admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-06-20T12:00:18.799054+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-06-20 12:03:13 +00:00
parent eeaffae632
commit 2088100700
26 changed files with 961 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
CVE-2021/CVE-2021-476xx/CVE-2021-47617.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2021-47617",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T11:15:54.317",
"lastModified": "2024-06-20T11:15:54.317",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: pciehp: Fix infinite loop in IRQ handler upon power fault\n\nThe Power Fault Detected bit in the Slot Status register differs from\nall other hotplug events in that it is sticky: It can only be cleared\nafter turning off slot power. Per PCIe r5.0, sec. 6.7.1.8:\n\n If a power controller detects a main power fault on the hot-plug slot,\n it must automatically set its internal main power fault latch [...].\n The main power fault latch is cleared when software turns off power to\n the hot-plug slot.\n\nThe stickiness used to cause interrupt storms and infinite loops which\nwere fixed in 2009 by commits 5651c48cfafe (\"PCI pciehp: fix power fault\ninterrupt storm problem\") and 99f0169c17f3 (\"PCI: pciehp: enable\nsoftware notification on empty slots\").\n\nUnfortunately in 2020 the infinite loop issue was inadvertently\nreintroduced by commit 8edf5332c393 (\"PCI: pciehp: Fix MSI interrupt\nrace\"): The hardirq handler pciehp_isr() clears the PFD bit until\npciehp's power_fault_detected flag is set. That happens in the IRQ\nthread pciehp_ist(), which never learns of the event because the hardirq\nhandler is stuck in an infinite loop. Fix by setting the\npower_fault_detected flag already in the hardirq handler."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1db58c6584a72102e98af2e600ea184ddaf2b8af",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/23584c1ed3e15a6f4bfab8dc5a88d94ab929ee12",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3b4c966fb156ff3e70b2526d964952ff7c1574d9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/464da38ba827f670deac6500a1de9a4f0f44c41d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6d6f1f0dac3e3441ecdb1103d4efb11b9ed24dd5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ff27f7d0333cff89ec85c419f431aca1b38fb16a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2021/CVE-2021-476xx/CVE-2021-47618.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2021-47618",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T11:15:54.477",
"lastModified": "2024-06-20T11:15:54.477",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: 9170/1: fix panic when kasan and kprobe are enabled\n\narm32 uses software to simulate the instruction replaced\nby kprobe. some instructions may be simulated by constructing\nassembly functions. therefore, before executing instruction\nsimulation, it is necessary to construct assembly function\nexecution environment in C language through binding registers.\nafter kasan is enabled, the register binding relationship will\nbe destroyed, resulting in instruction simulation errors and\ncausing kernel panic.\n\nthe kprobe emulate instruction function is distributed in three\nfiles: actions-common.c actions-arm.c actions-thumb.c, so disable\nKASAN when compiling these files.\n\nfor example, use kprobe insert on cap_capable+20 after kasan\nenabled, the cap_capable assembly code is as follows:\n<cap_capable>:\ne92d47f0\tpush\t{r4, r5, r6, r7, r8, r9, sl, lr}\ne1a05000\tmov\tr5, r0\ne280006c\tadd\tr0, r0, #108 ; 0x6c\ne1a04001\tmov\tr4, r1\ne1a06002\tmov\tr6, r2\ne59fa090\tldr\tsl, [pc, #144] ;\nebfc7bf8\tbl\tc03aa4b4 <__asan_load4>\ne595706c\tldr\tr7, [r5, #108] ; 0x6c\ne2859014\tadd\tr9, r5, #20\n......\nThe emulate_ldr assembly code after enabling kasan is as follows:\nc06f1384 <emulate_ldr>:\ne92d47f0\tpush\t{r4, r5, r6, r7, r8, r9, sl, lr}\ne282803c\tadd\tr8, r2, #60 ; 0x3c\ne1a05000\tmov\tr5, r0\ne7e37855\tubfx\tr7, r5, #16, #4\ne1a00008\tmov\tr0, r8\ne1a09001\tmov\tr9, r1\ne1a04002\tmov\tr4, r2\nebf35462\tbl\tc03c6530 <__asan_load4>\ne357000f\tcmp\tr7, #15\ne7e36655\tubfx\tr6, r5, #12, #4\ne205a00f\tand\tsl, r5, #15\n0a000001\tbeq\tc06f13bc <emulate_ldr+0x38>\ne0840107\tadd\tr0, r4, r7, lsl #2\nebf3545c\tbl\tc03c6530 <__asan_load4>\ne084010a\tadd\tr0, r4, sl, lsl #2\nebf3545a\tbl\tc03c6530 <__asan_load4>\ne2890010\tadd\tr0, r9, #16\nebf35458\tbl\tc03c6530 <__asan_load4>\ne5990010\tldr\tr0, [r9, #16]\ne12fff30\tblx\tr0\ne356000f\tcm\tr6, #15\n1a000014\tbne\tc06f1430 <emulate_ldr+0xac>\ne1a06000\tmov\tr6, r0\ne2840040\tadd\tr0, r4, #64 ; 0x40\n......\n\nwhen running in emulate_ldr to simulate the ldr instruction, panic\noccurred, and the log is as follows:\nUnable to handle kernel NULL pointer dereference at virtual address\n00000090\npgd = ecb46400\n[00000090] *pgd=2e0fa003, *pmd=00000000\nInternal error: Oops: 206 [#1] SMP ARM\nPC is at cap_capable+0x14/0xb0\nLR is at emulate_ldr+0x50/0xc0\npsr: 600d0293 sp : ecd63af8 ip : 00000004 fp : c0a7c30c\nr10: 00000000 r9 : c30897f4 r8 : ecd63cd4\nr7 : 0000000f r6 : 0000000a r5 : e59fa090 r4 : ecd63c98\nr3 : c06ae294 r2 : 00000000 r1 : b7611300 r0 : bf4ec008\nFlags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user\nControl: 32c5387d Table: 2d546400 DAC: 55555555\nProcess bash (pid: 1643, stack limit = 0xecd60190)\n(cap_capable) from (kprobe_handler+0x218/0x340)\n(kprobe_handler) from (kprobe_trap_handler+0x24/0x48)\n(kprobe_trap_handler) from (do_undefinstr+0x13c/0x364)\n(do_undefinstr) from (__und_svc_finish+0x0/0x30)\n(__und_svc_finish) from (cap_capable+0x18/0xb0)\n(cap_capable) from (cap_vm_enough_memory+0x38/0x48)\n(cap_vm_enough_memory) from\n(security_vm_enough_memory_mm+0x48/0x6c)\n(security_vm_enough_memory_mm) from\n(copy_process.constprop.5+0x16b4/0x25c8)\n(copy_process.constprop.5) from (_do_fork+0xe8/0x55c)\n(_do_fork) from (SyS_clone+0x1c/0x24)\n(SyS_clone) from (__sys_trace_return+0x0/0x10)\nCode: 0050a0e1 6c0080e2 0140a0e1 0260a0e1 (f801f0e7)"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1515e72aae803fc6b466adf918e71c4e4c9d5b3d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8b59b0a53c840921b625378f137e88adfa87647e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ba1863be105b06e10d0e2f6b1b8a0570801cfc71",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

40
CVE-2021/CVE-2021-476xx/CVE-2021-47619.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2021-47619",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T11:15:54.560",
"lastModified": "2024-06-20T11:15:54.560",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix queues reservation for XDP\n\nWhen XDP was configured on a system with large number of CPUs\nand X722 NIC there was a call trace with NULL pointer dereference.\n\ni40e 0000:87:00.0: failed to get tracking for 256 queues for VSI 0 err -12\ni40e 0000:87:00.0: setup of MAIN VSI failed\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nRIP: 0010:i40e_xdp+0xea/0x1b0 [i40e]\nCall Trace:\n? i40e_reconfig_rss_queues+0x130/0x130 [i40e]\ndev_xdp_install+0x61/0xe0\ndev_xdp_attach+0x18a/0x4c0\ndev_change_xdp_fd+0x1e6/0x220\ndo_setlink+0x616/0x1030\n? ahci_port_stop+0x80/0x80\n? ata_qc_issue+0x107/0x1e0\n? lock_timer_base+0x61/0x80\n? __mod_timer+0x202/0x380\nrtnl_setlink+0xe5/0x170\n? bpf_lsm_binder_transaction+0x10/0x10\n? security_capable+0x36/0x50\nrtnetlink_rcv_msg+0x121/0x350\n? rtnl_calcit.isra.0+0x100/0x100\nnetlink_rcv_skb+0x50/0xf0\nnetlink_unicast+0x1d3/0x2a0\nnetlink_sendmsg+0x22a/0x440\nsock_sendmsg+0x5e/0x60\n__sys_sendto+0xf0/0x160\n? __sys_getsockname+0x7e/0xc0\n? _copy_from_user+0x3c/0x80\n? __sys_setsockopt+0xc8/0x1a0\n__x64_sys_sendto+0x20/0x30\ndo_syscall_64+0x33/0x40\nentry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f83fa7a39e0\n\nThis was caused by PF queue pile fragmentation due to\nflow director VSI queue being placed right after main VSI.\nBecause of this main VSI was not able to resize its\nqueue allocation for XDP resulting in no queues allocated\nfor main VSI when XDP was turned on.\n\nFix this by always allocating last queue in PF queue pile\nfor a flow director VSI."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/00eddb0e4ea115154581d1049507a996acfc2d3e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4b3aa858268b7b9aeef02e5f9c4cd8f8fac101c8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/768eb705e6381f0c70ca29d4e66f19790d5d19a1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/92947844b8beee988c0ce17082b705c2f75f0742",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/be6998f232b8e4ca8225029e305b8329d89bfd59",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d46fa4ea9756ef6cbcf9752d0832cc66e2d7121b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

