30699.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "A buffer overflow vulnerability has been discovered in the C++ components of ROS2 Galactic Geochelone ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code or cause a denial of service (DoS) via improper handling of arrays or strings. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability." + }, + { + "lang": "es", + "value": "Se ha descubierto una vulnerabilidad de desbordamiento de b\u00fafer en los componentes C++ de ROS2 Galactic Geochelone ROS_VERSION 2 y ROS_PYTHON_VERSION 3, que permite a los atacantes ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (DoS) mediante un manejo inadecuado de matrices o cadenas. NOTA: esto es cuestionado por varios terceros que creen que no hab\u00eda pruebas razonables para determinar la existencia de una vulnerabilidad." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-307xx/CVE-2024-30701.json b/CVE-2024/CVE-2024-307xx/CVE-2024-30701.json index 9fb714cd0ed..aefb554ac7b 100644 --- a/CVE-2024/CVE-2024-307xx/CVE-2024-30701.json +++ b/CVE-2024/CVE-2024-307xx/CVE-2024-30701.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "An insecure logging vulnerability in ROS2 Galactic Geochelone ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to obtain sensitive information via inadequate security measures implemented within the logging mechanisms of ROS2. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de registro inseguro en ROS2 Galactic Geochelone ROS_VERSION 2 y ROS_PYTHON_VERSION 3 permite a los atacantes obtener informaci\u00f3n confidencial a trav\u00e9s de medidas de seguridad inadecuadas implementadas dentro de los mecanismos de registro de ROS2. NOTA: esto es cuestionado por varios terceros que creen que no hab\u00eda pruebas razonables para determinar la existencia de una vulnerabilidad." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-309xx/CVE-2024-30950.json b/CVE-2024/CVE-2024-309xx/CVE-2024-30950.json index 6cf5f86c438..b9d3de79238 100644 --- a/CVE-2024/CVE-2024-309xx/CVE-2024-30950.json +++ b/CVE-2024/CVE-2024-309xx/CVE-2024-30950.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "A stored cross-site scripting (XSS) vulnerability in FUDforum v3.1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de cross site scripting (XSS) almacenadas en FUDforum v3.1.3 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el campo de declaraciones SQL en /adm/admsql.php." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-309xx/CVE-2024-30951.json b/CVE-2024/CVE-2024-309xx/CVE-2024-30951.json index 041f2f54e3b..330d55e4232 100644 --- a/CVE-2024/CVE-2024-309xx/CVE-2024-30951.json +++ b/CVE-2024/CVE-2024-309xx/CVE-2024-30951.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "FUDforum v3.1.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the chpos parameter at /adm/admsmiley.php." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que FUDforum v3.1.3 conten\u00eda una vulnerabilidad de cross site scripting (XSS) reflejada a trav\u00e9s del par\u00e1metro chpos en /adm/admsmiley.php." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-309xx/CVE-2024-30952.json b/CVE-2024/CVE-2024-309xx/CVE-2024-30952.json index 8fa135944d4..5e9235dfa8c 100644 --- a/CVE-2024/CVE-2024-309xx/CVE-2024-30952.json +++ b/CVE-2024/CVE-2024-309xx/CVE-2024-30952.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "A stored cross-site scripting (XSS) vulnerability in PESCMS-TEAM v2.3.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the domain input field under /youdoamin/?g=Team&m=Setting&a=action." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de cross-site scripting (XSS) almacenadas en PESCMS-TEAM v2.3.6 permite a los atacantes ejecutar scripts web o HTML arbitrarias a trav\u00e9s de un payload manipulado inyectado en el campo de entrada del dominio en /youdoamin/?g=Team&m=Setting&a=action." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-309xx/CVE-2024-30953.json b/CVE-2024/CVE-2024-309xx/CVE-2024-30953.json index 8c955625c80..d46f982d84f 100644 --- a/CVE-2024/CVE-2024-309xx/CVE-2024-30953.json +++ b/CVE-2024/CVE-2024-309xx/CVE-2024-30953.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "A stored cross-site scripting (XSS) vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor module." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de cross site scripting (XSS) almacenadas en Htmly v2.9.5 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro Nombre del enlace del m\u00f3dulo Editor de men\u00fas." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-309xx/CVE-2024-30980.json b/CVE-2024/CVE-2024-309xx/CVE-2024-30980.json index 4c76ca9da52..55cc9ddeedc 100644 --- a/CVE-2024/CVE-2024-309xx/CVE-2024-30980.json +++ b/CVE-2024/CVE-2024-309xx/CVE-2024-30980.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the Computer Location parameter in manage-computer.php page." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL en phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 permite a los atacantes ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro Ubicaci\u00f3n de la maquina en la p\u00e1gina administrar-computer.php." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-309xx/CVE-2024-30981.json b/CVE-2024/CVE-2024-309xx/CVE-2024-30981.json index 7102d7f23a9..77189042eb0 100644 --- a/CVE-2024/CVE-2024-309xx/CVE-2024-30981.json +++ b/CVE-2024/CVE-2024-309xx/CVE-2024-30981.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "SQL Injection vulnerability in /edit-computer-detail.php in phpgurukul Cyber Cafe Management System Using PHP & MySQL v1.0 allows attackers to run arbitrary SQL commands via editid in the application URL." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL en /edit-computer-detail.php en phpgurukul Cyber Cafe Management System Using PHP & MySQL v1.0 permite a los atacantes ejecutar comandos SQL arbitrarios a trav\u00e9s de editid en la URL de la aplicaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-309xx/CVE-2024-30982.json b/CVE-2024/CVE-2024-309xx/CVE-2024-30982.json index bad986f4924..34536dfe113 100644 --- a/CVE-2024/CVE-2024-309xx/CVE-2024-30982.json +++ b/CVE-2024/CVE-2024-309xx/CVE-2024-30982.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the upid parameter in the /view-user-detail.php file." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL en phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 permite a los atacantes ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro upid en el archivo /view-user-detail.php." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-309xx/CVE-2024-30983.json b/CVE-2024/CVE-2024-309xx/CVE-2024-30983.json index c1108414682..cbbc3c4c492 100644 --- a/CVE-2024/CVE-2024-309xx/CVE-2024-30983.json +++ b/CVE-2024/CVE-2024-309xx/CVE-2024-30983.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the compname parameter in /edit-computer-detail.php file." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL en phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 permite a los atacantes ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro compname en el archivo /edit-computer-detail.php." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-309xx/CVE-2024-30985.json b/CVE-2024/CVE-2024-309xx/CVE-2024-30985.json index 648d7c03e9c..8c42d524bca 100644 --- a/CVE-2024/CVE-2024-309xx/CVE-2024-30985.json +++ b/CVE-2024/CVE-2024-309xx/CVE-2024-30985.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "SQL Injection vulnerability in \"B/W Dates Reports\" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via \"todate\" and \"fromdate\" parameters." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL en \"B/W Dates Reports\" page in phpgurukul Client Management System using PHP & MySQL 1.1 permite a un atacante ejecutar comandos SQL arbitrarios a trav\u00e9s de los par\u00e1metros \"todate\" y \"fromdate\"." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-309xx/CVE-2024-30986.json b/CVE-2024/CVE-2024-309xx/CVE-2024-30986.json index 03ee7a309db..6558e6deb05 100644 --- a/CVE-2024/CVE-2024-309xx/CVE-2024-30986.json +++ b/CVE-2024/CVE-2024-309xx/CVE-2024-30986.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross Site Scripting vulnerability in /edit-services-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and via \"price\" and \"sname\" parameter." + }, + { + "lang": "es", + "value": "Vulnerabilidad de cross site scripting en /edit-services-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 permite a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de los par\u00e1metros \"precio\" y \"nombre\"." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-309xx/CVE-2024-30987.json b/CVE-2024/CVE-2024-309xx/CVE-2024-30987.json index e53d0be5f27..216e8f20d05 100644 --- a/CVE-2024/CVE-2024-309xx/CVE-2024-30987.json +++ b/CVE-2024/CVE-2024-309xx/CVE-2024-30987.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross Site Scripting vulnerability in /bwdates-reports-ds.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via the fromdate and todate parameters." + }, + { + "lang": "es", + "value": "Vulnerabilidad de cross site scripting en /bwdates-reports-ds.php of phpgurukul Client Management System using PHP & MySQL 1.1 permite a los atacantes ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s de los par\u00e1metros fromdate y todate." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-309xx/CVE-2024-30988.json b/CVE-2024/CVE-2024-309xx/CVE-2024-30988.json index 1e590271783..5ca47c0af42 100644 --- a/CVE-2024/CVE-2024-309xx/CVE-2024-30988.json +++ b/CVE-2024/CVE-2024-309xx/CVE-2024-30988.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross Site Scripting vulnerability in /search-invoices.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via the Search bar." + }, + { + "lang": "es", + "value": "Vulnerabilidad de cross site scripting en /search-invoices.php of phpgurukul Client Management System using PHP & MySQL 1.1 permite a los atacantes ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s de la barra de b\u00fasqueda." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-309xx/CVE-2024-30989.json b/CVE-2024/CVE-2024-309xx/CVE-2024-30989.json index aab06d251fa..370dadce14a 100644 --- a/CVE-2024/CVE-2024-309xx/CVE-2024-30989.json +++ b/CVE-2024/CVE-2024-309xx/CVE-2024-30989.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross Site Scripting vulnerability in /edit-client-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code via the \"cname\", \"comname\", \"state\" and \"city\" parameter." + }, + { + "lang": "es", + "value": "Vulnerabilidad de cross site scripting en /edit-client-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 permite a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de los par\u00e1metros \"cname\", \"comname\", \"state\" y \"city\"." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-309xx/CVE-2024-30990.json b/CVE-2024/CVE-2024-309xx/CVE-2024-30990.json index 8d98e17b191..f68963c6b81 100644 --- a/CVE-2024/CVE-2024-309xx/CVE-2024-30990.json +++ b/CVE-2024/CVE-2024-309xx/CVE-2024-30990.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "SQL Injection vulnerability in the \"Invoices\" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via \"searchdata\" parameter." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL en the \"Invoices\" page in phpgurukul Client Management System using PHP & MySQL 1.1 permite a un atacante ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro \"datos de b\u00fasqueda\"." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-30xx/CVE-2024-3054.json b/CVE-2024/CVE-2024-30xx/CVE-2024-3054.json index 44e8740e59b..662c2b448e0 100644 --- a/CVE-2024/CVE-2024-30xx/CVE-2024-3054.json +++ b/CVE-2024/CVE-2024-30xx/CVE-2024-3054.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the wpvividstg_get_custom_exclude_path_free action. This is due to the plugin not providing sufficient path validation on the tree_node[node][id] parameter. This makes it possible for authenticated attackers, with admin-level access and above, to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code." + }, + { + "lang": "es", + "value": "El complemento WPvivid Backup & Migration para WordPress es vulnerable a la deserializaci\u00f3n PHAR en todas las versiones hasta la 0.9.99 incluida a trav\u00e9s de la deserializaci\u00f3n de entradas que no son de confianza en la acci\u00f3n wpvividstg_get_custom_exclude_path_free. Esto se debe a que el complemento no proporciona suficiente validaci\u00f3n de ruta en el par\u00e1metro tree_node[nodo][id]. Esto hace posible que atacantes autenticados, con acceso de nivel de administrador y superior, llamen archivos usando un contenedor PHAR que deserializar\u00e1 los datos y llamar\u00e1 objetos PHP arbitrarios. No hay ninguna cadena POP presente en el complemento vulnerable. Si hay una cadena POP presente a trav\u00e9s de un complemento o tema adicional instalado en el sistema de destino, podr\u00eda permitir al atacante eliminar archivos arbitrarios, recuperar datos confidenciales o ejecutar c\u00f3digo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-30xx/CVE-2024-3067.json b/CVE-2024/CVE-2024-30xx/CVE-2024-3067.json index ae747cc4852..6477f17e861 100644 --- a/CVE-2024/CVE-2024-30xx/CVE-2024-3067.json +++ b/CVE-2024/CVE-2024-30xx/CVE-2024-3067.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This can also be used by unauthenticated attackers to inject malicious web scripts." + }, + { + "lang": "es", + "value": "El complemento WooCommerce Google Feed Manager para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'id' en todas las versiones hasta la 2.4.2 incluida debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que atacantes autenticados, con acceso de nivel de administrador y superior, agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer informaci\u00f3n confidencial de la base de datos. Esto tambi\u00e9n lo pueden utilizar atacantes no autenticados para inyectar scripts web maliciosos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-30xx/CVE-2024-3097.json b/CVE-2024/CVE-2024-30xx/CVE-2024-3097.json index d36c6bafef0..df33f40651e 100644 --- a/CVE-2024/CVE-2024-30xx/CVE-2024-3097.json +++ b/CVE-2024/CVE-2024-30xx/CVE-2024-3097.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-04-09T19:15:39.553", "lastModified": "2024-04-10T13:23:38.787", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-310xx/CVE-2024-31031.json b/CVE-2024/CVE-2024-310xx/CVE-2024-31031.json index 37526a99235..1e013a97079 100644 --- a/CVE-2024/CVE-2024-310xx/CVE-2024-31031.json +++ b/CVE-2024/CVE-2024-310xx/CVE-2024-31031.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow." + }, + { + "lang": "es", + "value": "Un problema en `coap_pdu.c` en libcoap 4.3.4 permite a los atacantes provocar un comportamiento indefinido a trav\u00e9s de una secuencia de mensajes que conducen a un desbordamiento de enteros sin signo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-310xx/CVE-2024-31040.json b/CVE-2024/CVE-2024-310xx/CVE-2024-31040.json index 503f6db77f1..a2a8445817f 100644 --- a/CVE-2024/CVE-2024-310xx/CVE-2024-31040.json +++ b/CVE-2024/CVE-2024-310xx/CVE-2024-31040.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a denial of service via a series of specially crafted hexstreams." + }, + { + "lang": "es", + "value": "Vulnerabilidad de desbordamiento de b\u00fafer en la funci\u00f3n get_var_integer en mqtt_parser.c en NanoMQ 0.21.7 permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de una serie de hexstreams especialmente manipulados." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-310xx/CVE-2024-31041.json b/CVE-2024/CVE-2024-310xx/CVE-2024-31041.json index 6a5e7cfebca..dd3b8d09b0d 100644 --- a/CVE-2024/CVE-2024-310xx/CVE-2024-31041.json +++ b/CVE-2024/CVE-2024-310xx/CVE-2024-31041.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Null Pointer Dereference vulnerability in topic_filtern function in mqtt_parser.c in NanoMQ 0.21.7 allows attackers to cause a denial of service." + }, + { + "lang": "es", + "value": "Vulnerabilidad de desreferencia de puntero nulo en la funci\u00f3n topic_filtern en mqtt_parser.c en NanoMQ 0.21.7 permite a atacantes provocar una denegaci\u00f3n de servicio." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-312xx/CVE-2024-31219.json b/CVE-2024/CVE-2024-312xx/CVE-2024-31219.json index e509901d5b1..c9c66929180 100644 --- a/CVE-2024/CVE-2024-312xx/CVE-2024-31219.json +++ b/CVE-2024/CVE-2024-312xx/CVE-2024-31219.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Discourse-reactions is a plugin that allows user to add their reactions to the post. When whispers are enabled on a site via `whispers_allowed_groups` and reactions are made on whispers on public topics, the contents of the whisper and the reaction data are shown on the `/u/:username/activity/reactions` endpoint.\n" + }, + { + "lang": "es", + "value": "Discourse-reactions es un complemento que permite al usuario agregar sus reacciones a la publicaci\u00f3n. Cuando los whispers est\u00e1n habilitados en un sitio a trav\u00e9s de `whispers_allowed_groups` y se realizan reacciones a whispers sobre temas p\u00fablicos, el contenido del whisper y los datos de reacci\u00f3n se muestran en el endpoint `/u/:username/activity/reactions`." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-312xx/CVE-2024-31229.json b/CVE-2024/CVE-2024-312xx/CVE-2024-31229.json index 3d7648d526d..515616ac1e0 100644 --- a/CVE-2024/CVE-2024-312xx/CVE-2024-31229.json +++ b/CVE-2024/CVE-2024-312xx/CVE-2024-31229.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in Really Simple Plugins Really Simple SSL.This issue affects Really Simple SSL: from n/a through 7.2.3.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en Really Simple Plugins Really Simple SSL. Este problema afecta a Really Simple SSL: desde n/a hasta 7.2.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-313xx/CVE-2024-31302.json b/CVE-2024/CVE-2024-313xx/CVE-2024-31302.json index 725285d9ff1..c4bb4ddf5b0 100644 --- a/CVE-2024/CVE-2024-313xx/CVE-2024-31302.json +++ b/CVE-2024/CVE-2024-313xx/CVE-2024-31302.json @@ -3,7 +3,7 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-04-10T16:15:14.563", "lastModified": "2024-04-10T19:49:51.183", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-313xx/CVE-2024-31371.json b/CVE-2024/CVE-2024-313xx/CVE-2024-31371.json index da565e8ba66..050ecbfff48 100644 --- a/CVE-2024/CVE-2024-313xx/CVE-2024-31371.json +++ b/CVE-2024/CVE-2024-313xx/CVE-2024-31371.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Xylus Themes WP Event Aggregator.This issue affects WP Event Aggregator: from n/a through 1.7.6.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Xylus Themes WP Event Aggregator. Este problema afecta a WP Event Aggregator: desde n/a hasta 1.7.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-313xx/CVE-2024-31372.json b/CVE-2024/CVE-2024-313xx/CVE-2024-31372.json index c540c6bff57..37faeb8febb 100644 --- a/CVE-2024/CVE-2024-313xx/CVE-2024-31372.json +++ b/CVE-2024/CVE-2024-313xx/CVE-2024-31372.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bot Registration.This issue affects No-Bot Registration: from n/a through 1.9.1.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Arnan de Gans No-Bot Registration. Este problema afecta a No-Bot Registration: desde n/a hasta 1.9.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-313xx/CVE-2024-31373.json b/CVE-2024/CVE-2024-313xx/CVE-2024-31373.json index 79c1545bb66..356f83730a0 100644 --- a/CVE-2024/CVE-2024-313xx/CVE-2024-31373.json +++ b/CVE-2024/CVE-2024-313xx/CVE-2024-31373.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in E2Pdf.This issue affects e2pdf: from n/a through 1.20.27.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en E2Pdf. Este problema afecta a e2pdf: desde n/a hasta 1.20.27." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-313xx/CVE-2024-31374.json b/CVE-2024/CVE-2024-313xx/CVE-2024-31374.json index e0daf8d5e9a..25435c8f72a 100644 --- a/CVE-2024/CVE-2024-313xx/CVE-2024-31374.json +++ b/CVE-2024/CVE-2024-313xx/CVE-2024-31374.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en AppPresser Team AppPresser. Este problema afecta a AppPresser: desde n/a hasta 4.3.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-313xx/CVE-2024-31376.json b/CVE-2024/CVE-2024-313xx/CVE-2024-31376.json index 0f35fb6ac8e..2601059a3d6 100644 --- a/CVE-2024/CVE-2024-313xx/CVE-2024-31376.json +++ b/CVE-2024/CVE-2024-313xx/CVE-2024-31376.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Andrew Rapps Dashboard To-Do List.This issue affects Dashboard To-Do List: from n/a through 1.3.1.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Andrew Rapps Dashboard To-Do List. Este problema afecta la lista de tareas pendientes del panel: desde n/a hasta 1.3.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-313xx/CVE-2024-31378.json b/CVE-2024/CVE-2024-313xx/CVE-2024-31378.json index 5d01a497f9a..003102d0e25 100644 --- a/CVE-2024/CVE-2024-313xx/CVE-2024-31378.json +++ b/CVE-2024/CVE-2024-313xx/CVE-2024-31378.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp Forms by MailMunch.This issue affects MailChimp Forms by MailMunch: from n/a through 3.2.1.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en MailMunch MailChimp Forms de MailMunch. Este problema afecta a MailChimp Forms de MailMunch: desde n/a hasta 3.2.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-313xx/CVE-2024-31379.json b/CVE-2024/CVE-2024-313xx/CVE-2024-31379.json index 3a8e9749075..46236e31b9c 100644 --- a/CVE-2024/CVE-2024-313xx/CVE-2024-31379.json +++ b/CVE-2024/CVE-2024-313xx/CVE-2024-31379.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Smash Balloon Social Post Feed.This issue affects Smash Balloon Social Post Feed: from n/a through 4.2.1.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Smash Balloon Smash Balloon Social Post Feed. Este problema afecta al feed de publicaciones sociales de Smash Balloon: desde n/a hasta 4.2.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-313xx/CVE-2024-31381.json b/CVE-2024/CVE-2024-313xx/CVE-2024-31381.json index 5932bec1d57..b21f7b6212b 100644 --- a/CVE-2024/CVE-2024-313xx/CVE-2024-31381.json +++ b/CVE-2024/CVE-2024-313xx/CVE-2024-31381.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in RebelCode Spotlight Social Media Feeds.This issue affects Spotlight Social Media Feeds: from n/a through 1.6.10.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en RebelCode Spotlight Social Media Feeds. Este problema afecta a Spotlight Social Media Feeds: desde n/a hasta 1.6.10." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-313xx/CVE-2024-31382.json b/CVE-2024/CVE-2024-313xx/CVE-2024-31382.json index ee60a7af684..14bb2deb2ab 100644 --- a/CVE-2024/CVE-2024-313xx/CVE-2024-31382.json +++ b/CVE-2024/CVE-2024-313xx/CVE-2024-31382.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Creative Themes HQ Blocksy.This issue affects Blocksy: from n/a through 2.0.22.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Creative Themes HQ Blocksy. Este problema afecta a Blocksy: desde n/a hasta 2.0.22." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-313xx/CVE-2024-31383.json b/CVE-2024/CVE-2024-313xx/CVE-2024-31383.json index be4474a5d43..9b2c30fa4d2 100644 --- a/CVE-2024/CVE-2024-313xx/CVE-2024-31383.json +++ b/CVE-2024/CVE-2024-313xx/CVE-2024-31383.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Pagelayer PopularFX.This issue affects PopularFX: from n/a through 1.2.4.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Pagelayer PopularFX. Este problema afecta a PopularFX: desde n/a hasta 1.2.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-313xx/CVE-2024-31384.json b/CVE-2024/CVE-2024-313xx/CVE-2024-31384.json index 52aadfbde3b..458dcc3f3a3 100644 --- a/CVE-2024/CVE-2024-313xx/CVE-2024-31384.json +++ b/CVE-2024/CVE-2024-313xx/CVE-2024-31384.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Spa and Salon.This issue affects Spa and Salon: from n/a through 1.2.7.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Rara Theme Spa and Salon. Este problema afecta a Spa and Salon: desde n/a hasta 1.2.7." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-313xx/CVE-2024-31385.json b/CVE-2024/CVE-2024-313xx/CVE-2024-31385.json index 85847bee113..6d07835114f 100644 --- a/CVE-2024/CVE-2024-313xx/CVE-2024-31385.json +++ b/CVE-2024/CVE-2024-313xx/CVE-2024-31385.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary ReDi Restaurant Reservation.This issue affects ReDi Restaurant Reservation: from n/a through 24.0128.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Reservation Diary ReDi Restaurant Reservation. Este problema afecta a la reserva de restaurante ReDi: desde n/a hasta 24.0128." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-313xx/CVE-2024-31388.json b/CVE-2024/CVE-2024-313xx/CVE-2024-31388.json index 78e15d318da..34ac3a31d37 100644 --- a/CVE-2024/CVE-2024-313xx/CVE-2024-31388.json +++ b/CVE-2024/CVE-2024-313xx/CVE-2024-31388.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Pauple Table & Contact Form 7 Database \u2013 Tablesome.This issue affects Table & Contact Form 7 Database \u2013 Tablesome: from n/a through 1.0.25.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Pauple Table & Contact Form 7 Database \u2013 Tablesome. Este problema afecta la base de datos Table & Contact Form 7 \u2013 Tablesome: desde n/a hasta 1.0.25." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-313xx/CVE-2024-31389.json b/CVE-2024/CVE-2024-313xx/CVE-2024-31389.json index eaa14979c2d..f9efdf73b38 100644 --- a/CVE-2024/CVE-2024-313xx/CVE-2024-31389.json +++ b/CVE-2024/CVE-2024-313xx/CVE-2024-31389.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Ertano MihanPanel.This issue affects MihanPanel: from n/a before 12.7.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Ertano MihanPanel. Este problema afecta a MihanPanel: desde n/a antes de 12.7." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-314xx/CVE-2024-31421.json b/CVE-2024/CVE-2024-314xx/CVE-2024-31421.json index 2cfea4232d0..1fa4c8a98b3 100644 --- a/CVE-2024/CVE-2024-314xx/CVE-2024-31421.json +++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31421.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Supsystic Popup by Supsystic.This issue affects Popup by Supsystic: from n/a through 1.10.27.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Supsystic Popup de Supsystic. Este problema afecta a Popup de Supsystic: desde n/a hasta 1.10.27." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-314xx/CVE-2024-31422.json b/CVE-2024/CVE-2024-314xx/CVE-2024-31422.json index f7de76fe1bc..b2f91e8c46c 100644 --- a/CVE-2024/CVE-2024-314xx/CVE-2024-31422.json +++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31422.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Philippe Bernard Favicon.This issue affects Favicon: from n/a through 1.3.29.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Philippe Bernard Favicon. Este problema afecta a Favicon: desde n/a hasta 1.3.29." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-314xx/CVE-2024-31424.json b/CVE-2024/CVE-2024-314xx/CVE-2024-31424.json index 9d43b82393b..92eff421f7e 100644 --- a/CVE-2024/CVE-2024-314xx/CVE-2024-31424.json +++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31424.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Hamid Alinia - idehweb Login with phone number.This issue affects Login with phone number: from n/a through 1.6.93.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Hamid Alinia - idehweb Login with phone number. Este problema afecta el inicio de sesi\u00f3n con n\u00famero de tel\u00e9fono: desde n/a hasta 1.6.93." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-314xx/CVE-2024-31425.json b/CVE-2024/CVE-2024-314xx/CVE-2024-31425.json index 6c8651bc60a..0f9a1f4c95d 100644 --- a/CVE-2024/CVE-2024-314xx/CVE-2024-31425.json +++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31425.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in TMS Amelia.This issue affects Amelia: from n/a through 1.0.95.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en TMS Amelia. Este problema afecta a Amelia: desde n/a hasta 1.0.95." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-314xx/CVE-2024-31426.json b/CVE-2024/CVE-2024-314xx/CVE-2024-31426.json index 7aa35fab7c1..f0c7de41199 100644 --- a/CVE-2024/CVE-2024-314xx/CVE-2024-31426.json +++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31426.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Data443 Inline Related Posts.This issue affects Inline Related Posts: from n/a through 3.3.1.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Data443 Inline Related Posts. Este problema afecta a publicaciones relacionadas en l\u00ednea: desde n/a hasta 3.3.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-314xx/CVE-2024-31427.json b/CVE-2024/CVE-2024-314xx/CVE-2024-31427.json index 9b379172da0..32f8cfcee4e 100644 --- a/CVE-2024/CVE-2024-314xx/CVE-2024-31427.json +++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31427.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Marker.Io Marker.Io.This issue affects Marker.Io : from n/a through 1.1.8.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Marker.Io Marker.Io. Este problema afecta a Marker.Io: desde n/a hasta 1.1.8." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-314xx/CVE-2024-31428.json b/CVE-2024/CVE-2024-314xx/CVE-2024-31428.json index ce1412fe2ad..847dcf0b173 100644 --- a/CVE-2024/CVE-2024-314xx/CVE-2024-31428.json +++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31428.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme The Conference.This issue affects The Conference: from n/a through 1.2.0.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Rara Theme The Conference. Este problema afecta a The Conference: desde n/a hasta 1.2.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-314xx/CVE-2024-31429.json b/CVE-2024/CVE-2024-314xx/CVE-2024-31429.json index c19d80869d5..349d3be3edc 100644 --- a/CVE-2024/CVE-2024-314xx/CVE-2024-31429.json +++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31429.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Blossom Themes Sarada Lite.This issue affects Sarada Lite: from n/a through 1.1.2.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Blossom Themes Sarada Lite. Este problema afecta a Sarada Lite: desde n/a hasta 1.1.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-314xx/CVE-2024-31431.json b/CVE-2024/CVE-2024-314xx/CVE-2024-31431.json index 09590c16dcd..6fa8f60bc08 100644 --- a/CVE-2024/CVE-2024-314xx/CVE-2024-31431.json +++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31431.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Product Input Fields for WooCommerce.This issue affects Product Input Fields for WooCommerce: from n/a through 1.7.0.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Tyche Softwares Product Input Fields for WooCommerce. Este problema afecta los campos de entrada de productos para WooCommerce: desde n/a hasta 1.7.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-314xx/CVE-2024-31432.json b/CVE-2024/CVE-2024-314xx/CVE-2024-31432.json index 94948a31c96..ff8fbc64785 100644 --- a/CVE-2024/CVE-2024-314xx/CVE-2024-31432.json +++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31432.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in StellarWP Restrict Content.This issue affects Restrict Content: from n/a through 3.2.8.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de falta de autorizaci\u00f3n en contenido restringido de StellarWP. Este problema afecta el contenido restringido: desde n/a hasta 3.2.8." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-314xx/CVE-2024-31433.json b/CVE-2024/CVE-2024-314xx/CVE-2024-31433.json index f92799fedc6..6535f1b469b 100644 --- a/CVE-2024/CVE-2024-314xx/CVE-2024-31433.json +++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31433.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar.This issue affects The Events Calendar: from n/a through 6.3.0.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en The Events Calendar. Este problema afecta a The Events Calendar: desde n/a hasta 6.3.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-314xx/CVE-2024-31434.json b/CVE-2024/CVE-2024-314xx/CVE-2024-31434.json index f5f66a3da7f..e830181ed97 100644 --- a/CVE-2024/CVE-2024-314xx/CVE-2024-31434.json +++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31434.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Stefano Lissa & The Newsletter Team Newsletter.This issue affects Newsletter: from n/a through 8.0.6.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Stefano Lissa y The Newsletter Team Newsletter. Este problema afecta a Newsletter: desde n/a hasta 8.0.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-315xx/CVE-2024-31578.json b/CVE-2024/CVE-2024-315xx/CVE-2024-31578.json index 5ac62b89cf7..07168fbb036 100644 --- a/CVE-2024/CVE-2024-315xx/CVE-2024-31578.json +++ b/CVE-2024/CVE-2024-315xx/CVE-2024-31578.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que la versi\u00f3n n6.1.1 de FFmpeg conten\u00eda un heap use-after-free a trav\u00e9s de la funci\u00f3n av_hwframe_ctx_init." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-315xx/CVE-2024-31580.json b/CVE-2024/CVE-2024-315xx/CVE-2024-31580.json index 43ecc9c53bb..a8a4da15c34 100644 --- a/CVE-2024/CVE-2024-315xx/CVE-2024-31580.json +++ b/CVE-2024/CVE-2024-315xx/CVE-2024-31580.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que PyTorch anterior a v2.2.0 conten\u00eda una vulnerabilidad de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en el componente /runtime/vararg_functions.cpp. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-315xx/CVE-2024-31581.json b/CVE-2024/CVE-2024-315xx/CVE-2024-31581.json index 34e676d8a20..b4a9311898e 100644 --- a/CVE-2024/CVE-2024-315xx/CVE-2024-31581.json +++ b/CVE-2024/CVE-2024-315xx/CVE-2024-31581.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que la versi\u00f3n n6.1 de FFmpeg conten\u00eda una validaci\u00f3n incorrecta de la vulnerabilidad del \u00edndice de matriz en libavcodec/cbs_h266_syntax_template.c. Esta vulnerabilidad permite a los atacantes provocar un comportamiento indefinido dentro de la aplicaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-315xx/CVE-2024-31582.json b/CVE-2024/CVE-2024-315xx/CVE-2024-31582.json index fae02d96474..8aae0781e22 100644 --- a/CVE-2024/CVE-2024-315xx/CVE-2024-31582.json +++ b/CVE-2024/CVE-2024-315xx/CVE-2024-31582.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que la versi\u00f3n n6.1 de FFmpeg conten\u00eda una vulnerabilidad de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en la funci\u00f3n draw_block_rectangle de libavfilter/vf_codecview.c. Esta vulnerabilidad permite a los atacantes provocar un comportamiento indefinido o una denegaci\u00f3n de servicio (DoS) mediante entradas manipuladas." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-315xx/CVE-2024-31583.json b/CVE-2024/CVE-2024-315xx/CVE-2024-31583.json index 6227bb66a5b..e7f69fb8f8c 100644 --- a/CVE-2024/CVE-2024-315xx/CVE-2024-31583.json +++ b/CVE-2024/CVE-2024-315xx/CVE-2024-31583.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Pytorch anterior a la versi\u00f3n v2.2.0 conten\u00eda una vulnerabilidad de use-after-free en torch/csrc/jit/mobile/interpreter.cpp." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-315xx/CVE-2024-31585.json b/CVE-2024/CVE-2024-315xx/CVE-2024-31585.json index e7639220a75..58442b6623e 100644 --- a/CVE-2024/CVE-2024-315xx/CVE-2024-31585.json +++ b/CVE-2024/CVE-2024-315xx/CVE-2024-31585.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que FFmpeg versi\u00f3n n5.1 a n6.1 conten\u00eda una vulnerabilidad de error uno por uno en libavfilter/avf_showspectrum.c. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante una entrada manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-317xx/CVE-2024-31783.json b/CVE-2024/CVE-2024-317xx/CVE-2024-31783.json index 360c34fc850..86f8c897fce 100644 --- a/CVE-2024/CVE-2024-317xx/CVE-2024-31783.json +++ b/CVE-2024/CVE-2024-317xx/CVE-2024-31783.json @@ -11,7 +11,7 @@ }, { "lang": "es", - "value": "La vulnerabilidad de Cross-Site Scripting (XSS) en Typora v.1.6.7 y anteriores permite a un atacante local obtener informaci\u00f3n confidencial a trav\u00e9s de una secuencia de comandos manipulada durante la creaci\u00f3n del archivo de rebajas." + "value": "La vulnerabilidad de Cross-Site Scripting (XSS) en Typora v.1.6.7 y anteriores permite a un atacante local obtener informaci\u00f3n confidencial a trav\u00e9s de un script manipulado durante la creaci\u00f3n del archivo de rebajas." