From 4d727f9004e965e2578080895192d24be573f025 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 29 Jul 2024 16:03:14 +0000 Subject: [PATCH] Auto-Update: 2024-07-29T16:00:18.237348+00:00 --- CVE-2023/CVE-2023-507xx/CVE-2023-50700.json | 8 +- CVE-2024/CVE-2024-17xx/CVE-2024-1798.json | 8 +- CVE-2024/CVE-2024-18xx/CVE-2024-1804.json | 8 +- CVE-2024/CVE-2024-242xx/CVE-2024-24257.json | 8 +- CVE-2024/CVE-2024-265xx/CVE-2024-26520.json | 8 +- CVE-2024/CVE-2024-273xx/CVE-2024-27357.json | 8 +- CVE-2024/CVE-2024-273xx/CVE-2024-27358.json | 8 +- CVE-2024/CVE-2024-326xx/CVE-2024-32671.json | 8 +- CVE-2024/CVE-2024-339xx/CVE-2024-33901.json | 2 +- CVE-2024/CVE-2024-370xx/CVE-2024-37034.json | 8 +- CVE-2024/CVE-2024-373xx/CVE-2024-37381.json | 8 +- CVE-2024/CVE-2024-379xx/CVE-2024-37906.json | 60 +++ CVE-2024/CVE-2024-385xx/CVE-2024-38508.json | 8 +- CVE-2024/CVE-2024-385xx/CVE-2024-38509.json | 8 +- CVE-2024/CVE-2024-385xx/CVE-2024-38510.json | 8 +- CVE-2024/CVE-2024-385xx/CVE-2024-38511.json | 8 +- CVE-2024/CVE-2024-385xx/CVE-2024-38512.json | 8 +- CVE-2024/CVE-2024-385xx/CVE-2024-38529.json | 60 +++ CVE-2024/CVE-2024-388xx/CVE-2024-38871.json | 8 +- CVE-2024/CVE-2024-388xx/CVE-2024-38872.json | 8 +- CVE-2024/CVE-2024-393xx/CVE-2024-39304.json | 8 +- CVE-2024/CVE-2024-401xx/CVE-2024-40116.json | 8 +- CVE-2024/CVE-2024-401xx/CVE-2024-40117.json | 8 +- CVE-2024/CVE-2024-404xx/CVE-2024-40433.json | 8 +- CVE-2024/CVE-2024-405xx/CVE-2024-40576.json | 25 ++ CVE-2024/CVE-2024-406xx/CVE-2024-40689.json | 8 +- CVE-2024/CVE-2024-410xx/CVE-2024-41013.json | 8 +- CVE-2024/CVE-2024-410xx/CVE-2024-41014.json | 8 +- CVE-2024/CVE-2024-410xx/CVE-2024-41015.json | 8 +- CVE-2024/CVE-2024-410xx/CVE-2024-41016.json | 8 +- CVE-2024/CVE-2024-410xx/CVE-2024-41017.json | 8 +- CVE-2024/CVE-2024-410xx/CVE-2024-41018.json | 8 +- CVE-2024/CVE-2024-410xx/CVE-2024-41019.json | 8 +- CVE-2024/CVE-2024-410xx/CVE-2024-41020.json | 53 +++ CVE-2024/CVE-2024-410xx/CVE-2024-41021.json | 29 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41022.json | 49 +++ CVE-2024/CVE-2024-410xx/CVE-2024-41023.json | 25 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41024.json | 29 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41025.json | 29 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41026.json | 25 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41027.json | 37 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41028.json | 33 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41029.json | 25 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41030.json | 33 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41031.json | 29 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41032.json | 29 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41033.json | 25 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41034.json | 49 +++ CVE-2024/CVE-2024-410xx/CVE-2024-41035.json | 49 +++ CVE-2024/CVE-2024-410xx/CVE-2024-41036.json | 33 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41037.json | 29 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41038.json | 33 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41039.json | 33 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41040.json | 41 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41041.json | 45 +++ CVE-2024/CVE-2024-410xx/CVE-2024-41042.json | 25 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41043.json | 25 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41044.json | 49 +++ CVE-2024/CVE-2024-410xx/CVE-2024-41045.json | 25 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41046.json | 49 +++ CVE-2024/CVE-2024-410xx/CVE-2024-41047.json | 37 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41048.json | 37 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41049.json | 45 +++ CVE-2024/CVE-2024-410xx/CVE-2024-41050.json | 33 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41051.json | 33 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41052.json | 29 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41053.json | 29 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41054.json | 29 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41055.json | 41 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41056.json | 33 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41057.json | 33 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41058.json | 33 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41059.json | 49 +++ CVE-2024/CVE-2024-410xx/CVE-2024-41060.json | 37 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41061.json | 25 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41062.json | 33 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41063.json | 49 +++ CVE-2024/CVE-2024-410xx/CVE-2024-41064.json | 45 +++ CVE-2024/CVE-2024-410xx/CVE-2024-41065.json | 45 +++ CVE-2024/CVE-2024-410xx/CVE-2024-41066.json | 33 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41067.json | 25 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41068.json | 49 +++ CVE-2024/CVE-2024-410xx/CVE-2024-41069.json | 33 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41070.json | 45 +++ CVE-2024/CVE-2024-410xx/CVE-2024-41071.json | 25 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41072.json | 49 +++ CVE-2024/CVE-2024-410xx/CVE-2024-41073.json | 37 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41074.json | 33 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41075.json | 33 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41076.json | 33 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41077.json | 41 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41078.json | 41 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41079.json | 33 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41080.json | 25 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41081.json | 49 +++ CVE-2024/CVE-2024-410xx/CVE-2024-41082.json | 25 ++ CVE-2024/CVE-2024-410xx/CVE-2024-41090.json | 8 +- CVE-2024/CVE-2024-410xx/CVE-2024-41091.json | 8 +- CVE-2024/CVE-2024-411xx/CVE-2024-41112.json | 10 +- CVE-2024/CVE-2024-411xx/CVE-2024-41113.json | 10 +- CVE-2024/CVE-2024-411xx/CVE-2024-41114.json | 10 +- CVE-2024/CVE-2024-411xx/CVE-2024-41115.json | 10 +- CVE-2024/CVE-2024-411xx/CVE-2024-41116.json | 10 +- CVE-2024/CVE-2024-411xx/CVE-2024-41117.json | 10 +- CVE-2024/CVE-2024-411xx/CVE-2024-41118.json | 10 +- CVE-2024/CVE-2024-411xx/CVE-2024-41119.json | 10 +- CVE-2024/CVE-2024-411xx/CVE-2024-41120.json | 10 +- CVE-2024/CVE-2024-411xx/CVE-2024-41139.json | 8 +- CVE-2024/CVE-2024-411xx/CVE-2024-41143.json | 8 +- CVE-2024/CVE-2024-413xx/CVE-2024-41353.json | 8 +- CVE-2024/CVE-2024-413xx/CVE-2024-41354.json | 8 +- CVE-2024/CVE-2024-413xx/CVE-2024-41355.json | 8 +- CVE-2024/CVE-2024-413xx/CVE-2024-41356.json | 8 +- CVE-2024/CVE-2024-413xx/CVE-2024-41357.json | 8 +- CVE-2024/CVE-2024-413xx/CVE-2024-41373.json | 8 +- CVE-2024/CVE-2024-413xx/CVE-2024-41374.json | 8 +- CVE-2024/CVE-2024-413xx/CVE-2024-41375.json | 8 +- CVE-2024/CVE-2024-416xx/CVE-2024-41628.json | 8 +- CVE-2024/CVE-2024-416xx/CVE-2024-41637.json | 8 +- CVE-2024/CVE-2024-416xx/CVE-2024-41670.json | 8 +- CVE-2024/CVE-2024-416xx/CVE-2024-41671.json | 64 ++++ CVE-2024/CVE-2024-416xx/CVE-2024-41676.json | 60 +++ CVE-2024/CVE-2024-416xx/CVE-2024-41692.json | 4 +- CVE-2024/CVE-2024-417xx/CVE-2024-41726.json | 8 +- CVE-2024/CVE-2024-417xx/CVE-2024-41799.json | 64 ++++ CVE-2024/CVE-2024-418xx/CVE-2024-41805.json | 8 +- CVE-2024/CVE-2024-418xx/CVE-2024-41812.json | 8 +- CVE-2024/CVE-2024-418xx/CVE-2024-41813.json | 8 +- CVE-2024/CVE-2024-418xx/CVE-2024-41815.json | 8 +- CVE-2024/CVE-2024-418xx/CVE-2024-41881.json | 8 +- CVE-2024/CVE-2024-420xx/CVE-2024-42007.json | 8 +- CVE-2024/CVE-2024-420xx/CVE-2024-42029.json | 8 +- CVE-2024/CVE-2024-420xx/CVE-2024-42049.json | 8 +- CVE-2024/CVE-2024-420xx/CVE-2024-42050.json | 8 +- CVE-2024/CVE-2024-420xx/CVE-2024-42051.json | 8 +- CVE-2024/CVE-2024-420xx/CVE-2024-42052.json | 8 +- CVE-2024/CVE-2024-420xx/CVE-2024-42053.json | 8 +- CVE-2024/CVE-2024-420xx/CVE-2024-42054.json | 8 +- CVE-2024/CVE-2024-420xx/CVE-2024-42055.json | 8 +- CVE-2024/CVE-2024-44xx/CVE-2024-4410.json | 8 +- CVE-2024/CVE-2024-44xx/CVE-2024-4483.json | 8 +- CVE-2024/CVE-2024-47xx/CVE-2024-4786.json | 8 +- CVE-2024/CVE-2024-52xx/CVE-2024-5285.json | 8 +- CVE-2024/CVE-2024-56xx/CVE-2024-5614.json | 8 +- CVE-2024/CVE-2024-56xx/CVE-2024-5670.json | 8 +- CVE-2024/CVE-2024-58xx/CVE-2024-5882.json | 8 +- CVE-2024/CVE-2024-58xx/CVE-2024-5883.json | 8 +- CVE-2024/CVE-2024-59xx/CVE-2024-5969.json | 8 +- CVE-2024/CVE-2024-61xx/CVE-2024-6124.json | 4 +- CVE-2024/CVE-2024-61xx/CVE-2024-6152.json | 8 +- CVE-2024/CVE-2024-63xx/CVE-2024-6362.json | 8 +- CVE-2024/CVE-2024-63xx/CVE-2024-6366.json | 8 +- CVE-2024/CVE-2024-64xx/CVE-2024-6431.json | 8 +- CVE-2024/CVE-2024-64xx/CVE-2024-6458.json | 8 +- CVE-2024/CVE-2024-64xx/CVE-2024-6487.json | 8 +- CVE-2024/CVE-2024-65xx/CVE-2024-6518.json | 8 +- CVE-2024/CVE-2024-65xx/CVE-2024-6520.json | 8 +- CVE-2024/CVE-2024-65xx/CVE-2024-6521.json | 8 +- CVE-2024/CVE-2024-65xx/CVE-2024-6545.json | 8 +- CVE-2024/CVE-2024-65xx/CVE-2024-6546.json | 8 +- CVE-2024/CVE-2024-65xx/CVE-2024-6547.json | 8 +- CVE-2024/CVE-2024-65xx/CVE-2024-6548.json | 8 +- CVE-2024/CVE-2024-65xx/CVE-2024-6549.json | 8 +- CVE-2024/CVE-2024-65xx/CVE-2024-6566.json | 8 +- CVE-2024/CVE-2024-65xx/CVE-2024-6569.json | 8 +- CVE-2024/CVE-2024-65xx/CVE-2024-6573.json | 8 +- CVE-2024/CVE-2024-65xx/CVE-2024-6576.json | 60 +++ CVE-2024/CVE-2024-65xx/CVE-2024-6591.json | 8 +- CVE-2024/CVE-2024-66xx/CVE-2024-6627.json | 8 +- CVE-2024/CVE-2024-66xx/CVE-2024-6634.json | 8 +- CVE-2024/CVE-2024-66xx/CVE-2024-6661.json | 8 +- CVE-2024/CVE-2024-67xx/CVE-2024-6703.json | 8 +- CVE-2024/CVE-2024-68xx/CVE-2024-6881.json | 4 +- CVE-2024/CVE-2024-68xx/CVE-2024-6897.json | 8 +- CVE-2024/CVE-2024-69xx/CVE-2024-6922.json | 8 +- CVE-2024/CVE-2024-69xx/CVE-2024-6984.json | 64 ++++ CVE-2024/CVE-2024-70xx/CVE-2024-7050.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7128.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7151.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7152.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7153.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7154.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7155.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7156.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7157.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7158.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7159.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7160.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7161.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7162.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7163.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7164.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7165.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7166.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7167.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7168.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7169.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7170.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7171.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7172.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7173.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7174.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7175.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7176.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7177.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7178.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7179.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7180.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7181.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7182.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7183.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7184.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7185.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7186.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7187.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7188.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7189.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7190.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7191.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7192.json | 4 +- CVE-2024/CVE-2024-71xx/CVE-2024-7193.json | 4 +- CVE-2024/CVE-2024-71xx/CVE-2024-7194.json | 4 +- CVE-2024/CVE-2024-71xx/CVE-2024-7195.json | 8 +- CVE-2024/CVE-2024-71xx/CVE-2024-7196.json | 4 +- CVE-2024/CVE-2024-71xx/CVE-2024-7197.json | 4 +- CVE-2024/CVE-2024-71xx/CVE-2024-7198.json | 4 +- CVE-2024/CVE-2024-71xx/CVE-2024-7199.json | 4 +- CVE-2024/CVE-2024-72xx/CVE-2024-7200.json | 4 +- CVE-2024/CVE-2024-72xx/CVE-2024-7201.json | 8 +- CVE-2024/CVE-2024-72xx/CVE-2024-7202.json | 8 +- README.md | 68 +++- _state.csv | 391 ++++++++++++-------- 232 files changed, 3896 insertions(+), 499 deletions(-) create mode 100644 CVE-2024/CVE-2024-379xx/CVE-2024-37906.json create mode 100644 CVE-2024/CVE-2024-385xx/CVE-2024-38529.json create mode 100644 CVE-2024/CVE-2024-405xx/CVE-2024-40576.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41020.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41021.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41022.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41023.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41024.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41025.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41026.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41027.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41028.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41029.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41030.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41031.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41032.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41033.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41034.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41035.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41036.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41037.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41038.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41039.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41040.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41041.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41042.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41043.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41044.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41045.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41046.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41047.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41048.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41049.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41050.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41051.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41052.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41053.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41054.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41055.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41056.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41057.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41058.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41059.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41060.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41061.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41062.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41063.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41064.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41065.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41066.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41067.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41068.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41069.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41070.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41071.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41072.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41073.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41074.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41075.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41076.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41077.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41078.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41079.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41080.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41081.json create mode 100644 CVE-2024/CVE-2024-410xx/CVE-2024-41082.json create mode 100644 CVE-2024/CVE-2024-416xx/CVE-2024-41671.json create mode 100644 CVE-2024/CVE-2024-416xx/CVE-2024-41676.json create mode 100644 CVE-2024/CVE-2024-417xx/CVE-2024-41799.json create mode 100644 CVE-2024/CVE-2024-65xx/CVE-2024-6576.json create mode 100644 CVE-2024/CVE-2024-69xx/CVE-2024-6984.json diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50700.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50700.json index af4c085fc0f..5e221fabd98 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50700.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50700.json @@ -2,13 +2,17 @@ "id": "CVE-2023-50700", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-26T17:15:10.803", - "lastModified": "2024-07-26T17:15:10.803", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Insecure Permissions vulnerability in Deepin dde-file-manager 6.0.54 and earlier allows privileged operations to be called by unprivileged users via the D-Bus method." + }, + { + "lang": "es", + "value": " La vulnerabilidad de permisos inseguros en Deepin dde-file-manager 6.0.54 y versiones anteriores permite que usuarios sin privilegios llamen a operaciones privilegiadas a trav\u00e9s del m\u00e9todo D-Bus." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1798.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1798.json index 62eebbe7d24..c67884e3817 100644 --- a/CVE-2024/CVE-2024-17xx/CVE-2024-1798.json +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1798.json @@ -2,13 +2,17 @@ "id": "CVE-2024-1798", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T02:15:09.800", - "lastModified": "2024-07-27T02:15:09.800", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Tutor LMS \u2013 Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutor_lp_export_xml function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to export courses, including private and password protected courses." + }, + { + "lang": "es", + "value": "El complemento Tutor LMS \u2013 Migration Tool para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n tutor_lp_export_xml en todas las versiones hasta la 2.2.0 incluida. Esto hace posible que atacantes no autenticados exporten cursos, incluidos cursos privados y protegidos con contrase\u00f1a." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-18xx/CVE-2024-1804.json b/CVE-2024/CVE-2024-18xx/CVE-2024-1804.json index b76260d9c04..2b0dc70b5ad 100644 --- a/CVE-2024/CVE-2024-18xx/CVE-2024-1804.json +++ b/CVE-2024/CVE-2024-18xx/CVE-2024-1804.json @@ -2,13 +2,17 @@ "id": "CVE-2024-1804", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T02:15:10.060", - "lastModified": "2024-07-27T02:15:10.060", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Tutor LMS \u2013 Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutor_import_from_xml function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to import courses." + }, + { + "lang": "es", + "value": " El complemento Tutor LMS \u2013 Migration Tool para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n tutor_import_from_xml en todas las versiones hasta la 2.2.0 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, importen cursos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-242xx/CVE-2024-24257.json b/CVE-2024/CVE-2024-242xx/CVE-2024-24257.json index bfdf71229ac..28ebb8abc49 100644 --- a/CVE-2024/CVE-2024-242xx/CVE-2024-24257.json +++ b/CVE-2024/CVE-2024-242xx/CVE-2024-24257.json @@ -2,13 +2,17 @@ "id": "CVE-2024-24257", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-26T17:15:11.173", - "lastModified": "2024-07-26T17:15:11.173", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an attacker to obtain sensitive information via a crafted script to the csl/user component." + }, + { + "lang": "es", + "value": "Un problema en Central Control Attendance Machine web management platform v.3.0 de skteco.com permite a un atacante obtener informaci\u00f3n confidencial a trav\u00e9s de un script manipulado para el componente csl/user." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-265xx/CVE-2024-26520.json b/CVE-2024/CVE-2024-265xx/CVE-2024-26520.json index 6ef82630e9e..a416c1d1fe6 100644 --- a/CVE-2024/CVE-2024-265xx/CVE-2024-26520.json +++ b/CVE-2024/CVE-2024-265xx/CVE-2024-26520.json @@ -2,13 +2,17 @@ "id": "CVE-2024-26520", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-26T17:15:11.507", - "lastModified": "2024-07-26T17:15:11.507", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform v1 allows an attacker to bypass authentication and perform arbitrary password resets." + }, + { + "lang": "es", + "value": " Un problema en Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform v1 permite a un atacante omitir la autenticaci\u00f3n y realizar restablecimientos de contrase\u00f1a arbitrarios." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27357.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27357.json index 168f43820a5..32811d48ca0 100644 --- a/CVE-2024/CVE-2024-273xx/CVE-2024-27357.json +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27357.json @@ -2,13 +2,17 @@ "id": "CVE-2024-27357", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-26T17:15:11.580", - "lastModified": "2024-07-26T17:15:11.580", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in WithSecure Elements Agent through 23.x for macOS, WithSecure Elements Client Security through 23.x for macOS, and WithSecure MDR through 23.x for macOS. Local Privilege Escalation can occur during installations or updates by admins." + }, + { + "lang": "es", + "value": " Se descubri\u00f3 un problema en WithSecure Elements Agent hasta 23.x para macOS, WithSecure Elements Client Security hasta 23.x para macOS y WithSecure MDR hasta 23.x para macOS. La escalada de privilegios locales puede ocurrir durante las instalaciones o actualizaciones por parte de los administradores." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27358.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27358.json index fdbdb2ad316..9292e7ccb6c 100644 --- a/CVE-2024/CVE-2024-273xx/CVE-2024-27358.json +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27358.json @@ -2,13 +2,17 @@ "id": "CVE-2024-27358", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-26T17:15:11.650", - "lastModified": "2024-07-26T17:15:11.650", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in WithSecure Elements Agent through 23.x for macOS and WithSecure Elements Client Security through 23.x for macOS. Local users can block an admin from completing an installation, aka a Denial-of-Service (DoS)." + }, + { + "lang": "es", + "value": " Se descubri\u00f3 un problema en WithSecure Elements Agent hasta 23.x para macOS y WithSecure Elements Client Security hasta 23.x para macOS. Los usuarios locales pueden impedir que un administrador complete una instalaci\u00f3n, tambi\u00e9n conocido como Denegaci\u00f3n de servicio (DoS)." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-326xx/CVE-2024-32671.json b/CVE-2024/CVE-2024-326xx/CVE-2024-32671.json index 58e3798a8f1..839b132db58 100644 --- a/CVE-2024/CVE-2024-326xx/CVE-2024-32671.json +++ b/CVE-2024/CVE-2024-326xx/CVE-2024-32671.json @@ -2,13 +2,17 @@ "id": "CVE-2024-32671", "sourceIdentifier": "PSIRT@samsung.com", "published": "2024-07-29T03:15:02.017", - "lastModified": "2024-07-29T03:15:02.017", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0." + }, + { + "lang": "es", + "value": " La vulnerabilidad de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en el motor JavaScript Escargot de c\u00f3digo abierto de Samsung permite desbordamiento de b\u00fafer. Este problema afecta a Escargot: 4.0.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-339xx/CVE-2024-33901.json b/CVE-2024/CVE-2024-339xx/CVE-2024-33901.json index 787d067abe4..8e7178fb329 100644 --- a/CVE-2024/CVE-2024-339xx/CVE-2024-33901.json +++ b/CVE-2024/CVE-2024-339xx/CVE-2024-33901.json @@ -2,7 +2,7 @@ "id": "CVE-2024-33901", "sourceIdentifier": "cve@mitre.org", "published": "2024-05-20T21:15:09.243", - "lastModified": "2024-05-21T17:15:09.143", + "lastModified": "2024-07-29T15:15:10.533", "vulnStatus": "Awaiting Analysis", "cveTags": [ { diff --git a/CVE-2024/CVE-2024-370xx/CVE-2024-37034.json b/CVE-2024/CVE-2024-370xx/CVE-2024-37034.json index 6b5e75d663c..5decdc12e3f 100644 --- a/CVE-2024/CVE-2024-370xx/CVE-2024-37034.json +++ b/CVE-2024/CVE-2024-370xx/CVE-2024-37034.json @@ -2,13 +2,17 @@ "id": "CVE-2024-37034", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-26T22:15:03.853", - "lastModified": "2024-07-26T22:15:03.853", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure." + }, + { + "lang": "es", + "value": " Se descubri\u00f3 un problema en Couchbase Server anterior a 7.2.5 y 7.6.0 anterior a 7.6.1. No garantiza que las credenciales se negocien con el servicio Key-Value (KV) mediante SCRAM-SHA cuando el cifrado de enlace remoto est\u00e1 configurado para Half-Secure." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-373xx/CVE-2024-37381.json b/CVE-2024/CVE-2024-373xx/CVE-2024-37381.json index 48ed31dd94f..b4d4f6588ce 100644 --- a/CVE-2024/CVE-2024-373xx/CVE-2024-37381.json +++ b/CVE-2024/CVE-2024-373xx/CVE-2024-37381.json @@ -2,13 +2,17 @@ "id": "CVE-2024-37381", "sourceIdentifier": "support@hackerone.com", "published": "2024-07-29T06:15:01.827", - "lastModified": "2024-07-29T06:15:01.827", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code." + }, + { + "lang": "es", + "value": " Una vulnerabilidad de inyecci\u00f3n SQL no especificada en el servidor central de Ivanti EPM 2024 permite que un atacante autenticado dentro de la misma red ejecute c\u00f3digo arbitrario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37906.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37906.json new file mode 100644 index 00000000000..5eac207e7bd --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37906.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-37906", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-07-29T15:15:10.747", + "lastModified": "2024-07-29T15:15:10.747", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.9, there is an SQL Injection in the `/adm_program/modules/ecards/ecard_send.php` source file of the Admidio Application. The SQL Injection results in a compromise of the application's database. The value of `ecard_recipients `POST parameter is being directly concatenated with the SQL query in the source code causing the SQL Injection. The SQL Injection can be exploited by a member user, using blind condition-based, time-based, and Out of band interaction SQL Injection payloads. This vulnerability is fixed in 4.3.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Admidio/admidio/commit/3ff02b0c64a6911ab3e81cd61077f392c0b25248", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Admidio/admidio/security/advisories/GHSA-69wx-xc6j-28v3", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-385xx/CVE-2024-38508.json b/CVE-2024/CVE-2024-385xx/CVE-2024-38508.json index 45c2132bd87..6ce6a331ae0 100644 --- a/CVE-2024/CVE-2024-385xx/CVE-2024-38508.json +++ b/CVE-2024/CVE-2024-385xx/CVE-2024-38508.json @@ -2,13 +2,17 @@ "id": "CVE-2024-38508", "sourceIdentifier": "psirt@lenovo.com", "published": "2024-07-26T20:15:03.597", - "lastModified": "2024-07-26T20:15:03.597", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request." + }, + { + "lang": "es", + "value": " Se descubri\u00f3 una vulnerabilidad de escalada de privilegios en la interfaz web o en la interfaz de shell de comandos cautivos SSH de XCC que podr\u00eda permitir a un usuario de XCC autenticado con privilegios elevados realizar la inyecci\u00f3n de comandos a trav\u00e9s de una solicitud especialmente manipulada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-385xx/CVE-2024-38509.json b/CVE-2024/CVE-2024-385xx/CVE-2024-38509.json index 1bde2d40fdf..1cd84102b3c 100644 --- a/CVE-2024/CVE-2024-385xx/CVE-2024-38509.json +++ b/CVE-2024/CVE-2024-385xx/CVE-2024-38509.json @@ -2,13 +2,17 @@ "id": "CVE-2024-38509", "sourceIdentifier": "psirt@lenovo.com", "published": "2024-07-26T20:15:03.830", - "lastModified": "2024-07-26T20:15:03.830", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 una vulnerabilidad de escalada de privilegios en XCC que podr\u00eda permitir a un usuario de XCC autenticado con privilegios elevados ejecutar c\u00f3digo arbitrario a trav\u00e9s de un comando IPMI especialmente manipulado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-385xx/CVE-2024-38510.json b/CVE-2024/CVE-2024-385xx/CVE-2024-38510.json index 00f3553ceba..869fbb4e68f 100644 --- a/CVE-2024/CVE-2024-385xx/CVE-2024-38510.json +++ b/CVE-2024/CVE-2024-385xx/CVE-2024-38510.json @@ -2,13 +2,17 @@ "id": "CVE-2024-38510", "sourceIdentifier": "psirt@lenovo.com", "published": "2024-07-26T20:15:04.053", - "lastModified": "2024-07-26T20:15:04.053", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads." + }, + { + "lang": "es", + "value": " Se descubri\u00f3 una vulnerabilidad de escalada de privilegios en la interfaz del shell de comandos cautivos SSH que podr\u00eda permitir a un usuario XCC autenticado con privilegios elevados realizar la inyecci\u00f3n de comandos mediante cargas de archivos especialmente manipuladas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-385xx/CVE-2024-38511.json b/CVE-2024/CVE-2024-385xx/CVE-2024-38511.json index 668b8778c40..6e1947f1c4f 100644 --- a/CVE-2024/CVE-2024-385xx/CVE-2024-38511.json +++ b/CVE-2024/CVE-2024-385xx/CVE-2024-38511.json @@ -2,13 +2,17 @@ "id": "CVE-2024-38511", "sourceIdentifier": "psirt@lenovo.com", "published": "2024-07-26T20:15:04.263", - "lastModified": "2024-07-26T20:15:04.263", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads." + }, + { + "lang": "es", + "value": " Se descubri\u00f3 una vulnerabilidad de escalada de privilegios en una funcionalidad de procesamiento de carga de XCC que podr\u00eda permitir a un usuario de XCC autenticado con privilegios elevados realizar inyecci\u00f3n de comandos mediante cargas de archivos especialmente manipuladas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-385xx/CVE-2024-38512.json b/CVE-2024/CVE-2024-385xx/CVE-2024-38512.json index e73f78747ad..ba545ed4aa8 100644 --- a/CVE-2024/CVE-2024-385xx/CVE-2024-38512.json +++ b/CVE-2024/CVE-2024-385xx/CVE-2024-38512.json @@ -2,13 +2,17 @@ "id": "CVE-2024-38512", "sourceIdentifier": "psirt@lenovo.com", "published": "2024-07-26T20:15:04.470", - "lastModified": "2024-07-26T20:15:04.470", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands." + }, + { + "lang": "es", + "value": " Se descubri\u00f3 una vulnerabilidad de escalada de privilegios en XCC que podr\u00eda permitir a un usuario de XCC autenticado con privilegios elevados realizar inyecci\u00f3n de comandos a trav\u00e9s de comandos IPMI especialmente manipulados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-385xx/CVE-2024-38529.json b/CVE-2024/CVE-2024-385xx/CVE-2024-38529.json new file mode 100644 index 00000000000..786d67925d6 --- /dev/null +++ b/CVE-2024/CVE-2024-385xx/CVE-2024-38529.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-38529", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-07-29T15:15:10.990", + "lastModified": "2024-07-29T15:15:10.990", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.10, there is a Remote Code Execution Vulnerability in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL `{admidio_base_url}/adm_my_files/messages_attachments/{file_name}`. The vulnerability is caused due to the lack of file extension verification, allowing malicious files to be uploaded to the server and public availability of the uploaded file. This vulnerability is fixed in 4.3.10." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Admidio/admidio/commit/3b1cc1cda05747edebe15f2825b79bc5a673d94c", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Admidio/admidio/security/advisories/GHSA-g872-jwwr-vggm", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-388xx/CVE-2024-38871.json b/CVE-2024/CVE-2024-388xx/CVE-2024-38871.json index 55d1d17b012..9552b725d0b 100644 --- a/CVE-2024/CVE-2024-388xx/CVE-2024-38871.json +++ b/CVE-2024/CVE-2024-388xx/CVE-2024-38871.json @@ -2,13 +2,17 @@ "id": "CVE-2024-38871", "sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02", "published": "2024-07-26T18:15:03.137", - "lastModified": "2024-07-26T18:15:03.137", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module." + }, + { + "lang": "es", + "value": " Zohocorp ManageEngine Exchange Reporter Plus versiones 5717 e inferiores son vulnerables a la inyecci\u00f3n de SQL autenticado en el m\u00f3dulo reports." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-388xx/CVE-2024-38872.json b/CVE-2024/CVE-2024-388xx/CVE-2024-38872.json index a8f304eb901..2093f428b0a 100644 --- a/CVE-2024/CVE-2024-388xx/CVE-2024-38872.json +++ b/CVE-2024/CVE-2024-388xx/CVE-2024-38872.json @@ -2,13 +2,17 @@ "id": "CVE-2024-38872", "sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02", "published": "2024-07-26T18:15:03.350", - "lastModified": "2024-07-26T18:15:03.350", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module." + }, + { + "lang": "es", + "value": " Zohocorp ManageEngine Exchange Reporter Plus versiones 5717 e inferiores son vulnerables a la inyecci\u00f3n de SQL autenticado en el m\u00f3dulo de monitoreo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-393xx/CVE-2024-39304.json b/CVE-2024/CVE-2024-393xx/CVE-2024-39304.json index e182638c2d0..3bb19edec71 100644 --- a/CVE-2024/CVE-2024-393xx/CVE-2024-39304.json +++ b/CVE-2024/CVE-2024-393xx/CVE-2024-39304.json @@ -2,13 +2,17 @@ "id": "CVE-2024-39304", "sourceIdentifier": "security-advisories@github.com", "published": "2024-07-26T18:15:03.557", - "lastModified": "2024-07-26T18:15:03.557", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated SQL injection due to an improper sanitization of user input. Authentication is required, but no elevated privileges are necessary. This allows attackers to inject SQL statements directly into the database query due to inadequate sanitization of the EID parameter in in a GET request to `/GetText.php`. Version 5.9.2 patches the issue." + }, + { + "lang": "es", + "value": "ChurchCRM es un sistema de gesti\u00f3n de iglesias de c\u00f3digo abierto. Las versiones de la aplicaci\u00f3n anteriores a la 5.9.2 son vulnerables a una inyecci\u00f3n SQL autenticada debido a una sanitizaci\u00f3n inadecuada de la entrada del usuario. Se requiere autenticaci\u00f3n, pero no se necesitan privilegios elevados. Esto permite a los atacantes inyectar declaraciones SQL directamente en la consulta de la base de datos debido a una sanitizaci\u00f3n inadecuada del par\u00e1metro EID en una solicitud GET a `/GetText.php`. La versi\u00f3n 5.9.2 soluciona el problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-401xx/CVE-2024-40116.json b/CVE-2024/CVE-2024-401xx/CVE-2024-40116.json index 3c45ed634fd..cba400a1303 100644 --- a/CVE-2024/CVE-2024-401xx/CVE-2024-40116.json +++ b/CVE-2024/CVE-2024-401xx/CVE-2024-40116.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40116", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-26T20:15:04.980", - "lastModified": "2024-07-26T20:15:04.980", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in Solar-Log 1000 before v2.8.2 and build 52-23.04.2013 was discovered to store plaintext passwords in the export.html, email.html, and sms.html files." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Solar-Log 1000 anterior a v2.8.2 y compilaci\u00f3n 52-23.04.2013 al almacenar contrase\u00f1as en texto plano en los archivos export.html, email.html y sms.html." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-401xx/CVE-2024-40117.json b/CVE-2024/CVE-2024-401xx/CVE-2024-40117.json index 93e7dd173fa..cda88d36646 100644 --- a/CVE-2024/CVE-2024-401xx/CVE-2024-40117.json +++ b/CVE-2024/CVE-2024-401xx/CVE-2024-40117.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40117", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-26T20:15:05.033", - "lastModified": "2024-07-26T20:15:05.033", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows attackers to obtain Administrative privileges via connecting to the web administration server." + }, + { + "lang": "es", + "value": " El control de acceso incorrecto en Solar-Log 1000 anterior a v2.8.2 y compilaci\u00f3n 52-23.04.2013 permite a los atacantes obtener privilegios administrativos mediante la conexi\u00f3n al servidor de administraci\u00f3n web." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-404xx/CVE-2024-40433.json b/CVE-2024/CVE-2024-404xx/CVE-2024-40433.json index c111dee2e57..b39cd671a2b 100644 --- a/CVE-2024/CVE-2024-404xx/CVE-2024-40433.json +++ b/CVE-2024/CVE-2024-404xx/CVE-2024-40433.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40433", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-26T22:15:03.943", - "lastModified": "2024-07-26T22:15:03.943", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Insecure Permissions vulnerability in Tencent wechat v.8.0.37 allows an attacker to escalate privileges via the web-view component." + }, + { + "lang": "es", + "value": " La vulnerabilidad de permisos inseguros en Tencent wechat v.8.0.37 permite a un atacante escalar privilegios a trav\u00e9s del componente de vista web." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-405xx/CVE-2024-40576.json b/CVE-2024/CVE-2024-405xx/CVE-2024-40576.json new file mode 100644 index 00000000000..17615044e7c --- /dev/null +++ b/CVE-2024/CVE-2024-405xx/CVE-2024-40576.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-40576", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-07-29T14:15:03.677", + "lastModified": "2024-07-29T14:15:03.677", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in Best House Rental Management System 1.0 allows a remote attacker to execute arbitrary code via the \"House No\" and \"Description\" parameters in the houses page at the index.php component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/jubilianite/CVEs/blob/main/CVE-2024-40576.md", + "source": "cve@mitre.org" + }, + { + "url": "https://www.sourcecodester.com/php/17375/best-courier-management-system-project-php.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-406xx/CVE-2024-40689.json b/CVE-2024/CVE-2024-406xx/CVE-2024-40689.json index 96e9c3051d1..783561d3730 100644 --- a/CVE-2024/CVE-2024-406xx/CVE-2024-40689.json +++ b/CVE-2024/CVE-2024-406xx/CVE-2024-40689.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40689", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-07-26T14:15:02.863", - "lastModified": "2024-07-26T14:15:02.863", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. IBM X-Force ID: 297719." + }, + { + "lang": "es", + "value": "IBM InfoSphere Information Server 11.7 es vulnerable a la inyecci\u00f3n SQL. Un atacante remoto podr\u00eda enviar declaraciones SQL especialmente manipuladas, que podr\u00edan permitirle ver, agregar, modificar o eliminar informaci\u00f3n en la base de datos back-end. ID de IBM X-Force: 297719." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41013.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41013.json index 80e18cd922a..227f3e17a38 100644 --- a/CVE-2024/CVE-2024-410xx/CVE-2024-41013.json +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41013.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41013", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T07:15:05.430", - "lastModified": "2024-07-29T07:15:05.430", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: don't walk off the end of a directory data block\n\nThis adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry\nto make sure don't stray beyond valid memory region. Before patching, the\nloop simply checks that the start offset of the dup and dep is within the\nrange. So in a crafted image, if last entry is xfs_dir2_data_unused, we\ncan change dup->length to dup->length-1 and leave 1 byte of space. In the\nnext traversal, this space will be considered as dup or dep. We may\nencounter an out of bound read when accessing the fixed members.\n\nIn the patch, we make sure that the remaining bytes large enough to hold\nan unused entry before accessing xfs_dir2_data_unused and\nxfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also make\nsure that the remaining bytes large enough to hold a dirent with a\nsingle-byte name before accessing xfs_dir2_data_entry." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: xfs: no salga del final de un bloque de datos de directorio. Esto agrega controles de sanitizaci\u00f3n para xfs_dir2_data_unused y xfs_dir2_data_entry para asegurarse de que no se desv\u00eden m\u00e1s all\u00e1 de la regi\u00f3n de memoria v\u00e1lida. Antes de parchear, el bucle simplemente verifica que el desplazamiento inicial de dup y dep est\u00e9 dentro del rango. Entonces, en una imagen manipulada, si la \u00faltima entrada es xfs_dir2_data_unused, podemos cambiar dup->length a dup->length-1 y dejar 1 byte de espacio. En el pr\u00f3ximo recorrido, este espacio se considerar\u00e1 dup o dep. Es posible que nos encontremos con una lectura fuera de los l\u00edmites al acceder a los miembros fijos. En el parche, nos aseguramos de que los bytes restantes sean lo suficientemente grandes como para contener una entrada no utilizada antes de acceder a xfs_dir2_data_unused y xfs_dir2_data_unused est\u00e9n alineados con los bytes XFS_DIR2_DATA_ALIGN. Tambi\u00e9n nos aseguramos de que los bytes restantes sean lo suficientemente grandes como para contener un directorio con un nombre de un solo byte antes de acceder a xfs_dir2_data_entry." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41014.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41014.json index bce12754a2d..6002b68f0b9 100644 --- a/CVE-2024/CVE-2024-410xx/CVE-2024-41014.json +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41014.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41014", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T07:15:05.810", - "lastModified": "2024-07-29T07:15:05.810", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: add bounds checking to xlog_recover_process_data\n\nThere is a lack of verification of the space occupied by fixed members\nof xlog_op_header in the xlog_recover_process_data.\n\nWe can create a crafted image to trigger an out of bounds read by\nfollowing these steps:\n 1) Mount an image of xfs, and do some file operations to leave records\n 2) Before umounting, copy the image for subsequent steps to simulate\n abnormal exit. Because umount will ensure that tail_blk and\n head_blk are the same, which will result in the inability to enter\n xlog_recover_process_data\n 3) Write a tool to parse and modify the copied image in step 2\n 4) Make the end of the xlog_op_header entries only 1 byte away from\n xlog_rec_header->h_size\n 5) xlog_rec_header->h_num_logops++\n 6) Modify xlog_rec_header->h_crc\n\nFix:\nAdd a check to make sure there is sufficient space to access fixed members\nof xlog_op_header." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xfs: agregar verificaci\u00f3n de l\u00edmites a xlog_recover_process_data Falta verificaci\u00f3n del espacio ocupado por los miembros fijos de xlog_op_header en xlog_recover_process_data. Podemos crear una imagen manipulada para activar una lectura fuera de los l\u00edmites siguiendo estos pasos: 1) Montar una imagen de xfs y realizar algunas operaciones de archivo para dejar registros 2) Antes de desmontar, copie la imagen para los pasos posteriores para simular una salida anormal. Porque umount garantizar\u00e1 que tail_blk y head_blk sean iguales, lo que resultar\u00e1 en la imposibilidad de ingresar xlog_recover_process_data 3) Escriba una herramienta para analizar y modificar la imagen copiada en el paso 2 4) Haga que el final de las entradas xlog_op_header est\u00e9 a solo 1 byte de distancia xlog_rec_header->h_size 5) xlog_rec_header->h_num_logops++ 6) Modificar xlog_rec_header->h_crc Soluci\u00f3n: agregue una marca para asegurarse de que haya suficiente espacio para acceder a los miembros fijos de xlog_op_header." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41015.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41015.json index e5a6078116e..f0be19ee28d 100644 --- a/CVE-2024/CVE-2024-410xx/CVE-2024-41015.json +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41015.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41015", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T07:15:06.033", - "lastModified": "2024-07-29T07:15:06.033", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: add bounds checking to ocfs2_check_dir_entry()\n\nThis adds sanity checks for ocfs2_dir_entry to make sure all members of\nocfs2_dir_entry don't stray beyond valid memory region." + }, + { + "lang": "es", + "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ocfs2: agregue verificaci\u00f3n de l\u00edmites a ocfs2_check_dir_entry() Esto agrega comprobaciones de sanitizaci\u00f3n para ocfs2_dir_entry para garantizar que todos los miembros de ocfs2_dir_entry no se desv\u00eden m\u00e1s all\u00e1 de la regi\u00f3n de memoria v\u00e1lida." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41016.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41016.json index 76785424207..6ffe203bace 100644 --- a/CVE-2024/CVE-2024-410xx/CVE-2024-41016.json +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41016.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41016", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T07:15:06.293", - "lastModified": "2024-07-29T07:15:06.293", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\n\nxattr in ocfs2 maybe 'non-indexed', which saved with additional space\nrequested. It's better to check if the memory is out of bound before\nmemcmp, although this possibility mainly comes from crafted poisonous\nimages." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ocfs2: verificaci\u00f3n de l\u00edmite estricto antes de memcmp en ocfs2_xattr_find_entry() xattr en ocfs2 puede ser 'non-indexed', lo que se guard\u00f3 con espacio adicional solicitado. Es mejor comprobar si la memoria est\u00e1 fuera de los l\u00edmites antes de memcmp, aunque esta posibilidad proviene principalmente de im\u00e1genes venenosas creadas." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41017.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41017.json index 12d0e729d36..b3d11eb216f 100644 --- a/CVE-2024/CVE-2024-410xx/CVE-2024-41017.json +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41017.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41017", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T07:15:06.523", - "lastModified": "2024-07-29T07:15:06.523", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: don't walk off the end of ealist\n\nAdd a check before visiting the members of ea to\nmake sure each ea stays within the ealist." + }, + { + "lang": "es", + "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: jfs: no salga del final de ealist. Agregue una verificaci\u00f3n antes de visitar a los miembros de ea para asegurarse de que cada ea permanezca dentro de ealist." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41018.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41018.json index 14d912f4a3b..ea0a92399dc 100644 --- a/CVE-2024/CVE-2024-410xx/CVE-2024-41018.json +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41018.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41018", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T07:15:06.790", - "lastModified": "2024-07-29T07:15:06.790", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Add a check for attr_names and oatbl\n\nAdded out-of-bound checking for *ane (ATTR_NAME_ENTRY)." + }, + { + "lang": "es", + "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: fs/ntfs3: agregue una verificaci\u00f3n para attr_names y oatbl. Se agreg\u00f3 una verificaci\u00f3n fuera de los l\u00edmites para *ane (ATTR_NAME_ENTRY)." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41019.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41019.json index d10b3b2eb68..2ba879604b8 100644 --- a/CVE-2024/CVE-2024-410xx/CVE-2024-41019.json +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41019.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41019", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T07:15:07.023", - "lastModified": "2024-07-29T07:15:07.023", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Validate ff offset\n\nThis adds sanity checks for ff offset. There is a check\non rt->first_free at first, but walking through by ff\nwithout any check. If the second ff is a large offset.\nWe may encounter an out-of-bound read." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: fs/ntfs3: Validar ff offset Esto agrega comprobaciones de sanitizaci\u00f3n para ff offset. Al principio hay una verificaci\u00f3n en rt->first_free, pero pasa por ff sin ninguna verificaci\u00f3n. Si el segundo ff es un desplazamiento grande. Es posible que nos encontremos con una lectura fuera de los l\u00edmites." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41020.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41020.json new file mode 100644 index 00000000000..339e1d22564 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41020.json @@ -0,0 +1,53 @@ +{ + "id": "CVE-2024-41020", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T14:15:03.773", + "lastModified": "2024-07-29T14:15:03.773", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilelock: Fix fcntl/close race recovery compat path\n\nWhen I wrote commit 3cad1bc01041 (\"filelock: Remove locks reliably when\nfcntl/close race is detected\"), I missed that there are two copies of the\ncode I was patching: The normal version, and the version for 64-bit offsets\non 32-bit kernels.\nThanks to Greg KH for stumbling over this while doing the stable\nbackport...\n\nApply exactly the same fix to the compat path for 32-bit kernels." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4c43ad4ab41602201d34c66ac62130fe339d686f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/53e21cfa68a7d12de378b7116c75571f73e0dfa2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5b0af8e4c70e4b884bb94ff5f0cd49ecf1273c02", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/73ae349534ebc377328e7d21891e589626c6e82c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/911cc83e56a2de5a40758766c6a70d6998248860", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a561145f3ae973ebf3e0aee41624e92a6c5cb38d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ed898f9ca3fa32c56c858b463ceb9d9936cc69c4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f4d0775c6e2f1340ca0725f0337de149aaa989ca", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f8138f2ad2f745b9a1c696a05b749eabe44337ea", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41021.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41021.json new file mode 100644 index 00000000000..95363b0104d --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41021.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-41021", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T14:15:03.870", + "lastModified": "2024-07-29T14:15:03.870", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/mm: Fix VM_FAULT_HWPOISON handling in do_exception()\n\nThere is no support for HWPOISON, MEMORY_FAILURE, or ARCH_HAS_COPY_MC on\ns390. Therefore we do not expect to see VM_FAULT_HWPOISON in\ndo_exception().\n\nHowever, since commit af19487f00f3 (\"mm: make PTE_MARKER_SWAPIN_ERROR more\ngeneral\"), it is possible to see VM_FAULT_HWPOISON in combination with\nPTE_MARKER_POISONED, even on architectures that do not support HWPOISON\notherwise. In this case, we will end up on the BUG() in do_exception().\n\nFix this by treating VM_FAULT_HWPOISON the same as VM_FAULT_SIGBUS, similar\nto x86 when MEMORY_FAILURE is not configured. Also print unexpected fault\nflags, for easier debugging.\n\nNote that VM_FAULT_HWPOISON_LARGE is not expected, because s390 cannot\nsupport swap entries on other levels than PTE level." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/9e13767ccefdc4f8aa92514b592b60f6b54882ff", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a3aefb871222a9880602d1a44a558177b4143e3b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/df39038cd89525d465c2c8827eb64116873f141a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41022.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41022.json new file mode 100644 index 00000000000..c8ccc0b682c --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41022.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2024-41022", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T14:15:03.943", + "lastModified": "2024-07-29T14:15:03.943", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()\n\nThe \"instance\" variable needs to be signed for the error handling to work." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/298e2ce222e712ffafa47288c5b2fcf33d72fda3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3dd9734878a9042f0358301d19a2b006a0fc4d06", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4edb0a84e6b32e75dc9bd6dd085b2c2ff19ec287", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/544fa213f15d27f0370795845d55eeb3e00080d2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6769a23697f17f9bf9365ca8ed62fe37e361a05a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a5224e2123ce21102f346f518db80f004d5053a7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d347c9a398bf7eab9408d207c0a50fb720f9de7d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e8dfbf83a82bbfb9680921719fbe65e535af59ea", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41023.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41023.json new file mode 100644 index 00000000000..eac4d5978fb --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41023.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-41023", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:11.200", + "lastModified": "2024-07-29T15:15:11.200", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/deadline: Fix task_struct reference leak\n\nDuring the execution of the following stress test with linux-rt:\n\nstress-ng --cyclic 30 --timeout 30 --minimize --quiet\n\nkmemleak frequently reported a memory leak concerning the task_struct:\n\nunreferenced object 0xffff8881305b8000 (size 16136):\n comm \"stress-ng\", pid 614, jiffies 4294883961 (age 286.412s)\n object hex dump (first 32 bytes):\n 02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .@..............\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n debug hex dump (first 16 bytes):\n 53 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 S...............\n backtrace:\n [<00000000046b6790>] dup_task_struct+0x30/0x540\n [<00000000c5ca0f0b>] copy_process+0x3d9/0x50e0\n [<00000000ced59777>] kernel_clone+0xb0/0x770\n [<00000000a50befdc>] __do_sys_clone+0xb6/0xf0\n [<000000001dbf2008>] do_syscall_64+0x5d/0xf0\n [<00000000552900ff>] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nThe issue occurs in start_dl_timer(), which increments the task_struct\nreference count and sets a timer. The timer callback, dl_task_timer,\nis supposed to decrement the reference count upon expiration. However,\nif enqueue_task_dl() is called before the timer expires and cancels it,\nthe reference count is not decremented, leading to the leak.\n\nThis patch fixes the reference leak by ensuring the task_struct\nreference count is properly decremented when the timer is canceled." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/7a54d31face626f62de415ebe77b43f76c3ffaf4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b58652db66c910c2245f5bee7deca41c12d707b9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41024.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41024.json new file mode 100644 index 00000000000..dead72f0915 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41024.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-41024", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:11.270", + "lastModified": "2024-07-29T15:15:11.270", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Restrict untrusted app to attach to privileged PD\n\nUntrusted application with access to only non-secure fastrpc device\nnode can attach to root_pd or static PDs if it can make the respective\ninit request. This can cause problems as the untrusted application\ncan send bad requests to root_pd or static PDs. Add changes to reject\nattach to privileged PDs if the request is being made using non-secure\nfastrpc device node." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5e305b5986dc52122a9368a1461f0c13e1de3fd6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bab2f5e8fd5d2f759db26b78d9db57412888f187", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c69fd8afacebfdf2f8a1ee1ea7e0723786529874", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41025.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41025.json new file mode 100644 index 00000000000..7ed515e922d --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41025.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-41025", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:11.343", + "lastModified": "2024-07-29T15:15:11.343", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix memory leak in audio daemon attach operation\n\nAudio PD daemon send the name as part of the init IOCTL call. This\nname needs to be copied to kernel for which memory is allocated.\nThis memory is never freed which might result in memory leak. Free\nthe memory when it is not needed." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/8b8b82dcf393ceaca8c88939338fd4c30b5b11b2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ad0bd973a033003ca578c42a760d1dc77aeea15e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dbf4c31c9b039fd9734da156036492a2a7f78f64", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41026.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41026.json new file mode 100644 index 00000000000..ad96ec01c93 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41026.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-41026", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:11.413", + "lastModified": "2024-07-29T15:15:11.413", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length\n\nNo check is done on the size of the data to be transmiited. This causes\na kernel panic when this size exceeds the sg_miter's length.\n\nLimit the number of transmitted bytes to sgm->length." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/16198eef11c1929374381d7f6271b4bf6aa44615", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c561c4ecce712f94b442db5960e281f13b28df2e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41027.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41027.json new file mode 100644 index 00000000000..b56fffcde15 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41027.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-41027", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:11.483", + "lastModified": "2024-07-29T15:15:11.483", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nFix userfaultfd_api to return EINVAL as expected\n\nCurrently if we request a feature that is not set in the Kernel config we\nfail silently and return all the available features. However, the man\npage indicates we should return an EINVAL.\n\nWe need to fix this issue since we can end up with a Kernel warning should\na program request the feature UFFD_FEATURE_WP_UNPOPULATED on a kernel with\nthe config not set with this feature.\n\n [ 200.812896] WARNING: CPU: 91 PID: 13634 at mm/memory.c:1660 zap_pte_range+0x43d/0x660\n [ 200.820738] Modules linked in:\n [ 200.869387] CPU: 91 PID: 13634 Comm: userfaultfd Kdump: loaded Not tainted 6.9.0-rc5+ #8\n [ 200.877477] Hardware name: Dell Inc. PowerEdge R6525/0N7YGH, BIOS 2.7.3 03/30/2022\n [ 200.885052] RIP: 0010:zap_pte_range+0x43d/0x660" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/14875fd5f9bcf60ac5518c63bfb676ade44aa7c6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1723f04caacb32cadc4e063725d836a0c4450694", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/519547760f16eae7803d2658d9524bc5ba7a20a7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8111f902b7c95d75fc80c7e577f5045886c6b384", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cd94cac4069a763ab5206be2c64c9a8beae590ba", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41028.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41028.json new file mode 100644 index 00000000000..5a89595dc94 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41028.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-41028", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:11.553", + "lastModified": "2024-07-29T15:15:11.553", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: toshiba_acpi: Fix array out-of-bounds access\n\nIn order to use toshiba_dmi_quirks[] together with the standard DMI\nmatching functions, it must be terminated by a empty entry.\n\nSince this entry is missing, an array out-of-bounds access occurs\nevery time the quirk list is processed.\n\nFix this by adding the terminating empty entry." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0d71da43d6b7916d36cf1953d793da80433c50bf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/639868f1cb87b683cf830353bbee0c4078202313", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b6e02c6b0377d4339986e07aeb696c632cd392aa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e030aa6c972641cb069086a8c7a0f747653e472a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41029.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41029.json new file mode 100644 index 00000000000..5ab6a32909b --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41029.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-41029", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:11.627", + "lastModified": "2024-07-29T15:15:11.627", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmem: core: limit cell sysfs permissions to main attribute ones\n\nThe cell sysfs attribute should not provide more access to the nvmem\ndata than the main attribute itself.\nFor example if nvme_config::root_only was set, the cell attribute\nwould still provide read access to everybody.\n\nMask out permissions not available on the main attribute." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/6bef98bafd82903a8d461463f9594f19f1fd6a85", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/aa066afaaac32caf2160d58d4e3010ee04421c62", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41030.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41030.json new file mode 100644 index 00000000000..d83845d6fa7 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41030.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-41030", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:11.697", + "lastModified": "2024-07-29T15:15:11.697", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: discard write access to the directory open\n\nmay_open() does not allow a directory to be opened with the write access.\nHowever, some writing flags set by client result in adding write access\non server, making ksmbd incompatible with FUSE file system. Simply, let's\ndiscard the write access when opening a directory.\n\nlist_add corruption. next is NULL.\n------------[ cut here ]------------\nkernel BUG at lib/list_debug.c:26!\npc : __list_add_valid+0x88/0xbc\nlr : __list_add_valid+0x88/0xbc\nCall trace:\n__list_add_valid+0x88/0xbc\nfuse_finish_open+0x11c/0x170\nfuse_open_common+0x284/0x5e8\nfuse_dir_open+0x14/0x24\ndo_dentry_open+0x2a4/0x4e0\ndentry_open+0x50/0x80\nsmb2_open+0xbe4/0x15a4\nhandle_ksmbd_work+0x478/0x5ec\nprocess_one_work+0x1b4/0x448\nworker_thread+0x25c/0x430\nkthread+0x104/0x1d4\nret_from_fork+0x10/0x20" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/198498b2049c0f11f7670be6974570e02b0cc035", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/66cf853e1c7a2407f15d9f7aaa3e47d61745e361", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9e84b1ba5c98fb5c9f869c85db1d870354613baa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e2e33caa5dc2eae7bddf88b22ce11ec3d760e5cd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41031.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41031.json new file mode 100644 index 00000000000..ee88648315f --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41031.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-41031", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:11.770", + "lastModified": "2024-07-29T15:15:11.770", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/filemap: skip to create PMD-sized page cache if needed\n\nOn ARM64, HPAGE_PMD_ORDER is 13 when the base page size is 64KB. The\nPMD-sized page cache can't be supported by xarray as the following error\nmessages indicate.\n\n------------[ cut here ]------------\nWARNING: CPU: 35 PID: 7484 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128\nModules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \\\nnft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \\\nnft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \\\nip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm \\\nfuse xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 \\\nsha1_ce virtio_net net_failover virtio_console virtio_blk failover \\\ndimlib virtio_mmio\nCPU: 35 PID: 7484 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #9\nHardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024\npstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\npc : xas_split_alloc+0xf8/0x128\nlr : split_huge_page_to_list_to_order+0x1c4/0x720\nsp : ffff800087a4f6c0\nx29: ffff800087a4f6c0 x28: ffff800087a4f720 x27: 000000001fffffff\nx26: 0000000000000c40 x25: 000000000000000d x24: ffff00010625b858\nx23: ffff800087a4f720 x22: ffffffdfc0780000 x21: 0000000000000000\nx20: 0000000000000000 x19: ffffffdfc0780000 x18: 000000001ff40000\nx17: 00000000ffffffff x16: 0000018000000000 x15: 51ec004000000000\nx14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020\nx11: 51ec000000000000 x10: 51ece1c0ffff8000 x9 : ffffbeb961a44d28\nx8 : 0000000000000003 x7 : ffffffdfc0456420 x6 : ffff0000e1aa6eb8\nx5 : 20bf08b4fe778fca x4 : ffffffdfc0456420 x3 : 0000000000000c40\nx2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000\nCall trace:\n xas_split_alloc+0xf8/0x128\n split_huge_page_to_list_to_order+0x1c4/0x720\n truncate_inode_partial_folio+0xdc/0x160\n truncate_inode_pages_range+0x1b4/0x4a8\n truncate_pagecache_range+0x84/0xa0\n xfs_flush_unmap_range+0x70/0x90 [xfs]\n xfs_file_fallocate+0xfc/0x4d8 [xfs]\n vfs_fallocate+0x124/0x2e8\n ksys_fallocate+0x4c/0xa0\n __arm64_sys_fallocate+0x24/0x38\n invoke_syscall.constprop.0+0x7c/0xd8\n do_el0_svc+0xb4/0xd0\n el0_svc+0x44/0x1d8\n el0t_64_sync_handler+0x134/0x150\n el0t_64_sync+0x17c/0x180\n\nFix it by skipping to allocate PMD-sized page cache when its size is\nlarger than MAX_PAGECACHE_ORDER. For this specific case, we will fall to\nregular path where the readahead window is determined by BDI's sysfs file\n(read_ahead_kb)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/06b5a69c27ec405a3c3f2da8520ff1ee70b94a21", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1ef650d3b1b2a16473981b447f38705fe9b93972", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3390916aca7af1893ed2ebcdfee1d6fdb65bb058", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41032.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41032.json new file mode 100644 index 00000000000..bc11d33c712 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41032.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-41032", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:11.850", + "lastModified": "2024-07-29T15:15:11.850", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: vmalloc: check if a hash-index is in cpu_possible_mask\n\nThe problem is that there are systems where cpu_possible_mask has gaps\nbetween set CPUs, for example SPARC. In this scenario addr_to_vb_xa()\nhash function can return an index which accesses to not-possible and not\nsetup CPU area using per_cpu() macro. This results in an oops on SPARC.\n\nA per-cpu vmap_block_queue is also used as hash table, incorrectly\nassuming the cpu_possible_mask has no gaps. Fix it by adjusting an index\nto a next possible CPU." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/28acd531c9a365dac01b32e6bc54aed8c1429bcb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/47f9b6e49b422392fb0e348a65eb925103ba1882", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a34acf30b19bc4ee3ba2f1082756ea2604c19138", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41033.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41033.json new file mode 100644 index 00000000000..154eae16937 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41033.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-41033", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:11.920", + "lastModified": "2024-07-29T15:15:11.920", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachestat: do not flush stats in recency check\n\nsyzbot detects that cachestat() is flushing stats, which can sleep, in its\nRCU read section (see [1]). This is done in the workingset_test_recent()\nstep (which checks if the folio's eviction is recent).\n\nMove the stat flushing step to before the RCU read section of cachestat,\nand skip stat flushing during the recency check.\n\n[1]: https://lore.kernel.org/cgroups/000000000000f71227061bdf97e0@google.com/" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1d1ba14e00d290b1ed616ed78c8c49bf897ce390", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5a4d8944d6b1e1aaaa83ea42c116b520b4ed0394", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41034.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41034.json new file mode 100644 index 00000000000..90ca69d3c87 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41034.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2024-41034", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:11.990", + "lastModified": "2024-07-29T15:15:11.990", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel bug on rename operation of broken directory\n\nSyzbot reported that in rename directory operation on broken directory on\nnilfs2, __block_write_begin_int() called to prepare block write may fail\nBUG_ON check for access exceeding the folio/page size.\n\nThis is because nilfs_dotdot(), which gets parent directory reference\nentry (\"..\") of the directory to be moved or renamed, does not check\nconsistency enough, and may return location exceeding folio/page size for\nbroken directories.\n\nFix this issue by checking required directory entries (\".\" and \"..\") in\nthe first chunk of the directory in nilfs_dotdot()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1a8879c0771a68d70ee2e5e66eea34207e8c6231", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/24c1c8566a9b6be51f5347be2ea76e25fc82b11e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/298cd810d7fb687c90a14d8f9fd1b8719a7cb8a5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/60f61514374e4a0c3b65b08c6024dd7e26150bfd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7000b438dda9d0f41a956fc9bffed92d2eb6be0d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a9a466a69b85059b341239766a10efdd3ee68a4b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a9e1ddc09ca55746079cc479aa3eb6411f0d99d4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ff9767ba2cb949701e45e6e4287f8af82986b703", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41035.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41035.json new file mode 100644 index 00000000000..8c18b399f8f --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41035.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2024-41035", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:12.077", + "lastModified": "2024-07-29T15:15:12.077", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor\n\nSyzbot has identified a bug in usbcore (see the Closes: tag below)\ncaused by our assumption that the reserved bits in an endpoint\ndescriptor's bEndpointAddress field will always be 0. As a result of\nthe bug, the endpoint_is_duplicate() routine in config.c (and possibly\nother routines as well) may believe that two descriptors are for\ndistinct endpoints, even though they have the same direction and\nendpoint number. This can lead to confusion, including the bug\nidentified by syzbot (two descriptors with matching endpoint numbers\nand directions, where one was interrupt and the other was bulk).\n\nTo fix the bug, we will clear the reserved bits in bEndpointAddress\nwhen we parse the descriptor. (Note that both the USB-2.0 and USB-3.1\nspecs say these bits are \"Reserved, reset to zero\".) This requires us\nto make a copy of the descriptor earlier in usb_parse_endpoint() and\nuse the copy instead of the original when checking for duplicates." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2bd8534a1b83c65702aec3cab164170f8e584188", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/37514a5c1251a8c5c95c323f55050736e7069ac7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/60abea505b726b38232a0ef410d2bd1994a77f78", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/647d61aef106dbed9c70447bcddbd4968e67ca64", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9edcf317620d7c6a8354911b69b874cf89716646", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a368ecde8a5055b627749b09c6218ef793043e47", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d09dd21bb5215d583ca9a1cb1464dbc77a7e88cf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d8418fd083d1b90a6c007cf8dcf81aeae274727b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41036.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41036.json new file mode 100644 index 00000000000..17bcd0cf1e2 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41036.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-41036", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:12.170", + "lastModified": "2024-07-29T15:15:12.170", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ks8851: Fix deadlock with the SPI chip variant\n\nWhen SMP is enabled and spinlocks are actually functional then there is\na deadlock with the 'statelock' spinlock between ks8851_start_xmit_spi\nand ks8851_irq:\n\n watchdog: BUG: soft lockup - CPU#0 stuck for 27s!\n call trace:\n queued_spin_lock_slowpath+0x100/0x284\n do_raw_spin_lock+0x34/0x44\n ks8851_start_xmit_spi+0x30/0xb8\n ks8851_start_xmit+0x14/0x20\n netdev_start_xmit+0x40/0x6c\n dev_hard_start_xmit+0x6c/0xbc\n sch_direct_xmit+0xa4/0x22c\n __qdisc_run+0x138/0x3fc\n qdisc_run+0x24/0x3c\n net_tx_action+0xf8/0x130\n handle_softirqs+0x1ac/0x1f0\n __do_softirq+0x14/0x20\n ____do_softirq+0x10/0x1c\n call_on_irq_stack+0x3c/0x58\n do_softirq_own_stack+0x1c/0x28\n __irq_exit_rcu+0x54/0x9c\n irq_exit_rcu+0x10/0x1c\n el1_interrupt+0x38/0x50\n el1h_64_irq_handler+0x18/0x24\n el1h_64_irq+0x64/0x68\n __netif_schedule+0x6c/0x80\n netif_tx_wake_queue+0x38/0x48\n ks8851_irq+0xb8/0x2c8\n irq_thread_fn+0x2c/0x74\n irq_thread+0x10c/0x1b0\n kthread+0xc8/0xd8\n ret_from_fork+0x10/0x20\n\nThis issue has not been identified earlier because tests were done on\na device with SMP disabled and so spinlocks were actually NOPs.\n\nNow use spin_(un)lock_bh for TX queue related locking to avoid execution\nof softirq work synchronously that would lead to a deadlock." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0913ec336a6c0c4a2b296bd9f74f8e41c4c83c8c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/10fec0cd0e8f56ff06c46bb24254c7d8f8f2bbf0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/80ece00137300d74642f2038c8fe5440deaf9f05", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a0c69c492f4a8fad52f0a97565241c926160c9a4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41037.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41037.json new file mode 100644 index 00000000000..3b37ea52b35 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41037.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-41037", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:12.240", + "lastModified": "2024-07-29T15:15:12.240", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda: fix null deref on system suspend entry\n\nWhen system enters suspend with an active stream, SOF core\ncalls hw_params_upon_resume(). On Intel platforms with HDA DMA used\nto manage the link DMA, this leads to call chain of\n\n hda_dsp_set_hw_params_upon_resume()\n -> hda_dsp_dais_suspend()\n -> hda_dai_suspend()\n -> hda_ipc4_post_trigger()\n\nA bug is hit in hda_dai_suspend() as hda_link_dma_cleanup() is run first,\nwhich clears hext_stream->link_substream, and then hda_ipc4_post_trigger()\nis called with a NULL snd_pcm_substream pointer." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/8246bbf818ed7b8d5afc92b951e6d562b45c2450", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9065693dcc13f287b9e4991f43aee70cf5538fdd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/993af0f2d9f24e3c18a445ae22b34190d1fcad61", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41038.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41038.json new file mode 100644 index 00000000000..79d8104dba6 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41038.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-41038", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:12.320", + "lastModified": "2024-07-29T15:15:12.320", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers\n\nCheck that all fields of a V2 algorithm header fit into the available\nfirmware data buffer.\n\nThe wmfw V2 format introduced variable-length strings in the algorithm\nblock header. This means the overall header length is variable, and the\nposition of most fields varies depending on the length of the string\nfields. Each field must be checked to ensure that it does not overflow\nthe firmware data buffer.\n\nAs this ia bugfix patch, the fixes avoid making any significant change to\nthe existing code. This makes it easier to review and less likely to\nintroduce new bugs." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/014239b9971d79421a0ba652579e1ca1b7b57b6d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2163aff6bebbb752edf73f79700f5e2095f3559e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6619aa48a011364e9f29083cc76368e6acfe5b11", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/76ea8e13aaefdfda6e5601323d6ea5340359dcfa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41039.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41039.json new file mode 100644 index 00000000000..099bf30452d --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41039.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-41039", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:12.393", + "lastModified": "2024-07-29T15:15:12.393", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Fix overflow checking of wmfw header\n\nFix the checking that firmware file buffer is large enough for the\nwmfw header, to prevent overrunning the buffer.\n\nThe original code tested that the firmware data buffer contained\nenough bytes for the sums of the size of the structs\n\n\twmfw_header + wmfw_adsp1_sizes + wmfw_footer\n\nBut wmfw_adsp1_sizes is only used on ADSP1 firmware. For ADSP2 and\nHalo Core the equivalent struct is wmfw_adsp2_sizes, which is\n4 bytes longer. So the length check didn't guarantee that there\nare enough bytes in the firmware buffer for a header with\nwmfw_adsp2_sizes.\n\nThis patch splits the length check into three separate parts. Each\nof the wmfw_header, wmfw_adsp?_sizes and wmfw_footer are checked\nseparately before they are used." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3019b86bce16fbb5bc1964f3544d0ce7d0137278", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/49a79f344d0a17c6a5eef53716cc76fcdbfca9ba", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9c9877a96e033bf6c6470b3b4f06106d91ace11e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fd035f0810b33c2a8792effdb82bf35920221565", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41040.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41040.json new file mode 100644 index 00000000000..601a83f4933 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41040.