52
CVE-2021/CVE-2021-476xx/CVE-2021-47620.json Normal file
View File

@ -0,0 +1,52 @@
{
"id": "CVE-2021-47620",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T11:15:54.653",
"lastModified": "2024-06-20T11:15:54.653",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: refactor malicious adv data check\n\nCheck for out-of-bound read was being performed at the end of while\nnum_reports loop, and would fill journal with false positives. Added\ncheck to beginning of loop processing so that it doesn't get checked\nafter ptr has been advanced."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/305e92f525450f3e1b5f5c9dc7eadb152d66a082",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5a539c08d743d9910631448da78af5e961664c0e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5c968affa804ba98c3c603f37ffea6fba618025e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7889b38a7f21ed19314f83194622b195d328465c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/835d3706852537bf92eb23eb8635b8dee0c0aa67",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/83d5196b65d1b29e27d7dd16a3b9b439fb1d2dba",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8819f93cd4a443dfe547aa622b21f723757df3fb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/899663be5e75dc0174dc8bda0b5e6826edf0b29a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bcea886771c3f22a590c8c8b9139a107bd7f1e1c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2022/CVE-2022-487xx/CVE-2022-48711.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2022-48711",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T11:15:54.793",
"lastModified": "2024-06-20T11:15:54.793",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: improve size validations for received domain records\n\nThe function tipc_mon_rcv() allows a node to receive and process\ndomain_record structs from peer nodes to track their views of the\nnetwork topology.\n\nThis patch verifies that the number of members in a received domain\nrecord does not exceed the limit defined by MAX_MON_DOMAIN, something\nthat may otherwise lead to a stack overflow.\n\ntipc_mon_rcv() is called from the function tipc_link_proto_rcv(), where\nwe are reading a 32 bit message data length field into a uint16. To\navert any risk of bit overflow, we add an extra sanity check for this in\nthat function. We cannot see that happen with the current code, but\nfuture designers being unaware of this risk, may introduce it by\nallowing delivery of very large (> 64k) sk buffers from the bearer\nlayer. This potential problem was identified by Eric Dumazet.\n\nThis fixes CVE-2022-0435"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/175db196e45d6f0e6047eccd09c8ba55465eb131",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1f1788616157b0222b0c2153828b475d95e374a7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3c7e5943553594f68bbc070683db6bb6f6e9e78e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/59ff7514f8c56f166aadca49bcecfa028e0ad50f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9aa422ad326634b76309e8ff342c246800621216",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d692e3406e052dbf9f6d9da0cba36cb763272529",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f1af11edd08dd8376f7a84487cbb0ea8203e3a1d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fde4ddeadd099bf9fbb9ccbee8e1b5c20d530a2d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2022/CVE-2022-487xx/CVE-2022-48712.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2022-48712",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T11:15:54.880",
"lastModified": "2024-06-20T11:15:54.880",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix error handling in ext4_fc_record_modified_inode()\n\nCurrent code does not fully takes care of krealloc() error case, which\ncould lead to silent memory corruption or a kernel bug. This patch\nfixes that.\n\nAlso it cleans up some duplicated error handling logic from various\nfunctions in fast_commit.c file."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/14aa3f49c7fc6424763f4323bfbc3a807b0727dc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1b6762ecdf3cf12113772427c904aa3c420a1802",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/62e46e0ffc02daa8fcfc02f7a932cc8a19601b19",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cdce59a1549190b66f8e3fe465c2b2f714b98a94",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2022/CVE-2022-487xx/CVE-2022-48713.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2022-48713",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T11:15:54.960",
"lastModified": "2024-06-20T11:15:54.960",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel/pt: Fix crash with stop filters in single-range mode\n\nAdd a check for !buf->single before calling pt_buffer_region_size in a\nplace where a missing check can cause a kernel crash.\n\nFixes a bug introduced by commit 670638477aed (\"perf/x86/intel/pt:\nOpportunistically use single range output mode\"), which added a\nsupport for PT single-range output mode. Since that commit if a PT\nstop filter range is hit while tracing, the kernel will crash because\nof a null pointer dereference in pt_handle_status due to calling\npt_buffer_region_size without a ToPA configured.\n\nThe commit which introduced single-range mode guarded almost all uses of\nthe ToPA buffer variables with checks of the buf->single variable, but\nmissed the case where tracing was stopped by the PT hardware, which\nhappens when execution hits a configured stop filter.\n\nTested that hitting a stop filter while PT recording successfully\nrecords a trace with this patch but crashes without this patch."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1d9093457b243061a9bba23543c38726e864a643",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/456f041e035913fcedb275aff6f8a71dfebcd394",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e83d941fd3445f660d2f43647c580a320cc384f6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/feffb6ae2c80b9a8206450cdef90f5943baced99",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2022/CVE-2022-487xx/CVE-2022-48714.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2022-48714",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T11:15:55.033",
"lastModified": "2024-06-20T11:15:55.033",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Use VM_MAP instead of VM_ALLOC for ringbuf\n\nAfter commit 2fd3fb0be1d1 (\"kasan, vmalloc: unpoison VM_ALLOC pages\nafter mapping\"), non-VM_ALLOC mappings will be marked as accessible\nin __get_vm_area_node() when KASAN is enabled. But now the flag for\nringbuf area is VM_ALLOC, so KASAN will complain out-of-bound access\nafter vmap() returns. Because the ringbuf area is created by mapping\nallocated pages, so use VM_MAP instead.\n\nAfter the change, info in /proc/vmallocinfo also changes from\n [start]-[end] 24576 ringbuf_map_alloc+0x171/0x290 vmalloc user\nto\n [start]-[end] 24576 ringbuf_map_alloc+0x171/0x290 vmap user"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/5e457aeab52a5947619e1f18047f4d2f3212b3eb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6304a613a97d6dcd49b93fbad31e9f39d1e138d6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b293dcc473d22a62dc6d78de2b15e4f49515db56",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d578933f6226d5419af9306746efa1c693cbaf9c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2022/CVE-2022-487xx/CVE-2022-48715.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2022-48715",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T11:15:55.110",