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-319xx/CVE-2024-31920.json b/CVE-2024/CVE-2024-319xx/CVE-2024-31920.json index ca3e9e98d89..58ab975c3f1 100644 --- a/CVE-2024/CVE-2024-319xx/CVE-2024-31920.json +++ b/CVE-2024/CVE-2024-319xx/CVE-2024-31920.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Currency per Product for WooCommerce.This issue affects Currency per Product for WooCommerce: from n/a through 1.6.0.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Tyche Softwares Currency per Product for WooCommerce. Este problema afecta la moneda por producto para WooCommerce: desde n/a hasta 1.6.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-319xx/CVE-2024-31921.json b/CVE-2024/CVE-2024-319xx/CVE-2024-31921.json index 320aefabe92..2830cc6cda3 100644 --- a/CVE-2024/CVE-2024-319xx/CVE-2024-31921.json +++ b/CVE-2024/CVE-2024-319xx/CVE-2024-31921.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Ultimate Product Catalogue.This issue affects Ultimate Product Catalogue: from n/a through 5.2.15.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Etoile Web Design Ultimate Product Catalogue. Este problema afecta a Ultimate Product Catalogue: desde n/a hasta 5.2.15." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-319xx/CVE-2024-31922.json b/CVE-2024/CVE-2024-319xx/CVE-2024-31922.json index 01ccbbd6ad5..638552b510d 100644 --- a/CVE-2024/CVE-2024-319xx/CVE-2024-31922.json +++ b/CVE-2024/CVE-2024-319xx/CVE-2024-31922.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Anton Aleksandrov WordPress Hosting Benchmark tool.This issue affects WordPress Hosting Benchmark tool: from n/a through 1.3.6.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Anton Aleksandrov WordPress Hosting Benchmark tool. Este problema afecta a la herramienta WordPress Hosting Benchmark: desde n/a hasta 1.3.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-319xx/CVE-2024-31923.json b/CVE-2024/CVE-2024-319xx/CVE-2024-31923.json index 02eb4ec32f0..3f7915d0949 100644 --- a/CVE-2024/CVE-2024-319xx/CVE-2024-31923.json +++ b/CVE-2024/CVE-2024-319xx/CVE-2024-31923.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in PluginOps Feather Login Page.This issue affects Feather Login Page: from n/a through 1.1.5.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en PluginOps Feather Login Page. Este problema afecta a la p\u00e1gina de inicio de sesi\u00f3n Feather: desde n/a hasta 1.1.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-319xx/CVE-2024-31933.json b/CVE-2024/CVE-2024-319xx/CVE-2024-31933.json index f053751b299..c877184805f 100644 --- a/CVE-2024/CVE-2024-319xx/CVE-2024-31933.json +++ b/CVE-2024/CVE-2024-319xx/CVE-2024-31933.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through 1.5.35.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Live Composer Team Page Builder: Live Composer. Este problema afecta a Page Builder: Live Composer: desde n/a hasta 1.5.35." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-319xx/CVE-2024-31938.json b/CVE-2024/CVE-2024-319xx/CVE-2024-31938.json index 3282da2a1d7..72b07d69e66 100644 --- a/CVE-2024/CVE-2024-319xx/CVE-2024-31938.json +++ b/CVE-2024/CVE-2024-319xx/CVE-2024-31938.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Themeinwp NewsXpress.This issue affects NewsXpress: from n/a through 1.0.7.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Themeinwp NewsXpress. Este problema afecta a NewsXpress: desde n/a hasta 1.0.7." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-319xx/CVE-2024-31940.json b/CVE-2024/CVE-2024-319xx/CVE-2024-31940.json index e01dfbf58cf..999fc3b9b12 100644 --- a/CVE-2024/CVE-2024-319xx/CVE-2024-31940.json +++ b/CVE-2024/CVE-2024-319xx/CVE-2024-31940.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in RedNao Extra Product Options Builder for WooCommerce.This issue affects Extra Product Options Builder for WooCommerce: from n/a through 1.2.104.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en RedNao Extra Product Options Builder para WooCommerce. Este problema afecta al Extra Product Options Builder para WooCommerce: desde n/a hasta 1.2.104." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3167.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3167.json index a49a3f6f218..1907d75f866 100644 --- a/CVE-2024/CVE-2024-31xx/CVE-2024-3167.json +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3167.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-04-09T19:15:39.877", "lastModified": "2024-04-10T13:23:38.787", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-321xx/CVE-2024-32126.json b/CVE-2024/CVE-2024-321xx/CVE-2024-32126.json index c0884e79aa5..70b82ba2324 100644 --- a/CVE-2024/CVE-2024-321xx/CVE-2024-32126.json +++ b/CVE-2024/CVE-2024-321xx/CVE-2024-32126.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Peters Navigation menu as Dropdown Widget allows Stored XSS.This issue affects Navigation menu as Dropdown Widget: from n/a through 1.3.4.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Jeroen Peters Navigation menu as Dropdown Widget permite almacenar XSS. Este problema afecta al men\u00fa de navegaci\u00f3n como widget desplegable: desde n/a hasta 1.3.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-321xx/CVE-2024-32129.json b/CVE-2024/CVE-2024-321xx/CVE-2024-32129.json index 2bbf0850fe9..d73cd9d5a7c 100644 --- a/CVE-2024/CVE-2024-321xx/CVE-2024-32129.json +++ b/CVE-2024/CVE-2024-321xx/CVE-2024-32129.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Freshworks Freshdesk (official).This issue affects Freshdesk (official): from n/a through 2.3.4.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de redireccionamiento de URL a un sitio que no es de confianza ('Open Redirect') en Freshworks Freshdesk (oficial). Este problema afecta a Freshdesk (oficial): desde n/a hasta 2.3.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-321xx/CVE-2024-32130.json b/CVE-2024/CVE-2024-321xx/CVE-2024-32130.json index fb08e5913b4..55e5d2d8d4a 100644 --- a/CVE-2024/CVE-2024-321xx/CVE-2024-32130.json +++ b/CVE-2024/CVE-2024-321xx/CVE-2024-32130.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paystack Payment Forms for Paystack allows Stored XSS.This issue affects Payment Forms for Paystack: from n/a through 3.4.1.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Paystack Payment Forms for Paystack permite almacenar XSS. Este problema afecta los formularios de pago de Paystack: desde n/a hasta 3.4.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-321xx/CVE-2024-32161.json b/CVE-2024/CVE-2024-321xx/CVE-2024-32161.json index 51b1c428f2d..5c946e0a2bb 100644 --- a/CVE-2024/CVE-2024-321xx/CVE-2024-32161.json +++ b/CVE-2024/CVE-2024-321xx/CVE-2024-32161.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "jizhiCMS 2.5 suffers from a File upload vulnerability." + }, + { + "lang": "es", + "value": "jizhiCMS 2.5 sufre una vulnerabilidad de carga de archivos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-321xx/CVE-2024-32162.json b/CVE-2024/CVE-2024-321xx/CVE-2024-32162.json index 52c90de1360..df3f97b6f7c 100644 --- a/CVE-2024/CVE-2024-321xx/CVE-2024-32162.json +++ b/CVE-2024/CVE-2024-321xx/CVE-2024-32162.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "CMSeasy 7.7.7.9 is vulnerable to Arbitrary file deletion." + }, + { + "lang": "es", + "value": "CMSeasy 7.7.7.9 es vulnerable a la eliminaci\u00f3n arbitraria de archivos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-321xx/CVE-2024-32163.json b/CVE-2024/CVE-2024-321xx/CVE-2024-32163.json index c6f898a6da8..a245c6f1684 100644 --- a/CVE-2024/CVE-2024-321xx/CVE-2024-32163.json +++ b/CVE-2024/CVE-2024-321xx/CVE-2024-32163.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "CMSeasy 7.7.7.9 is vulnerable to code execution." + }, + { + "lang": "es", + "value": "CMSeasy 7.7.7.9 es vulnerable a la ejecuci\u00f3n de c\u00f3digo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-322xx/CVE-2024-32281.json b/CVE-2024/CVE-2024-322xx/CVE-2024-32281.json index d3bc727bb67..3ab9aa2a93e 100644 --- a/CVE-2024/CVE-2024-322xx/CVE-2024-32281.json +++ b/CVE-2024/CVE-2024-322xx/CVE-2024-32281.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Tenda AC7V1.0 v15.03.06.44 firmware contains a command injection vulnerablility in formexeCommand function via the cmdinput parameter." + }, + { + "lang": "es", + "value": "El firmware Tenda AC7V1.0 v15.03.06.44 contiene una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n formexeCommand a trav\u00e9s del par\u00e1metro cmdinput." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-322xx/CVE-2024-32282.json b/CVE-2024/CVE-2024-322xx/CVE-2024-32282.json index d8164783cf1..16111d6610e 100644 --- a/CVE-2024/CVE-2024-322xx/CVE-2024-32282.json +++ b/CVE-2024/CVE-2024-322xx/CVE-2024-32282.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Tenda FH1202 v1.2.0.14(408) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter." + }, + { + "lang": "es", + "value": "El firmware Tenda FH1202 v1.2.0.14(408) contiene una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n formexeCommand a trav\u00e9s del par\u00e1metro cmdinput." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-322xx/CVE-2024-32283.json b/CVE-2024/CVE-2024-322xx/CVE-2024-32283.json index b79c6a0c83e..c89aab4fbc6 100644 --- a/CVE-2024/CVE-2024-322xx/CVE-2024-32283.json +++ b/CVE-2024/CVE-2024-322xx/CVE-2024-32283.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Tenda FH1203 V2.0.1.6 firmware has a command injection vulnerablility in formexeCommand function via the cmdinput parameter." + }, + { + "lang": "es", + "value": "El firmware Tenda FH1203 V2.0.1.6 tiene una vulnerabilidad de inyecci\u00f3n de comando en la funci\u00f3n formexeCommand a trav\u00e9s del par\u00e1metro cmdinput." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-322xx/CVE-2024-32285.json b/CVE-2024/CVE-2024-322xx/CVE-2024-32285.json index b361f0dd888..b8d4d6cf787 100644 --- a/CVE-2024/CVE-2024-322xx/CVE-2024-32285.json +++ b/CVE-2024/CVE-2024-322xx/CVE-2024-32285.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the password parameter in the formaddUserName function." + }, + { + "lang": "es", + "value": "El firmware Tenda W30E v1.0 V1.0.1.25(633) tiene una vulnerabilidad de desbordamiento de pila a trav\u00e9s del par\u00e1metro de contrase\u00f1a en la funci\u00f3n formaddUserName." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-322xx/CVE-2024-32286.json b/CVE-2024/CVE-2024-322xx/CVE-2024-32286.json index 9b82a2b6974..4aef98f3db7 100644 --- a/CVE-2024/CVE-2024-322xx/CVE-2024-32286.json +++ b/CVE-2024/CVE-2024-322xx/CVE-2024-32286.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromVirtualSer function." + }, + { + "lang": "es", + "value": "El firmware Tenda W30E v1.0 V1.0.1.25(633) tiene una vulnerabilidad de desbordamiento de pila ubicada a trav\u00e9s del par\u00e1metro de p\u00e1gina en la funci\u00f3n fromVirtualSer." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-322xx/CVE-2024-32287.json b/CVE-2024/CVE-2024-322xx/CVE-2024-32287.json index a1386c5eb25..ae37c78f30a 100644 --- a/CVE-2024/CVE-2024-322xx/CVE-2024-32287.json +++ b/CVE-2024/CVE-2024-322xx/CVE-2024-32287.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in the fromqossetting function." + }, + { + "lang": "es", + "value": "El firmware Tenda W30E v1.0 V1.0.1.25(633) tiene una vulnerabilidad de desbordamiento de pila a trav\u00e9s del par\u00e1metro qos en la funci\u00f3n fromqossetting." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-322xx/CVE-2024-32288.json b/CVE-2024/CVE-2024-322xx/CVE-2024-32288.json index 4a009e84a35..1357869f699 100644 --- a/CVE-2024/CVE-2024-322xx/CVE-2024-32288.json +++ b/CVE-2024/CVE-2024-322xx/CVE-2024-32288.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromwebExcptypemanFilter function." + }, + { + "lang": "es", + "value": "El firmware Tenda W30E v1.0 V1.0.1.25(633) tiene una vulnerabilidad de desbordamiento de pila ubicada a trav\u00e9s del par\u00e1metro de p\u00e1gina en la funci\u00f3n fromwebExcptypemanFilter." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-322xx/CVE-2024-32290.json b/CVE-2024/CVE-2024-322xx/CVE-2024-32290.json index d7599f47670..c104fe44163 100644 --- a/CVE-2024/CVE-2024-322xx/CVE-2024-32290.json +++ b/CVE-2024/CVE-2024-322xx/CVE-2024-32290.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromAddressNat function." + }, + { + "lang": "es", + "value": "El firmware Tenda W30E v1.0 v1.0.1.25(633) tiene una vulnerabilidad de desbordamiento de pila a trav\u00e9s del par\u00e1metro de p\u00e1gina en la funci\u00f3n fromAddressNat." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-322xx/CVE-2024-32291.json b/CVE-2024/CVE-2024-322xx/CVE-2024-32291.json index 45ed8140fe7..1185ad3e7b3 100644 --- a/CVE-2024/CVE-2024-322xx/CVE-2024-32291.json +++ b/CVE-2024/CVE-2024-322xx/CVE-2024-32291.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Tenda W30E v1.0 firmware v1.0.1.25(633) has a stack overflow vulnerability via the page parameter in the fromNatlimit function." + }, + { + "lang": "es", + "value": "El firmware v1.0.1.25(633) de Tenda W30E v1.0 tiene una vulnerabilidad de desbordamiento de pila a trav\u00e9s del par\u00e1metro de p\u00e1gina en la funci\u00f3n fromNatlimit." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-322xx/CVE-2024-32292.json b/CVE-2024/CVE-2024-322xx/CVE-2024-32292.json index 381bbbfbe23..03f14971e1d 100644 --- a/CVE-2024/CVE-2024-322xx/CVE-2024-32292.json +++ b/CVE-2024/CVE-2024-322xx/CVE-2024-32292.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter." + }, + { + "lang": "es", + "value": "El firmware Tenda W30E v1.0 V1.0.1.25(633) contiene una vulnerabilidad de inyecci\u00f3n de comando en la funci\u00f3n formexeCommand a trav\u00e9s del par\u00e1metro cmdinput." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-322xx/CVE-2024-32293.json b/CVE-2024/CVE-2024-322xx/CVE-2024-32293.json index 72ea64430af..ed7767ac3e1 100644 --- a/CVE-2024/CVE-2024-322xx/CVE-2024-32293.json +++ b/CVE-2024/CVE-2024-322xx/CVE-2024-32293.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromDhcpListClient function." + }, + { + "lang": "es", + "value": "El firmware Tenda W30E v1.0 V1.0.1.25(633) tiene una vulnerabilidad de desbordamiento de pila a trav\u00e9s del par\u00e1metro de p\u00e1gina en la funci\u00f3n fromDhcpListClient." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-322xx/CVE-2024-32299.json b/CVE-2024/CVE-2024-322xx/CVE-2024-32299.json index 23e25630ed3..c196a4b8e19 100644 --- a/CVE-2024/CVE-2024-322xx/CVE-2024-32299.json +++ b/CVE-2024/CVE-2024-322xx/CVE-2024-32299.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function." + }, + { + "lang": "es", + "value": "El firmware Tenda FH1203 v2.0.1.6 tiene una vulnerabilidad de desbordamiento de pila a trav\u00e9s del par\u00e1metro PPW en la funci\u00f3n fromWizardHandle." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-323xx/CVE-2024-32301.json b/CVE-2024/CVE-2024-323xx/CVE-2024-32301.json index 0b426a54cf1..51d650f8a0b 100644 --- a/CVE-2024/CVE-2024-323xx/CVE-2024-32301.json +++ b/CVE-2024/CVE-2024-323xx/CVE-2024-32301.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Tenda AC7V1.0 v15.03.06.44 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function." + }, + { + "lang": "es", + "value": "El firmware Tenda AC7V1.0 v15.03.06.44 tiene una vulnerabilidad de desbordamiento de pila a trav\u00e9s del par\u00e1metro PPW en la funci\u00f3n fromWizardHandle." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-323xx/CVE-2024-32302.json b/CVE-2024/CVE-2024-323xx/CVE-2024-32302.json index a73e47bff83..70b530618dd 100644 --- a/CVE-2024/CVE-2024-323xx/CVE-2024-32302.json +++ b/CVE-2024/CVE-2024-323xx/CVE-2024-32302.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function." + }, + { + "lang": "es", + "value": "El firmware Tenda FH1202 v1.2.0.14(408) tiene una vulnerabilidad de desbordamiento de pila a trav\u00e9s del par\u00e1metro PPW en la funci\u00f3n fromWizardHandle." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-323xx/CVE-2024-32306.json b/CVE-2024/CVE-2024-323xx/CVE-2024-32306.json index 73e3cc23de5..320b7e40e20 100644 --- a/CVE-2024/CVE-2024-323xx/CVE-2024-32306.json +++ b/CVE-2024/CVE-2024-323xx/CVE-2024-32306.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Tenda AC10U v1.0 Firmware v15.03.06.49 has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function." + }, + { + "lang": "es", + "value": "Tenda AC10U v1.0 Firmware v15.03.06.49 tiene una vulnerabilidad de desbordamiento de pila ubicada a trav\u00e9s del par\u00e1metro PPW en la funci\u00f3n fromWizardHandle." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-323xx/CVE-2024-32307.json b/CVE-2024/CVE-2024-323xx/CVE-2024-32307.json index 5b058879a89..711e62bd58f 100644 --- a/CVE-2024/CVE-2024-323xx/CVE-2024-32307.json +++ b/CVE-2024/CVE-2024-323xx/CVE-2024-32307.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function." + }, + { + "lang": "es", + "value": "El firmware Tenda FH1205 V2.0.0.7(775) tiene una vulnerabilidad de desbordamiento de pila ubicada a trav\u00e9s del par\u00e1metro PPW en la funci\u00f3n fromWizardHandle." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-323xx/CVE-2024-32310.json b/CVE-2024/CVE-2024-323xx/CVE-2024-32310.json index c4d2bd79448..374876fca33 100644 --- a/CVE-2024/CVE-2024-323xx/CVE-2024-32310.json +++ b/CVE-2024/CVE-2024-323xx/CVE-2024-32310.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the PPW parameter of the fromWizardHandle function." + }, + { + "lang": "es", + "value": "El firmware Tenda F1203 V2.0.1.6 tiene una vulnerabilidad de desbordamiento de pila ubicada en el par\u00e1metro PPW de la funci\u00f3n fromWizardHandle." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-323xx/CVE-2024-32311.json b/CVE-2024/CVE-2024-323xx/CVE-2024-32311.json index 68827a6888a..94b379a7e7b 100644 --- a/CVE-2024/CVE-2024-323xx/CVE-2024-32311.json +++ b/CVE-2024/CVE-2024-323xx/CVE-2024-32311.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function." + }, + { + "lang": "es", + "value": "El firmware Tenda FH1203 v2.0.1.6 tiene una vulnerabilidad de desbordamiento de pila a trav\u00e9s del par\u00e1metro adslPwd en la funci\u00f3n formWanParameterSetting." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-323xx/CVE-2024-32312.json b/CVE-2024/CVE-2024-323xx/CVE-2024-32312.json index e8b51ef7dfe..89e34f17cf3 100644 --- a/CVE-2024/CVE-2024-323xx/CVE-2024-32312.json +++ b/CVE-2024/CVE-2024-323xx/CVE-2024-32312.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the adslPwd parameter of the formWanParameterSetting function." + }, + { + "lang": "es", + "value": "El firmware Tenda F1203 V2.0.1.6 tiene una vulnerabilidad de desbordamiento de pila ubicada en el par\u00e1metro adslPwd de la funci\u00f3n formWanParameterSetting." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-323xx/CVE-2024-32313.json b/CVE-2024/CVE-2024-323xx/CVE-2024-32313.json index b02b9db7ea2..7da3e831456 100644 --- a/CVE-2024/CVE-2024-323xx/CVE-2024-32313.json +++ b/CVE-2024/CVE-2024-323xx/CVE-2024-32313.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located via the adslPwd parameter of the formWanParameterSetting function." + }, + { + "lang": "es", + "value": "El firmware Tenda FH1205 V2.0.0.7(775) tiene una vulnerabilidad de desbordamiento de pila ubicada a trav\u00e9s del par\u00e1metro adslPwd de la funci\u00f3n formWanParameterSetting." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-323xx/CVE-2024-32315.json b/CVE-2024/CVE-2024-323xx/CVE-2024-32315.json index 89fee9e3e64..a8621397de6 100644 --- a/CVE-2024/CVE-2024-323xx/CVE-2024-32315.json +++ b/CVE-2024/CVE-2024-323xx/CVE-2024-32315.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function." + }, + { + "lang": "es", + "value": "El firmware Tenda FH1202 v1.2.0.14(408) tiene una vulnerabilidad de desbordamiento de pila a trav\u00e9s del par\u00e1metro adslPwd en la funci\u00f3n formWanParameterSetting." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-323xx/CVE-2024-32325.json b/CVE-2024/CVE-2024-323xx/CVE-2024-32325.json index 23a092ae49b..7c29bb8d12f 100644 --- a/CVE-2024/CVE-2024-323xx/CVE-2024-32325.json +++ b/CVE-2024/CVE-2024-323xx/CVE-2024-32325.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function." + }, + { + "lang": "es", + "value": "TOTOLINK EX200 V4.0.3c.7646_B20201211 contiene una vulnerabilidad de Cross Site Scripting (XSS) a trav\u00e9s del par\u00e1metro ssid en la funci\u00f3n setWiFiExtenderConfig." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-323xx/CVE-2024-32326.json b/CVE-2024/CVE-2024-323xx/CVE-2024-32326.json index 51c953bac6f..07f14943d65 100644 --- a/CVE-2024/CVE-2024-323xx/CVE-2024-32326.json +++ b/CVE-2024/CVE-2024-323xx/CVE-2024-32326.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function." + }, + { + "lang": "es", + "value": "TOTOLINK EX200 V4.0.3c.7646_B20201211 contiene una vulnerabilidad de Cross Site Scripting (XSS) a trav\u00e9s del par\u00e1metro clave en la funci\u00f3n setWiFiExtenderConfig." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-323xx/CVE-2024-32327.json b/CVE-2024/CVE-2024-323xx/CVE-2024-32327.json index b2184f6e1ca..028f8a07022 100644 --- a/CVE-2024/CVE-2024-323xx/CVE-2024-32327.json +++ b/CVE-2024/CVE-2024-323xx/CVE-2024-32327.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Port Forwarding under the Firewall Page." + }, + { + "lang": "es", + "value": "TOTOLINK N300RT V2.1.8-B20201030.1539 contiene una vulnerabilidad de almacenamiento de Cross Site Scripting (XSS) en el reenv\u00edo de puertos en la p\u00e1gina de firewall." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-323xx/CVE-2024-32332.json b/CVE-2024/CVE-2024-323xx/CVE-2024-32332.json index 00a45bf1ca8..5e541eeb8da 100644 --- a/CVE-2024/CVE-2024-323xx/CVE-2024-32332.json +++ b/CVE-2024/CVE-2024-323xx/CVE-2024-32332.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in WDS Settings under the Wireless Page." + }, + { + "lang": "es", + "value": "TOTOLINK N300RT V2.1.8-B20201030.1539 contiene una vulnerabilidad de Cross Site Scripting (XSS) en la configuraci\u00f3n de WDS en la p\u00e1gina inal\u00e1mbrica." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-323xx/CVE-2024-32333.json b/CVE-2024/CVE-2024-323xx/CVE-2024-32333.json index 2cd16ebb267..12f2a2bb326 100644 --- a/CVE-2024/CVE-2024-323xx/CVE-2024-32333.json +++ b/CVE-2024/CVE-2024-323xx/CVE-2024-32333.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page." + }, + { + "lang": "es", + "value": "TOTOLINK N300RT V2.1.8-B20201030.1539 contiene una vulnerabilidad de almacenamiento de Cross Site Scripting (XSS) en el filtrado MAC en la p\u00e1gina de firewall." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-323xx/CVE-2024-32334.json b/CVE-2024/CVE-2024-323xx/CVE-2024-32334.json index 3f5b39cdaee..a0c6cd21824 100644 --- a/CVE-2024/CVE-2024-323xx/CVE-2024-32334.json +++ b/CVE-2024/CVE-2024-323xx/CVE-2024-32334.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page." + }, + { + "lang": "es", + "value": "TOTOLINK N300RT V2.1.8-B20201030.1539 contiene una vulnerabilidad de almacenamiento de Cross Site Scripting (XSS) en el filtrado de IP/puerto en la p\u00e1gina de firewall." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-323xx/CVE-2024-32335.json b/CVE-2024/CVE-2024-323xx/CVE-2024-32335.json index 8952da4524f..64047c59501 100644 --- a/CVE-2024/CVE-2024-323xx/CVE-2024-32335.json +++ b/CVE-2024/CVE-2024-323xx/CVE-2024-32335.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Access Control under the Wireless Page." + }, + { + "lang": "es", + "value": "TOTOLINK N300RT V2.1.8-B20201030.1539 contiene una vulnerabilidad de almacenamiento de Cross Site Scripting (XSS) en el control de acceso en la p\u00e1gina inal\u00e1mbrica." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-323xx/CVE-2024-32345.json b/CVE-2024/CVE-2024-323xx/CVE-2024-32345.json index 18a2d576cfe..2930ad6e3be 100644 --- a/CVE-2024/CVE-2024-323xx/CVE-2024-32345.json +++ b/CVE-2024/CVE-2024-323xx/CVE-2024-32345.json @@ -11,7 +11,7 @@ }, { "lang": "es", - "value": "Una vulnerabilidad de cross site scripting (XSS) en la secci\u00f3n Configuraci\u00f3n de WonderCMS v3.4.3 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro SITE LANGUAGE CONFIG en el m\u00f3dulo Seguridad." + "value": "Una vulnerabilidad de cross site scripting (XSS) en el men\u00fa Configuraci\u00f3n de CMSimple v5.15 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro Configuraci\u00f3n en la secci\u00f3n Idioma." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-324xx/CVE-2024-32456.json b/CVE-2024/CVE-2024-324xx/CVE-2024-32456.json index 19a43140f0e..fc20b7491f3 100644 --- a/CVE-2024/CVE-2024-324xx/CVE-2024-32456.json +++ b/CVE-2024/CVE-2024-324xx/CVE-2024-32456.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo Extra allows Stored XSS.This issue affects Envo Extra: from n/a through 1.8.11.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en EnvoThemes Envo Extra permite almacenar XSS. Este problema afecta a Envo Extra: desde n/a hasta 1.8.11." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-324xx/CVE-2024-32457.json b/CVE-2024/CVE-2024-324xx/CVE-2024-32457.json index 7a42897ab75..05d94224f7a 100644 --- a/CVE-2024/CVE-2024-324xx/CVE-2024-32457.json +++ b/CVE-2024/CVE-2024-324xx/CVE-2024-32457.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The CSSIgniter Team Elements Plus! allows Stored XSS.This issue affects Elements Plus!: from n/a through 2.16.3.\n\n" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en The CSSIgniter Team Elements Plus. permite XSS almacenado. \u00a1Este problema afecta a Elements Plus!: desde n/a hasta 2.16.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-324xx/CVE-2024-32462.json b/CVE-2024/CVE-2024-324xx/CVE-2024-32462.json index 0660a397cd9..1ad0d05c72a 100644 --- a/CVE-2024/CVE-2024-324xx/CVE-2024-32462.json +++ b/CVE-2024/CVE-2024-324xx/CVE-2024-32462.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It's possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6." + }, + { + "lang": "es", + "value": "Flatpak es un sistema para crear, distribuir y ejecutar aplicaciones de escritorio en espacio aislado en Linux. en versiones anteriores a la 1.10.9, 1.12.9, 1.14.6 y 1.15.8, una aplicaci\u00f3n Flatpak maliciosa o comprometida podr\u00eda ejecutar c\u00f3digo arbitrario fuera de su zona de pruebas. Normalmente, el argumento `--command` de `flatpak run` espera recibir un comando para ejecutar en la aplicaci\u00f3n Flatpak especificada, opcionalmente junto con algunos argumentos. Sin embargo, es posible pasar argumentos `bwrap` a `--command=`, como `--bind`. Es posible pasar una \"l\u00ednea de comando\" arbitraria a la interfaz del portal \"org.freedesktop.portal.Background.RequestBackground\" desde una aplicaci\u00f3n Flatpak. Cuando esto se convierte en un `--command` y argumentos, logra el mismo efecto de pasar argumentos directamente a `bwrap` y, por lo tanto, puede usarse para un escape sandbox. La soluci\u00f3n es pasar el argumento `--` a `bwrap`, lo que hace que deje de procesar las opciones. Esto ha sido compatible desde bubblewrap 0.3.0. Todas las versiones compatibles de Flatpak requieren al menos esa versi\u00f3n de bubblewrap. xdg-desktop-portal versi\u00f3n 1.18.4 mitigar\u00e1 esta vulnerabilidad al permitir que las aplicaciones Flatpak solo creen archivos .desktop para comandos que no comiencen con --. La vulnerabilidad est\u00e1 parcheada en 1.15.8, 1.10.9, 1.12.9 y 1.14.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-324xx/CVE-2024-32470.json b/CVE-2024/CVE-2024-324xx/CVE-2024-32470.json index 0c07156275c..596f41d138f 100644 --- a/CVE-2024/CVE-2024-324xx/CVE-2024-32470.json +++ b/CVE-2024/CVE-2024-324xx/CVE-2024-32470.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Tolgee is an open-source localization platform. When API key created by admin user is used it bypasses the permission check at all. This error was introduced in v3.57.2 and immediately fixed in v3.57.4. " + }, + { + "lang": "es", + "value": "Tolgee es una plataforma de localizaci\u00f3n de c\u00f3digo abierto. Cuando se utiliza la clave API creada por el usuario administrador, se omite la verificaci\u00f3n de permisos. Este error se introdujo en la versi\u00f3n 3.57.2 y se solucion\u00f3 inmediatamente en la versi\u00f3n 3.57.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-324xx/CVE-2024-32475.json b/CVE-2024/CVE-2024-324xx/CVE-2024-32475.json index a5a70c8a8d5..ecab08ce98d 100644 --- a/CVE-2024/CVE-2024-324xx/CVE-2024-32475.json +++ b/CVE-2024/CVE-2024-324xx/CVE-2024-32475.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 255 characters per the standard. Envoy always expects this operation to succeed and abnormally aborts the process when it fails. This vulnerability is fixed in 1.30.1, 1.29.4, 1.28.3, and 1.27.5.\n" + }, + { + "lang": "es", + "value": "Envoy es un proxy de servicio y borde de c\u00f3digo abierto, nativo de la nube. Cuando se utiliza un cl\u00faster TLS ascendente con `auto_sni` habilitado, una solicitud que contiene un encabezado `host`/`:authority` de m\u00e1s de 255 caracteres desencadena una terminaci\u00f3n anormal del proceso de Envoy. Envoy no maneja correctamente un error al configurar SNI para la conexi\u00f3n TLS saliente. El error puede ocurrir cuando Envoy intenta usar el valor del encabezado `host`/`:authority` de m\u00e1s de 255 caracteres como SNI para la conexi\u00f3n TLS saliente. La longitud del SNI est\u00e1 limitada a 255 caracteres seg\u00fan el est\u00e1ndar. Envoy siempre espera que esta operaci\u00f3n tenga \u00e9xito y aborta el proceso de forma anormal cuando falla. Esta vulnerabilidad se solucion\u00f3 en 1.30.1, 1.29.4, 1.28.3 y 1.27.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-325xx/CVE-2024-32505.json b/CVE-2024/CVE-2024-325xx/CVE-2024-32505.json index 0cfae69af93..291119a2ec3 100644 --- a/CVE-2024/CVE-2024-325xx/CVE-2024-32505.json +++ b/CVE-2024/CVE-2024-325xx/CVE-2024-32505.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wpmet Elements kit Elementor addons allows Stored XSS.This issue affects Elements kit Elementor addons: from n/a through 3.0.6.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Wpmet Elements kit Elementor addons permite almacenar XSS. Este problema afecta a los complementos de Elementor del kit de elementos: desde n/a hasta 3.0.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-325xx/CVE-2024-32508.json b/CVE-2024/CVE-2024-325xx/CVE-2024-32508.json index e7d077a3d10..a49722f35ae 100644 --- a/CVE-2024/CVE-2024-325xx/CVE-2024-32508.json +++ b/CVE-2024/CVE-2024-325xx/CVE-2024-32508.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in deTheme DethemeKit For Elementor allows Stored XSS.This issue affects DethemeKit For Elementor: from n/a through 2.0.2.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en deTheme DethemeKit para Elementor permite almacenar XSS. Este problema afecta a DethemeKit para Elementor: desde n/a hasta 2.0.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-325xx/CVE-2024-32510.json b/CVE-2024/CVE-2024-325xx/CVE-2024-32510.json index 9c618f92dbd..64f11df477b 100644 --- a/CVE-2024/CVE-2024-325xx/CVE-2024-32510.json +++ b/CVE-2024/CVE-2024-325xx/CVE-2024-32510.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Loopus WP Cost Estimation & Payment Forms Builder allows Reflected XSS.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Loopus WP Cost Estimation & Payment Forms Builder permite el XSS reflejado. Este problema afecta a WP Cost Estimation & Payment Forms Builder: desde n/a hasta 10.1.75." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-325xx/CVE-2024-32526.json b/CVE-2024/CVE-2024-325xx/CVE-2024-32526.json index c3ba3fe370e..e4829470e29 100644 --- a/CVE-2024/CVE-2024-325xx/CVE-2024-32526.json +++ b/CVE-2024/CVE-2024-325xx/CVE-2024-32526.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Flector Easy Textillate allows Stored XSS.This issue affects Easy Textillate: from n/a through 2.02.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Flector Easy Textillate permite almacenar XSS. Este problema afecta a Easy Textillate: desde n/a hasta 2.02." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-325xx/CVE-2024-32527.json b/CVE-2024/CVE-2024-325xx/CVE-2024-32527.json index 5b45a946646..7ba2b7b5550 100644 --- a/CVE-2024/CVE-2024-325xx/CVE-2024-32527.json +++ b/CVE-2024/CVE-2024-325xx/CVE-2024-32527.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jotform Jotform Online Forms allows Stored XSS.This issue affects Jotform Online Forms: from n/a through 1.3.1.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Jotform Jotform Online Forms permite almacenar XSS. Este problema afecta a Jotform Online Forms: desde n/a hasta 1.3.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-325xx/CVE-2024-32528.json b/CVE-2024/CVE-2024-325xx/CVE-2024-32528.json index af7b640f685..d5569b42fac 100644 --- a/CVE-2024/CVE-2024-325xx/CVE-2024-32528.json +++ b/CVE-2024/CVE-2024-325xx/CVE-2024-32528.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seerox WP Dynamic Keywords Injector allows Reflected XSS.This issue affects WP Dynamic Keywords Injector: from n/a through 2.3.18.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Seerox WP Dynamic Keywords Injector permite el XSS reflejado. Este problema afecta al WP Dynamic Keywords Injector: desde n/a hasta 2.3.18." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-325xx/CVE-2024-32529.json b/CVE-2024/CVE-2024-325xx/CVE-2024-32529.json index fb610d4f252..9b411da2df8 100644 --- a/CVE-2024/CVE-2024-325xx/CVE-2024-32529.json +++ b/CVE-2024/CVE-2024-325xx/CVE-2024-32529.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Momoyoga Yoga Schedule Momoyoga allows Stored XSS.This issue affects Yoga Schedule Momoyoga: from n/a through 2.7.0.\n\n" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Momoyoga Yoga Schedule Momoyoga permite almacenar XSS. Este problema afecta a Yoga Schedule Momoyoga: desde n/a hasta 2.7.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-325xx/CVE-2024-32530.json b/CVE-2024/CVE-2024-325xx/CVE-2024-32530.json index 433018224ef..11b104e6bcb 100644 --- a/CVE-2024/CVE-2024-325xx/CVE-2024-32530.json +++ b/CVE-2024/CVE-2024-325xx/CVE-2024-32530.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PressTigers Simple Testimonials Showcase allows Stored XSS.This issue affects Simple Testimonials Showcase: from n/a through 1.1.5.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en PressTigers Simple Testimonials Showcase permite almacenar XSS. Este problema afecta a Simple Testimonials Showcase: desde n/a hasta 1.1.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-325xx/CVE-2024-32531.json b/CVE-2024/CVE-2024-325xx/CVE-2024-32531.json index f0052ab9aed..dbc137bb212 100644 --- a/CVE-2024/CVE-2024-325xx/CVE-2024-32531.json +++ b/CVE-2024/CVE-2024-325xx/CVE-2024-32531.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Everest themes GuCherry Blog allows Reflected XSS.This issue affects GuCherry Blog: from n/a through 1.1.8.\n\n" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Everest themes GuCherry Blog permite Reflected XSS. Este problema afecta a GuCherry Blog: desde n/a hasta 1.1.8." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-325xx/CVE-2024-32535.json b/CVE-2024/CVE-2024-325xx/CVE-2024-32535.json index 73654ab4007..ce1a0c8c0cd 100644 --- a/CVE-2024/CVE-2024-325xx/CVE-2024-32535.json +++ b/CVE-2024/CVE-2024-325xx/CVE-2024-32535.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jojaba Access Category Password allows Reflected XSS.This issue affects Access Category Password: from n/a through 1.5.1.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Jojaba Access Category Password permite XSS reflejado. Este problema afecta la contrase\u00f1a de categor\u00eda de acceso: desde n/a hasta 1.5.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-325xx/CVE-2024-32551.json b/CVE-2024/CVE-2024-325xx/CVE-2024-32551.json index 6cd7da14998..357811b9b1b 100644 --- a/CVE-2024/CVE-2024-325xx/CVE-2024-32551.json +++ b/CVE-2024/CVE-2024-325xx/CVE-2024-32551.