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2024-41040", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:12.473", + "lastModified": "2024-07-29T15:15:12.473", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Fix UAF when resolving a clash\n\nKASAN reports the following UAF:\n\n BUG: KASAN: slab-use-after-free in tcf_ct_flow_table_process_conn+0x12b/0x380 [act_ct]\n Read of size 1 at addr ffff888c07603600 by task handler130/6469\n\n Call Trace:\n \n dump_stack_lvl+0x48/0x70\n print_address_description.constprop.0+0x33/0x3d0\n print_report+0xc0/0x2b0\n kasan_report+0xd0/0x120\n __asan_load1+0x6c/0x80\n tcf_ct_flow_table_process_conn+0x12b/0x380 [act_ct]\n tcf_ct_act+0x886/0x1350 [act_ct]\n tcf_action_exec+0xf8/0x1f0\n fl_classify+0x355/0x360 [cls_flower]\n __tcf_classify+0x1fd/0x330\n tcf_classify+0x21c/0x3c0\n sch_handle_ingress.constprop.0+0x2c5/0x500\n __netif_receive_skb_core.constprop.0+0xb25/0x1510\n __netif_receive_skb_list_core+0x220/0x4c0\n netif_receive_skb_list_internal+0x446/0x620\n napi_complete_done+0x157/0x3d0\n gro_cell_poll+0xcf/0x100\n __napi_poll+0x65/0x310\n net_rx_action+0x30c/0x5c0\n __do_softirq+0x14f/0x491\n __irq_exit_rcu+0x82/0xc0\n irq_exit_rcu+0xe/0x20\n common_interrupt+0xa1/0xb0\n \n \n asm_common_interrupt+0x27/0x40\n\n Allocated by task 6469:\n kasan_save_stack+0x38/0x70\n kasan_set_track+0x25/0x40\n kasan_save_alloc_info+0x1e/0x40\n __kasan_krealloc+0x133/0x190\n krealloc+0xaa/0x130\n nf_ct_ext_add+0xed/0x230 [nf_conntrack]\n tcf_ct_act+0x1095/0x1350 [act_ct]\n tcf_action_exec+0xf8/0x1f0\n fl_classify+0x355/0x360 [cls_flower]\n __tcf_classify+0x1fd/0x330\n tcf_classify+0x21c/0x3c0\n sch_handle_ingress.constprop.0+0x2c5/0x500\n __netif_receive_skb_core.constprop.0+0xb25/0x1510\n __netif_receive_skb_list_core+0x220/0x4c0\n netif_receive_skb_list_internal+0x446/0x620\n napi_complete_done+0x157/0x3d0\n gro_cell_poll+0xcf/0x100\n __napi_poll+0x65/0x310\n net_rx_action+0x30c/0x5c0\n __do_softirq+0x14f/0x491\n\n Freed by task 6469:\n kasan_save_stack+0x38/0x70\n kasan_set_track+0x25/0x40\n kasan_save_free_info+0x2b/0x60\n ____kasan_slab_free+0x180/0x1f0\n __kasan_slab_free+0x12/0x30\n slab_free_freelist_hook+0xd2/0x1a0\n __kmem_cache_free+0x1a2/0x2f0\n kfree+0x78/0x120\n nf_conntrack_free+0x74/0x130 [nf_conntrack]\n nf_ct_destroy+0xb2/0x140 [nf_conntrack]\n __nf_ct_resolve_clash+0x529/0x5d0 [nf_conntrack]\n nf_ct_resolve_clash+0xf6/0x490 [nf_conntrack]\n __nf_conntrack_confirm+0x2c6/0x770 [nf_conntrack]\n tcf_ct_act+0x12ad/0x1350 [act_ct]\n tcf_action_exec+0xf8/0x1f0\n fl_classify+0x355/0x360 [cls_flower]\n __tcf_classify+0x1fd/0x330\n tcf_classify+0x21c/0x3c0\n sch_handle_ingress.constprop.0+0x2c5/0x500\n __netif_receive_skb_core.constprop.0+0xb25/0x1510\n __netif_receive_skb_list_core+0x220/0x4c0\n netif_receive_skb_list_internal+0x446/0x620\n napi_complete_done+0x157/0x3d0\n gro_cell_poll+0xcf/0x100\n __napi_poll+0x65/0x310\n net_rx_action+0x30c/0x5c0\n __do_softirq+0x14f/0x491\n\nThe ct may be dropped if a clash has been resolved but is still passed to\nthe tcf_ct_flow_table_process_conn function for further usage. This issue\ncan be fixed by retrieving ct from skb again after confirming conntrack." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/26488172b0292bed837b95a006a3f3431d1898c3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2b4d68df3f57ea746c430941ba9c03d7d8b5a23f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4e71b10a100861fb27d9c5755dfd68f615629fae", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/799a34901b634008db4a7ece3900e2b971d4c932", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b81a523d54ea689414f67c9fb81a5b917a41ed55", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ef472cc6693b16b202a916482df72f35d94bd69e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41041.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41041.json new file mode 100644 index 00000000000..d134d4d4df0 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41041.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2024-41041", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:12.563", + "lastModified": "2024-07-29T15:15:12.563", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().\n\nsyzkaller triggered the warning [0] in udp_v4_early_demux().\n\nIn udp_v[46]_early_demux() and sk_lookup(), we do not touch the refcount\nof the looked-up sk and use sock_pfree() as skb->destructor, so we check\nSOCK_RCU_FREE to ensure that the sk is safe to access during the RCU grace\nperiod.\n\nCurrently, SOCK_RCU_FREE is flagged for a bound socket after being put\ninto the hash table. Moreover, the SOCK_RCU_FREE check is done too early\nin udp_v[46]_early_demux() and sk_lookup(), so there could be a small race\nwindow:\n\n CPU1 CPU2\n ---- ----\n udp_v4_early_demux() udp_lib_get_port()\n | |- hlist_add_head_rcu()\n |- sk = __udp4_lib_demux_lookup() |\n |- DEBUG_NET_WARN_ON_ONCE(sk_is_refcounted(sk));\n `- sock_set_flag(sk, SOCK_RCU_FREE)\n\nWe had the same bug in TCP and fixed it in commit 871019b22d1b (\"net:\nset SOCK_RCU_FREE before inserting socket into hashtable\").\n\nLet's apply the same fix for UDP.\n\n[0]:\nWARNING: CPU: 0 PID: 11198 at net/ipv4/udp.c:2599 udp_v4_early_demux+0x481/0xb70 net/ipv4/udp.c:2599\nModules linked in:\nCPU: 0 PID: 11198 Comm: syz-executor.1 Not tainted 6.9.0-g93bda33046e7 #13\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:udp_v4_early_demux+0x481/0xb70 net/ipv4/udp.c:2599\nCode: c5 7a 15 fe bb 01 00 00 00 44 89 e9 31 ff d3 e3 81 e3 bf ef ff ff 89 de e8 2c 74 15 fe 85 db 0f 85 02 06 00 00 e8 9f 7a 15 fe <0f> 0b e8 98 7a 15 fe 49 8d 7e 60 e8 4f 39 2f fe 49 c7 46 60 20 52\nRSP: 0018:ffffc9000ce3fa58 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8318c92c\nRDX: ffff888036ccde00 RSI: ffffffff8318c2f1 RDI: 0000000000000001\nRBP: ffff88805a2dd6e0 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0001ffffffffffff R12: ffff88805a2dd680\nR13: 0000000000000007 R14: ffff88800923f900 R15: ffff88805456004e\nFS: 00007fc449127640(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fc449126e38 CR3: 000000003de4b002 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600\nPKRU: 55555554\nCall Trace:\n \n ip_rcv_finish_core.constprop.0+0xbdd/0xd20 net/ipv4/ip_input.c:349\n ip_rcv_finish+0xda/0x150 net/ipv4/ip_input.c:447\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netfilter.h:308 [inline]\n ip_rcv+0x16c/0x180 net/ipv4/ip_input.c:569\n __netif_receive_skb_one_core+0xb3/0xe0 net/core/dev.c:5624\n __netif_receive_skb+0x21/0xd0 net/core/dev.c:5738\n netif_receive_skb_internal net/core/dev.c:5824 [inline]\n netif_receive_skb+0x271/0x300 net/core/dev.c:5884\n tun_rx_batched drivers/net/tun.c:1549 [inline]\n tun_get_user+0x24db/0x2c50 drivers/net/tun.c:2002\n tun_chr_write_iter+0x107/0x1a0 drivers/net/tun.c:2048\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0x76f/0x8d0 fs/read_write.c:590\n ksys_write+0xbf/0x190 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x41/0x50 fs/read_write.c:652\n x64_sys_call+0xe66/0x1990 arch/x86/include/generated/asm/syscalls_64.h:2\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x4b/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\nRIP: 0033:0x7fc44a68bc1f\nCode: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 e9 cf f5 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 3c d0 f5 ff 48\nRSP: 002b:00007fc449126c90 EFLAGS: 00000293 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00000000004bc050 RCX: 00007fc44a68bc1f\nR\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/20ceae10623c3b29fdf7609690849475bcdebdb0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5c0b485a8c6116516f33925b9ce5b6104a6eadfd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7a67c4e47626e6daccda62888f8b096abb5d3940", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9f965684c57c3117cfd2f754dd3270383c529fba", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a6db0d3ea6536e7120871e5448b3032570152ec6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c5fd77ca13d657c6e99bf04f0917445e6a80231e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ddf516e50bf8a7bc9b3bd8a9831f9c7a8131a32a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41042.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41042.json new file mode 100644 index 00000000000..9a67a9e76cf --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41042.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-41042", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:12.647", + "lastModified": "2024-07-29T15:15:12.647", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: prefer nft_chain_validate\n\nnft_chain_validate already performs loop detection because a cycle will\nresult in a call stack overflow (ctx->level >= NFT_JUMP_STACK_SIZE).\n\nIt also follows maps via ->validate callback in nft_lookup, so there\nappears no reason to iterate the maps again.\n\nnf_tables_check_loops() and all its helper functions can be removed.\nThis improves ruleset load time significantly, from 23s down to 12s.\n\nThis also fixes a crash bug. Old loop detection code can result in\nunbounded recursion:\n\nBUG: TASK stack guard page was hit at ....\nOops: stack guard page: 0000 [#1] PREEMPT SMP KASAN\nCPU: 4 PID: 1539 Comm: nft Not tainted 6.10.0-rc5+ #1\n[..]\n\nwith a suitable ruleset during validation of register stores.\n\nI can't see any actual reason to attempt to check for this from\nnft_validate_register_store(), at this point the transaction is still in\nprogress, so we don't have a full picture of the rule graph.\n\nFor nf-next it might make sense to either remove it or make this depend\non table->validate_state in case we could catch an error earlier\n(for improved error reporting to userspace)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/9df785aeb7dcc8efd1d4110bb27d26005298ebae", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cff3bd012a9512ac5ed858d38e6ed65f6391008c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41043.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41043.json new file mode 100644 index 00000000000..4373e7a549c --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41043.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-41043", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:12.710", + "lastModified": "2024-07-29T15:15:12.710", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_queue: drop bogus WARN_ON\n\nHappens when rules get flushed/deleted while packet is out, so remove\nthis WARN_ON.\n\nThis WARN exists in one form or another since v4.14, no need to backport\nthis to older releases, hence use a more recent fixes tag." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/631a4b3ddc7831b20442c59c28b0476d0704c9af", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/86858da8335db48bde9be02abd7156a69d622e86", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41044.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41044.json new file mode 100644 index 00000000000..a553ba6bcda --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41044.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2024-41044", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:12.783", + "lastModified": "2024-07-29T15:15:12.783", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: reject claimed-as-LCP but actually malformed packets\n\nSince 'ppp_async_encode()' assumes valid LCP packets (with code\nfrom 1 to 7 inclusive), add 'ppp_check_packet()' to ensure that\nLCP packet has an actual body beyond PPP_LCP header bytes, and\nreject claimed-as-LCP but actually malformed data otherwise." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/099502ca410922b56353ccef2749bc0de669da78", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3134bdf7356ed952dcecb480861d2afcc1e40492", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3ba12c2afd933fc1bf800f6d3f6c7ec8f602ce56", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6e8f1c21174f9482033bbb59f13ce1a8cbe843c3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/97d1efd8be26615ff680cdde86937d5943138f37", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d683e7f3fc48f59576af34631b4fb07fd931343e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ebc5c630457783d17d0c438b0ad70b232a64a82f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f2aeb7306a898e1cbd03963d376f4b6656ca2b55", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41045.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41045.json new file mode 100644 index 00000000000..c4473d03d5a --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41045.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-41045", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:12.873", + "lastModified": "2024-07-29T15:15:12.873", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Defer work in bpf_timer_cancel_and_free\n\nCurrently, the same case as previous patch (two timer callbacks trying\nto cancel each other) can be invoked through bpf_map_update_elem as\nwell, or more precisely, freeing map elements containing timers. Since\nthis relies on hrtimer_cancel as well, it is prone to the same deadlock\nsituation as the previous patch.\n\nIt would be sufficient to use hrtimer_try_to_cancel to fix this problem,\nas the timer cannot be enqueued after async_cancel_and_free. Once\nasync_cancel_and_free has been done, the timer must be reinitialized\nbefore it can be armed again. The callback running in parallel trying to\narm the timer will fail, and freeing bpf_hrtimer without waiting is\nsufficient (given kfree_rcu), and bpf_timer_cb will return\nHRTIMER_NORESTART, preventing the timer from being rearmed again.\n\nHowever, there exists a UAF scenario where the callback arms the timer\nbefore entering this function, such that if cancellation fails (due to\ntimer callback invoking this routine, or the target timer callback\nrunning concurrently). In such a case, if the timer expiration is\nsignificantly far in the future, the RCU grace period expiration\nhappening before it will free the bpf_hrtimer state and along with it\nthe struct hrtimer, that is enqueued.\n\nHence, it is clear cancellation needs to occur after\nasync_cancel_and_free, and yet it cannot be done inline due to deadlock\nissues. We thus modify bpf_timer_cancel_and_free to defer work to the\nglobal workqueue, adding a work_struct alongside rcu_head (both used at\n_different_ points of time, so can share space).\n\nUpdate existing code comments to reflect the new state of affairs." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/7aa5a19279c3639ae8b758b63f05d0c616a39fa1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a6fcd19d7eac1335eb76bc16b6a66b7f574d1d69", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41046.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41046.json new file mode 100644 index 00000000000..f500c39ef3d --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41046.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2024-41046", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:12.943", + "lastModified": "2024-07-29T15:15:12.943", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: lantiq_etop: fix double free in detach\n\nThe number of the currently released descriptor is never incremented\nwhich results in the same skb being released multiple times." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1a2db00a554cfda57c397cce79b2804bf9633fec", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/22b16618a80858b3a9d607708444426948cc4ae1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/69ad5fa0ce7c548262e0770fc2b726fe7ab4f156", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/84aaaa796a19195fc59290154fef9aeb1fba964f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/907443174e76b854d28024bd079f0e53b94dc9a1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9d23909ae041761cb2aa0c3cb1748598d8b6bc54", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c2b66e2b3939af63699e4a4bd25a8ac4a9b1d1b3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e1533b6319ab9c3a97dad314dd88b3783bc41b69", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41047.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41047.json new file mode 100644 index 00000000000..8afa1573611 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41047.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-41047", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:13.027", + "lastModified": "2024-07-29T15:15:13.027", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix XDP program unloading while removing the driver\n\nThe commit 6533e558c650 (\"i40e: Fix reset path while removing\nthe driver\") introduced a new PF state \"__I40E_IN_REMOVE\" to block\nmodifying the XDP program while the driver is being removed.\nUnfortunately, such a change is useful only if the \".ndo_bpf()\"\ncallback was called out of the rmmod context because unloading the\nexisting XDP program is also a part of driver removing procedure.\nIn other words, from the rmmod context the driver is expected to\nunload the XDP program without reporting any errors. Otherwise,\nthe kernel warning with callstack is printed out to dmesg.\n\nExample failing scenario:\n 1. Load the i40e driver.\n 2. Load the XDP program.\n 3. Unload the i40e driver (using \"rmmod\" command).\n\nThe example kernel warning log:\n\n[ +0.004646] WARNING: CPU: 94 PID: 10395 at net/core/dev.c:9290 unregister_netdevice_many_notify+0x7a9/0x870\n[...]\n[ +0.010959] RIP: 0010:unregister_netdevice_many_notify+0x7a9/0x870\n[...]\n[ +0.002726] Call Trace:\n[ +0.002457] \n[ +0.002119] ? __warn+0x80/0x120\n[ +0.003245] ? unregister_netdevice_many_notify+0x7a9/0x870\n[ +0.005586] ? report_bug+0x164/0x190\n[ +0.003678] ? handle_bug+0x3c/0x80\n[ +0.003503] ? exc_invalid_op+0x17/0x70\n[ +0.003846] ? asm_exc_invalid_op+0x1a/0x20\n[ +0.004200] ? unregister_netdevice_many_notify+0x7a9/0x870\n[ +0.005579] ? unregister_netdevice_many_notify+0x3cc/0x870\n[ +0.005586] unregister_netdevice_queue+0xf7/0x140\n[ +0.004806] unregister_netdev+0x1c/0x30\n[ +0.003933] i40e_vsi_release+0x87/0x2f0 [i40e]\n[ +0.004604] i40e_remove+0x1a1/0x420 [i40e]\n[ +0.004220] pci_device_remove+0x3f/0xb0\n[ +0.003943] device_release_driver_internal+0x19f/0x200\n[ +0.005243] driver_detach+0x48/0x90\n[ +0.003586] bus_remove_driver+0x6d/0xf0\n[ +0.003939] pci_unregister_driver+0x2e/0xb0\n[ +0.004278] i40e_exit_module+0x10/0x5f0 [i40e]\n[ +0.004570] __do_sys_delete_module.isra.0+0x197/0x310\n[ +0.005153] do_syscall_64+0x85/0x170\n[ +0.003684] ? syscall_exit_to_user_mode+0x69/0x220\n[ +0.004886] ? do_syscall_64+0x95/0x170\n[ +0.003851] ? exc_page_fault+0x7e/0x180\n[ +0.003932] entry_SYSCALL_64_after_hwframe+0x71/0x79\n[ +0.005064] RIP: 0033:0x7f59dc9347cb\n[ +0.003648] Code: 73 01 c3 48 8b 0d 65 16 0c 00 f7 d8 64 89 01 48 83\nc8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 b0 00 00 00 0f\n05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 35 16 0c 00 f7 d8 64 89 01 48\n[ +0.018753] RSP: 002b:00007ffffac99048 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0\n[ +0.007577] RAX: ffffffffffffffda RBX: 0000559b9bb2f6e0 RCX: 00007f59dc9347cb\n[ +0.007140] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 0000559b9bb2f748\n[ +0.007146] RBP: 00007ffffac99070 R08: 1999999999999999 R09: 0000000000000000\n[ +0.007133] R10: 00007f59dc9a5ac0 R11: 0000000000000206 R12: 0000000000000000\n[ +0.007141] R13: 00007ffffac992d8 R14: 0000559b9bb2f6e0 R15: 0000000000000000\n[ +0.007151] \n[ +0.002204] ---[ end trace 0000000000000000 ]---\n\nFix this by checking if the XDP program is being loaded or unloaded.\nThen, block only loading a new program while \"__I40E_IN_REMOVE\" is set.\nAlso, move testing \"__I40E_IN_REMOVE\" flag to the beginning of XDP_SETUP\ncallback to avoid unnecessary operations and checks." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0075b8c94d76830c7b6f018f6e4eeb0bf6465fdc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/01fc5142ae6b06b61ed51a624f2732d6525d8ea3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4bc336b2345f1485438c0eb7246d9c8a8d09f8ff", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5266302cb2c74d8ab0e9a69d5752fffaea70496e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b399a68054dfb36eed121846ef5fcddba40b7740", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41048.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41048.json new file mode 100644 index 00000000000..4617d1bfd6b --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41048.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-41048", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:13.103", + "lastModified": "2024-07-29T15:15:13.103", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nskmsg: Skip zero length skb in sk_msg_recvmsg\n\nWhen running BPF selftests (./test_progs -t sockmap_basic) on a Loongarch\nplatform, the following kernel panic occurs:\n\n [...]\n Oops[#1]:\n CPU: 22 PID: 2824 Comm: test_progs Tainted: G OE 6.10.0-rc2+ #18\n Hardware name: LOONGSON Dabieshan/Loongson-TC542F0, BIOS Loongson-UDK2018\n ... ...\n ra: 90000000048bf6c0 sk_msg_recvmsg+0x120/0x560\n ERA: 9000000004162774 copy_page_to_iter+0x74/0x1c0\n CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)\n PRMD: 0000000c (PPLV0 +PIE +PWE)\n EUEN: 00000007 (+FPE +SXE +ASXE -BTE)\n ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7)\n ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0)\n BADV: 0000000000000040\n PRID: 0014c011 (Loongson-64bit, Loongson-3C5000)\n Modules linked in: bpf_testmod(OE) xt_CHECKSUM xt_MASQUERADE xt_conntrack\n Process test_progs (pid: 2824, threadinfo=0000000000863a31, task=...)\n Stack : ...\n Call Trace:\n [<9000000004162774>] copy_page_to_iter+0x74/0x1c0\n [<90000000048bf6c0>] sk_msg_recvmsg+0x120/0x560\n [<90000000049f2b90>] tcp_bpf_recvmsg_parser+0x170/0x4e0\n [<90000000049aae34>] inet_recvmsg+0x54/0x100\n [<900000000481ad5c>] sock_recvmsg+0x7c/0xe0\n [<900000000481e1a8>] __sys_recvfrom+0x108/0x1c0\n [<900000000481e27c>] sys_recvfrom+0x1c/0x40\n [<9000000004c076ec>] do_syscall+0x8c/0xc0\n [<9000000003731da4>] handle_syscall+0xc4/0x160\n Code: ...\n ---[ end trace 0000000000000000 ]---\n Kernel panic - not syncing: Fatal exception\n Kernel relocated by 0x3510000\n .text @ 0x9000000003710000\n .data @ 0x9000000004d70000\n .bss @ 0x9000000006469400\n ---[ end Kernel panic - not syncing: Fatal exception ]---\n [...]\n\nThis crash happens every time when running sockmap_skb_verdict_shutdown\nsubtest in sockmap_basic.\n\nThis crash is because a NULL pointer is passed to page_address() in the\nsk_msg_recvmsg(). Due to the different implementations depending on the\narchitecture, page_address(NULL) will trigger a panic on Loongarch\nplatform but not on x86 platform. So this bug was hidden on x86 platform\nfor a while, but now it is exposed on Loongarch platform. The root cause\nis that a zero length skb (skb->len == 0) was put on the queue.\n\nThis zero length skb is a TCP FIN packet, which was sent by shutdown(),\ninvoked in test_sockmap_skb_verdict_shutdown():\n\n\tshutdown(p1, SHUT_WR);\n\nIn this case, in sk_psock_skb_ingress_enqueue(), num_sge is zero, and no\npage is put to this sge (see sg_set_page in sg_set_page), but this empty\nsge is queued into ingress_msg list.\n\nAnd in sk_msg_recvmsg(), this empty sge is used, and a NULL page is got by\nsg_page(sge). Pass this NULL page to copy_page_to_iter(), which passes it\nto kmap_local_page() and to page_address(), then kernel panics.\n\nTo solve this, we should skip this zero length skb. So in sk_msg_recvmsg(),\nif copy is zero, that means it's a zero length skb, skip invoking\ncopy_page_to_iter(). We are using the EFAULT return triggered by\ncopy_page_to_iter to check for is_fin in tcp_bpf.c." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/195b7bcdfc5adc5b2468f279dd9eb7eebd2e7632", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b180739b45a38b4caa88fe16bb5273072e6613dc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f0c18025693707ec344a70b6887f7450bf4c826b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f8bd689f37f4198a4c61c4684f591ba639595b97", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fb61d7b9fb6ef0032de469499a54dab4c7260d0d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41049.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41049.json new file mode 100644 index 00000000000..0983cb1e5cf --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41049.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2024-41049", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:13.177", + "lastModified": "2024-07-29T15:15:13.177", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilelock: fix potential use-after-free in posix_lock_inode\n\nLight Hsieh reported a KASAN UAF warning in trace_posix_lock_inode().\nThe request pointer had been changed earlier to point to a lock entry\nthat was added to the inode's list. However, before the tracepoint could\nfire, another task raced in and freed that lock.\n\nFix this by moving the tracepoint inside the spinlock, which should\nensure that this doesn't happen." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41050.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41050.json new file mode 100644 index 00000000000..79e45d7b904 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41050.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-41050", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:13.260", + "lastModified": "2024-07-29T15:15:13.260", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: cyclic allocation of msg_id to avoid reuse\n\nReusing the msg_id after a maliciously completed reopen request may cause\na read request to remain unprocessed and result in a hung, as shown below:\n\n t1 | t2 | t3\n-------------------------------------------------\ncachefiles_ondemand_select_req\n cachefiles_ondemand_object_is_close(A)\n cachefiles_ondemand_set_object_reopening(A)\n queue_work(fscache_object_wq, &info->work)\n ondemand_object_worker\n cachefiles_ondemand_init_object(A)\n cachefiles_ondemand_send_req(OPEN)\n // get msg_id 6\n wait_for_completion(&req_A->done)\ncachefiles_ondemand_daemon_read\n // read msg_id 6 req_A\n cachefiles_ondemand_get_fd\n copy_to_user\n // Malicious completion msg_id 6\n copen 6,-1\n cachefiles_ondemand_copen\n complete(&req_A->done)\n // will not set the object to close\n // because ondemand_id && fd is valid.\n\n // ondemand_object_worker() is done\n // but the object is still reopening.\n\n // new open req_B\n cachefiles_ondemand_init_object(B)\n cachefiles_ondemand_send_req(OPEN)\n // reuse msg_id 6\nprocess_open_req\n copen 6,A.size\n // The expected failed copen was executed successfully\n\nExpect copen to fail, and when it does, it closes fd, which sets the\nobject to close, and then close triggers reopen again. However, due to\nmsg_id reuse resulting in a successful copen, the anonymous fd is not\nclosed until the daemon exits. Therefore read requests waiting for reopen\nto complete may trigger hung task.\n\nTo avoid this issue, allocate the msg_id cyclically to avoid reusing the\nmsg_id for a very short duration of time." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/19f4f399091478c95947f6bd7ad61622300c30d9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/35710c6c4a1c64478ec1b5e0e81d386c0844dec6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9d3bf4e9aa23f0d9e99ebe7a94f232ddba54ee17", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/de045a82e1a4e04be62718d3c2981a55150765a0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41051.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41051.json new file mode 100644 index 00000000000..09a1014a401 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41051.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-41051", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:13.327", + "lastModified": "2024-07-29T15:15:13.327", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: wait for ondemand_object_worker to finish when dropping object\n\nWhen queuing ondemand_object_worker() to re-open the object,\ncachefiles_object is not pinned. The cachefiles_object may be freed when\nthe pending read request is completed intentionally and the related\nerofs is umounted. If ondemand_object_worker() runs after the object is\nfreed, it will incur use-after-free problem as shown below.\n\nprocess A processs B process C process D\n\ncachefiles_ondemand_send_req()\n// send a read req X\n// wait for its completion\n\n // close ondemand fd\n cachefiles_ondemand_fd_release()\n // set object as CLOSE\n\n cachefiles_ondemand_daemon_read()\n // set object as REOPENING\n queue_work(fscache_wq, &info->ondemand_work)\n\n // close /dev/cachefiles\n cachefiles_daemon_release\n cachefiles_flush_reqs\n complete(&req->done)\n\n// read req X is completed\n// umount the erofs fs\ncachefiles_put_object()\n// object will be freed\ncachefiles_ondemand_deinit_obj_info()\nkmem_cache_free(object)\n // both info and object are freed\n ondemand_object_worker()\n\nWhen dropping an object, it is no longer necessary to reopen the object,\nso use cancel_work_sync() to cancel or wait for ondemand_object_worker()\nto finish." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/12e009d60852f7bce0afc373ca0b320f14150418", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b26525b2183632f16a3a4108fe6a4bfa8afac6ed", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d3179bae72b1b5e555ba839d6d9f40a350a4d78a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ec9289369259d982e735a71437e32e6b4035290c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41052.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41052.json new file mode 100644 index 00000000000..030f46af546 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41052.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-41052", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:13.407", + "lastModified": "2024-07-29T15:15:13.407", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Init the count variable in collecting hot-reset devices\n\nThe count variable is used without initialization, it results in mistakes\nin the device counting and crashes the userspace if the get hot reset info\npath is triggered." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5a88a3f67e37e39f933b38ebb4985ba5822e9eca", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f44136b9652291ac1fc39ca67c053ac624d0d11b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f476dffc52ea70745dcabf63288e770e50ac9ab3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41053.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41053.json new file mode 100644 index 00000000000..a6628d98400 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41053.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-41053", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:13.473", + "lastModified": "2024-07-29T15:15:13.473", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix ufshcd_abort_one racing issue\n\nWhen ufshcd_abort_one is racing with the completion ISR, the completed tag\nof the request's mq_hctx pointer will be set to NULL by ISR. Return\nsuccess when request is completed by ISR because ufshcd_abort_one does not\nneed to do anything.\n\nThe racing flow is:\n\nThread A\nufshcd_err_handler\t\t\t\t\tstep 1\n\t...\n\tufshcd_abort_one\n\t\tufshcd_try_to_abort_task\n\t\t\tufshcd_cmd_inflight(true)\tstep 3\n\t\tufshcd_mcq_req_to_hwq\n\t\t\tblk_mq_unique_tag\n\t\t\t\trq->mq_hctx->queue_num\tstep 5\n\nThread B\nufs_mtk_mcq_intr(cq complete ISR)\t\t\tstep 2\n\tscsi_done\n\t\t...\n\t\t__blk_mq_free_request\n\t\t\trq->mq_hctx = NULL;\t\tstep 4\n\nBelow is KE back trace.\n ufshcd_try_to_abort_task: cmd at tag 41 not pending in the device.\n ufshcd_try_to_abort_task: cmd at tag=41 is cleared.\n Aborting tag 41 / CDB 0x28 succeeded\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000194\n pc : [0xffffffddd7a79bf8] blk_mq_unique_tag+0x8/0x14\n lr : [0xffffffddd6155b84] ufshcd_mcq_req_to_hwq+0x1c/0x40 [ufs_mediatek_mod_ise]\n do_mem_abort+0x58/0x118\n el1_abort+0x3c/0x5c\n el1h_64_sync_handler+0x54/0x90\n el1h_64_sync+0x68/0x6c\n blk_mq_unique_tag+0x8/0x14\n ufshcd_err_handler+0xae4/0xfa8 [ufs_mediatek_mod_ise]\n process_one_work+0x208/0x4fc\n worker_thread+0x228/0x438\n kthread+0x104/0x1d4\n ret_from_fork+0x10/0x20" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/74736103fb4123c71bf11fb7a6abe7c884c5269e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b5a6ac887256762758bfe7f2918cb0233aa544f4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c3111b3cf3889bfa7b73ebff83d7397db9b7e5e0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41054.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41054.json new file mode 100644 index 00000000000..645269313a1 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41054.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-41054", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:13.557", + "lastModified": "2024-07-29T15:15:13.557", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix ufshcd_clear_cmd racing issue\n\nWhen ufshcd_clear_cmd is racing with the completion ISR, the completed tag\nof the request's mq_hctx pointer will be set to NULL by the ISR. And\nufshcd_clear_cmd's call to ufshcd_mcq_req_to_hwq will get NULL pointer KE.\nReturn success when the request is completed by ISR because sq does not\nneed cleanup.\n\nThe racing flow is:\n\nThread A\nufshcd_err_handler\t\t\t\t\tstep 1\n\tufshcd_try_to_abort_task\n\t\tufshcd_cmd_inflight(true)\t\tstep 3\n\t\tufshcd_clear_cmd\n\t\t\t...\n\t\t\tufshcd_mcq_req_to_hwq\n\t\t\tblk_mq_unique_tag\n\t\t\t\trq->mq_hctx->queue_num\tstep 5\n\nThread B\nufs_mtk_mcq_intr(cq complete ISR)\t\t\tstep 2\n\tscsi_done\n\t\t...\n\t\t__blk_mq_free_request\n\t\t\trq->mq_hctx = NULL;\t\tstep 4\n\nBelow is KE back trace:\n\n ufshcd_try_to_abort_task: cmd pending in the device. tag = 6\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000194\n pc : [0xffffffd589679bf8] blk_mq_unique_tag+0x8/0x14\n lr : [0xffffffd5862f95b4] ufshcd_mcq_sq_cleanup+0x6c/0x1cc [ufs_mediatek_mod_ise]\n Workqueue: ufs_eh_wq_0 ufshcd_err_handler [ufs_mediatek_mod_ise]\n Call trace:\n dump_backtrace+0xf8/0x148\n show_stack+0x18/0x24\n dump_stack_lvl+0x60/0x7c\n dump_stack+0x18/0x3c\n mrdump_common_die+0x24c/0x398 [mrdump]\n ipanic_die+0x20/0x34 [mrdump]\n notify_die+0x80/0xd8\n die+0x94/0x2b8\n __do_kernel_fault+0x264/0x298\n do_page_fault+0xa4/0x4b8\n do_translation_fault+0x38/0x54\n do_mem_abort+0x58/0x118\n el1_abort+0x3c/0x5c\n el1h_64_sync_handler+0x54/0x90\n el1h_64_sync+0x68/0x6c\n blk_mq_unique_tag+0x8/0x14\n ufshcd_clear_cmd+0x34/0x118 [ufs_mediatek_mod_ise]\n ufshcd_try_to_abort_task+0x2c8/0x5b4 [ufs_mediatek_mod_ise]\n ufshcd_err_handler+0xa7c/0xfa8 [ufs_mediatek_mod_ise]\n process_one_work+0x208/0x4fc\n worker_thread+0x228/0x438\n kthread+0x104/0x1d4\n ret_from_fork+0x10/0x20" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/11d81233f4ebe6907b12c79ad7d8787aa4db0633", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9307a998cb9846a2557fdca286997430bee36a2a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bed0896008334eeee4b4bfd7150491ca098cbf72", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41055.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41055.json new file mode 100644 index 00000000000..0a52d6fdaf5 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41055.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2024-41055", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:13.620", + "lastModified": "2024-07-29T15:15:13.620", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: prevent derefencing NULL ptr in pfn_section_valid()\n\nCommit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing\nmemory_section->usage\") changed pfn_section_valid() to add a READ_ONCE()\ncall around \"ms->usage\" to fix a race with section_deactivate() where\nms->usage can be cleared. The READ_ONCE() call, by itself, is not enough\nto prevent NULL pointer dereference. We need to check its value before\ndereferencing it." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0100aeb8a12d51950418e685f879cc80cb8e5982", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/797323d1cf92d09b7a017cfec576d9babf99cde7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/82f0b6f041fad768c28b4ad05a683065412c226e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/941e816185661bf2b44b488565d09444ae316509", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/adccdf702b4ea913ded5ff512239e382d7473b63", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bc17f2377818dca643a74499c3f5333500c90503", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41056.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41056.json new file mode 100644 index 00000000000..49a96621cec --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41056.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-41056", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:13.703", + "lastModified": "2024-07-29T15:15:13.703", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files\n\nUse strnlen() instead of strlen() on the algorithm and coefficient name\nstring arrays in V1 wmfw files.\n\nIn V1 wmfw files the name is a NUL-terminated string in a fixed-size\narray. cs_dsp should protect against overrunning the array if the NUL\nterminator is missing." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/16d76857d6b5426f41b587d0bb925de3f25bfb21", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/392cff2f86a25a4286ff3151c7739143c61c1781", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/53a9f8cdbf35a682e9894e1a606f4640e5359185", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/680e126ec0400f6daecf0510c5bb97a55779ff03", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41057.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41057.json new file mode 100644 index 00000000000..699624c299c --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41057.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-41057", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:13.773", + "lastModified": "2024-07-29T15:15:13.773", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie()\n\nWe got the following issue in our fault injection stress test:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in cachefiles_withdraw_cookie+0x4d9/0x600\nRead of size 8 at addr ffff888118efc000 by task kworker/u78:0/109\n\nCPU: 13 PID: 109 Comm: kworker/u78:0 Not tainted 6.8.0-dirty #566\nCall Trace:\n \n kasan_report+0x93/0xc0\n cachefiles_withdraw_cookie+0x4d9/0x600\n fscache_cookie_state_machine+0x5c8/0x1230\n fscache_cookie_worker+0x91/0x1c0\n process_one_work+0x7fa/0x1800\n [...]\n\nAllocated by task 117:\n kmalloc_trace+0x1b3/0x3c0\n cachefiles_acquire_volume+0xf3/0x9c0\n fscache_create_volume_work+0x97/0x150\n process_one_work+0x7fa/0x1800\n [...]\n\nFreed by task 120301:\n kfree+0xf1/0x2c0\n cachefiles_withdraw_cache+0x3fa/0x920\n cachefiles_put_unbind_pincount+0x1f6/0x250\n cachefiles_daemon_release+0x13b/0x290\n __fput+0x204/0xa00\n task_work_run+0x139/0x230\n do_exit+0x87a/0x29b0\n [...]\n==================================================================\n\nFollowing is the process that triggers the issue:\n\n p1 | p2\n------------------------------------------------------------\n fscache_begin_lookup\n fscache_begin_volume_access\n fscache_cache_is_live(fscache_cache)\ncachefiles_daemon_release\n cachefiles_put_unbind_pincount\n cachefiles_daemon_unbind\n cachefiles_withdraw_cache\n fscache_withdraw_cache\n fscache_set_cache_state(cache, FSCACHE_CACHE_IS_WITHDRAWN);\n cachefiles_withdraw_objects(cache)\n fscache_wait_for_objects(fscache)\n atomic_read(&fscache_cache->object_count) == 0\n fscache_perform_lookup\n cachefiles_lookup_cookie\n cachefiles_alloc_object\n refcount_set(&object->ref, 1);\n object->volume = volume\n fscache_count_object(vcookie->cache);\n atomic_inc(&fscache_cache->object_count)\n cachefiles_withdraw_volumes\n cachefiles_withdraw_volume\n fscache_withdraw_volume\n __cachefiles_free_volume\n kfree(cachefiles_volume)\n fscache_cookie_state_machine\n cachefiles_withdraw_cookie\n cache = object->volume->cache;\n // cachefiles_volume UAF !!!\n\nAfter setting FSCACHE_CACHE_IS_WITHDRAWN, wait for all the cookie lookups\nto complete first, and then wait for fscache_cache->object_count == 0 to\navoid the cookie exiting after the volume has been freed and triggering\nthe above issue. Therefore call fscache_withdraw_volume() before calling\ncachefiles_withdraw_objects().\n\nThis way, after setting FSCACHE_CACHE_IS_WITHDRAWN, only the following two\ncases will occur:\n1) fscache_begin_lookup fails in fscache_begin_volume_access().\n2) fscache_withdraw_volume() will ensure that fscache_count_object() has\n been executed before calling fscache_wait_for_objects()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5d8f805789072ea7fd39504694b7bd17e5f751c4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8de253177112a47c9af157d23ae934779188b4e1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9e67589a4a7b7e5660b524d1d5fe61242bcbcc11", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ef81340401e8a371d6b17f69e76d861920972cfe", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41058.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41058.json new file mode 100644 index 00000000000..247361786d8 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41058.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-41058", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:13.847", + "lastModified": "2024-07-29T15:15:13.847", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix slab-use-after-free in fscache_withdraw_volume()\n\nWe got the following issue in our fault injection stress test:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in fscache_withdraw_volume+0x2e1/0x370\nRead of size 4 at addr ffff88810680be08 by task ondemand-04-dae/5798\n\nCPU: 0 PID: 5798 Comm: ondemand-04-dae Not tainted 6.8.0-dirty #565\nCall Trace:\n kasan_check_range+0xf6/0x1b0\n fscache_withdraw_volume+0x2e1/0x370\n cachefiles_withdraw_volume+0x31/0x50\n cachefiles_withdraw_cache+0x3ad/0x900\n cachefiles_put_unbind_pincount+0x1f6/0x250\n cachefiles_daemon_release+0x13b/0x290\n __fput+0x204/0xa00\n task_work_run+0x139/0x230\n\nAllocated by task 5820:\n __kmalloc+0x1df/0x4b0\n fscache_alloc_volume+0x70/0x600\n __fscache_acquire_volume+0x1c/0x610\n erofs_fscache_register_volume+0x96/0x1a0\n erofs_fscache_register_fs+0x49a/0x690\n erofs_fc_fill_super+0x6c0/0xcc0\n vfs_get_super+0xa9/0x140\n vfs_get_tree+0x8e/0x300\n do_new_mount+0x28c/0x580\n [...]