"lastModified": "2024-06-20T11:15:55.110",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bnx2fc: Make bnx2fc_recv_frame() mp safe\n\nRunning tests with a debug kernel shows that bnx2fc_recv_frame() is\nmodifying the per_cpu lport stats counters in a non-mpsafe way. Just boot\na debug kernel and run the bnx2fc driver with the hardware enabled.\n\n[ 1391.699147] BUG: using smp_processor_id() in preemptible [00000000] code: bnx2fc_\n[ 1391.699160] caller is bnx2fc_recv_frame+0xbf9/0x1760 [bnx2fc]\n[ 1391.699174] CPU: 2 PID: 4355 Comm: bnx2fc_l2_threa Kdump: loaded Tainted: G B\n[ 1391.699180] Hardware name: HP ProLiant DL120 G7, BIOS J01 07/01/2013\n[ 1391.699183] Call Trace:\n[ 1391.699188] dump_stack_lvl+0x57/0x7d\n[ 1391.699198] check_preemption_disabled+0xc8/0xd0\n[ 1391.699205] bnx2fc_recv_frame+0xbf9/0x1760 [bnx2fc]\n[ 1391.699215] ? do_raw_spin_trylock+0xb5/0x180\n[ 1391.699221] ? bnx2fc_npiv_create_vports.isra.0+0x4e0/0x4e0 [bnx2fc]\n[ 1391.699229] ? bnx2fc_l2_rcv_thread+0xb7/0x3a0 [bnx2fc]\n[ 1391.699240] bnx2fc_l2_rcv_thread+0x1af/0x3a0 [bnx2fc]\n[ 1391.699250] ? bnx2fc_ulp_init+0xc0/0xc0 [bnx2fc]\n[ 1391.699258] kthread+0x364/0x420\n[ 1391.699263] ? _raw_spin_unlock_irq+0x24/0x50\n[ 1391.699268] ? set_kthread_struct+0x100/0x100\n[ 1391.699273] ret_from_fork+0x22/0x30\n\nRestore the old get_cpu/put_cpu code with some modifications to reduce the\nsize of the critical section."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/003bcee66a8f0e76157eb3af369c173151901d97",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2d24336c7214b281b51860e54783dfc65f1248df",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2f5a1ac68bdf2899ce822ab845081922ea8c588e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3a345198a7c2d1db2526dc60b77052f75de019d3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/471085571f926a1fe6b1bed095638994dbf23990",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/53e4f71763c61a557283eb43301efd671922d1e8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/936bd03405fc83ba039d42bc93ffd4b88418f1d3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ec4334152dae175dbd8fd5bde1d2139bbe7b42d0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2022/CVE-2022-487xx/CVE-2022-48716.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2022-48716",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T11:15:55.207",
"lastModified": "2024-06-20T11:15:55.207",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd938x: fix incorrect used of portid\n\nMixer controls have the channel id in mixer->reg, which is not same\nas port id. port id should be derived from chan_info array.\nSo fix this. Without this, its possible that we could corrupt\nstruct wcd938x_sdw_priv by accessing port_map array out of range\nwith channel id instead of port id."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/9167f2712dc8c24964840a4d1e2ebf130e846b95",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/aa7152f9f117b3e66b3c0d4158ca4c6d46ab229f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c5c1546a654f613e291a7c5d6f3660fc1eb6d0c7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

40
CVE-2022/CVE-2022-487xx/CVE-2022-48717.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2022-48717",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T11:15:55.287",
"lastModified": "2024-06-20T11:15:55.287",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: max9759: fix underflow in speaker_gain_control_put()\n\nCheck for negative values of \"priv->gain\" to prevent an out of bounds\naccess. The concern is that these might come from the user via:\n -> snd_ctl_elem_write_user()\n -> snd_ctl_elem_write()\n -> kctl->put()"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4c907bcd9dcd233da6707059d777ab389dcbd964",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5a45448ac95b715173edb1cd090ff24b6586d921",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/71e60c170105d153e34d01766c1e4db26a4b24cc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a0f49d12547d45ea8b0f356a96632dd503941c1e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/baead410e5db49e962a67fffc17ac30e44b50b7c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f114fd6165dfb52520755cc4d1c1dfbd447b88b6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2022/CVE-2022-487xx/CVE-2022-48718.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2022-48718",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T11:15:55.373",
"lastModified": "2024-06-20T11:15:55.373",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: mxsfb: Fix NULL pointer dereference\n\nmxsfb should not ever dereference the NULL pointer which\ndrm_atomic_get_new_bridge_state is allowed to return.\nAssume a fixed format instead."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/622c9a3a7868e1eeca39c55305ca3ebec4742b64",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6f9267e01cca749137349d8ffb0d0ebbadf567f4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/86a337bb803040e4401b87c974a7fb92efe3d0e1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

24
CVE-2022/CVE-2022-487xx/CVE-2022-48719.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2022-48719",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T11:15:55.470",
"lastModified": "2024-06-20T11:15:55.470",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet, neigh: Do not trigger immediate probes on NUD_FAILED from neigh_managed_work\n\nsyzkaller was able to trigger a deadlock for NTF_MANAGED entries [0]:\n\n kworker/0:16/14617 is trying to acquire lock:\n ffffffff8d4dd370 (&tbl->lock){++-.}-{2:2}, at: ___neigh_create+0x9e1/0x2990 net/core/neighbour.c:652\n [...]\n but task is already holding lock:\n ffffffff8d4dd370 (&tbl->lock){++-.}-{2:2}, at: neigh_managed_work+0x35/0x250 net/core/neighbour.c:1572\n\nThe neighbor entry turned to NUD_FAILED state, where __neigh_event_send()\ntriggered an immediate probe as per commit cd28ca0a3dd1 (\"neigh: reduce\narp latency\") via neigh_probe() given table lock was held.\n\nOne option to fix this situation is to defer the neigh_probe() back to\nthe neigh_timer_handler() similarly as pre cd28ca0a3dd1. For the case\nof NTF_MANAGED, this deferral is acceptable given this only happens on\nactual failure state and regular / expected state is NUD_VALID with the\nentry already present.\n\nThe fix adds a parameter to __neigh_event_send() in order to communicate\nwhether immediate probe is allowed or disallowed. Existing call-sites\nof neigh_event_send() default as-is to immediate probe. However, the\nneigh_managed_work() disables it via use of neigh_event_send_probe().\n\n[0] <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_deadlock_bug kernel/locking/lockdep.c:2956 [inline]\n check_deadlock kernel/locking/lockdep.c:2999 [inline]\n validate_chain kernel/locking/lockdep.c:3788 [inline]\n __lock_acquire.cold+0x149/0x3ab kernel/locking/lockdep.c:5027\n lock_acquire kernel/locking/lockdep.c:5639 [inline]\n lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5604\n __raw_write_lock_bh include/linux/rwlock_api_smp.h:202 [inline]\n _raw_write_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:334\n ___neigh_create+0x9e1/0x2990 net/core/neighbour.c:652\n ip6_finish_output2+0x1070/0x14f0 net/ipv6/ip6_output.c:123\n __ip6_finish_output net/ipv6/ip6_output.c:191 [inline]\n __ip6_finish_output+0x61e/0xe90 net/ipv6/ip6_output.c:170\n ip6_finish_output+0x32/0x200 net/ipv6/ip6_output.c:201\n NF_HOOK_COND include/linux/netfilter.h:296 [inline]\n ip6_output+0x1e4/0x530 net/ipv6/ip6_output.c:224\n dst_output include/net/dst.h:451 [inline]\n NF_HOOK include/linux/netfilter.h:307 [inline]\n ndisc_send_skb+0xa99/0x17f0 net/ipv6/ndisc.c:508\n ndisc_send_ns+0x3a9/0x840 net/ipv6/ndisc.c:650\n ndisc_solicit+0x2cd/0x4f0 net/ipv6/ndisc.c:742\n neigh_probe+0xc2/0x110 net/core/neighbour.c:1040\n __neigh_event_send+0x37d/0x1570 net/core/neighbour.c:1201\n neigh_event_send include/net/neighbour.h:470 [inline]\n neigh_managed_work+0x162/0x250 net/core/neighbour.c:1574\n process_one_work+0x9ac/0x1650 kernel/workqueue.c:2307\n worker_thread+0x657/0x1110 kernel/workqueue.c:2454\n kthread+0x2e9/0x3a0 kernel/kthread.c:377\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295\n </TASK>"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/203a35ebb49cdce377416b0690215d3ce090d364",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4a81f6da9cb2d1ef911131a6fd8bd15cb61fc772",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2022/CVE-2022-487xx/CVE-2022-48720.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2022-48720",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T11:15:55.547",
"lastModified": "2024-06-20T11:15:55.547",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: macsec: Fix offload support for NETDEV_UNREGISTER event\n\nCurrent macsec netdev notify handler handles NETDEV_UNREGISTER event by\nreleasing relevant SW resources only, this causes resources leak in case\nof macsec HW offload, as the underlay driver was not notified to clean\nit's macsec offload resources.\n\nFix by calling the underlay driver to clean it's relevant resources\nby moving offload handling from macsec_dellink() to macsec_common_dellink()\nwhen handling NETDEV_UNREGISTER event."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2e7f5b6ee1a7a2c628253a95b0a95b582901ef1b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8299be160aad8548071d080518712dec0df92bd5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9cef24c8b76c1f6effe499d2f131807c90f7ce9a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e7a0b3a0806dae3cc81931f0e83055ca2ac6f455",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2022/CVE-2022-487xx/CVE-2022-48721.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2022-48721",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T11:15:55.620",