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.71.\n\n" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Smartypants SP Project & Document Manager. Este problema afecta a SP Project & Document Manager: desde n/a hasta 4.71." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-325xx/CVE-2024-32552.json b/CVE-2024/CVE-2024-325xx/CVE-2024-32552.json index 59a3b8a5f7b..e9129d9802f 100644 --- a/CVE-2024/CVE-2024-325xx/CVE-2024-32552.json +++ b/CVE-2024/CVE-2024-325xx/CVE-2024-32552.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tagbox Taggbox allows Stored XSS.This issue affects Taggbox: from n/a through 3.2.\n\n" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Tagbox Taggbox permite almacenar XSS. Este problema afecta a Taggbox: desde n/a hasta 3.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-325xx/CVE-2024-32553.json b/CVE-2024/CVE-2024-325xx/CVE-2024-32553.json index c48d08ec76b..4d872e09d9e 100644 --- a/CVE-2024/CVE-2024-325xx/CVE-2024-32553.json +++ b/CVE-2024/CVE-2024-325xx/CVE-2024-32553.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in looks_awesome Superfly Menu allows Stored XSS.This issue affects Superfly Menu: from n/a through 5.0.25.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en looks_awesome Superfly Menu permite almacenar XSS. Este problema afecta al men\u00fa Superfly: desde n/a hasta 5.0.25." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-326xx/CVE-2024-32600.json b/CVE-2024/CVE-2024-326xx/CVE-2024-32600.json index 45f050cbba2..22f035495e2 100644 --- a/CVE-2024/CVE-2024-326xx/CVE-2024-32600.json +++ b/CVE-2024/CVE-2024-326xx/CVE-2024-32600.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Deserialization of Untrusted Data vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.5.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en Averta Master Slider. Este problema afecta a Master Slider: desde n/a hasta 3.9.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-326xx/CVE-2024-32602.json b/CVE-2024/CVE-2024-326xx/CVE-2024-32602.json index 82e8a077059..2c440fa5bb8 100644 --- a/CVE-2024/CVE-2024-326xx/CVE-2024-32602.json +++ b/CVE-2024/CVE-2024-326xx/CVE-2024-32602.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.3.1.\n\n" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en OnTheGoSystems WooCommerce Multilingual & Multicurrency. Este problema afecta a WooCommerce Multilingual & Multicurrency: desde n/a hasta 5.3.3.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-326xx/CVE-2024-32686.json b/CVE-2024/CVE-2024-326xx/CVE-2024-32686.json index 4bedc1f382e..d965cbde5d1 100644 --- a/CVE-2024/CVE-2024-326xx/CVE-2024-32686.json +++ b/CVE-2024/CVE-2024-326xx/CVE-2024-32686.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Insertion of Sensitive Information into Log File vulnerability in Inisev Backup Migration.This issue affects Backup Migration: from n/a through 1.4.3.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de inserci\u00f3n de informaci\u00f3n confidencial en el archivo de registro en Inisev Backup Migration. Este problema afecta a Backup Migration: desde n/a hasta 1.4.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-326xx/CVE-2024-32689.json b/CVE-2024/CVE-2024-326xx/CVE-2024-32689.json index 1814d10c23b..73b669e5d93 100644 --- a/CVE-2024/CVE-2024-326xx/CVE-2024-32689.json +++ b/CVE-2024/CVE-2024-326xx/CVE-2024-32689.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in GenialSouls WP Social Comments.This issue affects WP Social Comments: from n/a through 1.7.3.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en GenialSouls WP Social Comments. Este problema afecta a WP Social Comments: desde n/a hasta 1.7.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-32xx/CVE-2024-3211.json b/CVE-2024/CVE-2024-32xx/CVE-2024-3211.json index 8f0df48f59d..9ef47c5acb2 100644 --- a/CVE-2024/CVE-2024-32xx/CVE-2024-3211.json +++ b/CVE-2024/CVE-2024-32xx/CVE-2024-3211.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to SQL Injection via the 'productid' attribute of the ec_addtocart shortcode in all versions up to, and including, 5.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + }, + { + "lang": "es", + "value": "El complemento Shopping Cart & eCommerce Store para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del atributo 'productid' del c\u00f3digo corto ec_addtocart en todas las versiones hasta la 5.6.3 incluida debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente. en la consulta SQL existente. Esto hace posible que los atacantes autenticados, con acceso de nivel de colaborador y superior, agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer informaci\u00f3n confidencial de la base de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-32xx/CVE-2024-3243.json b/CVE-2024/CVE-2024-32xx/CVE-2024-3243.json index 429e0746d66..d77407e6610 100644 --- a/CVE-2024/CVE-2024-32xx/CVE-2024-3243.json +++ b/CVE-2024/CVE-2024-32xx/CVE-2024-3243.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_email() function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to send arbitrary test emails." + }, + { + "lang": "es", + "value": "El complemento Customer Reviews for WooCommerce para WordPress es vulnerable al env\u00edo de correo electr\u00f3nico no autorizado debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n send_test_email() en todas las versiones hasta la 5.46.0 incluida. Esto hace posible que atacantes autenticados, con acceso a nivel de suscriptor y superior, env\u00eden correos electr\u00f3nicos de prueba arbitrarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-33xx/CVE-2024-3323.json b/CVE-2024/CVE-2024-33xx/CVE-2024-3323.json index 231fb864a99..8aebf6c7f67 100644 --- a/CVE-2024/CVE-2024-33xx/CVE-2024-3323.json +++ b/CVE-2024/CVE-2024-33xx/CVE-2024-3323.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Cross Site Scripting in \n\nUI Request/Response Validation\n\n in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie\u00a0via sending malicious link, enticing the user to interact." + }, + { + "lang": "es", + "value": "Cross Site Scripting en la validaci\u00f3n de solicitud/respuesta de UI en TIBCO JasperReports Server 8.0.4 y 8.2.0 permite la inyecci\u00f3n de scripts ejecutables maliciosos en el c\u00f3digo de una aplicaci\u00f3n confiable que pueden llevar a robar la cookie de sesi\u00f3n activa del usuario mediante el env\u00edo de un enlace malicioso, incitando al usuario a interactuar." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-33xx/CVE-2024-3333.json b/CVE-2024/CVE-2024-33xx/CVE-2024-3333.json index 1bccd59c485..02b91df11b8 100644 --- a/CVE-2024/CVE-2024-33xx/CVE-2024-3333.json +++ b/CVE-2024/CVE-2024-33xx/CVE-2024-3333.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "The Essential Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attributes of widgets in all versions up to, and including, 5.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Essential Addons for Elementor para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de los atributos de URL de los widgets en todas las versiones hasta la 5.9.14 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-33xx/CVE-2024-3367.json b/CVE-2024/CVE-2024-33xx/CVE-2024-3367.json index ed70357bcf6..5a38fda33ac 100644 --- a/CVE-2024/CVE-2024-33xx/CVE-2024-3367.json +++ b/CVE-2024/CVE-2024-33xx/CVE-2024-3367.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p25 and <2.3.0b5 allows local attacker to inject one argument to runmqsc" + }, + { + "lang": "es", + "value": "La inyecci\u00f3n de argumentos en el complemento del agente websphere_mq en Checkmk 2.0.0, 2.1.0, <2.2.0p25 y <2.3.0b5 permite a un atacante local inyectar un argumento para ejecutar mqsc" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-36xx/CVE-2024-3672.json b/CVE-2024/CVE-2024-36xx/CVE-2024-3672.json index 8757966e313..4e6d53e3042 100644 --- a/CVE-2024/CVE-2024-36xx/CVE-2024-3672.json +++ b/CVE-2024/CVE-2024-36xx/CVE-2024-3672.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'all-items' shortcode in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes such as 'classes'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento BA Book Everything para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo abreviado 'todos los elementos' del complemento en todas las versiones hasta la 1.6.8 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en atributos proporcionados por el usuario, como 'clases'. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-37xx/CVE-2024-3780.json b/CVE-2024/CVE-2024-37xx/CVE-2024-3780.json index 5a83e421592..45960ceba6f 100644 --- a/CVE-2024/CVE-2024-37xx/CVE-2024-3780.json +++ b/CVE-2024/CVE-2024-37xx/CVE-2024-3780.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "A vulnerability of Information Exposure has been found on Technicolor CGA2121 affecting the version 1.01, this vulnerability allows a local attacker to obtain sensitive information stored on the device such as wifi network's SSID and their respective passwords." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n en Technicolor CGA2121 afectando la versi\u00f3n 1.01, esta vulnerabilidad permite a un atacante local obtener informaci\u00f3n sensible almacenada en el dispositivo como el SSID de la red wifi y sus respectivas contrase\u00f1as." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-37xx/CVE-2024-3797.json b/CVE-2024/CVE-2024-37xx/CVE-2024-3797.json index 2a6a97f9ea9..e640d8aeb04 100644 --- a/CVE-2024/CVE-2024-37xx/CVE-2024-3797.json +++ b/CVE-2024/CVE-2024-37xx/CVE-2024-3797.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-bookmark.php?bookmark=1. The manipulation of the argument bookmark leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260764." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester QR Code Bookmark System 1.0. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /endpoint/delete-bookmark.php?bookmark=1. La manipulaci\u00f3n del argumento marcador conduce a la inyecci\u00f3n de SQL. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-260764." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-38xx/CVE-2024-3802.json b/CVE-2024/CVE-2024-38xx/CVE-2024-3802.json index 93da1973f6e..fe3ad78571e 100644 --- a/CVE-2024/CVE-2024-38xx/CVE-2024-3802.json +++ b/CVE-2024/CVE-2024-38xx/CVE-2024-3802.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Vulnerabilities in Celeste 22.x was vulnerable to takeover from unauthenticated local attacker.\n" + }, + { + "lang": "es", + "value": "Vulnerabilidades en Celeste 22.x eran vulnerables a la toma de control por parte de un atacante local no autenticado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-38xx/CVE-2024-3825.json b/CVE-2024/CVE-2024-38xx/CVE-2024-3825.json index b156b97a32c..2e645fc305a 100644 --- a/CVE-2024/CVE-2024-38xx/CVE-2024-3825.json +++ b/CVE-2024/CVE-2024-38xx/CVE-2024-3825.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw which results in credential enumeration\n" + }, + { + "lang": "es", + "value": "Las versiones del complemento BlazeMeter Jenkins anteriores a la 4.22 contienen una falla que resulta en la enumeraci\u00f3n de credenciales" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-38xx/CVE-2024-3869.json b/CVE-2024/CVE-2024-38xx/CVE-2024-3869.json index 67ac8882736..9d9e7260437 100644 --- a/CVE-2024/CVE-2024-38xx/CVE-2024-3869.json +++ b/CVE-2024/CVE-2024-38xx/CVE-2024-3869.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommerce_json_search_coupons' function . This makes it possible for attackers with subscriber level access to view coupon codes." + }, + { + "lang": "es", + "value": "El complemento Customer Reviews for WooCommerce para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'woocommerce_json_search_coupons'. Esto hace posible que los atacantes con acceso a nivel de suscriptor vean c\u00f3digos de cup\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-39xx/CVE-2024-3900.json b/CVE-2024/CVE-2024-39xx/CVE-2024-3900.json index b95341477f8..573c7694fd6 100644 --- a/CVE-2024/CVE-2024-39xx/CVE-2024-3900.json +++ b/CVE-2024/CVE-2024-39xx/CVE-2024-3900.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText.\n" + }, + { + "lang": "es", + "value": "Escritura de matriz fuera de los l\u00edmites en Xpdf 4.05 y versiones anteriores, provocada por una secuencia Unicode larga en ActualText." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-39xx/CVE-2024-3905.json b/CVE-2024/CVE-2024-39xx/CVE-2024-3905.json index cf7a29dd286..3c03c3cdf5e 100644 --- a/CVE-2024/CVE-2024-39xx/CVE-2024-3905.json +++ b/CVE-2024/CVE-2024-39xx/CVE-2024-3905.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been classified as critical. This affects the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261141 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Tenda AC500 2.0.1.9(1307). Ha sido clasificada como cr\u00edtica. Esto afecta a la funci\u00f3n R7WebsSecurityHandler del archivo /goform/execCommand. La manipulaci\u00f3n del argumento contrase\u00f1a provoca un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-261141. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-39xx/CVE-2024-3906.json b/CVE-2024/CVE-2024-39xx/CVE-2024-3906.json index b096c2bbad8..4d2bd45449f 100644 --- a/CVE-2024/CVE-2024-39xx/CVE-2024-3906.json +++ b/CVE-2024/CVE-2024-39xx/CVE-2024-3906.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been declared as critical. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-261142 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Tenda AC500 2.0.1.9(1307). Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n formQuickIndex del archivo /goform/QuickIndex. La manipulaci\u00f3n del argumento PPPOEPassword provoca un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-261142 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-39xx/CVE-2024-3907.json b/CVE-2024/CVE-2024-39xx/CVE-2024-3907.json index aa6d7cd425c..3f4ed96fa75 100644 --- a/CVE-2024/CVE-2024-39xx/CVE-2024-3907.json +++ b/CVE-2024/CVE-2024-39xx/CVE-2024-3907.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been rated as critical. This issue affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261143. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Tenda AC500 2.0.1.9(1307). Ha sido calificada como cr\u00edtica. Este problema afecta a la funci\u00f3n formSetCfm del archivo /goform/setcfm. La manipulaci\u00f3n del argumento funcpara1 provoca un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-261143. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-39xx/CVE-2024-3908.json b/CVE-2024/CVE-2024-39xx/CVE-2024-3908.json index f1b0f00a36e..ea7191df822 100644 --- a/CVE-2024/CVE-2024-39xx/CVE-2024-3908.json +++ b/CVE-2024/CVE-2024-39xx/CVE-2024-3908.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "A vulnerability classified as critical has been found in Tenda AC500 2.0.1.9(1307). Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261144. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en Tenda AC500 2.0.1.9(1307) y clasificada como cr\u00edtica. La funci\u00f3n formWriteFacMac del fichero /goform/WriteFacMac es afectada por la vulnerabilidad. La manipulaci\u00f3n del argumento mac conduce a la inyecci\u00f3n de comandos. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-261144. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-39xx/CVE-2024-3909.json b/CVE-2024/CVE-2024-39xx/CVE-2024-3909.json index 36a71209f42..5d55f093b8e 100644 --- a/CVE-2024/CVE-2024-39xx/CVE-2024-3909.json +++ b/CVE-2024/CVE-2024-39xx/CVE-2024-3909.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "A vulnerability classified as critical was found in Tenda AC500 2.0.1.9(1307). Affected by this vulnerability is the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261145 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en Tenda AC500 2.0.1.9(1307) y clasificada como cr\u00edtica. La funci\u00f3n formexeCommand del archivo /goform/execCommand es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento cmdinput provoca un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-261145. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-39xx/CVE-2024-3910.json b/CVE-2024/CVE-2024-39xx/CVE-2024-3910.json index 06a672bab10..89eea880f17 100644 --- a/CVE-2024/CVE-2024-39xx/CVE-2024-3910.json +++ b/CVE-2024/CVE-2024-39xx/CVE-2024-3910.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in Tenda AC500 2.0.1.9(1307). Affected by this issue is the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261146 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en Tenda AC500 2.0.1.9(1307) y clasificada como cr\u00edtica. La funci\u00f3n fromDhcpListClient del archivo /goform/DhcpListClient es afectada por esta vulnerabilidad. La manipulaci\u00f3n de la p\u00e1gina de argumentos provoca un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-261146 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-39xx/CVE-2024-3914.json b/CVE-2024/CVE-2024-39xx/CVE-2024-3914.json index d9fdd22a2c0..3402097737c 100644 --- a/CVE-2024/CVE-2024-39xx/CVE-2024-3914.json +++ b/CVE-2024/CVE-2024-39xx/CVE-2024-3914.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + }, + { + "lang": "es", + "value": "Use after free en V8 en Google Chrome anterior a 124.0.6367.60 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-39xx/CVE-2024-3948.json b/CVE-2024/CVE-2024-39xx/CVE-2024-3948.json index a6d8ead7333..5caf551c390 100644 --- a/CVE-2024/CVE-2024-39xx/CVE-2024-3948.json +++ b/CVE-2024/CVE-2024-39xx/CVE-2024-3948.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "A vulnerability was found in SourceCodester Home Clean Service System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file \\admin\\student.add.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261440." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester Home Clean Service System 1.0. Ha sido calificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo \\admin\\student.add.php del componente Photo Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a una carga sin restricciones. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-261440." } ], "metrics": { diff --git a/README.md b/README.md index d16e3913aea..e72a3c55260 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-04-20T23:55:29.818252+00:00 +2024-04-21T02:00:30.106734+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD @@ -27,7 +27,7 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2024-04-20T00:00:20.237698+00:00 +2024-04-21T00:00:20.255479+00:00 ``` ### Total Number of included CVEs @@ -38,15 +38,39 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `0` -- [CVE-2024-4020](CVE-2024/CVE-2024-40xx/CVE-2024-4020.json) (`2024-04-20T23:15:48.183`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `432` +- [CVE-2024-32551](CVE-2024/CVE-2024-325xx/CVE-2024-32551.json) (`2024-04-18T13:04:28.900`) +- [CVE-2024-32552](CVE-2024/CVE-2024-325xx/CVE-2024-32552.json) (`2024-04-18T13:04:28.900`) +- [CVE-2024-32553](CVE-2024/CVE-2024-325xx/CVE-2024-32553.json) (`2024-04-18T13:04:28.900`) +- [CVE-2024-32600](CVE-2024/CVE-2024-326xx/CVE-2024-32600.json) (`2024-04-18T13:04:28.900`) +- [CVE-2024-32602](CVE-2024/CVE-2024-326xx/CVE-2024-32602.json) (`2024-04-18T13:04:28.900`) +- [CVE-2024-32686](CVE-2024/CVE-2024-326xx/CVE-2024-32686.json) (`2024-04-18T13:04:28.900`) +- [CVE-2024-32689](CVE-2024/CVE-2024-326xx/CVE-2024-32689.json) (`2024-04-18T13:04:28.900`) +- [CVE-2024-3323](CVE-2024/CVE-2024-33xx/CVE-2024-3323.json) (`2024-04-17T20:08:21.887`) +- [CVE-2024-3333](CVE-2024/CVE-2024-33xx/CVE-2024-3333.json) (`2024-04-17T12:48:07.510`) +- [CVE-2024-3367](CVE-2024/CVE-2024-33xx/CVE-2024-3367.json) (`2024-04-16T13:24:07.103`) +- [CVE-2024-3672](CVE-2024/CVE-2024-36xx/CVE-2024-3672.json) (`2024-04-16T13:24:07.103`) +- [CVE-2024-3780](CVE-2024/CVE-2024-37xx/CVE-2024-3780.json) (`2024-04-15T13:15:31.997`) +- [CVE-2024-3797](CVE-2024/CVE-2024-37xx/CVE-2024-3797.json) (`2024-04-15T19:12:25.887`) +- [CVE-2024-3802](CVE-2024/CVE-2024-38xx/CVE-2024-3802.json) (`2024-04-15T13:15:31.997`) +- [CVE-2024-3825](CVE-2024/CVE-2024-38xx/CVE-2024-3825.json) (`2024-04-17T15:31:50.160`) +- [CVE-2024-3869](CVE-2024/CVE-2024-38xx/CVE-2024-3869.json) (`2024-04-16T13:24:07.103`) +- [CVE-2024-3900](CVE-2024/CVE-2024-39xx/CVE-2024-3900.json) (`2024-04-17T20:08:21.887`) +- [CVE-2024-3905](CVE-2024/CVE-2024-39xx/CVE-2024-3905.json) (`2024-04-17T12:48:07.510`) +- [CVE-2024-3906](CVE-2024/CVE-2024-39xx/CVE-2024-3906.json) (`2024-04-17T12:48:07.510`) +- [CVE-2024-3907](CVE-2024/CVE-2024-39xx/CVE-2024-3907.json) (`2024-04-17T12:48:07.510`) +- [CVE-2024-3908](CVE-2024/CVE-2024-39xx/CVE-2024-3908.json) (`2024-04-17T12:48:07.510`) +- [CVE-2024-3909](CVE-2024/CVE-2024-39xx/CVE-2024-3909.json) (`2024-04-17T12:48:07.510`) +- [CVE-2024-3910](CVE-2024/CVE-2024-39xx/CVE-2024-3910.json) (`2024-04-17T12:48:07.510`) +- [CVE-2024-3914](CVE-2024/CVE-2024-39xx/CVE-2024-3914.json) (`2024-04-17T20:08:21.887`) +- [CVE-2024-3948](CVE-2024/CVE-2024-39xx/CVE-2024-3948.json) (`2024-04-18T13:04:28.900`) ## Download and Usage diff --git a/_state.csv b/_state.csv index ed948f2a5bb..3619bbca031 100644 --- a/_state.csv +++ b/_state.csv @@ -8585,7 +8585,7 @@ CVE-2004-0281,0,0,a5b551c3f5758977d1a6a77a80db29af6ba522c65dd4e0c3867b0a52503659 CVE-2004-0282,0,0,744b019872557a60425c8e9f327b7c6a01217d34347d47b80eb0036a99d39825,2017-07-11T01:30:02.197000 CVE-2004-0283,0,0,7f67424bd500d69fa23e7313f40bb2460b5f89ec23d8f1bf69bfb0ab9d9426fa,2017-07-11T01:30:02.290000 CVE-2004-0284,0,0,30dc472b0514ba857b844047d928c73bbc88561ec49c91b8c77d7528c40bcd71,2021-07-23T12:55:03.667000 -CVE-2004-0285,0,0,9f06ee5740c82e62b88f29e502ec50bb40f6b5960d5d7f6769a186660188d315,2024-02-08T02:26:13.527000 +CVE-2004-0285,0,1,6f854c85a00a0b40223477ad5f5f1bd172e9e3216a545102cdb774bc12854b35,2024-02-08T02:26:13.527000 CVE-2004-0286,0,0,8dafc033e9db42a284c051c97601275bb38f27107642786473faae250f95994f,2017-07-11T01:30:02.447000 CVE-2004-0287,0,0,d16fbbe99dfa71ae0f58dae25f7eb40378a65b2fc6b062d93cc7fbca7fed5ad3,2017-07-11T01:30:02.497000 CVE-2004-0288,0,0,e7d35c35b4d43cd12bd27c6400ef38cb508599ceb7f9bcebfb7adf3341b3d7c3,2017-07-11T01:30:02.540000 @@ -20699,7 +20699,7 @@ CVE-2006-4989,0,0,c8f8336fb475c8b77442c832ff06b116e53ec3d6b8312b23f5e9acd82755c1 CVE-2006-4990,0,0,68e78265ed8a4059465d637668eeecd3177adb6612a6fa7cbeffd4e499dbf6b1,2018-10-17T21:40:46.843000 CVE-2006-4991,0,0,bed8d0e9764ff007e05ddffb5cf9d7b9cd584e0ba0e0ca4daa02142535927112,2018-10-17T21:40:49.280000 CVE-2006-4992,0,0,b8d0accf8f637a19df0e29fdf2230f06557325eddf4888299b929243d4ac85e9,2023-11-07T01:59:25.357000 -CVE-2006-4993,0,0,ff2eef0d5f05e81dd0424ea4616a9c3114f5d4bac6518b2ee4a62ddb48f4d083,2017-10-19T01:29:28.080000 +CVE-2006-4993,0,1,a6c12392b35ed437e72a4f77b6f632dc5df1eb5aa1907f27d44dcb7c807ce577,2017-10-19T01:29:28.080000 CVE-2006-4994,0,0,c5ef94894f67872840e7af1237a13b217e874e8632eebd993ea8f0817545e4c7,2023-11-07T01:59:25.447000 CVE-2006-4995,0,0,9f54345c01b423490629d9b822ffec72c053418110b019deeaf9acc3385d1d62,2023-11-07T01:59:25.503000 CVE-2006-4996,0,0,737f972222c16b53ed01a9a4f964ea8ad5e7ddf27c68d4ea7a159bddd1a2bd06,2023-11-07T01:59:25.550000 @@ -23104,8 +23104,8 @@ CVE-2007-0167,0,0,6cd4c9ade160e632ceeeab387f2f2499f6f93a50a2b3169f74e363bd349f67 CVE-2007-0168,0,0,a0050464d8845d796c6f8ae4fc2a20e31ae37eb9cac07b6e2e52426630a8cabe,2021-04-07T18:53:50.540000 CVE-2007-0169,0,0,0a1d2970ccb0b23439136925bf805227c4ecaae40815eb2e9c2798fa0d08171c,2021-04-07T18:53:50.540000 CVE-2007-0170,0,0,2fdb53bbda6bb874a40a8eb5eadbc199a05dc61bcf29939ad238e05c27505b48,2017-10-19T01:29:56.877000 -CVE-2007-0171,0,0,4d2ce920d74beb2e6a9c9f2a2ae113805681062cd37c7519d54eeece975de32a,2017-10-19T01:29:56.940000 -CVE-2007-0172,0,0,7e861f92cbc57a93fd53e988de816e656495b6a7e97e6b8aa55780bd129090d6,2017-10-19T01:29:56.987000 +CVE-2007-0171,0,1,d549b48fa0c2a5b4c16c652c810655db1d52c0c9dd42751067b4cea2b0c7d7f8,2017-10-19T01:29:56.940000 +CVE-2007-0172,0,1,4a264c0dbbeed8900306a9f00adb637e75b5fe4342d2a1d8ad2ca2c429754e2d,2017-10-19T01:29:56.987000 CVE-2007-0173,0,0,9e35c7150e9ede27174f0fa51be519750b2029054723f72f1a52aec76e911e72,2017-10-19T01:29:57.050000 CVE-2007-0174,0,0,7f7a52e6fa84076c43a3e8684f4e8ee641fa71f4d8f0d5cd36efb4a612dcd9bc,2018-10-16T16:31:33.853000 CVE-2007-0175,0,0,2803595c41c760cdd09df1de3fc2cc755b9a180ee6a03df5e6e915141c86ad4d,2017-07-29T01:30:01.923000 @@ -29173,7 +29173,7 @@ CVE-2007-6416,0,0,f6611a365bba27a05712a012e0e5f77795edc90eae97402c1c4a7ee486cc73 CVE-2007-6417,0,0,3909a590c55a3d40e30fafc7c7605ce0db930aac7e93aaa98bcd6a830b6a6d95,2018-10-30T16:25:10.013000 CVE-2007-6418,0,0,50c79925a3e55bd00233ab62a86af4d0a88ead9dcbc7a50c847452dd43fad4fd,2008-11-15T07:04:36.343000 CVE-2007-6419,0,0,df1787831c358fb56c0a9787703ddba9eced7dd751c371317c03f468c23b65ce,2017-09-29T01:29:55.767000 -CVE-2007-6420,0,0,27c0bc023eae60faff8e0507ca6be81ecf944e586da73a9c8015f3e86ffef880,2023-11-07T02:01:31.087000 +CVE-2007-6420,0,1,5d99978df552801a4f02c5e505cc8e4ecec1094393d7edf466d2a4f2d40f42e7,2023-11-07T02:01:31.087000 CVE-2007-6421,0,0,56264a70ab18de14c65da41b04430d319d682786f39fcd0f8c47c5f0a79537d8,2023-11-07T02:01:31.203000 CVE-2007-6422,0,0,3fe0faf2c5c963371460b35c589ed00294053e3c03ef798c058e1967adfaa3fd,2023-11-07T02:01:31.340000 CVE-2007-6423,0,0,470e0a66acadf5788839a9816825947b0df2760d2b60fcff318430b04e9cbcf1,2024-04-11T00:43:11.557000 @@ -139208,7 +139208,7 @@ CVE-2019-3896,0,0,ff7ff0d5b9750f4e2a2949f6cc806dee55c6329af8fab5afb0e6c65fbf0e0e CVE-2019-3897,0,0,683ba10c1bed414823926c712ebecad9b62769b622176a31b385e81fdd012cc8,2021-03-22T19:51:07.257000 CVE-2019-3898,0,0,540e0ba117b50c4c5bab9645026327daf6ec2278ac6c93ab83aa1085055b23ed,2023-11-07T03:10:16.920000 CVE-2019-3899,0,0,58c5fda9dbdc5910c9d18d946afad0ce0832b00f86524e3446d0ecc7fde70b78,2023-02-12T23:38:50.393000 -CVE-2019-3900,0,0,300ab732cd19341c6a3db52e80d14c22be28fef4afc9df3d41e9b8e1d8811e56,2023-02-12T23:38:55.887000 +CVE-2019-3900,0,1,de4c5f09489467aedd4adc91df02485d72f85b0df419c8f77300f4c11c713d80,2023-02-12T23:38:55.887000 CVE-2019-3901,0,0,1929dca23f7fb30406a20e572db9387dcaa3131674f97a907c87b121fa08a777,2023-02-12T23:38:57.670000 CVE-2019-3902,0,0,30ad0efee0cac86e816b895da9032f71fcaaaabd3a4221679ec0a4135d917ffb,2020-07-31T13:15:12.210000 CVE-2019-3903,0,0,d2c7b831d8bb0413b06fcd8f6f7af030ad00c62ac0917e1809ca363c6d4d1f7d,2023-11-07T03:10:17.267000 @@ -162861,7 +162861,7 @@ CVE-2020-8001,0,0,5e26660f4f6392e7b9ce85bdd11cfb4e9aba7949a063133882f225ac531aae CVE-2020-8002,0,0,1a89fff7c568b54b5febf5bf6bb1360286c98697728dc946f1d61a245326175e,2023-02-03T18:42:23.660000 CVE-2020-8003,0,0,b251546972a5e3156be6ad5aaa35168e35b198eea371944a5218efd50f24da14,2023-02-03T18:42:42.553000 CVE-2020-8004,0,0,6f16b2cf6f5ac1a9ada2a196b1017764dbe236f2f76e2c6cfce86b1e07fa4ebd,2021-07-21T11:39:23.747000 -CVE-2020-8006,0,0,b8def969213897e3e33fb9da55f8b5b1bd3d38bcc2b43a28c3a8d8d706938279,2024-04-12T12:43:46.210000 +CVE-2020-8006,0,1,9f2abb1f3b40fd27a67ad1cef7f79935aea1e4b2495c547896e29e6fc66f8746,2024-04-12T12:43:46.210000 CVE-2020-8009,0,0,9aa8d1131a7d1c75873876d89231a187becb6ad46742fc062248fb0d7f973f07,2020-02-06T19:37:44.430000 CVE-2020-8010,0,0,e82126828b3405a7584a7fbfc2cfca404c709163d8843180ee4f78f67acfc5a8,2022-04-29T15:57:59.317000 CVE-2020-8011,0,0,83d4c5172e2f05731def52af7d2645ab098caeaac7a337a4dfb0f95604739437,2021-12-30T21:49:34.493000 @@ -188003,7 +188003,7 @@ CVE-2022-1145,0,0,f079176faafc565c1e07ec66abec8781fdded63ecd7e2e83f5c0bd8742a3da CVE-2022-1146,0,0,ded4efaccd8debddfa5409beacfb241c0a0176d1ee15f5af4d40441b758c7cc5,2023-08-08T14:22:24.967000 CVE-2022-1148,0,0,9eac46b16c1279331e247d706984f385ca101fd718241c48b6e00ec2d7ca5f12,2023-08-08T14:21:49.707000 CVE-2022-1152,0,0,e584b987026ba0860a757a41f8e9ec5e62148961a196ff1d2846568ea2eb821a,2022-05-03T17:04:51.920000 -CVE-2022-1153,0,0,fba9ce4f083dedd1169f88a981e88eaecfe65b3ad4e18ec9c5aaff47f7580d0e,2022-05-03T17:08:05.927000 +CVE-2022-1153,0,1,e62cfb15b1b4baceea11668c9e11029c8eab1efbaa1cb3697fa2cdef2623120a,2022-05-03T17:08:05.927000 CVE-2022-1154,0,0,773a4ffd31d7074dd889785914073560bbbc55432b9b285b30dd5b09416ff74d,2023-11-07T03:41:45.760000 CVE-2022-1155,0,0,25bfff00b8cfcd3644bdc36061f6af4706dc1fdd0ddc045eb2ecaf7c70eac2c1,2022-04-05T21:18:48.263000 CVE-2022-1156,0,0,ca7b05d54182754e4d9455c92fbde1460302e0966b35ff77c5b8bfe92c5e9490,2022-05-03T17:07:37.310000 @@ -206656,7 +206656,7 @@ CVE-2022-41694,0,0,2d8d70a57a9aea7bb0a9fe0f63ec2308d0b02300f61bd87d7e6160cd5ae06 CVE-2022-41695,0,0,d7f3d0f2c019a97fe212a54ecbe01dd480b160028e1870949d81e9a7a3142518,2024-01-23T21:43:14.987000 CVE-2022-41696,0,0,c59bcb999fd4bd9f3cbd9874fcdb47f8d3ccb2449037ae503cac154430dc541f,2023-11-07T03:52:54.450000 CVE-2022-41697,0,0,d929ff58324c1dfa4f25587e200524f9d11716b0a512b5d9d359d5d4f2db5676,2022-12-29T18:21:24.217000 -CVE-2022-41698,0,0,934135a1d9119d1896500cb1701347f8910921809101e5a8c0164c1a27185be3,2024-04-17T12:48:07.510000 +CVE-2022-41698,0,1,d26f3f7bd671a914e9964044f719a16487deed1cb6664303b914916b36beee07,2024-04-17T12:48:07.510000 CVE-2022-41699,0,0,ee90e0ae45cc70cea68ef871cffb4ad0b492473b1be3de42dd332c60a6dfe75b,2023-11-07T03:52:54.697000 CVE-2022-4170,0,0,0cf7b6dd514592e1602ed9cce281d2ba12f8834ef20209c29157f5188822f9b0,2023-11-14T19:22:09.713000 CVE-2022-41700,0,0,95c7b0c55bacd9538fc6b899c767e17732f64e42808e0421228eab179151293f,2023-11-25T02:27:30.160000 @@ -209962,7 +209962,7 @@ CVE-2022-46333,0,0,44dba21497a4cda11497ed4cf76864a749cad13b1e4e73225b67d23d97f7a CVE-2022-46334,0,0,c396b0116de27b938f30c460244b88e972f664ae1fbdb62f33489153e86f8b85,2023-07-11T22:15:09.647000 CVE-2022-46335,0,0,e3d23dadcfd6ad96a4f9af493eb391c7e613e6dda0e15b97ab2236eb05a157cf,2023-11-07T03:55:34.570000 CVE-2022-46336,0,0,7d0907f512d0ece55295e3dd994ed42659e8128ddc12c2517a24d02c390c0af4,2023-11-07T03:55:34.907000 -CVE-2022-46337,0,0,803fb9bde16b4c09251a69903374a5fff0b40a9c6ec3c0c648ff43c3e14830cd,2023-11-30T15:16:14.983000 +CVE-2022-46337,0,1,efb5f734d56faecc6c34149302092aae3d562b843fd35aa2a7fabdd0231b9f58,2023-11-30T15:16:14.983000 CVE-2022-46338,0,0,c5c2e7409ec5f09245fb4eb5aae519f6d1a0fc98d728f4c507536858152a899c,2023-08-08T14:22:24.967000 CVE-2022-4634,0,0,53a2fb3cd43e353feafa6a81c071d4ac89d8e6d31bb3b73ee71983994b9037c9,2023-11-07T03:58:25.287000 CVE-2022-46340,0,0,8413ac5698772549975ced03bb0b4c74e384e84d7329134fccec8e5ab1823185,2023-05-30T06:15:52.567000 @@ -210534,7 +210534,7 @@ CVE-2022-47147,0,0,b707a3aa8f91b20629d2f9e9af42f8330181ae8a3b5595471ddd333fdf1c7 CVE-2022-47148,0,0,325a1eb00bed0a1ac209d7aba7dfbb170c3eef23a418122e452e13d927925b77,2023-11-07T03:56:09.107000 CVE-2022-47149,0,0,773abc6d10fbc1702548a83ad88535308c04b52b7b954c51c7bf209361708152,2023-11-07T03:56:09.367000 CVE-2022-4715,0,0,e4c479ab2c8741ff64e192b44caaa9730599c2c049e12235e1e4163a19d49836,2023-11-07T03:58:40.417000 -CVE-2022-47151,0,0,3a62b885a7ec5fcf648f4f58588b8e0a618c1da808e4b08632202e30c6f1ebcc,2024-04-17T12:48:07.510000 +CVE-2022-47151,0,1,570af6b3860a5189c9821c50c80b19253127613b00d8f7b55abfc7ea6881536f,2024-04-17T12:48:07.510000 CVE-2022-47152,0,0,7222bb3da177dfba920073a4f1f81497115c6ee4e5180a69a4996a5f7b2fb8e6,2023-05-31T00:56:36.890000 CVE-2022-47153,0,0,c72c45cccbab8ad7eb839ccc8f9f5c222ad79056fbef6b0685e00ba3db054a45,2024-04-01T01:12:59.077000 CVE-2022-47154,0,0,9fc5e42ab26e4df06d6e515dca01460eb82dbbdba20715ad1b649da48991eb35,2023-11-07T03:56:09.703000 @@ -217451,7 +217451,7 @@ CVE-2023-24842,0,0,02295967db3068e6ac0c56a8d9c191afa354057fcc269d7564ff574fcf9f5 CVE-2023-24843,0,0,f12022d8b6fa94b43503e831b99d0c518580eba81b065694a28e05066c60ad1f,2024-04-12T17:16:55.217000 CVE-2023-24844,0,0,9f357d363ac02d2d4c39a3848abc8a16cd561ea6d47ef76e14d20c85be118836,2024-04-12T17:16:55.410000 CVE-2023-24845,0,0,d56c655345b24f71f9c6137661f891cdb98333159f770e91e55b060a0f2dbe7a,2023-11-14T11:15:09.080000 -CVE-2023-24847,0,0,7c65e24974f1b5103b0f7650a42d6558cf0679ff20bb0aa174dc5f4071873138,2024-04-12T17:16:55.590000 +CVE-2023-24847,0,1,00eeb92b8963666e0ef46df0636adc2ff028b9f27cc6b204e3b606840988be43,2024-04-12T17:16:55.590000 CVE-2023-24848,0,0,ec59b6613c8d79b7e7767e60f77b1ee021554c6608e599ec52551aa1b0a55639,2024-04-12T17:16:56.693000 CVE-2023-24849,0,0,f810d78c3f7bbdb11e0b5c6241253027a80dd0004eae1d126e341a40daac486e,2024-04-12T17:16:57.317000 CVE-2023-2485,0,0,47887f02a37745c363d36e18480aa44e2300a7cc56adb0adc11c3a4b90be7a50,2023-06-14T02:02:01.997000 @@ -226217,7 +226217,7 @@ CVE-2023-36746,0,0,689bd367f10332ffaa3c5e89c0d2659695640dac683ca3333b6b902201aeb CVE-2023-36747,0,0,b3ae277b4887a46e400860c5c36321f8284be211e650359cc5d3422d21ea9061,2024-04-09T21:15:10.840000 CVE-2023-36748,0,0,16fcbdab80ad50ef951910e3569d506067689ea505e2d011a952a658b1d7a02c,2023-07-18T16:40:40.913000 CVE-2023-36749,0,0,c75d738518037de335c1141076e80a0efba8a2a54fc146d1982dabfd9e527dc8,2023-07-18T16:57:14.643000 -CVE-2023-3675,0,0,1f70a2eb17642aa55f027cb13e1206189104ab6f47c4e37fb3963c7fcafe6320,2024-04-18T13:04:28.900000 +CVE-2023-3675,0,1,af7636097597de5d11edc7d72ddba59caf870d2c04883b5aa1f2ef727979bba7,2024-04-18T13:04:28.900000 CVE-2023-36750,0,0,9ebcaeb0f7a58247f9f01b774ef13a644ab588ddf3155986663741153ea2cd24,2023-07-18T18:28:19.370000 CVE-2023-36751,0,0,d5e3b71babae677fc02829db34741fd5f0d7c3ce782a336bdb819f0b5155a214,2023-07-18T18:34:49.170000 CVE-2023-36752,0,0,56f5c9f421b4b675d490180585b54eca3997e5163ebe563d8637d05d0b20e7df,2023-07-18T18:36:28.237000 @@ -227481,7 +227481,7 @@ CVE-2023-38507,0,0,5426b3165e7bcfd976cf2ecb06425e14dec20450ae76c5f7cda8287528b6e CVE-2023-38508,0,0,f1125d8fc92aeea60580be087aecbfa9f6ec32c3ec4276f93811b99b53f900a5,2023-08-30T18:23:27.400000 CVE-2023-38509,0,0,ad4c82e395d5ca4d14371219a4320da10ad4178c3fd494c53f7996576892237c,2024-03-18T18:15:07.627000 CVE-2023-38510,0,0,cc9f6e5d6fe137855e6061ed3734a4d02b8fd6d4b2c877142bc8032731935641,2023-08-03T13:41:26.167000 -CVE-2023-38511,0,0,0ad431d19554d5e48b9a6bda3067aad82619e751cf0ebc0b0cc1cc86c52c2449,2024-04-15T19:12:25.887000 +CVE-2023-38511,0,1,8794a781d90c5fa6b43e79f46a913328316764f68a6409af4b996b57a91d2af9,2024-04-15T19:12:25.887000 CVE-2023-38512,0,0,48ea375ec2be21050759ca7afafe62bf729107adfa4abbdd50e0ef00cc173a36,2023-08-02T21:58:20.263000 CVE-2023-38513,0,0,3f0edfeb0eed5c416920dfeed76e48387672763ef86c1bc7bcc32cb3e76faafd,2023-12-28T20:01:33.403000 CVE-2023-38515,0,0,b4f3d695e1fc6f4697fe4b8dce8238d84d7d1ede1a91e8af8099dfff93346a81,2023-11-17T21:32:33.447000 @@ -228131,7 +228131,7 @@ CVE-2023-39363,0,0,3b5e03600cf70b560e94452186ae68035e14537be8e3ab0775f4768bbd4e3 CVE-2023-39364,0,0,c3c94f3ad4cb220374e3d08f341ea50d15ec66dff6a2b9cc99e74f26a2402284,2024-03-18T20:15:07.727000 CVE-2023-39365,0,0,e973380538b25f82f11649a42c0b64ff80692ed5ec34a2c9828c426b7e157e90,2024-03-18T20:15:07.827000 CVE-2023-39366,0,0,ec1d63cbca61e10ab8a85d0a3e36a9a8f98189047df6aef06ced93f8760dd051,2023-11-09T05:15:10.317000 -CVE-2023-39367,0,0,003fffaee88ff0a26efab0761200ab94a9acb391c13da89683d85f27199be85f,2024-04-17T17:15:12.380000 +CVE-2023-39367,0,1,474520de028be16b636f77c41f1e1f3b56f45358dc06964e096b5173e9abd236,2024-04-17T17:15:12.380000 CVE-2023-39368,0,0,80c88d98cccc8fda18cc4ce42c7e61c86543eb9a5fed9f7febed87a045c89328,2024-04-05T09:15:08.850000 CVE-2023-39369,0,0,e8aa62682a22aacbf757723c98e0bd960e9af84f36a645dc487bf02ca20fc2a4,2023-09-07T17:44:36.470000 CVE-2023-3937,0,0,1b9c2edef5222aa8070478842961fb82be451273a242472108ff086c86dfad93,2023-08-18T14:30:09.183000 @@ -228650,7 +228650,7 @@ CVE-2023-40142,0,0,d5a72dea9a0318cab919a5bf191445692aa0ad0a797e051a6aa9b8b7f53f5 CVE-2023-40143,0,0,8c978f8247b7423552e3d09442fe1fdea2e08675347e89ad16716858fe9c2f99,2024-02-13T22:02:22.543000 CVE-2023-40144,0,0,0056d58a6477acb16a5d607f5a3843be963e3f196d479797461e0908359c06f1,2023-08-29T14:34:01.297000 CVE-2023-40145,0,0,fc0133bc7728eb3878f4a5859c22bf60c367ee185da0135c40a479df331b812c,2023-10-26T14:26:42.150000 -CVE-2023-40146,0,0,819869835f8f803782f49a3c0e60a6f30cc8e0f8c13d1d9917dc79aa23b7ad23,2024-04-17T17:15:12.513000 +CVE-2023-40146,0,1,dc0f70063fe6ed157ed6bf4fd43320337ba47eb55c262a540fdbb9b5ca6ca2e2,2024-04-17T17:15:12.513000 CVE-2023-40148,0,0,3a5f03b1aa00a8bd0a848d3bf1b1452f60e566d8234a3267239c6668b57729f0,2024-04-10T13:23:38.787000 CVE-2023-4015,0,0,ffb821ba8a72e103b442ef841456a522cb0b0c89ec1113e0f3392baae2ce9537,2023-12-12T14:31:41.517000 CVE-2023-40150,0,0,0e872de5ba350ed9027dba969a6339b3e0651150b08d6545e648299241abca80,2023-11-07T04:20:07.803000 @@ -230773,7 +230773,7 @@ CVE-2023-43485,0,0,56e06eecce10771793782bda7486bdc0abaf33406a8b34746335ac3073110 CVE-2023-43488,0,0,73963ff8fac3febe7fcf1226608d7faad6241fb5160a15c4381098ef0daabd52,2023-11-06T14:41:18.393000 CVE-2023-4349,0,0,7bcfa9d15cfc992ac2e945aa6e7aec95ce86c568d8f15fb3ba2380084473c42f,2024-01-31T17:15:14.370000 CVE-2023-43490,0,0,9855c56390f04a7d3184cf28686e801bde9b11bfcd2582fd5bccb6e92bdd6f36,2024-04-05T09:15:08.930000 -CVE-2023-43491,0,0,1a9464c3979c3b5c8fb417d39c33e2e7ecf65e413a6baa045aaea20d2a9f43c1,2024-04-17T17:15:12.597000 +CVE-2023-43491,0,1,cb1fe36b624ef8bab3675f346bb371c8c431ea3e2ad9659e19eb38b00faed1a1,2024-04-17T17:15:12.597000 CVE-2023-43492,0,0,42b5f695dc2a37dd6c1424d01d87bfa34fecc8146eed1f8b9a6b38bb9493ae43,2023-10-30T14:33:25.570000 CVE-2023-43493,0,0,c9ba762920ceac7459278a5fd1ff76127d128352a3279e28d59d1b8b275a2639,2023-09-27T20:51:26.677000 CVE-2023-43494,0,0,a5e1abcb0e0cbdd68150bd25ed5f4171fce3829cb775e04ccec60c9f09070438,2023-09-25T13:43:35.503000 @@ -231004,7 +231004,7 @@ CVE-2023-43787,0,0,afb32b233f968803ab923baa6e1b39286570085173d7b21b8fc68c1552fa4 CVE-2023-43788,0,0,ecfe68c9c832b113c7e0b50deccbcb20ac25c1a432ae2e6cd29602cbe8cf2eb5,2023-12-22T20:55:21.290000 CVE-2023-43789,0,0,18d2d214611bb8621e7aca51d6ae232c415067af91501daf74dd7fd0dfb13037,2023-12-06T03:15:07.273000 CVE-2023-4379,0,0,3d7c1a3a693facbb427b84d3e31f361b0100f9358df2eb8e78c0a3c9e7722a70,2023-11-16T19:24:36.240000 -CVE-2023-43790,0,0,e6a16e46ea7f2f045cf408ee0955b70adbfddcb188f0cc7db1a15f736adbed77,2024-04-15T19:12:25.887000 +CVE-2023-43790,0,1,dc04c69ad573fbcc9e2e3e500057f73f594b156236e9d8ba0d308d312b307e03,2024-04-15T19:12:25.887000 CVE-2023-43791,0,0,026e86f342b4cfcebc1170b1da4308bc54a73c5fddb94d2ae0a580f5d845ba9b,2023-11-18T00:55:15.610000 CVE-2023-43792,0,0,3e8616cb72c9eddc74caae86036fdf3f8e2822b9dee296318a86563f5b41908f,2023-11-06T19:37:01.740000 CVE-2023-43793,0,0,eb074d7ccde4dffeab02b0b2f8fb329438ca1402068db0613fd1b718d4f6f2ff,2023-10-11T17:47:46.247000 @@ -231305,7 +231305,7 @@ CVE-2023-44219,0,0,1faa7e1034e5a6e8dab929a3c8747ffea54b1fcca107a1b9f12b8017810fe CVE-2023-4422,0,0,45a0afad235108841a3185a2540ad0ca12f015fc94d3d6565cd743d117a12fc5,2023-08-22T00:58:55.880000 CVE-2023-44220,0,0,429c11fa4251d17d6dc509d386db942f6f36aba6e54cb58ae23e83941b26e0a5,2023-11-07T21:15:37.110000 CVE-2023-44221,0,0,3f6207a5e153c7c8e778d69188f9696e70a609b2e9d1eccdc899161af540fdff,2023-12-13T15:33:56.183000 -CVE-2023-44227,0,0,a742d5fdd63662f94a53a7cb4fa0378f234a165317c9cdc2408cc57281230995,2024-04-17T12:48:07.510000 +CVE-2023-44227,0,1,c68c8c741caabdd7045dd272dbac751fbf5717b61e7a4c2262184537d080eb3d,2024-04-17T12:48:07.510000 CVE-2023-44228,0,0,687abf216e357800067361ba0d57951bde4af5c36c7e2712b64f4c749e9d7712,2023-10-04T13:36:47.173000 CVE-2023-44229,0,0,bd9f1ff063978c05b6ef240ce4e3bb4ab8d051cf4c8f1b3e868edf0ccd9cc594,2023-10-18T20:51:50.413000 CVE-2023-4423,0,0,96cce811e39b53f58ca67613a2a291af5bdb9acf3dca66fd77ad5f98fe1e3664,2023-11-07T04:22:34.107000 @@ -231468,7 +231468,7 @@ CVE-2023-44392,0,0,8efb3350f94f8a48445cb3dc785dfa61ae4b1cf87b5ebbfa48462bd99e79f CVE-2023-44393,0,0,93a6148a75942284556320d110f5c7aa963921da4febf81cfdfd5c6faf19b5db,2023-10-13T18:42:49.323000 CVE-2023-44394,0,0,be13d40208d814eae8e294509bac56035de35218a8ad06717c1bc4dd36681b99,2023-10-23T13:40:07.230000 CVE-2023-44395,0,0,7f42a1379939d0908bf68bdd79b29b87dfe7379025238af369fe87eb310f38e6,2024-01-29T17:33:31.320000 -CVE-2023-44396,0,0,652f193c5965c559d249d10223832ef7d9f676d6d3382f70550ce1688f5e3dc4,2024-04-15T19:12:25.887000 +CVE-2023-44396,0,1,83ce1f134d6b84da437f1c011a25ffb9c53df8dfa50ac8271d5a45093e0887ee,2024-04-15T19:12:25.887000 CVE-2023-44397,0,0,136e93d1b387fb54a2d9d36a117f819cd5d3544d5c8f01db0cf910c5ed784e10,2023-11-06T19:26:20.520000 CVE-2023-44398,0,0,ab7c188805bfbafa982584073b9606d1012f06625048d22032ef540cb03fd787,2023-12-22T10:15:11.223000 CVE-2023-44399,0,0,8243dd9287173a0eaa189eea290770d7b8b37cf323288f96f8aa2ecef83fbe07,2023-10-23T19:22:17.393000 @@ -231799,7 +231799,7 @@ CVE-2023-45205,0,0,01ae041d020771a6f6713901ea60b3cb1f7174c5ec0ce9743705e5638d234 CVE-2023-45206,0,0,75321b27d5416502901be19297200a9974474b77410916565ba2dd2ebaec049d,2024-02-13T18:23:02.393000 CVE-2023-45207,0,0,057c3e719ca21440d880e35b10a15238d3d7a6403a5bd988d596e65617eb7af1,2024-02-13T18:23:02.393000 CVE-2023-45208,0,0,edde40ed09c5e7c4eea87cc1d36008ced348ec55b3b22df18dad7d504a04463f,2023-10-16T18:48:47.807000 -CVE-2023-45209,0,0,a3379e8f9ca5a0f98471308eaec0be54ffd29192b4c051df00c81fa5b84c0d1a,2024-04-17T17:15:12.680000 +CVE-2023-45209,0,1,d13548e8ddbbdaac5d3f52671e86030a122df1b714f3b254bf7e83ee6e6f3d88,2024-04-17T17:15:12.680000 CVE-2023-4521,0,0,b688f7ebb4a8ae05081b90dfc2d3e5aa63110c07fe8f0a8aec7d54e7490212fe,2023-11-07T04:22:41.103000 CVE-2023-45210,0,0,015445c8d46db4b328a64a863b4689dd675056770aa7f333e4d9c645a082f231,2023-12-11T17:28:08.023000 CVE-2023-45213,0,0,5e5f8b44ec699e511eefc924e74594a2ac49c3945938127d75baae964d9387a9,2024-02-12T16:44:57.010000 @@ -232134,7 +232134,7 @@ CVE-2023-45738,0,0,24d6f1a1b3a417d393487482b5186553768760456e4e32f3d7c19f15de0dc CVE-2023-4574,0,0,f29a4eb73db5907ed927f8f06ef47b8eeb3ac1bf7bb4b9c563343ad57f3152b8,2023-09-13T11:15:10.507000 CVE-2023-45740,0,0,7ecb7e5c4293a21f5c68407b97a494cb5881eeca0dbd8238f9894e2681fe7d1f,2024-01-04T17:11:01.707000 CVE-2023-45741,0,0,a9cac9199d5bb6d5af6ce376185a92d883536cb15172f25d4b84b122a5d53a34,2024-01-04T02:34:14.733000 -CVE-2023-45744,0,0,b61e56508f5516358eec9d83cec5bdda1b75b44b8e642b4bfb8d3aa94d5e91fe,2024-04-17T17:15:12.760000 +CVE-2023-45744,0,1,3039c349958f8a9957c564299ecb2617e92bb14d6e4b5d5e0a70f65121a871a9,2024-04-17T17:15:12.760000 CVE-2023-45746,0,0,5f9622222f9e1fa84fd1463646b80917b335639866c532b6a593d97b1112e0ae,2023-11-08T12:49:08.920000 CVE-2023-45747,0,0,1bcc826a9dbf2a4cd794b5a9e599a3868b9d2a6761c89c6b2eb418ffbade8212,2023-10-27T21:57:07.240000 CVE-2023-45748,0,0,d4e8940271136b2e6e5ad019746e302b263aa99685ef842aeea8766f804f3515,2023-10-19T13:50:00.853000 @@ -232186,7 +232186,7 @@ CVE-2023-45804,0,0,84ee036765d7abad4a2815fbd7898b58eac4f2f7d210afc7ee2eb60d0f49d CVE-2023-45805,0,0,39ccedf1e51bcfa27d85fbbbadaa21ebe23b61b9bf4899e15a935edf1830bb8a,2023-10-28T03:24:28.190000 CVE-2023-45806,0,0,2eebc4517d147a888eadebc8fbd35744da692e9104cbb92f4ac06222c0974414,2023-11-17T18:03:00.167000 CVE-2023-45807,0,0,829cd8b6090ac5b54bb6f7509f774996e6aa5c7f38c49c217b82d3aeb04fc4f0,2023-10-20T18:29:38.150000 -CVE-2023-45808,0,0,4f80881b8d073406085c69702baad1fc31c7865ce6654c2f8bee07a2c2d78a3d,2024-04-15T19:12:25.887000 +CVE-2023-45808,0,1,20b22d506383dfd42d2fe4439324524c2f3d26694cb0da2deba23b843da5ce47,2024-04-15T19:12:25.887000 CVE-2023-45809,0,0,7d59eef7bc97850c71c8cd1be361bd328bb26b5f0e9e15caf6bf09ecbdf6ec83,2023-12-28T18:58:51.657000 CVE-2023-4581,0,0,fb137ad6177c81ffa34bee428ff7c8d2ccfaba452764e72b8fda720d07141a0d,2023-09-14T03:52:57.273000 CVE-2023-45810,0,0,454352789abea25fed758f1a0d4069f03d31136307b657ba62c90445bd8bf3ad,2023-10-25T13:38:33.620000 @@ -232361,7 +232361,7 @@ CVE-2023-46055,0,0,fdf1d245240a975fe0c288b57f8a59d44c9d185d042258dbbbcef27fafed4 CVE-2023-46058,0,0,60caa10856250aa45ff6a614c1529ac57a3c57157cecbc316e05d8e91d2dc6dc,2023-10-30T11:37:02.710000 CVE-2023-46059,0,0,a648e86cef9cc64c17ea1f3cff43740e568be223396cc2a910edd349ad88eaf5,2023-10-30T11:37:14.247000 CVE-2023-4606,0,0,bb64a605ede1c16aa270e38005c735f3c1784fb2351d43c31d0557d507a7edbc,2023-11-07T19:11:17.050000 -CVE-2023-46060,0,0,cdc97cb4b0fdfecdc7a36c9f95266351f385380e2343cefdac722db32b67a533,2024-04-17T16:51:07.347000 +CVE-2023-46060,0,1,395f78a03c03a9e21376931e4240101b13d92e6518822fe3fe723bdf9c08ada3,2024-04-17T16:51:07.347000 CVE-2023-46066,0,0,41d6277ab5fd36f484c79eab475c38d0efebc32de61f15e15029ef4998d24622,2023-10-19T18:39:24.183000 CVE-2023-46067,0,0,0d353d912d067e409437742ada4e01ea19d3c1d07f86c5cb09863faef188d615,2023-10-27T19:33:46.597000 CVE-2023-46068,0,0,1729060e36c673691d03be4e10577dd27887fabd355b101ba826ad4931439fb2,2023-11-01T17:22:06.537000 @@ -233142,7 +233142,7 @@ CVE-2023-4712,0,0,dc5f5f14d65fc78517c755fa0c62a6ede16bdfa0931f8f26e8fb63a1c84fde CVE-2023-47120,0,0,036e5f612154dfb22897963b035b1f8942c19047975a0586c8a94135b9310044,2023-11-17T20:29:04.170000 CVE-2023-47121,0,0,88a48aae8c415e45713618c40334453a891a886a42b2848b4421bf36ee689cb2,2023-11-17T20:20:26.137000 CVE-2023-47122,0,0,24a13b8848d8d0f3eca740776a4e832af76af1f5e2d31adca90d9e6f9887a486,2023-11-16T17:50:16.327000 -CVE-2023-47123,0,0,a5ef5b5e83993589a68b5a3315ff98ab469f5d997af4f7f650a47a3c1ab05caa,2024-04-15T19:12:25.887000 +CVE-2023-47123,0,1,8a6d5be15ff63a6c0b7e3d019cfce3a350a02b50a3a5cfbaaf2c55696738f4f3,2024-04-15T19:12:25.887000 CVE-2023-47124,0,0,47e9b2ea7e670fae4dfe6c6c5326a6a883257d4a800b0e00e3c7e9c14f35e740,2023-12-07T21:01:24.967000 CVE-2023-47125,0,0,bab2f0b3a05bb2ca2e86b3999ef7adc143df60dc385d7e4abfde1ea2d31283d5,2023-11-21T02:58:51.787000 CVE-2023-47126,0,0,1d6d533c4608c05d863d293799927f157451f31953876c53b6e4ebb19ae2b03c,2023-11-21T03:01:46.133000 @@ -233434,7 +233434,7 @@ CVE-2023-47583,0,0,2a5df3e0e39ff80ce3ebc0afbf128ca923839e633185e39e51513652340d0 CVE-2023-47584,0,0,f1273f6f402873cbf77078431225ea1e9e37e905e695e380390aa5ee1f7f8e07,2023-11-21T21:28:21.167000 CVE-2023-47585,0,0,c46cc6f07f83a2243b45b1203194612db47ee93e245a887f6156937def3821d0,2023-11-21T21:32:45.827000 CVE-2023-47586,0,0,02c0a04b94fc54061df3e540a042761c82a24aaf6cf847aae88620034e0406a8,2023-11-21T21:49:07.800000 -CVE-2023-4759,0,0,b6e26c29cc3b3ca5fcb6711d48cb5572972338c3be2cd71eab29a47ead26f3ec,2024-01-12T16:15:52.087000 +CVE-2023-4759,0,1,9120a5f047fe1014d7d112459d40736c6045f794dee04891dc816c30266e5394,2024-01-12T16:15:52.087000 CVE-2023-4760,0,0,089f75ce08ef77fd44968798aaa4faa66310c202a2eb1dc3f9ec3dc1a9624723,2023-09-26T14:09:03.183000 CVE-2023-47609,0,0,1932379c6b1060a23c7cdac98074f9e5fc03d984375dd20735f11d7f06c09b23,2023-11-17T15:06:44.067000 CVE-2023-4761,0,0,194ec8553bd2d21bd10a15fda951024eab254195ec82000c45f4b6acf3d07f90,2024-01-31T17:15:16.553000 @@ -233451,11 +233451,11 @@ CVE-2023-47619,0,0,4251c6a49f61526865c295203725d8cc3ee5e9f14dcf6fbe027ecd203f820 CVE-2023-4762,0,0,2a3d4daef3df546a0e2f764f04f45364dd351542658ed3f0049def3307aa3da0,2024-02-07T02:00:01.657000 CVE-2023-47620,0,0,b018994059aac66c986b6a302a0b5a3a5967fe341f458d5b6d5591b4d0617267,2024-02-13T01:15:07.983000 CVE-2023-47621,0,0,fd6d86d157b39d2b335af4e2e7c195dcf5f3a7411eec2adb2371062b52a70855,2023-11-21T03:10:58.357000 -CVE-2023-47622,0,0,ab5b52f64aa1762961d8282c70bc8e25be1de9cc07377ad0fb9acc0f5bb95b39,2024-04-15T19:12:25.887000 +CVE-2023-47622,0,1,e812868eba2c9e547dbcd688af8fb74835c63b8aaaf3d3d8f81bfed4a7fab8ba,2024-04-15T19:12:25.887000 CVE-2023-47623,0,0,f93850da2417c7dd16bee990f5c41deca4f32fd5f8c915721d1ffab443307151,2024-02-13T01:15:08.143000 CVE-2023-47624,0,0,4deb090e11043067ba3f26ca7f937aa9d745effea86e1f3b006138117d2055be,2023-12-19T15:33:35.507000 CVE-2023-47625,0,0,7524d429ac7f0f8fd2e0521dfd2a01d20f4b0d76dec03347789affe04da7ca4c,2023-11-20T19:29:58.533000 -CVE-2023-47626,0,0,e40f0071d9d583d812fb8cc437ee8f5a81298e429025430cdb2214e7cf010719,2024-04-15T19:12:25.887000 +CVE-2023-47626,0,1,1badaca77ca5e2488bf1c62421864fca0ccfbd629054ed668b18c428b8f73e69,2024-04-15T19:12:25.887000 CVE-2023-47627,0,0,08f89a706d4cdad87407205bd125e886b6efdfe04aaad203d0f01ab26f626ec7,2024-02-05T07:15:08.850000 CVE-2023-47628,0,0,beaaeb676bfc62c8699604aa788f0c5c55d56fe4ed1098da15fcbc522c5720d0,2023-11-21T19:10:25.330000 CVE-2023-47629,0,0,2fb265fa7b952b99f0cbf8553af2394a7b4e22a49946ea27074141b4c111e72c,2023-11-20T18:42:45.853000 @@ -233603,7 +233603,7 @@ CVE-2023-47835,0,0,7a712355ce5c48eadcb9e26f4f27778335f03b4bfa9861aa3fd9d0cda8b8d CVE-2023-47839,0,0,7480547339b9b3ac3798f9c06e00c706f49ca35ebe73ec8189117729e422f769,2023-11-28T21:07:29.180000 CVE-2023-47840,0,0,7e24f7bfe5242765e69f6a2a237de2196af9eb411219ff1fe89053605cf27eb0,2024-01-04T21:27:45.337000 CVE-2023-47842,0,0,f440905c307b5610d2cfc83060eabc85c90c284cc9c17dab2bd938d9d5409ffb,2024-03-27T12:29:30.307000 -CVE-2023-47843,0,0,63ca307b91e8033616a302595a1f6010477d24833065d8d726e54a8687b4b95e,2024-04-18T13:04:28.900000 +CVE-2023-47843,0,1,2f7da34b96ff4bf99f7062fead1d3f31b3e595278c31dff2a2f025e2889e837d,2024-04-18T13:04:28.900000 CVE-2023-47844,0,0,741d209d5f9025e6891615bc08c4470c63d9aa75d230c481c60846b322e1cd21,2023-12-05T22:05:16.770000 CVE-2023-47846,0,0,585eb80c3e630281a75adcb6868cc518653f6f22fa6afc08b1a27eb555fa41c8,2024-03-27T12:29:30.307000 CVE-2023-47848,0,0,21fbbbf4e86fa9dec45730eda9a909888845fbee735e966e936dc57fecf04f7d,2023-12-05T22:04:43.287000 @@ -234074,7 +234074,7 @@ CVE-2023-48546,0,0,ab68f7b24cb49f1aa41050233c8166fb4af6e1573a9968fe53a8fbca9011b CVE-2023-48547,0,0,8825adb6ca41dc66a7e5291464109ca4fd8c0b204eea93044cf52061ee82165a,2023-12-18T20:34:38.533000 CVE-2023-48548,0,0,24d2ffdf800939555148a68eb6d4ebcfb47eb4501c75a8db21ad734d72e114b4,2023-12-18T20:34:32.257000 CVE-2023-48549,0,0,bf82f020f08da2bcabee0b58d46b85f833667825a5a77b119699be801adf5f67,2023-12-18T20:34:23.420000 -CVE-2023-4855,0,0,813a080351cb007f488b8f89cb6ab7c146037430b7073b5cd766a1bfbf2a1a59,2024-04-15T19:12:25.887000 +CVE-2023-4855,0,1,ed3422c96d4cccba7e242b331f95e8ae306c7f8a270975ede6cf57d671e2aff0,2024-04-15T19:12:25.887000 CVE-2023-48550,0,0,c364d106dcb8ab6a1971227118ef346343cf90aa48140d99e34c1584d01fc283,2023-12-18T20:34:16.303000 CVE-2023-48551,0,0,d476e12c71a734e545ba299b315b7290b955610e8be63732b726f9b4ac3947cf,2023-12-18T20:34:05.903000 CVE-2023-48552,0,0,237d963ec4722a79ea0a70c67968568979c967ea691ba37fc5af696c8bb869af,2023-12-18T20:31:52.600000 @@ -234085,7 +234085,7 @@ CVE-2023-48556,0,0,5904a440c0482dc4a25925ad41915efca64b42486061d7c847486dcd9a887 CVE-2023-48557,0,0,57158d85996536f87fa3d2e4270841f7c1f992ad6ecdb63ebd4702e72446c861,2023-12-16T01:11:54.053000 CVE-2023-48558,0,0,2792656524ee0c3c88c8b90b0da5a9e0cce5ea6f4cec6fc151056e31a42daefb,2023-12-16T01:12:01.537000 CVE-2023-48559,0,0,227dd61d71e2151add81b983e37013582159108e8aed39579744ade98f69236e,2023-12-16T01:41:10.740000 -CVE-2023-4856,0,0,b0c00921ce06ca36ee05174b5aab1343b76542bff10cbbe228fc5dcc6fb5a004,2024-04-15T19:12:25.887000 +CVE-2023-4856,0,1,af733477f1d3ecda0c49f4b34b2f6ebb0453942151132124519775136364ec74,2024-04-15T19:12:25.887000 CVE-2023-48560,0,0,e76e4ac5e8be6284bc7b47b40c80564c8e00ac6fa501818a8a87937812571c47,2023-12-16T01:41:04.390000 CVE-2023-48561,0,0,1d6a5580aee1a18e0e92843019323e65f04d1ec1f7d5b97abb141ab1f9076742,2023-12-16T01:40:59.377000 CVE-2023-48562,0,0,0894c29ba6f14f2e2cd934bae3ee49615671787e16576063bb17444ae2516f59,2023-12-16T01:40:53.963000 @@ -234096,7 +234096,7 @@ CVE-2023-48566,0,0,86c84087e0ab5fd34b47974c351d0afd79e31031bd894ef44e2761090ec8e CVE-2023-48567,0,0,1e4ca2db46fab1cddbd93a9c00ede828dd26698aa2798cbf0678235dd98ba465,2023-12-16T01:39:27.783000 CVE-2023-48568,0,0,ae1ef20af22cb7e0d5bf26e67992fd85b4e682b78df5c20e6f6c7ab463ff4287,2023-12-16T01:39:23.257000 CVE-2023-48569,0,0,9ba0d759b4a6a974a8e0c3e5abe744e15fc1a2d1c5f4bc7eba13fe5475b9af6d,2023-12-16T01:39:18.380000 -CVE-2023-4857,0,0,5d6b7ff6124b6ab5f4ef241eec622c41067799f1400b1615d74c0ace99a3b417,2024-04-15T19:12:25.887000 +CVE-2023-4857,0,1,5b0f865f6baf68a6090c5cdac8ce8d29801790c95211aa5cadb4dd511154a8ae,2024-04-15T19:12:25.887000 CVE-2023-48570,0,0,98fd89731cc7ff554afb88a240f750d6c29d8ff99a7e9f791e5fbbb6f9130f3c,2023-12-16T01:39:11.450000 CVE-2023-48571,0,0,a501dec0743d58ddaa9cdd064c8e7ee992c64e483a50a5fb6a9ae8ed778850b3,2023-12-16T01:39:03.293000 CVE-2023-48572,0,0,4ec69c0141d73fbff3b395e5e1cf9dfdba3ee450865cbf94061b5ed8ed0ea759,2023-12-16T01:26:34.840000 @@ -234237,9 +234237,9 @@ CVE-2023-48705,0,0,83b3ec7196d3d96a991f9c9a38aa86cbc7e6dca6826fce417c18fe64b8e72 CVE-2023-48706,0,0,ddf762ca5b028a05ca8a57520eb4c6368748f6c6a88efc041a9875cf02f70a03,2024-01-05T18:15:29.133000 CVE-2023-48707,0,0,29820c7d18886140b408dd7b9a72b5d3f410c28ebfdee587d8da7bf9e9896113,2023-11-30T20:14:16.270000 CVE-2023-48708,0,0,b6244a9ff52155a05c33a09bb4af4159ac2cee2de5845e4d19f8bc27c89ac799,2023-11-30T20:11:33.040000 -CVE-2023-48709,0,0,42e86f11e190ffd5372d7486ee47719386ad012e96523dfac5567924f925d1f3,2024-04-15T19:12:25.887000 +CVE-2023-48709,0,1,8004b7778e95bce71aa8dd4e4f3092dca0e87bea0da798a2402bab69f64f2e42,2024-04-15T19:12:25.887000 CVE-2023-4871,0,0,ec9f5fb6de55bff835fcba916653b3d76c0f8f7ec7c7dca1965435c35002c544,2024-04-11T01:22:37.423000 -CVE-2023-48710,0,0,6583d3aca3803f4b8fc53fa4bae8205e90a1f6fd6644cfc50b7866f09d367102,2024-04-15T19:12:25.887000 +CVE-2023-48710,0,1,0603d6712f806f4a7c22555f353811a6f80a96a82eea75b82b1845968db17b61,2024-04-15T19:12:25.887000 CVE-2023-48711,0,0,06dbcb19fb1f2da4347a2ea9653452e76439b3b2d35dae9d217c10ba5cb54c23,2023-12-01T20:13:43.540000 CVE-2023-48712,0,0,f4e9f1d249a003e0845e5e0110072a66804d82929ffa5156072ac8647d81618c,2023-11-30T20:26:37.460000 CVE-2023-48713,0,0,6e96d1e6fd793d6d6a7886354fbad279adec06f3a3abd13968c573f28cef3490,2023-12-01T21:53:20.687000 @@ -234306,7 +234306,7 @@ CVE-2023-4879,0,0,8ff2f4fac231edfb0e8e6c6042e670dbdf0da9230931b634f3b1ed60cbdab2 CVE-2023-48791,0,0,4e7d2cae3ad6ba11c4e276624bedca77887a0ee315b409ddadb10bd81db3bb45,2023-12-15T20:09:24.010000 CVE-2023-48792,0,0,a3c17617afe01ace18242f14c2f591f70a09281fccef1129ab04ab7743ac5ed0,2024-02-09T19:41:33.093000 CVE-2023-48793,0,0,2854f6c6f521cbba3acc8f424414b10e13f57b8f6a918b43472ae35fef784b47,2024-02-09T19:40:42.787000 -CVE-2023-48795,0,0,0274fea2ff4d3b84ff26c6c6f441a63459e3e129c7d92c8536f95d31939b169c,2024-03-13T21:15:54.047000 +CVE-2023-48795,0,1,3b388f48e143d3345974b270a7a8d2cfa6eebf73f1b523a3d0e57e3c81a354e9,2024-03-13T21:15:54.047000 CVE-2023-48796,0,0,9e1a54d61837f1660243218a92f33ab6c093e838cf1a08d33043e191ed76cc35,2023-12-01T20:14:35.870000 CVE-2023-48799,0,0,c5553270e61db190aa96eef54f2372e9729aaf36f2c8025f77854e6389beefee,2023-12-07T20:14:48.190000 CVE-2023-48800,0,0,d48c3829135ea327577d28b82a696687afdb32f63c6402bb281f1d35850a2768,2023-12-07T20:43:31.520000 @@ -234898,7 +234898,7 @@ CVE-2023-49764,0,0,6a0568f44325ac1fd740f72f5087d6a171710f839df3bde6ed3c2e416c5c2 CVE-2023-49765,0,0,06b748ab9346ad4cd48739500d92fd88db0cfa27aaf7aaaf6da5babab48e3bf5,2023-12-30T03:21:01.940000 CVE-2023-49766,0,0,470cc74253a064058975f565b53bcde7efea241fe3724a43148b1dc04de6d86e,2023-12-18T19:48:14.307000 CVE-2023-49767,0,0,4edc3fc227dd38b5eb293c3d6afac902b5ca27bee81180389ef3df79af1ec053,2023-12-21T17:45:47.293000 -CVE-2023-49768,0,0,0b7529f91708dbee27b4289bd220c16977ac77c35478ff7ecc42ab78cdf1c102,2024-04-18T13:04:28.900000 +CVE-2023-49768,0,1,722e2adda2fdafbc7f81ad379e5481ff6a817e705b0fc9f6d2041779d451a9bc,2024-04-18T13:04:28.900000 CVE-2023-49769,0,0,91366dfbc1492c919f28d9187aff4b0b2250d2363a8039baff9ef53b39b8726c,2023-12-20T04:19:35.600000 CVE-2023-4977,0,0,62f89aa8cb7b45d850c5877faf5cbc29b33652c1b16d11f79fb830b492a75caa,2023-09-20T13:11:56.513000 CVE-2023-49770,0,0,0a27ec81e7d2882781700f3f05263aa58179bb03e78b71006e6b846b4d5515d2,2023-12-19T16:53:26.097000 @@ -235475,7 +235475,7 @@ CVE-2023-50879,0,0,e7f635ec835f8af6e68324c638f96c217e373f3a3af9c80d6a7d36cc1662f CVE-2023-5088,0,0,939ef66299af3edb362a7d2c74b0e49564a48ba289fd555d0389350188c0dc0b,2024-03-11T18:15:17.433000 CVE-2023-50880,0,0,45dfc20edf873b6f54c033b90d8b745bc998db6f75a866db44cd1e8a384e14b7,2024-01-05T17:36:02.743000 CVE-2023-50881,0,0,21fc9e5f06f2216fa2395fe2689d924b63b36b0b4cdf8b0f9c5260d788c328af,2024-01-05T17:37:29.017000 -CVE-2023-50885,0,0,0932f9f5356a12676df03ba99c8c695544f8114723f4f4498e788453b690283b,2024-04-18T13:04:28.900000 +CVE-2023-50885,0,1,17f409a54bfb2cee48d72ca19d76c6e56cca390a1fd7e5561bf19af5236e5f64,2024-04-18T13:04:28.900000 CVE-2023-50886,0,0,7792f347cde4c420b06e643a12a04ca1bbbaf32b14e20bdefdd360583db86f82,2024-03-15T16:26:49.320000 CVE-2023-50889,0,0,c1ad7d35b6d5afc074175b11fcf31e66a1f88510cc63a735f12500e424605271,2024-01-05T17:39:22.253000 CVE-2023-5089,0,0,cddae8cd7907847e037d2a072115a2d298d26ef8e69ec53058c1c3b486a685c8,2023-11-07T04:23:26.960000 @@ -235733,7 +235733,7 @@ CVE-2023-51414,0,0,3becd3aaeb9f08b799e66b797314fa07e59729fc02e03a314b193d23383e1 CVE-2023-51415,0,0,8ae2480d26d3164b2a86c9a857349d41d08ad736104464da18c6b6b3bdba14f3,2024-02-15T06:26:14.677000 CVE-2023-51416,0,0,c036a0bdee97b9945a63a5e48db7866b840ef0e87ddb67d8f4d4cc3766b1fd97,2024-03-26T12:55:05.010000 CVE-2023-51417,0,0,8e2499b06cff92fcc30ae4519fc64dac24fa5916ee9afc9e857f909c0bbfe434,2024-01-05T04:55:40.827000 -CVE-2023-51418,0,0,9c24d7c5607e937ce83af08568d546662590e5321e965367f47e125233fa8ca4,2024-04-17T12:48:07.510000 +CVE-2023-51418,0,1,aa7b52b7e5b53186c7c01fa836e607a3bb1ec579978a0feab3bb8e0a11a6d740,2024-04-17T12:48:07.510000 CVE-2023-51419,0,0,ab07d1b91847d8cd977d2da1a2ffe4ad4dc63bbd45f3dd8a00304b93e3707b3a,2024-01-05T04:55:29.657000 CVE-2023-5142,0,0,90257e87cd754dd7acc5acb72b74d2d363b4e29b418b14fc52e12490cbffce5b,2024-04-11T01:22:53.100000 CVE-2023-51420,0,0,a8f45b3eb1ea2cf9afe294bb3606e3b612924bea9360ee1dec22fa6e45eab75d,2024-01-05T18:14:06.360000 @@ -235804,7 +235804,7 @@ CVE-2023-51492,0,0,0d58b27a14611c109e89a3494fa756a640689ff79517444f7259a888456db CVE-2023-51493,0,0,f83cd3e9ef3ea1708a4f0f0755e074e9ad1d27d8d5ae20aecf4ecfd903ab0733,2024-02-15T06:26:48.450000 CVE-2023-51499,0,0,b9b7f0cb79987f6473d87d127fe53323a00f8ae64e5778981713c6a91fb94ca1,2024-04-15T13:15:51.577000 CVE-2023-5150,0,0,184da5ee9408e244d9f8f43b27f516c19972de628f0b483d063afe2d79643051,2024-04-11T01:22:53.850000 -CVE-2023-51500,0,0,3e091f49db8fa65d4e227e1cbe1a717df971c35cf7e990b9000d167968b4eddb,2024-04-17T12:48:07.510000 +CVE-2023-51500,0,1,82db7ddf130eebd20c9e1d0dc704a5c643e0e5d73482cc7fd8e56f0d34164c19,2024-04-17T12:48:07.510000 CVE-2023-51501,0,0,f7c0af90b49f4800553d6eaf99fce90d0b249b6e7f11848115cc7b8a9ef8cb7a,2024-01-04T19:46:39.560000 CVE-2023-51502,0,0,af58b8e2bede5795adccbd422590e74433c504afc74f900e0869b5e94fc9d8fa,2024-01-11T14:16:03.027000 CVE-2023-51503,0,0,5ac7c8eeed00162b3c4b70af3515452a68d76d43174ada767d4218544f46c943,2024-01-05T22:21:26.020000 @@ -236364,7 +236364,7 @@ CVE-2023-5243,0,0,c84c98bc662840372bb3f6eda1ad149cb2f2941942ba96750d72e9684f09cf CVE-2023-52430,0,0,d42ac76eff7e870ccd425430baec924966d37450b40a663564ae4a320330fe89,2024-02-13T14:01:49.147000 CVE-2023-52431,0,0,c693cbe76127faa54716f414936fa58bc8929839973e4bd5352d442ea2d0fbba,2024-02-13T14:01:07.747000 CVE-2023-52432,0,0,d9e628cd1ba368f63ce7d4aa2f3fa1ad3ace9f6cbad32032b51f0e38a1c9e333,2024-03-05T13:41:01.900000 -CVE-2023-52433,0,0,1cb769e1f9fec61d125d42d2cfec9073ea0ff149315edfd2c60d8d77a20b64f4,2024-04-04T14:15:09.057000 +CVE-2023-52433,0,1,1ff15e0b84ada10d9fe85644e2eeee231a8e039de83865a18bc59793995bf899,2024-04-04T14:15:09.057000 CVE-2023-52434,0,0,5d52612c26fee7b14653aeb9fd0e234de51ea4d52e7c788aef26856ca04a039a,2024-03-15T14:21:29.950000 CVE-2023-52435,0,0,93ff57cc29918e833611e81b89e4ae0482ae349c7e83a8ab64e2ebbd978f4b55,2024-03-15T14:06:17.587000 CVE-2023-52436,0,0,6d56e388f92b7bd2842826d2d59561c86dc788acb9eb3d8b7e587b1b2a1d9fee,2024-04-19T17:36:10.083000 @@ -236374,7 +236374,7 @@ CVE-2023-52439,0,0,1acb61b0653d7d06078084524dd22a72646c2e70fb118450a15ea65c12a46 CVE-2023-5244,0,0,2d7ccf46570f7a789336019a996859f3eea1c41d32a5a30c878bc5f986cf3b6e,2023-09-29T17:53:12.883000 CVE-2023-52440,0,0,7f79ecc423520493b7ea33e872fa5ceb47ef15bacc232c9a528905fdc11fa5b2,2024-03-15T13:44:59.367000 CVE-2023-52441,0,0,29f8dfdafb0665e97721ef99b56f7416e8cc50e990c6b9fd16addab92b75b2de,2024-03-15T13:56:31.710000 -CVE-2023-52442,0,0,08b5844833bbf9d6521cedb8bc5d80955d6b1d19ce5ea976637d3dbe7f6802e4,2024-02-22T19:07:27.197000 +CVE-2023-52442,0,1,f0e32f692f04917f9b44f1a58b9cc67efd1d412e7f16caea29f8d0af9ba07f69,2024-02-22T19:07:27.197000 CVE-2023-52443,0,0,d2cfc476b089f8fdcf50f50719540af45f0af66b06ea096a3e3bdb089d114cc0,2024-03-14T20:16:02.947000 CVE-2023-52444,0,0,e4e74b636a9119fb1430d59aa25d18b36c2089ded63e3a22c77190c88140fba1,2024-03-14T20:13:28.070000 CVE-2023-52445,0,0,935e18f4f35f2d58044edd90dd7b35f47e4402522601caceac7b2bae2ab24ab7,2024-03-14T20:13:50.727000 @@ -236386,7 +236386,7 @@ CVE-2023-5245,0,0,e4b08d166fa624efe0905252122b9076873a0aaf2d4a309ee2e9db34327ff0 CVE-2023-52450,0,0,2bab0519c8c73ad4475ba6c1040107cc3bb5f758499ce6a9019d700dd0c9b8a4,2024-03-18T18:34:16.497000 CVE-2023-52451,0,0,65a739f6d581805ce2cf2b36d79848a56d63f5f7e896bfc143f00d66a3183e39,2024-03-18T18:33:31.077000 CVE-2023-52452,0,0,7baace8ccf50e6e949146023fb757b323cf12c7750b0fc5df8cd239e671f9bac,2024-03-18T18:24:33.550000 -CVE-2023-52453,0,0,540f086ddb4d87c68a063cf01b29630dc3cd1261ca04635b7aecfc5ad7b681e6,2024-02-23T16:14:43.447000 +CVE-2023-52453,0,1,69ba07cbae189e1e3a60d3872d700f556de0e7e337d505dd8820b63e89f74b76,2024-02-23T16:14:43.447000 CVE-2023-52454,0,0,f7725c56a2046001ea42b0a4b162beaa146052738b58f85b4d39839a05325aef,2024-04-19T18:40:14.427000 CVE-2023-52455,0,0,76a6bcb530205d4971a4b440b50dd84bc697337c3fb3171373045411403058f1,2024-02-23T16:14:43.447000 CVE-2023-52456,0,0,10a5abe34cd481166ef5bd0c8f2721aa67c0c3b426198c8f94ac38f160f96c83,2024-02-23T16:14:43.447000 @@ -236395,7 +236395,7 @@ CVE-2023-52458,0,0,00390989bdedc445e1b514729f22c211b3746b0ba7246d2e9aa982604355b CVE-2023-52459,0,0,e9cf232377caf1f202d67d723d7e16b271506d66f49335fc63418b030a3f09a4,2024-04-19T18:49:47.087000 CVE-2023-5246,0,0,efc93f05f4d6576c2fefda617ffc50a2cd42a25ecc2a7e9c2794376627e129e7,2023-10-31T11:58:05.363000 CVE-2023-52460,0,0,7b5ce003348e2b0c98c11a11dd79b88b3d4e9f665c8574fd29056aa818d9e331,2024-02-23T16:14:43.447000 -CVE-2023-52461,0,0,0e4def3da0077977c0198465fc1be0f30b9f34acfdf83f12cf0b89000b004b24,2024-02-23T16:14:43.447000 +CVE-2023-52461,0,1,719a65925f951c681f50c05e9ce85d8b5d8fa1d42253944e773762e89d82d323,2024-02-23T16:14:43.447000 CVE-2023-52462,0,0,a6858cfa3be5f63a7738068f3ab5f364e25a3cd7a6d64375ec3da8239879f2ce,2024-04-17T20:06:29.470000 CVE-2023-52463,0,0,fd8c09fdc6750081e23478ebe940972345e6f17003751e11523c5f3c82cfd70e,2024-04-17T20:05:08.550000 CVE-2023-52464,0,0,408f9e82ceb39cb0693e873fd1b68d757ba0b997a8bd1004cfc7ca65795a29a8,2024-04-17T20:03:39.197000 @@ -236591,10 +236591,10 @@ CVE-2023-52639,0,0,5b1927216262f2979e30c87449ebde704dca5287bffef24f82576fd644ed0 CVE-2023-5264,0,0,05b3705d43db272323ea8d10fa567e531a763b13422a761d79c7f1843869f4c3,2024-04-11T01:22:55.960000 CVE-2023-52640,0,0,4cfb468b53d62ebcf2597bdf4be539e0512b8a8f11859b92121e281fe920b302,2024-04-03T17:24:18.150000 CVE-2023-52641,0,0,dd5ecd1abefc6e9370c1cba71ae98a952c1263dba3b6557ad136a5809b689e8c,2024-04-03T17:24:18.150000 -CVE-2023-52642,0,0,d59bb78352d2304535d034798bf313576a127d082a71e98c2744b7db02451118,2024-04-17T12:48:07.510000 -CVE-2023-52643,0,0,8887e8b3672819f40d475a6a37be5e97c674d124e4650ec49ef1c2cd99ab8524,2024-04-17T12:48:07.510000 -CVE-2023-52644,0,0,5975b263725bdaebb866cef1b8df1d28af904259ab439097c8f204be6afc5a49,2024-04-17T12:48:07.510000 -CVE-2023-52645,0,0,c5de5109f0d170fb8dc3f868d93b52f68b3aefdb32df36731efcdfaf83dfcc55,2024-04-17T16:51:07.347000 +CVE-2023-52642,0,1,6688b4525d834797e717749dff6d13896ec166f03c220db42965499ec7b45666,2024-04-17T12:48:07.510000 +CVE-2023-52643,0,1,5efc9d9f9dec4b2c7c66597dacba29c72ae2d167455c13a17fba02f62b3763aa,2024-04-17T12:48:07.510000 +CVE-2023-52644,0,1,f7b8794cea71530d0eb4671b69c55d9c38b571b0a3242c79036c9b83a9cff08d,2024-04-17T12:48:07.510000 +CVE-2023-52645,0,1,f31f81ed6de3ae4fb651df55a0f9afce475c8b7cebb8abda926d63e16cf41cac,2024-04-17T16:51:07.347000 CVE-2023-5265,0,0,2a8378d4c6e1a4043ef9a62bd4c22a5b923a77fb44f4c12af78e362e629e3051,2024-04-11T01:22:56.040000 CVE-2023-5266,0,0,832870c6041d22c4531b84dd381b413460d59a972119dc82a2f73fc33512c1a5,2024-04-11T01:22:56.120000 CVE-2023-5267,0,0,fc5630613311fa2b84c0cedbcb30a87a0b26116f100a7108256562eb746b9b8c,2024-04-11T01:22:56.223000 @@ -236726,19 +236726,19 @@ CVE-2023-5391,0,0,e65a9210280128a68a8a49095d5446b17a62134416876921dbd7f459dcc8b6 CVE-2023-5392,0,0,b42034625f9c3fabfc8867568db949560e09d3aacfbd4028ff9bc13a93a69335,2024-04-12T12:44:04.930000 CVE-2023-5393,0,0,ae225fdb3ef98523f87759a2241acbc1653c225f05c425367012260bb5f418b1,2024-04-12T12:44:04.930000 CVE-2023-5394,0,0,f13455681dc15f525d1bc3145edc9cd38f2f868bb7ce4f99746af5bcf05da4b0,2024-04-12T12:43:57.400000 -CVE-2023-5395,0,0,a2da77fb4dcf161c60c1a5bc092bec4f8463d699c76d6d8a836d336771c62e40,2024-04-17T20:08:21.887000 -CVE-2023-5396,0,0,4979b04e66bf3e42d10ca69f5aecdc2478cb6aa7fabfe250366220d8a4dcc5dd,2024-04-17T20:08:21.887000 -CVE-2023-5397,0,0,358e75c59ccf48ac869ac2aada2c194b7ba121f4f8593e90a4867a69bd6f1af6,2024-04-17T20:08:21.887000 -CVE-2023-5398,0,0,b5e2c0e908c21e5a2452ffca3549856019138410bb200d8c394f40b4a6aa7468,2024-04-17T20:08:21.887000 +CVE-2023-5395,0,1,6d07913bc39383e27c169814b56a85509fa2605a0769b9b6bb2efd85414b8105,2024-04-17T20:08:21.887000 +CVE-2023-5396,0,1,430f6fc117577dd7aba596ba21d5d58bb8b45395785ea7930017a5b26b1983bf,2024-04-17T20:08:21.887000 +CVE-2023-5397,0,1,322b1f1154dea520fb430cfb7eb8d2d97b4c6eb8e9e4b11c3c70e8d63d703d45,2024-04-17T20:08:21.887000 +CVE-2023-5398,0,1,21fc6d745bfe57f9ba2bd738d303286d2bacc641da65b7e14b4a0f6986ae01cb,2024-04-17T20:08:21.887000 CVE-2023-5399,0,0,2d6fd5d7032d3fde2b56bbe17324f865d32db5a9ef5d31298ecfc99142786140,2023-10-29T02:33:20.933000 -CVE-2023-5400,0,0,dadbfb3e8ca277c660ee903ae4fc754e46f36a2c46a5b8f021ff31fe8382f48f,2024-04-17T20:08:21.887000 -CVE-2023-5401,0,0,b6852b97c80de00906e79bad3b2554401757c8b44e2ded17395ded0afb7bdfbd,2024-04-17T20:08:21.887000 +CVE-2023-5400,0,1,86a4e3c8c8e0182eef7b519ee6342ec79d3d02b82a0a02e6b5754bb1eceef950,2024-04-17T20:08:21.887000 +CVE-2023-5401,0,1,133226cc268c2b40c73ae597723c8452d689f69314a6d40c8d854e4d97b9f7ff,2024-04-17T20:08:21.887000 CVE-2023-5402,0,0,d6ca0e0d138e7f0e18108bc80eb991912358210793d36b8686051b13c8765059,2023-10-11T19:19:54.037000 -CVE-2023-5403,0,0,fcb688f0813aed33e039e333a34e02b1391a7070d4a9b82502290b5f7c5bd6a4,2024-04-17T20:08:21.887000 -CVE-2023-5404,0,0,5fff080adff748193bb058c6e01a87713d985f0aef08133fbf79a91dfa7db6c5,2024-04-17T20:08:21.887000 -CVE-2023-5405,0,0,57e90ffdedad9aaa43afed8417c5ae15d1efbc8ac784816d2bfaa03a0f7d61a2,2024-04-17T20:08:21.887000 -CVE-2023-5406,0,0,b41292380c53714f5301351ed91bb8695c34d59328354b61886b296a5c138518,2024-04-17T20:08:21.887000 -CVE-2023-5407,0,0,bb88b7b188333db36e8ea21e5fc56d7748420685c37b807be6241e72d624fac9,2024-04-17T20:08:21.887000 +CVE-2023-5403,0,1,4ec80dee8764393cf6bc6c69896e4f95979827ab7c0a4e3e971d47dce6477b18,2024-04-17T20:08:21.887000 +CVE-2023-5404,0,1,511484d9cc75eada2ffc9a9796fff23a0a7ebe0388ab1a4541fcf0781d86075b,2024-04-17T20:08:21.887000 +CVE-2023-5405,0,1,cfb8a988b0486cc8665996a67f54066e3d545a7550a64e0bc86d3cf1b7a92799,2024-04-17T20:08:21.887000 +CVE-2023-5406,0,1,5582852e19f377e5793a7605bb9d3b0fe400df7b16762ce5a3c179066fc0da08,2024-04-17T20:08:21.887000 +CVE-2023-5407,0,1,c25bd4372bb6455ada4a253eda41b4de73403906c5a53571ce0a6abf70ee9078,2024-04-17T20:08:21.887000 CVE-2023-5408,0,0,443628942e473656420f67d7b7b9b3fa498d5d13f709544aa261b0e4696090c6,2024-01-21T01:48:09.767000 CVE-2023-5409,0,0,fbd015e1d6485109c973409b573d46ee4742f3527e9f86b450178ea53a356496,2023-10-20T15:42:22.057000 CVE-2023-5410,0,0,3afa624573d7dfa13f8b27aa43095672b709f7063dade6dd92133c498fc07d7e,2024-03-13T12:33:51.697000 @@ -237835,7 +237835,7 @@ CVE-2023-6678,0,0,ffe600c6920a412c0c5bee4f237e93b3d55c2795b206acbd920087166a0b3a CVE-2023-6679,0,0,bae6ec8bc351030c039d4ccc17068a0f99c26b2fae4af82d5e4c0f67264c3cff,2024-02-06T15:15:08.397000 CVE-2023-6680,0,0,a016be60c670891f603e4cb6a7d1db9323a658919f6e5464005acbd77a09d39e,2023-12-19T20:51:03.237000 CVE-2023-6681,0,0,1e81bac5d4abde6b2d2aa3cac2e26b8c260fd0d2cc649b18b690f3f83d9c312f,2024-04-18T18:15:08.993000 -CVE-2023-6683,0,0,8156954540ad4c45512be54600838c239378e780e7bb16081398f86ed07cbc0b,2024-02-23T16:15:46.577000 +CVE-2023-6683,0,1,f47bb3dff6749a89eb2e6d363d30ab9adfeb4a0cbb710261ab327dba5eca3630,2024-02-23T16:15:46.577000 CVE-2023-6684,0,0,c1525cadf00c690a98e25ddc5cec16c0dbf4d4d58e3765f415661e1c07ec88e8,2024-01-17T20:41:05.143000 CVE-2023-6687,0,0,815f0c1fb11575859202e4f8339ba0c892dff8a36cd30b831f453e8fce3948dd,2023-12-19T15:20:04.910000 CVE-2023-6689,0,0,f525637daa23406ff158ff2d4d69ed0fb36c36685b0e4e4782d2006f17da667c,2023-12-29T19:29:33.807000 @@ -237927,7 +237927,7 @@ CVE-2023-6801,0,0,a242fbc47dc9de51a07a6b913814c902349bb31ce0d7f754e180e6a41ced48 CVE-2023-6802,0,0,00b16af184ac08eea558edf74b1ad3bbb763e944b10a4e309cf7216aedf300fc,2023-12-29T19:17:51.287000 CVE-2023-6803,0,0,c7be83c7b2d4875f24695322cda22dc742edb82701baf0271cf61c2186890a97,2023-12-29T19:16:51.867000 CVE-2023-6804,0,0,13181dda2bed07f7dad9eedba96ea43dcf935ca425f805f78f341a3addfecf31,2023-12-29T19:15:50.637000 -CVE-2023-6805,0,0,a38d1037afc7a1d1ca080ab40f49a5e7aeb852d2b6fc2cba0a5e22d09c2c4ea6,2024-04-17T15:31:50.160000 +CVE-2023-6805,0,1,5473560544e8d6e10544eee02f3f6f54ffe442d9a92bcb82f5d8f19a29c33e6a,2024-04-17T15:31:50.160000 CVE-2023-6806,0,0,f3b4a07dd94526f1cc5727f439cb459ecde0c71dc1006bd9e80e6b18a8d9a27a,2024-02-29T13:49:47.277000 CVE-2023-6807,0,0,8211ca38107dc4f9b4127c6352451c7045672cf7336c16fcb14315bbd9ab0669,2024-02-27T14:21:27.377000 CVE-2023-6808,0,0,453d7720ba5e9cbfc061121430ec5679037ea2f22b990571ad72c0ac48f6ec8b,2024-02-09T16:49:29.023000 @@ -237999,12 +237999,12 @@ CVE-2023-6888,0,0,4c4ede3442fccc6f5279de75212b5b5e1b33e5df232b21ee287bddc25bcd81 CVE-2023-6889,0,0,5178dca3fad767c9438e93fa6f828da99ebc9221d314225c125d4ccc6e6915f6,2024-02-08T10:15:12.730000 CVE-2023-6890,0,0,9ecc37279e8814f4b67cf29c86ab5ca566d49dfec3dae8b29441fd5d44b3abbd,2024-02-08T10:15:13.133000 CVE-2023-6891,0,0,93b8d5d43a81c1211034a16faf339d8c63d7393a5abfbfa5e4f247c9e06a373e,2024-04-11T01:23:28.490000 -CVE-2023-6892,0,0,5669875d24c1dc083a2cce29adc64e6f38e56b4b66ff811d7b1488206521c2e3,2024-04-18T13:04:28.900000 +CVE-2023-6892,0,1,9012d6836fe9da802f0dd061fc7959c22e762f42aba3ce3080d5ef3d07222ae2,2024-04-18T13:04:28.900000 CVE-2023-6893,0,0,dabf74bbb65c333b388b3c8dcf9bbdc06b069ddc05ba2f2b42288dbd5d663862,2024-04-11T01:23:28.590000 CVE-2023-6894,0,0,2769ed371ecfb9f28796213b7e298bce3f65bebdcdb76aee252642b05f63990f,2024-04-11T01:23:28.697000 CVE-2023-6895,0,0,1f011675b045cde0deedfda982075f2ccdac7ca3a163f1efca29ae466d2ce8a6,2024-04-11T01:23:28.810000 CVE-2023-6896,0,0,94e0f7e65ef64726299ff864e0cc6a6b06dd772e2b14e82252aa499ff6a50da1,2024-04-11T01:23:28.903000 -CVE-2023-6897,0,0,98358ea61ffcf0495bb00573cff604a1a68b8d5e390c5748bffe8e2d7200bff0,2024-04-18T13:04:28.900000 +CVE-2023-6897,0,1,d7bbb662c1c9cee95c404cb75e558ddf2361cb0beba55151ab83096ad2c5d7c7,2024-04-18T13:04:28.900000 CVE-2023-6898,0,0,6d654fe5bb80c64663efb97dfd3e75a9ac2c2cd9d89f857770b3794556154708,2024-04-11T01:23:28.993000 CVE-2023-6899,0,0,c73a7b1956ff785320ec1dd97adaf3a2c6a54d2233b4102320eefc6645406f7d,2024-04-11T01:23:29.083000 CVE-2023-6900,0,0,0f4f1d5290a5a0aa11e6b068df417e2ed0d57951414cc99f31bbe6a078557226,2024-04-11T01:23:29.180000 @@ -239199,9 +239199,9 @@ CVE-2024-1127,0,0,d56eedcfadebd263336bcc9003136ee639f27dd6c46c9263fea0eb8ea044d7 CVE-2024-1128,0,0,a231b73c645395e365defb40ca5d41741520485dac9e62df464e6e1705f68d2e,2024-02-29T13:49:29.390000 CVE-2024-1129,0,0,efcf801aad96aab23ddf4c5c1c7fe067759cd524a5f540fb4b3132cd808f2d93,2024-02-29T13:49:29.390000 CVE-2024-1130,0,0,19b9a2e3e227bc6e3d85f9dd98bd15cfd41c18a2ee1bc79c328385d5148fea32,2024-02-29T13:49:29.390000 -CVE-2024-1132,0,0,cbdc403e10d005b65481968d181d93635cd86f73eeaafd4a9447a0380591cb1a,2024-04-17T16:15:07.497000 +CVE-2024-1132,0,1,04c5bdf47cb80ff2523387a30cf7238fe676b2698d6b4ee16fb54d3832d5c2d3,2024-04-17T16:15:07.497000 CVE-2024-1133,0,0,85f4bf6d861639f9431d20ab28a51d2af9f3a3ecb32590788260710816d3a125,2024-02-29T13:49:29.390000 -CVE-2024-1135,0,0,c3a236c5c6957ecdd6613fef5a4b8da5800083256e79cbf6170c74e433eeb19d,2024-04-16T13:24:07.103000 +CVE-2024-1135,0,1,2f6bc90f330f2812b6ceb34e2fa1ad9c1c5eca9415bce0719ca3f92f74cd2497,2024-04-16T13:24:07.103000 CVE-2024-1136,0,0,609070256c4defa988e1113275bf8273fe15f50574e00ed3dcfde13143e471cc,2024-02-28T14:06:45.783000 CVE-2024-1137,0,0,9f8c1cf74ca4778ab709faeea998997368a7f042480977a7d6535f2dd892d7f7,2024-03-13T12:33:51.697000 CVE-2024-1138,0,0,0bb26866b03e9dd351d8284004467140fe2cfdfbd72af071fda864e5a2dc9e58,2024-03-13T12:33:51.697000 @@ -239295,7 +239295,7 @@ CVE-2024-1242,0,0,ab4609d5893ed1ea66780779f1561665f88460dbdd62166f0432c338817451 CVE-2024-1245,0,0,2e59378dab8a209b430a7bdf5dfa1ad37455bcba638f93f331bd6727be23a3f7,2024-02-15T04:44:27.987000 CVE-2024-1246,0,0,668589ae819ff5835ff63858d61771ccdb54522dbf26239874e373ac001fe82c,2024-02-15T04:44:35.470000 CVE-2024-1247,0,0,d39a629b37989766f473ff2aa098b819b99d2eb0f46ccf8261583eb7cfd54a81,2024-02-15T04:44:09.247000 -CVE-2024-1249,0,0,0eca054a4f2ca59f22ad5b8256a206f62244fc151c00f227404314178d271d69,2024-04-17T16:15:07.620000 +CVE-2024-1249,0,1,064335773d5979d9c6750b7426f89ac1af9c4f311e7ba590da4737ff9e0ebd89,2024-04-17T16:15:07.620000 CVE-2024-1250,0,0,c9d8d459d75d0bfd93b835d1e62d6c7194eb57b11f119ade2060b6de2e647ca2,2024-03-04T20:57:39.907000 CVE-2024-1251,0,0,ce3db120a4077c9b4c1a6f0f36b322d88ab0336b14bd34e2a53ab2ec0c2e0113,2024-04-11T01:24:23.690000 CVE-2024-1252,0,0,11af1fe63065a3dde5885294b44b85b90c05ab02d8994290e87c984ae6ae882b,2024-04-11T01:24:23.780000 @@ -239379,7 +239379,7 @@ CVE-2024-1344,0,0,6e9ea80e9b1906095e19ebbcfe72bb26c4abf1a00053a32e3b2ac9d853412e CVE-2024-1345,0,0,edc14e21821ef700ebe0363d9d625110658b2ac84664f2109ac9f28db37f2b84,2024-02-20T19:50:53.960000 CVE-2024-1346,0,0,f9b1cf937db0cca6baf401ddf2b76ede34aff7f78d164647460f90ba78591111,2024-02-20T19:50:53.960000 CVE-2024-1349,0,0,b279200dbd0caf4e8952d9c37c4c16e81897b7eb26d17adae101e27da89cab26,2024-02-29T13:49:29.390000 -CVE-2024-1350,0,0,4aa151e40ca843dea04590658d82bef2210fb9bb3fbfd67064346d43ca6abea1,2024-04-17T12:48:07.510000 +CVE-2024-1350,0,1,f5a86475fc1dc34b3dba1cdb58ce8a034cff8f306bdf175488f056a4cdebab37,2024-04-17T12:48:07.510000 CVE-2024-1351,0,0,ccfc6382e78432a14bc2d9bf0a36d4e4d8658043dc7dae2de5101e9686831717,2024-03-08T14:02:57.420000 CVE-2024-1352,0,0,e0b6a716f2e5b0725527c1a8037ed8995ec00af00fdbeed9d4a1021a159725c7,2024-04-10T13:24:00.070000 CVE-2024-1353,0,0,7dc4bcc56a6ab6ae775b6111486ce2b2e99fc200a3863d36a2e31e24dc0d9db9,2024-04-11T01:24:25.947000 @@ -239619,7 +239619,7 @@ CVE-2024-1654,0,0,ac0509f6deb6f3ed4a3e95d25ed4dd3bdd67f0f87914e461aded05c6f6644a CVE-2024-1655,0,0,4b77006431ba07ecbc46dae3c8a08b9d1a8f7126e8ade7abcd81e5f88d783104,2024-04-15T13:15:31.997000 CVE-2024-1658,0,0,bd2757c2314dc2f8bd52ce15b18a6ca41069d2e3f9ff401d7a725ad82b1db09d,2024-03-18T19:40:00.173000 CVE-2024-1660,0,0,068c83f9afc694d855bcbb99610bd3ca5f918af7baf81b6ceb2a3be3520f6bf7,2024-04-15T13:15:31.997000 -CVE-2024-1661,0,0,f312eb090520ffb66607a66e9775fcc14e047ccc64e730a5fbedaf4d2a07048e,2024-04-11T01:24:28.913000 +CVE-2024-1661,0,1,45603ab3f5ace946374d33296115c15ac156a13c133622c70b4b519036cfa292,2024-04-11T01:24:28.913000 CVE-2024-1664,0,0,c240cf09d136b8ae3766d60b95066ae5935a6052d7cd59ed400a537e65636ac2,2024-04-09T12:48:04.090000 CVE-2024-1665,0,0,85850268afa8f45cb216640500e9f9bf4c397be3fcaf3ba3d1fb4051141bde34,2024-04-16T13:24:07.103000 CVE-2024-1666,0,0,a40e8fc9293cfb1145d3e1e7f135accc0146030f08ee21589fc7baafb865977a,2024-04-16T13:24:07.103000 @@ -239676,7 +239676,7 @@ CVE-2024-1735,0,0,61e8c0e981cc6b9050dd9c2e339a7c68bcb1457c500d53fe6d2ab0fd7b1649 CVE-2024-1738,0,0,97a7896d029e8acc1f9a8642f0ea5e5d8115e570437f011cdbbf9b3dceab6984,2024-04-16T13:24:07.103000 CVE-2024-1739,0,0,398ce12115ac80cff2c91fe0aa06351d90b13a79f040c7b34d2ff3e71cc6590f,2024-04-16T13:24:07.103000 CVE-2024-1740,0,0,a4727f762c1d1efaf400e2db679e98eaa1364e84183339aff737ffb5d021d54f,2024-04-10T19:49:51.183000 -CVE-2024-1741,0,0,8eb30dbe15b5283e03c33d39f75d76c5ac55db42f52c47f6ca39d280d36909ea,2024-04-15T18:15:09.937000 +CVE-2024-1741,0,1,d588cdec4e1d5da894361b54450023cc90f66f6c8804e8a4beda0263242afb4c,2024-04-15T18:15:09.937000 CVE-2024-1742,0,0,4fbf4a0c921fc3a958c91053411502e81c61e37a288f49d83ab6feab91ed6e07,2024-03-22T12:45:36.130000 CVE-2024-1745,0,0,0c0bf770eedd9092e313b5152244a64d67966fb6a4aa7d030150554ac7159289,2024-03-26T12:55:05.010000 CVE-2024-1746,0,0,3940e769193bb75ecd4efe34f9a17d9557fffd4c4c753ea7f9b1c1be15386399,2024-04-15T13:15:31.997000 @@ -239797,7 +239797,7 @@ CVE-2024-1898,0,0,cd46da23aa9e689b946891d810a24293bd08f970fb7bfbbf6f19e3a7303f1e CVE-2024-1899,0,0,0cc7828b184cee934c2917326a122f6c3f70483a306517df38cc4ef91b9244cb,2024-02-26T22:10:40.463000 CVE-2024-1900,0,0,df3a7e0d7f662e0642af797e67801f5b993e667e914107fd3f604cd2322f2a71,2024-03-06T15:18:08.093000 CVE-2024-1901,0,0,e852d825cede13009c4c827235fab136069de3983ba4df012d62632a4fcd1d38,2024-03-06T15:18:08.093000 -CVE-2024-1902,0,0,816ad7252693d5d9b5d3e49e4e8f6ced69ea3d5332331a296629bc7e4cd3d3ea,2024-04-15T18:15:10.070000 +CVE-2024-1902,0,1,012f8c6561b23779499ee60e1b0701a7ed975d80b89eade3a28f94f4708254ec,2024-04-15T18:15:10.070000 CVE-2024-1904,0,0,894e214d09f8efe1b9b69452204531788406056d1489422306bbd393d57cb47d,2024-04-10T13:23:38.787000 CVE-2024-1906,0,0,4a0389164694374915846934d3ecd021a9b146d80ff266286dcad5a6eeb2c849,2024-02-27T14:19:41.650000 CVE-2024-1907,0,0,674a8f990612fbd789e8b29e4f4db555efa2966321d7535d44b4ff9d82432ec5,2024-02-27T14:19:41.650000 @@ -240328,26 +240328,26 @@ CVE-2024-21004,0,0,a403b0423950f749e2642568ca13532dbbfccd822f14e940da0d7ee2e2d24 CVE-2024-21005,0,0,8f177a15ee6ad4a78a1d4009e3187651c8eac8438be37604962afc63c73254f1,2024-04-17T12:48:31.863000 CVE-2024-21006,0,0,24276fa121e200514fbab563a229066611a958ddf026b368bb42bffc3d6d1536,2024-04-17T12:48:31.863000 CVE-2024-21007,0,0,5e79b59d23f74227973014469c9c006292d5a48a207617d864ea85e415e8727f,2024-04-17T12:48:31.863000 -CVE-2024-21008,0,0,6079af6f5edd29349faaa697a2da30a68cc1c564447593923c9b4523280879f7,2024-04-17T12:48:31.863000 -CVE-2024-21009,0,0,705a99733631a35e7aa53abf9d7e2394b38611e48879ce9d70ac12307bfa841c,2024-04-17T12:48:31.863000 +CVE-2024-21008,0,1,1f74aa2bfb98889c1bed8925030ffa9517c511fc8005172f7be9db4e39a2d548,2024-04-17T12:48:31.863000 +CVE-2024-21009,0,1,af97e37904620b744b697a7c41a38f3bc0333ea61492fd7779760f5a79950296,2024-04-17T12:48:31.863000 CVE-2024-2101,0,0,c8a12667f3958d332efb261f4cb3c420df5b094482122aff9dbb41fd78e244db,2024-04-17T12:48:07.510000 -CVE-2024-21010,0,0,ee9773fd7407020d543dcd751b1b93f4617d026470a257058f625df0ea824b7f,2024-04-17T12:48:31.863000 -CVE-2024-21011,0,0,0302f36409695f54c4a4ed0ed12d1a5210a5cfa9436341cef9a6805c37c8b7ae,2024-04-17T12:48:31.863000 -CVE-2024-21012,0,0,2e2af356d450cc4d5bcc72f72e5999acbd6fc337b311b23f4f6dd597db97feb6,2024-04-17T12:48:31.863000 -CVE-2024-21013,0,0,debaccb6501574c7a349b25eef9ed659c7bd9e82f74b652c515fec49883b21ff,2024-04-17T12:48:31.863000 -CVE-2024-21014,0,0,fb3fb158a0749c046044df54eb923275afe24ceacef3e406db65341996f69089,2024-04-17T12:48:31.863000 -CVE-2024-21015,0,0,7e266e10fa6103995615a1a06550ac8039144e1d56c4c45a35c1a0ef8ade789e,2024-04-17T12:48:31.863000 -CVE-2024-21016,0,0,6edfa5f5788fca4b5b05246efbc7b210d94aa2a88ea58604e69d4fecb681d777,2024-04-17T12:48:31.863000 -CVE-2024-21017,0,0,e1f8e39174ee300626a901ccc6be3d30e712779a7923120029194d67ed11230f,2024-04-17T12:48:31.863000 -CVE-2024-21018,0,0,8425974954ce0b4a184b67f12290f070826bb5084005f21d1f2aaee638288c65,2024-04-17T12:48:31.863000 -CVE-2024-21019,0,0,5ba71b59d2a306dfd7f526d54f1a7572b5bab17be77a4e75c7e79df7cfe59b22,2024-04-17T12:48:31.863000 +CVE-2024-21010,0,1,0583ed22b473d6988a741927f390c519f270906aef73a2591d45e4735fe791d0,2024-04-17T12:48:31.863000 +CVE-2024-21011,0,1,eb1e002eb792c1edefdbc682f58918f8ed609b1d759ff3c7281bc1fb7586fb46,2024-04-17T12:48:31.863000 +CVE-2024-21012,0,1,08bd1c5d80c822a07ef05058c8c1689725bb2942d1f830ff4c7187562f3fc06a,2024-04-17T12:48:31.863000 +CVE-2024-21013,0,1,db21600de0498200b832ed44aabc58eb8b49c1d4a8d6c8cec7db7074ddb629ed,2024-04-17T12:48:31.863000 +CVE-2024-21014,0,1,b080b2efe5f2fb3649d836e7607fe2a15a5965b7e113573ba21bc7eaa39a2434,2024-04-17T12:48:31.863000 +CVE-2024-21015,0,1,f3158fa1ebc013f3ee7e3704ac259afbfadb34d45c753fdc5d90a070e709ed84,2024-04-17T12:48:31.863000 +CVE-2024-21016,0,1,4c3ad5a49669763de2f73fce64666f049b86c2fb193497660cf9decc483339c2,2024-04-17T12:48:31.863000 +CVE-2024-21017,0,1,4ec8c4a0bbf41e6c3c752fb69bf253b045b4bb72205aa58b04c616812b4b7dd3,2024-04-17T12:48:31.863000 +CVE-2024-21018,0,1,e0675cd160267d9376d85a38011a6863fae1399733907b8655543ea315aa93bd,2024-04-17T12:48:31.863000 +CVE-2024-21019,0,1,a042e49b888e79fe0d53e540ed115fc008be0d7758482573b7b61be229651860,2024-04-17T12:48:31.863000 CVE-2024-2102,0,0,3618f4b916626222676d174ccb89dd0097e9a2c15262c0ada32eaf8ae997af39,2024-04-17T12:48:07.510000 -CVE-2024-21020,0,0,fa520c1797af7a63013ac6bf5e0557ea28b7a0d9fdea129b144cf936283b1d0a,2024-04-17T12:48:31.863000 -CVE-2024-21021,0,0,a141fa1d2489bdfdcf897273a1c45d8c737b415c333995bea9697e43fe1c42e0,2024-04-17T12:48:31.863000 -CVE-2024-21022,0,0,96d2ff77d96623504a73e07260d8e549517eca29505aacc17a202a3daca8cbcd,2024-04-17T12:48:31.863000 -CVE-2024-21023,0,0,9a6fec3658ffeb347b020107799f0234185355a03c6dad54653229a3fd7fabaa,2024-04-17T12:48:31.863000 -CVE-2024-21024,0,0,b324c5c75882556ecd7b76ba95b5c4a28fdc01f43e160280ca462824e0b988da,2024-04-17T12:48:31.863000 -CVE-2024-21025,0,0,2938066f995ca5f31d251177263e91fc7a112a30bd06a8e3374d291077d9bc70,2024-04-17T12:48:31.863000 +CVE-2024-21020,0,1,93d78db7986de510af8ba17d5ea76c7468c9242e8be524ed6f1ec9c03a22bd07,2024-04-17T12:48:31.863000 +CVE-2024-21021,0,1,28952221e9f30a27c8cbb6ab1b3cf5d59a80320acd39b17209715659bd1c9eec,2024-04-17T12:48:31.863000 +CVE-2024-21022,0,1,bcadfe1dc337b18a0ab5b0bec9ae4b92ac631be67006cf14a1cba3ed564a22ef,2024-04-17T12:48:31.863000 +CVE-2024-21023,0,1,62f65fc8ec606a666e457d14a4a4c0b6679d4bc90c31948467473a0049dbb009,2024-04-17T12:48:31.863000 +CVE-2024-21024,0,1,71f6cbd7cb80a06d93fefab6c658c9a42412dc85adc99f9f70493bfb8637275b,2024-04-17T12:48:31.863000 +CVE-2024-21025,0,1,81d482465b8ffd47f7d73dd4a0079027ad714f244f3dfa1363a5ebe5d5d54b0c,2024-04-17T12:48:31.863000 CVE-2024-21026,0,0,3618beb0c91bd13d3ca6e159da220de72d396344ac93fa5da131fbba32879907,2024-04-19T17:34:46.467000 CVE-2024-21027,0,0,a03a9045ad57d10d7d7381e34394d810fee044cf8b77728df056807f4595b678,2024-04-19T17:34:33.557000 CVE-2024-21028,0,0,049e0616b7d859ad56707b59abb10619183c31d144be62290937334d919ca094,2024-04-19T17:34:24.897000 @@ -240355,62 +240355,62 @@ CVE-2024-21029,0,0,36d1c8191d52e2f424fb4e6cb31c2c317e624517495ef4e386b75d183f736 CVE-2024-2103,0,0,4357f6f4848f7c5880c727dbfe8b97df3dcf5303e95d5a7ff4fdf7062d775ac8,2024-04-04T16:33:06.610000 CVE-2024-21030,0,0,2b0990a808d3b5ee5406b9871fcf3e42066f5470ecb69f52790eb1c012f9498d,2024-04-19T17:33:22.030000 CVE-2024-21031,0,0,01618b75017bccb998a097106f7e0cf7a3509b8d8b27a6bafd408750ecc49582,2024-04-19T17:31:50.307000 -CVE-2024-21032,0,0,04cd15c85b94cdde064a4d7cf3ae73c698b54fc204435ec16342a108aeac8614,2024-04-17T12:48:31.863000 -CVE-2024-21033,0,0,c52a5ae1fe5a91e5f3fc68fe5507ceccfe5c7474c3c40c2711e5d3fd0634f197,2024-04-17T12:48:31.863000 -CVE-2024-21034,0,0,81c91063ab55172c8561c71cde7e13b53e30597d9d39b28921a3a6085aa98619,2024-04-17T12:48:31.863000 -CVE-2024-21035,0,0,70353a23413a6be353728864a223f827427ce802b704d79d43d1bb107ed372d1,2024-04-17T12:48:31.863000 -CVE-2024-21036,0,0,3a34d25b57203f495130b3f8c3f1dec25c6d3a9005f956556b6629c6b9aa73f5,2024-04-17T12:48:31.863000 -CVE-2024-21037,0,0,80c3a0b30470a35724d24dfc072a35fcc309dc8fa9a49f904f4da954d4a1c166,2024-04-17T12:48:31.863000 -CVE-2024-21038,0,0,c45fe4d93819e621f35b708faedf298716da162aa18d3f4c9e69ff1902f631be,2024-04-17T12:48:31.863000 -CVE-2024-21039,0,0,aca86fae89c2e532fbb8503df583dccd850f6422dd2fd8070b2a35440b42df60,2024-04-17T12:48:31.863000 -CVE-2024-21040,0,0,0bc00e13681d74e3bc4dc8de64196d5bf03a935a310f7e7d9ac7504182bbe394,2024-04-17T12:48:31.863000 -CVE-2024-21041,0,0,d6a04b52ecae2c81fa6593dd970240a5d593186e184e4793e943c76ddf8b7c4f,2024-04-17T12:48:31.863000 -CVE-2024-21042,0,0,cf1241f49d162bc01d7b19bb3f0c5b7cdbed4a7cd1071100f8effbb48e80c199,2024-04-17T12:48:31.863000 -CVE-2024-21043,0,0,7973ae88a51f791f90c6badf3f4916434a817a3a5e97868cbf92f382c78e69f0,2024-04-17T12:48:31.863000 -CVE-2024-21044,0,0,b03586194001c1a4c8a28dae86a425502cbe153c789b2b79bc98e0745bd73d4d,2024-04-17T12:48:31.863000 -CVE-2024-21045,0,0,a2597704ad69cb54d2a96824b41fbc9a14bc6b7225ba364bb681bda53c5f4e00,2024-04-17T12:48:31.863000 -CVE-2024-21046,0,0,fa42783400b3a6a14fd8e396b3c02d66651b31ba5a482bd71e149cc40c0a3f1a,2024-04-17T12:48:31.863000 -CVE-2024-21047,0,0,dde44a16bd8949b3d65254aa88aff6ae98dff242136144a70e7a5a698bf2de99,2024-04-17T12:48:31.863000 -CVE-2024-21048,0,0,45365f52a1bbff5c7f2b47023edcd26895e5d3c6438290c51bc80f9582ecf0f2,2024-04-17T12:48:31.863000 -CVE-2024-21049,0,0,7f522f44c394390ec926065e1de8eafb66b3a3336912d2af68481cd1c4d77702,2024-04-17T12:48:31.863000 -CVE-2024-21050,0,0,5bf32cb8ccaf8a960a52805e4eb68bd140a98d49c8a4e2ba34738547bd5c10a2,2024-04-17T12:48:31.863000 -CVE-2024-21051,0,0,8c4e0f4becd19f09b453982eaed5ec12a1a2e4cbeff6f0c09eca749764b88b8a,2024-04-17T12:48:31.863000 -CVE-2024-21052,0,0,e1471d9f55d6d5a7802391d17bde38b89f9f211fbf0bf8096760e507bffee979,2024-04-17T12:48:31.863000 -CVE-2024-21053,0,0,f6b119da4a9dbf492580084202b33b29066e86bfeefa210bea7aae54793fa634,2024-04-17T12:48:31.863000 -CVE-2024-21054,0,0,7b644d69fa80e9314e0aa469a64a5c5954bd61324061229fc83f5549c126be9c,2024-04-17T12:48:31.863000 -CVE-2024-21055,0,0,e25e19b80e603bff1ba37a5b7a790d99ef41fd14d476183690ae14c6e35eba74,2024-04-17T12:48:31.863000 -CVE-2024-21056,0,0,4d024a15da4f9dfe162ff9fc699fd077abd8834f284c2bb71238733ade98434b,2024-04-17T12:48:31.863000 -CVE-2024-21057,0,0,6ff521db4f91f32931362d6d74a6e2e30cbf68a42c7d33172d6be8327eb0d234,2024-04-17T12:48:31.863000 -CVE-2024-21058,0,0,5dd5d4ae6395cd7719639cc54dd92a6d9e667230df3441a833c2d898e28a0024,2024-04-17T12:48:31.863000 -CVE-2024-21059,0,0,e2ebca89f4fbbd4f28fc96cc34de2e058fd8b911eb4f2efbf232eae9ff0bf75b,2024-04-17T12:48:31.863000 +CVE-2024-21032,0,1,de3dd91f4dfaa3177669b2adbe2eddd36feb749dbcecd07e41c89410fae8c43e,2024-04-17T12:48:31.863000 +CVE-2024-21033,0,1,2e7eba3cd8fbe6dbb0ec0022fd0a5d8193fa13f9812c0320780e3b72caa0358e,2024-04-17T12:48:31.863000 +CVE-2024-21034,0,1,5f33a6b556cfb1b7b0c7eae6f325ac21db84675ddf1ea44da20d63ff83a1f4b7,2024-04-17T12:48:31.863000 +CVE-2024-21035,0,1,638503b6bb91fd373e1f32cd12d85a816f005c60d1d91273970d40531e556e6d,2024-04-17T12:48:31.863000 +CVE-2024-21036,0,1,226d345eb757d5c9c3bb396722f293039f19b42c79013a73d9a9b6230995df41,2024-04-17T12:48:31.863000 +CVE-2024-21037,0,1,008daff49abfa82869dc407f37cb56857f5d964e85457a4a91c40eb3b9d694f2,2024-04-17T12:48:31.863000 +CVE-2024-21038,0,1,6187fdde74ab2405c9dfaf7ec7f4c53ca2824334351a9b2d9fcd49744494b523,2024-04-17T12:48:31.863000 +CVE-2024-21039,0,1,49a2d5d7bc00bf377e585a02f4f5ccfcc2587e8f75fc7c62cf031f2d92057bec,2024-04-17T12:48:31.863000 +CVE-2024-21040,0,1,583007bd6bade4ac47cbb9f7ffc2583d31b7f31cf7d322b8f9dde2abb413b637,2024-04-17T12:48:31.863000 +CVE-2024-21041,0,1,de835777516670f61385f64273b8ad48df5cd361214a943fb968f07cf218636c,2024-04-17T12:48:31.863000 +CVE-2024-21042,0,1,55cfa49e541a98c8c46c0984731cf65bd60394e99ffa86b77041311895d8fe86,2024-04-17T12:48:31.863000 +CVE-2024-21043,0,1,dc53e5b2fe828c248a1b79bd90c649b6e9d473f8d2bf850bfa71770b33e8828b,2024-04-17T12:48:31.863000 +CVE-2024-21044,0,1,f5f0129664ed5d5f4ef6ba4b8ff7227550db0957efcbf9e27471a8341fd1353e,2024-04-17T12:48:31.863000 +CVE-2024-21045,0,1,a3c2b9878bba51820c773e32fc44034cb31f47d9579db1ed3eeab399c07f1a9b,2024-04-17T12:48:31.863000 +CVE-2024-21046,0,1,13af5418e2a34ce6167e6ab981ecad17f165025d8704a841301a1fba4468c0ed,2024-04-17T12:48:31.863000 +CVE-2024-21047,0,1,e38834140f8b944f78da6f6fb25c51da4f3a85fda323ca934705e923232f602b,2024-04-17T12:48:31.863000 +CVE-2024-21048,0,1,7c4ad44b360736f7e8a0910dcc5802fde181125afe297ec3d8d4f833b676c612,2024-04-17T12:48:31.863000 +CVE-2024-21049,0,1,a1a753910647db623bcbefc6825cfaa0c33250a562818f48ec3b04c902de88ac,2024-04-17T12:48:31.863000 +CVE-2024-21050,0,1,5d6aa75fa7939279ac58d6386d2cf96ad09d2acdb11fa94832c977805deb1587,2024-04-17T12:48:31.863000 +CVE-2024-21051,0,1,e8001505ef0efbc2904b6cdd5f70dd1420d4bc0e604e77665b6146e96fd3836d,2024-04-17T12:48:31.863000 +CVE-2024-21052,0,1,5bcd819f0c7d0779ca8508bd66b5e1f8037dd3c8d550bc7fa5fcdb35e1167703,2024-04-17T12:48:31.863000 +CVE-2024-21053,0,1,5f3690c8b6394d324badf842cd9e0ac255e25fec8acb1e50c6fcc7a9b443ad7f,2024-04-17T12:48:31.863000 +CVE-2024-21054,0,1,9ea8b742b5c841e05e78c0f7da0539d289cc401f142cc054e2b7bd87d6c84312,2024-04-17T12:48:31.863000 +CVE-2024-21055,0,1,065746b7f94228f556df7cfe20a9a0f30b84537f8d3d78b9c4dc219e027bbaef,2024-04-17T12:48:31.863000 +CVE-2024-21056,0,1,d05743f80d00bccaeee3cbbe1aa70b0a119dd03c55418635ce7a218b4cf85a36,2024-04-17T12:48:31.863000 +CVE-2024-21057,0,1,ad7960b918cba84a9285e5b5081ac7265ed8f95ac167f4cd8446241a852a140e,2024-04-17T12:48:31.863000 +CVE-2024-21058,0,1,eae646366535f64911b6f5c11cf05f1d61655fe725482e333195d91352108784,2024-04-17T12:48:31.863000 +CVE-2024-21059,0,1,d0601741f771540671417f30cde21017e42f48bcbaa909a0b589bd2b89204ba5,2024-04-17T12:48:31.863000 CVE-2024-2106,0,0,15de6b929ace188c18cf26b3c461a92f15449ebc8c35903dbddfc1b7b27db756,2024-03-13T18:15:58.530000 -CVE-2024-21060,0,0,8804dc97c4df155d28e79649062e60d81954e9d3044cae6b1621492e5642ac62,2024-04-17T12:48:31.863000 -CVE-2024-21061,0,0,c6808f18c21b7d2c3f88b2f03ba3b03974e4914713fada6736bf8c1bf253355b,2024-04-17T12:48:31.863000 -CVE-2024-21062,0,0,8ca92567b4b2147657807cec14761f227f7682e98e0fa2e108375789506e9cb4,2024-04-17T12:48:31.863000 -CVE-2024-21063,0,0,ebfe6d1f40d4dee44a242c9c92114927bacb6e2618cd09ec388f9a3353673ec4,2024-04-17T12:48:31.863000 -CVE-2024-21064,0,0,838a3f75a741e7a9b59240da9c401b39edf9b3c4bc5b6734b082ecd7616cd20b,2024-04-17T12:48:31.863000 -CVE-2024-21065,0,0,2f8b3f3dc927f9ca259f2fc16f6d4e063f19db1f07b058e52daa149971116781,2024-04-17T12:48:31.863000 -CVE-2024-21066,0,0,6e8f3d804c26813fcd525900462f4172b119545b1497a425720591f5471a50c3,2024-04-17T12:48:31.863000 -CVE-2024-21067,0,0,84c3324481abc57bd390f9547312c18444630afd231315b2312967789fa666f5,2024-04-17T12:48:31.863000 -CVE-2024-21068,0,0,fcbcbc9a7fc79050f25604a05f94ce5eb1bafd32fc34520dfd1992388cf5c95e,2024-04-17T12:48:31.863000 -CVE-2024-21069,0,0,94b76e11a35f5982393756261bca2c95980e2e373f3dace9b51fd549827eeefd,2024-04-17T12:48:31.863000 +CVE-2024-21060,0,1,3adc5db380329c2a5b56a0c3ebde28cdf3b61ed34fa861ceee80c7f5142f8a31,2024-04-17T12:48:31.863000 +CVE-2024-21061,0,1,51d92b8ebe655e1b6b499d0a31b659c7a916e5d7eef7efc3eaec50f44827a983,2024-04-17T12:48:31.863000 +CVE-2024-21062,0,1,618793b1d7cdd6ec2f7aab886d0b30fabcf867ba7b496e9d9f123669957cc7d3,2024-04-17T12:48:31.863000 +CVE-2024-21063,0,1,00386ec9dcc1fb2e461a93486ecd091af48c62d800497f6a70a354e04b74b45f,2024-04-17T12:48:31.863000 +CVE-2024-21064,0,1,9f3d1dcc2da77fdbd8284a8907c4fea172ce50f42d0e165f15cd0a1ff6590ae3,2024-04-17T12:48:31.863000 +CVE-2024-21065,0,1,5c383c00c861b9299dc3d8d083a6c7b2ef320b710a4f76187481f80141c2960a,2024-04-17T12:48:31.863000 +CVE-2024-21066,0,1,de5f164f54f519fa892c56099d5df7cc21033da5ed96c3454d6c06c478b93607,2024-04-17T12:48:31.863000 +CVE-2024-21067,0,1,a54cc3b06c3985193c6346b3dbabf214dd2faeed68c1d4b7f9a909ecc6ea6d17,2024-04-17T12:48:31.863000 +CVE-2024-21068,0,1,e7d9522ca13576b208b08d4fd425a3f59939f919c2e5396bbec32f828b318699,2024-04-17T12:48:31.863000 +CVE-2024-21069,0,1,1356f0035f59f4ebe3cabf5fb137a1d458f1cefbb702a427e5d48bbf638d91b4,2024-04-17T12:48:31.863000 CVE-2024-2107,0,0,b116f601239eee1477d732dcdf4bd402d2ca5c711c20a89df0a8e9dd54cd4cd1,2024-03-13T12:33:51.697000 -CVE-2024-21070,0,0,fee7056d83e0d70a20f5d90a2b12e29f0e5bcaf8c9053bce3b3bfbee51439452,2024-04-17T12:48:31.863000 -CVE-2024-21071,0,0,c379442b54b3469aa4076cd0e0f55fce13697d44fa69e68e342b8f2ae6f9131b,2024-04-17T12:48:31.863000 -CVE-2024-21072,0,0,f46f2249b39d587909f142bd51f9f2a17882d785fb5a1105f2bf3d98d68bfc8d,2024-04-17T12:48:31.863000 -CVE-2024-21073,0,0,44719512762b97c53a75f915c768adae5d0ab49a165a33f653052f90cf0b014a,2024-04-17T12:48:31.863000 -CVE-2024-21074,0,0,8cc81c7715b08dec5acdc5022d92a4d9b7f7b599ac22a2e60bfeb3c0c2f3977a,2024-04-17T12:48:31.863000 -CVE-2024-21075,0,0,81223f4296dd35e62b6ca8c226fbc36df9c312029073596add477c4be53ccdaa,2024-04-17T12:48:31.863000 -CVE-2024-21076,0,0,27e42fc724f759a799cf5ff37931359d15efedc8ae46ff49a9ecf89a73c79451,2024-04-17T12:48:31.863000 -CVE-2024-21077,0,0,d363da807cd135001b437e2611eeb5a09c1b19dde60f3057a6b3fd7b386b5dd5,2024-04-17T12:48:31.863000 -CVE-2024-21078,0,0,03a4b0bea5932b14dd83c8d3414e9fe3c0ad785eca3891032d8a608d4a137508,2024-04-17T12:48:31.863000 -CVE-2024-21079,0,0,b2d592d1b2f7826d83f53cf63cc8dbd6a8eae3e8a975d939381ff84f2015e379,2024-04-17T12:48:31.863000 +CVE-2024-21070,0,1,e8030e5c2290cb4930c1b97772fc5cd61f6499852535f41c7c876dacccf80408,2024-04-17T12:48:31.863000 +CVE-2024-21071,0,1,03289049dae9db581ba288f8404b2ec6bffda8d448aa4ca077c7b01898c361e5,2024-04-17T12:48:31.863000 +CVE-2024-21072,0,1,ce9c18c2018de5a843e261ad002d5993f0ef337de7ee9186d80c4ebf4b6aa9c4,2024-04-17T12:48:31.863000 +CVE-2024-21073,0,1,fe115e70b52ad31927d6472876ddfbdaca8735a212deb1a232b2d9074bc4b1e1,2024-04-17T12:48:31.863000 +CVE-2024-21074,0,1,e06fcaa946227d65b34309ee41ab70ce63c30d30364915864f5924dbf6f4fc07,2024-04-17T12:48:31.863000 +CVE-2024-21075,0,1,cc7a1b452aabf2c5ba5be2bf197f726766390484fa39b3173c57c158d7db1520,2024-04-17T12:48:31.863000 +CVE-2024-21076,0,1,de2f9ffc37175b721b3a72d1db942b2eb835c46e430692e9a7c17dad77f65722,2024-04-17T12:48:31.863000 +CVE-2024-21077,0,1,7d54f962fd329410a2de9cf3e3be674abbf89ccf22e3243716f40918071b6077,2024-04-17T12:48:31.863000 +CVE-2024-21078,0,1,f9bfccaa6eb825543f5768c39362b7a618eb3696380078751ce4b1ae799ced0c,2024-04-17T12:48:31.863000 +CVE-2024-21079,0,1,9f653adcd001d570b8e4c09d0ffa19cb5ecf76d40d796eee507d123a582ce247,2024-04-17T12:48:31.863000 CVE-2024-2108,0,0,c2fa70d90e7c92604d37599b63a68c51b88c7a208a94e63da1f79da8e05cb6df,2024-03-29T12:45:02.937000 -CVE-2024-21080,0,0,4f3b71d6bc51704b8641ed7142971376ec3fad63d9760b544094d6d5bbaaa642,2024-04-17T12:48:31.863000 -CVE-2024-21081,0,0,96934dbf6dbbcb27a09937bf7225803f772d428df4b698400a4267b73cea00e3,2024-04-17T12:48:31.863000 -CVE-2024-21082,0,0,d55f9dfad901daade1c17daa9420153a589abcdaf2593a2ccba0e3758043035d,2024-04-17T12:48:31.863000 -CVE-2024-21083,0,0,9d7cef65e97c3c2b835755842664b1dcb59a2ea8a967652228a6b2c6f07f8acf,2024-04-17T12:48:31.863000 -CVE-2024-21084,0,0,7f772b1b369960cc177b798ce429d4e5a527bc843d116ae14e40f8c8ebd76011,2024-04-17T12:48:31.863000 +CVE-2024-21080,0,1,01811d1f17c04832a5c53ff5c25f7b600d2f5efedad9bc1c4e4ea77f8597eaec,2024-04-17T12:48:31.863000 +CVE-2024-21081,0,1,8525b7c574e97940ea59e5c3f9b60a1dccb8ad8d7a8590b7c7a54ff25a5e4348,2024-04-17T12:48:31.863000 +CVE-2024-21082,0,1,c26bfca8435f62f7a91a96e3ea3770988e364ed37b65c6e9e3c3fa331f2f9538,2024-04-17T12:48:31.863000 +CVE-2024-21083,0,1,1bebe608617a7b6c263f2bd12f08aa2fed726df83e43e9cb80226396336525ef,2024-04-17T12:48:31.863000 +CVE-2024-21084,0,1,1cb8a741188b441a8430ab8dada3a0d4db99599bc63794a25c2cddb40535089e,2024-04-17T12:48:31.863000 CVE-2024-21085,0,0,5c75a545bf417258ff0da52be43c2201a788dbf24bdb0529b936c35b6480cccb,2024-04-17T12:48:31.863000 CVE-2024-21086,0,0,6225dbda94f0cf6447c5470d5f742e2b6c9860df4608d2672fbec36d7710ddae,2024-04-17T12:48:31.863000 CVE-2024-21087,0,0,a583c55d3bff66d9e8b3ea3e82126959d82631d9ebff26ed8c89dc44f6423327,2024-04-17T12:48:31.863000 @@ -240878,7 +240878,7 @@ CVE-2024-22009,0,0,9f46d03f46533395b52f33e504d1061779b4720252536aedb291abec3dfc2 CVE-2024-22010,0,0,c8be08522110436a9d4fa99d4021d5a2fb6c1481cb50733e6d40fe00f78adb8d,2024-03-12T12:40:13.500000 CVE-2024-22011,0,0,a4e97c7f0f5404ca7a76cbebfc7c0a8de2f95a8e9b552d17a02deebc519bdec2,2024-03-12T12:40:13.500000 CVE-2024-22012,0,0,6083637305fc19ea62a8c209ebe6bfac1cd035e045c787ca530a090291dc1971,2024-03-12T21:15:57.953000 -CVE-2024-22014,0,0,8a123872022983e60f1a8d5a68f89458efbf870837682e7c5915f04240b4354a,2024-04-15T19:12:25.887000 +CVE-2024-22014,0,1,79bf9edaea087eb4739d179f2ed69981a390cf89f67c6fe45526acb6cb4887ec,2024-04-15T19:12:25.887000 CVE-2024-22016,0,0,72bb3341c866069974fe863b6c9e848e25809f5f0697d51cda8a3c348c9671f4,2024-02-07T17:33:12.727000 CVE-2024-22017,0,0,0f6f205b1f325c4a0d9e7320cb7015df886250fb433faa3c59bf3b2f4d0b8c64,2024-03-19T13:26:46 CVE-2024-22019,0,0,f2437e68c6ddb8f7177f54a0e9f52e5ca8426b13996c7a8a6cfcbbb0d671c60e,2024-03-15T11:15:08.807000 @@ -241097,7 +241097,7 @@ CVE-2024-22334,0,0,a38b89fac619e220b3f32a5ed9cb762bdaa0f4626e986bbf119b83360e4c1 CVE-2024-22335,0,0,94b1135a0842e43602bc9fceeeec6f6d8338d5d9b6e931e6a3e1f0f5ed52affb,2024-02-20T19:50:53.960000 CVE-2024-22336,0,0,92b17f3ddf77b7c8a53a41f903603d0d36207de06fae8bd71fc2469777bc3663,2024-02-20T19:50:53.960000 CVE-2024-22337,0,0,9a674fac9bc4716d61a028d3be9473027552f3c1c11335efca4b4ddefd1e14f0,2024-02-20T19:50:53.960000 -CVE-2024-22339,0,0,141d87c0954232284d5d12d393f2f8e1e8696b0a8047869855deb4538b3a46d2,2024-04-15T13:15:31.997000 +CVE-2024-22339,0,1,7da5694b93905b7c6d93ed93108dac6dab6202238259984860ef1d6e1bec9ec9,2024-04-15T13:15:31.997000 CVE-2024-22346,0,0,638ee4e9687c7c28032b432c317662713c057110b08b4b27024e81eb8453bf9e,2024-03-19T16:50:10.570000 CVE-2024-22352,0,0,8ad74f9c108b142191e10d9f1af5800c7055fc5b8e79f7a9a2cf40171c06b8cd,2024-04-01T15:23:54.530000 CVE-2024-22353,0,0,dcde4e1942667b685d2979f87ac00f95d42a8fc5d16f7dbd8bc9f66a2b78dfbb,2024-04-02T17:56:57.187000 @@ -241168,9 +241168,9 @@ CVE-2024-22432,0,0,a5ce1013533b36d94c95ad06d489dc2a6480ecc8fe7741cd230ce585b643d CVE-2024-22433,0,0,15060e68251742f26417bd26381576269dfd06519ddd1ac4517720d4b647a719,2024-02-13T22:51:37.293000 CVE-2024-22435,0,0,63d3c6ff0ea5e8606afc0a042ae1ba4d16e4c7825abc180858001e3c9271c430,2024-04-15T13:15:31.997000 CVE-2024-22436,0,0,00b74e1ff886d20ebe92bbc8b1e6fdd82d357402c604ca27f782e052d7d04706,2024-03-27T12:29:41.530000 -CVE-2024-22437,0,0,bcd09ea4e2ab29740ce413166206e29119b0f11b263bba5c3af29e6ff66618de,2024-04-15T13:15:31.997000 -CVE-2024-22438,0,0,00b1f6fea95cc12bf55e3ec15b9e8889b70e48e5800392d29eb723b54fa81c63,2024-04-15T13:15:31.997000 -CVE-2024-22439,0,0,c284ac05dcfe1c5c8368fcbc345962191b6b789781d7b05f3b8a91ee0ccb4638,2024-04-15T13:15:31.997000 +CVE-2024-22437,0,1,3422b6020b144b7970bc24bec154cff5bc727ac4e8102f101b8537020114637c,2024-04-15T13:15:31.997000 +CVE-2024-22438,0,1,bee1cb47819291e409cddcca83d17bf91f2a7398d7db7bb8bfb08becfc221a65,2024-04-15T13:15:31.997000 +CVE-2024-22439,0,1,68fdc9e86d9d7010cf87c0dffe04f792202ad8fc5916fbce2d0d86873ffd5ac0,2024-04-15T13:15:31.997000 CVE-2024-2244,0,0,6067a10fe151799fd67b78b9c0fca1b24ea3e87a8b60b472c9b5348df432c4fd,2024-03-27T12:29:30.307000 CVE-2024-22440,0,0,e9fbe253a3b845999ad51e8608a5499ef2da97643e353718a1816ebef33a9ca6,2024-04-17T12:48:07.510000 CVE-2024-22445,0,0,874153d1fc6b93fe9f1bc951c0a860f76df46d0b4a1da0ccdd296d9b31c66c08,2024-02-27T16:51:44.013000 @@ -241616,7 +241616,7 @@ CVE-2024-23478,0,0,b3a2615dbe854f9cd6f6758ce3a7c085bf544d3fb8c18446bd16ed76b713d CVE-2024-23479,0,0,347fa1fab90846375f3cbda9f21578cf079b96a3697a975655102d71cb94c108,2024-02-20T20:17:31.460000 CVE-2024-2348,0,0,1b2471f8551c69b217b1850b52d1bf1e7f9aea8e8dfc43b59c7bf2992281c35f,2024-04-10T13:23:38.787000 CVE-2024-23482,0,0,9bbfaddb28c8d4f40fa7310b24a63cdb6abbe6ffffa800b3d9da686c071e8fa5,2024-03-26T17:09:53.043000 -CVE-2024-23486,0,0,7a0883717b93748c5cd1a94009fdcd0ead4eb6504179b5c6911eb2637af65936,2024-04-15T13:15:31.997000 +CVE-2024-23486,0,1,84628b24191ecd8d97cad40624d059dda6678dd017cf385c75eef18a5c2f1b3a,2024-04-15T13:15:31.997000 CVE-2024-23488,0,0,57450458303c48f58f7accf28de637666e8c4b38b2ec58f4dc15eb09b92be21a,2024-02-29T13:49:29.390000 CVE-2024-23492,0,0,d17f20935d7800a39d4799e18e6d8e0d4e3c7e091ea11abdb4c06f64410c2404,2024-04-11T01:24:48 CVE-2024-23493,0,0,91cbf193a715aa0c526237151c4d36164df1ccaf1f366a7cf8bdf551267e12ba,2024-02-29T13:49:29.390000 @@ -241662,15 +241662,15 @@ CVE-2024-23550,0,0,233aa541fdda788f0e4e95c8a9a0a8f5d7fa7689dcd559af0cf5e5843a531 CVE-2024-23553,0,0,51ea2d50cc1ff4dbab518de2a29e9ef6a91bd6b91073c23eb1a7f0cb7c8f1090,2024-02-10T00:59:00.423000 CVE-2024-23557,0,0,c1e3777f7706c5637c3babf0c39f0462f9d51e731fae3bfba6c8c968c64a983b,2024-04-19T13:10:25.637000 CVE-2024-23558,0,0,0e030b3ddee305097ecf13a5fc93f84821f79454ea82e12098abf6fd591f4cb5,2024-04-16T13:24:07.103000 -CVE-2024-23559,0,0,4683f3bb73772af2753e857717965c2e56da3622758b2f87d6442aaa0d7f2c20,2024-04-15T19:15:09.577000 +CVE-2024-23559,0,1,a67d6aa6c2589ae3d37731867bb9f648e4b5d30ad4eba2e61f15676037d7636b,2024-04-15T19:15:09.577000 CVE-2024-23560,0,0,39262a3d1a015486541c11a9acaae3509226c69e322cbf4650c4cfad43009fa6,2024-04-16T13:24:07.103000 CVE-2024-23561,0,0,a22fcf5dfd91b5d6ac506750080d833a3983c3c231b1230f7c5930b307faa639,2024-04-16T13:24:07.103000 CVE-2024-2357,0,0,2af3f167a5f07c033333870e1f5044e9ac66d1548287fd20eff05541e2132cfb,2024-03-23T03:15:12.690000 CVE-2024-23584,0,0,0a74df816091d3b0eb89fda75cd2dbdfa4a27fc3d1fc7171d6cfed2608adfd53,2024-04-11T01:24:48.327000 CVE-2024-23591,0,0,f4c08614f6a162f49ecc99f020c088036b0b565e06b57796e1304b45ae78e59d,2024-02-20T22:15:08.353000 CVE-2024-23592,0,0,8410729adf8ea2140a95009744b2dfc023c8f0c5b5843d18404a4118ed1b693b,2024-04-08T18:49:25.863000 -CVE-2024-23593,0,0,ad6e575454ec10abdbcddfce9847c133592e162a7fdb8520c581753a618fba7f,2024-04-15T19:12:25.887000 -CVE-2024-23594,0,0,1c55c82c1970725fa8960bfe1d99d25dd40d0eec7a9b7472558747b4d134ee32,2024-04-15T19:12:25.887000 +CVE-2024-23593,0,1,e43cd79f2df730f0b9c8ef9c7ef8b007f3d9ef85731bb4145522b4b6df0d2413,2024-04-15T19:12:25.887000 +CVE-2024-23594,0,1,4ee287fb2806b084145e389a1db24a17ecf815a9228bb0d30b732f16b4247731,2024-04-15T19:12:25.887000 CVE-2024-23603,0,0,2b536971fe4d260603348583e5e85d59f5debd4cec090f729c87a6dbde3a5ce7,2024-02-14T18:04:45.380000 CVE-2024-23604,0,0,760bd2ccdc3dff1dab3cc8af2bcb4408e0ff89553b2b7d9d0cb5ed9c08f6a616,2024-03-18T12:38:25.490000 CVE-2024-23605,0,0,559f2b18ab2042f99709ab0e3fa4fcace7fdbe41b3b5e10d7fdaf53ba9d4932f,2024-02-26T18:15:07.673000 @@ -241911,7 +241911,7 @@ CVE-2024-23904,0,0,678d9b9e94528dc2befb7afc9e4f3790d1499e848c388388aaa93c118b2a1 CVE-2024-23905,0,0,2d8ebad5c05b335845d8a0c6b27832798a9c27087f41f1dd4daf5a7e2afef75a,2024-01-29T19:26:11.517000 CVE-2024-2391,0,0,fd3c56d19cfdb51c26b65d074d54709719e794ba6c0db8c6b8b791a18f6fe3ca,2024-04-11T01:25:23.393000 CVE-2024-23910,0,0,e6adc416dd7b19484faa305c4e8491b3ff3f8809d94d53eb510d517290865995,2024-04-04T01:15:50.027000 -CVE-2024-23911,0,0,7f893265a2189ba5c33966f095df9894311ef1b7ef075cc3a3bc03d3e6998c02,2024-04-15T13:15:31.997000 +CVE-2024-23911,0,1,f05e17f474751d92c0d0b7dd0326335d7f22fd7de41e1b09eac2c91ab043885f,2024-04-15T13:15:31.997000 CVE-2024-23917,0,0,43acd2786eef775b4e5af3da03e8f628e79a58b917087bea0e9c91638665592f,2024-02-09T01:05:22.180000 CVE-2024-2392,0,0,42336a48d6bafcd50dc6522fe24a4d56dee45c4fa6295037e9d4d2226834e64c,2024-03-22T12:45:36.130000 CVE-2024-2393,0,0,a735f579c8d8282e2e770bb2e57ba455b9e1d053a4e15dfbb3b2c5e4432a6f37,2024-04-11T01:25:23.490000 @@ -242310,7 +242310,7 @@ CVE-2024-24849,0,0,7310ea40ba14819a766bfed2718d0ae7c9bf655c4a04b330968acbdb73d5a CVE-2024-2485,0,0,aec6117ea1a1dfb334b0faba2cbe3a771ed254022230a062dfd876d4464b5f18,2024-04-11T01:25:24.823000 CVE-2024-24850,0,0,652490ba0ed83980506bcf4c7e3a9ad65010ac8cd59cdee6424f69f7b08c43da,2024-04-11T12:47:44.137000 CVE-2024-24855,0,0,53926eea6176e5ec7dac755182b92f74698401115acbca0c88724948db080e51,2024-02-10T04:06:40.840000 -CVE-2024-24856,0,0,14304b2c5c3fade7c1c5e35429c8d54d146e06fa92e6cbf6b688dbb77006b673,2024-04-17T12:48:07.510000 +CVE-2024-24856,0,1,3fbede9fb1e1a49098a519a6ab755d5eecca4b4d89d1aee012dd0c022772657b,2024-04-17T12:48:07.510000 CVE-2024-24857,0,0,bd0a671ef627655a534b97d40879c56dc0a8ee5f900294aaa10a2d6428455f4e,2024-02-10T04:06:50.263000 CVE-2024-24858,0,0,249d6bf347d8c64c978bec670161d1545cd8d4294041793438e8d2c55804ba1b,2024-02-10T04:06:20.077000 CVE-2024-24859,0,0,e679ba08f49ce2259e6fae9f7247bb624101b65d866a2698d5f41c0ab1e599e7,2024-02-10T04:06:05.623000 @@ -242345,10 +242345,10 @@ CVE-2024-24888,0,0,d9fcecea0e72cdf4b49df41bdf4584e97aac1fbf4814d530e6851c6146a1d CVE-2024-24889,0,0,160e344fd60146726ab8e77aa791f12196b0392022f8c6908394fea561203d9c,2024-02-12T14:20:03.287000 CVE-2024-2489,0,0,0bc09c23e9eac1dfab5e3ca6d81034740916d28b0696ee3b30b21497453705bd,2024-04-11T01:25:25.173000 CVE-2024-24890,0,0,476cd77466eb47d427e638860bf0112b952ffdf5be73565687494243bfb94415,2024-03-25T13:47:14.087000 -CVE-2024-24891,0,0,caf1c31d49acab8c62e6d431b6c2db930bec40e2c9a3ea9106e8f78c71a92222,2024-04-15T13:15:31.997000 +CVE-2024-24891,0,1,8091ad56e731b62077956e8c093a2314d3e5522048e8134e34af6b11bf4d8daa,2024-04-15T13:15:31.997000 CVE-2024-24892,0,0,e3df7d8086cf077400503ee3febd179700dd55abddaf1f2aed03d8c728d62974,2024-03-25T13:47:14.087000 CVE-2024-24897,0,0,a16b4f7aca38d40ccfb500ada0dacc535162c46a570f0990a1d14319a13e4a55,2024-03-25T13:47:14.087000 -CVE-2024-24898,0,0,45215ca6efc35023d48056688c1dae694540fbdae0ae7c936bd1ec5134adbf7e,2024-04-15T13:15:31.997000 +CVE-2024-24898,0,1,30830d884f42b2e04c599fba9bff4ac7a0814bca4a7d4650eb0e74139ee59073,2024-04-15T13:15:31.997000 CVE-2024-24899,0,0,6fbc4151d83a12edbae06afd3aac16f11a6c1a7b16646074811417dd7b55e116,2024-03-25T13:47:14.087000 CVE-2024-2490,0,0,ec268cc7c74c70f29a4986056c50a0ef68884b59d0ecedec6c82805d28a72ad5,2024-04-11T01:25:25.250000 CVE-2024-24900,0,0,d2f2646cd0bb1f0bb853e51c5727aeb441edafd3f59bfc90a7e51ce3facb6abb,2024-03-01T14:04:04.827000 @@ -242359,7 +242359,7 @@ CVE-2024-24905,0,0,d7e93f9dc91e7e0fc974d5294e6bad29e608d74322077ba4d39a1c57043a9 CVE-2024-24906,0,0,6cea72bb7f9258908c1ed1c3f8325d4f06f0b542821e0483a147e01b51c62959,2024-03-01T14:04:04.827000 CVE-2024-24907,0,0,df860e0bf6b93f40d4575a350995841695d535878bc5da8a5944cc146004b078,2024-03-01T15:23:36.177000 CVE-2024-2491,0,0,56d5936f32866edf29962cfc16d1b84e21384fb0d36dc5404e3888c50a6878ee,2024-04-01T01:12:59.077000 -CVE-2024-24910,0,0,728134a4c2ab198284d9ae0b82d7d4918379c891186e17fdaf07a2c7235d3f66,2024-04-18T18:25:55.267000 +CVE-2024-24910,0,1,bb7bb7f4f89300a6c40465a407ba5586d91f4a455e8da02c5a17663b7715ec72,2024-04-18T18:25:55.267000 CVE-2024-2492,0,0,a83da3e7ac12e71f3238f0026df94ba19b3a7e74326df6047a5459c611fae961,2024-04-10T13:23:38.787000 CVE-2024-24920,0,0,0c6e0a299c3dcb3e2c9c47cd3391320c9c9126b8fcb7683d54f65bff941cba09,2024-02-13T14:01:00.987000 CVE-2024-24921,0,0,2756f13f54e6771800d4e52f7442498e73a8fe2b3f97e730b1c320dbcf7f624d,2024-02-13T14:01:00.987000 @@ -242478,7 +242478,7 @@ CVE-2024-25139,0,0,74a1a5b7a626d7e1a0de61a1ac7f86e47d772626c4f0df2c72c44f9b9fe45 CVE-2024-2514,0,0,96aa0d3cf09a0ef3fcd86890da8f9fdea178ce42d022735887ee7f8798ba45a2,2024-04-11T01:25:25.547000 CVE-2024-25140,0,0,e0076fbf31538b086dd52a856ddfe0d9cdd6db5df39f7558a16df193b37935a7,2024-04-11T01:24:55.113000 CVE-2024-25141,0,0,48f7b04af2e96f1eec8716e65032c2fb66196d4c47edca9d45198681efaeed74,2024-02-20T22:15:08.670000 -CVE-2024-25143,0,0,7a38d7256730cc2c02a81fb1740e1251b0cdcb86272bba7bb704010555e7d14e,2024-02-07T17:04:54.407000 +CVE-2024-25143,0,1,1e8c832f1a9dadf4942cad4aead6d2b651b3644cad4a347f966955fac6cc114d,2024-02-07T17:04:54.407000 CVE-2024-25144,0,0,a6c13ad7167848c49a5d40b01da68d21d9e0c28e7dcf9021386119f5261fbaa8,2024-02-15T04:36:24.350000 CVE-2024-25145,0,0,4d151fe37dc24069dd8110580bdd4f039d66d4f3402218ddef43cec9606e51ad,2024-02-15T15:10:35.503000 CVE-2024-25146,0,0,013579f9ad5fbd09d96a5f18f7da7c3d6883c1239dae1f074da9550709e7bb36,2024-02-15T04:37:12.337000 @@ -242567,8 +242567,8 @@ CVE-2024-25294,0,0,f95809dd72d0d29f306e64dc9390645e69b344c0241b1ce90e2194188140d CVE-2024-25297,0,0,e43f2838978fb40e4930c991059ea0b3926c2eca96695eab2334d8a4e8886560,2024-04-11T14:02:41.473000 CVE-2024-25298,0,0,bf85debb0b48c7785ba1fe04e103d557c66dabf290db3d94d61aedde1f0f4cc2,2024-04-11T14:02:27.920000 CVE-2024-2530,0,0,665bfc998f53f547186bc19aa8471a76533b5fe55e3093b15374e48a6cce62dd,2024-04-11T01:25:26.807000 -CVE-2024-25300,0,0,c59f89d4e1d1def245eb85cd50751b2e42bf0f32dc12624be6f448efe43f0fd3,2024-02-15T06:23:39.303000 -CVE-2024-25301,0,0,7f246f5f319ce5c0919ca880b46e33ef053257f4e0f98af194926a7ea4f2b783,2024-02-15T06:23:39.303000 +CVE-2024-25300,0,1,532d4408822da54b9032a1a028943507fb52c15d2d61477aa68540cd180a09bb,2024-02-15T06:23:39.303000 +CVE-2024-25301,0,1,29380491052fb9a8fe79325a8bd51a80f7372d6ffa6429fb025415dbd9e6ee73,2024-02-15T06:23:39.303000 CVE-2024-25302,0,0,ecc19fbd05e49a18009047767e692d79274fe3c3eff09a17e5e0ee19370e34df,2024-02-22T03:37:51.937000 CVE-2024-25304,0,0,6256b681257818f5ec57e92f8c30ade836a8e36d1d1bc3ce76783cce22ca2982,2024-02-12T14:29:11.507000 CVE-2024-25305,0,0,14f6325d0d7a185c6be27f19a72c2b6595b9dbf93bd267e77faf2959d41041b5,2024-02-12T14:28:56.647000 @@ -242956,7 +242956,7 @@ CVE-2024-26005,0,0,21f5813ff10f50303a70abaad99d1a58bb1553a9ae84175693ea090d82599 CVE-2024-26016,0,0,225df2de732dbe1aa65450d758c74d9fd62d1571f14eb88fac267d40c0b495b0,2024-02-28T15:15:09.320000 CVE-2024-26018,0,0,f0a23aadd063ff7c7efa65bdfb2fba637cb4053fe19b3da7278a7f893beabdc7,2024-03-26T12:55:05.010000 CVE-2024-26019,0,0,fbe6a7f77deb15cc085d52bc5fe2b39474b81c363a3a1755ab2818a8be2623e5,2024-04-11T12:47:44.137000 -CVE-2024-26023,0,0,265b63cd0a88cfd0f897a2b63c24635f345ddc3bbd57e2ddc60c653e95a42258,2024-04-15T13:15:31.997000 +CVE-2024-26023,0,1,03df4473c85ab0c8247169f36cdaabb6d0ade251a86d2a476e4dede57424f28c,2024-04-15T13:15:31.997000 CVE-2024-26028,0,0,f0eeab6f00388b393e9761660fb13451fd75e54f8248c45c23f5d18cc79809b2,2024-03-18T19:40:00.173000 