\n\nFreed by task 5820:\n kfree+0xf1/0x2c0\n fscache_put_volume.part.0+0x5cb/0x9e0\n erofs_fscache_unregister_fs+0x157/0x1b0\n erofs_kill_sb+0xd9/0x1c0\n deactivate_locked_super+0xa3/0x100\n vfs_get_super+0x105/0x140\n vfs_get_tree+0x8e/0x300\n do_new_mount+0x28c/0x580\n [...]\n==================================================================\n\nFollowing is the process that triggers the issue:\n\n mount failed | daemon exit\n------------------------------------------------------------\n deactivate_locked_super cachefiles_daemon_release\n erofs_kill_sb\n erofs_fscache_unregister_fs\n fscache_relinquish_volume\n __fscache_relinquish_volume\n fscache_put_volume(fscache_volume, fscache_volume_put_relinquish)\n zero = __refcount_dec_and_test(&fscache_volume->ref, &ref);\n cachefiles_put_unbind_pincount\n cachefiles_daemon_unbind\n cachefiles_withdraw_cache\n cachefiles_withdraw_volumes\n list_del_init(&volume->cache_link)\n fscache_free_volume(fscache_volume)\n cache->ops->free_volume\n cachefiles_free_volume\n list_del_init(&cachefiles_volume->cache_link);\n kfree(fscache_volume)\n cachefiles_withdraw_volume\n fscache_withdraw_volume\n fscache_volume->n_accesses\n // fscache_volume UAF !!!\n\nThe fscache_volume in cache->volumes must not have been freed yet, but its\nreference count may be 0. So use the new fscache_try_get_volume() helper\nfunction try to get its reference count.\n\nIf the reference count of fscache_volume is 0, fscache_put_volume() is\nfreeing it, so wait for it to be removed from cache->volumes.\n\nIf its reference count is not 0, call cachefiles_withdraw_volume() with\nreference count protection to avoid the above issue." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/38b88d544216f806d93a273a62ff8ebe82254003", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/522018a0de6b6fcce60c04f86dfc5f0e4b6a1b36", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/90f17e47f1e209c6a3c92a1d038a0a80c95c460e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9dd7f5663899ea13a6a73216106d9c13c37453e3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41059.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41059.json new file mode 100644 index 00000000000..4cb3dad3613 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41059.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2024-41059", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:13.927", + "lastModified": "2024-07-29T15:15:13.927", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix uninit-value in copy_name\n\n[syzbot reported]\nBUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160\n sized_strscpy+0xc4/0x160\n copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411\n hfsplus_listxattr+0x11e9/0x1a50 fs/hfsplus/xattr.c:750\n vfs_listxattr fs/xattr.c:493 [inline]\n listxattr+0x1f3/0x6b0 fs/xattr.c:840\n path_listxattr fs/xattr.c:864 [inline]\n __do_sys_listxattr fs/xattr.c:876 [inline]\n __se_sys_listxattr fs/xattr.c:873 [inline]\n __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873\n x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3877 [inline]\n slab_alloc_node mm/slub.c:3918 [inline]\n kmalloc_trace+0x57b/0xbe0 mm/slub.c:4065\n kmalloc include/linux/slab.h:628 [inline]\n hfsplus_listxattr+0x4cc/0x1a50 fs/hfsplus/xattr.c:699\n vfs_listxattr fs/xattr.c:493 [inline]\n listxattr+0x1f3/0x6b0 fs/xattr.c:840\n path_listxattr fs/xattr.c:864 [inline]\n __do_sys_listxattr fs/xattr.c:876 [inline]\n __se_sys_listxattr fs/xattr.c:873 [inline]\n __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873\n x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[Fix]\nWhen allocating memory to strbuf, initialize memory to 0." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0570730c16307a72f8241df12363f76600baf57d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/22999936b91ba545ce1fbbecae6895127945e91c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/34f8efd2743f2d961e92e8e994de4c7a2f9e74a0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/72805debec8f7aa342da194fe0ed7bc8febea335", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ad57dc2caf1e0a3c0a9904400fae7afbc9f74bb2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c733e24a61cbcff10f660041d6d84d32bb7e4cb4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d02d8c1dacafb28930c39e16d48e40bb6e4cbc70", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f08956d8e0f80fd0d4ad84ec917302bb2f3a9c6a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41060.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41060.json new file mode 100644 index 00000000000..e217b57055c --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41060.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-41060", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:14.030", + "lastModified": "2024-07-29T15:15:14.030", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: check bo_va->bo is non-NULL before using it\n\nThe call to radeon_vm_clear_freed might clear bo_va->bo, so\nwe have to check it before dereferencing it." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/6fb15dcbcf4f212930350eaee174bb60ed40a536", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8a500b3a5f0a58c6f99039091fbd715f64f2f8af", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a2b201f83971df03c8e81a480b2f2846ae8ce1a3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a9100f17428cb733c4f6fbb132d98bed76318342", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f13c96e0e325a057c03f8a47734adb360e112efe", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41061.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41061.json new file mode 100644 index 00000000000..4979f683cb6 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41061.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-41061", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:14.103", + "lastModified": "2024-07-29T15:15:14.103", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport\n\n[Why]\nPotential out of bounds access in dml2_calculate_rq_and_dlg_params()\nbecause the value of out_lowest_state_idx used as an index for FCLKChangeSupport\narray can be greater than 1.\n\n[How]\nCurrently dml2 core specifies identical values for all FCLKChangeSupport\nelements. Always use index 0 in the condition to avoid out of bounds access." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0ad4b4a2f6357c45fbe444ead1a929a0b4017d03", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/94166fe12543fbef122ca2d093e794ea41073a85", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41062.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41062.json new file mode 100644 index 00000000000..3553de7ade6 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41062.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-41062", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:14.173", + "lastModified": "2024-07-29T15:15:14.173", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbluetooth/l2cap: sync sock recv cb and release\n\nThe problem occurs between the system call to close the sock and hci_rx_work,\nwhere the former releases the sock and the latter accesses it without lock protection.\n\n CPU0 CPU1\n ---- ----\n sock_close hci_rx_work\n\t l2cap_sock_release hci_acldata_packet\n\t l2cap_sock_kill l2cap_recv_frame\n\t sk_free l2cap_conless_channel\n\t l2cap_sock_recv_cb\n\nIf hci_rx_work processes the data that needs to be received before the sock is\nclosed, then everything is normal; Otherwise, the work thread may access the\nreleased sock when receiving data.\n\nAdd a chan mutex in the rx callback of the sock to achieve synchronization between\nthe sock release and recv cb.\n\nSock is dead, so set chan data to NULL, avoid others use invalid sock pointer." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3b732449b78183d17178db40be3a4401cf3cd629", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/605572e64cd9cebb05ed609d96cff05b50d18cdf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/89e856e124f9ae548572c56b1b70c2255705f8fe", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b803f30ea23e0968b6c8285c42adf0d862ab2bf6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41063.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41063.json new file mode 100644 index 00000000000..69e018fc8e0 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41063.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2024-41063", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:14.243", + "lastModified": "2024-07-29T15:15:14.243", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: cancel all works upon hci_unregister_dev()\n\nsyzbot is reporting that calling hci_release_dev() from hci_error_reset()\ndue to hci_dev_put() from hci_error_reset() can cause deadlock at\ndestroy_workqueue(), for hci_error_reset() is called from\nhdev->req_workqueue which destroy_workqueue() needs to flush.\n\nWe need to make sure that hdev->{rx_work,cmd_work,tx_work} which are\nqueued into hdev->workqueue and hdev->{power_on,error_reset} which are\nqueued into hdev->req_workqueue are no longer running by the moment\n\n destroy_workqueue(hdev->workqueue);\n destroy_workqueue(hdev->req_workqueue);\n\nare called from hci_release_dev().\n\nCall cancel_work_sync() on these work items from hci_unregister_dev()\nas soon as hdev->list is removed from hci_dev_list." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0d151a103775dd9645c78c97f77d6e2a5298d913", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3f939bd73fed12dddc2a32a76116c19ca47c7678", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/48542881997e17b49dc16b93fe910e0cfcf7a9f9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/96600c2e5ee8213dbab5df1617293d8e847bb4fa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9cfc84b1d464cc024286f42a090718f9067b80ed", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d2ce562a5aff1dcd0c50d9808ea825ef90da909f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d6cbce18370641a21dd889e8613d8153df15eb39", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ddeda6ca5f218b668b560d90fc31ae469adbfd92", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41064.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41064.json new file mode 100644 index 00000000000..5a59b1e08d3 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41064.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2024-41064", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:14.330", + "lastModified": "2024-07-29T15:15:14.330", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/eeh: avoid possible crash when edev->pdev changes\n\nIf a PCI device is removed during eeh_pe_report_edev(), edev->pdev\nwill change and can cause a crash, hold the PCI rescan/remove lock\nwhile taking a copy of edev->pdev->bus." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/033c51dfdbb6b79ab43fb3587276fa82d0a329e1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/428d940a8b6b3350b282c14d3f63350bde65c48b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4bc246d2d60d071314842fa448faa4ed39082aff", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4fad7fef847b6028475dd7b4c14fcb82b3e51274", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8836e1bf5838ac6c08760e0a2dd7cf6410aa7ff3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a1216e62d039bf63a539bbe718536ec789a853dd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f23c3d1ca9c4b2d626242a4e7e1ec1770447f7b5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41065.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41065.json new file mode 100644 index 00000000000..a952947c52b --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41065.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2024-41065", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:14.410", + "lastModified": "2024-07-29T15:15:14.410", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Whitelist dtl slub object for copying to userspace\n\nReading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu-*\nresults in a BUG() when the config CONFIG_HARDENED_USERCOPY is enabled as\nshown below.\n\n kernel BUG at mm/usercopy.c:102!\n Oops: Exception in kernel mode, sig: 5 [#1]\n LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n Modules linked in: xfs libcrc32c dm_service_time sd_mod t10_pi sg ibmvfc\n scsi_transport_fc ibmveth pseries_wdt dm_multipath dm_mirror dm_region_hash dm_log dm_mod fuse\n CPU: 27 PID: 1815 Comm: python3 Not tainted 6.10.0-rc3 #85\n Hardware name: IBM,9040-MRX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NM1060_042) hv:phyp pSeries\n NIP: c0000000005d23d4 LR: c0000000005d23d0 CTR: 00000000006ee6f8\n REGS: c000000120c078c0 TRAP: 0700 Not tainted (6.10.0-rc3)\n MSR: 8000000000029033 CR: 2828220f XER: 0000000e\n CFAR: c0000000001fdc80 IRQMASK: 0\n [ ... GPRs omitted ... ]\n NIP [c0000000005d23d4] usercopy_abort+0x78/0xb0\n LR [c0000000005d23d0] usercopy_abort+0x74/0xb0\n Call Trace:\n usercopy_abort+0x74/0xb0 (unreliable)\n __check_heap_object+0xf8/0x120\n check_heap_object+0x218/0x240\n __check_object_size+0x84/0x1a4\n dtl_file_read+0x17c/0x2c4\n full_proxy_read+0x8c/0x110\n vfs_read+0xdc/0x3a0\n ksys_read+0x84/0x144\n system_call_exception+0x124/0x330\n system_call_vectored_common+0x15c/0x2ec\n --- interrupt: 3000 at 0x7fff81f3ab34\n\nCommit 6d07d1cd300f (\"usercopy: Restrict non-usercopy caches to size 0\")\nrequires that only whitelisted areas in slab/slub objects can be copied to\nuserspace when usercopy hardening is enabled using CONFIG_HARDENED_USERCOPY.\nDtl contains hypervisor dispatch events which are expected to be read by\nprivileged users. Hence mark this safe for user access.\nSpecify useroffset=0 and usersize=DISPATCH_LOG_BYTES to whitelist the\nentire object." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0f5892212c27be31792ef1daa89c8dac1b3047e4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1a14150e1656f7a332a943154fc486504db4d586", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1ee68686d1e2a5da35d5650be0be1ce06fe2ceb2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6b16098148ea58a67430d90e20476be2377c3acd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a7b952941ce07e1e7a2cafd08c64a98e14f553e6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e512a59b472684d8585125101ab03b86c2c1348a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e59822f9d700349cd17968d22c979db23a2d347f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41066.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41066.json new file mode 100644 index 00000000000..98e39b6394d --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41066.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-41066", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:14.480", + "lastModified": "2024-07-29T15:15:14.480", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Add tx check to prevent skb leak\n\nBelow is a summary of how the driver stores a reference to an skb during\ntransmit:\n tx_buff[free_map[consumer_index]]->skb = new_skb;\n free_map[consumer_index] = IBMVNIC_INVALID_MAP;\n consumer_index ++;\nWhere variable data looks like this:\n free_map == [4, IBMVNIC_INVALID_MAP, IBMVNIC_INVALID_MAP, 0, 3]\n \tconsumer_index^\n tx_buff == [skb=null, skb=, skb=, skb=null, skb=null]\n\nThe driver has checks to ensure that free_map[consumer_index] pointed to\na valid index but there was no check to ensure that this index pointed\nto an unused/null skb address. So, if, by some chance, our free_map and\ntx_buff lists become out of sync then we were previously risking an\nskb memory leak. This could then cause tcp congestion control to stop\nsending packets, eventually leading to ETIMEDOUT.\n\nTherefore, add a conditional to ensure that the skb address is null. If\nnot then warn the user (because this is still a bug that should be\npatched) and free the old pointer to prevent memleak/tcp problems." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0983d288caf984de0202c66641577b739caad561", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/16ad1557cae582e79bb82dddd612d9bdfaa11d4c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/267c61c4afed0ff9a2e83462abad3f41d8ca1f06", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e7b75def33eae61ddaad6cb616c517dc3882eb2a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41067.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41067.json new file mode 100644 index 00000000000..0425be466c5 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41067.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-41067", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:14.560", + "lastModified": "2024-07-29T15:15:14.560", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: scrub: handle RST lookup error correctly\n\n[BUG]\nWhen running btrfs/060 with forced RST feature, it would crash the\nfollowing ASSERT() inside scrub_read_endio():\n\n\tASSERT(sector_nr < stripe->nr_sectors);\n\nBefore that, we would have tree dump from\nbtrfs_get_raid_extent_offset(), as we failed to find the RST entry for\nthe range.\n\n[CAUSE]\nInside scrub_submit_extent_sector_read() every time we allocated a new\nbbio we immediately called btrfs_map_block() to make sure there was some\nRST range covering the scrub target.\n\nBut if btrfs_map_block() fails, we immediately call endio for the bbio,\nwhile the bbio is newly allocated, it's completely empty.\n\nThen inside scrub_read_endio(), we go through the bvecs to find\nthe sector number (as bi_sector is no longer reliable if the bio is\nsubmitted to lower layers).\n\nAnd since the bio is empty, such bvecs iteration would not find any\nsector matching the sector, and return sector_nr == stripe->nr_sectors,\ntriggering the ASSERT().\n\n[FIX]\nInstead of calling btrfs_map_block() after allocating a new bbio, call\nbtrfs_map_block() first.\n\nSince our only objective of calling btrfs_map_block() is only to update\nstripe_len, there is really no need to do that after btrfs_alloc_bio().\n\nThis new timing would avoid the problem of handling empty bbio\ncompletely, and in fact fixes a possible race window for the old code,\nwhere if the submission thread is the only owner of the pending_io, the\nscrub would never finish (since we didn't decrease the pending_io\ncounter).\n\nAlthough the root cause of RST lookup failure still needs to be\naddressed." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/17d1fd302a53d7e456a7412da74be74a0cf63a72", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2c49908634a2b97b1c3abe0589be2739ac5e7fd5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41068.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41068.json new file mode 100644 index 00000000000..ac2a0a50d07 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41068.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2024-41068", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:14.630", + "lastModified": "2024-07-29T15:15:14.630", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Fix sclp_init() cleanup on failure\n\nIf sclp_init() fails it only partially cleans up: if there are multiple\nfailing calls to sclp_init() sclp_state_change_event will be added several\ntimes to sclp_reg_list, which results in the following warning:\n\n------------[ cut here ]------------\nlist_add double add: new=000003ffe1598c10, prev=000003ffe1598bf0, next=000003ffe1598c10.\nWARNING: CPU: 0 PID: 1 at lib/list_debug.c:35 __list_add_valid_or_report+0xde/0xf8\nCPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.10.0-rc3\nKrnl PSW : 0404c00180000000 000003ffe0d6076a (__list_add_valid_or_report+0xe2/0xf8)\n R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3\n...\nCall Trace:\n [<000003ffe0d6076a>] __list_add_valid_or_report+0xe2/0xf8\n([<000003ffe0d60766>] __list_add_valid_or_report+0xde/0xf8)\n [<000003ffe0a8d37e>] sclp_init+0x40e/0x450\n [<000003ffe00009f2>] do_one_initcall+0x42/0x1e0\n [<000003ffe15b77a6>] do_initcalls+0x126/0x150\n [<000003ffe15b7a0a>] kernel_init_freeable+0x1ba/0x1f8\n [<000003ffe0d6650e>] kernel_init+0x2e/0x180\n [<000003ffe000301c>] __ret_from_fork+0x3c/0x60\n [<000003ffe0d759ca>] ret_from_fork+0xa/0x30\n\nFix this by removing sclp_state_change_event from sclp_reg_list when\nsclp_init() fails." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0a31b3fdc7e735c4f8c65fe4339945c717ed6808", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2e51db7ab71b89dc5a17068f5e201c69f13a4c9a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/455a6653d8700a81aa8ed2b6442a3be476007090", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6434b33faaa063df500af355ee6c3942e0f8d982", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/79b4be70d5a160969b805f638ac5b4efd0aac7a3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a778987afc36d5dc02a1f82d352a81edcaf7eb83", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/be0259796d0b76bbc7461e12c186814a9e58244c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cf521049fcd07071ed42dc9758fce7d5ee120ec6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41069.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41069.json new file mode 100644 index 00000000000..8430e45e54c --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41069.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-41069", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:14.713", + "lastModified": "2024-07-29T15:15:14.713", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: topology: Fix references to freed memory\n\nMost users after parsing a topology file, release memory used by it, so\nhaving pointer references directly into topology file contents is wrong.\nUse devm_kmemdup(), to allocate memory as needed." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/97ab304ecd95c0b1703ff8c8c3956dc6e2afe8e1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ab5a6208b4d6872b1c6ecea1867940fc668cc76d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b188d7f3dfab10e332e3c1066e18857964a520d2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ccae5c6a1fab9494c86b7856faf05e296c617702", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41070.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41070.json new file mode 100644 index 00000000000..e9ea1970ad4 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41070.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2024-41070", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:14.787", + "lastModified": "2024-07-29T15:15:14.787", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group()\n\nAl reported a possible use-after-free (UAF) in kvm_spapr_tce_attach_iommu_group().\n\nIt looks up `stt` from tablefd, but then continues to use it after doing\nfdput() on the returned fd. After the fdput() the tablefd is free to be\nclosed by another thread. The close calls kvm_spapr_tce_release() and\nthen release_spapr_tce_table() (via call_rcu()) which frees `stt`.\n\nAlthough there are calls to rcu_read_lock() in\nkvm_spapr_tce_attach_iommu_group() they are not sufficient to prevent\nthe UAF, because `stt` is used outside the locked regions.\n\nWith an artifcial delay after the fdput() and a userspace program which\ntriggers the race, KASAN detects the UAF:\n\n BUG: KASAN: slab-use-after-free in kvm_spapr_tce_attach_iommu_group+0x298/0x720 [kvm]\n Read of size 4 at addr c000200027552c30 by task kvm-vfio/2505\n CPU: 54 PID: 2505 Comm: kvm-vfio Not tainted 6.10.0-rc3-next-20240612-dirty #1\n Hardware name: 8335-GTH POWER9 0x4e1202 opal:skiboot-v6.5.3-35-g1851b2a06 PowerNV\n Call Trace:\n dump_stack_lvl+0xb4/0x108 (unreliable)\n print_report+0x2b4/0x6ec\n kasan_report+0x118/0x2b0\n __asan_load4+0xb8/0xd0\n kvm_spapr_tce_attach_iommu_group+0x298/0x720 [kvm]\n kvm_vfio_set_attr+0x524/0xac0 [kvm]\n kvm_device_ioctl+0x144/0x240 [kvm]\n sys_ioctl+0x62c/0x1810\n system_call_exception+0x190/0x440\n system_call_vectored_common+0x15c/0x2ec\n ...\n Freed by task 0:\n ...\n kfree+0xec/0x3e0\n release_spapr_tce_table+0xd4/0x11c [kvm]\n rcu_core+0x568/0x16a0\n handle_softirqs+0x23c/0x920\n do_softirq_own_stack+0x6c/0x90\n do_softirq_own_stack+0x58/0x90\n __irq_exit_rcu+0x218/0x2d0\n irq_exit+0x30/0x80\n arch_local_irq_restore+0x128/0x230\n arch_local_irq_enable+0x1c/0x30\n cpuidle_enter_state+0x134/0x5cc\n cpuidle_enter+0x6c/0xb0\n call_cpuidle+0x7c/0x100\n do_idle+0x394/0x410\n cpu_startup_entry+0x60/0x70\n start_secondary+0x3fc/0x410\n start_secondary_prolog+0x10/0x14\n\nFix it by delaying the fdput() until `stt` is no longer in use, which\nis effectively the entire function. To keep the patch minimal add a call\nto fdput() at each of the existing return paths. Future work can convert\nthe function to goto or __cleanup style cleanup.\n\nWith the fix in place the test case no longer triggers the UAF." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4cdf6926f443c84f680213c7aafbe6f91a5fcbc0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5f856023971f97fff74cfaf21b48ec320147b50a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/82c7a4cf14aa866f8f7f09e662b02eddc49ee0bf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9975f93c760a32453d7639cf6fcf3f73b4e71ffe", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a986fa57fd81a1430e00b3c6cf8a325d6f894a63", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b26c8c85463ef27a522d24fcd05651f0bb039e47", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/be847bb20c809de8ac124431b556f244400b0491", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41071.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41071.json new file mode 100644 index 00000000000..042f5f6edd2 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41071.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-41071", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:14.863", + "lastModified": "2024-07-29T15:15:14.863", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Avoid address calculations via out of bounds array indexing\n\nreq->n_channels must be set before req->channels[] can be used.\n\nThis patch fixes one of the issues encountered in [1].\n\n[ 83.964255] UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:364:4\n[ 83.964258] index 0 is out of range for type 'struct ieee80211_channel *[]'\n[...]\n[ 83.964264] Call Trace:\n[ 83.964267] \n[ 83.964269] dump_stack_lvl+0x3f/0xc0\n[ 83.964274] __ubsan_handle_out_of_bounds+0xec/0x110\n[ 83.964278] ieee80211_prep_hw_scan+0x2db/0x4b0\n[ 83.964281] __ieee80211_start_scan+0x601/0x990\n[ 83.964291] nl80211_trigger_scan+0x874/0x980\n[ 83.964295] genl_family_rcv_msg_doit+0xe8/0x160\n[ 83.964298] genl_rcv_msg+0x240/0x270\n[...]\n\n[1] https://bugzilla.kernel.org/show_bug.cgi?id=218810" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2663d0462eb32ae7c9b035300ab6b1523886c718", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4f43a614b1b84f0d1e3c48cc541c3bfdf414a6d0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41072.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41072.json new file mode 100644 index 00000000000..0ef2b08b8a6 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41072.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2024-41072", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:14.937", + "lastModified": "2024-07-29T15:15:14.937", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: wext: add extra SIOCSIWSCAN data check\n\nIn 'cfg80211_wext_siwscan()', add extra check whether number of\nchannels passed via 'ioctl(sock, SIOCSIWSCAN, ...)' doesn't exceed\nIW_MAX_FREQUENCIES and reject invalid request with -EINVAL otherwise." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/001120ff0c9e3557dee9b5ee0d358e0fc189996f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/35cee10ccaee5bd451a480521bbc25dc9f07fa5b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6295bad58f988eaafcf0e6f8b198a580398acb3b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6ef09cdc5ba0f93826c09d810c141a8d103a80fc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a43cc0558530b6c065976b6b9246f512f8d3593b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b02ba9a0b55b762bd04743a22f3d9f9645005e79", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/de5fcf757e33596eed32de170ce5a93fa44dd2ac", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fe9644efd86704afe50e56b64b609de340ab7c95", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41073.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41073.json new file mode 100644 index 00000000000..57169e6de23 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41073.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-41073", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:15.020", + "lastModified": "2024-07-29T15:15:15.020", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: avoid double free special payload\n\nIf a discard request needs to be retried, and that retry may fail before\na new special payload is added, a double free will result. Clear the\nRQF_SPECIAL_LOAD when the request is cleaned." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1b9fd1265fac85916f90b4648de02adccdb7220b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ae84383c96d6662c24697ab6b44aae855ab670aa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c5942a14f795de957ae9d66027aac8ff4fe70057", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e5d574ab37f5f2e7937405613d9b1a724811e5ad", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f3ab45aacd25d957547fb6d115c1574c20964b3b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41074.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41074.json new file mode 100644 index 00000000000..3c39258c9b0 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41074.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-41074", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:15.097", + "lastModified": "2024-07-29T15:15:15.097", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Set object to close if ondemand_id < 0 in copen\n\nIf copen is maliciously called in the user mode, it may delete the request\ncorresponding to the random id. And the request may have not been read yet.\n\nNote that when the object is set to reopen, the open request will be done\nwith the still reopen state in above case. As a result, the request\ncorresponding to this object is always skipped in select_req function, so\nthe read request is never completed and blocks other process.\n\nFix this issue by simply set object to close if its id < 0 in copen." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0845c553db11c84ff53fccd59da11b6d6ece4a60", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4f8703fb3482f92edcfd31661857b16fec89c2c0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/703bea37d13e4ccdafd17ae7c4cb583752ba7663", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c32ee78fbc670e6f90989a45d340748e34cad333", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41075.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41075.json new file mode 100644 index 00000000000..460410dd87d --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41075.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-41075", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:15.163", + "lastModified": "2024-07-29T15:15:15.163", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: add consistency check for copen/cread\n\nThis prevents malicious processes from completing random copen/cread\nrequests and crashing the system. Added checks are listed below:\n\n * Generic, copen can only complete open requests, and cread can only\n complete read requests.\n * For copen, ondemand_id must not be 0, because this indicates that the\n request has not been read by the daemon.\n * For cread, the object corresponding to fd and req should be the same." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/36d845ccd7bf527110a65fe953886a176c209539", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3b744884c0431b5a62c92900e64bfd0ed61e8e2a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8aaa6c5dd2940ab934d6cd296175f43dbb32b34a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a26dc49df37e996876f50a0210039b2d211fdd6f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41076.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41076.json new file mode 100644 index 00000000000..a3c12bde98b --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41076.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-41076", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:15.237", + "lastModified": "2024-07-29T15:15:15.237", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4: Fix memory leak in nfs4_set_security_label\n\nWe leak nfs_fattr and nfs4_label every time we set a security xattr." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/899604a7c958771840941caff9ee3dd8193d984c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/aad11473f8f4be3df86461081ce35ec5b145ba68", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b98090699319e64f5de1e8db5bb75870f1eb1c6e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d130220ccc94d74d70da984a199477937e7bf03c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41077.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41077.json new file mode 100644 index 00000000000..e1bf473d8d3 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41077.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2024-41077", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:15.303", + "lastModified": "2024-07-29T15:15:15.303", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: fix validation of block size\n\nBlock size should be between 512 and PAGE_SIZE and be a power of 2. The current\ncheck does not validate this, so update the check.\n\nWithout this patch, null_blk would Oops due to a null pointer deref when\nloaded with bs=1536 [1].\n\n\n[axboe: remove unnecessary braces and != 0 check]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/08f03186b96e25e3154916a2e70732557c770ea7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2772ed2fc075eef7df3789906fc9dae01e4e132e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9625afe1dd4a158a14bb50f81af9e2dac634c0b1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9b873bdaae64bddade9d8c6df23c8a31948d47d0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c462ecd659b5fce731f1d592285832fd6ad54053", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f92409a9da02f27d05d713bff5f865e386cef9b3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41078.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41078.json new file mode 100644 index 00000000000..3c7dbaa5c8b --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41078.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2024-41078", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:15.380", + "lastModified": "2024-07-29T15:15:15.380", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: qgroup: fix quota root leak after quota disable failure\n\nIf during the quota disable we fail when cleaning the quota tree or when\ndeleting the root from the root tree, we jump to the 'out' label without\never dropping the reference on the quota root, resulting in a leak of the\nroot since fs_info->quota_root is no longer pointing to the root (we have\nset it to NULL just before those steps).\n\nFix this by always doing a btrfs_put_root() call under the 'out' label.\nThis is a problem that exists since qgroups were first added in 2012 by\ncommit bed92eae26cc (\"Btrfs: qgroup implementation and prototypes\"), but\nback then we missed a kfree on the quota root and free_extent_buffer()\ncalls on its root and commit root nodes, since back then roots were not\nyet reference counted." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5ef3961682e5310f2221bae99bcf9f5d0f4b0d51", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7dd6a5b96157a21245566b21fd58276a214357ff", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8a69529f22590b67bb018de9acbcf94abc8603cf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/94818bdb00ef34a996a06aa63d11f591074cb757", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a7e4c6a3031c74078dba7fa36239d0f4fe476c53", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f88aeff5a173e8ba3133314eb4b964236ef3589d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41079.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41079.json new file mode 100644 index 00000000000..d9a53e4b203 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41079.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-41079", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:15.457", + "lastModified": "2024-07-29T15:15:15.457", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: always initialize cqe.result\n\nThe spec doesn't mandate that the first two double words (aka results)\nfor the command queue entry need to be set to 0 when they are not\nused (not specified). Though, the target implemention returns 0 for TCP\nand FC but not for RDMA.\n\nLet's make RDMA behave the same and thus explicitly initializing the\nresult field. This prevents leaking any data from the stack." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0990e8a863645496b9e3f91cfcfd63cd95c80319", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/10967873b80742261527a071954be8b54f0f8e4d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/30d35b24b7957922f81cfdaa66f2e1b1e9b9aed2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cd0c1b8e045a8d2785342b385cb2684d9b48e426", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41080.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41080.json new file mode 100644 index 00000000000..60599469b5b --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41080.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-41080", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:15.523", + "lastModified": "2024-07-29T15:15:15.523", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix possible deadlock in io_register_iowq_max_workers()\n\nThe io_register_iowq_max_workers() function calls io_put_sq_data(),\nwhich acquires the sqd->lock without releasing the uring_lock.\nSimilar to the commit 009ad9f0c6ee (\"io_uring: drop ctx->uring_lock\nbefore acquiring sqd->lock\"), this can lead to a potential deadlock\nsituation.\n\nTo resolve this issue, the uring_lock is released before calling\nio_put_sq_data(), and then it is re-acquired after the function call.\n\nThis change ensures that the locks are acquired in the correct\norder, preventing the possibility of a deadlock." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/73254a297c2dd094abec7c9efee32455ae875bdf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b571a367502c7ef94c688ef9c7f7d69a2ce3bcca", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41081.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41081.json new file mode 100644 index 00000000000..715db59125d --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41081.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2024-41081", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:15.593", + "lastModified": "2024-07-29T15:15:15.593", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: block BH in ila_output()\n\nAs explained in commit 1378817486d6 (\"tipc: block BH\nbefore using dst_cache\"), net/core/dst_cache.c\nhelpers need to be called with BH disabled.\n\nila_output() is called from lwtunnel_output()\npossibly from process context, and under rcu_read_lock().\n\nWe might be interrupted by a softirq, re-enter ila_output()\nand corrupt dst_cache data structures.\n\nFix the race by using local_bh_disable()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/522c3336c2025818fa05e9daf0ac35711e55e316", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7435bd2f84a25aba607030237261b3795ba782da", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/96103371091c6476eb07f4c66624bdd1b42f758a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9f9c79d8e527d867e0875868b14fb76e6011e70c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a0cafb7b0b94d18e4813ee4b712a056f280e7b5a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b4eb25a3d70df925a9fa4e82d17a958a0a228f5f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cf28ff8e4c02e1ffa850755288ac954b6ff0db8c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/feac2391e26b086f73be30e9b1ab215eada8d830", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41082.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41082.json new file mode 100644 index 00000000000..07ba21eced9 --- /dev/null +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41082.