"lastModified": "2024-06-20T11:15:55.620",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: Forward wakeup to smc socket waitqueue after fallback\n\nWhen we replace TCP with SMC and a fallback occurs, there may be\nsome socket waitqueue entries remaining in smc socket->wq, such\nas eppoll_entries inserted by userspace applications.\n\nAfter the fallback, data flows over TCP/IP and only clcsocket->wq\nwill be woken up. Applications can't be notified by the entries\nwhich were inserted in smc socket->wq before fallback. So we need\na mechanism to wake up smc socket->wq at the same time if some\nentries remaining in it.\n\nThe current workaround is to transfer the entries from smc socket->wq\nto clcsock->wq during the fallback. But this may cause a crash\nlike this:\n\n general protection fault, probably for non-canonical address 0xdead000000000100: 0000 [#1] PREEMPT SMP PTI\n CPU: 3 PID: 0 Comm: swapper/3 Kdump: loaded Tainted: G E 5.16.0+ #107\n RIP: 0010:__wake_up_common+0x65/0x170\n Call Trace:\n <IRQ>\n __wake_up_common_lock+0x7a/0xc0\n sock_def_readable+0x3c/0x70\n tcp_data_queue+0x4a7/0xc40\n tcp_rcv_established+0x32f/0x660\n ? sk_filter_trim_cap+0xcb/0x2e0\n tcp_v4_do_rcv+0x10b/0x260\n tcp_v4_rcv+0xd2a/0xde0\n ip_protocol_deliver_rcu+0x3b/0x1d0\n ip_local_deliver_finish+0x54/0x60\n ip_local_deliver+0x6a/0x110\n ? tcp_v4_early_demux+0xa2/0x140\n ? tcp_v4_early_demux+0x10d/0x140\n ip_sublist_rcv_finish+0x49/0x60\n ip_sublist_rcv+0x19d/0x230\n ip_list_rcv+0x13e/0x170\n __netif_receive_skb_list_core+0x1c2/0x240\n netif_receive_skb_list_internal+0x1e6/0x320\n napi_complete_done+0x11d/0x190\n mlx5e_napi_poll+0x163/0x6b0 [mlx5_core]\n __napi_poll+0x3c/0x1b0\n net_rx_action+0x27c/0x300\n __do_softirq+0x114/0x2d2\n irq_exit_rcu+0xb4/0xe0\n common_interrupt+0xba/0xe0\n </IRQ>\n <TASK>\n\nThe crash is caused by privately transferring waitqueue entries from\nsmc socket->wq to clcsock->wq. The owners of these entries, such as\nepoll, have no idea that the entries have been transferred to a\ndifferent socket wait queue and still use original waitqueue spinlock\n(smc socket->wq.wait.lock) to make the entries operation exclusive,\nbut it doesn't work. The operations to the entries, such as removing\nfrom the waitqueue (now is clcsock->wq after fallback), may cause a\ncrash when clcsock waitqueue is being iterated over at the moment.\n\nThis patch tries to fix this by no longer transferring wait queue\nentries privately, but introducing own implementations of clcsock's\ncallback functions in fallback situation. The callback functions will\nforward the wakeup to smc socket->wq if clcsock->wq is actually woken\nup and smc socket->wq has remaining entries."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0ef6049f664941bc0f75828b3a61877635048b27",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/341adeec9adad0874f29a0a1af35638207352a39",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/504078fbe9dd570d685361b57784a6050bc40aaa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

44
CVE-2022/CVE-2022-487xx/CVE-2022-48722.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2022-48722",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T11:15:55.733",
"lastModified": "2024-06-20T11:15:55.733",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ieee802154: ca8210: Stop leaking skb's\n\nUpon error the ieee802154_xmit_complete() helper is not called. Only\nieee802154_wake_queue() is called manually. We then leak the skb\nstructure.\n\nFree the skb structure upon error before returning."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/21feb6df3967541931242c427fe0958276af81cc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/621b24b09eb61c63f262da0c9c5f0e93348897e5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6f38d3a6ec11c2733b1c641a46a2a2ecec57be08",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/78b3f20c17cbcb7645bfa63f2ca0e11b53c09d56",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/94cd597e20ed4acedb8f15f029d92998b011cb1a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a1c277b0ed2a13e7de923b5f03bc23586eceb851",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d6a44feb2f28d71a7e725f72d09c97c81561cd9a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2022/CVE-2022-487xx/CVE-2022-48723.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2022-48723",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T11:15:55.820",
"lastModified": "2024-06-20T11:15:55.820",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: uniphier: fix reference count leak in uniphier_spi_probe()\n\nThe issue happens in several error paths in uniphier_spi_probe().\nWhen either dma_get_slave_caps() or devm_spi_register_master() returns\nan error code, the function forgets to decrease the refcount of both\n`dma_rx` and `dma_tx` objects, which may lead to refcount leaks.\n\nFix it by decrementing the reference count of specific objects in\nthose error paths."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/37c2c83ca4f1ef4b6908181ac98e18360af89b42",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/447c3d4046d7b54052d07d8b27e15e6edea5662c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dd00b4f8f768d81c3788a8ac88fdb3d745e55ea3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e895e067d73e154b1ebc84a124e00831e311d9b0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

4
CVE-2024/CVE-2024-268xx/CVE-2024-26807.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2024-26807",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-04T09:15:09.380",
"lastModified": "2024-04-04T12:48:22.650",
"lastModified": "2024-06-20T10:15:09.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cadence-qspi: fix pointer reference in runtime PM hooks\n\ndev_get_drvdata() gets used to acquire the pointer to cqspi and the SPI\ncontroller. Neither embed the other; this lead to memory corruption.\n\nOn a given platform (Mobileye EyeQ5) the memory corruption is hidden\ninside cqspi->f_pdata. Also, this uninitialised memory is used as a\nmutex (ctlr->bus_lock_mutex) by spi_controller_suspend()."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBoth cadence-quadspi ->runtime_suspend() and ->runtime_resume()\nimplementations start with:\n\n\tstruct cqspi_st *cqspi = dev_get_drvdata(dev);\n\tstruct spi_controller *host = dev_get_drvdata(dev);\n\nThis obviously cannot be correct, unless \"struct cqspi_st\" is the\nfirst member of \" struct spi_controller\", or the other way around, but\nit is not the case. \"struct spi_controller\" is allocated by\ndevm_spi_alloc_host(), which allocates an extra amount of memory for\nprivate data, used to store \"struct cqspi_st\".\n\nThe ->probe() function of the cadence-quadspi driver then sets the\ndevice drvdata to store the address of the \"struct cqspi_st\"\nstructure. Therefore:\n\n\tstruct cqspi_st *cqspi = dev_get_drvdata(dev);\n\nis correct, but:\n\n\tstruct spi_controller *host = dev_get_drvdata(dev);\n\nis not, as it makes \"host\" point not to a \"struct spi_controller\" but\nto the same \"struct cqspi_st\" structure as above.\n\nThis obviously leads to bad things (memory corruption, kernel crashes)\ndirectly during ->probe(), as ->probe() enables the device using PM\nruntime, leading the ->runtime_resume() hook being called, which in\nturns calls spi_controller_resume() with the wrong pointer.\n\nThis has at least been reported [0] to cause a kernel crash, but the\nexact behavior will depend on the memory contents.\n\n[0] https://lore.kernel.org/all/20240226121803.5a7r5wkpbbowcxgx@dhruva/\n\nThis issue potentially affects all platforms that are currently using\nthe cadence-quadspi driver."
},
{
"lang": "es",

32
CVE-2024/CVE-2024-281xx/CVE-2024-28147.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-28147",
"sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"published": "2024-06-20T11:15:55.913",
"lastModified": "2024-06-20T11:15:55.913",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authenticated user can upload arbitrary files in the upload \nfunction for collection preview images. An attacker may upload an HTML \nfile that includes malicious JavaScript code which will be executed if a\n user visits the direct URL of the collection preview image (Stored \nCross Site Scripting). It is also possible to upload SVG files that \ninclude nested XML entities. Those are parsed when a user visits the \ndirect URL of the collection preview image, which may be utilized for a \nDenial of Service attack.\n\nThis issue affects edu-sharing: <8.0.8-RC2, <8.1.4-RC0, <9.0.0-RC19."