CVE-2024-26030,0,0,6e3023416b037dd092fe7b5e942072e3533649d1b2cfd157142cc39338fedbad,2024-03-18T19:40:00.173000 CVE-2024-26031,0,0,ed002faaad586ba4ca84a6198e87a403fdacf5cc79e96297a7527ff0ace203b7,2024-03-18T19:40:00.173000 @@ -243270,7 +243270,7 @@ CVE-2024-26586,0,0,85e4fb034cd8f802fb7949a6edeb44e49e071e6e365162d8c01bd895923b7 CVE-2024-26587,0,0,9404613a5d22d59f7b9830950f6da0789d954efb37d6d668289d4948436f8def,2024-03-18T18:09:54.027000 CVE-2024-26588,0,0,a12e329faae009d801e11973c8a72020a4a4a89d8da3b097e68d3f4be6ee8827,2024-03-18T18:02:15.647000 CVE-2024-26589,0,0,528da0ad6ce01bf77db8eec7de0776ce7a2f821b4949af8b66c0af55f0b7555f,2024-03-18T17:56:56.953000 -CVE-2024-2659,0,0,9a8b8c6afb4f92c3aa07be0a2fee934939fc20b633eb3180766cac1975370e37,2024-04-15T19:12:25.887000 +CVE-2024-2659,0,1,f70d39261e85fb28ecf8b90e66824a1515a67332ae1cb9fb94b78b0878034f3f,2024-04-15T19:12:25.887000 CVE-2024-26590,0,0,abd86201bd23efc7d86afd5c0d7b0d654a2577ad84615d2348f851e6a7a9eae0,2024-03-18T17:54:20.197000 CVE-2024-26591,0,0,5929783d5428bb2c14c53508060d365bc2cc03643c73a5c691e380ff07f76710,2024-03-18T17:54:44.267000 CVE-2024-26592,0,0,5ff5d392da394512ac4c5d4bc3e700039f943a7b57abe9c25e65c9574333338f,2024-02-23T09:15:22.877000 @@ -243517,116 +243517,116 @@ CVE-2024-26814,0,0,cc1f4c4ee0ddb8caf435f1369c8b74e01b83a1ebb078466c399be2b768271 CVE-2024-26815,0,0,ad84c918cc4b6959b9513350d04a4e06efb88cb36d856c286d02e439b1d59421,2024-04-10T13:23:38.787000 CVE-2024-26816,0,0,7edd6d54a3ba0eb8973c578b9102ff3c74e5fec3289e651ec34592c623f09528,2024-04-10T19:49:51.183000 CVE-2024-26817,0,0,387f16aa5ecfd46ae8a86589109af9b5514ba06dc0acbcac24b58933747b13f7,2024-04-17T03:15:06.887000 -CVE-2024-26818,0,0,44814adae4eb7ce8a96416da77812c5ab7edb6c2250fa969811564f2c5b8266c,2024-04-17T12:48:07.510000 +CVE-2024-26818,0,1,40d26d3276805e6255d3381973075daff640f2dd2a4dd14cbf39bd569614d2e8,2024-04-17T12:48:07.510000 CVE-2024-26819,0,0,06d730ad66f717e3ecec94095811f6f9ed240664c50d7732b1864909f513ae5d,2024-04-18T13:15:17.797000 CVE-2024-2682,0,0,0f2a052c92797c0b9eb2b669278d840d43bd9a849bc2ac56884f6083311e897c,2024-04-11T01:25:32.230000 -CVE-2024-26820,0,0,485e9f7b5902fa12c1152625f6f8bf9d6c493f6da95cecd88671a47a8bd4e3ac,2024-04-17T12:48:07.510000 -CVE-2024-26821,0,0,3fb0ac21a585f186689e4dee040971ec74bb85a445e05dd5efccb5b1dcb93605,2024-04-17T12:48:07.510000 -CVE-2024-26822,0,0,23a9bd833e2f0fe260e535be50fb6f9a9e75114a22552604afd48efd9e4d8e43,2024-04-17T12:48:07.510000 -CVE-2024-26823,0,0,d748bb6374b64ad427b7ebe9da5084d2166cb48b3b19f6a406f204b508b92811,2024-04-17T12:48:07.510000 -CVE-2024-26824,0,0,38d8ea722d76da87c18c75ce9f20b2669c1a1014f7c16596ff494952c4ff6cea,2024-04-17T12:48:07.510000 -CVE-2024-26825,0,0,3b8cb22f929ded191549763da9fba520d8a130b697bc61a72b23940c91510259,2024-04-17T12:48:07.510000 -CVE-2024-26826,0,0,cfdd54582746013fe50129db5f3e55be0098e21f8accf7bc251d1012a7870b8f,2024-04-17T12:48:07.510000 +CVE-2024-26820,0,1,c8fae26c827412dafe3366c4bb847c85025609a6c5e9371962183b119db767ae,2024-04-17T12:48:07.510000 +CVE-2024-26821,0,1,81fd4716fafd20c99603abae1db13b2068f1e763e6251e86b6b153d4fc41f4ab,2024-04-17T12:48:07.510000 +CVE-2024-26822,0,1,3373cd9df298397a50e6cc4662867b05a6afb8a025fccfd5e08e2ad618675584,2024-04-17T12:48:07.510000 +CVE-2024-26823,0,1,5aafeba587448416d05e5a5a45c02f351c1873fc1ff3f22835930b6b7315f6cd,2024-04-17T12:48:07.510000 +CVE-2024-26824,0,1,7b86d4671a489a33c0d3d97b50ccd27d8d19ed1c5836eca3fe2d38f7c1821f3c,2024-04-17T12:48:07.510000 +CVE-2024-26825,0,1,6e85faeed56f41e164049e44db69014a294e85e4ecbfb36396458d271b09e1a1,2024-04-17T12:48:07.510000 +CVE-2024-26826,0,1,0023219e6fadc1471f325e5568c3ca5961f0e30337693db28ff92f4b92552659,2024-04-17T12:48:07.510000 CVE-2024-26827,0,0,fd591f90bc55bb191c313ddbba148ebdd8191264d560a6f24499e5366149fc98,2024-04-18T15:15:28.957000 -CVE-2024-26828,0,0,42853fe484083f35856b13381274b00dfbbce671fe8b53c4fad80d9636582175,2024-04-17T12:48:07.510000 -CVE-2024-26829,0,0,bcdb3f4da05e3fb216835f4a55cab6d12048acbae82504141d619952eb1c6739,2024-04-17T12:48:07.510000 +CVE-2024-26828,0,1,0b253d18c2be1c728cbe408555a47f66d3d58f5c56914f662040ed322cf9a458,2024-04-17T12:48:07.510000 +CVE-2024-26829,0,1,94e9cad59f0df108aa53e1d0176ae59f8ee5f975fc72438604f45864b3060231,2024-04-17T12:48:07.510000 CVE-2024-2683,0,0,104be48708f7d1d402bdc35a78c18c31fd0a8b7272f17cf78ee82a1b2a0cf430,2024-04-11T01:25:32.320000 -CVE-2024-26830,0,0,3f95ee6f8ccd42fa55533c90b2ecf86dc118f4bf82c48c3442ac0d01ae6ce64d,2024-04-17T12:48:07.510000 -CVE-2024-26831,0,0,86728e60b315433cd49cf7c162fe834a0dc81e86ff39d8153b862107a989c405,2024-04-17T12:48:07.510000 -CVE-2024-26832,0,0,6fc8d1bb5e7d46748445f34ca536a164e9cf805064f861942e922d4fb34b1e9c,2024-04-17T12:48:07.510000 -CVE-2024-26833,0,0,a5be3a493c0a1717a571ca1c0088ba5aa587547cbcc4c42beb8fe59a54d89dc0,2024-04-17T12:48:07.510000 -CVE-2024-26834,0,0,2f352a48f3160df86a8daae512dd8f18ed97630a5573c83a867c249b4345d85d,2024-04-17T12:48:07.510000 -CVE-2024-26835,0,0,c4d9a4929be9a8db923294abe83062bbeae4f51bb46e51ea6a509157515dd3f6,2024-04-17T12:48:07.510000 -CVE-2024-26836,0,0,b2be748b442235431108687e0dc0c2f943aa5784ad3b93e08f046237c880b73b,2024-04-17T12:48:07.510000 -CVE-2024-26837,0,0,15be672f255fe0ddc0e924b51ae5bd2ae44ec49b7b5c5c726b41ee09ab663d32,2024-04-17T12:48:07.510000 -CVE-2024-26838,0,0,0f4d5d8c97c7a4730eb3336a519ff023d627713da16000751a21f2a59f018f82,2024-04-17T12:48:07.510000 -CVE-2024-26839,0,0,4e632dccfaf935209f1610dd945fcf36a905f5037d7e059fec8c903a9449f9d3,2024-04-17T12:48:07.510000 +CVE-2024-26830,0,1,1a619b2b6231e9c534f505a33e47a5535ee87ed821841b0eb14d8157a481b933,2024-04-17T12:48:07.510000 +CVE-2024-26831,0,1,292dd2e872c7d608d8f9f4b73c356d092e8729af54eedd92972c6fbdd9cbf5b9,2024-04-17T12:48:07.510000 +CVE-2024-26832,0,1,8e76ee756bb32581a470872b115fd627b46f9969e3918d4a3685f0e03821477e,2024-04-17T12:48:07.510000 +CVE-2024-26833,0,1,151250678362505ea945d2c7c6da3b3f8d79a36f80b42c324a6c66b7df79c7cf,2024-04-17T12:48:07.510000 +CVE-2024-26834,0,1,cd2e1754feba2dcf6466d3b041d82a6465a2d6a0290b49a69481078dc915d902,2024-04-17T12:48:07.510000 +CVE-2024-26835,0,1,445e9a5c2841cd7e7fea13d6922f07775632263361e509fb251529a47d4ee9b1,2024-04-17T12:48:07.510000 +CVE-2024-26836,0,1,064d8b1318a89f0c00332e64b4914085e8de6a6aa9537c7e6a62a0e5e6a31daa,2024-04-17T12:48:07.510000 +CVE-2024-26837,0,1,b2923edbfcfd990cb8c7c910fdb303a725e2c41942979a2a890e504b4ca329c5,2024-04-17T12:48:07.510000 +CVE-2024-26838,0,1,ab3198c0f540ddb68d0650ae3e41d6c0b772da39a2f0a93355a48c070f2e4e03,2024-04-17T12:48:07.510000 +CVE-2024-26839,0,1,a36810fd28ac0c36b7e9f975ece10f439d05edd8056022fca534db4f7f269cfb,2024-04-17T12:48:07.510000 CVE-2024-2684,0,0,d200307488a4c53cb6bfcb4610ac70041447f2a6624ac7a8a3daddb966843e8f,2024-04-11T01:25:32.403000 -CVE-2024-26840,0,0,445bf1f0a244f83f31e3e85a5ca2c8ef530068117f01d9dd58c62d63b4402e0c,2024-04-17T12:48:07.510000 -CVE-2024-26841,0,0,03b14a0c87e2f40fd08f1da7e173eebeb221e34a012e706a80fe0e76e0cae214,2024-04-17T12:48:07.510000 -CVE-2024-26842,0,0,9aa4a6dc8006d6dec4ffa9e57d557302217c11332211c920bd24546929cc3af9,2024-04-17T12:48:07.510000 -CVE-2024-26843,0,0,23c755bdcd0b71ab5bfff1b021bbd0c44173733f2d3ebb2c11b50497af3a30f5,2024-04-17T12:48:07.510000 -CVE-2024-26844,0,0,6773d3284b405af0fb84f210d245bb6a62cfd347b727776b4fd264b141ca6678,2024-04-17T12:48:07.510000 -CVE-2024-26845,0,0,7b8499b4524b023fcfbff11b9c638565f1d27af0836595b351d672941de4dc97,2024-04-17T12:48:07.510000 -CVE-2024-26846,0,0,4a5f9855c7d1a963056dc2a2db8c6aa5027a579f346668fe5d8e58e0076a4d0f,2024-04-17T12:48:07.510000 -CVE-2024-26847,0,0,baef62921ad79b4516fe5897b18afbd10499aad8a9e519f673e1085bc6cbb6a4,2024-04-17T12:48:07.510000 -CVE-2024-26848,0,0,a9c7423971438d2605e5b7aa2248535576085214cba3ff7807eaea2888bc16bb,2024-04-17T12:48:07.510000 -CVE-2024-26849,0,0,b981db561e4849be56ee15c1b32d96615843f994dcedd7414d731870b7ad433b,2024-04-17T12:48:07.510000 +CVE-2024-26840,0,1,7660ccfb087e42e585ea0fc08190186e3208331eba2ac7384010be58eb6d5228,2024-04-17T12:48:07.510000 +CVE-2024-26841,0,1,7b60548828061101cf079454579fb63958752c20a1498445c1c507afa6393e36,2024-04-17T12:48:07.510000 +CVE-2024-26842,0,1,5cf562507ec36db8dc9722257fae9a8b73e08ee35a91216b4697fe7d398428b2,2024-04-17T12:48:07.510000 +CVE-2024-26843,0,1,cd3dedd7fe93ebe46517318a013cfc0da1f6977b9978db1507caf9a0291eef99,2024-04-17T12:48:07.510000 +CVE-2024-26844,0,1,945f7841fcef9d1ced415256be0fa73ff581ee594e28a60269bbaa43224bdb0f,2024-04-17T12:48:07.510000 +CVE-2024-26845,0,1,35804dc09be298fcb79a8a16677bffe62de42af820524d8f174d756b017f9f69,2024-04-17T12:48:07.510000 +CVE-2024-26846,0,1,435731a408572c1e46a04c4bacec34790d29e45c07d2989e9f87ab2b77eec356,2024-04-17T12:48:07.510000 +CVE-2024-26847,0,1,fddd5e3693a345196251fe99a2eeaed4a9338cbb1677b4de9af1af8f9a529275,2024-04-17T12:48:07.510000 +CVE-2024-26848,0,1,2ed9d96a21420bdd92bfdd76b927fd64606b089197bcfe8615a10d46b6702f5e,2024-04-17T12:48:07.510000 +CVE-2024-26849,0,1,e2291c6ff9ceb2e24619e3e061dfd4838be00a23cdfd68f8d4fcf85adf52b64b,2024-04-17T12:48:07.510000 CVE-2024-2685,0,0,b91ff362cc90537da74c4ea3b2db9cfdb34c51df7ec3806ba8dc042760a6b339,2024-04-11T01:25:32.483000 -CVE-2024-26850,0,0,352981fc76675506f732e53790489890ae7f5a41e5d97a180a0a8ce6cf733cd8,2024-04-17T12:48:07.510000 -CVE-2024-26851,0,0,d087d4a1d42f5c985222d5433c0dafc6d5781a3cd2a326309064f42e4fe96e8f,2024-04-17T12:48:07.510000 -CVE-2024-26852,0,0,6fd8c464444f4b1e6864726970cf6e021bc8d564b3e6f7363884d8d92c7ddf9b,2024-04-17T12:48:07.510000 -CVE-2024-26853,0,0,89a4147be0e431886458b0ea9bbb7bf033751095962690cb7fce28480dcb70a8,2024-04-17T12:48:07.510000 -CVE-2024-26854,0,0,58d50dc6e8d7f3fe008b757f911b97af8e4b1ec0fd67dd134026ae1c4b527db8,2024-04-17T12:48:07.510000 -CVE-2024-26855,0,0,ecc28aae45b2a8c661a0e056b627283dd9cf0eb11e5703879ab4b252b8474abf,2024-04-17T12:48:07.510000 -CVE-2024-26856,0,0,8c4dd1c819dfc856fd77261f78bca4d10c374e334f27c3e126d290f7bc4701ba,2024-04-17T12:48:07.510000 -CVE-2024-26857,0,0,16cdb89df1eeaece5f1659cc7ae5c436262d3687a8fbe0b320272d7d579dd98e,2024-04-17T12:48:07.510000 -CVE-2024-26858,0,0,b51eb16daf32673aeb880d92728c8a96c9de01f889c7aa820c08a535d715d8c9,2024-04-17T12:48:07.510000 -CVE-2024-26859,0,0,85e99c7e344e52c6fc6d01ccfc44bf3bf377fadf887fa52a36a35bdd318110d9,2024-04-17T12:48:07.510000 +CVE-2024-26850,0,1,dab640da12df724b0a3e304a986a85e4251ea2bf463c19dbbcb16aaddef82fab,2024-04-17T12:48:07.510000 +CVE-2024-26851,0,1,1e13cf75e4e476b9a22e0c760a86c9bf885902a74972ce5c71c44d35fd62ddd9,2024-04-17T12:48:07.510000 +CVE-2024-26852,0,1,01cbf172c2b485d943db1de771adc19f878ebdf35064f5c08166cdca9619d1b1,2024-04-17T12:48:07.510000 +CVE-2024-26853,0,1,5c1d6d0e3fff92a472dae6bdc4a94a39e8c365023f2aa19dd97627908917e416,2024-04-17T12:48:07.510000 +CVE-2024-26854,0,1,53a21f4c14becc0ad04525e83e52a874180b437662d139535b9813fc17df7d89,2024-04-17T12:48:07.510000 +CVE-2024-26855,0,1,47812320d46a65ca6a38b0ae771d1d6cf57b526e6d3fc1a558edb815e5c86523,2024-04-17T12:48:07.510000 +CVE-2024-26856,0,1,d2ecc22abb6a286e1e94e314d6222b6a396e97380332e1141586776671c270c3,2024-04-17T12:48:07.510000 +CVE-2024-26857,0,1,3ba3767b76505e9ef5902ae24ca1c136a52c013b06c623f5cd6100200e2e36d0,2024-04-17T12:48:07.510000 +CVE-2024-26858,0,1,a1595995fe6e7388f54b95e2f8e42a98b4c5abbf22f796ecf246cac4c7f687e0,2024-04-17T12:48:07.510000 +CVE-2024-26859,0,1,3eaf4a402e0d0f8fb1662013b38f29f9f2041f33a80710590214838108abeb46,2024-04-17T12:48:07.510000 CVE-2024-2686,0,0,634b9369d86edb0f0698d724f37430dcdbbf3f63846935ae2f00ba034c48c367,2024-04-11T01:25:32.570000 -CVE-2024-26860,0,0,e726923d8fcd9116394d5e76274453409dbbaefad0817057588cea50b3318a60,2024-04-17T12:48:07.510000 -CVE-2024-26861,0,0,bf979a8785f5f6ba9f292bfa0bbbc4c1bfedc4b28e60f1bfcaf0a0f34924305e,2024-04-17T12:48:07.510000 -CVE-2024-26862,0,0,8c9cb82a2b828a73e23ccc7a393b1710f36add2d23be71457a8ddb96e50f1387,2024-04-17T12:48:07.510000 -CVE-2024-26863,0,0,ebfd5f7f95548c0a4d35ca7c3ec2ca3a5650722379dbb099475e93155000b6cc,2024-04-17T12:48:07.510000 -CVE-2024-26864,0,0,04979fcae247c49797b41fc8a5e4ac6551148044bb1f5e5cb5d28b26b154ec9b,2024-04-17T12:48:07.510000 -CVE-2024-26865,0,0,49ee1324d7dac208094fc05b2d7e5c66c6e7008e69837e75d9de51e4625b2a67,2024-04-17T12:48:07.510000 -CVE-2024-26866,0,0,8976f85ebe829b7f690fee5c684b9f8877238dbcf958253b5d109f6ba2cdcc9c,2024-04-17T12:48:07.510000 -CVE-2024-26867,0,0,c33ce657c132d0366e6786f473619034a5dc90b98ab7df34b5bf9b7e8e3a2065,2024-04-17T12:48:07.510000 -CVE-2024-26868,0,0,fc1aafc48c08acf2c3b4d30fadb780d1255c642d4315a55edd7a869e2ed0029e,2024-04-17T12:48:07.510000 -CVE-2024-26869,0,0,2df0a9061bca6b835e2ede92c025f389c580001b21d1584547c5fe4481dcc039,2024-04-17T12:48:07.510000 +CVE-2024-26860,0,1,955f045170883df7e16a3327bfda3dbef0b53bfbdc290182b2ade36cd0a20f7d,2024-04-17T12:48:07.510000 +CVE-2024-26861,0,1,4086a34140be074ea7c1b969c2ffa85b477d4069d6aa2ccf7355a3e7f847eed4,2024-04-17T12:48:07.510000 +CVE-2024-26862,0,1,914e96c3376f0a4837b5738d995ea1ed4affa3bbd44a6b76d356504bb7d584e2,2024-04-17T12:48:07.510000 +CVE-2024-26863,0,1,f7b05691e8a11a51edb25b889d51064935078386af29c3826338c76ec903cf89,2024-04-17T12:48:07.510000 +CVE-2024-26864,0,1,2b55b561df842115720c0063a297afd9b7f4919f08124d6ea85ca055ed0d5ac6,2024-04-17T12:48:07.510000 +CVE-2024-26865,0,1,d1702cc240e430cbb6f254e98b3323917b6e3e54d44bbaeb519424848b98254b,2024-04-17T12:48:07.510000 +CVE-2024-26866,0,1,9cf2c6dd16558c41d4e9bc85a931c7250d9dd5f5522c8eca13890782afc35a08,2024-04-17T12:48:07.510000 +CVE-2024-26867,0,1,e76b2b0f326d3e35d47859522bdb2881a58f9e936a4a2a6027a052a6a2082706,2024-04-17T12:48:07.510000 +CVE-2024-26868,0,1,70c5101666717b5eb44eec352a526e99734a1436d4a4c82d9c16c71405bce635,2024-04-17T12:48:07.510000 +CVE-2024-26869,0,1,b09f96a08fd93a1900c72c0a33cf8878f16964fd28c7cc347702bb355952a379,2024-04-17T12:48:07.510000 CVE-2024-2687,0,0,72cbf2aa55ec5bd20fea6ac1adf5f358a5872122a8f1e7ea86549b816dd18150,2024-04-11T01:25:32.647000 -CVE-2024-26870,0,0,e40d6a360b7c0f6a66ea6330dd196045499740f7c5e26267a79370c0e9f12556,2024-04-17T12:48:07.510000 -CVE-2024-26871,0,0,f4e5e796c29fe74d8a8c19a73602471b2c9bfe586c6d8efc152d3d775bbd9243,2024-04-17T12:48:07.510000 -CVE-2024-26872,0,0,6029f7f63e6cfb5ebe4534558554603854646354d4eb231d3b60815265177cde,2024-04-17T12:48:07.510000 -CVE-2024-26873,0,0,e389961aeea062c2e977ecb4b95eda260afb2841f03e95f451d43ce940004f85,2024-04-17T12:48:07.510000 -CVE-2024-26874,0,0,8a996ee29ec4e16e3eba670f652a6fd1b1b438a4b466b95137bba3e31530d2ad,2024-04-17T12:48:07.510000 -CVE-2024-26875,0,0,9db100e03fc7c0a0c138fa0292664ec952fbad59f6bb278f9b4c1d7739ce0652,2024-04-17T12:48:07.510000 -CVE-2024-26876,0,0,d64b9cd952319eac695b184f2f0bcd85aad83c292f7a95055ba399e971fa2e31,2024-04-17T12:48:07.510000 -CVE-2024-26877,0,0,566f17268ffc32917c8f93e90fbb8c8dc72bf4d689faba139b43ba802b1ba616,2024-04-17T12:48:07.510000 -CVE-2024-26878,0,0,2c42d0bc9e354b486b92124b8f4876db911a575cf3165b6c015e4727f85c5041,2024-04-17T12:48:07.510000 -CVE-2024-26879,0,0,c16b07c2279daf0ecfd9f1003ac34642dc0e59709e8d37b84a393c88b9b13d7e,2024-04-17T12:48:07.510000 +CVE-2024-26870,0,1,97bbb5a00fc3f0d7a15f9e6816717b996f1fc4f719c44c2a857d769c76758df5,2024-04-17T12:48:07.510000 +CVE-2024-26871,0,1,7b94723f819c3faa55f0090799e35ab1756607eeba047a136f921ab74cfd29a4,2024-04-17T12:48:07.510000 +CVE-2024-26872,0,1,a9bfda89eb17e06571a6eba7d80ece3ffd0b982278ba91201578fb691766eba4,2024-04-17T12:48:07.510000 +CVE-2024-26873,0,1,c7bd7f693234cec8d748d86cbce63e6ff87185dd2e6f29b99677ea49d52c9246,2024-04-17T12:48:07.510000 +CVE-2024-26874,0,1,64e7c6c09f85c9db1e0fe6f6fa40e4d1fe9eca24383479b1e93bfe7e727e5f0d,2024-04-17T12:48:07.510000 +CVE-2024-26875,0,1,a9b3428ed47069547fa6de9d4782e3dfb509637618cb9144896359b4f5debe91,2024-04-17T12:48:07.510000 +CVE-2024-26876,0,1,98e8d12c98e4fba67b7304e61ada7bfb692323e324efa15e53086c842141eaf6,2024-04-17T12:48:07.510000 +CVE-2024-26877,0,1,e6a0a00f24e8a6aa79cced45e813a1d1aa9b95661b61a794d9e37790f12481c1,2024-04-17T12:48:07.510000 +CVE-2024-26878,0,1,79824a5f4592ebd97c2637aa2a2dd8ff9a0cb6fdb04feb328113e0a3e430532b,2024-04-17T12:48:07.510000 +CVE-2024-26879,0,1,5e173700db44d145cae4f3a41f46bd4b1582cef23f7c185e2548126f61be4319,2024-04-17T12:48:07.510000 CVE-2024-2688,0,0,4d2ee00fbdc8f698cfa2b48095538092c3008625057bbba0ed83fe0f8586af11,2024-03-25T01:51:01.223000 -CVE-2024-26880,0,0,5bef93dd03268d10edc9a8133e8cd852a49c08c8036e32fcb228fd74626ef295,2024-04-17T12:48:07.510000 -CVE-2024-26881,0,0,294f6b715ef9b835cea68104bd99915d907e83a862dbb07cce04b92380f96865,2024-04-17T12:48:07.510000 -CVE-2024-26882,0,0,aeb9721b772f734417a0a6c654c6bb561af1382e7f1fdf5ea89b29ebf62de646,2024-04-17T12:48:07.510000 -CVE-2024-26883,0,0,e50450480dc6446dcb4127480d62dd3693af3e51a2ce74a4453ade586d31f657,2024-04-17T12:48:07.510000 -CVE-2024-26884,0,0,53ea1412985e2b990f46a444c9ecb22e664779be0440398f34df42dfce8d368d,2024-04-17T12:48:07.510000 -CVE-2024-26885,0,0,f85a144b0656cb7b18a541c8c32cd7dcfd76c69ac8f6d33bf45e9bf09d9fb7db,2024-04-17T12:48:07.510000 -CVE-2024-26886,0,0,2082463402bcbb22f209416275d212c13f2eadf30c3ff78cc562abb7a3353169,2024-04-17T12:48:07.510000 -CVE-2024-26887,0,0,b0664d3cca238fdac585390adc3cf2f59c6dd59c2648295614cb88b0259fd402,2024-04-17T12:48:07.510000 -CVE-2024-26888,0,0,d933a1f7eb2d2ae6fe0442128150eb63a451d3df5910cfaa9ca2c7fe46ba3bd8,2024-04-17T12:48:07.510000 -CVE-2024-26889,0,0,1b2785de341edfe1f4d9b02cc10d697c1951f1bb19a35d3f209d772c77457b67,2024-04-17T12:48:07.510000 +CVE-2024-26880,0,1,36198ffdc01e0677e7d9564872af935d6a00e3bbe7535b8596df1b49ec3ae865,2024-04-17T12:48:07.510000 +CVE-2024-26881,0,1,e4ae5f018dfd5d7c80135a0c205d4b569aaca80976ea395c4458884350cd67ce,2024-04-17T12:48:07.510000 +CVE-2024-26882,0,1,1f66fc210011e0523ea5a24aaf78121e030203ea1f5875a1cb7e14d6b7a2d0b9,2024-04-17T12:48:07.510000 +CVE-2024-26883,0,1,1a4a7e29168186262713d2ce65f49e562ca136cccb9053bdd0c54e136ab1d71a,2024-04-17T12:48:07.510000 +CVE-2024-26884,0,1,fa0e2d4da2de7341d1600d9b0554c28ba63cfdbe8982789b38c1b25f516c0879,2024-04-17T12:48:07.510000 +CVE-2024-26885,0,1,ef980fbe22804d2bab02b9c8d681c6f83ba0ac45d959370c0775612027cb9568,2024-04-17T12:48:07.510000 +CVE-2024-26886,0,1,77769a316db88bc2d96850252aab0598ca088d70f07b3d2211b710eda4a28073,2024-04-17T12:48:07.510000 +CVE-2024-26887,0,1,ac9946572551cbb67df733b069673c9f5e6e8c8406db06b67c3ff93580917161,2024-04-17T12:48:07.510000 +CVE-2024-26888,0,1,290010afd627e2d426b888b404c90a262b5f70bde4d71c714271e5719fe1247d,2024-04-17T12:48:07.510000 +CVE-2024-26889,0,1,a613c7444357da0e653d52f4070b358dbd2b2a5e34f28ef2bef87916708fb75d,2024-04-17T12:48:07.510000 CVE-2024-2689,0,0,ca3db738ee48a3133b58c96e06b69010b9eabf8a8a2da4363a993adb771d8842,2024-04-04T12:48:41.700000 -CVE-2024-26890,0,0,10bd89231e59aaecf4147f67795516159e06595373d776903ee09b442b60b757,2024-04-17T12:48:07.510000 -CVE-2024-26891,0,0,6c4f6d3899f3643eb73452f54c91a113b4e9458c1b6c4aeade43f0572a938035,2024-04-17T12:48:07.510000 -CVE-2024-26892,0,0,09f26a589e0d964125dbf8df323e62fc9b35e04fccd2b7bce7c87880d9fbdf45,2024-04-17T12:48:07.510000 -CVE-2024-26893,0,0,4408500a013905f1f04e480c375a7081083330a8983b2f3a3607f530292ec699,2024-04-17T12:48:07.510000 -CVE-2024-26894,0,0,aae3df96feb3ee0630c9a947913949a932be4d6f6331978f8cb122ebdcdece71,2024-04-17T12:48:07.510000 -CVE-2024-26895,0,0,eee7e5f2e356f1f99aa106a185f2be7e4de403a9e1999b7f8ef6ec4a612284d5,2024-04-17T12:48:07.510000 -CVE-2024-26896,0,0,1af4d0c5ca3b15cfd94fcd29178671e20574b2806b9d632b98a99c8298f6651f,2024-04-17T12:48:07.510000 -CVE-2024-26897,0,0,3b5cb95dd93cf530f4e457fdbaf8b49179bc6b48829bec5034c491c406978efe,2024-04-17T12:48:07.510000 -CVE-2024-26898,0,0,6b6b6dfcedefa598b3c9b6a95feeec0e10511e16a0d0d1435acd2c3a7992f253,2024-04-17T12:48:07.510000 -CVE-2024-26899,0,0,6bdc5b46033439a97765f8f0763314428369b55db5023dee7f9ba1a0d0e0b1b0,2024-04-17T12:48:07.510000 +CVE-2024-26890,0,1,874931de3addad6ea21f74c391ccd4d961219eb7e2eb15552b52e8d6f987b881,2024-04-17T12:48:07.510000 +CVE-2024-26891,0,1,5179016ad47624a179492f8c7252f64c2641442e6879d1da27581d3918511bb3,2024-04-17T12:48:07.510000 +CVE-2024-26892,0,1,688376c4324ea6e95054950a543b4e29e1ce33115f8cd0779143841c3bda16b2,2024-04-17T12:48:07.510000 +CVE-2024-26893,0,1,1f6a9cc5570b4cc20166e056fbbe56ac59e2bccce9acb4ad6f8361f3f40f222e,2024-04-17T12:48:07.510000 +CVE-2024-26894,0,1,0f055d94c06d3a24c20636aa6705fcffac959c837c08942ab56cd6959d38c91f,2024-04-17T12:48:07.510000 +CVE-2024-26895,0,1,c8972a82d31bd91dfcf809f59ab0ab3231af306fb25ed8c870ea39f2401edf61,2024-04-17T12:48:07.510000 +CVE-2024-26896,0,1,c7f67bd677ed32d8b4a7649e5d29a65fac6c5af022bd8a34212a71825017e7f6,2024-04-17T12:48:07.510000 +CVE-2024-26897,0,1,7117225cc4b14afb8e215f34178f2e7fbbf7d760b8f5cf9bb5a56de8ddd95859,2024-04-17T12:48:07.510000 +CVE-2024-26898,0,1,bf5613a0c680fae60436ee7c3197ca9393f6a2e9ba0b2fffb805efeccb08856b,2024-04-17T12:48:07.510000 +CVE-2024-26899,0,1,0ff79ef12ef7fbee1b2b6602143a6d60d3083d00d7b8f9fcccf059ebcc974077,2024-04-17T12:48:07.510000 CVE-2024-2690,0,0,4c826b0268110ff7b23e3bd95d3e0dea47699c94cc2fb91bdb7e2a7eec48f946,2024-04-11T01:25:32.763000 -CVE-2024-26900,0,0,22394e084ee32a9b3600674102843c0b0efba2316efa39d81e551304214c556d,2024-04-17T12:48:07.510000 -CVE-2024-26901,0,0,23a7183909c3a4bed9f29677535c6e3cea182ed1560f1ad168dac65d807e1b3a,2024-04-17T12:48:07.510000 -CVE-2024-26902,0,0,0b7619316153bb8447cc5c788a19470f44e0aa1b18fcc418d1bf49c9a4f9c135,2024-04-17T12:48:07.510000 -CVE-2024-26903,0,0,fbca75d8604a17016b892725d2c67264936cc8a17e7b1e0463fd1a6f0915c1ff,2024-04-17T12:48:07.510000 -CVE-2024-26904,0,0,5d0cd33f5ff0b855435beaa76b168473fce5bbc7a20641b44e11f5c861f0d327,2024-04-17T12:48:07.510000 -CVE-2024-26905,0,0,b0566a4923e14f76d825605636c467399a244d87dfe56a7ba533efbb3f955fbd,2024-04-17T12:48:07.510000 -CVE-2024-26906,0,0,bfeaffd88d876f93b861a277aab40a05c478d1e95cde5f96df39dc0709911a40,2024-04-17T12:48:07.510000 -CVE-2024-26907,0,0,196e6c37ed34329b737eda8afe2dd8c74ceebbe004a420498f0437172d5e81c9,2024-04-17T12:48:07.510000 -CVE-2024-26908,0,0,036d1eeb99bf961611b0c57b4467675d6904316f14eda2b428264aab53946318,2024-04-17T12:48:07.510000 -CVE-2024-26909,0,0,78553c0f7a2ab0c4ccf0b0075ab3eb52d80c662d8610f1b3d947bb91418be913,2024-04-17T12:48:07.510000 -CVE-2024-26910,0,0,80a7c2539906c0ce210f77d3c245cced4d13c44206f6538252c8d532d60192e9,2024-04-17T16:51:07.347000 -CVE-2024-26911,0,0,057fc56fd3c0a5ca4da26cfc8c1b99a44f4224503467cf424a056f281bdc4a90,2024-04-17T16:51:07.347000 -CVE-2024-26912,0,0,bec21d63fbd2b2fc8402d9b0b469cfc12ebbe02fd4360ffa61a73457b56247b0,2024-04-17T16:51:07.347000 -CVE-2024-26913,0,0,281392fd135f39987aee87c9a47fd677ab44c40efd16afc393f1d9afbc8f0232,2024-04-17T16:51:07.347000 -CVE-2024-26914,0,0,7a265ae42e6a87eb5ee506e6233aac58c14f4472cf8f0cd673f0a60bf42dff0e,2024-04-17T16:51:07.347000 -CVE-2024-26915,0,0,b66146220dee4ef79812ee2ebae652f1db2f6c8484cc2d84b6eef908c4b22632,2024-04-17T16:51:07.347000 -CVE-2024-26916,0,0,1b7d6519b456456cc13ced872df5681175812cad24300356c0481a4b9f8ebcce,2024-04-17T16:51:07.347000 -CVE-2024-26917,0,0,27f5a047b9c747cedd8142786b13b4ba67d1f6176a7c474ed4ade9d34fdbe3ab,2024-04-17T16:51:07.347000 -CVE-2024-26918,0,0,e969c5e65c27c48161954ded29f513a04dd008bd660c330f261ba39a0cdecda3,2024-04-17T16:51:07.347000 +CVE-2024-26900,0,1,f933c224c9988d9f6164c664bf62993dc0ebd0af22da12fff4fa407d55a2349f,2024-04-17T12:48:07.510000 +CVE-2024-26901,0,1,5ab9972b1bae08115573301e384c09d8b3b612f91cf1f4e7848bc51d4d76085f,2024-04-17T12:48:07.510000 +CVE-2024-26902,0,1,65efea2b8c7e906d25af94e8bfeabd16275376de8b515f8723126539ab19d2aa,2024-04-17T12:48:07.510000 +CVE-2024-26903,0,1,d653e000102af3a60e1525918a0a12666f33011a7d5b2e290237d07b8d448d22,2024-04-17T12:48:07.510000 +CVE-2024-26904,0,1,7a90b402355c14dc87b5aae70c0b90ebea5f9f89858356757daa0d9b520a5840,2024-04-17T12:48:07.510000 +CVE-2024-26905,0,1,b2eb4233229c7ebf6d1f823188c91f6d5ec6f202c5b26a0cfddc918598c98c54,2024-04-17T12:48:07.510000 +CVE-2024-26906,0,1,ab0559b52d04a535dceb9e9c10280e22d32dc74dd6f462f3401a818acc49de6b,2024-04-17T12:48:07.510000 +CVE-2024-26907,0,1,016c0bc0efd50f297797a9cbc3318e33a26fd2e130fc7655cbf857f36300d753,2024-04-17T12:48:07.510000 +CVE-2024-26908,0,1,482c3c6707c792c69da228d0260c6fb6d496e8c5bf0dea89f1ea8a448642958a,2024-04-17T12:48:07.510000 +CVE-2024-26909,0,1,7e05c380de24c583e4d42c1bffdc3ac5155e29d1d8baaae3dd6030c0deecabe6,2024-04-17T12:48:07.510000 +CVE-2024-26910,0,1,d61b6925b87445d7a8700696f360314369e239ecd2ca796c8556d5c59f1482c7,2024-04-17T16:51:07.347000 +CVE-2024-26911,0,1,7280962d55c94804597f0107221ce40a24748725b662c8c591029beebd307ec6,2024-04-17T16:51:07.347000 +CVE-2024-26912,0,1,3e8c02510dd2e691821e9c585cf3195ff6bd671fdb1af4c73e511b14955750b6,2024-04-17T16:51:07.347000 +CVE-2024-26913,0,1,59f825a299e6afafe8c5e1be064228be30a61420f1cda371fb03c7bbf29395cd,2024-04-17T16:51:07.347000 +CVE-2024-26914,0,1,737600aa199a20f07827db5f917874dc5de3e1365dcd6ff06c65d76a5bfb19db,2024-04-17T16:51:07.347000 +CVE-2024-26915,0,1,112e868432c44a7e9f4f00a34b440c9887d74a8025acd19c134ac9b001ef49d8,2024-04-17T16:51:07.347000 +CVE-2024-26916,0,1,2aadfef41fb15a7072adb3073b1957815485b1f408ba914e4e418f4d3edad79c,2024-04-17T16:51:07.347000 +CVE-2024-26917,0,1,76ac629e9c8e03234b1cc0f2056c3a72474e19f6de790dc934c6f9ce7aac4a60,2024-04-17T16:51:07.347000 +CVE-2024-26918,0,1,856369cd1dea2e2c11af16942fbef9a6c4bc54310e835905719eaafb6e04f03b,2024-04-17T16:51:07.347000 CVE-2024-26919,0,0,8ce229e6f304423499a3d2dbc331713eb1fbfa99e3cc0b71da0db8b8b65f091c,2024-04-17T16:51:07.347000 CVE-2024-2692,0,0,aefc05ddca23ffc90de039367cc7fed9a06f50bd32c460cfe2bbf1c8645c8f06,2024-04-04T12:48:41.700000 CVE-2024-26920,0,0,8ad9dc4497d0ab325621ba9253d9bafe6f0648f6e0dcc53db528add7b30825c1,2024-04-17T16:51:07.347000 @@ -243769,7 +243769,7 @@ CVE-2024-27302,0,0,1d89d4e993b760e97bde0be7bbf0ab174b73b3040fcfa7b093617ace631fa CVE-2024-27303,0,0,450d9542da26a401d8f005b41e132f874f1ba7c3e0584547e2b3156afe4dd5b7,2024-03-06T21:42:48.053000 CVE-2024-27304,0,0,155072b4116a6c289f8b0a15c5da71f228ce1e237d59e0438c2b50d864bdf9fd,2024-03-06T21:42:48.053000 CVE-2024-27305,0,0,b3f2edbf169d953c39bcc940e16d0680bda3e4c24593a205df513ed3ad926817,2024-03-13T12:33:51.697000 -CVE-2024-27306,0,0,4b1e5a7a078e6d6cbd4c5991ca16b3b6e2e9fc05359de5fbae688a7990e8da06,2024-04-18T18:25:55.267000 +CVE-2024-27306,0,1,fb71884d90c7ff19fd61b7863e5255654a409450a1886b87e5bfcfb79014394a,2024-04-18T18:25:55.267000 CVE-2024-27307,0,0,0637b05d2a36e47d121bc1fe1beac809e09e2be90d0aa4c4cb901114110f37d2,2024-03-06T21:42:48.053000 CVE-2024-27308,0,0,2c1853ceb0d45fb092e9c133d6553571b7b9f8a855fc6b4950edbdaad595214f,2024-03-06T21:42:48.053000 CVE-2024-27309,0,0,4093b9f2cbf928f26e9937b5de3222826640db2cf36c920423d7b5a351b050a1,2024-04-12T12:43:46.210000 @@ -244002,7 +244002,7 @@ CVE-2024-27956,0,0,f490f7ec3bd48189a1ef57af88670e81296dde010b86c5edf00de693d7370 CVE-2024-27957,0,0,3bb51417dd78fa81cd8d3e079ab9ae6ed1b9709468847cb623b9c9568eef40f4,2024-03-17T22:38:29.433000 CVE-2024-27958,0,0,3c69427bef710d3f7bb781ce81b405984dd58d08367be619f590c223ad730fd4,2024-03-17T22:38:29.433000 CVE-2024-27959,0,0,b6158d09fbe57e466eaa147e639a460dd447ef6efe99a61800919c1426ccc29c,2024-03-17T22:38:29.433000 -CVE-2024-2796,0,0,7b406902d60c4d87b4e7db70aff64e24ae7a5cfe760c4115c2a5af7ee6d8bb0e,2024-04-18T18:25:55.267000 +CVE-2024-2796,0,1,40f83fb33f4fa292a363b62c84df176246a04da8a7040a6965ddecb98d4131ac,2024-04-18T18:25:55.267000 CVE-2024-27960,0,0,f24cb349f10cfa74e91704c4186cd8ad2d36e2e6ec0ef021d33bdec9575a5822,2024-03-17T22:38:29.433000 CVE-2024-27961,0,0,f8aa7d138d3bc8c32b44cd00e2345672372b1720c63bb0bc0998e3ab4b908ae3,2024-03-17T22:38:29.433000 CVE-2024-27962,0,0,17f6594cb4e48407b3b28a4d52db42d5a531934fbaefcd58b5c585ffd5201450,2024-03-21T19:47:03.943000 @@ -244069,14 +244069,14 @@ CVE-2024-28048,0,0,e5666138598204bcf10d324dcf85f36b61e34128f66eec1b98b8c785274aa CVE-2024-2805,0,0,b716a0be9d686db91f4e797182c535ecb0361ceba2bba02f8885c7766c74660f,2024-04-11T01:25:36.617000 CVE-2024-28053,0,0,c90f3b62964e2e2422d9b5798f17f1825dc5ae41ec90f71b2b9fe7b9e8ea4a14,2024-03-15T12:53:06.423000 CVE-2024-28054,0,0,b289eaa8f221cef12d20f4d7c4d850be722c706b733d8c81d770795eac46dd81,2024-03-23T03:15:11.510000 -CVE-2024-28056,0,0,99500b3efc31f5951355ec56db9a05bab2911542c0234eef3472695cd765c2cf,2024-04-15T19:12:25.887000 +CVE-2024-28056,0,1,90e95402cb85f2ac6aeb96939956a4b0fb83eaa680280e3c7780943b8521d648,2024-04-15T19:12:25.887000 CVE-2024-2806,0,0,86da03f45e17e7d7cf77aea07f4886347bd9129b7e750be463d613678690ddc6,2024-04-11T01:25:36.693000 CVE-2024-28065,0,0,9c3c0973cec8416a73aebaf79d96b27bfde387bdfffa9e02e29e42d0c5bd8070,2024-04-08T18:49:25.863000 CVE-2024-28066,0,0,8d264de635ae9c8dc6d41b6ed16f7f85828f585eea298ce9fb065b16c33683e3,2024-04-08T18:48:40.217000 CVE-2024-28069,0,0,99a57a9955c5ed5463e7c560b95e0a17dfa2789ec3c024f2825003d476d4b80d,2024-03-17T22:38:29.433000 CVE-2024-2807,0,0,389dec77d863d88d0729c3b21a13c4f638dbaad2d7ffdf5a3bec6019fd1a7b1b,2024-04-11T01:25:36.783000 CVE-2024-28070,0,0,c8eeec88fa6e3b91036a4eadc63dd921f090ad52309176e7af22a570b911aeac,2024-03-17T22:38:29.433000 -CVE-2024-28073,0,0,11595a1e096ea791c7b3c722c3e27da07919e96619a7c3a0a6fbf6f73647b227,2024-04-17T20:08:21.887000 +CVE-2024-28073,0,1,cdb5d61cc6a19952dccba6c20cc81a1525eeb0c1fc701ee23bfbd240d2d310cb,2024-04-17T20:08:21.887000 CVE-2024-28076,0,0,573150dd6c1cd2ebee3e74b864dba3fbe351c8f7cfb57fda1c213b0f2a3aeb0c,2024-04-19T14:15:11.080000 CVE-2024-2808,0,0,c3ed3b9e68948cd880b53f1e926f321cf4b47941f31cc49bbad2cbe5e609284b,2024-04-11T01:25:36.883000 CVE-2024-28084,0,0,e855eaf3201adbee7f29bca688e63324787cf32844050753a9cd1965f8c4b542,2024-03-23T03:15:11.583000 @@ -244093,7 +244093,7 @@ CVE-2024-28095,0,0,55f0c9ca55734306dad9b000036f19300cb759200cbf27bc2e0808bc98139 CVE-2024-28096,0,0,c61bfbcdafe9c72a911dc2b9fa25248c77d2753eaae3cfa3806cc4e751524d44,2024-03-07T13:52:27.110000 CVE-2024-28097,0,0,c618878c99b34fd8d31420ae44abb12ae83449d0b290aac2102b5c17cfc5caa5,2024-03-07T13:52:27.110000 CVE-2024-28098,0,0,e6bafc5c1852b134e115137ad3427dd38b064af4ce40b8aa45bfc1cdd7573337,2024-03-13T12:33:51.697000 -CVE-2024-28099,0,0,3e16bf0ceeafdb797a4b04e209ab62e99a0f0c1d7ee08499216886aaab8a00e6,2024-04-15T13:15:31.997000 +CVE-2024-28099,0,1,73e4b6f4e302601dee04aa1fa8e82b6137bc81ff22a37186241bc9bd72ade4a0,2024-04-15T13:15:31.997000 CVE-2024-2810,0,0,f8525aab066cef96448d7a4f835bef835d854a502a79434fb25e0706f36979dc,2024-04-11T01:25:37.083000 CVE-2024-28101,0,0,01541a2740ce2ffbd34e7de916ee530e34d9051f1ee53f417345ced9c3bece74,2024-03-21T12:58:51.093000 CVE-2024-28102,0,0,dd908b176fa8700f78af6b8a5980e30508069b806d1be433d10a42940d9f6918,2024-03-21T12:58:51.093000 @@ -244155,10 +244155,10 @@ CVE-2024-28181,0,0,6fe6fc40aea923ab45a31104eec21bd5517ea3b5ecb606b759ae10c9ef55d CVE-2024-28182,0,0,4948b0626bb9b4fd1e6576d7ee827606db85f26579f7716da641e473fd557c9a,2024-04-20T03:15:06.970000 CVE-2024-28183,0,0,643292dec7e2c62a314435936df2f6b3b26afeacc823e8335f2b17ff913aa8e1,2024-03-25T16:43:06.137000 CVE-2024-28184,0,0,477afbf0dc7ee8d9429045c75878ff2a88abaa5598b6ce7fba2a5f1850b6b613,2024-03-23T03:15:11.827000 -CVE-2024-28185,0,0,d87efe7471bbfa75b8691eb86ddda05b61ac877ce0babbde37d84e1051af063a,2024-04-18T18:25:55.267000 +CVE-2024-28185,0,1,cc2656652c1c44ec17bee34b644a1576f8f10c4a5ea602e72e56b5ef658adb53,2024-04-18T18:25:55.267000 CVE-2024-28186,0,0,bd19020fb98c7e49f4ae9534406a8116ce29f7f2cd9253fb5db74e8880c2331b,2024-03-13T12:33:51.697000 CVE-2024-28187,0,0,622ab766d3601fab3d937cf5c750ad7e8af82148d21dbe4188ae92a13fa234a3,2024-03-12T12:40:13.500000 -CVE-2024-28189,0,0,56b44868f734e8a8ed34ad86d8bd2c318372612a95dab9cfd1fb98e1a5531b9a,2024-04-18T18:25:55.267000 +CVE-2024-28189,0,1,81f2925164dd5d7cb7d7cd90bc40ba60ccfbc64e4e9f4b5759a687a558709439,2024-04-18T18:25:55.267000 CVE-2024-28190,0,0,12748f0d1d96c1dd12a55a7d01d52ecfa2471e70f938533a65cafe7ab3067955,2024-04-10T13:24:22.187000 CVE-2024-28191,0,0,853b71b5fbff382cadd88b4aabffb5ecf2befa7c0c649d2de50031fa606cbe52,2024-04-10T13:24:22.187000 CVE-2024-28192,0,0,b174fe16c8c5d79ad271f4d2c9a4367f27378fbad36778038489438c03ab1c5e,2024-03-14T12:52:16.723000 @@ -244419,7 +244419,7 @@ CVE-2024-28878,0,0,fe5b4dea6079affbe530b6afc0ec6cbc2c58efa98e54aaf61e9565b0ce454 CVE-2024-2888,0,0,e48cc71bf8d96ab718c88bf59dd81f25047204b13c0446dd48014e6c60fc42d9,2024-03-26T12:55:05.010000 CVE-2024-2889,0,0,047900621574a9797901d8767443e859750a2765d7b4c1f50c805ec45928b2d3,2024-03-26T12:55:05.010000 CVE-2024-28891,0,0,d3e45bd47b45b967827b685dc5aca79c502a599b4c4b2ae06f1259844016862c,2024-03-22T12:45:36.130000 -CVE-2024-28894,0,0,ddd18a0441845ea004b72739c2ff0726dba0b95ed7974222c17c2fa2ccdf65b7,2024-04-15T13:15:31.997000 +CVE-2024-28894,0,1,139b37292842325266e36fcf501a8211453c4135dbf7a79b4d495c356e7cd07a,2024-04-15T13:15:31.997000 CVE-2024-28895,0,0,e719d13135e97e941113ab974fe7dd84c43c28aacb52b0a20894b149f6e995bb,2024-04-01T01:33:21.910000 CVE-2024-28896,0,0,286c9b14277dfd3fb198ad35d3d66add8da721df3cae192b0956bb3da3951188,2024-04-10T13:24:00.070000 CVE-2024-28897,0,0,0a5ccdd1042b8db9d056fbeeae5a0c8cc4acbb19abca5fd7375a157081a30561,2024-04-10T13:24:00.070000 @@ -244476,7 +244476,7 @@ CVE-2024-28945,0,0,b08e2cbb1c7a93b1222ebbf8aa1a37e80f7f024f6c88fb0439aa69284f048 CVE-2024-28949,0,0,4edf5d325effaefea897e8c73e89e2e83493d64d37f4fcb7d9633b3c6ac5712c,2024-04-05T12:40:52.763000 CVE-2024-2895,0,0,d61a8f2e21d910d4ee1cce78240b172700d6d37b7338513222c6ec123c5cf7f8,2024-04-11T01:25:40.127000 CVE-2024-28951,0,0,c59d22693a6783914cb02db5be2e1a6f5b0c6277d54a6ec5614d046ef86ffa02,2024-04-02T12:50:42.233000 -CVE-2024-28957,0,0,272509f9dfb60cf65e23bc83dc67bb9d3dca7af87578388ac3ebab13be804f6a,2024-04-15T13:15:31.997000 +CVE-2024-28957,0,1,a169098a05ac68c39610a9d0c21c80f908b4c73fb6ad140d0292417789484670,2024-04-15T13:15:31.997000 CVE-2024-2896,0,0,5de59d7245da47f589f3ef8b760f3f6474bf3327cc8f382548cfd383506a8e1b,2024-04-11T01:25:40.217000 CVE-2024-28960,0,0,e8dbeb1ca04aba553db6ad0a923d45f708fa651bef11fd340f54cf32195f3cfb,2024-04-19T23:15:10.657000 CVE-2024-2897,0,0,845f7ba04cd28c84698eb0ec67ce51aa02df2e982261e886754cbe95c0546759,2024-04-11T01:25:40.303000 @@ -244494,7 +244494,7 @@ CVE-2024-29018,0,0,a31ea156ee4a30b6d7535cfe30928ed9f90e655143b9cf9c902aa0e59ea88 CVE-2024-29019,0,0,fe2de4afc3940e547c647135fa914dde2bc9fce5b46dec96e6b4c47b6599bdc4,2024-04-11T12:47:44.137000 CVE-2024-2902,0,0,2d02b49d0a0f4faf9868b4e8f1580c2d8e78273885ff259f71459545682341a8,2024-04-11T01:25:40.740000 CVE-2024-29020,0,0,09b8bf1bab85d116480c11745c3336d8516989d8662545abc8d0da389a848945,2024-04-01T01:12:59.077000 -CVE-2024-29021,0,0,5b921c0c481c2be01ac9dde4b3f1e743b0f0e860ecb4dbcdc80f49a30ea29be5,2024-04-18T18:25:55.267000 +CVE-2024-29021,0,1,456c09464e4f95665d704dc4e093723601c54deee0b072b36b2d708a61f0e8dd,2024-04-18T18:25:55.267000 CVE-2024-29022,0,0,4db19a3f2419aaa80a88ebcbb0e457191b072f3fcd418cd9e058914c4af75d81,2024-04-15T13:15:31.997000 CVE-2024-29023,0,0,d903e95cdcdb4595e1169062d882080dea4ff3e1a9b90bac61480e111ad31319,2024-04-15T13:15:31.997000 CVE-2024-29024,0,0,956c59560b7cf752c83fc101e3db1baf7896ab3619a15c2cec1bf122c43cd6a6,2024-04-01T01:12:59.077000 @@ -244509,7 +244509,7 @@ CVE-2024-29031,0,0,7f58d37a0fe973dfcea39547446f82cfc81d56a030b41fe804de053f1e911 CVE-2024-29032,0,0,78fb5ae8fdb3215820717af14451506f7824bc56ea1614b90c49b6da721a3f03,2024-03-21T12:58:51.093000 CVE-2024-29033,0,0,694c41411fa81b38cbf901fb2f9c4555d6c7b4e299d5d6ca44ed77d5d7f5f99d,2024-03-21T12:58:51.093000 CVE-2024-29034,0,0,abbcb2dba15b8f4921d05a8db211631f1cd87e65f2de49321a196077424f0e36,2024-03-25T01:51:01.223000 -CVE-2024-29035,0,0,e900165b8e1de871fc3dfc2b080311017ba44ba30c2b20f848c8969f56f7b3df,2024-04-17T15:31:50.160000 +CVE-2024-29035,0,1,21701c3dd0407a32f3860c33eba458ab5265ec3a8caf169794b15ed3942b0b5e,2024-04-17T15:31:50.160000 CVE-2024-29036,0,0,f20370765a1c49d0a0bad775fe00268f4f8d50d24ef66d07a4f7dc0500570ad3,2024-03-21T12:58:51.093000 CVE-2024-29037,0,0,d14590394517ae3abb6cee2c5008c5f9a159ea7cb5e3f1665632e06ebb11aadc,2024-03-21T12:58:51.093000 CVE-2024-2904,0,0,ad94cde058aa186716aa9a9e0abda85712b8f6121542c812afe32aed48147ca1,2024-03-26T12:55:05.010000 @@ -244523,16 +244523,16 @@ CVE-2024-29047,0,0,caa5c4d2d0f1bf304a4ee6216a36e2941161e0820c7a8b8276d73d490e44c CVE-2024-29048,0,0,95c20ac7de8bc227c17638fc56daca89aa86872041643304379a7c60cc8dac12,2024-04-10T13:24:00.070000 CVE-2024-29049,0,0,98b5dd33fb953ac1a2154bc311144d3dc2c9909067218ab4461517f82cf5b6e3,2024-04-09T17:15:58.440000 CVE-2024-29050,0,0,b81f6cf3efac23ad29fb0ec76c4ddabcbf2924e0345ac83e98aface32c2a7152,2024-04-10T13:24:00.070000 -CVE-2024-29052,0,0,8baaf625c18ac9f1ef2c4e663966f2220f841c4e9f88900d8fdfc1e431c0b1f6,2024-04-10T13:24:00.070000 -CVE-2024-29053,0,0,471c6e5251806e83b0549ac60349aa965c82a65f766ed16f5ab804a043cfd87c,2024-04-10T13:24:00.070000 -CVE-2024-29054,0,0,9c8bb63335b4bdbeccacedcc7a5d86757aa0928570c204d1d2daadb453b24b5a,2024-04-10T13:24:00.070000 -CVE-2024-29055,0,0,3445b0211831595bf4855fcc998d05e20092c56a85048071ba01ea078e1869e8,2024-04-10T13:24:00.070000 -CVE-2024-29056,0,0,59e4a201e827c9d4ddee55e826858fe99fa43e081c8d3803a7f9f3af32fea6d8,2024-04-10T13:24:00.070000 +CVE-2024-29052,0,1,9420b1ae7e90dd1acfc7cdaac9046557a2de2a3786dd73ca82d15f399613dda9,2024-04-10T13:24:00.070000 +CVE-2024-29053,0,1,697fbabaf9facdb0a00abec112c7dd524df1d041a7d2e72ce266e3893d05d84e,2024-04-10T13:24:00.070000 +CVE-2024-29054,0,1,673e208362aaa2bffd770f32f1b71b6f8bd8f1ec9c1d8dd8063b6abecaa01d89,2024-04-10T13:24:00.070000 +CVE-2024-29055,0,1,e9fe39dc2dd4caba8b085ac9cdcf43528a046debb329feb057fe266fe66547e6,2024-04-10T13:24:00.070000 +CVE-2024-29056,0,1,8c811c767e3a90a0ea6d3942fee710704b40587d4ed2e82ddf7cf395f0a756fa,2024-04-10T13:24:00.070000 CVE-2024-29057,0,0,1a7d236424310c38bf79fff65250ee548fa2fb68d692d6ba086f9244a484a161,2024-03-26T03:18:48.760000 CVE-2024-29059,0,0,d93ec606be992e55fa01c28ef1ad5d3cf38a06f675d6b6e016fe3fa040aeab38,2024-04-04T22:15:09.033000 CVE-2024-2906,0,0,7907d5a5cd3460f6f133374b708901f61c1d81fd1b49c6a2c33ea92916afc2fe,2024-03-26T17:09:53.043000 -CVE-2024-29061,0,0,9a84b2fa53241053529ab7c7923670b025db4a34c5978d7081a5a0e488bf1dc6,2024-04-10T13:24:00.070000 -CVE-2024-29062,0,0,aca6985c8b36eeb4c7255030efc95c15b663af6c314c31265729ece46da72913,2024-04-10T13:24:00.070000 +CVE-2024-29061,0,1,0e26675da5b8b19c960a0b5531d49ab989ad81088e22e9881162327e04855373,2024-04-10T13:24:00.070000 +CVE-2024-29062,0,1,4039e6b96e75b35756d0ae5e495115fc06020359b7d4ba01efde13442f9b2e67,2024-04-10T13:24:00.070000 CVE-2024-29063,0,0,9dd92692e86c18107436ef4a5c609dee7af8a065ae51bf02187ee7cc8285048a,2024-04-10T13:24:00.070000 CVE-2024-29064,0,0,6a31c4be5cdf5b4136f98ebcdea18ed590cfcb656650a646fb3bcb2e2a9235de,2024-04-10T13:24:00.070000 CVE-2024-29066,0,0,b033dec16249c47216f72affbb210c8ed478f17a804b8c831619777a2cc5b7fc,2024-04-10T13:24:00.070000 @@ -244630,8 +244630,8 @@ CVE-2024-29203,0,0,132c3d83e906b655066bee1fc4d3f90e18def73beb9178e8cc6662be34f71 CVE-2024-29204,0,0,ec859d0e8fa3a1772fb0be403427e1a00a2b3fa2a9c0decec9ddc0392ff924fb,2024-04-19T13:10:25.637000 CVE-2024-2921,0,0,6f7f3b512cf8e7465b0aea1823cce56bf608a3c1f40869feddab084c3da126e6,2024-04-09T19:15:38.423000 CVE-2024-29216,0,0,59c06798795d05e391cdd301154441d31362295e800c3b46a2b7bd83a3e2dbc0,2024-03-25T13:47:14.087000 -CVE-2024-29218,0,0,534d5e5cd011d00ac4ec7ef6f7ea20330c5dcb3ce76fa1cbb0c5b3262c626826,2024-04-15T13:15:31.997000 -CVE-2024-29219,0,0,f783c6071e02ef1e56c5a473e0846149e2a187801005efbe6cc231dafdbaf2d3,2024-04-15T13:15:31.997000 +CVE-2024-29218,0,1,671653d28334eb1b29de221436a2464edfec5acf42885adc45ca7b102375c361,2024-04-15T13:15:31.997000 +CVE-2024-29219,0,1,4481109cba1c43e8c57c43af416b7ffd0dce43a288900ab9b937cea0ab69c2a2,2024-04-15T13:15:31.997000 CVE-2024-29220,0,0,1b65a8d6c350605472de3d4a64b6e0ccc843853d705695d9c55dd012b24dc815,2024-04-11T12:47:44.137000 CVE-2024-29221,0,0,5b9bc923efd821827e4ccdc23f19bce61ce6bc08809d3d2c26ee85f72d1e2770,2024-04-05T12:40:52.763000 CVE-2024-29225,0,0,a6cc20b79c51246e02458e8af6d1ba48add09d07b0dc74d5ff710efa51c99a1a,2024-04-04T12:48:41.700000 @@ -244736,7 +244736,7 @@ CVE-2024-29504,0,0,0d65a25fe5a416a240505601ef6342ac18259cd3d27cbe77fe65455a306d4 CVE-2024-2951,0,0,7025f71f619ebfb5f00b29e3d72fe62bb5f0ea0dbfe92a58b33e63352aa0779c,2024-03-27T12:29:41.530000 CVE-2024-29514,0,0,2d6d3d0a4ae4b5ae40dadfbf4537d707f35bed7e85002b6d4e3d8180d6408f0b,2024-04-02T18:12:16.283000 CVE-2024-29515,0,0,79c9f65757e49bdb19c4dcff88d6ba2d524b1951e790ac90d5ffb4f302abcf45,2024-03-26T12:55:05.010000 -CVE-2024-2952,0,0,3499c19ca9cbbe9ffb8f369814c311f5450dda3f5339e1358cd7207fa2414380,2024-04-15T18:15:11.027000 +CVE-2024-2952,0,1,faeb1906efee3b92a2f71ac271a2126863489b08c25db3ee495ea566aa1716e7,2024-04-15T18:15:11.027000 CVE-2024-2954,0,0,297c9bf8798d95f9e2afa5ec16629f7d540183d0c516c52354e99c26b91889b6,2024-03-27T12:29:30.307000 CVE-2024-2955,0,0,8ad7db9c0b26dbbc700a371622c4d451c5174086afd5102a6a5729ad29305872,2024-04-19T23:15:10.910000 CVE-2024-2956,0,0,1f998613263914bb93c36fc6850584cdfe450d6dc26811c07d743b16483d0fc7,2024-03-27T12:29:30.307000 @@ -244945,7 +244945,7 @@ CVE-2024-29947,0,0,404b741ad74b72a5c64b5b398cf3854dad20f87fcc6b108acac73a5b50a2f CVE-2024-29948,0,0,6b1d30acb0dbd07b9c2736b474e04bb8c45091d15b65405d56f353e5b8df50cb,2024-04-02T12:50:42.233000 CVE-2024-29949,0,0,2c66313a6c0e08be78f3175b6236e7b43ba69f970bb136fedf0178adbd27c000,2024-04-02T12:50:42.233000 CVE-2024-2995,0,0,c87d76122714da8733dd7ff61010b11be1c71aaeaf58b39102c125532e66911b,2024-04-11T01:25:44.730000 -CVE-2024-29950,0,0,4f55f4765dc732e5e5a2daa4589744a2dced20d7b31c8e7e2379aabe94d7be56,2024-04-17T20:08:21.887000 +CVE-2024-29950,0,1,59d0dc7b41788e98cd313b2897de3b183cd3675df6f723ff671afe20bfa20432,2024-04-17T20:08:21.887000 CVE-2024-29951,0,0,6925a52af5105d475e345d844926848365b048c62a2d3f697034b8967d354270,2024-04-18T13:04:28.900000 CVE-2024-29952,0,0,a080202dc3806a65e4bf2066cba6f0509ab2487b03cc3575d217fb6ebe9d555c,2024-04-18T13:04:28.900000 CVE-2024-29955,0,0,47a53812514a7578906cfe4f12e13f4ef474d0421763eaa923aee25ceff7b533,2024-04-18T13:04:28.900000 @@ -245036,9 +245036,9 @@ CVE-2024-30215,0,0,ab2bb7d1fb5a1429f982c34c6c343c5bdb990b01f1c65a84e0f966e88ca26 CVE-2024-30216,0,0,b2a60633096c48481bfba33a475cbb1ec9bd028014eb767b662e1172ca558cda,2024-04-09T12:48:04.090000 CVE-2024-30217,0,0,087a63819064c1c33ea0e545c53d87168995546f6e15f5d7be47bfdca70c5f13,2024-04-09T12:48:04.090000 CVE-2024-30218,0,0,bbafd02e57188641c828b4e11afc10b08f46d298d16560a41cdffe88fac7fd66,2024-04-09T12:48:04.090000 -CVE-2024-30219,0,0,ebc529e3e71783568c90456403cd4396a3bf59957040daed7405a51c545e3fa2,2024-04-15T13:15:31.997000 +CVE-2024-30219,0,1,87b706a185c303bc5fd32fa317293d89a396870464a9defe0de715066d2ff3d7,2024-04-15T13:15:31.997000 CVE-2024-3022,0,0,f291c8130c561158256d7e5f236acfb4472a78c940a59eb4c1d015abd789d2b5,2024-04-04T12:48:41.700000 -CVE-2024-30220,0,0,c1642304b19e2c7726e5bdf1b629e82e763a54af7c6addc5c94952954d31be6b,2024-04-15T13:15:31.997000 +CVE-2024-30220,0,1,017ecf65c0e6a0ee49a81035cd1921d86d05131fc7b8d4175985c322bdc6797d,2024-04-15T13:15:31.997000 CVE-2024-30221,0,0,8c33faec8eecbd1bc4775ea7d226df03d8dec1186991b9fb17295c2b460f3a49,2024-03-28T12:42:56.150000 CVE-2024-30222,0,0,16d5c6200c88be9ed99126042f393681469af79a0a1fab7e0ddf18cd42a248eb,2024-03-28T12:42:56.150000 CVE-2024-30223,0,0,49223d6bf313bfaa9ef84d3620f1e228ce685b884b7a52aeb03dd202e977c8f9,2024-03-28T12:42:56.150000 @@ -245072,11 +245072,11 @@ CVE-2024-30249,0,0,451b2c460cd6450ccb8d45163cd4b39626000415a50759617fe824cc41f1f CVE-2024-3025,0,0,8f65da18c12ac2b9f0fbdef6115d8c1608e2a0f522d6bb739e0077c2bf373071,2024-04-10T19:49:51.183000 CVE-2024-30250,0,0,7d7190ab371d67395f89de2896d196b17971bd285635e6174ece380a3b4a83b4,2024-04-04T16:33:06.610000 CVE-2024-30252,0,0,59aa59bf0614386f5ce7a2cd6586bb11dd88db615deffea62f6d5f63b8346c78,2024-04-04T19:24:50.670000 -CVE-2024-30253,0,0,8ad272845919a35d35dc1d445f0fd460aafe050f46bffc7db609fdad1265db46,2024-04-17T15:31:50.160000 +CVE-2024-30253,0,1,1ad6ff6b2ec25e88fb200b9b505150fb4aac2c1d6b7923aaafe2e619aa8f2a52,2024-04-17T15:31:50.160000 CVE-2024-30254,0,0,ca73d473f0415036087aca2c59a68335788468b11a20b2908935567766161388,2024-04-04T19:24:50.670000 CVE-2024-30255,0,0,7a6027ee928c41155eb75584731055507a485cc638e26b6a9a3843b7b8e81c23,2024-04-05T12:40:52.763000 CVE-2024-30256,0,0,a37c28d8d8386eb524a9902aeb2d5e5078617fcd2b83be17321a99057fcfdfab,2024-04-19T17:15:54.707000 -CVE-2024-30257,0,0,6c27b7c4fdf3b57ff82b89b74084473760a7e09dd12b46e6c54d5f4f8386158d,2024-04-18T18:25:55.267000 +CVE-2024-30257,0,1,2377f0bce8e6743e82f9e83d4d3fe6517fe5f2bc87edd16371a41958f86c07f7,2024-04-18T18:25:55.267000 CVE-2024-30260,0,0,82274cf73c39f8e2b6363f86535dd2dccf59e33d072f43ef5512b41a2b8a43c1,2024-04-19T23:15:11.047000 CVE-2024-30261,0,0,166fe7ca1c2db8755b6f93e08c72588a072cb06e59fb2e806092ba03f1e2a3f5,2024-04-19T23:15:11.137000 CVE-2024-30262,0,0,1fa25a25356aeafdd2a6a2236d1119dec7ce89cccfc2e5ccf2d342cf39a19bd5,2024-04-10T13:24:00.070000 @@ -245263,11 +245263,11 @@ CVE-2024-30532,0,0,357b3cd0362ba41f527f4c50b79023773ef0743103703dd0647d41de653db CVE-2024-30533,0,0,79210a276c197ef0c96ad47c4fb12b67135bbfbac578e6cbb91cd58ced29019a,2024-04-01T01:12:59.077000 CVE-2024-30535,0,0,44cf559c2f239523454379743fc839df0944a89751d0feea3aa49546c20c2f6f,2024-04-01T01:12:59.077000 CVE-2024-30536,0,0,8b71121133ca2bd2e4e447453aa973175f5a1f5afa02099ef20cc2e88af30470,2024-04-01T01:12:59.077000 -CVE-2024-3054,0,0,4fc42fe938e7c71f71ac1f82e4f0a92005b6bb10b20ce498da1f8f76df08d136,2024-04-12T12:43:46.210000 +CVE-2024-3054,0,1,926125286f908d4e62beb1186f52b352009c6bf9873091ee97e35e312c717661,2024-04-12T12:43:46.210000 CVE-2024-30541,0,0,d78a79d3d88afd14cd20c527bfe41ab0fe37668194e235410187bd48d18e8829,2024-04-01T01:12:59.077000 CVE-2024-30543,0,0,de59888ed56e637b17c319241a16835129df317d943b40d1e6d9bcfa3e0bf401,2024-04-01T01:12:59.077000 CVE-2024-30545,0,0,6038867d67c995e883a86525490f0f271cb5fc6f4f0e3fedf213a3bc0350dc09,2024-04-15T13:15:31.997000 -CVE-2024-30546,0,0,ed977fe60c6e7a7025ad2fa518c07efb500820207dddc22fbc561dabcf335b8e,2024-04-15T13:15:31.997000 +CVE-2024-30546,0,1,4af9d439135e31aee32061977c70bc8d2bc207778dce4d3c2778c470fee78f79,2024-04-15T13:15:31.997000 CVE-2024-30548,0,0,88bd7bd1cf2d1002ab9e155734df5d96b2d8cfbbf5bd9c13944c64553d3e002a,2024-04-01T01:12:59.077000 CVE-2024-30549,0,0,3b000eabddfac91fb8c01dcfe77aeb3c1c87c3fa8eedeef59a0ce2043b668aff,2024-04-01T01:12:59.077000 CVE-2024-30550,0,0,e9fcbaea06e77b6edd990cfb38477c219236536aa9d6b50ab8ead2e35b56f7e4,2024-04-01T01:12:59.077000 @@ -245347,7 +245347,7 @@ CVE-2024-30663,0,0,389a4d6fbcedf1650843d47373664a20a831bf84258e54b129c5846e59aba CVE-2024-30665,0,0,3f695edd1e72eb443a740aef3fbad69f618e99350100ab838b4c73d06b2cd9fa,2024-04-17T01:15:08.010000 CVE-2024-30666,0,0,0d3ef8cfc85e5ff24ffc04b9608f814ebf69d0fee6728f8e86fd1a5651c999bc,2024-04-17T01:15:08.063000 CVE-2024-30667,0,0,b34af94390a480d37fac45c6f18085a47b08b076475bdfd12c5edf2b7032fbf6,2024-04-17T01:15:08.117000 -CVE-2024-3067,0,0,e9b1bebe389d4e514e7a9a61bf198949c5e392a49f5a0c35c052cf2a541b472e,2024-04-16T13:24:07.103000 +CVE-2024-3067,0,1,583df5bf9514ea78fe346bb52f08143b4414e3b07f49a1ca00cb0a4ce95ab3f7,2024-04-16T13:24:07.103000 CVE-2024-30672,0,0,21a7acac87d2910f58d956dd2a9e74d0ae726019f37c821a2970b628587b3d1f,2024-04-17T01:15:08.170000 CVE-2024-30674,0,0,a1449c2fcf0ba16ad3e356fcb957a27686d489e53286578459faa6029c16eed6,2024-04-17T01:15:08.223000 CVE-2024-30675,0,0,57aa3f2485756b52840d41b9ee07c4bdd5176287cdb2b12e4ff1d9b9e22a91bc,2024-04-17T01:15:08.283000 @@ -245364,12 +245364,12 @@ CVE-2024-30688,0,0,79739bd9f2d4df545ff015f26d898959a5b0ecb38d4d6666e06fd38c69750 CVE-2024-30690,0,0,140a6aa982a7c8e97b8b62a6a53e1b1d7f6388d33dda3e6ff0e96dea7677fcd1,2024-04-17T01:15:08.980000 CVE-2024-30691,0,0,8c05019cb96b7089b3bebcb3edcc019e24a46548532893ddc2c0e397f82635fc,2024-04-17T01:15:09.033000 CVE-2024-30692,0,0,06ca4d2ab37709f6ab9bf0d85e3573d1ca79815c7ecaae46be13ac66b56a3ddd,2024-04-17T01:15:09.100000 -CVE-2024-30694,0,0,3099e365af6a2c20fcdaa1beed13525701c0a4995b3ba87662b83651d5c7b416,2024-04-17T01:15:09.160000 -CVE-2024-30695,0,0,7775c65b9bf7cfc01e45de81af98531676ecde1914330362c254d870e6aeb882,2024-04-17T01:15:09.217000 -CVE-2024-30696,0,0,5cfb0bebfff5be81b08a66ffdb308cc0d717f7bc78842763dbd36b60ae1cf853,2024-04-17T01:15:09.273000 -CVE-2024-30697,0,0,a33b26a0decfcbab9179239f13c3a84734fd06638ab06af16b814f4f2a89c8b2,2024-04-17T01:15:09.330000 -CVE-2024-30699,0,0,33f0494142c66f999e1fc060019cb3357e23cf0f0f9cd0178e36e3656b4b0b3e,2024-04-17T01:15:09.387000 -CVE-2024-30701,0,0,d9e2f0824d5dd83e892e3ce43966cf2bdfbd3fef00786abfd3aa6448290c070d,2024-04-17T01:15:09.447000 +CVE-2024-30694,0,1,b59e4a4cbd8b628ad5438bc9e3ded616afea7b8357d727fb26b95dbd9398a31f,2024-04-17T01:15:09.160000 +CVE-2024-30695,0,1,748b97f1f08f28170e91224933719b6aae414333da6258de6dd18e38e346b2b3,2024-04-17T01:15:09.217000 +CVE-2024-30696,0,1,b776d7e936c49a1300e4f5046665ea8f52bb88e9ab2c10018aea6dcc6fe28fac,2024-04-17T01:15:09.273000 +CVE-2024-30697,0,1,53683e05c009b451994adc5e37f811c0b6a6e8b9134deff07cac04c9bd2eed5e,2024-04-17T01:15:09.330000 +CVE-2024-30699,0,1,f4124412ce6ee92d96d35a63a6047f328622dccfa14d7838894eb412afe85bee,2024-04-17T01:15:09.387000 +CVE-2024-30701,0,1,0b4e4b40ea2dc77a72de922a671f44108d2944d3ce20ede87d45c63f728d8323,2024-04-17T01:15:09.447000 CVE-2024-30702,0,0,a7485ca3f518262adefc8c57fc92be69ee8ce36b582283f4b90f1003ece220ac,2024-04-17T01:15:09.503000 CVE-2024-30703,0,0,54442d23a613c11d76912c327eec4b82d83de8b6e43e8f7687abaf2d44476e1a,2024-04-17T01:15:09.570000 CVE-2024-30704,0,0,d94ba684a619f657bfb5a4d11fa161cc621abbe0cb023edb9d4d35c3d8b92897,2024-04-17T01:15:09.627000 @@ -245455,26 +245455,26 @@ CVE-2024-3093,0,0,32bf1c70eab5da7d509a40d74982ac8945909f57d49846c0cf619694e2add3 CVE-2024-30938,0,0,bb3c87898373ca38f4e6504fd7f34baf274fe16334abf7626317b091c9072986,2024-04-19T13:10:25.637000 CVE-2024-3094,0,0,cba466c06d21b74e1043491724188f63d6d0b9ba1993a884907c833ea9999b43,2024-04-12T07:15:08.740000 CVE-2024-30946,0,0,0dff329aaece035fc82f00595012379643bd5a0edb89ee3a7369d6609e13a4d1,2024-04-02T18:12:16.283000 -CVE-2024-30950,0,0,30e94ba74b1c9e764e05183270b9cbf984b1fc3b08e88dd08137339dc8cca5d1,2024-04-17T20:08:21.887000 -CVE-2024-30951,0,0,89531764b9c26fe5797ccda707596767b920928a0eb4f7604d09dbadeeec1668,2024-04-17T20:08:21.887000 -CVE-2024-30952,0,0,08d945856bbc49cc361c7cb3912a56d878635492481059b2fd432003c0a2fb40,2024-04-17T15:31:50.160000 -CVE-2024-30953,0,0,852cae3382b857c19cb395f48f623871adfde604b2fbdfac3bf020f961e4b985,2024-04-17T20:08:21.887000 +CVE-2024-30950,0,1,992550aa16b7b69040c27b7eadb42b4babd9ce9c185610db0008bbada9865896,2024-04-17T20:08:21.887000 +CVE-2024-30951,0,1,64c319e5130efe1148872b6efd54e0b74d19e18724bc83608b600a523ab1d0cb,2024-04-17T20:08:21.887000 +CVE-2024-30952,0,1,45f3818300706503aa11d9788e132ab06eaeaa5db69128a0c2116be2f61adacf,2024-04-17T15:31:50.160000 +CVE-2024-30953,0,1,b6048a3223dd71969afb665512f3c96be52d96e721358fb67ff9cf9a8128e438,2024-04-17T20:08:21.887000 CVE-2024-30965,0,0,0e44dd5d951a25ac3e8873a32678a3145da47d1060cb5312576a9c0471b643ad,2024-04-02T18:12:16.283000 -CVE-2024-3097,0,0,d36ff609a9c55f871c6ce5cee1ea4c5f261f1965e5780dc5607289e6057964d8,2024-04-10T13:23:38.787000 +CVE-2024-3097,0,1,806f9356cc4622ff9b031006ecb4c94e90929f098cb7a0b907d59fb3d0d09798,2024-04-10T13:23:38.787000 CVE-2024-30974,0,0,925e2530f1e3ebf7ce276128c5da5b2c5af5d0f951f13c400bf652f5816f5c8d,2024-04-19T21:15:08.023000 CVE-2024-30977,0,0,0a99023cc49f8723c27525ea3fd6d09c0a18e0536fb7ad1e37e70ef0654b9714,2024-04-08T18:49:25.863000 CVE-2024-30979,0,0,80ab36bca498e33975593d086ceeeedf107c2c6f87bef059b959bbe8c3731bf4,2024-04-17T16:51:07.347000 CVE-2024-3098,0,0,6c9612ddcc0eabe1134a3c49c1d4f4b4a8fb99e39689761d9db9b207a4883fdf,2024-04-10T19:49:51.183000 -CVE-2024-30980,0,0,b6cf6ccedccdc30aac9bd045f33afef7720a0fb31643362b1bc77595e9e55e09,2024-04-17T20:08:21.887000 -CVE-2024-30981,0,0,13ac7883f890039d011d9de352e748ae0884ece9e35f8213668b3d57d8e8ee92,2024-04-17T20:08:21.887000 -CVE-2024-30982,0,0,5e9b20db70b246c8c7bd1811fd8db772245b009a68cec446ceaf47d9829082f0,2024-04-17T20:08:21.887000 -CVE-2024-30983,0,0,ce4d06089af3124251611d23fb812617e40d2835454fe1bac380d5952da81a98,2024-04-17T20:08:21.887000 -CVE-2024-30985,0,0,00052514ff118cf10ea4e67d48dbef0a5515163b77f516e138dac418bac000aa,2024-04-17T20:08:21.887000 -CVE-2024-30986,0,0,f7416693205f3f95a7ba048bd1a70386f3a0dc003f10b48bf4669cf98338f65c,2024-04-17T20:08:21.887000 -CVE-2024-30987,0,0,df9e40e5f711b54d5de56510ffb9a33ffabf77ceafa889b363d20f1a3adfc264,2024-04-17T20:08:21.887000 -CVE-2024-30988,0,0,1026220b0084f0c36d417192bc1bbaa670523ffb84a262e35398566ffbcdb884,2024-04-17T20:08:21.887000 -CVE-2024-30989,0,0,7c642c418d5d3f2ee7de7d143c0abbeac9741519e893e116bc9b1e6b43c2fcd0,2024-04-17T20:08:21.887000 -CVE-2024-30990,0,0,4ff171a216e49b8a1b98a7610555a00dfe09e3bc3ec80b46c45fbd6f4f83badc,2024-04-17T20:08:21.887000 +CVE-2024-30980,0,1,833b78703b167eadbc4b1a9a9075d8c2e0d7bf80c01c5e66d90e566b497b9b17,2024-04-17T20:08:21.887000 +CVE-2024-30981,0,1,7a30583a86922b622c8f887f7a2dc57638811dc66d038cb4f895bc0ab1e8be5c,2024-04-17T20:08:21.887000 +CVE-2024-30982,0,1,083216e97c6bb2a7fa08e2a81662afa500c7dce50789f4c41177ab9284ce882a,2024-04-17T20:08:21.887000 +CVE-2024-30983,0,1,c9c9bc0592fbc52eb6384605d5c5a29a6ad7fdf5f294379c7339da5a99f2d191,2024-04-17T20:08:21.887000 +CVE-2024-30985,0,1,d8f0d925b9a2e990485b09eebfacdd1b12594133ec9d7b6869fcee4818420422,2024-04-17T20:08:21.887000 +CVE-2024-30986,0,1,69160755613857276587b8b1f60e6694734dd914ee3a7792655db531f176eec6,2024-04-17T20:08:21.887000 +CVE-2024-30987,0,1,468cef77884a1b0247108985323c0f3c5634ef332631a4474a5705346708e7f7,2024-04-17T20:08:21.887000 +CVE-2024-30988,0,1,0c1fba373369486acbe7abf7a68090de377b02d5f1663773aa31862718661b2e,2024-04-17T20:08:21.887000 +CVE-2024-30989,0,1,abfc1381013fe6bdf19bda4b713c3adec36443d13f21f1e69286d68a6c98069f,2024-04-17T20:08:21.887000 +CVE-2024-30990,0,1,d814580f329e12e99304963af29ee0361a06c58694e19a32d33d2edbadb55df4,2024-04-17T20:08:21.887000 CVE-2024-30998,0,0,179abd0db8095df44a7d1fc224d4f504797395ef6ca242b590dce2e234dbd0de,2024-04-03T12:38:04.840000 CVE-2024-31002,0,0,96e076f675a43d72347dc0c980a987d7f8bd37cac2f635917b77c618d7fb5159,2024-04-02T12:50:42.233000 CVE-2024-31003,0,0,3f0adfc7393f75768ba5f0ff119d336a00244f196f86b1dcc7f91a86901fc5be,2024-04-02T12:50:42.233000 @@ -245489,11 +245489,11 @@ CVE-2024-31012,0,0,59265fe10316d43a2acb459ea9de60f6a264c8b6d13bc4dae0d363d3b5d71 CVE-2024-31013,0,0,137ba39b03bbaab20823954557195167ac08df3fa32a6782dd4080f1d723f338,2024-04-03T12:38:04.840000 CVE-2024-31022,0,0,a14e43455f8667f5b08643f4accc0ded65ef08c98d3d4f6b069b1542bbf69336,2024-04-08T18:48:40.217000 CVE-2024-31025,0,0,049c3aee715c9c75f255eea2ba7d71aee620ad97e93ef3b0e0a948ae51dd0b57,2024-04-04T12:48:41.700000 -CVE-2024-31031,0,0,b7880b3be7db11683e3f2fef6956445531209cffc8b410d3b64c7ca81fd90409,2024-04-17T20:08:21.887000 +CVE-2024-31031,0,1,29fa87d48aad0a0bc20057b1b9ecb42c0a06bf12b16eb69819fa3b6a4f2669e1,2024-04-17T20:08:21.887000 CVE-2024-31032,0,0,71dbb2a787f73b1914bf5d51e1b83b5365eb112b3ab9ed4df5d1066682b5223b,2024-04-01T01:12:59.077000 CVE-2024-31033,0,0,200340e7b08fbb0d6701818d4b83bef89c21119b7d9fe7f5be450bb2b1edb614,2024-04-11T01:25:48.953000 -CVE-2024-31040,0,0,ad0c36cbf6fe4e7fa7e88f6d75c08768ff866ab7dc21103ca5bdb483c62304d1,2024-04-17T20:08:21.887000 -CVE-2024-31041,0,0,65c63dc9d06ac95efa246e784659052f9342d1132b5acec915cbf1071ea1326b,2024-04-17T20:08:21.887000 +CVE-2024-31040,0,1,58d694e98ef6e322b940345b4415e080b141132f654a38c35a41dac24f1e6dc0,2024-04-17T20:08:21.887000 +CVE-2024-31041,0,1,55cb17ccb9a4ccc47749a0a1f025025c536447c530ceaeb2d7f75919ad09c350,2024-04-17T20:08:21.887000 CVE-2024-31047,0,0,ed6b998d2efbbc258ad744f538162378aa1b702ac5e17462e2e5f42d9945fb08,2024-04-09T12:48:04.090000 CVE-2024-31061,0,0,020e38014038ba97f692790c06c98735ee7323fcc8614755f16c9c5708fe33f5,2024-03-28T20:53:20.813000 CVE-2024-31062,0,0,9a85b45f2ef9be7ff3563a8d396c3a8dd45f237219d28fbf343c7fa8953f9bf5,2024-03-28T20:53:20.813000 @@ -245563,11 +245563,11 @@ CVE-2024-31213,0,0,4aff9e2c15103485e15f2d72563e8cf5ff3745458bc3eeef8638c53a238fa CVE-2024-31214,0,0,6fd2ca8f7b5ff5092bca889a448aa20cbf70a081c1713baee29d50f1f1ef6c72,2024-04-10T19:49:51.183000 CVE-2024-31215,0,0,34a0a231f3970708fb3e5686678c657f48cd1675d27ab51eed18f5cf652dec67,2024-04-04T16:33:06.610000 CVE-2024-31218,0,0,7bde3095db5888b85ce9669e8bb2502e2c0767a6efc1fdc83c6973eaeb264970,2024-04-08T18:49:25.863000 -CVE-2024-31219,0,0,7acd0be915f9eb553170dac7fcfc2b835daa11c61b3f2663f7153cdd55191bc5,2024-04-15T19:12:25.887000 +CVE-2024-31219,0,1,d2d2811e70f71b6e8f1f63a3f7bda6856d7eb5bcd23ce2727f866e79d3b49966,2024-04-15T19:12:25.887000 CVE-2024-31220,0,0,5364fec01a2c522837b9bb1f12dd2e109f09573a57ee59445d858fa07dd681f7,2024-04-08T18:49:25.863000 CVE-2024-31221,0,0,093d7a2a638171e5d3f8cc3b06e5a6b3ca8a7674a42c7ed40ef62927f76d1926,2024-04-08T18:48:40.217000 CVE-2024-31224,0,0,2f84ceb3d774709c2492171042eddaeb6b6b98a31b06a1f67434414d962c7206,2024-04-08T18:48:40.217000 -CVE-2024-31229,0,0,a86a30470d29167af271349c5974a03d8f4e6a72bf7674090d558719467dfcb9,2024-04-18T13:04:28.900000 +CVE-2024-31229,0,1,7de33a876b6efca66be6426e83eb27e50104659e2ffe406707b9d46bf22d8ac4,2024-04-18T13:04:28.900000 CVE-2024-31230,0,0,52cfa4cc0c105e0f4a014468a390d1fae46fb176c8f9a3fd8a419c5888fe92a6,2024-04-10T19:49:51.183000 CVE-2024-31233,0,0,d489633661459fa8fba7247a4e042c4067793ed99651e43e0cd0674db1c81416,2024-04-08T18:48:40.217000 CVE-2024-31234,0,0,e2afc7f2f1012ca63d202c441d893de0eb7415294dc8692e4b069bf731411329,2024-04-08T18:48:40.217000 @@ -245622,7 +245622,7 @@ CVE-2024-31298,0,0,75f0543a46ec047f4866e7cbe527aff341f7aebbe53d7e9c6d154aad7568a CVE-2024-31299,0,0,3cd097454f2af8d7dbd4b37b7e30458e12157596eadc5450d37a4ce6cc09ad60,2024-04-10T19:49:51.183000 CVE-2024-3130,0,0,f68ffdb025359112b42b29b07959a49895dfaeeef79aecb0f7981acd1536b04b,2024-04-01T12:49:00.877000 CVE-2024-31301,0,0,e8b5a65c9bef0175cce9b38c58156669c86eda140a6de06960e3677447078479,2024-04-15T13:15:51.577000 -CVE-2024-31302,0,0,f0642b2cb338c07dbec34f8e2d8ddeed605927fa281b7a4cbd0d9d6a5f17a693,2024-04-10T19:49:51.183000 +CVE-2024-31302,0,1,004d58d9c45d43bae4c81d01c7f44e1bb944c79e30f3822834fc4ba2901de814,2024-04-10T19:49:51.183000 CVE-2024-31303,0,0,d19e52c3a72788fe575094c8a039fb48a18dd4ce5551eec3595ac2f9937f5778,2024-04-15T13:15:51.577000 CVE-2024-31305,0,0,3d21fe974a7fd87dcf727b7a30275d72689da091f046f5ccadceaab06b2bdb9d,2024-04-15T13:15:51.577000 CVE-2024-31306,0,0,8b51fcbcc9a456d52c739540d0a41682a94a82657203d9841ed70dd111575cfa,2024-04-08T18:48:40.217000 @@ -245656,25 +245656,25 @@ CVE-2024-31368,0,0,2075bbe380281b0997c3990fa2ac90c9c87c399d3ddf4c8c8d5afff7621d8 CVE-2024-31369,0,0,d082a9ab615cec7280a5691a7d44e9570c42e7b3288086312b3cbea4bdb1dc8b,2024-04-09T12:48:04.090000 CVE-2024-3137,0,0,85619be4f983f97db1d6302bec8264dd546f884b93dfcad5f6be85034ffe5dcb,2024-04-02T12:50:42.233000 CVE-2024-31370,0,0,6f6e1dfc72d0841ebaadb7bdc4bbf124cf6313a520f59380c092d9365f2d4194,2024-04-09T12:48:04.090000 -CVE-2024-31371,0,0,179a3a06d0abe25867a1a366fbf28243d3b465ca03126880078df34ad6db2636,2024-04-12T12:43:46.210000 -CVE-2024-31372,0,0,ce8e4f5c7a34e5f829d8f354461be992c9ea7bf36d84ac362c7987280f74bde7,2024-04-12T12:43:46.210000 -CVE-2024-31373,0,0,7d8003ed0bedab19b9d2c654568b89609f88a948b016e535e99bc32f5fbc455d,2024-04-15T13:15:31.997000 -CVE-2024-31374,0,0,b2263bdbcdc2cc69ef1b95bcbb113a1c77c6d82938489ceea8ce66b177f67abc,2024-04-15T13:15:31.997000 +CVE-2024-31371,0,1,f8f42640e34a0fb64378bd54adec92021b7507653b39ad5fb4f5d68d62e85d58,2024-04-12T12:43:46.210000 +CVE-2024-31372,0,1,f215d64cfe6fec41d8e5912049a9fd1fe5317c1cdc292b693be0fe02b0b174cc,2024-04-12T12:43:46.210000 +CVE-2024-31373,0,1,845e684c6943af5c6faf76839f8e6ab2e6fe6f0f29daf8e399eb30776e4055c6,2024-04-15T13:15:31.997000 +CVE-2024-31374,0,1,9f02610d938cc89a1f9976654e14225dcaee82d00f1b23b76577de2aff82af45,2024-04-15T13:15:31.997000 CVE-2024-31375,0,0,b0ef1f22f63ca31cfb2164ca0bddec7fc53a5ee9672cb520fcd2e704c7c6fdab,2024-04-08T18:48:40.217000 -CVE-2024-31376,0,0,abee8ff8c0031abfca89373f2703f751705dc75c17a2f86203830f28d333e640,2024-04-15T13:15:31.997000 -CVE-2024-31378,0,0,cced51fa9b865a3697a63c6d002d15bf771cd7760eb45651bd3395cc13b8264b,2024-04-15T13:15:31.997000 -CVE-2024-31379,0,0,fc279445ab419de4f2d016df8639a21a0e4138f3e27a44e0b60b5764384fa8c5,2024-04-15T13:15:31.997000 +CVE-2024-31376,0,1,a5cd7decb3aa77b7c9dfe04828eefa3f789d2a15ced405db0122622e67c0dee2,2024-04-15T13:15:31.997000 +CVE-2024-31378,0,1,46b9b8732b642d44c5d384306dfbdf69a9115d6098ab0a36faa3f26c08690e37,2024-04-15T13:15:31.997000 +CVE-2024-31379,0,1,24f2bdeb0f1fb4bdf974899fe3fab2725f6d89406a545ae15090a05eaf09429a,2024-04-15T13:15:31.997000 CVE-2024-3138,0,0,952bef3e912c81d77b1f4b71c423532beae8fc55963465bb23e6cf3f92e09bdf,2024-04-11T01:25:54.493000 CVE-2024-31380,0,0,d044c4c41af2f67b9e10a84372a0da5aeb36e8aa53f4901f4d0660af26a33358,2024-04-05T14:15:10.487000 -CVE-2024-31381,0,0,84ef5b6d167c46cbc60bf2d55ebdce038c508bf6bdc0c6b4659fd0fca1cc5da9,2024-04-15T13:15:31.997000 -CVE-2024-31382,0,0,569fd22fc659ff1fd572a32be4c9ef05af0470a758cf7c01f86ea517568bbf7d,2024-04-15T13:15:31.997000 -CVE-2024-31383,0,0,f5fa25cf936255449cf949234e30b263dc371dba734f6091697da751b558f357,2024-04-15T13:15:31.997000 -CVE-2024-31384,0,0,682fcd2e73d73326afdc0834a8e211326ace361783e56877da479455d65cf1e9,2024-04-15T13:15:31.997000 -CVE-2024-31385,0,0,b58ffc1681237d02503110446b31a19f007838c2b824ad89e4b282596ea6d5b7,2024-04-15T13:15:31.997000 +CVE-2024-31381,0,1,c9f8b2a8bb43383a6d2b44f4c2bce621630063d464575918f98bc752cd934627,2024-04-15T13:15:31.997000 +CVE-2024-31382,0,1,fdb9f25138a089e37ff91a85435d838e4c79e5961d1d783d123309eb6b480c40,2024-04-15T13:15:31.997000 +CVE-2024-31383,0,1,969012fe96b80e550a1eee7edc6c8a1c541c828926b828c1a67fc199b91a261d,2024-04-15T13:15:31.997000 +CVE-2024-31384,0,1,35ca283eefafa770c30c67ae3f7fa28425115a3679cd600ad148a32abc7d7f57,2024-04-15T13:15:31.997000 +CVE-2024-31385,0,1,89fa489cfb58acfb9e4361b1cdb354ea02083cde0f4695ab464f6d98c39929e2,2024-04-15T13:15:31.997000 CVE-2024-31386,0,0,15fec49971ff13003aab552d95c7df7a6744ee4763b24dacb4b183ffe115ea40,2024-04-10T19:49:51.183000 CVE-2024-31387,0,0,ae479bfa1926a7fd40fb5cef5475ced5aee0d15930c68100ea8467ea55c88cb8,2024-04-11T13:30:38 -CVE-2024-31388,0,0,22670d1ec2bdbea70f59fe77dba1d4ee239225012bfd0a191cf210fb6ed1d1cd,2024-04-15T13:15:31.997000 -CVE-2024-31389,0,0,2324036de07b1b4cfe7c66e4d8563f1b61e7b09f0db5d4a91d4d2a538368ef8a,2024-04-15T13:15:31.997000 +CVE-2024-31388,0,1,26d907273df7947ec6ad690e5e970b363bc74f3d9bdbd15977ad183463b21599,2024-04-15T13:15:31.997000 +CVE-2024-31389,0,1,ec18832e3cfc0d0ccb73210696ec4d56f9e9fc30aaf99bfa52a18537d9ffe4ce,2024-04-15T13:15:31.997000 CVE-2024-3139,0,0,c174ece4bd5366d5eddcb8afdcde0c6c7c4276d7790f9ff1f5e9ef5c069a0098,2024-04-11T01:25:54.583000 CVE-2024-31390,0,0,0875d8345a5b76d413fbbf2495b8c73d39cfd6ca77e21422f3300e66fa9097ad,2024-04-05T14:15:10.590000 CVE-2024-31391,0,0,c5d0718f2ce77e5a0479036a39e8c73cdec563f71b540451fa128601fd799d49,2024-04-15T13:15:51.577000 @@ -245685,20 +245685,20 @@ CVE-2024-3141,0,0,4a421b8d09b6a7d4fe74d2a8915b6e77df0db72d98c9b55fe874b22d112f30 CVE-2024-31419,0,0,36c8a60658bbd6b33e2cacab3bae7069924fea2c95b1bfd68ef2a5a438c0a6d2,2024-04-03T17:24:18.150000 CVE-2024-3142,0,0,8529c5b22168febaa4c102f0cc77312d61cb1e158b8728b8425cc2b98347c39d,2024-04-11T01:25:54.860000 CVE-2024-31420,0,0,5d7e593d118cd1f41577542846ec46b792c74358a1c27af2e9295870ce46a7f7,2024-04-03T17:24:18.150000 -CVE-2024-31421,0,0,e719fb8e5ad90c47eef4fdc0f6319ce2844d056869c6510e9219471d7384f5ef,2024-04-15T13:15:31.997000 -CVE-2024-31422,0,0,fe0f6e5a9c7f8382c030cb95b5c051bb104fa6acb1f5c14f1160d6a3e182f77a,2024-04-15T13:15:31.997000 -CVE-2024-31424,0,0,644a7746860aae9f862f7c5354836f1b3768a055477b50532c7e2fbc58ed8fa2,2024-04-15T13:15:31.997000 -CVE-2024-31425,0,0,b74cf76c3ad5d6ccba03926f7e0c1e087e1cb0a88fa908421d008991bf7aa7a4,2024-04-15T13:15:31.997000 -CVE-2024-31426,0,0,1f84cbf7ecf3eb6d8d83689fb9bd3f1f5d43ca67d03f2b04031248476a04bfd6,2024-04-15T13:15:31.997000 -CVE-2024-31427,0,0,33d81c541b0d683de1b9c1fcdea853a24dbf96345be967afe7afbb6624a21b43,2024-04-15T13:15:31.997000 -CVE-2024-31428,0,0,42947b7020b91b187dff26a64a6e2eebbcb726c349a40bd9b2d8cdbd5c594bce,2024-04-15T13:15:31.997000 -CVE-2024-31429,0,0,d547eedbeea849e9bd0050e5a14ad9d76ed19ba2c3c597f37179a79d14099be4,2024-04-15T13:15:31.997000 +CVE-2024-31421,0,1,e370fb8ea44331555944235b2fd1b7c5dff31c81598412ae4f64694edf2ff3ca,2024-04-15T13:15:31.997000 +CVE-2024-31422,0,1,9d05b90ac7eb05b3315a52c454aceadf521dfe2d7798187e0db071b0b4b207aa,2024-04-15T13:15:31.997000 +CVE-2024-31424,0,1,d8343bb4d43fba5750996301f0987a15b68ea08687160014b0d749dd36411ef8,2024-04-15T13:15:31.997000 +CVE-2024-31425,0,1,3f5cd7851cef6dace808d1a645c76f77fb0497234951a08577851140e62c06e7,2024-04-15T13:15:31.997000 +CVE-2024-31426,0,1,d8fabacf380afba0ad2e99af8054991653c6cdc715370d6dbd528418cbc65b8a,2024-04-15T13:15:31.997000 +CVE-2024-31427,0,1,58c490fff21a47c3461bbc40adb71c497f482d54d65d7504070b19bc2ee67681,2024-04-15T13:15:31.997000 +CVE-2024-31428,0,1,1339d78d3b78c4305bcdf678bed9cf3042343e1497c921eacf216f7b8a62b8c1,2024-04-15T13:15:31.997000 +CVE-2024-31429,0,1,5e7b6420f3baf865eb6b50750a7b0ab8532098aef4b9e0d2ee0f0560593266b1,2024-04-15T13:15:31.997000 CVE-2024-3143,0,0,53dfcfd3428380087fc9225bbe4504515f3fb2fad66077c3d039ee7ce70320a2,2024-04-11T01:25:54.943000 CVE-2024-31430,0,0,9ff8e1b4d98002eee761d6539ac29b9c01feb8ee307018a6ec587c0bf01b991e,2024-04-11T12:47:44.137000 -CVE-2024-31431,0,0,075786c146aba717ee33def966cd333dbe90e90a1fe39a99ba8c0a2c5b9d984b,2024-04-15T13:15:31.997000 -CVE-2024-31432,0,0,2e970e9d97bf92171dcec609c125a0de4d0ec5d92c185d7763328757cba40f3e,2024-04-15T13:15:31.997000 -CVE-2024-31433,0,0,86aab503a2e2db574c389b20f71a0148690ff832973b07c2dccd2632bb765aef,2024-04-15T13:15:31.997000 -CVE-2024-31434,0,0,14c74969478ba99d5c0b8c391c656499cd1e539c2ab2bf65f71934bc9488b3e2,2024-04-15T13:15:31.997000 +CVE-2024-31431,0,1,9426ca0feb576a5b4248ec7361b1e8de60bb7329909b4b83734731b36c5297e4,2024-04-15T13:15:31.997000 +CVE-2024-31432,0,1,cc2ca49f8c580f8aaea9609de68fd6662c6f8ed642e705f7aa0bc71b50b1e81a,2024-04-15T13:15:31.997000 +CVE-2024-31433,0,1,925f0194bea8067ce9b57a1e7dbcbd91c21931cb3e15d6f1d47ceb58df7bf805,2024-04-15T13:15:31.997000 +CVE-2024-31434,0,1,e119b4e7150d44244ab3d0e8949ed78a946b34a0ab4218253025f9053b721e21,2024-04-15T13:15:31.997000 CVE-2024-3144,0,0,7dc72f8f095a7cf1cb25c6f0b93af3672d10959c4dac8ef3a8b7a5ba03525aea,2024-04-11T01:25:55.020000 CVE-2024-31442,0,0,bd0c0777ffd79341352bfaf4bac13513052ca764dc9351410c56fde55ac0fa91,2024-04-08T18:48:40.217000 CVE-2024-31446,0,0,1a21e0c4eec911630e360128cbf20c658c7da3792258e417cd0bfcd4e43962d1,2024-04-17T12:48:31.863000 @@ -245734,14 +245734,14 @@ CVE-2024-31552,0,0,5a9db2be00e7b7077a4a60e9105689c87f7a53feda5b2567edda13b704df8 CVE-2024-3156,0,0,4f0be00c0207aeed7fb186de5775d865483597f176357d0ad848ff41024a288c,2024-04-19T23:15:11.537000 CVE-2024-3157,0,0,efbf5e20eaa98706deef52c26be2e1cba3d67ed28d54a5b0520df90b69e7c692,2024-04-19T23:15:11.593000 CVE-2024-31576,0,0,741c8998460302eafaf2dd6cd838e7890c169c726e59c5f45ee51622793abfa6,2024-04-15T16:15:07.270000 -CVE-2024-31578,0,0,77ddec4d5b6b37ac0f61734499aeff3bda9cb160ccd770fe33ca29c585fd57bc,2024-04-17T15:31:50.160000 +CVE-2024-31578,0,1,4c90aef50a02aec622bb8c70d230352c3d3dbfba07e0b0b93d71a37f5c581d6d,2024-04-17T15:31:50.160000 CVE-2024-3158,0,0,10f7ffa67053f9b78f0dc7e48028626f5209dcb47c62106618b35565e7e9d9f6,2024-04-19T23:15:11.643000 -CVE-2024-31580,0,0,d7c84c101d780f8652160bab948da8fb0c4dce3c9c7741f9218de70831e9c34e,2024-04-17T20:08:21.887000 -CVE-2024-31581,0,0,865deff14bc7ef9b36e2bb8e65225902059d208782571d2a360a898684ed0e64,2024-04-17T20:08:21.887000 -CVE-2024-31582,0,0,86c2a5b1679f83ece114829a0186057f140c91c46b8529b9e5c7a12763d2e25e,2024-04-17T20:08:21.887000 -CVE-2024-31583,0,0,23d0ff984e0072ed917a552139ff5dba08b151a993349e70e9b8d91d85217832,2024-04-17T20:08:21.887000 +CVE-2024-31580,0,1,e997e3f25c911fc04de779fa9168de4ebef90131449df2b2dfb57ff9ee6e679b,2024-04-17T20:08:21.887000 +CVE-2024-31581,0,1,d4a48f7cd6a3f11d5bd7242e0dfac3a15852b862f2cf96a614cc33083f70d5cc,2024-04-17T20:08:21.887000 +CVE-2024-31582,0,1,fe103b3051ee1c8e8159af1dc183525df22a48d013c16c8b28c94f3527365cf7,2024-04-17T20:08:21.887000 +CVE-2024-31583,0,1,eec650b2d1a967bea49e6ce27fbd51a980897e8355103b69036a477d8192c36f,2024-04-17T20:08:21.887000 CVE-2024-31584,0,0,80659d94d6f0a5c73c71f7f0c39edc4f6a1576ac762dd5d28cb15790b6bd7f2b,2024-04-19T21:15:08.080000 -CVE-2024-31585,0,0,6c0cc5d202694755c3e5e588c7e5525f9c4ad64feb6107844dd228e8ae9483be,2024-04-17T20:08:21.887000 +CVE-2024-31585,0,1,ca870b59b85ac9b6cfa4a8fee4976da074575d82dd3c02566198bbf835617bd1,2024-04-17T20:08:21.887000 CVE-2024-31587,0,0,6aaa189139b27b06a683c1dac5c91d5124a2971d077e3d9157f284239b68e61a,2024-04-19T16:19:49.043000 CVE-2024-3159,0,0,372cd652e2632717ba4bd0c7aadd6df6465a25a12553b2fe9846988ffe1987d3,2024-04-19T23:15:11.687000 CVE-2024-3160,0,0,f58561faca7869291dbd40f98b5207b12f048bddf4323b50e2fa0b0605fe77f4,2024-04-11T01:25:55.513000 @@ -245754,7 +245754,7 @@ CVE-2024-3165,0,0,de9c55d425cf1712b174cf5953c3fab2e18950a6202399f31519128938dc30 CVE-2024-31650,0,0,93c237f92a0565f29a186681c2be8c18bcc984e57115648f885447500f241b13,2024-04-16T13:24:07.103000 CVE-2024-31651,0,0,449580f383ba06b10b890173ddf2d62af7a188eb69db82466ee9152e4b087212,2024-04-16T13:24:07.103000 CVE-2024-31652,0,0,208b4f263a9a44614b423f2ea1b775ae64777df67f6e60b98c2159dddb5c4a0b,2024-04-16T13:24:07.103000 -CVE-2024-3167,0,0,f4a160a1382e038713f603968880deb87a3b362a15bab9fc55aa42721dc9dd6e,2024-04-10T13:23:38.787000 +CVE-2024-3167,0,1,c19ad392a8875e6cb3d8eb9a976aa540fa751cbd03136dde207326521a23753f,2024-04-10T13:23:38.787000 CVE-2024-31678,0,0,6d17d4ce9eaa15ebb6367a838566d027b53ddba56e09f333fd8cadacfd1d2447,2024-04-12T12:44:04.930000 CVE-2024-31680,0,0,9cd3893ac983fae5e4213584fc439ab2d2b21e3e6bebab8790c0104ed80c76e1,2024-04-17T12:48:07.510000 CVE-2024-31744,0,0,7de9e0ac4d1881e8e6a1c9cabea807c4b59ffea44a7ce9a28f0f69a4b5f1eba8,2024-04-19T16:19:49.043000 @@ -245763,7 +245763,7 @@ CVE-2024-31750,0,0,ef2fe441e5dcedf0cb2da823df8fe57e9b7ada67d4a5ac9a3c649524c0ed2 CVE-2024-31759,0,0,7081cd22df5b9e4148ecc914176fc1f6cc04366073f8b1e4eccd8dfe4f2b7d73,2024-04-17T12:48:07.510000 CVE-2024-31760,0,0,7b1e0b53a94a63e7f108110799c5f85524efc23136fc5608e680b8482e690959,2024-04-17T12:48:07.510000 CVE-2024-3178,0,0,e1b2edc538f836ffb506a17d476e0f961db2588242ddd1b2358ad3487cd818bf,2024-04-04T12:48:41.700000 -CVE-2024-31783,0,0,a7054e74fa1a557567cd0f4452494e62f528f37b2972c2343d20292f99336f13,2024-04-16T13:24:07.103000 +CVE-2024-31783,0,1,39c4df7f07fa9e66dc5d42dd16bc0981c0d6511a0c96852796a6de0ccb03c2ac,2024-04-16T13:24:07.103000 CVE-2024-31784,0,0,0055eda0e2e2e3cebbac3d895c086f3674073feab99e847bee4ca99f9495a801,2024-04-16T13:24:07.103000 CVE-2024-3179,0,0,5abb24f6a5051585dee8d043e9230e5c2a9202caf7e3c5044373b856d11a8a98,2024-04-04T12:48:41.700000 CVE-2024-3180,0,0,cb7e6ecd5dde884356237a2b2dbf7b6ac67d07b2baecdd8da937f602eadd96a4,2024-04-04T12:48:41.700000 @@ -245805,10 +245805,10 @@ CVE-2024-31872,0,0,7d09da772d85c1598253bebf81c543077ef995af0f84d1cf088132605a240 CVE-2024-31873,0,0,30397559953deb34a9ae192149473632dc6b2334245e920787a4c5e14fc76375,2024-04-10T19:49:51.183000 CVE-2024-31874,0,0,1770e58d0ae5591eb931a8cdfdb054fb4d854f81849d14af250c71db6caf553c,2024-04-10T19:49:51.183000 CVE-2024-31887,0,0,e951c215b0e12b882bcc7244c98d7631ee4f4b7a3271b5f24e369f1a635cd3e5,2024-04-17T12:48:07.510000 -CVE-2024-31920,0,0,1a6309492e6d112b6d5c74c55b809c13a9ffaf43e5c668b35b54f9c1433bee12,2024-04-15T13:15:31.997000 -CVE-2024-31921,0,0,4b6ce9a933b430a9597eec1c95a19c016c2c3b069930a8064c6136dce4df86da,2024-04-15T13:15:31.997000 -CVE-2024-31922,0,0,ddc17d5b651ce3b8e89be96b4d055079549d44bfd30b2393d2326cd870478923,2024-04-15T13:15:31.997000 -CVE-2024-31923,0,0,bedb598dfd5056c55cc8a6501374c90aaad18e88e534ab7d1ceaa998e4e7d457,2024-04-15T13:15:31.997000 +CVE-2024-31920,0,1,3c0045dbbecad7d78d5b9eb044589c2fc290e421e2d5accb9391890092efc90f,2024-04-15T13:15:31.997000 +CVE-2024-31921,0,1,732b3dfcff7f3c38928ece374bd7708cd93eb00a4dc0a7d5ac8e2f115b9d7217,2024-04-15T13:15:31.997000 +CVE-2024-31922,0,1,ab7058b1ab970c1607707e3b516fb20a2b1bb9e11ac7a3e1d4bef18b1ec4d6b7,2024-04-15T13:15:31.997000 +CVE-2024-31923,0,1,4399c399618bbbbc51af1d4edb9816be0daa59f679f5959505a20cd1b09c2f6f,2024-04-15T13:15:31.997000 CVE-2024-31924,0,0,419e00ff087648b1d4f56b4d92d98291b21c0865a222da2fc6d212f80447c689,2024-04-10T19:49:51.183000 CVE-2024-31925,0,0,b2c78ba095b8737ac1c9b9b6564a8d654820aa2e7725be4dd283113cacc4dd8c,2024-04-11T13:30:38 CVE-2024-31926,0,0,5ea07bd781aaf165e7c249d84898bbaee298d70cc8e541e3b74d17ae8e2ec616,2024-04-11T13:30:38 @@ -245818,14 +245818,14 @@ CVE-2024-31929,0,0,5359df4522faa8d2c46f605d48868a6939d06d35e038e5f3287851d046168 CVE-2024-31930,0,0,628cb0e5103582aeccc9f3e33331b9dbe7dba70b3951389bc2f9327ad3b8f5ee,2024-04-11T13:30:38 CVE-2024-31931,0,0,31bc6de522002d5fbdfc52e575ea088ef3d3fde1fc3f2ee4856692982b9dc2cf,2024-04-11T13:30:38 CVE-2024-31932,0,0,cbdc79dc2f64dd5bef9877c31b5d39549faf66977f5313958012ec22e616327c,2024-04-11T13:30:38 -CVE-2024-31933,0,0,c275e4248ee64b1b5b82b62b7a883f5a0202449c25cb7bf19cfa2b56159e9f93,2024-04-15T13:15:31.997000 +CVE-2024-31933,0,1,f4d4221b12be3d98a002756e3ae166e03a6d160fcebd7fce42e5e032c61acecf,2024-04-15T13:15:31.997000 CVE-2024-31934,0,0,c0d0dcd1d33c627debfa8b285c50df77571cbba9a1c55991b643fde63f3e7d80,2024-04-11T13:30:38 CVE-2024-31935,0,0,f466b4b7708852a91065ac3482d61ab28afcfeadb9ef15deb690167c92fced1b,2024-04-11T13:30:38 CVE-2024-31936,0,0,41ae8d4679677e086c385533d0a63055153ebb271d32fb7547401292a6a57491,2024-04-11T13:30:38 CVE-2024-31937,0,0,24fb14fc8c636ca322e17128cc4ef69cbdba60a9f579b74e55aed300a2f73ed6,2024-04-11T13:30:38 -CVE-2024-31938,0,0,717361662126c3b8bc820bf18d6ac0d36fee5b4ebd9a8c17e030753bb551a9b9,2024-04-15T13:15:31.997000 +CVE-2024-31938,0,1,5f3f05f61d1ef2cd5bad53d9f5667002cb10342b194111eed40f5ded72653f03,2024-04-15T13:15:31.997000 CVE-2024-31939,0,0,dc9cc0dfd8ae0f6c4caa1a4775b1cc86559b00f81c6408b5f2a51c57007b5d9e,2024-04-11T12:47:44.137000 -CVE-2024-31940,0,0,37bea4f3dfa0e511fc4e3b3c83ec8b56d1c1142ddf4c76dbfc1d7345af791120,2024-04-15T13:15:31.997000 +CVE-2024-31940,0,1,1ddf48c04277bac2492208785102f32503356b7d59b7891c524b2c22b8846edb,2024-04-15T13:15:31.997000 CVE-2024-31941,0,0,b8dc065fda42126e32d28a44ef547549a83996a827e764074359d3e3ec8c1e09,2024-04-15T13:15:31.997000 CVE-2024-31942,0,0,ceae4b513a0b6e905236b05cb5dd98d07a79c0420729857e9c51c87c35b65b17,2024-04-15T13:15:31.997000 CVE-2024-31943,0,0,d050ed16bd2fd56e0b74cc5712c1eb7ef94538d6cfa9c00022a6cfa048bd2dcc,2024-04-10T19:49:51.183000 @@ -245904,15 +245904,15 @@ CVE-2024-32106,0,0,2e3f5a57bd781bd3a30c937e8aa33ba1f212672a8df9850b791a63471fb05 CVE-2024-32107,0,0,b90c8135a82473fde7e5bf44c3c1cf9d7846ba95270115659d7d68306d87ca81,2024-04-11T13:30:38 CVE-2024-32108,0,0,950a29a68ef37c40439ae0dcf3c3d4b039242eaece664c349c7d4089e193ee6e,2024-04-11T13:30:38 CVE-2024-32109,0,0,e0a4e8c5f217571de21e69ff68b322f2becdcc662ae51f8c1b5dcaad24451a40,2024-04-11T13:30:38 -CVE-2024-3211,0,0,54794b5c5e3c18fabed2b9971b38f38495032ad68cd1edd1eef302942016e9fd,2024-04-12T12:43:46.210000 +CVE-2024-3211,0,1,d6d8ef851a76d01f08b13c4c6093534cf0125e4133f007b8f3a299cb3bb38192,2024-04-12T12:43:46.210000 CVE-2024-32112,0,0,2df62c2ad1478d07a612eff17f984ad78c51d3b47027012c1c38076227812cd3,2024-04-11T12:47:44.137000 CVE-2024-32125,0,0,df49ac279a5dab5894d2cf46d4df920e793fb77c32b1360bd4eb9ce6cc4c2bcb,2024-04-15T13:15:31.997000 -CVE-2024-32126,0,0,d6c17183af3d126aa3f02749367d7bbbeb74ed81ef9eee317e093a83dcd16794,2024-04-18T13:04:28.900000 +CVE-2024-32126,0,1,03bbe2b7a7bd325cdda583bb7823f2b70916aad3961fcbd3bac07e945035870f,2024-04-18T13:04:28.900000 CVE-2024-32127,0,0,57252810e1702be160161ac7dc44c20062237ffc3e0f3ad79884c0b06ee5b822,2024-04-15T13:15:31.997000 CVE-2024-32128,0,0,cb935dc8078553e54335e879bd7502243cd9a625b79c1c1dfceb4bfba45b9de1,2024-04-15T13:15:31.997000 -CVE-2024-32129,0,0,656ae28bdfb245e62d73e796b0c62cc9d732e7baa7efbfb92e21d3088230cd74,2024-04-15T13:15:31.997000 +CVE-2024-32129,0,1,7dc12cce8517a17cd70ddfa746950a5eac6137ebf8d213b92102ec061182c7b6,2024-04-15T13:15:31.997000 CVE-2024-3213,0,0,ea3f20ff836368484318fafaf2de028dfc4fe493b01551892e8e53b852a2d76e,2024-04-10T13:23:38.787000 -CVE-2024-32130,0,0,8270d2a4a2d7d33aa729b0b188970df9809fec03e24b853d6e8fa3705c720a8d,2024-04-17T12:48:07.510000 +CVE-2024-32130,0,1,c3815df651bee8fabb39b6ee1601a12e78be3e64615a56410b03d7d3217c5c2f,2024-04-17T12:48:07.510000 CVE-2024-32132,0,0,b8f2c67a5eb9317d71844e548f7098002fd937824ef3f3cc031dff8cdf6f8053,2024-04-15T13:15:31.997000 CVE-2024-32133,0,0,b6bd118a7271f523d04d92bcbd31e3ed3647e43ddffd398663c764e095286abb,2024-04-15T13:15:31.997000 CVE-2024-32134,0,0,37485526d4a1d331ce70e420eb227ca2fc8b2b4a19af534e5a8caa5ed85a6cde,2024-04-15T13:15:31.997000 @@ -245929,9 +245929,9 @@ CVE-2024-32145,0,0,46f82be3b79b18ba25f2a9e0fa1663c301fc655d81936963a35db2da93921 CVE-2024-32147,0,0,221f8d37c746fb10439627f9391d23954c77e6687fd4a296059e2d8c0758881a,2024-04-15T13:15:31.997000 CVE-2024-32149,0,0,12d107e3c0999cbcd27b2d933b885433c81cf0faba3d46ab08b4e66fab365309,2024-04-15T13:15:31.997000 CVE-2024-3216,0,0,aac88e798ffbdaddd62ae90ecbece12fc58351de061defd8cac2a138eea1c35f,2024-04-08T18:49:25.863000 -CVE-2024-32161,0,0,baff3d70ce2747d9e5f346cd66bce32126ea12f61c828e5711138e595e3e8ba1,2024-04-17T20:08:21.887000 -CVE-2024-32162,0,0,18cb543f3bd362f8058d75d170f82ceb4e8cc54fbc6764dbd879a636823e0837,2024-04-17T20:08:21.887000 -CVE-2024-32163,0,0,d9c67886d51c8540ec61857ff9e9d5e0bf0f61d06ed2ba271473bf6d7d327f9d,2024-04-17T20:08:21.887000 +CVE-2024-32161,0,1,60a9978d35673eb48d5015a016115c1964e22e158d92ca4de7447769c2bc70ab,2024-04-17T20:08:21.887000 +CVE-2024-32162,0,1,118ad76854c7f44c6eff111c13a9015a5b3feb6620bf58d40eff2d6cbdaa766c,2024-04-17T20:08:21.887000 +CVE-2024-32163,0,1,2a0e3e31a356cd8bdaedc62aa40103c9838a070e53ea091fe0aa567b9d0934a1,2024-04-17T20:08:21.887000 CVE-2024-32166,0,0,af772ceecc3fc2866fca4167f4349d8cebe27f4d82d6a64ba5e2abe771141833,2024-04-19T16:19:49.043000 CVE-2024-3217,0,0,3ac42247ba2d685c0a6f4de738ef771d2778cce367312f144d0326551965dbb5,2024-04-05T12:40:52.763000 CVE-2024-3218,0,0,75e1c84ee83eb1d158244a2182789a8e99b92d3a400a75a7854fff9872030968,2024-04-11T01:25:56.290000 @@ -245945,41 +245945,41 @@ CVE-2024-32254,0,0,0a822eba06a834cf336156a0938a7461bb1c4b55ddb75ffba99f3f6b4a1c1 CVE-2024-32256,0,0,a5d1df3249255701878f4ca3cc2c96f2401df41f8b31a37dac5eb50e5dc9f740,2024-04-17T12:48:31.863000 CVE-2024-3226,0,0,d213b85d0cbf6ef26ba0599f6da2fa60a98a166b29d84dd0281911091a21b49d,2024-04-11T01:25:56.760000 CVE-2024-3227,0,0,0159675aa02206c3d84e4c8df37fb1381a8ad1f04bbe993fe609d30c45518b6a,2024-04-11T01:25:56.837000 -CVE-2024-32281,0,0,70451b2a9a032e8542841ce86ca7f7ae0e411c5919ffeb67cd62839943a05d23,2024-04-17T15:31:50.160000 -CVE-2024-32282,0,0,7a7e95fd0f964a910cb492dd1de1ad72e68dd4ef672ddd6159778925927b6c88,2024-04-17T15:31:50.160000 -CVE-2024-32283,0,0,0a76e903ed7b3c5a2f69598e8731d650200d96ee095614f94c667f95730f9b10,2024-04-17T15:31:50.160000 -CVE-2024-32285,0,0,c4e5f572246434dab76897e5d5fdcdf0046a6d24fcbed230073c779e0b0b8c0d,2024-04-17T15:31:50.160000 -CVE-2024-32286,0,0,d9945e52882c370fe1bde3de28d367c9817021bbfd632038e9b4933bd8bc9f8c,2024-04-17T15:31:50.160000 -CVE-2024-32287,0,0,4b0ad3bff422db2f523c4f411d7e79410bfe54abcc23e99d1622cf031f252fcb,2024-04-17T15:31:50.160000 -CVE-2024-32288,0,0,a484d0f997897e54b5a5d16edaa8b6620d98a636e5abbdb2b8fe49e0eeca82d4,2024-04-17T15:31:50.160000 -CVE-2024-32290,0,0,5f7c9f03b91832b1cece59d3a1e082c06c8dc30a9818128fe9ede958b6bd2af4,2024-04-17T15:31:50.160000 -CVE-2024-32291,0,0,93ef18427d79afeeaf669c8c95513b8100afcd0d3d507d2fef1f2ae20a1a72db,2024-04-17T15:31:50.160000 -CVE-2024-32292,0,0,2505250c7ac1d7e8e43fc481adbdbfbe2b9ec70b741b026ab18a95e2b8b547e3,2024-04-17T15:31:50.160000 -CVE-2024-32293,0,0,daf7188b6d4ada7424558a8fd7797675a580d6a0a9d0e682e32f17eff90c067d,2024-04-17T15:31:50.160000 -CVE-2024-32299,0,0,1a5764c64e5b691bfdbaa10a1d05d3eaf8e7588de919d602da522436874c2dd5,2024-04-17T15:31:50.160000 -CVE-2024-32301,0,0,0f600607c35de5de443f8b4aa910fe3f34efefaf841211d9c84776f96acf8f95,2024-04-17T15:31:50.160000 -CVE-2024-32302,0,0,235897471e9d1bf8e14783dcc6e10017cf87d7db53e3e5859e45da16017bf7ef,2024-04-17T15:31:50.160000 +CVE-2024-32281,0,1,a566b9f3cf096fab338948e132be23b66a9f2501c95039dd7186fafc15df3cca,2024-04-17T15:31:50.160000 +CVE-2024-32282,0,1,e5357aafcfe3da38abc16b53a2fe91b224de61a5ed23923f7ac518d25d82dbfb,2024-04-17T15:31:50.160000 +CVE-2024-32283,0,1,a73c4976b3d443b506ba0da9981c9375a8bd94247f1b8cc95042d2a94eca34db,2024-04-17T15:31:50.160000 +CVE-2024-32285,0,1,9529431b83da151fb9b96ef61a6f52d78979021395b253d357cca57331ad87ff,2024-04-17T15:31:50.160000 +CVE-2024-32286,0,1,0446ae8cfeed3b6b428f38f3c2f4e35d46b31c54a9ccc231877126a8c050363b,2024-04-17T15:31:50.160000 +CVE-2024-32287,0,1,26a016a9b3c6a7e85e2e0f642b43856dadb05faacb97686d986a0222c93b67a8,2024-04-17T15:31:50.160000 +CVE-2024-32288,0,1,d6ad7a62d4bac5355131f6aa48a68ab7356e2aec6915f40a12433efb5f544350,2024-04-17T15:31:50.160000 +CVE-2024-32290,0,1,800e7992739d5b0400ed8c63993183d656650d0e339040a86ad028fc9cfdd76c,2024-04-17T15:31:50.160000 +CVE-2024-32291,0,1,b7153c4f84f4dcdc9674c2de97a60dfcb3c6ccd76dc3087e39499a1f30a8221c,2024-04-17T15:31:50.160000 +CVE-2024-32292,0,1,28e836ab012ba26ce6370aa637128c082a6104370d01202934f29fd84d4444bd,2024-04-17T15:31:50.160000 +CVE-2024-32293,0,1,d16611fb15c081131f616e89cbae49c999e1669d1f3ba96273f94493581ea532,2024-04-17T15:31:50.160000 +CVE-2024-32299,0,1,fca46a7d533ca57179a1ec9db58160bbbed09496ab26c6e2bbf71176feb8d379,2024-04-17T15:31:50.160000 +CVE-2024-32301,0,1,96ee0b54df7a4f78b7d9427348511b154552dc59b2071b47f5d0ddac60dad82e,2024-04-17T15:31:50.160000 +CVE-2024-32302,0,1,856590d673eb02e246223aef7a9d9a79aa445cadb1ccbcb1f59c17c7bcefe824,2024-04-17T15:31:50.160000 CVE-2024-32303,0,0,f5183e57e6da8ebbb9ebe6e641e50d0eb754fcf17fc9e8be859d54b89499237b,2024-04-17T16:51:07.347000 CVE-2024-32305,0,0,b3ec1687528efaa87ef0024d885c301fef57de41221c5e757405849bc101efd5,2024-04-17T16:51:07.347000 -CVE-2024-32306,0,0,c8ca2d0944859aa1e8595a05f397e115d1fe0ed2d27e4dcbcc7b36d88d55a169,2024-04-17T15:31:50.160000 -CVE-2024-32307,0,0,1f23d736ba6b1ae6233e92e791836a2b4146dffa6478103203686f0a99b9e88c,2024-04-17T15:31:50.160000 -CVE-2024-32310,0,0,6c0b7b724b3381181e47d39613c794e0cb0009a86a83b2661754f761f99c92bd,2024-04-17T15:31:50.160000 -CVE-2024-32311,0,0,64c5546c81efbe2fda0ee41c2fcadd1419ec5cd152607f7d8fcef32766fb000e,2024-04-17T15:31:50.160000 -CVE-2024-32312,0,0,773c086b1fe854702b2478fd88919acc0f6ce12e16b787edee7beb048c892cab,2024-04-17T15:31:50.160000 -CVE-2024-32313,0,0,36abac8e544197b0f374ef2467832687abadcd1491abd7568946bcf025fdd666,2024-04-17T15:31:50.160000 +CVE-2024-32306,0,1,aa33df8e3382ad4f3587707de420711c8d4bc95d162269500775e39271932148,2024-04-17T15:31:50.160000 +CVE-2024-32307,0,1,f12ea8b10d41967ec04e04d309e47f66284aeaa4e445cf32481cc5868eeb97e7,2024-04-17T15:31:50.160000 +CVE-2024-32310,0,1,403a1cc9b3055e84cb063a6792bb8b91ae7423d97bc02d3245065155bc28c656,2024-04-17T15:31:50.160000 +CVE-2024-32311,0,1,7e2445a5fad1effcef3fbeb98cf6c155dca315f7fb6ac1b5415576c5bec93d56,2024-04-17T15:31:50.160000 +CVE-2024-32312,0,1,084c63dfa09617165f3e7b302c1a4fa0ad45e1e1036ec1d1dd3d03ec5eab1a2a,2024-04-17T15:31:50.160000 +CVE-2024-32313,0,1,a2110ea0886d29d878520f1e0bb2ca00a4861e43b88d4bf4a0209f9a29237c3f,2024-04-17T15:31:50.160000 CVE-2024-32314,0,0,6de64238d854339de1e07cadd922f28350df5ac0c9cf632df88df1925f190160,2024-04-17T16:51:07.347000 -CVE-2024-32315,0,0,f8c8a933490a8a16d3adfb1a13660b91eb435a217d9b6cdecf498fb242d124c1,2024-04-17T15:31:50.160000 +CVE-2024-32315,0,1,d967fd26b4dc8d6103f1375d2a0f029bf5673e33c09fc72c4af38656fdd44be4,2024-04-17T15:31:50.160000 CVE-2024-32316,0,0,a58c15fa4fd96274056ab104ca6fc1340e053661d8932d745c0fc4b1c09dc8e7,2024-04-17T16:51:07.347000 CVE-2024-32317,0,0,3b211721c2918106b1f1e7546bda616d889285c7b9549429ce029a2ae9fa7832,2024-04-17T16:51:07.347000 CVE-2024-32318,0,0,af0147cc0b951b6320a20f40cec58c15f3c7ae517895de35f7ff02b93007344c,2024-04-17T16:51:07.347000 CVE-2024-32320,0,0,37a3616f028696b5fd899f236869a82a73cb2f39b08a79d3a8c229c093bfc5dd,2024-04-17T16:51:07.347000 -CVE-2024-32325,0,0,2fd8e37b2c993e6e503a1b9793698e87aedbad0663f64c62d3e9e42b5885a3b7,2024-04-18T18:25:55.267000 -CVE-2024-32326,0,0,53ed484b7f65e8cf0fcfaab10f6a9e39ba3b7efde88b37f27ef2ca583f09c823,2024-04-18T18:25:55.267000 -CVE-2024-32327,0,0,98d85f294a7af194b02f9dc1d6a81b91b5d836719e96f5af5c6b6cc7d5d7c55d,2024-04-18T18:25:55.267000 -CVE-2024-32332,0,0,9ac78c9b7eb4e9f2d1144e143ada2dd9254a4343c26b91f7ba15b006a5d64bef,2024-04-18T18:25:55.267000 -CVE-2024-32333,0,0,0d02a62cee50f5f29ff6777da31496fba1401fd1166aa5028da53024a45c3fa2,2024-04-18T18:25:55.267000 -CVE-2024-32334,0,0,d7ff6e06e1d8e24c1f9622f86c09eb5858ae996a3098e17dae97b2c29cc13dc6,2024-04-18T18:25:55.267000 -CVE-2024-32335,0,0,bf33975bab4070870272e18f4ac7e400d826dcf717eb0786bf67ec26e5f4cd5d,2024-04-18T18:25:55.267000 +CVE-2024-32325,0,1,1606b9143cf3f301fb7c5a8ddfe5af1d789ae862e1039d8cdba213b614fe60be,2024-04-18T18:25:55.267000 +CVE-2024-32326,0,1,8d29072cf9ef63ed8de6e5b3ca6cd2fcf0e1dd16c656ea5ca29e42cf51ce35bc,2024-04-18T18:25:55.267000 +CVE-2024-32327,0,1,a6e9f7161ee1883fb85d4857caa44c041c8b788ab544bd06a70716304acc6f7a,2024-04-18T18:25:55.267000 +CVE-2024-32332,0,1,3a004a33f351b22bab28e754ff32dab060a1204ca044c29b556fab4eb6343e1a,2024-04-18T18:25:55.267000 +CVE-2024-32333,0,1,d0bf4e6d6996deb1c26a8bd39ed02f7e479d50c488218450b2120bedaffe7d66,2024-04-18T18:25:55.267000 +CVE-2024-32334,0,1,ef5843ee9073a9ebfe3edf50cbb437b59567bd65bdfb0b7afdb75a386d8533ba,2024-04-18T18:25:55.267000 +CVE-2024-32335,0,1,a18eecfae003f3755ca9788ae824f8ae11c862ee21bc8d2d8a24b68bc33a3ca0,2024-04-18T18:25:55.267000 CVE-2024-32337,0,0,dc2a2a172fc7aa8fe691537543cfdcef733d9805fdad8204cdb15cb784f9f055,2024-04-18T13:04:28.900000 CVE-2024-32338,0,0,5c39bd4988329d7ca44a2054334cbe64def16d95c15637e731a812da665625a6,2024-04-18T13:04:28.900000 CVE-2024-32339,0,0,afe7433969155378d9f53eb585665f431668449ec7b8a1871dfc6bd28402185b,2024-04-18T13:04:28.900000 @@ -245988,14 +245988,14 @@ CVE-2024-32341,0,0,71f1f455bcc77ba4bdae7357bc360322947a986c89138ad9c73bd315f3ef5 CVE-2024-32342,0,0,5ed8776d52ca78ebc18330cc82402250f424106e5b861cb93d248ff58681f335,2024-04-18T13:04:28.900000 CVE-2024-32343,0,0,862e8e3fbd92547c244c5be90d83e1339d7a18685f98ec207b76da84ef301f11,2024-04-18T13:04:28.900000 CVE-2024-32344,0,0,47eb1a8da70bc975fdd4934340a6940373147153bf19749b3895ed5e2ae65a6e,2024-04-18T13:04:28.900000 -CVE-2024-32345,0,0,fa4ef3254976ae4556ec487c7fc10e444002a05efd42f2cb8ea55e0d79bd328c,2024-04-18T13:04:28.900000 +CVE-2024-32345,0,1,3c4abcf95580a888529432fa6af7f966006546429f30889ca33584d7f7f45c9a,2024-04-18T13:04:28.900000 CVE-2024-3235,0,0,87b194ac57d76e3164f790cf262b7f15e5577bfab72d12fd067ebb5070eb75e0,2024-04-10T13:23:38.787000 CVE-2024-32391,0,0,088b185fbb10f088939fad9b89b36daa9fcfb870df443ae309733259e871c034,2024-04-19T21:15:08.700000 CVE-2024-32392,0,0,ed9045c59c05af8ddd393f75662cceec81cb2642cd5fc86505497f055cad15c6,2024-04-19T21:15:08.747000 CVE-2024-32409,0,0,2cc0bf26ecd8938fd89992a98bae2541af2d19072f0bc8cdc919759b6ea980aa,2024-04-19T16:19:49.043000 CVE-2024-32428,0,0,87a3edde2c4b0ace5bed90e6337013a3436ae0c663c6eeed3dbaf59e4e702dff,2024-04-15T13:15:31.997000 CVE-2024-32429,0,0,eb5275541e0171326bf869e836661a3d04172e6e7d4adfaa9657297147332796,2024-04-15T13:15:31.997000 -CVE-2024-3243,0,0,8f01690254ba62906be5fee30c8fc3486093d8171fddd0c70c76e4ba1599665b,2024-04-16T13:24:07.103000 +CVE-2024-3243,0,1,c0b3d501de451bd25695181364b192f45772ac0c3be190b71ef36c93a88e910d,2024-04-16T13:24:07.103000 CVE-2024-32430,0,0,88606950387919732cc8111790acc49a4b4cd7f2749250708f365450599b1d96,2024-04-15T13:15:31.997000 CVE-2024-32431,0,0,b6e07f3c6860f7196adf7b013d7b424e7a703b915974277afd841cb14a5b76f7,2024-04-15T13:15:31.997000 CVE-2024-32433,0,0,118095d9326fab7b70b1b646ed4f60dbb4d560ae8eb3981c82b443bda7c2db21,2024-04-15T13:15:31.997000 @@ -246022,17 +246022,17 @@ CVE-2024-32452,0,0,c0f74da2c06d889a0c923e0bfbeb1f18dc0cdb6eff90b5a8f84b2a2f9a289 CVE-2024-32453,0,0,e2827bd2fe1a55cbd67f5689db0bfcc1b7a1375e77db28dec81ba12c13346b0a,2024-04-15T13:15:31.997000 CVE-2024-32454,0,0,82612665e825c6121646d06374d65bca8862992c0c337ca5fb468894f9c7a05e,2024-04-15T13:15:31.997000 CVE-2024-32455,0,0,e310d9ab26897191bedf34ef484874a672ce976e6db5d528b2061e5197a0cfa7,2024-04-17T12:48:31.863000 -CVE-2024-32456,0,0,c79ba4d56dc0cdd920d4bb67e9e6156d87b788691247bcddf5f9ecb31f2e24fd,2024-04-17T12:48:07.510000 -CVE-2024-32457,0,0,1a428b7a00f1286f4863395037a31505955e8cbdc6b1fed202f720e69656314d,2024-04-17T12:48:07.510000 -CVE-2024-32462,0,0,8b2b30eee58e4100ca21fc69e4d370950e8f3463115f3917d0ee6a7bb1bc7a68,2024-04-18T18:25:55.267000 +CVE-2024-32456,0,1,c0a0240c7bede6707c2eded61ccd88c169f1ed302e5ff3046ec6dac746537832,2024-04-17T12:48:07.510000 +CVE-2024-32457,0,1,7fd7ce0ef138de93b6c3b9f686be4ed7bf60ffc47479de2dc6e171832d6a4fe7,2024-04-17T12:48:07.510000 +CVE-2024-32462,0,1,189cb109055fc842b9d4f61171575a03ea8b4dba8acdaf3fdddb18d70771ca78,2024-04-18T18:25:55.267000 CVE-2024-32463,0,0,1671e195c4973ac11a31a2856358d6fb78fc6f39ffe0d1d851cfbba7a397b723,2024-04-17T16:51:07.347000 CVE-2024-32466,0,0,0986c266c64cc5e4b364446dfb796a6c4980d483c5a2beb3f21f15de4cb49c0b,2024-04-18T18:25:55.267000 CVE-2024-3247,0,0,095afc187e8f976bc1a2eaa79a4c0328aa3c3e2487a10203585d8616775f8a4d,2024-04-03T12:38:04.840000 -CVE-2024-32470,0,0,5737f71a66c54e24b389ee7460c3a1ce854d4a4b91c25c717aaecf79d0441de3,2024-04-18T18:25:55.267000 +CVE-2024-32470,0,1,d7909429b510db3e426dc3bd0d7cd9294d139aa1133b013525c796626cb985fe,2024-04-18T18:25:55.267000 CVE-2024-32472,0,0,975c522c6d17c4f52e07ac47d9093d86335976bcc8a63a5556dc578cb868f760,2024-04-18T13:04:28.900000 CVE-2024-32473,0,0,09e195a18aa6ac590fea94f857bb98521e1882f15d0834f5f844dc2e833caebf,2024-04-19T13:10:25.637000 CVE-2024-32474,0,0,adf2e54d1f50eac76d6eed4deebd0da24270aeb71946944c9f131a9545119a38,2024-04-19T13:10:25.637000 -CVE-2024-32475,0,0,6cc0cfcc5835d1f0435503c507ba85f7d55e9904465d5f2818c1e77f894e02a5,2024-04-18T18:25:55.267000 +CVE-2024-32475,0,1,0fc7232a86aa0c1544df06e871c45b3dd3b0f61d5e2b0b45727dd45ce07af33f,2024-04-18T18:25:55.267000 CVE-2024-32477,0,0,edf9feceec657c5323b0a5bdd9c7c512982639e1cf50dad09f7080d975a64ba8,2024-04-19T13:10:25.637000 CVE-2024-32478,0,0,767d0906439929f5e4e53d4d2396aabddb8a0de51e7967f13464fca079c7076f,2024-04-19T16:19:49.043000 CVE-2024-3248,0,0,65f6d4ddfc43ae235edf2e59fc9daa1f1d020439a4fa197a41a6ddd58e106004,2024-04-03T12:38:04.840000 @@ -246040,12 +246040,12 @@ CVE-2024-32487,0,0,746d95a6c3889a9e0164763739aef81432a5222f159aa33a064a3132dbd4a CVE-2024-32488,0,0,6ce6bcee8af0a677e98d2bf7a3efd66cf8a3e580423515387116f39d710ba974,2024-04-15T13:15:31.997000 CVE-2024-32489,0,0,cbc8895e7f5e99c09f7bd505220fcc5514b4573939580e3f381a933acf3c9ef0,2024-04-15T13:15:31.997000 CVE-2024-3250,0,0,42d0527e4e3750c8dcbea25ddc3c02af060082636d586aa4581df30dc613d6b8,2024-04-04T22:15:09.350000 -CVE-2024-32505,0,0,366ad0394af7bb321e47344b831f8b23b79d679a030900908291bfe065628dbd,2024-04-17T12:48:07.510000 +CVE-2024-32505,0,1,f00ba1bea0fed936bba09a3ddc8367be797652510d4b08d45ee56a08717b6629,2024-04-17T12:48:07.510000 CVE-2024-32506,0,0,58fedc2d03a3103f2000181847e0d82ef0a337b365a3707fbe423487ceb945e1,2024-04-17T12:48:07.510000 -CVE-2024-32508,0,0,90b35a899082140eb774e62f790edacc3fe4be9eaca1465ab226ef0923c20ae0,2024-04-17T12:48:07.510000 +CVE-2024-32508,0,1,8701ba6ae9f0b82134ef4dc34a5d7bf9328fa3c3c8d5a6a1500f16bbdd6750da,2024-04-17T12:48:07.510000 CVE-2024-32509,0,0,1a322d9a1fcd77ac1cf32605af3f78293da8774089da32cac7593b4a6cd15013,2024-04-17T12:48:07.510000 CVE-2024-3251,0,0,09df5d7cbe60f1cede783bc5c413edf21d6888276ecd34dcab497855ad924889,2024-04-11T01:25:56.973000 -CVE-2024-32510,0,0,67a41189d52870549b714dc4e36e94a704c037c0d931af94b457de740a8439a5,2024-04-17T12:48:07.510000 +CVE-2024-32510,0,1,c0f59560c67078688b096f210bd7fa8c2664407e349f9f6d3cad0c68613752cf,2024-04-17T12:48:07.510000 CVE-2024-32513,0,0,eb6296b1450028710e0787e1e0c573a9ac8ff63cde78da2e16afb4c48c3f781f,2024-04-17T12:48:07.510000 CVE-2024-32514,0,0,33588f7db663992d6ba8473bc3f597e6c7b575c52e3686424ff20c357fb37b86,2024-04-17T12:48:07.510000 CVE-2024-32515,0,0,a28455a8165bab28a7277d9f7384b7fd31c74d3531f1b35e0523f2e72630af6d,2024-04-17T12:48:07.510000 @@ -246058,17 +246058,17 @@ CVE-2024-32520,0,0,2d1befaa5f43fa176e3549ba39287946f28f4db6750ccad38fb60a940e817 CVE-2024-32522,0,0,41fba1f78ab0ff112a0ef6fd1534d776bbd25a6a89ee3e1b25a5fe9fdbfd0ccc,2024-04-17T12:48:07.510000 CVE-2024-32524,0,0,afce93695733ada46482d59939465873430c33deae0fc2e4c525017a2b740ba1,2024-04-17T12:48:07.510000 CVE-2024-32525,0,0,76bbbb8a183d20ff524d1a4d1d07d58f767e268041fbd35adf90b7944044d004,2024-04-17T12:48:07.510000 -CVE-2024-32526,0,0,ad77e3f4529ad2894c176d4313255c31b2c5d1dcfb386992c71d8ea34481c2f3,2024-04-17T12:48:07.510000 -CVE-2024-32527,0,0,c02260658fa46149bf1c4446791a7b7cf4c0ac8bf1458193b20f03d00cbf166f,2024-04-17T12:48:07.510000 -CVE-2024-32528,0,0,e1c646128231a04cbdad72e874c61136bac6fafb0c1e32dc5a4aa552f8dc6d4b,2024-04-17T12:48:07.510000 -CVE-2024-32529,0,0,4564a99cfc4ad58bf9f1b400d846db504a559f2010d13d86b6fadb1e68366e50,2024-04-17T12:48:07.510000 +CVE-2024-32526,0,1,3db44baaaf9731dc0174236e3b33f2bcc856cdf539448e6f2a80e2752cde34f9,2024-04-17T12:48:07.510000 +CVE-2024-32527,0,1,1145ec2d4f6b9ce4aeea83d42bb7bb17794e603bc51fd726086687e4a3c6f63a,2024-04-17T12:48:07.510000 +CVE-2024-32528,0,1,fbc446e6911c9a7643f6eaf6915f65429afa47acf3efe93227da8d97f47b4b2a,2024-04-17T12:48:07.510000 +CVE-2024-32529,0,1,f4cca4461f19d497378aff19175cd0c7609671545bec35f7fc8cea8a560d0e17,2024-04-17T12:48:07.510000 CVE-2024-3253,0,0,a89395a86bc1f3d0502eefe9b40617582319cee720c39b4f0673a8e71a372db0,2024-04-11T01:25:57.123000 -CVE-2024-32530,0,0,8d08a10faf1fdb2ef6b902383d77c60e62865851aac9a5499f952ae3c8298730,2024-04-17T12:48:07.510000 -CVE-2024-32531,0,0,5a0ef5df42db2b0d453ed38854863986f18135fbc28d979379b59a9ff77a11a4,2024-04-17T12:48:07.510000 +CVE-2024-32530,0,1,296b0dbf7c36721269430d328f733db6b190b81fa91ff23a7d3440516d8a6cee,2024-04-17T12:48:07.510000 +CVE-2024-32531,0,1,12e4c3c927696e853f597b31382c7fdb07ecc1f4e67a8baa39b24feef6431b8f,2024-04-17T12:48:07.510000 CVE-2024-32532,0,0,b3c159c5a146af5def0eeac0d6f98d81ecda6c0b767d6322606edb12a09ae0ab,2024-04-17T12:48:07.510000 CVE-2024-32533,0,0,40343d44008bb63edfc9403b91dc95d3a0328c7109f8ab2c924ee4c7b3b0c868,2024-04-17T12:48:07.510000 CVE-2024-32534,0,0,6f258f6483a8e42ec8bc53c998518640457efd623132ce87feaccdd671bc6be6,2024-04-17T12:48:07.510000 -CVE-2024-32535,0,0,9510b0df4728efbdf48258a40c9294346df3a09fd53c42b1784946f012ab2f39,2024-04-17T12:48:07.510000 +CVE-2024-32535,0,1,ccc428b56a61c3282f55c8340e910d55a94d46f1c996f4404a2c6e1a2e624bc3,2024-04-17T12:48:07.510000 CVE-2024-32536,0,0,5a056c1ad1e943373ca4966238cb94f1bfd0b2f475559cc46c105531cf543076,2024-04-17T12:48:07.510000 CVE-2024-32538,0,0,dfef1f1daed8c3b473a53e25b857a06f0e4b704f80f0b9523ffe413c0a3ba33a,2024-04-17T12:48:07.510000 CVE-2024-32539,0,0,690b9b7080d3ed4161afff1dbe48218f7186b8cd312d53883feae243ada73655,2024-04-17T12:48:07.510000 @@ -246085,9 +246085,9 @@ CVE-2024-32548,0,0,e4a54d0c123966d243f4109663ea69da8c581993342a73ff76dd194058f5e CVE-2024-32549,0,0,b59f7f2824ce9ae7d954ffb76652523e3be5c2253362a34c8d57af347b2b167b,2024-04-17T12:48:07.510000 CVE-2024-3255,0,0,904fbc57ab93b7669a1ad2e0d7bc935ea8e0a09d4be39b643e0cf95a488528d5,2024-04-11T01:25:57.280000 CVE-2024-32550,0,0,38a7958e0db4ae6ee8aaaa1157ea8534e3c4edeb5dc2e0a5a4ff2571e83a4eb8,2024-04-17T12:48:07.510000 -CVE-2024-32551,0,0,812595ad157c8bd6999142f04c7988ff3201ec27318a5bd9a109f298f0b7e78e,2024-04-18T13:04:28.900000 -CVE-2024-32552,0,0,e91d597257064c67e5e83c6cf53190fc32fe5859f54b5b878ea97697609474cf,2024-04-18T13:04:28.900000 -CVE-2024-32553,0,0,f7bb6fd8112a45fb26cf3601c68b415c7c61b6108789fea368976ce3c30f88d3,2024-04-18T13:04:28.900000 +CVE-2024-32551,0,1,9384ebb9d7ce6eff7b2a91203bc1757b82cd826e507dbfc218ca6679e852a94e,2024-04-18T13:04:28.900000 +CVE-2024-32552,0,1,11b2fdb7aa952db6511e7a5b9947929d34d5555f440ded4ff96ce56f737c9eac,2024-04-18T13:04:28.900000 +CVE-2024-32553,0,1,46075152a68d02299f2310b8251c5a39af4a5292ceb464783f61086ed45b99bf,2024-04-18T13:04:28.900000 CVE-2024-32554,0,0,14e958542ef05d79983cc5dab32cd10ee6161b7e0557c047e16bb75e4863e7eb,2024-04-18T13:04:28.900000 CVE-2024-32556,0,0,08040bf1f449ad554865a5ea46904ee575f2cd071617d7dfc43afc681104d66b,2024-04-18T13:04:28.900000 CVE-2024-32557,0,0,a0d48866dc85bb81bf860dbf507dd0114438e0c1a5f7430be94c87993736426b,2024-04-16T13:24:07.103000 @@ -246136,9 +246136,9 @@ CVE-2024-32596,0,0,6de1db158ab31da5c0d34f41fdca12d132a3536c4c36ec827f6f4c0995050 CVE-2024-32597,0,0,1be2c6ecbad456becf3bd5efa5776ad0f518d0e88dade0c896de8f1579462a45,2024-04-18T13:04:28.900000 CVE-2024-32598,0,0,993788a9a52a094b33aeda70b9a5751cad6ba2a31c6e98b8ad91f8332af2bb96,2024-04-18T13:04:28.900000 CVE-2024-32599,0,0,887c2ecb4e6df20b58f440752c4777d935ce76c001bd8d519579d40c90711730,2024-04-18T13:04:28.900000 -CVE-2024-32600,0,0,071d1e4348937e40864777e40f2a9e09201479657156f485b2e8b033af54dcd1,2024-04-18T13:04:28.900000 +CVE-2024-32600,0,1,7f1ea567900e7217779054f1aaa60990da09c8091ef19a5f0a1222b3c609538f,2024-04-18T13:04:28.900000 CVE-2024-32601,0,0,8cbfccd19a8758bfce621311ef1b74ead1c51ab9b770a5c88b9be54c4672c987,2024-04-18T13:04:28.900000 -CVE-2024-32602,0,0,260a9c81896ef5adf8727e3379e2e9f3db92d586e54a62bd351aa185106a21bf,2024-04-18T13:04:28.900000 +CVE-2024-32602,0,1,5a036ab20093db8d77d0bbad6ef85c0fe339eab100d61f79d2951ab5687311cf,2024-04-18T13:04:28.900000 CVE-2024-32603,0,0,237bdd6eb581c0410431fd7af056971ae43580f51f8ce5d9d85cbbd85e1f61e1,2024-04-18T13:04:28.900000 CVE-2024-32604,0,0,20060b0b46ff482c2f98c24b754e397faaf75159a62e3303a44f56bbb9c17c69,2024-04-18T13:04:28.900000 CVE-2024-3262,0,0,758c253f08a1135a2d383be61db9b8d36970b2087c7788f9321bc534b0b4222c,2024-04-04T12:48:22.650000 @@ -246153,8 +246153,8 @@ CVE-2024-32652,0,0,7068d001c4d69765b29e932b33765d55255f044d5a61efb3e29beac03eeb5 CVE-2024-3266,0,0,254a5ba127b10ac48f062b62dbe4c90ef51eaba1ed741161e5a22416cbb32240,2024-04-10T13:23:38.787000 CVE-2024-3267,0,0,00a210ede7a73ca33b64d3b8a0e382509d5bafa34ae84022125b180763aee2bd,2024-04-10T13:23:38.787000 CVE-2024-32683,0,0,a0b9622e54426858713ec284b3b35f1e3398d7792b7ab5de8a29a6635c271abc,2024-04-19T13:10:25.637000 -CVE-2024-32686,0,0,341bb9c6839ecc5cf9bf039d7bf662e83a2fd0c3b18b2337c02f9c4b25f56d90,2024-04-18T13:04:28.900000 -CVE-2024-32689,0,0,87ead4cad00f637658adb223437d604ec61e191428499b41541d0c2f08ffdce8,2024-04-18T13:04:28.900000 +CVE-2024-32686,0,1,852c454a1d3bbf27e69c45ac3a82e5061f231ff76a794447de0366c288490e9f,2024-04-18T13:04:28.900000 +CVE-2024-32689,0,1,16874a71c9e632f769995766bf2f4ed6e183b5fc555d1d7f129ab5a8c673df33,2024-04-18T13:04:28.900000 CVE-2024-3270,0,0,6f3801d6fa573f4a130c8a1ad393f7345008a6cf48547c2d9608d260a00cb3bb,2024-04-11T01:25:57.753000 CVE-2024-3271,0,0,427448d66ebe59002a93ad233a5fbd2b2253db3687d924fc6f5652a183f66ed0,2024-04-16T13:24:07.103000 CVE-2024-3272,0,0,ef44e7e2e0d0ab3ec436a6ccc174b0a90f543a9a2cfa65f7a6d262da6c5446ee,2024-04-15T20:14:55.570000 @@ -246178,8 +246178,8 @@ CVE-2024-3315,0,0,b04b498365bf550d192eb8f6355a94ceb3682fd952e63a5ca20359721d079b CVE-2024-3316,0,0,4e6c62f7daa2acc1b09b99a91d6183a3304f5f15a5196b646e7dca95270cc88c,2024-04-11T01:25:58.400000 CVE-2024-3320,0,0,ab85871ad052e5f4fcf422dcfe569e228d877013c1827b81abff88790a089460,2024-04-11T01:25:58.477000 CVE-2024-3321,0,0,d8a6bcfaefe4af3ab04feeb555f2bafb55cef6e6487d8794d3441d1d17abf104,2024-04-11T01:25:58.560000 -CVE-2024-3323,0,0,ee5c28e64b3534ad62b7156293b962f8a026f4befb9ceb443f6f7b4109723fa3,2024-04-17T20:08:21.887000 -CVE-2024-3333,0,0,41236fb41e8bfaf4e86270572f6bea1f95470a53ec0d897942e32018eedb9937,2024-04-17T12:48:07.510000 +CVE-2024-3323,0,1,5322a19626f9d41fbc85f0f073b4efac313efc9902bda6b2387f115ed4ea09c7,2024-04-17T20:08:21.887000 +CVE-2024-3333,0,1,8caee5b26018a8a7a4f06ec5d64d35dd731cf8d2f43a25885f4e67db044a1bff,2024-04-17T12:48:07.510000 CVE-2024-3343,0,0,c7ada54a8973c3f80fc415b1484b0c0d7aeb75e458012c05cd3c69dcc6f0e33f,2024-04-11T12:47:44.137000 CVE-2024-3344,0,0,9f0d30bf7471aa86a4cb4a703805df84e7338e4a65408c3f6ac2fd777c6250e1,2024-04-11T12:47:44.137000 CVE-2024-3346,0,0,e1501efbca46250b1b984725e11942bb9306686e2cffb2edd3d8dd5b4c4ccc5c,2024-04-11T01:25:58.637000 @@ -246203,7 +246203,7 @@ CVE-2024-3363,0,0,f5bcc8af5a66d22a73abe7e86b636154362f284983c790b03385b20aa4737c CVE-2024-3364,0,0,2986dc00429f74e0e2572cb8153933c26e825f7eed092370bca7e4ac84ee4fdf,2024-04-11T01:26:00.090000 CVE-2024-3365,0,0,64a2e531185071bb7e6b7a9cf067546b0c6c5f700f703a6639ecd4e081a3dcb7,2024-04-11T01:26:00.170000 CVE-2024-3366,0,0,641beaaa3f9fd7d2de3006c0b03aadadafd130dcdab91419774c604b06cf9b30,2024-04-11T01:26:00.240000 -CVE-2024-3367,0,0,3ba4de06f1dcd38725d1a91da6fef7a40e2593564238016c31dbef705dc719fe,2024-04-16T13:24:07.103000 +CVE-2024-3367,0,1,d3342df09a1fbad6866637b3f4f182c2aaece5d10d4211ebee39a5250b1b8995,2024-04-16T13:24:07.103000 CVE-2024-3369,0,0,943fbc9826beb11428b980e60e48ec152ecf5fda97b5d1c26bb0e96c030079eb,2024-04-11T01:26:00.317000 CVE-2024-3376,0,0,f944ee3af49afac066405b13bcc14ad1a3aba304f57c015d653c31ce71a21bf1,2024-04-11T01:26:00.397000 CVE-2024-3377,0,0,4f5c5a9a0c925d4c25c7e7a8167aad399bf59289271bce69d10c801ec2848ece,2024-04-11T01:26:00.473000 @@ -246315,7 +246315,7 @@ CVE-2024-3652,0,0,a467de8b64f8147acdef48edc35752a89afb7d5856e17302ea9c57335ed0f6 CVE-2024-3654,0,0,7e2b4ab81bb1b43884c0db8e806df093bdf87a3fc5c587d83d67f54180b50daf,2024-04-19T16:19:49.043000 CVE-2024-3660,0,0,27de83d41a96740d974951cfc0f4ab32e626a768053ae4e7908802eefe823936,2024-04-17T12:48:31.863000 CVE-2024-3662,0,0,aac492e0cb08799a7f888c46af5bedb595fa2e9ad6dc15c21be50e9dae70066e,2024-04-15T13:15:31.997000 -CVE-2024-3672,0,0,fc59637194f03e01166014d3ffdbdd60026f81fcc60e1be7e1a44771d8c5fa2c,2024-04-16T13:24:07.103000 +CVE-2024-3672,0,1,b7de207aaf40bb160711ae23312b83bd4f3d950fbf99cf282ee38b1e3854739f,2024-04-16T13:24:07.103000 CVE-2024-3684,0,0,693360cd268d4b961448865406a570238e347409fa389434d499b6fc0f790dc0,2024-04-19T16:19:49.043000 CVE-2024-3685,0,0,2d04d41485feb8a52bd1142022b18bc3f24805efb219d419e0508c4773991260,2024-04-15T13:15:51.577000 CVE-2024-3686,0,0,811bcae5db0f32a24e5b10c51fcb2c5c47ac8ca123d5e8befb2d943ee92f7589,2024-04-15T13:15:51.577000 @@ -246361,20 +246361,20 @@ CVE-2024-3775,0,0,a79253f4f0c7633f40fa5e33903553d0137ff03b4a2d8425a028bb5ddf1c6b CVE-2024-3776,0,0,55056178a3d988ca6f5c349416a81e65818f1f748e962aa89ca62657bc61cdbb,2024-04-15T13:15:31.997000 CVE-2024-3777,0,0,2d62b43478a2af7b370a2abe8fef4e62ecbb9b40c3be97e2e0fc1ef910b6e9d4,2024-04-15T13:15:31.997000 CVE-2024-3778,0,0,c2c38fcb38179fdb87f4043dc10c922f64da16bb588bfaf10dd1fb23e229fcc9,2024-04-15T13:15:31.997000 -CVE-2024-3780,0,0,53772a1701ef182882503bc388d42a62e085aca2dab8c9f18ba1126b62ad6515,2024-04-15T13:15:31.997000 +CVE-2024-3780,0,1,d5287c65230cff026fcb8162b9ad15d2c7a6ec9085a2f226aaf7f4b5c5cee424,2024-04-15T13:15:31.997000 CVE-2024-3781,0,0,bf710215509c2fb5fefd67fb85930537c2ce3a67160738297841ece3c75d6fc6,2024-04-15T19:12:25.887000 CVE-2024-3782,0,0,c95ea596dccb3636dd3691321b5a7a48aa3ee2b08cd07f6f17f6b9ebb6c70325,2024-04-15T19:12:25.887000 CVE-2024-3783,0,0,f916980cd1e532a7d588efc898e3b89c6684234f9d5fc7d911dee2ee73ce3295,2024-04-15T19:12:25.887000 CVE-2024-3784,0,0,c3548262a5dd94ab612636409a3bf8cd74017da9deb24debb2f77536fe274623,2024-04-15T19:12:25.887000 CVE-2024-3785,0,0,fc93f2e321d044bf7a0ccc45f351722880d9f0bf94368b28b702ab59c5cb3144,2024-04-15T19:12:25.887000 CVE-2024-3786,0,0,e7dff42d10ea5f51aefb5b7728f1b7d65e7bf6f944a436f82b5cbbe6bdc82c9e,2024-04-15T19:12:25.887000 -CVE-2024-3797,0,0,a49e1c5a734d1a2c1373957f16247491a1198771bf616ee0ff20957d954e73a9,2024-04-15T19:12:25.887000 -CVE-2024-3802,0,0,5395fe7b87f4e5ca6c4397aa1001686137daab009656e2126daa68d47ebdf7e9,2024-04-15T13:15:31.997000 +CVE-2024-3797,0,1,de36eeb90f8a2b4c57a659b354244a505421db0ff8ffbcdbd5aaf4a40f3c2f7e,2024-04-15T19:12:25.887000 +CVE-2024-3802,0,1,acebc01da8cc3be541f9d83eccc940d0e4032a7324d4c7f5dbd191f156e198d2,2024-04-15T13:15:31.997000 CVE-2024-3803,0,0,5839bf1f5fc97242d8c9adb88b40fa5013a07555baee205c3d9bec592a883085,2024-04-16T13:24:07.103000 CVE-2024-3804,0,0,d2c04bcba3b9dcee33d8ad0e898646d48639f7e3e6aed11c413cf03cea6afbe3,2024-04-16T13:24:07.103000 CVE-2024-3817,0,0,46e4b3903939ad7f28eeb8afee28fc4c5b18be71847d60ae426ede3b66e11122,2024-04-18T13:04:28.900000 CVE-2024-3818,0,0,3b93c96d931c7712dba585285a5a0f954163c40c8ab2b4d2e42e74b7a416a166,2024-04-19T13:10:25.637000 -CVE-2024-3825,0,0,cf5f4f310b2c59b261c07d67ee6e69189162f7e44f9cdead90080a906b42b533,2024-04-17T15:31:50.160000 +CVE-2024-3825,0,1,f398f78dcc905612b8b1fff020bcc62d405b80ffdf3a9053d9f90f163c40baa7,2024-04-17T15:31:50.160000 CVE-2024-3832,0,0,9dd56fad5460e31af71408aef448c2395575e6dee46d55026c2ec166be133ff0,2024-04-17T12:48:07.510000 CVE-2024-3833,0,0,dff090d851a013a09ba1359f006f48badc9604823081b1a17b5c5719cae664d1,2024-04-17T12:48:07.510000 CVE-2024-3834,0,0,61333250bae70d29f0a6c209d1a7f4581197e5e9524eb400fb40d284057c5d4b,2024-04-19T17:20:37.213000 @@ -246403,7 +246403,7 @@ CVE-2024-3863,0,0,2bcd7aff2d943e7ab42e23b79c60d375ad9e243a307a827bee502e9df17951 CVE-2024-3864,0,0,ae6c36ac7c4d7698312395d82a80672d1a4dde90cb29f905347043dcebcbb850,2024-04-19T11:15:44.777000 CVE-2024-3865,0,0,8b230c3d643bf4def0090616d3b729148802c45f8b0915e5522b00babc710a03,2024-04-17T12:48:31.863000 CVE-2024-3867,0,0,1b62d18c2024e05920e3c0687ff0e24e4f942ae67e75e66374d57866a8214187,2024-04-16T17:15:11.113000 -CVE-2024-3869,0,0,d3f1a622954c88625e31670a65b24b2a780d4a1ef9c3ff8af4e909ec0bb991a2,2024-04-16T13:24:07.103000 +CVE-2024-3869,0,1,5fe681dc14d2de5e9dd5b2f66bac58fa145bb31944427d754a663b3ce277c72c,2024-04-16T13:24:07.103000 CVE-2024-3871,0,0,9131680dba8c26c19b55533e86d2d270f65815944bae2f8fbcd8e63884ab3cf1,2024-04-17T11:15:11.403000 CVE-2024-3872,0,0,1b0df76ddcb9ce5edde75b1c572a6253db6bd37bbe91d1899bdf2bd4ba86a63a,2024-04-16T13:24:07.103000 CVE-2024-3873,0,0,230a7ae0c963a3518952a6efe2530f69b8b69e66be04be15dc03d02115e36857,2024-04-17T12:48:31.863000 @@ -246416,21 +246416,21 @@ CVE-2024-3879,0,0,9c5ce4d1a3fc01133b3321115c4ccd096980cfe5baa042c4c9bf7b273029d2 CVE-2024-3880,0,0,237e3bb93a0b113a1c50538806f68b5377561349bd4f47a9139ec72cd356417d,2024-04-17T12:48:31.863000 CVE-2024-3881,0,0,9055ecf63e1aedc7e2787afc56e67bc831564d5ee15f418ef1b408c81c24bb16,2024-04-17T12:48:31.863000 CVE-2024-3882,0,0,846c922d5cf92347db05da515dc041ccc83bdcd548fefc386c188946857d0db7,2024-04-17T12:48:31.863000 -CVE-2024-3900,0,0,4754e29edc405b56435ad106711f084e7622ef91b353d31f88826e0bd93a47ca,2024-04-17T20:08:21.887000 -CVE-2024-3905,0,0,7be32ce1cebe831dd18c83e9cee35ffcf3ef4d95b177b36857101bc880e13458,2024-04-17T12:48:07.510000 -CVE-2024-3906,0,0,3d774d0d8e879a2e547ece6581f966b0621f926e176ba86f810130848d808882,2024-04-17T12:48:07.510000 -CVE-2024-3907,0,0,e9d4f83d03470ade2cadeb4be1ea2503424ca77e73533dcedd08ebc2ecd1caff,2024-04-17T12:48:07.510000 -CVE-2024-3908,0,0,14819196bd06b3f47df9a72a4748d3af3ea51b51fecc6fc14f6bb0ea5ac20eab,2024-04-17T12:48:07.510000 -CVE-2024-3909,0,0,88409e12ed6fe478dbedde42ee0b29fb69f3bd755cbe1c9aee9c2d33e78a2db7,2024-04-17T12:48:07.510000 -CVE-2024-3910,0,0,86d1a96ddd3463e152d9d08dee2f0faab8142fd78de3719a4a22f0df5c358cdf,2024-04-17T12:48:07.510000 -CVE-2024-3914,0,0,f93977105202dbc9d06c0cd96ce45891e87c322bf8bb225cb96c3dd248984c2c,2024-04-17T20:08:21.887000 +CVE-2024-3900,0,1,5bafaa90d65e26f460054cb65a089d31ecb0030e0f85c3f0ee595a0cce123691,2024-04-17T20:08:21.887000 +CVE-2024-3905,0,1,666ba6ab36ae43f19518f88ffcc3dc3578e7336eef9fa01b067c40b574dea570,2024-04-17T12:48:07.510000 +CVE-2024-3906,0,1,dd9841bce880aeaa28c9d51ba9e314b7fd3abe4741e8e805c9e3a8477cebd832,2024-04-17T12:48:07.510000 +CVE-2024-3907,0,1,b4e4be60c17ce688486097ec16bf10c01177f6c8b54984e903905f799945f59c,2024-04-17T12:48:07.510000 +CVE-2024-3908,0,1,26db16f32c52be83b374f19657727a3a2a3db16f8ab3cda20dc3ad146f877b39,2024-04-17T12:48:07.510000 +CVE-2024-3909,0,1,c5efb647be20bf9f2ba452fa9666b153466b94d0e5f3c713649def6568acf5a0,2024-04-17T12:48:07.510000 +CVE-2024-3910,0,1,7d8aafa4b35964a72cdc3d08dd6c7b1615ef522d553c6c78d413b0e25fdc718e,2024-04-17T12:48:07.510000 +CVE-2024-3914,0,1,f22f1ab80928b5e36d20aa33edb29bd994f2a0c5f0da32529ddb57f1c4c68fdf,2024-04-17T20:08:21.887000 CVE-2024-3928,0,0,114c97f372c53f33fe3b26cd091686f1eb78a3749714814b77901a77b62a0107,2024-04-18T13:04:28.900000 CVE-2024-3931,0,0,adc8a79b07f48b35a9681a97a568e852ba1ef2cbd3b7271f585750c2d2c4216b,2024-04-18T13:04:28.900000 CVE-2024-3932,0,0,bce0f8b09e2fc4acc0cfce5940d57ce5f1e0384ac19f6c68ed218175688d8f12,2024-04-18T13:04:28.900000 -CVE-2024-3948,0,0,7025ef4f836546f48faf8b939c75946ff21c10b0e831ac251eedac850d3706cc,2024-04-18T13:04:28.900000 +CVE-2024-3948,0,1,427154a0226db385c08a1dc567a28e238ab290a5825189b73e5e958b25b296e5,2024-04-18T13:04:28.900000 CVE-2024-3979,0,0,9ef752ac5397ef4280bc4d9888fb417cb985331164bf90affafa759f391a2bfe,2024-04-19T18:29:53.040000 CVE-2024-4014,0,0,7cf0fde7c7e0b699570fba2f36ea8e261c51bd81abd2982cdc3f318a42a4add1,2024-04-20T10:15:56.670000 CVE-2024-4017,0,0,a23b12fc7c740404488f1af5b705682deb432f2e92c71fedb5b116d96406c6de,2024-04-19T21:15:08.800000 CVE-2024-4018,0,0,4c69b534904392a3d1ce70eca56e0b8ed0e5bf621f2f9ab93d5f8ba0643d15b5,2024-04-19T21:15:08.997000 CVE-2024-4019,0,0,8e5775df743254ac8ecad28710b0dbb7c9102d56ab81db08683e09863c9bb5ea,2024-04-20T14:15:47.587000 -CVE-2024-4020,1,1,8e8f19a70596019acff4de0af866389e657e5b6cbc3f49a1224214c7eff955fd,2024-04-20T23:15:48.183000 +CVE-2024-4020,0,0,8e8f19a70596019acff4de0af866389e657e5b6cbc3f49a1224214c7eff955fd,2024-04-20T23:15:48.183000