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-41082", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-29T15:15:15.670", + "lastModified": "2024-07-29T15:15:15.670", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fabrics: use reserved tag for reg read/write command\n\nIn some scenarios, if too many commands are issued by nvme command in\nthe same time by user tasks, this may exhaust all tags of admin_q. If\na reset (nvme reset or IO timeout) occurs before these commands finish,\nreconnect routine may fail to update nvme regs due to insufficient tags,\nwhich will cause kernel hang forever. In order to workaround this issue,\nmaybe we can let reg_read32()/reg_read64()/reg_write32() use reserved\ntags. This maybe safe for nvmf:\n\n1. For the disable ctrl path, we will not issue connect command\n2. For the enable ctrl / fw activate path, since connect and reg_xx()\n are called serially.\n\nSo the reserved tags may still be enough while reg_xx() use reserved tags." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/165da9c67a26f08c9b956c15d701da7690f45bcb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7dc3bfcb4c9cc58970fff6aaa48172cb224d85aa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41090.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41090.json index e7ea1e54da2..09cd2439d96 100644 --- a/CVE-2024/CVE-2024-410xx/CVE-2024-41090.json +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41090.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41090", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T07:15:07.287", - "lastModified": "2024-07-29T07:15:07.287", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntap: add missing verification for short frame\n\nThe cited commit missed to check against the validity of the frame length\nin the tap_get_user_xdp() path, which could cause a corrupted skb to be\nsent downstack. Even before the skb is transmitted, the\ntap_get_user_xdp()-->skb_set_network_header() may assume the size is more\nthan ETH_HLEN. Once transmitted, this could either cause out-of-bound\naccess beyond the actual length, or confuse the underlayer with incorrect\nor inconsistent header length in the skb metadata.\n\nIn the alternative path, tap_get_user() already prohibits short frame which\nhas the length less than Ethernet header size from being transmitted.\n\nThis is to drop any frame shorter than the Ethernet header size just like\nhow tap_get_user() does.\n\nCVE: CVE-2024-41090" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: tap: agregar verificaci\u00f3n faltante para marco corto La confirmaci\u00f3n citada no pudo verificar la validez de la longitud del marco en la ruta tap_get_user_xdp(), lo que podr\u00eda causar que un skb corrupto se env\u00ede hacia abajo. Incluso antes de que se transmita el skb, tap_get_user_xdp()-->skb_set_network_header() puede asumir que el tama\u00f1o es mayor que ETH_HLEN. Una vez transmitido, esto podr\u00eda provocar un acceso fuera de los l\u00edmites m\u00e1s all\u00e1 de la longitud real o confundir la capa subyacente con una longitud de encabezado incorrecta o inconsistente en los metadatos de skb. En la ruta alternativa, tap_get_user() ya proh\u00edbe la transmisi\u00f3n de tramas cortas que tengan una longitud menor que el tama\u00f1o del encabezado Ethernet. Esto es para eliminar cualquier trama m\u00e1s corta que el tama\u00f1o del encabezado de Ethernet tal como lo hace tap_get_user(). CVE: CVE-2024-41090" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41091.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41091.json index 93ccf7dd6b2..8844982f871 100644 --- a/CVE-2024/CVE-2024-410xx/CVE-2024-41091.json +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41091.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41091", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T07:15:07.553", - "lastModified": "2024-07-29T07:15:07.553", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntun: add missing verification for short frame\n\nThe cited commit missed to check against the validity of the frame length\nin the tun_xdp_one() path, which could cause a corrupted skb to be sent\ndownstack. Even before the skb is transmitted, the\ntun_xdp_one-->eth_type_trans() may access the Ethernet header although it\ncan be less than ETH_HLEN. Once transmitted, this could either cause\nout-of-bound access beyond the actual length, or confuse the underlayer\nwith incorrect or inconsistent header length in the skb metadata.\n\nIn the alternative path, tun_get_user() already prohibits short frame which\nhas the length less than Ethernet header size from being transmitted for\nIFF_TAP.\n\nThis is to drop any frame shorter than the Ethernet header size just like\nhow tun_get_user() does.\n\nCVE: CVE-2024-41091" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: tun: agrega verificaci\u00f3n faltante para marcos cortos La confirmaci\u00f3n citada no pudo verificar la validez de la longitud del marco en la ruta tun_xdp_one(), lo que podr\u00eda provocar que un skb da\u00f1ado se env\u00ede hacia abajo. Incluso antes de que se transmita el skb, tun_xdp_one-->eth_type_trans() puede acceder al encabezado de Ethernet aunque puede ser menor que ETH_HLEN. Una vez transmitido, esto podr\u00eda provocar un acceso fuera de los l\u00edmites m\u00e1s all\u00e1 de la longitud real o confundir la capa subyacente con una longitud de encabezado incorrecta o inconsistente en los metadatos de skb. En la ruta alternativa, tun_get_user() ya proh\u00edbe la transmisi\u00f3n de tramas cortas que tengan una longitud menor que el tama\u00f1o del encabezado Ethernet para IFF_TAP. Esto es para eliminar cualquier trama m\u00e1s corta que el tama\u00f1o del encabezado de Ethernet tal como lo hace tun_get_user(). CVE: CVE-2024-41091" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-411xx/CVE-2024-41112.json b/CVE-2024/CVE-2024-411xx/CVE-2024-41112.json index 4b9aae1a5e3..7295109433d 100644 --- a/CVE-2024/CVE-2024-411xx/CVE-2024-41112.json +++ b/CVE-2024/CVE-2024-411xx/CVE-2024-41112.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41112", "sourceIdentifier": "security-advisories@github.com", "published": "2024-07-26T20:15:05.237", - "lastModified": "2024-07-26T20:15:05.237", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable in `pages/1_\ud83d\udcf7_Timelapse.py` takes user input, which is later used in the `eval()` function on line 380, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue." + "value": "streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable in `pages/1_?_Timelapse.py` takes user input, which is later used in the `eval()` function on line 380, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue." + }, + { + "lang": "es", + "value": " streamlit-geospatial es una aplicaci\u00f3n multip\u00e1gina optimizada para aplicaciones geoespaciales. Antes de la confirmaci\u00f3n c4f81d9616d40c60584e36abb15300853a66e489, la variable palette en `pages/1_?_Timelapse.py` toma la entrada del usuario, que luego se usa en la funci\u00f3n `eval()` en la l\u00ednea 380, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo. La confirmaci\u00f3n c4f81d9616d40c60584e36abb15300853a66e489 soluciona este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-411xx/CVE-2024-41113.json b/CVE-2024/CVE-2024-411xx/CVE-2024-41113.json index a6272358446..5a6d08f2f82 100644 --- a/CVE-2024/CVE-2024-411xx/CVE-2024-41113.json +++ b/CVE-2024/CVE-2024-411xx/CVE-2024-41113.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41113", "sourceIdentifier": "security-advisories@github.com", "published": "2024-07-26T20:15:05.560", - "lastModified": "2024-07-26T20:15:05.560", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 383 or line 390 in `pages/1_\ud83d\udcf7_Timelapse.py` takes user input, which is later used in the `eval()` function on line 395, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue." + "value": "streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 383 or line 390 in `pages/1_?_Timelapse.py` takes user input, which is later used in the `eval()` function on line 395, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue." + }, + { + "lang": "es", + "value": "streamlit-geospatial es una aplicaci\u00f3n multip\u00e1gina optimizada para aplicaciones geoespaciales. Antes de la confirmaci\u00f3n c4f81d9616d40c60584e36abb15300853a66e489, la variable `vis_params` en la l\u00ednea 383 o la l\u00ednea 390 en `pages/1_?_Timelapse.py` toma la entrada del usuario, que luego se usa en la funci\u00f3n `eval()` en la l\u00ednea 395, lo que lleva a la ejecuci\u00f3n de c\u00f3digo remoto . La confirmaci\u00f3n c4f81d9616d40c60584e36abb15300853a66e489 soluciona este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-411xx/CVE-2024-41114.json b/CVE-2024/CVE-2024-411xx/CVE-2024-41114.json index 838d806c968..7ee04fa0503 100644 --- a/CVE-2024/CVE-2024-411xx/CVE-2024-41114.json +++ b/CVE-2024/CVE-2024-411xx/CVE-2024-41114.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41114", "sourceIdentifier": "security-advisories@github.com", "published": "2024-07-26T21:15:12.813", - "lastModified": "2024-07-26T21:15:12.813", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `palette` variable on line 430 in `pages/1_\ud83d\udcf7_Timelapse.py` takes user input, which is later used in the `eval()` function on line 435, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue." + "value": "streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `palette` variable on line 430 in `pages/1_?_Timelapse.py` takes user input, which is later used in the `eval()` function on line 435, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue." + }, + { + "lang": "es", + "value": " streamlit-geospatial es una aplicaci\u00f3n multip\u00e1gina optimizada para aplicaciones geoespaciales. Antes de la confirmaci\u00f3n c4f81d9616d40c60584e36abb15300853a66e489, la variable `palette` en la l\u00ednea 430 en `pages/1_?_Timelapse.py` toma la entrada del usuario, que luego se usa en la funci\u00f3n `eval()` en la l\u00ednea 435, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo. La confirmaci\u00f3n c4f81d9616d40c60584e36abb15300853a66e489 soluciona este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-411xx/CVE-2024-41115.json b/CVE-2024/CVE-2024-411xx/CVE-2024-41115.json index 83f2ce1766c..df0b4592f9e 100644 --- a/CVE-2024/CVE-2024-411xx/CVE-2024-41115.json +++ b/CVE-2024/CVE-2024-411xx/CVE-2024-41115.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41115", "sourceIdentifier": "security-advisories@github.com", "published": "2024-07-26T21:15:13.023", - "lastModified": "2024-07-26T21:15:13.023", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `palette` variable on line 488 in `pages/1_\ud83d\udcf7_Timelapse.py` takes user input, which is later used in the `eval()` function on line 493, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue." + "value": "streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `palette` variable on line 488 in `pages/1_?_Timelapse.py` takes user input, which is later used in the `eval()` function on line 493, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue." + }, + { + "lang": "es", + "value": "streamlit-geospatial es una aplicaci\u00f3n multip\u00e1gina optimizada para aplicaciones geoespaciales. Antes de la confirmaci\u00f3n c4f81d9616d40c60584e36abb15300853a66e489, la variable `palette` en la l\u00ednea 488 en `pages/1_?_Timelapse.py` toma la entrada del usuario, que luego se usa en la funci\u00f3n `eval()` en la l\u00ednea 493, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo. La confirmaci\u00f3n c4f81d9616d40c60584e36abb15300853a66e489 soluciona este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-411xx/CVE-2024-41116.json b/CVE-2024/CVE-2024-411xx/CVE-2024-41116.json index 8ff12a4c8d3..9493df725f8 100644 --- a/CVE-2024/CVE-2024-411xx/CVE-2024-41116.json +++ b/CVE-2024/CVE-2024-411xx/CVE-2024-41116.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41116", "sourceIdentifier": "security-advisories@github.com", "published": "2024-07-26T21:15:13.237", - "lastModified": "2024-07-26T21:15:13.237", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 1254 in `pages/1_\ud83d\udcf7_Timelapse.py` takes user input, which is later used in the `eval()` function on line 1345, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue." + "value": "streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 1254 in `pages/1_?_Timelapse.py` takes user input, which is later used in the `eval()` function on line 1345, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue." + }, + { + "lang": "es", + "value": " streamlit-geospatial es una aplicaci\u00f3n multip\u00e1gina optimizada para aplicaciones geoespaciales. Antes de la confirmaci\u00f3n c4f81d9616d40c60584e36abb15300853a66e489, la variable `vis_params` en la l\u00ednea 1254 en `pages/1_?_Timelapse.py` toma la entrada del usuario, que luego se usa en la funci\u00f3n `eval()` en la l\u00ednea 1345, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo. La confirmaci\u00f3n c4f81d9616d40c60584e36abb15300853a66e489 soluciona este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-411xx/CVE-2024-41117.json b/CVE-2024/CVE-2024-411xx/CVE-2024-41117.json index 00a053f0f5d..eb75ad47dff 100644 --- a/CVE-2024/CVE-2024-411xx/CVE-2024-41117.json +++ b/CVE-2024/CVE-2024-411xx/CVE-2024-41117.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41117", "sourceIdentifier": "security-advisories@github.com", "published": "2024-07-26T21:15:13.443", - "lastModified": "2024-07-26T21:15:13.443", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 115 in `pages/10_\ud83c\udf0d_Earth_Engine_Datasets.py` takes user input, which is later used in the `eval()` function on line 126, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue." + "value": "streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 115 in `pages/10_?_Earth_Engine_Datasets.py` takes user input, which is later used in the `eval()` function on line 126, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue." + }, + { + "lang": "es", + "value": "streamlit-geospatial es una aplicaci\u00f3n multip\u00e1gina optimizada para aplicaciones geoespaciales. Antes de la confirmaci\u00f3n c4f81d9616d40c60584e36abb15300853a66e489, la variable `vis_params` en la l\u00ednea 115 en `pages/10_?_Earth_Engine_Datasets.py` toma la entrada del usuario, que luego se usa en la funci\u00f3n `eval()` en la l\u00ednea 126, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo. La confirmaci\u00f3n c4f81d9616d40c60584e36abb15300853a66e489 soluciona este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-411xx/CVE-2024-41118.json b/CVE-2024/CVE-2024-411xx/CVE-2024-41118.json index 88295c3e432..705c460e5ea 100644 --- a/CVE-2024/CVE-2024-411xx/CVE-2024-41118.json +++ b/CVE-2024/CVE-2024-411xx/CVE-2024-41118.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41118", "sourceIdentifier": "security-advisories@github.com", "published": "2024-07-26T21:15:13.653", - "lastModified": "2024-07-26T21:15:13.653", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `url` variable on line 47 of `pages/7_\ud83d\udce6_Web_Map_Service.py` takes user input, which is passed to `get_layers` function, in which `url` is used with `get_wms_layer` method. `get_wms_layer` method creates a request to arbitrary destinations, leading to blind server-side request forgery. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue." + "value": "streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `url` variable on line 47 of `pages/7_?_Web_Map_Service.py` takes user input, which is passed to `get_layers` function, in which `url` is used with `get_wms_layer` method. `get_wms_layer` method creates a request to arbitrary destinations, leading to blind server-side request forgery. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue." + }, + { + "lang": "es", + "value": " streamlit-geospatial es una aplicaci\u00f3n multip\u00e1gina optimizada para aplicaciones geoespaciales. Antes de la confirmaci\u00f3n c4f81d9616d40c60584e36abb15300853a66e489, la variable `url` en la l\u00ednea 47 de `pages/7_?_Web_Map_Service.py` toma la entrada del usuario, que se pasa a la funci\u00f3n `get_layers`, en la que `url` se usa con el m\u00e9todo `get_wms_layer`. El m\u00e9todo `get_wms_layer` crea una solicitud a destinos arbitrarios, lo que lleva a blind server-side request forgery. La confirmaci\u00f3n c4f81d9616d40c60584e36abb15300853a66e489 soluciona este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-411xx/CVE-2024-41119.json b/CVE-2024/CVE-2024-411xx/CVE-2024-41119.json index 40a17e80fdd..96d3e9b55af 100644 --- a/CVE-2024/CVE-2024-411xx/CVE-2024-41119.json +++ b/CVE-2024/CVE-2024-411xx/CVE-2024-41119.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41119", "sourceIdentifier": "security-advisories@github.com", "published": "2024-07-26T21:15:13.867", - "lastModified": "2024-07-26T21:15:13.867", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 80 in `8_\ud83c\udfdc\ufe0f_Raster_Data_Visualization.py` takes user input, which is later used in the `eval()` function on line 86, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue." + "value": "streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 80 in `8_??_Raster_Data_Visualization.py` takes user input, which is later used in the `eval()` function on line 86, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue." + }, + { + "lang": "es", + "value": "streamlit-geospatial es una aplicaci\u00f3n multip\u00e1gina optimizada para aplicaciones geoespaciales. Antes de la confirmaci\u00f3n c4f81d9616d40c60584e36abb15300853a66e489, la variable `vis_params` en la l\u00ednea 80 en `8_??_Raster_Data_Visualization.py` toma la entrada del usuario, que luego se usa en la funci\u00f3n `eval()` en la l\u00ednea 86, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo. La confirmaci\u00f3n c4f81d9616d40c60584e36abb15300853a66e489 soluciona este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-411xx/CVE-2024-41120.json b/CVE-2024/CVE-2024-411xx/CVE-2024-41120.json index a54409b7332..1ad1e56e40e 100644 --- a/CVE-2024/CVE-2024-411xx/CVE-2024-41120.json +++ b/CVE-2024/CVE-2024-411xx/CVE-2024-41120.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41120", "sourceIdentifier": "security-advisories@github.com", "published": "2024-07-26T21:15:14.070", - "lastModified": "2024-07-26T21:15:14.070", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `url` variable on line 63 of `pages/9_\ud83d\udd32_Vector_Data_Visualization.py` takes user input, which is later passed to the `gpd.read_file` method. `gpd.read_file` method creates a request to arbitrary destinations, leading to blind server-side request forgery. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue." + "value": "streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `url` variable on line 63 of `pages/9_?_Vector_Data_Visualization.py` takes user input, which is later passed to the `gpd.read_file` method. `gpd.read_file` method creates a request to arbitrary destinations, leading to blind server-side request forgery. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue." + }, + { + "lang": "es", + "value": " streamlit-geospatial es una aplicaci\u00f3n multip\u00e1gina optimizada para aplicaciones geoespaciales. Antes de la confirmaci\u00f3n c4f81d9616d40c60584e36abb15300853a66e489, la variable `url` en la l\u00ednea 63 de `pages/9_?_Vector_Data_Visualization.py` toma la entrada del usuario, que luego se pasa al m\u00e9todo `gpd.read_file`. El m\u00e9todo `gpd.read_file` crea una solicitud a destinos arbitrarios, lo que lleva a blind server-side request forgery. La confirmaci\u00f3n c4f81d9616d40c60584e36abb15300853a66e489 soluciona este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-411xx/CVE-2024-41139.json b/CVE-2024/CVE-2024-411xx/CVE-2024-41139.json index 4c0c8d1c763..01e84a1f953 100644 --- a/CVE-2024/CVE-2024-411xx/CVE-2024-41139.json +++ b/CVE-2024/CVE-2024-411xx/CVE-2024-41139.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41139", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-07-29T09:15:02.563", - "lastModified": "2024-07-29T09:15:02.563", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Incorrect privilege assignment vulnerability exists in SKYSEA Client View Ver.6.010.06 to Ver.19.210.04e. If a user who can log in to the PC where the product's Windows client is installed places a specially crafted DLL file in a specific folder, arbitrary code may be executed with SYSTEM privilege." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de asignaci\u00f3n de privilegios incorrecta en SKYSEA Client View Ver.6.010.06 a Ver.19.210.04e. Si un usuario que puede iniciar sesi\u00f3n en el PC donde est\u00e1 instalado el cliente Windows del producto coloca un archivo DLL especialmente manipulado en una carpeta espec\u00edfica, se puede ejecutar c\u00f3digo arbitrario con privilegios de SYSTEM." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-411xx/CVE-2024-41143.json b/CVE-2024/CVE-2024-411xx/CVE-2024-41143.json index 0271e810212..1d80ed74d56 100644 --- a/CVE-2024/CVE-2024-411xx/CVE-2024-41143.json +++ b/CVE-2024/CVE-2024-411xx/CVE-2024-41143.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41143", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-07-29T09:15:02.640", - "lastModified": "2024-07-29T09:15:02.640", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Origin validation error vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. If this vulnerability is exploited, an arbitrary process may be executed with SYSTEM privilege by a user who can log in to the PC where the product's Windows client is installed." + }, + { + "lang": "es", + "value": " Existe una vulnerabilidad de error de validaci\u00f3n de origen en SKYSEA Client View Ver.3.013.00 a Ver.19.210.04e. Si se explota esta vulnerabilidad, un usuario que pueda iniciar sesi\u00f3n en el PC donde est\u00e1 instalado el cliente Windows del producto puede ejecutar un proceso arbitrario con privilegios de SYSTEM." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-413xx/CVE-2024-41353.json b/CVE-2024/CVE-2024-413xx/CVE-2024-41353.json index defbc616f6a..d135cf01acd 100644 --- a/CVE-2024/CVE-2024-413xx/CVE-2024-41353.json +++ b/CVE-2024/CVE-2024-413xx/CVE-2024-41353.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41353", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-26T17:15:12.457", - "lastModified": "2024-07-26T17:15:12.457", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\\admin\\groups\\edit-group.php" + }, + { + "lang": "es", + "value": " phpipam 1.6 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de app\\admin\\groups\\edit-group.php" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-413xx/CVE-2024-41354.json b/CVE-2024/CVE-2024-413xx/CVE-2024-41354.json index 4913e788f68..f03fa4ea4be 100644 --- a/CVE-2024/CVE-2024-413xx/CVE-2024-41354.json +++ b/CVE-2024/CVE-2024-413xx/CVE-2024-41354.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41354", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-26T17:15:12.513", - "lastModified": "2024-07-26T17:15:12.513", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/widgets/edit.php" + }, + { + "lang": "es", + "value": "phpipam 1.6 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de /app/admin/widgets/edit.php" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-413xx/CVE-2024-41355.json b/CVE-2024/CVE-2024-413xx/CVE-2024-41355.json index f723f30e049..b35b8abde26 100644 --- a/CVE-2024/CVE-2024-413xx/CVE-2024-41355.json +++ b/CVE-2024/CVE-2024-413xx/CVE-2024-41355.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41355", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-26T16:15:03.277", - "lastModified": "2024-07-26T16:15:03.277", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools/request-ip/index.php." + }, + { + "lang": "es", + "value": " phpipam 1.6 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de /app/tools/request-ip/index.php." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-413xx/CVE-2024-41356.json b/CVE-2024/CVE-2024-413xx/CVE-2024-41356.json index 6307e278a9d..61fce190efe 100644 --- a/CVE-2024/CVE-2024-413xx/CVE-2024-41356.json +++ b/CVE-2024/CVE-2024-413xx/CVE-2024-41356.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41356", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-26T16:15:03.357", - "lastModified": "2024-07-26T16:15:03.357", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\\admin\\firewall-zones\\zones-edit-network.php." + }, + { + "lang": "es", + "value": " phpipam 1.6 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de app\\admin\\firewall-zones\\zones-edit-network.php." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-413xx/CVE-2024-41357.json b/CVE-2024/CVE-2024-413xx/CVE-2024-41357.json index b25e10aebed..bccd9d19a63 100644 --- a/CVE-2024/CVE-2024-413xx/CVE-2024-41357.json +++ b/CVE-2024/CVE-2024-413xx/CVE-2024-41357.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41357", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-26T16:15:03.427", - "lastModified": "2024-07-26T16:15:03.427", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php." + }, + { + "lang": "es", + "value": " phpipam 1.6 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de /app/admin/powerDNS/record-edit.php." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-413xx/CVE-2024-41373.json b/CVE-2024/CVE-2024-413xx/CVE-2024-41373.json index 80e316b8f51..f07dab713e5 100644 --- a/CVE-2024/CVE-2024-413xx/CVE-2024-41373.json +++ b/CVE-2024/CVE-2024-413xx/CVE-2024-41373.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41373", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-26T17:15:12.573", - "lastModified": "2024-07-26T17:15:12.573", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-versions-preview-loader.php." + }, + { + "lang": "es", + "value": " ICEcoder 8.1 contiene una vulnerabilidad Path Traversal a trav\u00e9s de lib/backup-versions-preview-loader.php." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-413xx/CVE-2024-41374.json b/CVE-2024/CVE-2024-413xx/CVE-2024-41374.json index aa0cedd3819..b6164e6a268 100644 --- a/CVE-2024/CVE-2024-413xx/CVE-2024-41374.json +++ b/CVE-2024/CVE-2024-413xx/CVE-2024-41374.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41374", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-26T17:15:12.630", - "lastModified": "2024-07-26T17:15:12.630", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/settings-screen.php" + }, + { + "lang": "es", + "value": " ICEcoder 8.1 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de lib/settings-screen.php" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-413xx/CVE-2024-41375.json b/CVE-2024/CVE-2024-413xx/CVE-2024-41375.json index 7383e2c8a64..e362fed2b8f 100644 --- a/CVE-2024/CVE-2024-413xx/CVE-2024-41375.json +++ b/CVE-2024/CVE-2024-413xx/CVE-2024-41375.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41375", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-26T17:15:12.690", - "lastModified": "2024-07-26T17:15:12.690", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/terminal-xhr.php" + }, + { + "lang": "es", + "value": " ICEcoder 8.1 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de lib/terminal-xhr.php" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-416xx/CVE-2024-41628.json b/CVE-2024/CVE-2024-416xx/CVE-2024-41628.json index ac9fc7f71dd..b4ae3d65038 100644 --- a/CVE-2024/CVE-2024-416xx/CVE-2024-41628.json +++ b/CVE-2024/CVE-2024-416xx/CVE-2024-41628.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41628", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-26T21:15:14.303", - "lastModified": "2024-07-26T21:15:14.303", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Directory Traversal en Manynines Cluster Control 1.9.8 anterior a 1.9.8-9778, 2.0.0 anterior a 2.0.0-9779 y 2.1.0 anterior a 2.1.0-9780 permite a un atacante remoto incluir y mostrar contenido de archivo en una solicitud HTTP a trav\u00e9s de la API CMON." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-416xx/CVE-2024-41637.json b/CVE-2024/CVE-2024-416xx/CVE-2024-41637.json index 25cce3b0bfa..1914cc30d86 100644 --- a/CVE-2024/CVE-2024-416xx/CVE-2024-41637.json +++ b/CVE-2024/CVE-2024-416xx/CVE-2024-41637.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41637", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-29T06:15:02.267", - "lastModified": "2024-07-29T06:15:02.267", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands without a password." + }, + { + "lang": "es", + "value": " RaspAP anterior a 3.1.5 permite a un atacante escalar privilegios: el usuario www-data tiene acceso de escritura al archivo restapi.service y tambi\u00e9n posee privilegios Sudo para ejecutar varios comandos cr\u00edticos sin contrase\u00f1a." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-416xx/CVE-2024-41670.json b/CVE-2024/CVE-2024-416xx/CVE-2024-41670.json index 8b3c226af16..e10e35eae65 100644 --- a/CVE-2024/CVE-2024-416xx/CVE-2024-41670.json +++ b/CVE-2024/CVE-2024-416xx/CVE-2024-41670.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41670", "sourceIdentifier": "security-advisories@github.com", "published": "2024-07-26T15:15:11.053", - "lastModified": "2024-07-26T15:15:11.053", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the module \"PayPal Official\" for PrestaShop 7+ releases prior to version 6.4.2 and for PrestaShop 1.6 releases prior to version 3.18.1, a malicious customer can confirm an order even if payment is finally declined by PayPal. A logical weakness during the capture of a payment in case of disabled webhooks can be exploited to create an accepted order. This could allow a threat actor to confirm an order with a fraudulent payment support. Versions 6.4.2 and 3.18.1 contain a patch for the issue. Additionally, users enable webhooks and check they are callable." + }, + { + "lang": "es", + "value": " En el m\u00f3dulo \"PayPal Official\" para las versiones PrestaShop 7+ anteriores a la versi\u00f3n 6.4.2 y para las versiones PrestaShop 1.6 anteriores a la versi\u00f3n 3.18.1, un cliente malintencionado puede confirmar un pedido incluso si PayPal finalmente rechaza el pago. Una debilidad l\u00f3gica durante la captura de un pago en caso de webhooks deshabilitados se puede aprovechar para crear un pedido aceptado. Esto podr\u00eda permitir que un actor de amenazas confirme un pedido con un soporte de pago fraudulento. Las versiones 6.4.2 y 3.18.1 contienen un parche para el problema. Adem\u00e1s, los usuarios habilitan webhooks y verifican que se puedan llamar." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-416xx/CVE-2024-41671.json b/CVE-2024/CVE-2024-416xx/CVE-2024-41671.json new file mode 100644 index 00000000000..ae895ad60c8 --- /dev/null +++ b/CVE-2024/CVE-2024-416xx/CVE-2024-41671.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-41671", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-07-29T15:15:15.760", + "lastModified": "2024-07-29T15:15:15.760", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-444" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/twisted/twisted/security/advisories/GHSA-c8m8-j448-xjx7", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-416xx/CVE-2024-41676.json b/CVE-2024/CVE-2024-416xx/CVE-2024-41676.json new file mode 100644 index 00000000000..8d71994cb1b --- /dev/null +++ b/CVE-2024/CVE-2024-416xx/CVE-2024-41676.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-41676", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-07-29T15:15:16.040", + "lastModified": "2024-07-29T15:15:16.040", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Magento-lts is a long-term support alternative to Magento Community Edition (CE). This XSS vulnerability affects the design/header/welcome, design/header/logo_src, design/header/logo_src_small, and design/header/logo_alt system configs.They are intended to enable admins to set a text in the two cases, and to define an image url for the other two cases.\nBut because of previously missing escaping allowed to input arbitrary html and as a consequence also arbitrary JavaScript. The problem is patched with Version 20.10.1 or higher." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/OpenMage/magento-lts/commit/484cf8afc550e98bbf2c03fbb29a8450a32e7948", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5vrp-638w-p8m2", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-416xx/CVE-2024-41692.json b/CVE-2024/CVE-2024-416xx/CVE-2024-41692.json index bc9beb1f784..9b961061e54 100644 --- a/CVE-2024/CVE-2024-416xx/CVE-2024-41692.json +++ b/CVE-2024/CVE-2024-416xx/CVE-2024-41692.json @@ -2,8 +2,8 @@ "id": "CVE-2024-41692", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-07-26T13:15:09.947", - "lastModified": "2024-07-26T13:15:09.947", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-417xx/CVE-2024-41726.json b/CVE-2024/CVE-2024-417xx/CVE-2024-41726.json index 7952bb5042a..e808930d830 100644 --- a/CVE-2024/CVE-2024-417xx/CVE-2024-41726.json +++ b/CVE-2024/CVE-2024-417xx/CVE-2024-41726.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41726", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-07-29T09:15:02.703", - "lastModified": "2024-07-29T09:15:02.703", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Path traversal vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. If this vulnerability is exploited, an arbitrary executable file may be executed by a user who can log in to the PC where the product's Windows client is installed." + }, + { + "lang": "es", + "value": " Existe una vulnerabilidad de Path traversal en SKYSEA Client View Ver.3.013.00 a Ver.19.210.04e. Si se explota esta vulnerabilidad, un usuario que pueda iniciar sesi\u00f3n en el PC donde est\u00e1 instalado el cliente Windows del producto puede ejecutar un archivo ejecutable arbitrario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-417xx/CVE-2024-41799.json b/CVE-2024/CVE-2024-417xx/CVE-2024-41799.json new file mode 100644 index 00000000000..7c3169bc31b --- /dev/null +++ b/CVE-2024/CVE-2024-417xx/CVE-2024-41799.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-41799", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-07-29T15:15:16.267", + "lastModified": "2024-07-29T15:15:16.267", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "tgstation-server is a production scale tool for BYOND server management. Prior to 6.8.0, low permission users using the \"Set .dme Path\" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via tgstation-server (requiring a separate, isolated privilege) or some other means. A server configured to execute in BYOND's trusted security level (requiring a third separate, isolated privilege OR being set by another user) could lead to this escalating into remote code execution via BYOND's shell() proc. The ability to execute this kind of attack is a known side effect of having privileged TGS users, but normally requires multiple privileges with known weaknesses. This vector is not intentional as it does not require control over the where deployment code is sourced from and _may_ not require remote write access to an instance's `Configuration` directory. This problem is fixed in versions 6.8.0 and above." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/tgstation/tgstation-server/commit/374852fe5ae306415eb5aafb2d16b06897d7afe4", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/tgstation/tgstation-server/pull/1835", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-c3h4-9gc2-f7h4", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-418xx/CVE-2024-41805.json b/CVE-2024/CVE-2024-418xx/CVE-2024-41805.json index ab87cb29616..fc6e7dbeed0 100644 --- a/CVE-2024/CVE-2024-418xx/CVE-2024-41805.json +++ b/CVE-2024/CVE-2024-418xx/CVE-2024-41805.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41805", "sourceIdentifier": "security-advisories@github.com", "published": "2024-07-26T15:15:11.327", - "lastModified": "2024-07-26T15:15:11.327", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Tracks, a Getting Things Done (GTD) web application, is vulnerable to reflected cross-site scripting in versions prior to 2.7.1. Reflected cross-site scripting enables execution of malicious JavaScript in the context of a user\u2019s browser if that user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. Tracks version 2.7.1 is patched. No known complete workarounds are available." + }, + { + "lang": "es", + "value": "Tracks, una aplicaci\u00f3n web Getting Things Done (GTD), es vulnerable a Cross Site Scripting reflejado en versiones anteriores a la 2.7.1. El Cross Site Scripting reflejado permite la ejecuci\u00f3n de JavaScript malicioso en el contexto del navegador de un usuario si ese usuario hace clic en un enlace malicioso, lo que permite ataques de phishing que podr\u00edan conducir al robo de credenciales. La versi\u00f3n 2.7.1 de Tracks est\u00e1 parcheada. No se conocen soluciones completas disponibles." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-418xx/CVE-2024-41812.json b/CVE-2024/CVE-2024-418xx/CVE-2024-41812.json index 0a183a8bbf8..5dd92a55f07 100644 --- a/CVE-2024/CVE-2024-418xx/CVE-2024-41812.json +++ b/CVE-2024/CVE-2024-418xx/CVE-2024-41812.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41812", "sourceIdentifier": "security-advisories@github.com", "published": "2024-07-26T17:15:12.783", - "lastModified": "2024-07-26T17:15:12.783", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Prior to version 1.7.0, a Server-Side Request Forgery (SSRF) vulnerability in the `/get` route of txtdot allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network. Version 1.7.0 prevents displaying the response of forged requests, but the requests can still be sent. For complete mitigation, a firewall between txtdot and other internal network resources should be set." + }, + { + "lang": "es", + "value": "txtdot es un proxy HTTP que analiza s\u00f3lo texto, enlaces e im\u00e1genes de las p\u00e1ginas, eliminando anuncios y scripts pesados. Antes de la versi\u00f3n 1.7.0, una vulnerabilidad de Server-Side Request Forgery (SSRF) en la ruta `/get` de txtdot permit\u00eda a atacantes remotos usar el servidor como proxy para enviar solicitudes HTTP GET a objetivos arbitrarios y recuperar informaci\u00f3n en el servidor interno. red. La versi\u00f3n 1.7.0 impide mostrar la respuesta de solicitudes falsificadas, pero las solicitudes a\u00fan se pueden enviar. Para una mitigaci\u00f3n completa, se debe configurar un firewall entre txtdot y otros recursos de la red interna." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-418xx/CVE-2024-41813.json b/CVE-2024/CVE-2024-418xx/CVE-2024-41813.json index fdf2e2f1934..609658f7b49 100644 --- a/CVE-2024/CVE-2024-418xx/CVE-2024-41813.json +++ b/CVE-2024/CVE-2024-418xx/CVE-2024-41813.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41813", "sourceIdentifier": "security-advisories@github.com", "published": "2024-07-26T17:15:12.990", - "lastModified": "2024-07-26T17:15:12.990", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Starting in version 1.4.0 and prior to version 1.6.1, a Server-Side Request Forgery (SSRF) vulnerability in the `/proxy` route of txtdot allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network. Version 1.6.1 patches the issue." + }, + { + "lang": "es", + "value": "txtdot es un proxy HTTP que analiza s\u00f3lo texto, enlaces e im\u00e1genes de las p\u00e1ginas, eliminando anuncios y scripts pesados. A partir de la versi\u00f3n 1.4.0 y antes de la versi\u00f3n 1.6.1, una vulnerabilidad de Server-Side Request Forgery (SSRF) en la ruta `/proxy` de txtdot permite a atacantes remotos usar el servidor como proxy para enviar solicitudes HTTP GET a usuarios arbitrarios. objetivos y recuperar informaci\u00f3n en la red interna. La versi\u00f3n 1.6.1 soluciona el problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-418xx/CVE-2024-41815.json b/CVE-2024/CVE-2024-418xx/CVE-2024-41815.json index 6775eb48090..df9ddf5f070 100644 --- a/CVE-2024/CVE-2024-418xx/CVE-2024-41815.json +++ b/CVE-2024/CVE-2024-418xx/CVE-2024-41815.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41815", "sourceIdentifier": "security-advisories@github.com", "published": "2024-07-26T21:15:14.370", - "lastModified": "2024-07-26T21:15:14.370", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with custom commands, so the scope is limited, and without knowledge of others' commands, it could be hard to successfully target someone. Version 1.20.0 fixes the vulnerability." + }, + { + "lang": "es", + "value": " Starship es un aviso entre capas. A partir de la versi\u00f3n 1.0.0 y antes de la versi\u00f3n 1.20.0, las reglas de citaci\u00f3n y/o expansi\u00f3n de shell impredecibles y no documentadas hacen que sea f\u00e1cil provocar accidentalmente una inyecci\u00f3n de shell cuando se usan comandos personalizados con starship en bash. Este problema solo afecta a los usuarios con comandos personalizados, por lo que el alcance es limitado y, sin el conocimiento de los comandos de otros, podr\u00eda ser dif\u00edcil apuntar a alguien con \u00e9xito. La versi\u00f3n 1.20.0 corrige la vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-418xx/CVE-2024-41881.json b/CVE-2024/CVE-2024-418xx/CVE-2024-41881.json index 5e9aae013a4..d19c8456e8d 100644 --- a/CVE-2024/CVE-2024-418xx/CVE-2024-41881.json +++ b/CVE-2024/CVE-2024-418xx/CVE-2024-41881.