}
],
"metrics": {},
"weaknesses": [
{
"source": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://r.sec-consult.com/metaventis",
"source": "551230f0-3615-47bd-b7cc-93e92e730bbf"
}
]
}

6
CVE-2024/CVE-2024-346xx/CVE-2024-34693.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-34693",
"sourceIdentifier": "security@apache.org",
"published": "2024-06-20T09:15:11.683",
"lastModified": "2024-06-20T09:15:11.683",
"lastModified": "2024-06-20T11:15:56.090",
"vulnStatus": "Received",
"descriptions": [
{
@ -47,6 +47,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/06/20/1",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/1803x1s34m7r71h1k0q1njol8k6fmyon",
"source": "security@apache.org"

51
CVE-2024/CVE-2024-50xx/CVE-2024-5036.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2024-5036",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-20T11:15:56.273",
"lastModified": "2024-06-20T11:15:56.273",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter in all versions up to, and including, 3.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/sina-extension-for-elementor/trunk/widgets/basic/sina-counter.php#L687",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3104601/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/64f11bc9-88b5-43d5-bc76-129dc5909210?source=cve",
"source": "security@wordfence.com"
}
]
}

15
CVE-2024/CVE-2024-58xx/CVE-2024-5886.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2024-5886",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-20T11:15:56.580",
"lastModified": "2024-06-20T11:15:56.580",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {},
"references": []
}

92
CVE-2024/CVE-2024-61xx/CVE-2024-6181.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-6181",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-06-20T11:15:56.723",
"lastModified": "2024-06-20T11:15:56.723",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in LabVantage LIMS 2017. It has been declared as problematic. This vulnerability affects unknown code of the file /labvantage/rc?command=file&file=WEB-CORE/elements/files/filesembedded.jsp&size=32. The manipulation of the argument height/width leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269152. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://gentle-khaan-c53.notion.site/Reflected-XSS-in-Labvantage-LIMS-9531d77dce984d4da2ddcab863962e9c?pvs=4",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.269152",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.269152",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.353709",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2024/CVE-2024-61xx/CVE-2024-6182.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-6182",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-06-20T11:15:57.117",
"lastModified": "2024-06-20T11:15:57.117",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in LabVantage LIMS 2017. It has been rated as problematic. This issue affects some unknown processing of the file /labvantage/rc?command=page&page=LV_ViewSampleSpec&oosonly=Y&_sdialog=Y. The manipulation of the argument sdcid/keyid1 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269153 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://gentle-khaan-c53.notion.site/Reflected-XSS-in-Labvantage-LIMS-95e338b6f9ea45db9a6c635c3c1ff3b8",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.269153",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.269153",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.354361",
"source": "cna@vuldb.com"
}
]
}

46
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-06-20T10:00:55.194049+00:00
2024-06-20T12:00:18.799054+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-06-20T09:15:12.253000+00:00
2024-06-20T11:15:57.117000+00:00
```
### Last Data Feed Release
@ -33,31 +33,43 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
254649
254671
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `22`
- [CVE-2024-29012](CVE-2024/CVE-2024-290xx/CVE-2024-29012.json) (`2024-06-20T09:15:11.347`)
- [CVE-2024-29013](CVE-2024/CVE-2024-290xx/CVE-2024-29013.json) (`2024-06-20T09:15:11.543`)
- [CVE-2024-34693](CVE-2024/CVE-2024-346xx/CVE-2024-34693.json) (`2024-06-20T09:15:11.683`)
- [CVE-2024-38620](CVE-2024/CVE-2024-386xx/CVE-2024-38620.json) (`2024-06-20T08:15:38.377`)
- [CVE-2021-47617](CVE-2021/CVE-2021-476xx/CVE-2021-47617.json) (`2024-06-20T11:15:54.317`)
- [CVE-2021-47618](CVE-2021/CVE-2021-476xx/CVE-2021-47618.json) (`2024-06-20T11:15:54.477`)
- [CVE-2021-47619](CVE-2021/CVE-2021-476xx/CVE-2021-47619.json) (`2024-06-20T11:15:54.560`)
- [CVE-2021-47620](CVE-2021/CVE-2021-476xx/CVE-2021-47620.json) (`2024-06-20T11:15:54.653`)
- [CVE-2022-48711](CVE-2022/CVE-2022-487xx/CVE-2022-48711.json) (`2024-06-20T11:15:54.793`)
- [CVE-2022-48712](CVE-2022/CVE-2022-487xx/CVE-2022-48712.json) (`2024-06-20T11:15:54.880`)
- [CVE-2022-48713](CVE-2022/CVE-2022-487xx/CVE-2022-48713.json) (`2024-06-20T11:15:54.960`)
- [CVE-2022-48714](CVE-2022/CVE-2022-487xx/CVE-2022-48714.json) (`2024-06-20T11:15:55.033`)
- [CVE-2022-48715](CVE-2022/CVE-2022-487xx/CVE-2022-48715.json) (`2024-06-20T11:15:55.110`)
- [CVE-2022-48716](CVE-2022/CVE-2022-487xx/CVE-2022-48716.json) (`2024-06-20T11:15:55.207`)
- [CVE-2022-48717](CVE-2022/CVE-2022-487xx/CVE-2022-48717.json) (`2024-06-20T11:15:55.287`)
- [CVE-2022-48718](CVE-2022/CVE-2022-487xx/CVE-2022-48718.json) (`2024-06-20T11:15:55.373`)
- [CVE-2022-48719](CVE-2022/CVE-2022-487xx/CVE-2022-48719.json) (`2024-06-20T11:15:55.470`)
- [CVE-2022-48720](CVE-2022/CVE-2022-487xx/CVE-2022-48720.json) (`2024-06-20T11:15:55.547`)
- [CVE-2022-48721](CVE-2022/CVE-2022-487xx/CVE-2022-48721.json) (`2024-06-20T11:15:55.620`)
- [CVE-2022-48722](CVE-2022/CVE-2022-487xx/CVE-2022-48722.json) (`2024-06-20T11:15:55.733`)
- [CVE-2022-48723](CVE-2022/CVE-2022-487xx/CVE-2022-48723.json) (`2024-06-20T11:15:55.820`)
- [CVE-2024-28147](CVE-2024/CVE-2024-281xx/CVE-2024-28147.json) (`2024-06-20T11:15:55.913`)