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41881", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-07-29T09:15:02.773", - "lastModified": "2024-07-29T09:15:02.773", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SDoP versions prior to 1.11 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted XML file, arbitrary code may be executed on the user's environment." + }, + { + "lang": "es", + "value": "Las versiones SDoP anteriores a la 1.11 no manejan adecuadamente algunos par\u00e1metros dentro de los datos de entrada, lo que genera una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. Cuando se enga\u00f1a a un usuario del producto afectado para que procese un archivo XML especialmente manipulado, se puede ejecutar c\u00f3digo arbitrario en el entorno del usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42007.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42007.json index 46562e527b1..d5ee74a1a0f 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42007.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42007.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42007", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-26T19:15:10.917", - "lastModified": "2024-07-26T19:15:10.917", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal to read arbitrary files." + }, + { + "lang": "es", + "value": " SPX (tambi\u00e9n conocido como php-spx) hasta 0.4.15 permite que SPX_UI_URI Directory Traversal lea archivos arbitrarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42029.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42029.json index 958d01b7a8e..06b2915f0bb 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42029.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42029.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42029", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-27T04:15:02.760", - "lastModified": "2024-07-27T04:15:02.760", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "xdg-desktop-portal-hyprland (aka an XDG Desktop Portal backend for Hyprland) before 1.3.3 allows OS command execution, e.g., because single quotes are not used when sending a list of app IDs and titles via the environment." + }, + { + "lang": "es", + "value": "xdg-desktop-portal-hyprland (tambi\u00e9n conocido como backend de XDG Desktop Portal para Hyprland) anterior a 1.3.3 permite la ejecuci\u00f3n de comandos del sistema operativo, por ejemplo, porque no se utilizan comillas simples al enviar una lista de ID y t\u00edtulos de aplicaciones a trav\u00e9s del entorno." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42049.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42049.json index 9d8d95c46f0..ceb44ade821 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42049.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42049.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42049", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-28T02:15:09.823", - "lastModified": "2024-07-28T02:15:09.823", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TightVNC (Server for Windows) before 2.8.84 allows attackers to connect to the control pipe via a network connection." + }, + { + "lang": "es", + "value": " TightVNC (Servidor para Windows) anterior a 2.8.84 permite a los atacantes conectarse a la tuber\u00eda de control a trav\u00e9s de una conexi\u00f3n de red." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42050.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42050.json index 185ad2d63dd..a0a294b2dad 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42050.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42050.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42050", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-28T03:15:01.767", - "lastModified": "2024-07-28T03:15:01.767", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The MSI installer for Splashtop Streamer for Windows before 3.7.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM via an oplock on CredProvider_Inst.reg." + }, + { + "lang": "es", + "value": " El instalador MSI para Splashtop Streamer para Windows anterior a 3.7.0.0 utiliza una carpeta temporal con permisos d\u00e9biles durante la instalaci\u00f3n. Un usuario local puede aprovechar esto para escalar privilegios a SYSTEM mediante un bloqueo en CredProvider_Inst.reg." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42051.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42051.json index d8ee5c3df44..dd3cba0c07d 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42051.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42051.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42051", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-28T03:15:02.033", - "lastModified": "2024-07-28T03:15:02.033", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The MSI installer for Splashtop Streamer for Windows before 3.6.2.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by replacing InstRegExp.reg." + }, + { + "lang": "es", + "value": " El instalador MSI para Splashtop Streamer para Windows anterior a 3.6.2.0 utiliza una carpeta temporal con permisos d\u00e9biles durante la instalaci\u00f3n. Un usuario local puede aprovechar esto para escalar privilegios a SYSTEM reemplazando InstRegExp.reg." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42052.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42052.json index 7179474add8..459bbba0755 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42052.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42052.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42052", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-28T03:15:02.223", - "lastModified": "2024-07-28T03:15:02.223", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The MSI installer for Splashtop Streamer for Windows before 3.5.8.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by placing a wevtutil.exe file in the folder." + }, + { + "lang": "es", + "value": "El instalador MSI para Splashtop Streamer para Windows anterior a 3.5.8.0 utiliza una carpeta temporal con permisos d\u00e9biles durante la instalaci\u00f3n. Un usuario local puede aprovechar esto para escalar privilegios a SYSTEM colocando un archivo wevtutil.exe en la carpeta." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42053.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42053.json index 7d113443fe7..418badad49b 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42053.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42053.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42053", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-28T03:15:02.400", - "lastModified": "2024-07-28T03:15:02.400", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The MSI installer for Splashtop Streamer for Windows before 3.6.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by placing a version.dll file in the folder." + }, + { + "lang": "es", + "value": " El instalador MSI para Splashtop Streamer para Windows anterior a 3.6.0.0 utiliza una carpeta temporal con permisos d\u00e9biles durante la instalaci\u00f3n. Un usuario local puede aprovechar esto para escalar privilegios a SYSTEM colocando un archivo version.dll en la carpeta." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42054.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42054.json index efbcf748316..a7388754d8e 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42054.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42054.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42054", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-28T04:15:01.893", - "lastModified": "2024-07-28T04:15:01.893", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cervantes through 0.5-alpha accepts insecure file uploads." + }, + { + "lang": "es", + "value": " Cervantes hasta 0.5-alpha acepta cargas de archivos no seguras." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42055.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42055.json index ac769e2e692..9d42c786315 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42055.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42055.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42055", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-28T04:15:01.980", - "lastModified": "2024-07-28T04:15:01.980", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cervantes through 0.5-alpha allows stored XSS." + }, + { + "lang": "es", + "value": " Cervantes a trav\u00e9s de 0.5-alpha permite XSS almacenado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-44xx/CVE-2024-4410.json b/CVE-2024/CVE-2024-44xx/CVE-2024-4410.json index 392451a284e..6eedd215697 100644 --- a/CVE-2024/CVE-2024-44xx/CVE-2024-4410.json +++ b/CVE-2024/CVE-2024-44xx/CVE-2024-4410.json @@ -2,13 +2,17 @@ "id": "CVE-2024-4410", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T02:15:10.263", - "lastModified": "2024-07-27T02:15:10.263", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The IgnitionDeck Crowdfunding Platform plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.9.8. This is due to missing capability checks on various functions called via AJAX actions in the ~/classes/class-idf-wizard.php file. This makes it possible for authenticated attackers, with subscriber access or higher, to execute various AJAX actions. This includes actions to change the permalink structure, plugin settings and others." + }, + { + "lang": "es", + "value": "El complemento IgnitionDeck Crowdfunding Platform para WordPress es vulnerable a la falta de autorizaci\u00f3n en versiones hasta la 1.9.8 incluida. Esto se debe a que faltan comprobaciones de capacidad en varias funciones llamadas mediante acciones AJAX en el archivo ~/classes/class-idf-wizard.php. Esto hace posible que atacantes autenticados, con acceso de suscriptor o superior, ejecuten varias acciones AJAX. Esto incluye acciones para cambiar la estructura del enlace permanente, la configuraci\u00f3n del complemento y otros." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-44xx/CVE-2024-4483.json b/CVE-2024/CVE-2024-44xx/CVE-2024-4483.json index 7715ccf9aa1..4bf60f599a5 100644 --- a/CVE-2024/CVE-2024-44xx/CVE-2024-4483.json +++ b/CVE-2024/CVE-2024-44xx/CVE-2024-4483.json @@ -2,13 +2,17 @@ "id": "CVE-2024-4483", "sourceIdentifier": "contact@wpscan.com", "published": "2024-07-29T06:15:02.357", - "lastModified": "2024-07-29T06:15:02.357", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Email Encoder WordPress plugin before 2.2.2 does not escape the WP_Email_Encoder_Bundle_options[protection_text] parameter before outputting it back in an attribute in an admin page, leading to a Stored Cross-Site Scripting" + }, + { + "lang": "es", + "value": " El complemento de WordPress Email Encoder anterior a 2.2.2 no escapa el par\u00e1metro WP_Email_Encoder_Bundle_options[protection_text] antes de devolverlo a un atributo en una p\u00e1gina de administraci\u00f3n, lo que genera Cross Site Scripting almacenado" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-47xx/CVE-2024-4786.json b/CVE-2024/CVE-2024-47xx/CVE-2024-4786.json index e51fd8b24e4..89263338a80 100644 --- a/CVE-2024/CVE-2024-47xx/CVE-2024-4786.json +++ b/CVE-2024/CVE-2024-47xx/CVE-2024-4786.json @@ -2,13 +2,17 @@ "id": "CVE-2024-4786", "sourceIdentifier": "psirt@lenovo.com", "published": "2024-07-26T20:15:05.807", - "lastModified": "2024-07-26T20:15:05.807", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An improper validation vulnerability was reported in the Lenovo Tab K10 that could allow a specially crafted application to keep the device on." + }, + { + "lang": "es", + "value": " Se inform\u00f3 una vulnerabilidad de validaci\u00f3n incorrecta en Lenovo Tab K10 que podr\u00eda permitir que una aplicaci\u00f3n especialmente manipulada mantenga el dispositivo encendido." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5285.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5285.json index e71fb5faad9..b66b10da72d 100644 --- a/CVE-2024/CVE-2024-52xx/CVE-2024-5285.json +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5285.json @@ -2,13 +2,17 @@ "id": "CVE-2024-5285", "sourceIdentifier": "contact@wpscan.com", "published": "2024-07-29T06:15:02.463", - "lastModified": "2024-07-29T06:15:02.463", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF attack" + }, + { + "lang": "es", + "value": " El complemento de WordPress wp-affiliate-platform anterior a 6.5.2 no tiene activada la verificaci\u00f3n CSRF al eliminar afiliados, lo que podr\u00eda permitir a los atacantes realizar un cambio de usuario registrado y eliminarlos mediante un ataque CSRF." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-56xx/CVE-2024-5614.json b/CVE-2024/CVE-2024-56xx/CVE-2024-5614.json index bb6edbbb388..92d6ad20767 100644 --- a/CVE-2024/CVE-2024-56xx/CVE-2024-5614.json +++ b/CVE-2024/CVE-2024-56xx/CVE-2024-5614.json @@ -2,13 +2,17 @@ "id": "CVE-2024-5614", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T12:15:09.663", - "lastModified": "2024-07-27T12:15:09.663", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.29 via the 'pafe_posts_list' function. This makes it possible for unauthenticated attackers to extract sensitive data including titles and excerpts of future, draft, and pending blog posts." + }, + { + "lang": "es", + "value": "El complemento Piotnet Addons For Elementor para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 2.4.29 incluida a trav\u00e9s de la funci\u00f3n 'pafe_posts_list'. Esto hace posible que atacantes no autenticados extraigan datos confidenciales, incluidos t\u00edtulos y extractos de publicaciones de blog futuras, borradores y pendientes." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-56xx/CVE-2024-5670.json b/CVE-2024/CVE-2024-56xx/CVE-2024-5670.json index 176ed01f741..f00c9ed445a 100644 --- a/CVE-2024/CVE-2024-56xx/CVE-2024-5670.json +++ b/CVE-2024/CVE-2024-56xx/CVE-2024-5670.json @@ -2,13 +2,17 @@ "id": "CVE-2024-5670", "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-07-29T03:15:02.167", - "lastModified": "2024-07-29T03:15:02.167", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the remote server." + }, + { + "lang": "es", + "value": " Los servicios web de los productos de Softnext, Mail SQR Expert y Mail Archiving Expert no validan adecuadamente la entrada del usuario, permitiendo a atacantes remotos no autenticados inyectar comandos arbitrarios del sistema operativo y ejecutarlos en el servidor remoto." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-58xx/CVE-2024-5882.json b/CVE-2024/CVE-2024-58xx/CVE-2024-5882.json index 3ad6ab4fc14..7fa1897799b 100644 --- a/CVE-2024/CVE-2024-58xx/CVE-2024-5882.json +++ b/CVE-2024/CVE-2024-58xx/CVE-2024-5882.json @@ -2,13 +2,17 @@ "id": "CVE-2024-5882", "sourceIdentifier": "contact@wpscan.com", "published": "2024-07-29T06:15:02.547", - "lastModified": "2024-07-29T06:15:02.547", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Ultimate Classified Listings WordPress plugin before 1.3 does not validate the `ucl_page` and `layout` parameters allowing unauthenticated users to access PHP files on the server from the listings page" + }, + { + "lang": "es", + "value": " El complemento de WordPress Ultimate Classified Listings anterior a 1.3 no valida los par\u00e1metros `ucl_page` y `layout`, lo que permite a usuarios no autenticados acceder a archivos PHP en el servidor desde la p\u00e1gina de listados." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-58xx/CVE-2024-5883.json b/CVE-2024/CVE-2024-58xx/CVE-2024-5883.json index 169d8c79c11..c3b11fc0a6a 100644 --- a/CVE-2024/CVE-2024-58xx/CVE-2024-5883.json +++ b/CVE-2024/CVE-2024-58xx/CVE-2024-5883.json @@ -2,13 +2,17 @@ "id": "CVE-2024-5883", "sourceIdentifier": "contact@wpscan.com", "published": "2024-07-29T06:15:02.627", - "lastModified": "2024-07-29T06:15:02.627", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Ultimate Classified Listings WordPress plugin before 1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" + }, + { + "lang": "es", + "value": " El complemento de WordPress Ultimate Classified Listings anterior a 1.3 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera Cross Site Scripting reflejado que podr\u00eda usarse contra usuarios con altos privilegios, como el administrador." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-59xx/CVE-2024-5969.json b/CVE-2024/CVE-2024-59xx/CVE-2024-5969.json index 64379aea7a3..1a07710a59c 100644 --- a/CVE-2024/CVE-2024-59xx/CVE-2024-5969.json +++ b/CVE-2024/CVE-2024-59xx/CVE-2024-5969.json @@ -2,13 +2,17 @@ "id": "CVE-2024-5969", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T08:15:01.870", - "lastModified": "2024-07-27T08:15:01.870", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomatic_send_email' function which are reachable via AJAX. This makes it possible for unauthenticated attackers to send emails with any content to any recipient." + }, + { + "lang": "es", + "value": "The AIomatic - Automatic AI Content Writer para WordPress es afectado por una vulnerabilidad de env\u00edo de correo electr\u00f3nico arbitrario en versiones hasta la 2.0.5 incluida. Esto se debe a limitaciones insuficientes en el destinatario del correo electr\u00f3nico y el contenido de la funci\u00f3n 'aiomatic_send_email' a la que se puede acceder a trav\u00e9s de AJAX. Esto hace posible que atacantes no autenticados env\u00eden correos electr\u00f3nicos con cualquier contenido a cualquier destinatario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-61xx/CVE-2024-6124.json b/CVE-2024/CVE-2024-61xx/CVE-2024-6124.json index b01d415b68a..ff7642c2033 100644 --- a/CVE-2024/CVE-2024-61xx/CVE-2024-6124.json +++ b/CVE-2024/CVE-2024-61xx/CVE-2024-6124.json @@ -2,8 +2,8 @@ "id": "CVE-2024-6124", "sourceIdentifier": "security@m-files.com", "published": "2024-07-29T13:15:10.810", - "lastModified": "2024-07-29T13:15:10.810", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-61xx/CVE-2024-6152.json b/CVE-2024/CVE-2024-61xx/CVE-2024-6152.json index 13af6a88559..c43224e0acd 100644 --- a/CVE-2024/CVE-2024-61xx/CVE-2024-6152.json +++ b/CVE-2024/CVE-2024-61xx/CVE-2024-6152.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6152", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T02:15:10.473", - "lastModified": "2024-07-27T02:15:10.473", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Flipbox Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5 via deserialization of untrusted input in the flipbox_builder_Flipbox_ShortCode function. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code." + }, + { + "lang": "es", + "value": "El complemento Flipbox Builder para WordPress es vulnerable a la inyecci\u00f3n de objetos PHP en todas las versiones hasta la 1.5 incluida a trav\u00e9s de la deserializaci\u00f3n de entradas que no son de confianza en la funci\u00f3n flipbox_builder_Flipbox_ShortCode. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten un objeto PHP. No hay ninguna cadena POP conocida presente en el software vulnerable. Si hay una cadena POP presente a trav\u00e9s de un complemento o tema adicional instalado en el sistema de destino, podr\u00eda permitir al atacante eliminar archivos arbitrarios, recuperar datos confidenciales o ejecutar c\u00f3digo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-63xx/CVE-2024-6362.json b/CVE-2024/CVE-2024-63xx/CVE-2024-6362.json index 1dc6f2bb0df..90de213c3dd 100644 --- a/CVE-2024/CVE-2024-63xx/CVE-2024-6362.json +++ b/CVE-2024/CVE-2024-63xx/CVE-2024-6362.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6362", "sourceIdentifier": "contact@wpscan.com", "published": "2024-07-29T06:15:02.700", - "lastModified": "2024-07-29T06:15:02.700", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Ultimate Blocks WordPress plugin before 3.2.0 does not validate and escape some of its post-grid block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks" + }, + { + "lang": "es", + "value": " El complemento de WordPress Ultimate Blocks anterior a 3.2.0 no valida ni escapa algunos de sus atributos de bloque posteriores a la cuadr\u00edcula antes de devolverlos a una p\u00e1gina/publicaci\u00f3n donde est\u00e1 incrustado el bloque, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superior realizar ataques de Cross Site Scripting almacenado" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-63xx/CVE-2024-6366.json b/CVE-2024/CVE-2024-63xx/CVE-2024-6366.json index 51fddba6c2e..d41db68df10 100644 --- a/CVE-2024/CVE-2024-63xx/CVE-2024-6366.json +++ b/CVE-2024/CVE-2024-63xx/CVE-2024-6366.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6366", "sourceIdentifier": "contact@wpscan.com", "published": "2024-07-29T06:15:02.790", - "lastModified": "2024-07-29T06:15:02.790", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP." + }, + { + "lang": "es", + "value": "El complemento de WordPress User Profile Builder anterior a 3.11.8 no tiene la autorizaci\u00f3n adecuada, lo que permite a usuarios no autenticados cargar archivos multimedia a trav\u00e9s de la funcionalidad de carga as\u00edncrona de WP." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-64xx/CVE-2024-6431.json b/CVE-2024/CVE-2024-64xx/CVE-2024-6431.json index d365f847351..0dd113d2280 100644 --- a/CVE-2024/CVE-2024-64xx/CVE-2024-6431.json +++ b/CVE-2024/CVE-2024-64xx/CVE-2024-6431.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6431", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T02:15:10.677", - "lastModified": "2024-07-27T02:15:10.677", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Media.net Ads Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and missing capability check in the 'sendMail' function in all versions up to, and including, 2.10.13. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability is only exploitable if anyone has ever logged in through the API." + }, + { + "lang": "es", + "value": "El complemento Media.net Ads Manager para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validaci\u00f3n del tipo de archivo y de verificaci\u00f3n de capacidad en la funci\u00f3n 'sendMail' en todas las versiones hasta la 2.10.13 incluida. Esto hace posible que atacantes autenticados, con permisos de nivel de suscriptor y superiores, carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo. La vulnerabilidad solo es explotable si alguien alguna vez ha iniciado sesi\u00f3n a trav\u00e9s de la API." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-64xx/CVE-2024-6458.json b/CVE-2024/CVE-2024-64xx/CVE-2024-6458.json index 76f39eb830c..7f4644ebb42 100644 --- a/CVE-2024/CVE-2024-64xx/CVE-2024-6458.json +++ b/CVE-2024/CVE-2024-64xx/CVE-2024-6458.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6458", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T09:15:02.123", - "lastModified": "2024-07-27T09:15:02.123", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WooCommerce Product Table Lite plugin for WordPress is vulnerable to unauthorized post title modification due to a missing capability check on the wcpt_presets__duplicate_preset_to_table function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers with subscriber access and above to change titles of arbitrary posts. Missing sanitization can lead to Stored Cross-Site Scripting when viewed by an admin via the WooCommerce Product Table." + }, + { + "lang": "es", + "value": "El complemento WooCommerce Product Table Lite para WordPress es vulnerable a modificaciones no autorizadas del t\u00edtulo de la publicaci\u00f3n debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n wcpt_presets__duplicate_preset_to_table en todas las versiones hasta la 3.5.1 incluida. Esto hace posible que atacantes autenticados con acceso de suscriptor y superior cambien t\u00edtulos de publicaciones arbitrarias. La falta de sanitizaci\u00f3n puede provocar Cross Site Scripting almacenado cuando un administrador los ve a trav\u00e9s de la tabla de productos de WooCommerce." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-64xx/CVE-2024-6487.json b/CVE-2024/CVE-2024-64xx/CVE-2024-6487.json index b8324d75359..9c0bd2218a4 100644 --- a/CVE-2024/CVE-2024-64xx/CVE-2024-6487.json +++ b/CVE-2024/CVE-2024-64xx/CVE-2024-6487.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6487", "sourceIdentifier": "contact@wpscan.com", "published": "2024-07-29T06:15:02.873", - "lastModified": "2024-07-29T06:15:02.873", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + }, + { + "lang": "es", + "value": " El complemento de WordPress Inline Related Posts anterior a 3.8.0 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross Site Scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en la configuraci\u00f3n de m\u00faltiples sitios)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-65xx/CVE-2024-6518.json b/CVE-2024/CVE-2024-65xx/CVE-2024-6518.json index 39a4bd9f447..50312a82122 100644 --- a/CVE-2024/CVE-2024-65xx/CVE-2024-6518.json +++ b/CVE-2024/CVE-2024-65xx/CVE-2024-6518.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6518", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T12:15:10.780", - "lastModified": "2024-07-27T12:15:10.780", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": " El complemento Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder para WordPress es vulnerable a Cross Site Scripting almacenado en todas las versiones hasta la 5.1.19 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes . Esto hace posible que atacantes autenticados, con acceso de nivel de administrador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-65xx/CVE-2024-6520.json b/CVE-2024/CVE-2024-65xx/CVE-2024-6520.json index 70e7fa87344..a8a58d78884 100644 --- a/CVE-2024/CVE-2024-65xx/CVE-2024-6520.json +++ b/CVE-2024/CVE-2024-65xx/CVE-2024-6520.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6520", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T12:15:11.030", - "lastModified": "2024-07-27T12:15:11.030", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": " El complemento Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder para WordPress es vulnerable a Cross Site Scripting almacenado en todas las versiones hasta la 5.1.19 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes . Esto hace posible que atacantes autenticados, con acceso de nivel de administrador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-65xx/CVE-2024-6521.json b/CVE-2024/CVE-2024-65xx/CVE-2024-6521.json index d4412ce78a2..157edf020db 100644 --- a/CVE-2024/CVE-2024-65xx/CVE-2024-6521.json +++ b/CVE-2024/CVE-2024-65xx/CVE-2024-6521.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6521", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T12:15:11.250", - "lastModified": "2024-07-27T12:15:11.250", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": " El complemento Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder para WordPress es vulnerable a Cross Site Scripting almacenado en todas las versiones hasta la 5.1.19 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes . Esto hace posible que atacantes autenticados, con acceso de nivel de administrador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-65xx/CVE-2024-6545.json b/CVE-2024/CVE-2024-65xx/CVE-2024-6545.json index 3da463e7983..5b43592fd04 100644 --- a/CVE-2024/CVE-2024-65xx/CVE-2024-6545.json +++ b/CVE-2024/CVE-2024-65xx/CVE-2024-6545.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6545", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T02:15:10.883", - "lastModified": "2024-07-27T02:15:10.883", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Admin Trim Interface plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website." + }, + { + "lang": "es", + "value": "El complemento Admin Trim Interface para WordPress es vulnerable a la divulgaci\u00f3n de ruta completa en todas las versiones hasta la 3.5.1 incluida. Esto se debe a que el complemento utiliza bootstrap y deja archivos de prueba con display_errors activado. Esto hace posible que atacantes no autenticados recuperen la ruta completa de la aplicaci\u00f3n web, que puede usarse para ayudar en otros ataques. La informaci\u00f3n mostrada no es \u00fatil por s\u00ed sola y requiere que est\u00e9 presente otra vulnerabilidad para da\u00f1ar un sitio web afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-65xx/CVE-2024-6546.json b/CVE-2024/CVE-2024-65xx/CVE-2024-6546.json index c29959d22d2..85d9c4d9045 100644 --- a/CVE-2024/CVE-2024-65xx/CVE-2024-6546.json +++ b/CVE-2024/CVE-2024-65xx/CVE-2024-6546.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6546", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T02:15:11.097", - "lastModified": "2024-07-27T02:15:11.097", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The One Click Close Comments plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.7.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website." + }, + { + "lang": "es", + "value": " El complemento One Click Close Comments para WordPress es vulnerable a la divulgaci\u00f3n de ruta completa en todas las versiones hasta la 2.7.1 incluida. Esto se debe a que el complemento utiliza bootstrap y deja archivos de prueba con display_errors activado. Esto hace posible que atacantes no autenticados recuperen la ruta completa de la aplicaci\u00f3n web, que puede usarse para ayudar en otros ataques. La informaci\u00f3n mostrada no es \u00fatil por s\u00ed sola y requiere que est\u00e9 presente otra vulnerabilidad para da\u00f1ar un sitio web afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-65xx/CVE-2024-6547.json b/CVE-2024/CVE-2024-65xx/CVE-2024-6547.json index c01af1479bd..d3b2ee33cbe 100644 --- a/CVE-2024/CVE-2024-65xx/CVE-2024-6547.json +++ b/CVE-2024/CVE-2024-65xx/CVE-2024-6547.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6547", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T02:15:11.307", - "lastModified": "2024-07-27T02:15:11.307", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Add Admin CSS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website." + }, + { + "lang": "es", + "value": " El complemento Add Admin CSS para WordPress es vulnerable a la divulgaci\u00f3n de ruta completa en todas las versiones hasta la 2.0.1 incluida. Esto se debe a que el complemento utiliza bootstrap y deja archivos de prueba con display_errors activado. Esto hace posible que atacantes no autenticados recuperen la ruta completa de la aplicaci\u00f3n web, que puede usarse para ayudar en otros ataques. La informaci\u00f3n mostrada no es \u00fatil por s\u00ed sola y requiere que est\u00e9 presente otra vulnerabilidad para da\u00f1ar un sitio web afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-65xx/CVE-2024-6548.json b/CVE-2024/CVE-2024-65xx/CVE-2024-6548.json index 947036a6387..29b28027f83 100644 --- a/CVE-2024/CVE-2024-65xx/CVE-2024-6548.json +++ b/CVE-2024/CVE-2024-65xx/CVE-2024-6548.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6548", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T02:15:11.513", - "lastModified": "2024-07-27T02:15:11.513", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Add Admin JavaScript plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website." + }, + { + "lang": "es", + "value": "El complemento Add Admin JavaScript para WordPress es vulnerable a la divulgaci\u00f3n de ruta completa en todas las versiones hasta la 2.0 incluida. Esto se debe a que el complemento utiliza bootstrap y deja archivos de prueba con display_errors activado. Esto hace posible que atacantes no autenticados recuperen la ruta completa de la aplicaci\u00f3n web, que puede usarse para ayudar en otros ataques. La informaci\u00f3n mostrada no es \u00fatil por s\u00ed sola y requiere que est\u00e9 presente otra vulnerabilidad para da\u00f1ar un sitio web afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-65xx/CVE-2024-6549.json b/CVE-2024/CVE-2024-65xx/CVE-2024-6549.json index a0919808998..e5c0bf73cbe 100644 --- a/CVE-2024/CVE-2024-65xx/CVE-2024-6549.json +++ b/CVE-2024/CVE-2024-65xx/CVE-2024-6549.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6549", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T02:15:11.713", - "lastModified": "2024-07-27T02:15:11.713", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Admin Post Navigation plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website." + }, + { + "lang": "es", + "value": "El complemento Admin Post Navigation para WordPress es vulnerable a la divulgaci\u00f3n de ruta completa en todas las versiones hasta la 2.1 incluida. Esto se debe a que el complemento utiliza bootstrap y deja archivos de prueba con display_errors activado. Esto hace posible que atacantes no autenticados recuperen la ruta completa de la aplicaci\u00f3n web, que puede usarse para ayudar en otros ataques. La informaci\u00f3n mostrada no es \u00fatil por s\u00ed sola y requiere que est\u00e9 presente otra vulnerabilidad para da\u00f1ar un sitio web afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-65xx/CVE-2024-6566.json b/CVE-2024/CVE-2024-65xx/CVE-2024-6566.json index 249e7794c8d..e28da547f16 100644 --- a/CVE-2024/CVE-2024-65xx/CVE-2024-6566.json +++ b/CVE-2024/CVE-2024-65xx/CVE-2024-6566.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6566", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T02:15:11.920", - "lastModified": "2024-07-27T02:15:11.920", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Aramex Shipping WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.1.21. This is due the plugin not preventing direct access to the composer-setup.php file which also has display_errors enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website." + }, + { + "lang": "es", + "value": "El complemento Aramex Shipping WooCommerce para WordPress es vulnerable a la divulgaci\u00f3n de ruta completa en todas las versiones hasta la 1.1.21 incluida. Esto se debe a que el complemento no impide el acceso directo al archivo compositor-setup.php que tambi\u00e9n tiene habilitados display_errors. Esto hace posible que atacantes no autenticados recuperen la ruta completa de la aplicaci\u00f3n web, que puede usarse para ayudar en otros ataques. La informaci\u00f3n mostrada no es \u00fatil por s\u00ed sola y requiere que est\u00e9 presente otra vulnerabilidad para da\u00f1ar un sitio web afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-65xx/CVE-2024-6569.json b/CVE-2024/CVE-2024-65xx/CVE-2024-6569.json index cdeb98e7ed3..1b4252a6d76 100644 --- a/CVE-2024/CVE-2024-65xx/CVE-2024-6569.json +++ b/CVE-2024/CVE-2024-65xx/CVE-2024-6569.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6569", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T09:15:02.523", - "lastModified": "2024-07-27T09:15:02.523", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Campaign Monitor for WordPress plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.8.15. This is due the plugin not properly restricting direct access to /forms/views/admin/create.php and display_errors being enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website." + }, + { + "lang": "es", + "value": " El complemento Campaign Monitor for WordPress para WordPress es vulnerable a la divulgaci\u00f3n de ruta completa en todas las versiones hasta la 2.8.15 incluida. Esto se debe a que el complemento no restringe adecuadamente el acceso directo a /forms/views/admin/create.php y display_errors est\u00e1 habilitado. Esto hace posible que atacantes no autenticados recuperen la ruta completa de la aplicaci\u00f3n web, que puede usarse para ayudar en otros ataques. La informaci\u00f3n mostrada no es \u00fatil por s\u00ed sola y requiere que est\u00e9 presente otra vulnerabilidad para da\u00f1ar un sitio web afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-65xx/CVE-2024-6573.json b/CVE-2024/CVE-2024-65xx/CVE-2024-6573.json index 52b216620fb..b33e23fbdea 100644 --- a/CVE-2024/CVE-2024-65xx/CVE-2024-6573.json +++ b/CVE-2024/CVE-2024-65xx/CVE-2024-6573.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6573", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T02:15:12.130", - "lastModified": "2024-07-27T02:15:12.130", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Intelligence plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.0. This is due the plugin not preventing direct access to the /vendor/levelten/intel/realtime/index.php file and display_errors being enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website." + }, + { + "lang": "es", + "value": "El complemento Intelligence para WordPress es vulnerable a la divulgaci\u00f3n de ruta completa en todas las versiones hasta la 1.4.0 incluida. Esto se debe a que el complemento no impide el acceso directo al archivo /vendor/levelten/intel/realtime/index.php y que display_errors est\u00e1 habilitado. Esto hace posible que atacantes no autenticados recuperen la ruta completa de la aplicaci\u00f3n web, que puede usarse para ayudar en otros ataques. La informaci\u00f3n mostrada no es \u00fatil por s\u00ed sola y requiere que est\u00e9 presente otra vulnerabilidad para da\u00f1ar un sitio web afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-65xx/CVE-2024-6576.json b/CVE-2024/CVE-2024-65xx/CVE-2024-6576.json new file mode 100644 index 00000000000..0b82261efc2 --- /dev/null +++ b/CVE-2024/CVE-2024-65xx/CVE-2024-6576.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-6576", + "sourceIdentifier": "security@progress.com", + "published": "2024-07-29T14:15:04.190", + "lastModified": "2024-07-29T14:15:04.190", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Privilege Escalation.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@progress.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@progress.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-July-2024-CVE-2024-6576", + "source": "security@progress.com" + }, + { + "url": "https://www.progress.com/moveit", + "source": "security@progress.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-65xx/CVE-2024-6591.json b/CVE-2024/CVE-2024-65xx/CVE-2024-6591.json index 03a2ae2e58e..82a4d56d2f7 100644 --- a/CVE-2024/CVE-2024-65xx/CVE-2024-6591.json +++ b/CVE-2024/CVE-2024-65xx/CVE-2024-6591.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6591", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T02:15:12.330", - "lastModified": "2024-07-27T02:15:12.330", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized email creation and sending due to a missing capability check on the 'send_auction_email_callback' and 'resend_auction_email_callback' functions in all versions up to, and including, 4.2.6. This makes it possible for unauthenticated attackers to craft emails that include links and send to any email address." + }, + { + "lang": "es", + "value": " El complemento Ultimate WordPress Auction Plugin para WordPress es vulnerable a la creaci\u00f3n y env\u00edo de correo electr\u00f3nico no autorizado debido a una falta de verificaci\u00f3n de capacidad en las funciones 'send_auction_email_callback' y 'resend_auction_email_callback' en todas las versiones hasta la 4.2.6 incluida. Esto hace posible que atacantes no autenticados creen correos electr\u00f3nicos que incluyan enlaces y los env\u00eden a cualquier direcci\u00f3n de correo electr\u00f3nico." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-66xx/CVE-2024-6627.json b/CVE-2024/CVE-2024-66xx/CVE-2024-6627.json index 52d104c4658..3b69753d8ae 100644 --- a/CVE-2024/CVE-2024-66xx/CVE-2024-6627.json +++ b/CVE-2024/CVE-2024-66xx/CVE-2024-6627.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6627", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T12:15:11.477", - "lastModified": "2024-07-27T12:15:11.477", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's PDF View widget in all versions up to, and including, 3.11.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Happy Addons para Elementor para WordPress es vulnerable a Cross Site Scripting almacenado a trav\u00e9s del widget de vista de PDF del complemento en todas las versiones hasta la 3.11.2 incluida debido a una sanitizaci\u00f3n de entrada y a un escape de salida insuficientes en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-66xx/CVE-2024-6634.json b/CVE-2024/CVE-2024-66xx/CVE-2024-6634.json index edc85f0c9cf..4087cc74172 100644 --- a/CVE-2024/CVE-2024-66xx/CVE-2024-6634.json +++ b/CVE-2024/CVE-2024-66xx/CVE-2024-6634.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6634", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T02:15:12.560", - "lastModified": "2024-07-27T02:15:12.560", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Master Currency WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's currencyconverterform shortcode in all versions up to, and including, 1.1.61 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Master Currency WP para WordPress es vulnerable a Cross Site Scripting almacenado a trav\u00e9s del c\u00f3digo corto de conversi\u00f3n de moneda del complemento en todas las versiones hasta la 1.1.61 incluida debido a una sanitizaci\u00f3n de entrada y a un escape de salida insuficientes en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-66xx/CVE-2024-6661.json b/CVE-2024/CVE-2024-66xx/CVE-2024-6661.json index 953f899c9cf..755327b0875 100644 --- a/CVE-2024/CVE-2024-66xx/CVE-2024-6661.json +++ b/CVE-2024/CVE-2024-66xx/CVE-2024-6661.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6661", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T02:15:12.780", - "lastModified": "2024-07-27T02:15:12.780", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The ParityPress \u2013 Parity Pricing with Discount Rules plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Discount Text' in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + }, + { + "lang": "es", + "value": " El complemento ParityPress \u2013 Parity Pricing with Discount Rules para WordPress es vulnerable a Cross Site Scripting almacenado a trav\u00e9s de 'Discount Text' en todas las versiones hasta la 1.0.0 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con permisos de nivel de administrador y superiores, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a las instalaciones multisitio y a las instalaciones en las que se ha deshabilitado unfiltered_html." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-67xx/CVE-2024-6703.json b/CVE-2024/CVE-2024-67xx/CVE-2024-6703.json index b8b0dda9812..699dd7df18b 100644 --- a/CVE-2024/CVE-2024-67xx/CVE-2024-6703.json +++ b/CVE-2024/CVE-2024-67xx/CVE-2024-6703.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6703", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T13:15:09.757", - "lastModified": "2024-07-27T13:15:09.757", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018description\u2019 and 'btn_txt' parameters in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for attackers with the Form Manager permissions and Subscriber+ user role, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder para WordPress es vulnerable a Cross Site Scripting almacenado a trav\u00e9s de los par\u00e1metros 'description' y 'btn_txt' en todas las versiones hasta la 5.1 incluida. .19 debido a una sanitizaci\u00f3n de la entrada y escape de salida insuficientes. Esto hace posible que los atacantes con permisos de Administrador de formularios y rol de usuario Suscriptor+ inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-68xx/CVE-2024-6881.json b/CVE-2024/CVE-2024-68xx/CVE-2024-6881.json index a89261e8d2e..200f4b3e4c1 100644 --- a/CVE-2024/CVE-2024-68xx/CVE-2024-6881.json +++ b/CVE-2024/CVE-2024-68xx/CVE-2024-6881.json @@ -2,8 +2,8 @@ "id": "CVE-2024-6881", "sourceIdentifier": "security@m-files.com", "published": "2024-07-29T13:15:10.990", - "lastModified": "2024-07-29T13:15:10.990", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-68xx/CVE-2024-6897.json b/CVE-2024/CVE-2024-68xx/CVE-2024-6897.json index 2cdefb17c33..3ebf15852d6 100644 --- a/CVE-2024/CVE-2024-68xx/CVE-2024-6897.json +++ b/CVE-2024/CVE-2024-68xx/CVE-2024-6897.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6897", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T12:15:11.707", - "lastModified": "2024-07-27T12:15:11.707", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The aThemes Starter Sites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.53 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + }, + { + "lang": "es", + "value": " El complemento aThemes Starter Sites para WordPress es vulnerable a Cross Site Scripting almacenado a trav\u00e9s de cargas de archivos SVG en todas las versiones hasta la 1.0.53 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de autor y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda al archivo SVG." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-69xx/CVE-2024-6922.json b/CVE-2024/CVE-2024-69xx/CVE-2024-6922.json index a495257b1be..3d97e88ff0c 100644 --- a/CVE-2024/CVE-2024-69xx/CVE-2024-6922.json +++ b/CVE-2024/CVE-2024-69xx/CVE-2024-6922.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6922", "sourceIdentifier": "cve@rapid7.com", "published": "2024-07-26T14:15:03.377", - "lastModified": "2024-07-26T14:15:03.377", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. An attacker with unauthenticated access to the Automation 360 Control Room HTTPS service (port 443) or HTTP service (port 80) can trigger arbitrary web requests from the server." + }, + { + "lang": "es", + "value": " Automation Anywhere Automation 360 v21-v32 es vulnerable a Server-Side Request Forgery en un componente API web. Un atacante con acceso no autenticado al servicio HTTPS de Automation 360 Control Room (puerto 443) o al servicio HTTP (puerto 80) puede desencadenar solicitudes web arbitrarias desde el servidor." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-69xx/CVE-2024-6984.json b/CVE-2024/CVE-2024-69xx/CVE-2024-6984.json new file mode 100644 index 00000000000..94741eda32e --- /dev/null +++ b/CVE-2024/CVE-2024-69xx/CVE-2024-6984.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-6984", + "sourceIdentifier": "security@ubuntu.com", + "published": "2024-07-29T14:15:04.477", + "lastModified": "2024-07-29T14:15:04.477", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/juju/juju/commit/da929676853092a29ddf8d589468cf85ba3efaf2", + "source": "security@ubuntu.com" + }, + { + "url": "https://github.com/juju/juju/security/advisories/GHSA-6vjm-54vp-mxhx", + "source": "security@ubuntu.com" + }, + { + "url": "https://www.cve.org/CVERecord?id=CVE-2024-6984", + "source": "security@ubuntu.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-70xx/CVE-2024-7050.json b/CVE-2024/CVE-2024-70xx/CVE-2024-7050.json index f74b684daa9..26312da41d1 100644 --- a/CVE-2024/CVE-2024-70xx/CVE-2024-7050.json +++ b/CVE-2024/CVE-2024-70xx/CVE-2024-7050.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7050", "sourceIdentifier": "security@opentext.com", "published": "2024-07-26T16:15:03.847", - "lastModified": "2024-07-26T16:15:03.847", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi-factor Authentication Bypass in particular scenarios.This issue affects OpenText Directory Services: 24.2." + }, + { + "lang": "es", + "value": " Vulnerabilidad de autenticaci\u00f3n incorrecta en OpenText OpenText Directory Services puede permitir la omisi\u00f3n de autenticaci\u00f3n multifactor en escenarios particulares. Este problema afecta a OpenText Directory Services: 24.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7128.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7128.json index 7c40c805203..1965bcafa25 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7128.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7128.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7128", "sourceIdentifier": "secalert@redhat.com", "published": "2024-07-26T14:15:03.573", - "lastModified": "2024-07-26T14:15:03.573", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was found in the Openshift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider (\"openShiftAuth\") is set, these functions do not perform any authentication checks, relying instead on the targeted service to handle authentication and authorization. This issue leads to various degrees of data exposure due to a lack of proper credential verification." + }, + { + "lang": "es", + "value": " Se encontr\u00f3 un fallo en la consola Openshift. Varios endpoints de la aplicaci\u00f3n utilizan las funciones de middleware authHandler() y authHandlerWithUser(). Cuando se establece el proveedor de autenticaci\u00f3n predeterminado (\"openShiftAuth\"), estas funciones no realizan ninguna verificaci\u00f3n de autenticaci\u00f3n, sino que dependen del servicio de destino para manejar la autenticaci\u00f3n y la autorizaci\u00f3n. Este problema conduce a diversos grados de exposici\u00f3n de datos debido a la falta de una verificaci\u00f3n de credenciales adecuada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7151.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7151.json index 7b985e7e6bd..3b1ff50879e 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7151.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7151.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7151", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-27T20:15:09.650", - "lastModified": "2024-07-27T20:15:09.650", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been declared as critical. This vulnerability affects the function fromMacFilterSet of the file /goform/setMacFilter. The manipulation of the argument remark leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272554 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Tenda O3 1.0.0.10(2478). Ha sido declarado cr\u00edtico. Esta vulnerabilidad afecta a la funci\u00f3n fromMacFilterSet del archivo /goform/setMacFilter. La manipulaci\u00f3n del argumento remark conduce a un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-272554 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7152.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7152.json index c10eb3ff57e..fcae3992c75 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7152.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7152.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7152", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-27T21:15:09.743", - "lastModified": "2024-07-27T21:15:09.743", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been rated as critical. This issue affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272555. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Tenda O3 1.0.0.10(2478). Ha sido calificado como cr\u00edtico. Este problema afecta la funci\u00f3n fromSafeSetMacFilter del archivo /goform/setMacFilterList. La manipulaci\u00f3n del argumento time conduce a un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-272555. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7153.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7153.json index 97d3c258ea1..9b67f6fd2b3 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7153.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7153.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7153", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-27T22:15:01.833", - "lastModified": "2024-07-27T22:15:01.833", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic has been found in Netgear WN604 up to 20240719. Affected is an unknown function of the file siteSurvey.php. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en Netgear WN604 hasta 20240719 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo siteSurvey.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a una solicitud directa. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-272556. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7154.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7154.json index 8fd26590aca..7b67693d967 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7154.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7154.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7154", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-28T10:15:01.897", - "lastModified": "2024-07-28T10:15:01.897", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is an unknown function of the file /wizard.html of the component Password Reset Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272568. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en TOTOLINK A3700R 9.1.2u.5822_B20200513 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /wizard.html del componente Password Reset Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a controles de acceso inadecuados. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-272568. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7155.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7155.json index 046dd9a54a7..a43fc8788c7 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7155.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7155.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7155", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-28T10:15:03.053", - "lastModified": "2024-07-28T10:15:03.053", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-272569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en TOTOLINK A3300R 17.0.0cu.557_B20221024 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /etc/shadow.sample es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce al uso de una contrase\u00f1a codificada. Es posible lanzar el ataque al servidor local. La complejidad de un ataque es bastante alta. La explotaci\u00f3n parece dif\u00edcil. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-272569. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7156.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7156.json index 9d7d6f42df6..d2d73251467 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7156.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7156.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7156", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-28T11:15:11.820", - "lastModified": "2024-07-28T11:15:11.820", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/ExportSettings.sh of the component apmib Configuration Handler. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272570 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en TOTOLINK A3700R 9.1.2u.5822_B20200513 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /cgi-bin/ExportSettings.sh del componente apmib Configuration Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-272570 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7157.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7157.json index d87370184ca..fa40b8bbe8c 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7157.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7157.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7157", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-28T11:15:12.107", - "lastModified": "2024-07-28T11:15:12.107", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been classified as critical. This affects the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272571. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en TOTOLINK A3100R 4.1.2cu.5050_B20200504. Ha sido clasificada como cr\u00edtica. Esto afecta a la funci\u00f3n getSaveConfig del archivo /cgi-bin/cstecgi.cgi?action=save&setting. La manipulaci\u00f3n del argumento http_host provoca un desbordamiento de b\u00fafer. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-272571. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7158.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7158.json index 32ba34f03ed..e55e542a91c 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7158.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7158.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7158", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-28T14:15:11.303", - "lastModified": "2024-07-28T14:15:11.303", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been declared as critical. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument telnet_enabled leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272572. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": " Se encontr\u00f3 una vulnerabilidad en TOTOLINK A3100R 4.1.2cu.5050_B20200504. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n setTelnetCfg del archivo /cgi-bin/cstecgi.cgi del componente HTTP POST Request Handler. La manipulaci\u00f3n del argumento telnet_enabled conduce a la inyecci\u00f3n de comandos. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-272572. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7159.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7159.json index 95c50ef88fb..2b72c1216ac 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7159.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7159.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7159", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-28T15:15:09.897", - "lastModified": "2024-07-28T15:15:09.897", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been rated as critical. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier VDB-272573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": " Se encontr\u00f3 una vulnerabilidad en TOTOLINK A3600R 4.1.2cu.5182_B20201102. Ha sido calificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo /web_cste/cgi-bin/product.ini del componente Telnet Service. La manipulaci\u00f3n conduce al uso de una contrase\u00f1a codificada. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-272573. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7160.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7160.json index cbd4f78f2a7..3f8cf35aed3 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7160.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7160.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7160", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-28T15:15:10.163", - "lastModified": "2024-07-28T15:15:10.163", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en TOTOLINK A3700R 9.1.2u.5822_B20200513 y clasificada como cr\u00edtica. La funci\u00f3n setWanCfg del fichero /cgi-bin/cstecgi.cgi es afectada por la vulnerabilidad. La manipulaci\u00f3n del argumento hostName conduce a la inyecci\u00f3n de comandos. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-272574 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7161.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7161.json index df83345ae58..61e2d897aa2 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7161.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7161.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7161", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-28T16:15:02.047", - "lastModified": "2024-07-28T16:15:02.047", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic was found in SeaCMS 13.0. Affected by this vulnerability is an unknown functionality of the file /member.php?action=chgpwdsubmit of the component Password Change Handler. The manipulation of the argument newpwd/newpwd2 leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272575." + }, + { + "lang": "es", + "value": " Una vulnerabilidad fue encontrada en SeaCMS 13.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /member.php?action=chgpwdsubmit del componente Password Change Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento newpwd/newpwd2 conduce a cross-site request forgery. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-272575." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7162.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7162.json index 9c7f864c90e..12e3fd50879 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7162.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7162.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7162", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-28T16:15:02.347", - "lastModified": "2024-07-28T16:15:02.347", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in SeaCMS 12.9/13.0. Affected by this issue is some unknown functionality of the file js/player/dmplayer/admin/post.php?act=setting. The manipulation of the argument yzm leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272576." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en SeaCMS 12.9/13.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo js/player/dmplayer/admin/post.php?act=setting es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento yzm conduce a Cross Site Scripting. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-272576." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7163.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7163.json index 45f48fd3f60..a796da0db02 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7163.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7163.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7163", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-28T17:15:09.797", - "lastModified": "2024-07-28T17:15:09.797", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, was found in SeaCMS 12.9. This affects an unknown part of the file /js/player/dmplayer/player/index.php. The manipulation of the argument color/vid/url leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272577 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": " Una vulnerabilidad fue encontrada en SeaCMS 12.9 y clasificada como problem\u00e1tica. Esto afecta a una parte desconocida del archivo /js/player/dmplayer/player/index.php. La manipulaci\u00f3n del argumento color/vid/url conduce a Cross Site Scripting. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-272577." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7164.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7164.json index 04434b787c5..fe2517538f3 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7164.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7164.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7164", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-28T17:15:10.057", - "lastModified": "2024-07-28T17:15:10.057", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in SourceCodester School Fees Payment System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272578 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en SourceCodester School Fees Payment System 1.0 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /ajax.php?action=login. La manipulaci\u00f3n del argumento username conduce a la inyecci\u00f3n de SQL. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-272578 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7165.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7165.json index 6cb33aab0cb..83526ca2f7a 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7165.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7165.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7165", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-28T18:15:02.123", - "lastModified": "2024-07-28T18:15:02.123", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in SourceCodester School Fees Payment System 1.0 and classified as critical. This issue affects some unknown processing of the file /view_payment.php. The manipulation of the argument ef_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272579." + }, + { + "lang": "es", + "value": " Una vulnerabilidad fue encontrada en SourceCodester School Fees Payment System 1.0 y clasificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo /view_paid.php. La manipulaci\u00f3n del argumento ef_id conduce a la inyecci\u00f3n de SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-272579." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7166.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7166.json index 1b1b88a3de6..e569d29b3f8 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7166.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7166.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7166", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-28T18:15:02.420", - "lastModified": "2024-07-28T18:15:02.420", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been classified as critical. Affected is an unknown function of the file /receipt.php. The manipulation of the argument ef_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272580." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester School Fees Payment System 1.0. Ha sido clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /receipt.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento ef_id conduce a la inyecci\u00f3n de SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-272580." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7167.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7167.json index 73642070993..d20188bc94a 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7167.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7167.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7167", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-28T19:15:10.697", - "lastModified": "2024-07-28T19:15:10.697", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /manage_course.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272581 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": " Se encontr\u00f3 una vulnerabilidad en SourceCodester School Fees Payment System 1.0. Ha sido declarada cr\u00edtica. Una funci\u00f3n desconocida del archivo /manage_course.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-272581." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7168.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7168.json index 99f7208cc0a..9037d38b75a 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7168.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7168.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7168", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-28T19:15:11.007", - "lastModified": "2024-07-28T19:15:11.007", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272582 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester School Fees Payment System 1.0. Ha sido calificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /manage_user.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-272582 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7169.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7169.json index 329c7be354c..764e9187aaf 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7169.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7169.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7169", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-28T20:15:01.903", - "lastModified": "2024-07-28T20:15:01.903", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic has been found in SourceCodester School Fees Payment System 1.0. This affects an unknown part of the file /ajax.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272583." + }, + { + "lang": "es", + "value": " Una vulnerabilidad ha sido encontrada en SourceCodester School Fees Payment System 1.0 y clasificada como problem\u00e1tica. Esto afecta a una parte desconocida del archivo /ajax.php. La manipulaci\u00f3n conduce a cross-site request forgery. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-272583." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7170.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7170.json index 898f57a0f9a..e17bf6264a2 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7170.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7170.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7170", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-28T22:15:01.820", - "lastModified": "2024-07-28T22:15:01.820", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in TOTOLINK A3000RU 5.9c.5185. It has been rated as problematic. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272591. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": " Se encontr\u00f3 una vulnerabilidad en TOTOLINK A3000RU 5.9c.5185. Ha sido calificada como problem\u00e1tica. Este problema afecta un procesamiento desconocido del archivo /web_cste/cgi-bin/product.ini. La manipulaci\u00f3n conduce al uso de una contrase\u00f1a codificada. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-272591. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7171.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7171.json index b20b5b6f0e0..a4c4710a035 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7171.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7171.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7171", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-28T23:15:09.837", - "lastModified": "2024-07-28T23:15:09.837", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostTime leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272592. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en TOTOLINK A3600R 4.1.2cu.5182_B20201102 y clasificada como cr\u00edtica. La funci\u00f3n NTPSyncWithHost del fichero /cgi-bin/cstecgi.cgi es afectada por la vulnerabilidad. La manipulaci\u00f3n del argumento hostTime conduce a la inyecci\u00f3n de comandos del sistema operativo. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-272592. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7172.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7172.json index e0e68299745..2ba7706f63a 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7172.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7172.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7172", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-28T23:15:10.117", - "lastModified": "2024-07-28T23:15:10.117", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected by this vulnerability is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272593 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": " Una vulnerabilidad fue encontrada en TOTOLINK A3600R 4.1.2cu.5182_B20201102 y clasificada como cr\u00edtica. La funci\u00f3n getSaveConfig del archivo /cgi-bin/cstecgi.cgi?action=save&setting es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento http_host provoca un desbordamiento de b\u00fafer. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-272593. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7173.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7173.json index 3667d4f3084..8a24d6f58bb 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7173.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7173.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7173", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T00:15:02.030", - "lastModified": "2024-07-29T00:15:02.030", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected by this issue is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password/http_host leads to buffer overflow. The attack may be launched remotely. VDB-272594 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": " Una vulnerabilidad fue encontrada en TOTOLINK A3600R 4.1.2cu.5182_B20201102 y clasificada como cr\u00edtica. La funci\u00f3n loginauth del archivo /cgi-bin/cstecgi.cgi es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento password/http_host provoca un desbordamiento de b\u00fafer. El ataque puede lanzarse de forma remota. VDB-272594 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7174.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7174.json index 74d23bcedb9..47dfe314bd8 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7174.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7174.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7174", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T00:15:02.320", - "lastModified": "2024-07-29T00:15:02.320", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This affects the function setdeviceName of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument deviceMac/deviceName leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272595. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en TOTOLINK A3600R 4.1.2cu.5182_B20201102 y clasificada como cr\u00edtica. Esto afecta la funci\u00f3n setdeviceName del archivo /cgi-bin/cstecgi.cgi. La manipulaci\u00f3n del argumento deviceMac/deviceName provoca un desbordamiento de b\u00fafer. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-272595. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7175.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7175.json index 1bc16a591f8..6817d9d2ec7 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7175.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7175.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7175", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T01:15:09.830", - "lastModified": "2024-07-29T01:15:09.830", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ipDoamin leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272596. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en TOTOLINK A3600R 4.1.2cu.5182_B20201102 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n setDiagnosisCfg del archivo /cgi-bin/cstecgi.cgi. La manipulaci\u00f3n del argumento ipDoamin conduce a la inyecci\u00f3n de comandos del sistema operativo. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-272596. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7176.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7176.json index 85b8bd93030..9ed799e8572 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7176.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7176.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7176", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T02:15:12.810", - "lastModified": "2024-07-29T02:15:12.810", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. This issue affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272597 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en TOTOLINK A3600R 4.1.2cu.5182_B20201102 y clasificada como cr\u00edtica. Este problema afecta la funci\u00f3n setIpQosRules del archivo /cgi-bin/cstecgi.cgi. La manipulaci\u00f3n del argumento comment provoca un desbordamiento de b\u00fafer. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-272597. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7177.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7177.json index e325af73cc9..eaa679325e0 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7177.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7177.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7177", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T02:15:13.077", - "lastModified": "2024-07-29T02:15:13.077", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been classified as critical. Affected is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272598 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en TOTOLINK A3600R 4.1.2cu.5182_B20201102. Ha sido clasificada como cr\u00edtica. La funci\u00f3n setLanguageCfg del fichero /cgi-bin/cstecgi.cgi es afectada por la vulnerabilidad. La manipulaci\u00f3n del argumento langType provoca un desbordamiento de b\u00fafer. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-272598 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7178.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7178.json index 293f1d74a27..92fc3a7f6b3 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7178.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7178.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7178", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T03:15:02.417", - "lastModified": "2024-07-29T03:15:02.417", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been declared as critical. Affected by this vulnerability is the function setMacQos of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument priority/macAddress leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272599. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en TOTOLINK A3600R 4.1.2cu.5182_B20201102. Ha sido declarada cr\u00edtica. La funci\u00f3n setMacQos del archivo /cgi-bin/cstecgi.cgi es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento priority/macAddress provoca un desbordamiento de b\u00fafer. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-272599. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7179.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7179.json index 949ab98c787..7f245acf88c 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7179.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7179.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7179", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T03:15:02.703", - "lastModified": "2024-07-29T03:15:02.703", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been rated as critical. Affected by this issue is the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument startTime/endTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272600. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en TOTOLINK A3600R 4.1.2cu.5182_B20201102. Ha sido calificada como cr\u00edtica. La funci\u00f3n setParentalRules del archivo /cgi-bin/cstecgi.cgi es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento startTime/endTime provoca un desbordamiento de b\u00fafer. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-272600. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7180.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7180.json index 77a406df5df..eab9d628bd9 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7180.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7180.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7180", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T03:15:03.000", - "lastModified": "2024-07-29T03:15:03.000", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This affects the function setPortForwardRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272601 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en TOTOLINK A3600R 4.1.2cu.5182_B20201102 y clasificada como cr\u00edtica. Esto afecta a la funci\u00f3n setPortForwardRules del archivo /cgi-bin/cstecgi.cgi. La manipulaci\u00f3n del argumento comment provoca un desbordamiento de b\u00fafer. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-272601. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7181.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7181.json index f9347d3b9fe..45468f506f0 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7181.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7181.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7181", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T04:15:02.087", - "lastModified": "2024-07-29T04:15:02.087", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument telnet_enabled leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272602 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en TOTOLINK A3600R 4.1.2cu.5182_B20201102 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n setTelnetCfg del archivo /cgi-bin/cstecgi.cgi. La manipulaci\u00f3n del argumento telnet_enabled conduce a la inyecci\u00f3n de comandos. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-272602 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7182.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7182.json index ede13c55d13..e00d01da990 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7182.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7182.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7182", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T04:15:02.473", - "lastModified": "2024-07-29T04:15:02.473", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272603. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en TOTOLINK A3600R 4.1.2cu.5182_B20201102 y clasificada como cr\u00edtica. Este problema afecta la funci\u00f3n setUpgradeFW del archivo /cgi-bin/cstecgi.cgi. La manipulaci\u00f3n del argumento FileName provoca un desbordamiento de b\u00fafer. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-272603. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7183.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7183.json index f0e26cd6610..16ad7ffed82 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7183.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7183.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7183", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T05:15:01.820", - "lastModified": "2024-07-29T05:15:01.820", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272604. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en TOTOLINK A3600R 4.1.2cu.5182_B20201102 y clasificada como cr\u00edtica. La funci\u00f3n setUploadSetting del fichero /cgi-bin/cstecgi.cgi es afectada por la vulnerabilidad. La manipulaci\u00f3n del argumento FileName provoca un desbordamiento de b\u00fafer. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-272604. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7184.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7184.json index 867c37063a3..babb8406f41 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7184.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7184.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7184", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T05:15:02.203", - "lastModified": "2024-07-29T05:15:02.203", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en TOTOLINK A3600R 4.1.2cu.5182_B20201102 y clasificada como cr\u00edtica. La funci\u00f3n setUrlFilterRules del archivo /cgi-bin/cstecgi.cgi es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento URL provoca un desbordamiento de b\u00fafer. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-272605. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7185.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7185.json index e89b03dd8cf..6ec7430a905 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7185.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7185.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7185", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T06:15:02.980", - "lastModified": "2024-07-29T06:15:02.980", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. Affected by this issue is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument webWlanIdx leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272606 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en TOTOLINK A3600R 4.1.2cu.5182_B20201102 y clasificada como cr\u00edtica. La funci\u00f3n setWebWlanIdx del archivo /cgi-bin/cstecgi.cgi es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento webWlanIdx provoca un desbordamiento de b\u00fafer. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-272606 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7186.