- [CVE-2024-5036](CVE-2024/CVE-2024-50xx/CVE-2024-5036.json) (`2024-06-20T11:15:56.273`)
- [CVE-2024-5886](CVE-2024/CVE-2024-58xx/CVE-2024-5886.json) (`2024-06-20T11:15:56.580`)
- [CVE-2024-6181](CVE-2024/CVE-2024-61xx/CVE-2024-6181.json) (`2024-06-20T11:15:56.723`)
- [CVE-2024-6182](CVE-2024/CVE-2024-61xx/CVE-2024-6182.json) (`2024-06-20T11:15:57.117`)
### CVEs modified in the last Commit
Recently modified CVEs: `8`
Recently modified CVEs: `2`
- [CVE-2021-47573](CVE-2021/CVE-2021-475xx/CVE-2021-47573.json) (`2024-06-20T09:15:10.660`)
- [CVE-2021-47574](CVE-2021/CVE-2021-475xx/CVE-2021-47574.json) (`2024-06-20T09:15:10.850`)
- [CVE-2021-47575](CVE-2021/CVE-2021-475xx/CVE-2021-47575.json) (`2024-06-20T09:15:10.953`)
- [CVE-2021-47581](CVE-2021/CVE-2021-475xx/CVE-2021-47581.json) (`2024-06-20T09:15:11.057`)
- [CVE-2024-26639](CVE-2024/CVE-2024-266xx/CVE-2024-26639.json) (`2024-06-20T09:15:11.183`)
- [CVE-2024-35241](CVE-2024/CVE-2024-352xx/CVE-2024-35241.json) (`2024-06-20T09:15:11.993`)
- [CVE-2024-35242](CVE-2024/CVE-2024-352xx/CVE-2024-35242.json) (`2024-06-20T09:15:12.140`)
- [CVE-2024-37568](CVE-2024/CVE-2024-375xx/CVE-2024-37568.json) (`2024-06-20T09:15:12.253`)
- [CVE-2024-26807](CVE-2024/CVE-2024-268xx/CVE-2024-26807.json) (`2024-06-20T10:15:09.303`)
- [CVE-2024-34693](CVE-2024/CVE-2024-346xx/CVE-2024-34693.json) (`2024-06-20T11:15:56.090`)
## Download and Usage

48
_state.csv
View File

@ -187371,15 +187371,15 @@ CVE-2021-47569,0,0,7b4ee9969d7b2bdfa51b608129e4a28e25fef0b05a577f53d9e872f37b867
CVE-2021-47570,0,0,8efc024fd057221731b8441eed1f78c2841bddbe1d7646bf65390da9848d7ece,2024-06-10T19:22:46.993000
CVE-2021-47571,0,0,9ae7dfe9cc2ea2b4111c421c046fb07b6c9a1d98489d868de0a813931f6c97cf,2024-06-10T19:22:36.833000
CVE-2021-47572,0,0,55c6e98268ccff9a12ecfcf7346b412b0260b19f4dd297c4a5d7a5ddb50f3eca,2024-06-10T19:22:05.237000
CVE-2021-47573,0,1,77f17ceffef01ed1235383fa8b9d660bd9e97f9957ddf89f7588fecd6de7f3ee,2024-06-20T09:15:10.660000
CVE-2021-47574,0,1,391863034eab59403fe143d15df40f1956c3dc69dca88c34541f90e4de440ed8,2024-06-20T09:15:10.850000
CVE-2021-47575,0,1,722357c96fabd9dcaa94e25f2d6c3827cc0d9ffea8340b657e2489a7b6bb493c,2024-06-20T09:15:10.953000
CVE-2021-47573,0,0,77f17ceffef01ed1235383fa8b9d660bd9e97f9957ddf89f7588fecd6de7f3ee,2024-06-20T09:15:10.660000
CVE-2021-47574,0,0,391863034eab59403fe143d15df40f1956c3dc69dca88c34541f90e4de440ed8,2024-06-20T09:15:10.850000
CVE-2021-47575,0,0,722357c96fabd9dcaa94e25f2d6c3827cc0d9ffea8340b657e2489a7b6bb493c,2024-06-20T09:15:10.953000
CVE-2021-47576,0,0,529ff2838ef76d7619d5bef41c4412385193d0388581dc3389cc34ad5cb3392b,2024-06-19T15:15:52.117000
CVE-2021-47577,0,0,2e716ba915bf347483c8366b86986fd4bc924c2188585127b0346a76083dca64,2024-06-19T15:15:52.223000
CVE-2021-47578,0,0,b6cdd7cb71f065232f349708162f254a0436579d12bb1d2af1930716fd430722,2024-06-19T15:15:52.320000
CVE-2021-47579,0,0,bacd9b18ea2cec453f67aac72823401bb7e8ad56778087942ea94693446c2239,2024-06-19T15:15:52.427000
CVE-2021-47580,0,0,9d0dcf903250aa86955d83dd6f1490d35c7ce8feed681a55869b2ec26c204660,2024-06-19T15:15:52.537000
CVE-2021-47581,0,1,17ec8f4e133d40e0db5079fe03b869ad7ee16e0e079fffc51fd025ed4a3f9521,2024-06-20T09:15:11.057000
CVE-2021-47581,0,0,17ec8f4e133d40e0db5079fe03b869ad7ee16e0e079fffc51fd025ed4a3f9521,2024-06-20T09:15:11.057000
CVE-2021-47582,0,0,c9a1f9b44372a9f249b03729be5db788d3c9b94e5e60e99cb74bd75151e295d6,2024-06-19T15:15:52.743000
CVE-2021-47583,0,0,6e348f5d1cee71355f4561877aa842e4099a5c563bcd5b01e8d3e5ff3a090cb9,2024-06-19T15:15:52.843000
CVE-2021-47584,0,0,9fb73020197e21e2348918b425a736b526ca64cbfa5f5cb286809e6fb7fff65f,2024-06-19T15:15:52.947000
@ -187415,6 +187415,10 @@ CVE-2021-47613,0,0,440b155bc5e528cbfc86f311f0754e1fcc83a2837cf27d9be9e9e63280c5e
CVE-2021-47614,0,0,57fdd5a971b374efd6ca12ff9eaebc4ae1382cf48de669e8b347571bad23008b,2024-06-19T15:15:55.943000
CVE-2021-47615,0,0,e6972818866c037db26a5c1b369f5391f820afda8212e98d624ae9e2f749949f,2024-06-19T15:15:56.030000
CVE-2021-47616,0,0,613e0fc659a08a1fbd2d33e67d7334b1808c6952236b73a03143db70ef545f3b,2024-06-19T15:15:56.130000
CVE-2021-47617,1,1,6a4cc525a053ed7724deb39d26fa648531dc0eff60b7caf36150ce513b8655c1,2024-06-20T11:15:54.317000
CVE-2021-47618,1,1,a92457db77c57329a98818642a3c4c8ae8cec64ad75299e63477d87c5d954e28,2024-06-20T11:15:54.477000
CVE-2021-47619,1,1,a587964b82f28c3f37c4aed7e2edae5cbf64b8705b16826678522954d17cce89,2024-06-20T11:15:54.560000
CVE-2021-47620,1,1,66fde7a024dfe345b80aff0598fe94f6ddbf6b5afcdcee7d050eee6605cd5f9e,2024-06-20T11:15:54.653000
CVE-2022-0001,0,0,d8fdf66a3692474461fa30afb4569bb8513a7a0b04c6840c7e2c146df6b5709c,2024-04-09T15:15:26.797000
CVE-2022-0002,0,0,4ba989879ca817729e7cddc36d35dc20834fb13fd71d0cce189890fe2defbd53,2022-08-19T12:28:50.667000
CVE-2022-0004,0,0,49c52ff3575738b86482113493a7c3a40cb78eb0fdff68408b97beece4f065c8,2022-06-10T20:52:37.810000
@ -212091,7 +212095,20 @@ CVE-2022-48708,0,0,b35378a7467337cab7b1eef08420fd20c82e6434d74596d1198a41e477871
CVE-2022-48709,0,0,6baa1cc0021e923f3b33081043dd7a305091b7d2d8afafa75c06c12c76f323ea,2024-05-21T16:53:56.550000
CVE-2022-4871,0,0,7274992495dd67388b392e338389fdefa8e3ed34b55ba94bae27cb8f3908886f,2024-05-17T02:17:00.160000
CVE-2022-48710,0,0,fe0ec196b9ae5f3f56372f7ec69d70930c0b30ebf7231710388167bc4a2cc6ec,2024-05-21T16:53:56.550000
CVE-2022-48711,1,1,437bfedf93ccc6707dd66d2a73f2aa01c86f5b3cc60900eb635a56ff1b8fb994,2024-06-20T11:15:54.793000
CVE-2022-48712,1,1,3b64a6878c99556d2e8e53df3e3fbe560123c9b9235d2d0be81373221ade16df,2024-06-20T11:15:54.880000
CVE-2022-48713,1,1,fa6c1284746f0ff8d418439a3365df6be246ac2e056745ec75dadf6029a4d3df,2024-06-20T11:15:54.960000
CVE-2022-48714,1,1,5832f54243f2c8c4414082f2dbd8e585d701954280f2cee014511c0c990981b9,2024-06-20T11:15:55.033000
CVE-2022-48715,1,1,7fcf7dc38c54f89b9d6be4a75e3e3a0cd868f2fbae230c145239cc82fb11749a,2024-06-20T11:15:55.110000
CVE-2022-48716,1,1,a314667ccf1ddd96185d9e439ee406446167e8467c58c7c9636a0c88f6814902,2024-06-20T11:15:55.207000
CVE-2022-48717,1,1,f3c1926626a63f7d8b90d2e8783cdf40a49918a488fafb83e0667538d260dc99,2024-06-20T11:15:55.287000
CVE-2022-48718,1,1,53dc35066ea404dcf93f0fc63cade45f4682d57233698f55434e98eacfd19e9f,2024-06-20T11:15:55.373000
CVE-2022-48719,1,1,1c36a8e83830e4e1040d7eee7644b403859159a8bc6f32997b566312ca63c2c1,2024-06-20T11:15:55.470000
CVE-2022-4872,0,0,56b13c17402299c2fa4e0cba1279535195f7b441f30ccd3fba7ade7900a2723a,2023-11-07T03:59:09.100000
CVE-2022-48720,1,1,5355e4977fe0aabca30364968e4f6773c27b05d2f607d1765071807a2155d700,2024-06-20T11:15:55.547000
CVE-2022-48721,1,1,affb9a56241bf14c4a2e76d875def26a80d3bf7fe26fd7f7b5962f6dcc1ed0d6,2024-06-20T11:15:55.620000
CVE-2022-48722,1,1,301c149709267b18d6a69a788abdf48c64545944c994bfb3e7ce5c8a236d2b3d,2024-06-20T11:15:55.733000
CVE-2022-48723,1,1,402f89299bed574bf0f7166b0c6a56854c8a51670cc02ba25a437096b01cbeb7,2024-06-20T11:15:55.820000
CVE-2022-4873,0,0,563a199763d37b536a31c01788923286fc1b28eed585d04a99495c2e08b4d4db,2023-11-07T03:59:09.310000
CVE-2022-4874,0,0,11bc171fda6fc861e0708d150c2ec522d2356e3420b85bbff8eb41cec9dc83eb,2023-11-07T03:59:09.523000
CVE-2022-4875,0,0,17c44f8ed61133d49317ef236aeaa7add57a954975b984861ea8fa8f275ad9d2,2024-05-17T02:17:00.353000
@ -246239,7 +246256,7 @@ CVE-2024-26635,0,0,ef0ef4329a3775ea6d25838c212942f9e933ce2108a8101d274cfb6887156
CVE-2024-26636,0,0,760d91a296e0acf8ba41ea5db2ecf406899fc0855e4062b2617f6fe9e15d498d,2024-03-18T12:38:25.490000
CVE-2024-26637,0,0,fc892e24bd1b7e8206ffae07359f5a6f79726dc219d9822d731828992a4ead1a,2024-03-18T12:38:25.490000
CVE-2024-26638,0,0,810693405d991f7ccd7a2a1a0260a34b1a9402f77c9d945d74efd33b7925ef28,2024-03-18T12:38:25.490000
CVE-2024-26639,0,1,9b6fa0232c66c8cf8fd9bbe39562770943151be50075f97d78497bc85fbca0f5,2024-06-20T09:15:11.183000
CVE-2024-26639,0,0,9b6fa0232c66c8cf8fd9bbe39562770943151be50075f97d78497bc85fbca0f5,2024-06-20T09:15:11.183000
CVE-2024-2664,0,0,c0b832041353c8a6cfaeb7e198e87ee27cc866ec20501fb216f1e10cc4fe5ced,2024-04-10T13:23:38.787000
CVE-2024-26640,0,0,5cc6b5e042a5b441f74784080591c7d359381cd13aba12bdf63d6c89fc714c33,2024-03-18T12:38:25.490000
CVE-2024-26641,0,0,d0ed2cdfb0ff7417cb869a8d4b0f844e96cb33626fa12ef7a8d145f64e7e59f2,2024-03-18T12:38:25.490000
@ -246424,7 +246441,7 @@ CVE-2024-26803,0,0,bf4f15eac5d42d9d48acabce36c3d482be8797731b77e5ce1483231d6ff82
CVE-2024-26804,0,0,d8c422436039e8386ad66c3fbd170d47519ecd5b9715a009f99e3fe84af8acd2,2024-04-04T12:48:22.650000
CVE-2024-26805,0,0,b675ea9a7857f11cb50873972316476c87ff8c6cc3e58590a96a92123fc9f992,2024-04-04T12:48:22.650000
CVE-2024-26806,0,0,015091e390b260dd882093bed966879e94cc206771d1bfbc34aebfbaafa6ae89,2024-04-04T12:48:22.650000
CVE-2024-26807,0,0,dd58971be5b2b7ae4d4d293dc140016766895ff28462656c96a25f4364a4b8be,2024-04-04T12:48:22.650000
CVE-2024-26807,0,1,66efaa56e935b770d7f99b196cd5f7a3f19f58a0e206f379b919ed6ff2ab6c69,2024-06-20T10:15:09.303000
CVE-2024-26808,0,0,4f31bc304a07232a3baf91061957b820ea1892642e797b2566eb9414b09af675,2024-04-04T12:48:22.650000
CVE-2024-26809,0,0,9fe73261a4fc78e6c4eacdd5a51592c430457963a39614d59847053f3066f6fb,2024-04-04T12:48:22.650000
CVE-2024-2681,0,0,9e6fd5b2f5bd242307a3b06bd8306c1385de8ff11e4127aa515eaf95df4ceb50,2024-05-17T02:38:25.007000
@ -247462,6 +247479,7 @@ CVE-2024-28135,0,0,96abb3119d7c130b3351ae6e19b7b28266b27d62a615bb8abd63702b97f6d
CVE-2024-28136,0,0,f26be5bb0ac176918932bfafcc2f2c6a92b6e2dab79b908804e6e26c391cb054,2024-05-14T19:18:31.490000
CVE-2024-28137,0,0,8b6624ffab52051587006e3eecdec06d044231b46bf2ab3d1e0aef29724296f2,2024-05-14T19:18:31.490000
CVE-2024-2814,0,0,982339f1e31e31b47a86b07569eeaf2f5813f3d3dd621dc9984c4993bd7b494b,2024-05-17T02:38:31.880000
CVE-2024-28147,1,1,f3827b7b7e265af2adf0f447b9e9e3377810e8e92f7852202d72cda9c13ed838,2024-06-20T11:15:55.913000
CVE-2024-28148,0,0,dae8adaa9a9f352e6ec75654d798899599fff5056d36885fb288ef42e72a3322,2024-05-08T09:15:08.620000
CVE-2024-28149,0,0,41104aad52a41f735bff830317158bdc9ba92207034c216d3619939dc1f50d3c,2024-05-01T18:15:16.697000
CVE-2024-2815,0,0,ae30a9b38d7ddc3e74b46ed02c6cc6dfaac22a9e2f338b709b798eea6b5488d0,2024-05-17T02:38:31.990000
@ -247913,8 +247931,8 @@ CVE-2024-29009,0,0,64d623a5e5091ece3a08216e60fd84baa7c5e2c60d17197a481a7a00a1fb5
CVE-2024-2901,0,0,df536d591427828a51852a2b88694908334d7c53f764c9038fd3774c5ac19973,2024-05-17T02:38:36.427000
CVE-2024-29010,0,0,1e3d8487ff712a2c650beb70061bccfe6dbcb9db93046ccef5c4aba76b5791d4,2024-05-01T19:50:25.633000
CVE-2024-29011,0,0,87d4656d77d891e8470b880f5feac00db31649e777019df201e1d135e5a0d7dd,2024-05-01T19:50:25.633000
CVE-2024-29012,1,1,999b9b770baa8dc2cef8f5b8f9692cc2067265ac052b62a4dd1d34ebdf9cff96,2024-06-20T09:15:11.347000
CVE-2024-29013,1,1,038e0a8a864d3094bd5ac1441f00f2be35b07bed2f90be66b3c0a13dda6e32a2,2024-06-20T09:15:11.543000
CVE-2024-29012,0,0,999b9b770baa8dc2cef8f5b8f9692cc2067265ac052b62a4dd1d34ebdf9cff96,2024-06-20T09:15:11.347000
CVE-2024-29013,0,0,038e0a8a864d3094bd5ac1441f00f2be35b07bed2f90be66b3c0a13dda6e32a2,2024-06-20T09:15:11.543000
CVE-2024-29018,0,0,a31ea156ee4a30b6d7535cfe30928ed9f90e655143b9cf9c902aa0e59ea88865,2024-03-21T12:58:51.093000
CVE-2024-29019,0,0,fe2de4afc3940e547c647135fa914dde2bc9fce5b46dec96e6b4c47b6599bdc4,2024-04-11T12:47:44.137000
CVE-2024-2902,0,0,38f24f885a94a37a841618e1d20810a0ee756f93a05006f5b6341ee4af4d3b21,2024-05-17T02:38:36.520000
@ -251449,7 +251467,7 @@ CVE-2024-34688,0,0,66fff955b629aa6883569d950a703da0f073f684f77574846b0584730e15d
CVE-2024-3469,0,0,89a04cf68ae33ee1037c8a13e9431c4d00d2106abb2ae6d7191ba817489a1fcd,2024-06-13T19:36:21.350000
CVE-2024-34690,0,0,823a2e1ae33b55e0d3769be79c59e7f42483b5ff6dba621f60a0402d90d83ba8,2024-06-11T13:54:12.057000
CVE-2024-34691,0,0,827395ff4b0bf99f2642a5cd3134d1fe0effa60012a62490a349f26f4db25abb,2024-06-11T13:54:12.057000
CVE-2024-34693,1,1,50822730ff419c99ef4d90417e3e09f36dead83ef4280bfa4c2f4b3c064023c2,2024-06-20T09:15:11.683000
CVE-2024-34693,0,1,73980ddc4f5fa7a9a503f5fb0dc903aae671bf22b5815306056581c355d21186,2024-06-20T11:15:56.090000
CVE-2024-34694,0,0,c52b0ddd7913e7b99d778e62e2419069bd9d8eb90d9108e75c7e8088bb5608e8,2024-06-17T12:42:04.623000
CVE-2024-34695,0,0,d5ed5d99c8f0d08b73ea3cb249327295e787f14594542dd2f27279ab9312830c,2024-05-14T16:12:23.490000
CVE-2024-34697,0,0,95295a45851b4a50f600527e364638272a5d24a08a1ec02edb19abea712755b2,2024-05-14T16:12:23.490000
@ -251717,8 +251735,8 @@ CVE-2024-35238,0,0,90b2bf17c4613df420698bab76b724ca8e351da1091b572382c658446aa99
CVE-2024-35239,0,0,dc8d7e5945f67552120d785b4ede9965a939fdf2358a18c70e37d67c3011c174,2024-05-29T13:02:09.280000
CVE-2024-3524,0,0,3956193ca7114f5710505c19e3a759f29fdc99e35e3e85d2dfaab62815660be2,2024-05-17T02:39:58.883000
CVE-2024-35240,0,0,acfeed6c530b591057353f6a14e986e7e3beca50f19145cd1d7655529729bf12,2024-05-29T13:02:09.280000
CVE-2024-35241,0,1,4a6b31c14cd4bc5f7501900c1f56590acd344b1e5ce5ecc61874cf3d14d82318,2024-06-20T09:15:11.993000
CVE-2024-35242,0,1,2e207f0b714427aca575cae65f49ba50d1e8e36b82c7f71cef6b3cbfa7cbc65d,2024-06-20T09:15:12.140000
CVE-2024-35241,0,0,4a6b31c14cd4bc5f7501900c1f56590acd344b1e5ce5ecc61874cf3d14d82318,2024-06-20T09:15:11.993000
CVE-2024-35242,0,0,2e207f0b714427aca575cae65f49ba50d1e8e36b82c7f71cef6b3cbfa7cbc65d,2024-06-20T09:15:12.140000
CVE-2024-35248,0,0,7b24b3b12982d50407db134ff507626124f42d7e835fdd7f27fa9d0ab0e14275,2024-06-13T18:36:09.013000
CVE-2024-35249,0,0,9a167cb503ead93a464686d2899364feb1521f0eeb8918bfedcfea026510dd14,2024-06-13T18:36:09.013000
CVE-2024-3525,0,0,d160b9aacf64da3afa7deea3824b335adab6f10a287b9b570340cfda8c91ffed,2024-05-17T02:39:58.983000
@ -252907,7 +252925,7 @@ CVE-2024-37535,0,0,07f7d930de9d2427116ed26f9657c7962aa8122c29cd0ba965c2b1ee75b9b
CVE-2024-3754,0,0,01f193c84b52f462bda07bbe4a51fb49e63cd8bf2361f6b49c817e3a59b81e5a,2024-06-17T12:42:04.623000
CVE-2024-3755,0,0,255cc63bdc34aca663119fb8f6757a7da5a9acef7ecda034d88dc05babf4b05b,2024-05-06T12:44:56.377000
CVE-2024-3756,0,0,978b8204ea279199334a4c8c549150dc6420f24480b5effb717e8509749d66aa,2024-05-06T12:44:56.377000
CVE-2024-37568,0,1,e54134c743ff1c9089094584276cdc79416cb675a0fc4a7177e49bc6dbf3bbc8,2024-06-20T09:15:12.253000
CVE-2024-37568,0,0,e54134c743ff1c9089094584276cdc79416cb675a0fc4a7177e49bc6dbf3bbc8,2024-06-20T09:15:12.253000
CVE-2024-37569,0,0,748406cd7b0e731a2b9037b16c6d1dde7e8c81aa1003e1ce6c82275ceb288683,2024-06-12T16:32:56.203000
CVE-2024-3757,0,0,62301a2775fcbfb9e8b5b1aa90b79aa074cd639699f2863765d338333af4b798,2024-05-07T13:39:32.710000
CVE-2024-37570,0,0,a374041c2622c9ba66d2048315fc9e015af6a8717cce4f8beb5b59800398626a,2024-06-12T16:32:34.513000
@ -253198,7 +253216,7 @@ CVE-2024-38617,0,0,d2e96d7280323f32ed957d3b647a6c9211c0b9099dfb0dd2366229f84463c
CVE-2024-38618,0,0,2355a65d823178dbc67530257af22b7ca0cd2b710a40f5d1c17535efa8ffc772,2024-06-19T14:15:21.567000
CVE-2024-38619,0,0,04916e6841fea2c2384a6e8546cea3a04b4c5fe37f91ff2f098a22d640694557,2024-06-20T07:15:41.830000
CVE-2024-3862,0,0,d892c55e37e2ad71ebd3e4aade996aff767de8739f62e2d71c93704431b2b09c,2024-04-17T12:48:31.863000
CVE-2024-38620,1,1,2d2b83ae1032a00e82c63edf9ae617b9ef9a62e18f90d060d3b153645c9e6bf1,2024-06-20T08:15:38.377000
CVE-2024-38620,0,0,2d2b83ae1032a00e82c63edf9ae617b9ef9a62e18f90d060d3b153645c9e6bf1,2024-06-20T08:15:38.377000
CVE-2024-3863,0,0,2bcd7aff2d943e7ab42e23b79c60d375ad9e243a307a827bee502e9df179514c,2024-04-19T17:15:55.333000
CVE-2024-3864,0,0,19d7836c62228b8f626d6423c9bc9a43211c93bf4b17c3a151f2e9e764cbca42,2024-04-24T10:15:07.597000
CVE-2024-3865,0,0,8b230c3d643bf4def0090616d3b729148802c45f8b0915e5522b00babc710a03,2024-04-17T12:48:31.863000
@ -254066,6 +254084,7 @@ CVE-2024-5023,0,0,974704283893df4cc9d8e0bcce8bb65ebf635268235f75f47c922033893214
CVE-2024-5025,0,0,d287dc9bcba0fba1784ec3f3fe4bf65eea235ed5e6f91d741018beb442d992d7,2024-05-22T12:46:53.887000
CVE-2024-5031,0,0,e598ebc5c9fa457f9bece560d72de6fc8851ac943a5e7908ec776eb9202f17df,2024-05-22T12:46:53.887000
CVE-2024-5035,0,0,04b94f66274e3d3d22c52a6f453c8b285ab22579cfad76ef028d6a110e1aa148,2024-05-29T05:16:08.793000
CVE-2024-5036,1,1,b6a781315c42c4b8b49e1f2649a8f7674d4e50a4b7588101a14d43dc8e75c278,2024-06-20T11:15:56.273000
CVE-2024-5037,0,0,5a13acce718f507f5063e90d1fbe76947aa8c069dd7062440b3d79f97548841b,2024-06-18T17:04:31.360000
CVE-2024-5038,0,0,06b42bf2f2d8413cc0f40932a00eaaea0786a8ef2cd369c2d799d355c720323a,2024-06-11T17:41:37.883000
CVE-2024-5039,0,0,42959b486bf28971702f84d5d970f64301a550626d1348beb35b7505e0fa75c5,2024-05-29T15:18:26.427000
@ -254551,6 +254570,7 @@ CVE-2024-5860,0,0,c5c9f1df18adaa1e39e379691a52abd56fb4990c1e90abbe780c7d7d36e073
CVE-2024-5868,0,0,cddb0a1baa550d897574c2505eb276b5cd69c2fd57d27d79dec0dad91553a572,2024-06-17T12:42:04.623000
CVE-2024-5871,0,0,83e6d3ea3d7363cdcbcb485d9161ada2b3d6bba887290fa58ab89820983d4022,2024-06-17T12:42:04.623000
CVE-2024-5873,0,0,4affe4b1f71505ca05298a33c7e23c3ae147869580237755bed2d180fbea1b8e,2024-06-12T08:15:51.550000
CVE-2024-5886,1,1,0c13c4ee009af0d9946120b2238809bd0a7459b4e90701a2a72b91121b1d711b,2024-06-20T11:15:56.580000
CVE-2024-5891,0,0,da4ba5748ecb097f5befd86d4787f2c76143132bf594110b21f16b774e08e15d,2024-06-13T18:36:09.010000
CVE-2024-5892,0,0,890747e3858b777381fac245c58cda030faeadae1530ec4012d9670fde261a4e,2024-06-13T18:36:09.013000
CVE-2024-5893,0,0,8bbdd4fceee6f55f46acaf4e2e772cd5b071a8548251271838818c6acd356beb,2024-06-13T18:36:09.010000
@ -254648,3 +254668,5 @@ CVE-2024-6176,0,0,bd660c0cde647fe1bccb04d647014bfeadeca873814685115b39e74c61c8f2
CVE-2024-6177,0,0,e2006bd8c117b361d15d615544253325ed284d266829d0d7c581f459913766c1,2024-06-20T02:15:11.980000
CVE-2024-6178,0,0,b585588c1b5751ce256a7f1d8c6c6c4f50d67eb468665169500a1bbf3e780a64,2024-06-20T02:15:12.123000
CVE-2024-6179,0,0,65c180015474b6671311fe92692345a2f1123e438c5d25ef1d3bb1089c68bc2d,2024-06-20T02:15:12.257000
CVE-2024-6181,1,1,81641b8b9146260b7f48c485111a885e8d9e1f90d760cc4da98aa2245841c1c6,2024-06-20T11:15:56.723000
CVE-2024-6182,1,1,07cfc08451dd84c1512a6d840f28fec61137669b55946f78e994e0b1a9b7b62c,2024-06-20T11:15:57.117000

Can't render this file because it is too large.