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7186.json index dbc1f454ba5..706f394c76e 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7186.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7186.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7186", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T06:15:03.420", - "lastModified": "2024-07-29T06:15:03.420", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been classified as critical. This affects the function setWiFiAclAddConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272607. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": " Se encontr\u00f3 una vulnerabilidad en TOTOLINK A3600R 4.1.2cu.5182_B20201102. Ha sido clasificada como cr\u00edtica. Estoa afecta a la funci\u00f3n setWiFiAclAddConfig del archivo /cgi-bin/cstecgi.cgi. La manipulaci\u00f3n del argumento comment provoca un desbordamiento de b\u00fafer. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asocido de esta vulnerabilidad es VDB-272607. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7187.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7187.json index cfa4e466ca4..238af8e126d 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7187.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7187.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7187", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T07:15:07.830", - "lastModified": "2024-07-29T07:15:07.830", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been declared as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272608. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en TOTOLINK A3600R 4.1.2cu.5182_B20201102. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n UploadCustomModule del archivo /cgi-bin/cstecgi.cgi. La manipulaci\u00f3n del argumento File provoca un desbordamiento de b\u00fafer. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-272608. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7188.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7188.json index 41be585fb77..54553917b49 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7188.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7188.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7188", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T07:15:08.713", - "lastModified": "2024-07-29T07:15:08.713", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Bylancer Quicklancer 2.4. It has been rated as critical. This issue affects some unknown processing of the file /listing of the component GET Parameter Handler. The manipulation of the argument range2 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272609 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": " Se encontr\u00f3 una vulnerabilidad en Bylancer Quicklancer 2.4. Ha sido calificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo /listing del componente GET Parameter Handler. La manipulaci\u00f3n del argumento range2 conduce a la inyecci\u00f3n de SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-272609. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7189.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7189.json index cd45c5cbc1d..7ac1ce3229b 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7189.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7189.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7189", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T08:15:01.703", - "lastModified": "2024-07-29T08:15:01.703", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in itsourcecode Online Food Ordering System 1.0. Affected is an unknown function of the file editproduct.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272610 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en itsourcecode Online Food Ordering System 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo editproduct.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento photo da lugar a una carga sin restricciones. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-272610 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7190.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7190.json index 74903b7f44e..8badf2eaa3c 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7190.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7190.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7190", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T08:15:02.010", - "lastModified": "2024-07-29T08:15:02.010", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/get_price.php. The manipulation of the argument expenses_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272611." + }, + { + "lang": "es", + "value": " Una vulnerabilidad fue encontrada en itsourcecode Society Management System 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /admin/get_price.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento id_gastos conduce a la inyecci\u00f3n de SQL. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-272611." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7191.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7191.json index 80ce5e5a01b..fde8ed661d9 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7191.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7191.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7191", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T09:15:03.410", - "lastModified": "2024-07-29T09:15:03.410", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/get_balance.php. The manipulation of the argument student_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272612." + }, + { + "lang": "es", + "value": " Una vulnerabilidad fue encontrada en itsourcecode Society Management System 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /admin/get_balance.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento Student_id conduce a la inyecci\u00f3n SQL. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-272612." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7192.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7192.json index cb590d07e40..c131fad3ac9 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7192.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7192.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7192", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T09:15:03.693", - "lastModified": "2024-07-29T09:15:03.693", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7193.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7193.json index 0a4428f794a..d614b334f40 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7193.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7193.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7193", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T10:15:02.107", - "lastModified": "2024-07-29T10:15:02.107", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7194.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7194.json index 60db0a5ca16..05a2acaa658 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7194.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7194.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7194", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T10:15:02.933", - "lastModified": "2024-07-29T10:15:02.933", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7195.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7195.json index c24ce514c3f..d8d2ad41885 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7195.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7195.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7195", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T11:15:10.197", - "lastModified": "2024-07-29T11:15:10.197", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in itsourcecode Society Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/check_admin.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272616." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en itsourcecode Society Management System 1.0. Se ha clasificado como cr\u00edtica. Se ve afectada una funci\u00f3n desconocida del archivo /admin/check_admin.php. La manipulaci\u00f3n del argumento username provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-272616." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7196.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7196.json index f638c2377f1..46205ea495c 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7196.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7196.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7196", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T11:15:10.503", - "lastModified": "2024-07-29T11:15:10.503", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7197.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7197.json index d954c720675..c01ad282faa 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7197.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7197.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7197", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T12:15:02.320", - "lastModified": "2024-07-29T12:15:02.320", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7198.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7198.json index f12c279ee82..1c6a1611e36 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7198.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7198.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7198", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T12:15:02.610", - "lastModified": "2024-07-29T12:15:02.610", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7199.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7199.json index 4875238015d..8fb1e0f3925 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7199.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7199.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7199", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T13:15:11.123", - "lastModified": "2024-07-29T13:15:11.123", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-72xx/CVE-2024-7200.json b/CVE-2024/CVE-2024-72xx/CVE-2024-7200.json index 8da017c68af..89ef9040d6c 100644 --- a/CVE-2024/CVE-2024-72xx/CVE-2024-7200.json +++ b/CVE-2024/CVE-2024-72xx/CVE-2024-7200.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7200", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-29T13:15:11.400", - "lastModified": "2024-07-29T13:15:11.400", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-72xx/CVE-2024-7201.json b/CVE-2024/CVE-2024-72xx/CVE-2024-7201.json index f74f3c81405..d98b4a1a5fc 100644 --- a/CVE-2024/CVE-2024-72xx/CVE-2024-7201.json +++ b/CVE-2024/CVE-2024-72xx/CVE-2024-7201.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7201", "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-07-29T03:15:03.267", - "lastModified": "2024-07-29T03:15:03.267", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The login functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents." + }, + { + "lang": "es", + "value": " La funcionalidad de inicio de sesi\u00f3n del paquete web WinMatrix3 de Simopro Technology carece de una validaci\u00f3n adecuada de la entrada del usuario, lo que permite a atacantes remotos no autenticados inyectar comandos SQL para leer, modificar y eliminar contenidos de la base de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-72xx/CVE-2024-7202.json b/CVE-2024/CVE-2024-72xx/CVE-2024-7202.json index d9b705574e9..90d73e4deb0 100644 --- a/CVE-2024/CVE-2024-72xx/CVE-2024-7202.json +++ b/CVE-2024/CVE-2024-72xx/CVE-2024-7202.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7202", "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-07-29T04:15:02.807", - "lastModified": "2024-07-29T04:15:02.807", - "vulnStatus": "Received", + "lastModified": "2024-07-29T14:12:08.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The query functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents." + }, + { + "lang": "es", + "value": " La funcionalidad de consulta del paquete web WinMatrix3 de Simopro Technology carece de una validaci\u00f3n adecuada de la entrada del usuario, lo que permite a atacantes remotos no autenticados inyectar comandos SQL para leer, modificar y eliminar contenidos de la base de datos." } ], "metrics": { diff --git a/README.md b/README.md index f89e55db7e5..d86e499646a 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-07-29T14:00:17.355025+00:00 +2024-07-29T16:00:18.237348+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-07-29T13:15:11.400000+00:00 +2024-07-29T15:15:16.267000+00:00 ``` ### Last Data Feed Release @@ -33,27 +33,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -258171 +258242 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `71` -- [CVE-2024-6124](CVE-2024/CVE-2024-61xx/CVE-2024-6124.json) (`2024-07-29T13:15:10.810`) -- [CVE-2024-6881](CVE-2024/CVE-2024-68xx/CVE-2024-6881.json) (`2024-07-29T13:15:10.990`) -- [CVE-2024-7197](CVE-2024/CVE-2024-71xx/CVE-2024-7197.json) (`2024-07-29T12:15:02.320`) -- [CVE-2024-7198](CVE-2024/CVE-2024-71xx/CVE-2024-7198.json) (`2024-07-29T12:15:02.610`) -- [CVE-2024-7199](CVE-2024/CVE-2024-71xx/CVE-2024-7199.json) (`2024-07-29T13:15:11.123`) -- [CVE-2024-7200](CVE-2024/CVE-2024-72xx/CVE-2024-7200.json) (`2024-07-29T13:15:11.400`) +- [CVE-2024-41063](CVE-2024/CVE-2024-410xx/CVE-2024-41063.json) (`2024-07-29T15:15:14.243`) +- [CVE-2024-41064](CVE-2024/CVE-2024-410xx/CVE-2024-41064.json) (`2024-07-29T15:15:14.330`) +- [CVE-2024-41065](CVE-2024/CVE-2024-410xx/CVE-2024-41065.json) (`2024-07-29T15:15:14.410`) +- [CVE-2024-41066](CVE-2024/CVE-2024-410xx/CVE-2024-41066.json) (`2024-07-29T15:15:14.480`) +- [CVE-2024-41067](CVE-2024/CVE-2024-410xx/CVE-2024-41067.json) (`2024-07-29T15:15:14.560`) +- [CVE-2024-41068](CVE-2024/CVE-2024-410xx/CVE-2024-41068.json) (`2024-07-29T15:15:14.630`) +- [CVE-2024-41069](CVE-2024/CVE-2024-410xx/CVE-2024-41069.json) (`2024-07-29T15:15:14.713`) +- [CVE-2024-41070](CVE-2024/CVE-2024-410xx/CVE-2024-41070.json) (`2024-07-29T15:15:14.787`) +- [CVE-2024-41071](CVE-2024/CVE-2024-410xx/CVE-2024-41071.json) (`2024-07-29T15:15:14.863`) +- [CVE-2024-41072](CVE-2024/CVE-2024-410xx/CVE-2024-41072.json) (`2024-07-29T15:15:14.937`) +- [CVE-2024-41073](CVE-2024/CVE-2024-410xx/CVE-2024-41073.json) (`2024-07-29T15:15:15.020`) +- [CVE-2024-41074](CVE-2024/CVE-2024-410xx/CVE-2024-41074.json) (`2024-07-29T15:15:15.097`) +- [CVE-2024-41075](CVE-2024/CVE-2024-410xx/CVE-2024-41075.json) (`2024-07-29T15:15:15.163`) +- [CVE-2024-41076](CVE-2024/CVE-2024-410xx/CVE-2024-41076.json) (`2024-07-29T15:15:15.237`) +- [CVE-2024-41077](CVE-2024/CVE-2024-410xx/CVE-2024-41077.json) (`2024-07-29T15:15:15.303`) +- [CVE-2024-41078](CVE-2024/CVE-2024-410xx/CVE-2024-41078.json) (`2024-07-29T15:15:15.380`) +- [CVE-2024-41079](CVE-2024/CVE-2024-410xx/CVE-2024-41079.json) (`2024-07-29T15:15:15.457`) +- [CVE-2024-41080](CVE-2024/CVE-2024-410xx/CVE-2024-41080.json) (`2024-07-29T15:15:15.523`) +- [CVE-2024-41081](CVE-2024/CVE-2024-410xx/CVE-2024-41081.json) (`2024-07-29T15:15:15.593`) +- [CVE-2024-41082](CVE-2024/CVE-2024-410xx/CVE-2024-41082.json) (`2024-07-29T15:15:15.670`) +- [CVE-2024-41671](CVE-2024/CVE-2024-416xx/CVE-2024-41671.json) (`2024-07-29T15:15:15.760`) +- [CVE-2024-41676](CVE-2024/CVE-2024-416xx/CVE-2024-41676.json) (`2024-07-29T15:15:16.040`) +- [CVE-2024-41799](CVE-2024/CVE-2024-417xx/CVE-2024-41799.json) (`2024-07-29T15:15:16.267`) +- [CVE-2024-6576](CVE-2024/CVE-2024-65xx/CVE-2024-6576.json) (`2024-07-29T14:15:04.190`) +- [CVE-2024-6984](CVE-2024/CVE-2024-69xx/CVE-2024-6984.json) (`2024-07-29T14:15:04.477`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `159` -- [CVE-2024-26905](CVE-2024/CVE-2024-269xx/CVE-2024-26905.json) (`2024-07-29T13:15:10.593`) -- [CVE-2024-7196](CVE-2024/CVE-2024-71xx/CVE-2024-7196.json) (`2024-07-29T11:15:10.503`) +- [CVE-2024-7178](CVE-2024/CVE-2024-71xx/CVE-2024-7178.json) (`2024-07-29T14:12:08.783`) +- [CVE-2024-7179](CVE-2024/CVE-2024-71xx/CVE-2024-7179.json) (`2024-07-29T14:12:08.783`) +- [CVE-2024-7180](CVE-2024/CVE-2024-71xx/CVE-2024-7180.json) (`2024-07-29T14:12:08.783`) +- [CVE-2024-7181](CVE-2024/CVE-2024-71xx/CVE-2024-7181.json) (`2024-07-29T14:12:08.783`) +- [CVE-2024-7182](CVE-2024/CVE-2024-71xx/CVE-2024-7182.json) (`2024-07-29T14:12:08.783`) +- [CVE-2024-7183](CVE-2024/CVE-2024-71xx/CVE-2024-7183.json) (`2024-07-29T14:12:08.783`) +- [CVE-2024-7184](CVE-2024/CVE-2024-71xx/CVE-2024-7184.json) (`2024-07-29T14:12:08.783`) +- [CVE-2024-7185](CVE-2024/CVE-2024-71xx/CVE-2024-7185.json) (`2024-07-29T14:12:08.783`) +- [CVE-2024-7186](CVE-2024/CVE-2024-71xx/CVE-2024-7186.json) (`2024-07-29T14:12:08.783`) +- [CVE-2024-7187](CVE-2024/CVE-2024-71xx/CVE-2024-7187.json) (`2024-07-29T14:12:08.783`) +- [CVE-2024-7188](CVE-2024/CVE-2024-71xx/CVE-2024-7188.json) (`2024-07-29T14:12:08.783`) +- [CVE-2024-7189](CVE-2024/CVE-2024-71xx/CVE-2024-7189.json) (`2024-07-29T14:12:08.783`) +- [CVE-2024-7190](CVE-2024/CVE-2024-71xx/CVE-2024-7190.json) (`2024-07-29T14:12:08.783`) +- [CVE-2024-7191](CVE-2024/CVE-2024-71xx/CVE-2024-7191.json) (`2024-07-29T14:12:08.783`) +- [CVE-2024-7192](CVE-2024/CVE-2024-71xx/CVE-2024-7192.json) (`2024-07-29T14:12:08.783`) +- [CVE-2024-7193](CVE-2024/CVE-2024-71xx/CVE-2024-7193.json) (`2024-07-29T14:12:08.783`) +- [CVE-2024-7194](CVE-2024/CVE-2024-71xx/CVE-2024-7194.json) (`2024-07-29T14:12:08.783`) +- [CVE-2024-7195](CVE-2024/CVE-2024-71xx/CVE-2024-7195.json) (`2024-07-29T14:12:08.783`) +- [CVE-2024-7196](CVE-2024/CVE-2024-71xx/CVE-2024-7196.json) (`2024-07-29T14:12:08.783`) +- [CVE-2024-7197](CVE-2024/CVE-2024-71xx/CVE-2024-7197.json) (`2024-07-29T14:12:08.783`) +- [CVE-2024-7198](CVE-2024/CVE-2024-71xx/CVE-2024-7198.json) (`2024-07-29T14:12:08.783`) +- [CVE-2024-7199](CVE-2024/CVE-2024-71xx/CVE-2024-7199.json) (`2024-07-29T14:12:08.783`) +- [CVE-2024-7200](CVE-2024/CVE-2024-72xx/CVE-2024-7200.json) (`2024-07-29T14:12:08.783`) +- [CVE-2024-7201](CVE-2024/CVE-2024-72xx/CVE-2024-7201.json) (`2024-07-29T14:12:08.783`) +- [CVE-2024-7202](CVE-2024/CVE-2024-72xx/CVE-2024-7202.json) (`2024-07-29T14:12:08.783`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 575423bd256..bb7d07ac22f 100644 --- a/_state.csv +++ b/_state.csv @@ -237371,7 +237371,7 @@ CVE-2023-50692,0,0,6348689bc92a3d7d2b93f4ab7cffabad0f40b97f51e9c86bf7ce40c57b840 CVE-2023-50693,0,0,dd08939e4ce32c03f59f04532580821ca5b697adc34a251e1c45db564373a664,2024-03-05T21:15:07.367000 CVE-2023-50694,0,0,78b1aa0914931a0876815df8adb1c998b4fa38e7b62d7363c774f0a97cabce80,2024-03-21T02:49:58.640000 CVE-2023-5070,0,0,9fb6a723c8279931601cd42b57dae05abcb788776665c70d867d5b3fe8e04ffe,2023-11-07T04:23:25.600000 -CVE-2023-50700,0,0,d1a5fa63c1100d62a5873085c943b942ea0f0a96aa3b1619608f7531039c0ad7,2024-07-26T17:15:10.803000 +CVE-2023-50700,0,1,8f9230002bc634370949151b2412d5f3e0a61f7268c269b9067d411e2e96d111,2024-07-29T14:12:08.783000 CVE-2023-50702,0,0,aabbc77a2d305beae7af1d1ea3729a356ffb437e099440502361eda2d189553a,2024-03-27T12:29:30.307000 CVE-2023-50703,0,0,5412fe627eb96f0f79abae297ed08738bff2931ef5956788ab3e3239f68219e5,2023-12-29T16:32:32.477000 CVE-2023-50704,0,0,d49cda3dff4ba1c0ede49172a75175738fe4d5075a250a9b7bfefb732a3e26ef,2023-12-29T16:31:20.133000 @@ -242441,13 +242441,13 @@ CVE-2024-1794,0,0,40da0cc463ac5fc4902001ace2561b684a562ea2a12f72533f59f289fe0586 CVE-2024-1795,0,0,d5d165902ce8409982715be66577d28d51d22ea46335ac541aa9912164e0316e,2024-03-15T12:53:06.423000 CVE-2024-1796,0,0,5301c3d7e9f365e1b5a5f5e299ba2d113b1c33fee6b3306d129a1acabe5fdb8b,2024-03-15T12:53:06.423000 CVE-2024-1797,0,0,39f91857b2b1be64a82720d73863309c3dc5b27441bea6e624c8312a22cc243f,2024-05-02T18:00:37.360000 -CVE-2024-1798,0,0,782fe49cf480d28103c31bc32a24dc1d504ecad885cf8eeef41a58e0b97d8d65,2024-07-27T02:15:09.800000 +CVE-2024-1798,0,1,9bcd6bb11b64f19fa2370a6b70362b9ffba5d94a660d2bcda5aea36381fd10a3,2024-07-29T14:12:08.783000 CVE-2024-1799,0,0,d8756bba8b4cdd006404bc895ba68b60db86af603abda3f30a56066ebbf50939,2024-03-20T13:00:16.367000 CVE-2024-1800,0,0,f53314859df2ff8acf8c284afd628cdf89b33b507d44df4413be063b7de5889f,2024-03-20T17:18:26.603000 CVE-2024-1801,0,0,22b7a02f8400e6c62f43c0a6ce63e01f389097184cf969a99878bc2375a229fd,2024-03-20T17:18:26.603000 CVE-2024-1802,0,0,eafa2bc95e957b2cc307b2ef3ea8ab2f6ff707f76feb1828d86248a34d07c668,2024-03-08T14:02:57.420000 CVE-2024-1803,0,0,1c557f2ce0a4cd8d54c6792265dcc7db4327322cac90e90129dfd74fb33d96ed,2024-05-24T01:15:30.977000 -CVE-2024-1804,0,0,e91dcdc2a575ffc022192fb89c03d5a372c4d95977f1cbde3673d42961a71e81,2024-07-27T02:15:10.060000 +CVE-2024-1804,0,1,0fa54001643e76c0094720400c7c2964fc3c6661cd185ae48ad4fe06f2dc3464,2024-07-29T14:12:08.783000 CVE-2024-1805,0,0,a59f77fcb7c175f76315db29f7dae82298e2a93dd560b6e6db85c2033c523f41,2024-05-02T18:00:37.360000 CVE-2024-1806,0,0,82e6efa46d251f73a9be3cd03b966fa1cb1b795203d9fde49109d804f438622d,2024-03-13T18:15:58.530000 CVE-2024-1807,0,0,78623cd77b077abac19ec44fd2c28d4b51b5a06fa84f1112c2d264189280dc5a,2024-04-02T12:50:42.233000 @@ -245393,7 +245393,7 @@ CVE-2024-2425,0,0,5244503cb81f1535e5c26158f97c8ff5a0be1d108c008e859e8897a136ecd7 CVE-2024-24254,0,0,aa3e1e0113c1afb51d7c9ea40615c9f0ca117924787150a26ed63a73b49e27db,2024-02-15T18:46:57.737000 CVE-2024-24255,0,0,e76da96580c60a9eda41d1841209285ca4cff39dd4bb1ea645c35657b9851939,2024-02-15T18:46:41.247000 CVE-2024-24256,0,0,fcdfa612c3f1867287942ad18dfc81885197768fb299b50a1e03fe4abbe75856,2024-02-15T14:28:31.380000 -CVE-2024-24257,0,0,18ed26a747ee2ccb808801e335187d1f8376b6bb759fc1155321396a6fec96fe,2024-07-26T17:15:11.173000 +CVE-2024-24257,0,1,ddaf9b4200e0380aa64bd570729dbd5e4944f6ac4dcfbdccc7a665c710f84161,2024-07-29T14:12:08.783000 CVE-2024-24258,0,0,b6889ab8117d84f2b926a30d9ca7e037f41ed41c51b57e24ece8c5f1f0d35cca,2024-02-21T03:15:09.043000 CVE-2024-24259,0,0,27500963c89a35e88885dfebaf6906d578facbf79a9197c97e367a82d6750a09,2024-02-21T03:15:09.110000 CVE-2024-2426,0,0,6e67bd7547823c0951b38b7ed025ecb6861ed3d2534fad1723b99007466f0b1c,2024-03-26T12:55:05.010000 @@ -246857,7 +246857,7 @@ CVE-2024-26504,0,0,666faf787e5dc390b263f6f43b439704bacedd4c95ae744503624ba007956 CVE-2024-26507,0,0,64f088a446d983fef0e9e5fe7e57b9067d595ae9ecbc4c9f4bac89b612f6dadc,2024-07-03T01:49:41.820000 CVE-2024-2651,0,0,bd146bedf6ebe2167b2a748a6767423198ce44fb77df6650381302c98af6fd86,2024-05-14T16:13:02.773000 CVE-2024-26517,0,0,26d33e1785f323f6a59cabe443b6ac20ef93d37ea417fa08778ea549f200621f,2024-05-14T16:13:02.773000 -CVE-2024-26520,0,0,2e8b8f31c930961addb2eb2d4dbd407df65c0a21c2f9be7dab545ed71cac96b6,2024-07-26T17:15:11.507000 +CVE-2024-26520,0,1,2b9d901fe7af634fe3c575441f9fb1d24f7a6395b493e025ccdfa3ea9c640027,2024-07-29T14:12:08.783000 CVE-2024-26521,0,0,7985e5a46b5dbb7cac5d9bc8fb1bd033c53432230144c1b88c935a11b26cd32a,2024-03-12T12:40:13.500000 CVE-2024-26529,0,0,bd6cd552c022306ecb15ba77a51e2bdce3a9e1417338a63b92cda08b02e6c1ab,2024-03-13T12:33:51.697000 CVE-2024-2653,0,0,b3409d37c73c6e84286baa910f6042b0e4464dede287f82c98b61b036f897600,2024-05-01T18:15:19.257000 @@ -247232,7 +247232,7 @@ CVE-2024-26901,0,0,4c27993bf8d1dfe00c9026a706ec5894a76459a9b2a1283a4abf08daea3e0 CVE-2024-26902,0,0,403873851c7a77c4d64db8c4cfe6f949278cfad5955974b2e8c40aba88e60bd6,2024-04-29T19:40:05.897000 CVE-2024-26903,0,0,02f8db8e283ea09bbfc4f021b4a46017f09af264e6504d48377e1408e0255de9,2024-06-27T12:15:22.637000 CVE-2024-26904,0,0,465375d12896d369ba32f0f5a9c1b1a82fd461e229bd66d68713d6d3b21eb08e,2024-05-21T07:15:08.260000 -CVE-2024-26905,0,1,3a7eec9b90564e2a68e23468690a383dcd20d922935be237a30b806b26ccb711,2024-07-29T13:15:10.593000 +CVE-2024-26905,0,0,3a7eec9b90564e2a68e23468690a383dcd20d922935be237a30b806b26ccb711,2024-07-29T13:15:10.593000 CVE-2024-26906,0,0,42532862975f8bdf6c218bb08e8c76f0bdeb5f292a8c20c2de1b8755512c9a2b,2024-06-25T22:15:25.877000 CVE-2024-26907,0,0,00d718a412070a4297719ea0fb3f7b55969fac373e166e4b352e4dbc743daf28,2024-06-25T22:15:25.960000 CVE-2024-26908,0,0,5ecc683879bcc08f4a65e6b0675afebd2da7cfed4f9fada740f88a540c7f8b1e,2024-04-30T08:15:17.140000 @@ -247675,8 +247675,8 @@ CVE-2024-27353,0,0,cbcb4ed0cb0d6b5421bdc80855b33d7fe1407fb7f951e4769d290990900af CVE-2024-27354,0,0,6669ef56de2629d6bd7a6c54cb75c8f6e454c14fc2065829ff46305d945b1196,2024-03-21T02:52:19.927000 CVE-2024-27355,0,0,cbfd71f3fb28d8933e5fd0b89a2619127b39a508cc85ac5bc00d2b3fcc2d06dd,2024-03-21T02:52:19.970000 CVE-2024-27356,0,0,749ec2d4b1e51d4aafe83652bc0802a299a54d3561d4847f2c289cb0919b6c2e,2024-02-27T14:20:06.637000 -CVE-2024-27357,0,0,f153e366e5f22bba13648a73a9e1d0766d70f4fe1ae98dfae3539e68bea8504e,2024-07-26T17:15:11.580000 -CVE-2024-27358,0,0,c6f05a12984d0b3095da6b6c5923490ab56b29a155188393a6caeac7a0b6e386,2024-07-26T17:15:11.650000 +CVE-2024-27357,0,1,a56d40dbcc06930b546fae3b6f5242db2c9be7a1d9398632446132966ded87c2,2024-07-29T14:12:08.783000 +CVE-2024-27358,0,1,5e34f9802b6658af7911918b28409df8cc6ee23a8e8f5cc0b36cd181238f67f8,2024-07-29T14:12:08.783000 CVE-2024-27359,0,0,3ef57b8299026e901c7562e8bbf9bafac98cc1976d3917e5c32880417a0a2746,2024-02-26T16:32:25.577000 CVE-2024-2736,0,0,0ddab351a075258184e9da71bec86e9fd25b36338827c4a540a6ed9379b0bd6e,2024-04-10T13:23:38.787000 CVE-2024-27360,0,0,33246297884723d4ff8bb58853158d18ca6235582cb6c304b20ea59c674486c8,2024-07-12T14:57:53.930000 @@ -251206,7 +251206,7 @@ CVE-2024-32664,0,0,7b65453ace3efd93d2cd0a4f397cf5413b4c9e5ae106db66ef45b39a143d4 CVE-2024-32669,0,0,1c249494e22e7c275a812095677f2945379060d0cae4bdfd8500bbbde31f40b7,2024-05-14T16:12:23.490000 CVE-2024-3267,0,0,940010b55b9a616638f110687c77a6c496dcf0d2dfd170d1aa59ab5c8e848149,2024-04-10T13:23:38.787000 CVE-2024-32670,0,0,11e459444671f45b9f26d0cdaea8328e4da91a68f683a4e2c21fd5a0bc52f597,2024-07-11T13:05:54.930000 -CVE-2024-32671,0,0,b7d08c68ea5e7f4b463840cc63cd9d27f0f73c9365aeb0ada5915e560d45b535,2024-07-29T03:15:02.017000 +CVE-2024-32671,0,1,6a813a16be23f5f1d38aab16f1ea83feab7085f490ba24d04e87e7caf4f0848c,2024-07-29T14:12:08.783000 CVE-2024-32672,0,0,ee29fc695f581fb34ab7bf98446e86972f27b7ccbb3dc78cde6e814c3b7d95d3,2024-05-14T16:12:23.490000 CVE-2024-32673,0,0,c9f67d54777fc1d6a602ef9ed03e4f5b3605cc09e4b1087225be42a1b82669fa,2024-07-03T12:53:24.977000 CVE-2024-32674,0,0,8e274e9762e7b32d105911c76fa84ee156bae08969022295a61c40a0ca8ab4bf,2024-07-03T01:56:55.253000 @@ -251964,7 +251964,7 @@ CVE-2024-33891,0,0,1989e665b70cca966ca59362172b98f189cf8e652408c4337ef1f2abce159 CVE-2024-33898,0,0,d6695d3ccd92f52391ad90d65a3e841923695096543d5d9ab620656abbd894ba,2024-06-25T12:24:17.873000 CVE-2024-33899,0,0,215d012a0aeed617e9223e785f340f85e2514c39cf4a2326738c4b3613b1edd0,2024-07-03T01:59:09.200000 CVE-2024-33900,0,0,03828701299297702ee936c4723ae70794f1d4664c7ca2f0322872e9a7b4d7d4,2024-07-03T01:59:09.967000 -CVE-2024-33901,0,0,a35cc64cf5170ec8466d8f38d686cfa83706ea372b68f67d37e58636631502cb,2024-05-21T17:15:09.143000 +CVE-2024-33901,0,1,9827d4735b2592145eef3cf8dae1b0bd249439d4eeb4bd26158617553ad4a519,2024-07-29T15:15:10.533000 CVE-2024-33903,0,0,66fa6f18457541069e9742d7224c491d6b0a223ce231b54f3cf8ba6c6e111733,2024-04-29T12:42:03.667000 CVE-2024-33904,0,0,649f4e21e4e6e1bd169137db7a1546844fc67399c9649d4ffcd3b89ea6d1e17d,2024-04-29T12:42:03.667000 CVE-2024-33905,0,0,8733ae06a94637e7c1c0ff0f997c7e4ea1263aeaf349b0ccb59c2d115d8380be,2024-07-03T01:59:10.763000 @@ -253973,7 +253973,7 @@ CVE-2024-3703,0,0,bd96f9d277c687f2c8df474724f359223698fb8a762e1288e006520ebff94d CVE-2024-37030,0,0,229fd4bf632e5359976e983ea5a913e4683537817839ea114ee982b3925f6596,2024-07-03T18:02:36.730000 CVE-2024-37031,0,0,82ddf62a2a657c3d311c62178fe12d95bbdde7904d2439de7382b7f0bb38049e,2024-06-03T14:46:24.250000 CVE-2024-37032,0,0,beeaa82ce4e7adb7aae5c7f769a38fdec94afd87f3fb4ab76e8b43cd58eb538b,2024-07-15T22:15:02.747000 -CVE-2024-37034,0,0,d1fddc1f49c136db902b5006975560de9b46b20beaf55a322049f9d9e081ba74,2024-07-26T22:15:03.853000 +CVE-2024-37034,0,1,0357ab081e11293bd72dbc4103810e7806ba7fe9f0a68db6cb8ae8de5954712f,2024-07-29T14:12:08.783000 CVE-2024-37036,0,0,2b54af7dc068612b23a8155f4d9bf9df74610908e0974df8f03646c9dd55441d,2024-06-13T18:36:09.010000 CVE-2024-37037,0,0,2437fc027a38caf4d1fff40b3a10b943bdb8be9b58eab07857b1bc1c0eca008e,2024-07-25T20:25:41.760000 CVE-2024-37038,0,0,b6a592cdbbef388e98cb8a181a98f43993dd04af5a29282f5a8621e285e63d4d,2024-07-25T20:25:10.287000 @@ -254220,7 +254220,7 @@ CVE-2024-37370,0,0,8a7076b3e8e134b661d21db6f90c7a50b93b1e481cf692861b0a2c3450767 CVE-2024-37371,0,0,70d55bf05c2eee0a9f3b94ddc604e302a9c39f7d842ab9266b20a4c2d600c9ba,2024-07-01T12:37:24.220000 CVE-2024-3738,0,0,cebdf6c67207ccd8240919e9596b8485c51e6607a12a8dcdfff13f6ddbdbfe32,2024-05-17T02:40:05.977000 CVE-2024-37380,0,0,4ce1330fb679655262ab3b818cd133f9eef1b7c4341268f445fa1434d34f9951,2024-07-24T12:55:13.223000 -CVE-2024-37381,0,0,01fcad08baf608c8c6c5a6aaff0e96954a2f5621890d5663fb47ead7c68f4646,2024-07-29T06:15:01.827000 +CVE-2024-37381,0,1,eb91c8ef2677fdc20583be45eb54d07c84181c898fa3479e8f2af52959e90f62,2024-07-29T14:12:08.783000 CVE-2024-37383,0,0,3a9597c771ab199850aaeee94068cbc0182ff2bfcefd23d631ce0d7808f3745f,2024-07-03T02:04:16.250000 CVE-2024-37384,0,0,4ede7c4b4e1e1de259445d49ca3b43a6d0a75b7dcaf1ea245b8f6306c1e67bb9,2024-07-03T02:04:17.060000 CVE-2024-37385,0,0,1af5dbf4fe496116fcfe8797458a2e9292fd2ddec99a563e5137c9d207fb12bc,2024-06-07T14:56:05.647000 @@ -254491,6 +254491,7 @@ CVE-2024-37902,0,0,914ec46cc1273d7c21c7b2dab73f39d6c3f01e86944529e46279ac98efc57 CVE-2024-37903,0,0,886576036d4d085b682af52548aacb4c341112369e14bf61e8ca80c2c202d58c,2024-07-08T15:49:22.437000 CVE-2024-37904,0,0,4a1838bfa872e93babcec91edc2a58b1f777ff60512a3a43aa04f02c821270dc,2024-06-20T12:44:01.637000 CVE-2024-37905,0,0,76667799c8b41a4c84b1440977b5297bf4074f7f71d64c5e6ed0abc93aad04a6,2024-07-01T12:37:24.220000 +CVE-2024-37906,1,1,b4f3ae150a0a17b637da6ab81aef4963930e15e3c3eab50cf669ebd7f26230c4,2024-07-29T15:15:10.747000 CVE-2024-3791,0,0,767a003f920bfca311025815b56da50ca1604fe6f1547763faa14f2481b1f8a4,2024-05-14T16:11:39.510000 CVE-2024-37918,0,0,6673dbc8a8909fcbe3d7fcf2914a8f9e3012ce2a80753d8813e12c06150aec25,2024-07-22T13:00:31.330000 CVE-2024-37919,0,0,c8769a1d0c82ad0e3a52e5fc9303605bebd5a9d75185a0d263d89b0fda4b5a49,2024-07-22T13:00:31.330000 @@ -254792,12 +254793,12 @@ CVE-2024-38504,0,0,4c5e9d4e31ce363d990483052f136d892b9e9d476c16b9ba9ffe4f7ab7d68 CVE-2024-38505,0,0,b17f43381c815e52625008a26f98d511f617e1d606d0689fa471d4457a2ae811,2024-06-20T12:44:01.637000 CVE-2024-38506,0,0,6799a88956d863931c42e9aeb0cb9941c5b7b49325fca0458fb0a8b8252d7e5a,2024-06-20T12:44:01.637000 CVE-2024-38507,0,0,c3b5b994c8d108d133a9f6600c980364d8b83f9963a5e8ed82bd4640706691c5,2024-06-20T12:44:01.637000 -CVE-2024-38508,0,0,93fed046f454e7d04a438275b6d52b1fd436dd595d73937941f4f81181ef4336,2024-07-26T20:15:03.597000 -CVE-2024-38509,0,0,1c32d7a665d827232d859e77a131c6a2a7fc7ce031f93b89e2dbb25b410c4bc4,2024-07-26T20:15:03.830000 +CVE-2024-38508,0,1,b55da0d5b22cfe80a20c56246e3dde244a996bc022e93d56134df0b22ec06ac4,2024-07-29T14:12:08.783000 +CVE-2024-38509,0,1,83b96c630c78e968d359efe7db7cb60c248e87070e0f3b151a49d364b7ad17cc,2024-07-29T14:12:08.783000 CVE-2024-3851,0,0,7187c9061cc0262edad622ff69fee4bec57217bd837e5e893e6bd94c3506a5fb,2024-05-16T13:03:05.353000 -CVE-2024-38510,0,0,49925c4c1aadb4341d95eb90cfb6c180717f65908774738ec9add15aea2daa09,2024-07-26T20:15:04.053000 -CVE-2024-38511,0,0,8c9ad35497fd8cd1dde54c7d4702e53e8364d2e1f04d1234e4615d2649fe90ab,2024-07-26T20:15:04.263000 -CVE-2024-38512,0,0,073e1b8c23e49547be431779f730d2620449b89cb8418fe74812c81239fbf9b3,2024-07-26T20:15:04.470000 +CVE-2024-38510,0,1,2af7bc43a2d6f6be8081d0d0438a13a3aa5407658bb61d5b0b2d269b5c7aee02,2024-07-29T14:12:08.783000 +CVE-2024-38511,0,1,d838f0741824237debb451f565b359d8dbe3fcf3ea0dff6defe39e0fd1c1098e,2024-07-29T14:12:08.783000 +CVE-2024-38512,0,1,876d54cc25cc03196a5db78d0b009e167eb92888f3209157443a6e5eaa079df6,2024-07-29T14:12:08.783000 CVE-2024-38513,0,0,1368ed636d2ce5b196281db8def21fabd9a411fc039fddaf211605e85a645693,2024-07-02T12:09:16.907000 CVE-2024-38514,0,0,20901c301d0b800903255c5b44f5dc35cf1b46988f760c885c8c2631fef64104,2024-07-01T12:37:24.220000 CVE-2024-38515,0,0,d3d565d31ea66ca604696e1076ac15c512d3ad24c4382f00e423460072e049fd,2024-06-27T13:16:00.717000 @@ -254814,6 +254815,7 @@ CVE-2024-38525,0,0,c6d09ec2ec4a195ad79165c044ef499ca4961803c76ab9f8203674d54bb83 CVE-2024-38526,0,0,9de1edb82d6bb6115c33dfe170943d78568f85fe7ab5266f92239979ec0b9259,2024-07-24T17:15:10.910000 CVE-2024-38527,0,0,d79f673f66de487942038a941e7146b053a6ddb1c998291462a54ca077215594,2024-06-27T12:47:19.847000 CVE-2024-38528,0,0,abe62c0b36f96b72c42ae3a20756e7dee4cdc68dd98be36932d675c96e479202,2024-07-01T12:37:24.220000 +CVE-2024-38529,1,1,7d485c20687d08b266b55051bff6145a39b0d08291898431ad634a53c251e183,2024-07-29T15:15:10.990000 CVE-2024-3853,0,0,7e352b0debfe2ff1972966571472dc1ad9a92992dff183ce4b7132f5ac558f7a,2024-07-03T02:06:45.877000 CVE-2024-38531,0,0,b56de69adb9e29b508ff804eef5c2919280b3646aaf65838ea0969fdce8b1636,2024-07-01T12:37:24.220000 CVE-2024-38532,0,0,3a3b54122bd6780d32b0357101fa3b70c56bf5cfbd9b29132bcf407b07a6cf4a,2024-07-01T12:37:24.220000 @@ -255030,8 +255032,8 @@ CVE-2024-38857,0,0,857bbf4d5ee889c68ec1450930f0cf323232ab2d5a162824c8153ee668a7e CVE-2024-38867,0,0,4bc8a346a92423127914d7bd932870dc2a7efecb39fecaf6981a89bcdb11978c,2024-07-09T18:19:14.047000 CVE-2024-3887,0,0,7992ee60f5f26d3f15d818db21e67277dbf02ae9d208c24a54e5c01935424c21,2024-05-16T13:03:05.353000 CVE-2024-38870,0,0,4167db09a3d5f0d1fb37f47670f8f4f5bc2492675561171c559ebd86c6b84b27,2024-07-18T12:28:43.707000 -CVE-2024-38871,0,0,7f14007af7ac9c3d1c19b32e69e58e0d3217b4301d228b52f45badd1055705e1,2024-07-26T18:15:03.137000 -CVE-2024-38872,0,0,e40654788e0308f03ac8f1d05dd764d28cb85a11eb7af3ad24527e0096f59feb,2024-07-26T18:15:03.350000 +CVE-2024-38871,0,1,7b8770d00947c719a3dd8fe17f4a1ff79757e750998a4996ef9fa64a87345086,2024-07-29T14:12:08.783000 +CVE-2024-38872,0,1,dbf8cb370f3281d99398aef0cb2a514c7e42473174f976e3fef6fdbb067cca3d,2024-07-29T14:12:08.783000 CVE-2024-38873,0,0,6889a908915a370dc32eb3b9351070cdb3a634a1b8f52aac6863c833e22f79b2,2024-07-03T02:05:21.267000 CVE-2024-38874,0,0,1c1b28247d06b02b2f044fb942d8a6aa89aab3909bc7e48738a346b7a68e1cc9,2024-06-21T11:22:01.687000 CVE-2024-38875,0,0,d18c0c1f05faa02ef048ee622890d874b54f8d91a4409a82414c9856f7ccdec0,2024-07-12T16:11:48.453000 @@ -255180,7 +255182,7 @@ CVE-2024-39298,0,0,ebc8c1ac57b6c8432c32f877ad1093e868a3d2381cb98ee4d7cf51055258a CVE-2024-39301,0,0,72934b8f63bc52924fc16a3afe1a18dbebdfa8998d51203c594a2fbcffcac42e,2024-06-25T18:50:42.040000 CVE-2024-39302,0,0,946c3f23cfe199dda1010c0ea47b1d5e32454ef20b5307dfd8e2dc92485c1baa,2024-07-01T12:37:24.220000 CVE-2024-39303,0,0,a34ed591f51be43b3400c03523a5f8c55eb5097c5f908eacc0a16ec90a0e778f,2024-07-02T12:09:16.907000 -CVE-2024-39304,0,0,4a59fa10429a1cbead456d7c61c84d5cf9b402ca7ecc8874fbf7fa68af7852c0,2024-07-26T18:15:03.557000 +CVE-2024-39304,0,1,b5f772f01b3427664c53f2fa0501efa536f799b20c5d68d0936fe6db6ed2d717,2024-07-29T14:12:08.783000 CVE-2024-39305,0,0,63f56317b3a65afc1e2039e772edc429176693e571707c38de2e052250926788,2024-07-02T12:09:16.907000 CVE-2024-39307,0,0,c6ba32c8ba3cfcd15570f781df2bcad3fc5cb61b722485741dcbdce4f9e733a2,2024-07-01T12:37:24.220000 CVE-2024-39308,0,0,9b87f813f1d0c3d047f0b3cb0fa602208ca4159a3cdabc0e55a7e199b0ded98f,2024-07-08T15:49:22.437000 @@ -255537,8 +255539,8 @@ CVE-2024-4009,0,0,26a6ec4a10b164e2f280e8681d4c21dd6301b3a45dfa2578f28e720f7416c2 CVE-2024-4010,0,0,6f96a951ba4d658f2d216c10726beef3ec3f9c518875bc1c492ed89999ff3fc2,2024-05-15T16:40:19.330000 CVE-2024-4011,0,0,3791d0b8fb3f4c8257f00293727675eba680b52984c90b375af59f25fe8844d5,2024-06-28T13:21:27.280000 CVE-2024-40110,0,0,418f673a852b7bdb4f78ad41a2b0b3f2ec6f2c18daedda80c4124681891eaca1,2024-07-12T19:04:57.907000 -CVE-2024-40116,0,0,3897bf0fbbc6e26da135d5b08ef785c8de9ef8d253977c8a329025f1952653c5,2024-07-26T20:15:04.980000 -CVE-2024-40117,0,0,89142c9c86c3e7b9f2ca067cd635d17c34f075a15ba629e47ff2a390f16ac877,2024-07-26T20:15:05.033000 +CVE-2024-40116,0,1,0c7e7b0568affa3e4410b322c8eab606e8c4772c0e0ee71e9f4e3c64679d6b62,2024-07-29T14:12:08.783000 +CVE-2024-40117,0,1,6cdc5881a232d9fa2e01bff9809c9f6c9461863f050c9260fd506d39de8b6dae,2024-07-29T14:12:08.783000 CVE-2024-40119,0,0,aa3f22f2b45cca59856fa60c50a815719d2780bf42b0db28717c574ce736ba97,2024-07-18T12:28:43.707000 CVE-2024-40129,0,0,ff07d2c16c2d7f391b26147b4d490409bfa9117fc71e9ac1a4c2f99b87b4353c,2024-07-17T13:34:20.520000 CVE-2024-4013,0,0,3586550d51b92b0f462ebc695cf4afe7e9f245d08490f98716812b60f3625af2,2024-06-07T14:56:05.647000 @@ -255594,7 +255596,7 @@ CVE-2024-40422,0,0,2d37092e7db5890d901e271290eadd50cf476f59ec1269ebf05fef9ee8430 CVE-2024-40425,0,0,ed5ea69d78e69de5a03f2dea647d2c038f05f8f6ff89f420995c2c0d1881d668,2024-07-17T13:34:20.520000 CVE-2024-4043,0,0,50e67cd87d2761034ee2e0514a61b1574f18a654fe271a8568be1eaa53e96b2e,2024-05-24T01:15:30.977000 CVE-2024-40430,0,0,a04c0932360e0a6689683af18ba685f481546b7626dfc387e8fcb5f7f41626b2,2024-07-25T17:07:13.977000 -CVE-2024-40433,0,0,6091befcd588b610729fd72d7ee0de2dbf1333c4d4d4fdd1d825d6a281a54090,2024-07-26T22:15:03.943000 +CVE-2024-40433,0,1,929e905496c7cfc529332d7965d7951189bb169a9a0f47b7e1666248b72bbd4e,2024-07-29T14:12:08.783000 CVE-2024-4044,0,0,e5bbe7519a57f32e10b3da751a3cb9112f45a7270ca309aa6997e34b1ffc6b95,2024-05-14T16:11:39.510000 CVE-2024-4045,0,0,2ae0d8f233b2cc7f6d27d9d81b74b74fd6cc2876f88a425dbeb60d35e4802b53,2024-05-28T12:39:42.673000 CVE-2024-40455,0,0,31e25278556a7a569f6d48ca8afce7491b76507f09027ad01ea2eacbbf9dde95,2024-07-17T13:34:20.520000 @@ -255636,6 +255638,7 @@ CVE-2024-4056,0,0,b8d993c32e0d1df4fc3c3b0df01e5b9a4366d92d1a2ad184a020d404aa4458 CVE-2024-40560,0,0,885c8c46bcc9d242b11ff00568640d31e8526b7b94eab8b6f84ddb49fcdedf5c,2024-07-16T13:43:58.773000 CVE-2024-4057,0,0,26b46aa52b04f4ef8890033772544e5e99ad730f84e9e0e97b479cd36cf89ace,2024-07-03T02:07:02.197000 CVE-2024-40575,0,0,267280fd6d1dce9620611aeb1f0d6276db3825fa55e9f5e7fc538f4804a7f026,2024-07-25T17:35:28.913000 +CVE-2024-40576,1,1,e5f490b88ca06a99fd758225b31969b8fa00c69a2e65e09d2c546bd383939dc7,2024-07-29T14:15:03.677000 CVE-2024-4058,0,0,e20d454336ea887bbb54d47433e5560889db558189699560ce98773941e9b99e,2024-06-07T15:40:49.707000 CVE-2024-4059,0,0,c49986e07be30ca2c850f4613369c1702dff21e7018832f61c83284c95e0cc00,2024-05-03T03:16:29.430000 CVE-2024-40594,0,0,5f8b4e7b3001e206c4db42bfb10b66a5767bd1e5041c1bca9998a882526a992d,2024-07-08T15:49:22.437000 @@ -255680,7 +255683,7 @@ CVE-2024-4065,0,0,e9243298c32ccba8ab1ac6d427150517ee98217790d2dec0b1b5ec685d8cbc CVE-2024-4066,0,0,5674d1317b0a03adb324e31f70d35a87031f26ca2ea2869349483359d081bdf7,2024-06-04T19:20:29.323000 CVE-2024-4067,0,0,9e7f1211bf79e7110903241dcc25ab8bd46e04dab02a9e051766a97ad7f670bf,2024-05-22T12:15:10.767000 CVE-2024-4068,0,0,bb45b0f3c24ec800e9c86d4119a908807b555886bbc03073bf2175c668679f63,2024-07-03T02:07:03.943000 -CVE-2024-40689,0,0,3b73dd098ffd10ef808133a0096408e0fdb1675d9dc6022d91f722250157b513,2024-07-26T14:15:02.863000 +CVE-2024-40689,0,1,b737e3a1f88271d05934916a1e9611bb299eb972b578fcd1907e65284f8f8a13,2024-07-29T14:12:08.783000 CVE-2024-4069,0,0,fc5a2986d6746eec6d2dc8871a19fd31bd3dae122b27ac5ac325372fce08edbe,2024-06-04T19:20:29.457000 CVE-2024-40690,0,0,288f59aa1afbad71e8a264760a25606f0765322027457660d06b06f1220570f0,2024-07-12T19:04:57.907000 CVE-2024-4070,0,0,f50441c69b27e00682c793729b411e41b0ab8839510e28fbeccbd72a35bcaeb5,2024-06-04T19:20:29.567000 @@ -255849,35 +255852,98 @@ CVE-2024-41009,0,0,c4729b5cb64b59a8130835040cce4fcac734ad6152593d4547aa0a45482d4 CVE-2024-41010,0,0,ae8d1d1b3ebaab40dc6ac6afde49ce66895bb7f4e7ee92f295ff5ca1fa79b217,2024-07-19T15:24:59.137000 CVE-2024-41011,0,0,4c2c460e7d99f33158a9c285f2b0882c56a6716b8d689bc4bd4c6463e3fba1ea,2024-07-18T12:28:43.707000 CVE-2024-41012,0,0,d7bf6b58a6ff44e671cb5bc351efe42ddfb2e8e00009bebf997b623f0e3128b6,2024-07-29T07:15:05.083000 -CVE-2024-41013,0,0,f3863cba9f57107c61bbb62c34d31cc7b7073ce24e4fc50afa282d8598d930cf,2024-07-29T07:15:05.430000 -CVE-2024-41014,0,0,40b01b095b5a437e757d432f861f0375c7d9a90926b7cad990bad16e4fc2bca5,2024-07-29T07:15:05.810000 -CVE-2024-41015,0,0,e181f3351e8fa0d3d8700179ff37d31fed131f3030c0f5854dcdfa6f29297a39,2024-07-29T07:15:06.033000 -CVE-2024-41016,0,0,2835a7145cb074ced01d97e28966ee08492d39f023160eddaa9b14c66826bf1d,2024-07-29T07:15:06.293000 -CVE-2024-41017,0,0,9b09969ae04bcdba4ca8016986588d81c56641f1f8aabb06391a78ac2664c717,2024-07-29T07:15:06.523000 -CVE-2024-41018,0,0,3e1bf69eaade8b5fc410451e427f08b4caf311f828d669fc02a6bc54fe0027c7,2024-07-29T07:15:06.790000 -CVE-2024-41019,0,0,e372051a5e462f9aec40eb1ee32a809d67ae1cf52d5fb980f3035c6437f088c0,2024-07-29T07:15:07.023000 +CVE-2024-41013,0,1,e60bba3e408ef7ae0e4e783aa0f35051774aa2a8d236b750438ef4fbd7846f74,2024-07-29T14:12:08.783000 +CVE-2024-41014,0,1,705963fa55cb8c9deb35bac026b5f0f3c8c6d9abda445da5a02c7d95e767c33f,2024-07-29T14:12:08.783000 +CVE-2024-41015,0,1,91a1e3d42b94aa1fa04960f80c1d9c387f924861296d16a8769f7bf7292df329,2024-07-29T14:12:08.783000 +CVE-2024-41016,0,1,7244f30c6a781c72ae92517d5eebf5d0608c3272c73ceab48039cc15b0f7d22d,2024-07-29T14:12:08.783000 +CVE-2024-41017,0,1,44160d90778a18bd4719a1ac1a7168efa9f1878a84217fdfb904c56d9455d105,2024-07-29T14:12:08.783000 +CVE-2024-41018,0,1,d4686c4125645eddd30834870d11d003b93b0eb7cd35144f063aba8a093303ae,2024-07-29T14:12:08.783000 +CVE-2024-41019,0,1,250099f61de5b09d0ebec4af736d18492b0d2d580ebdd5742cde1f5131cfd721,2024-07-29T14:12:08.783000 CVE-2024-4102,0,0,1b0aaa7efbf772a3034d5138f2cde018af6a8f41a0229b0c5f36e4d66092a2a3,2024-07-09T18:19:14.047000 +CVE-2024-41020,1,1,a50ff97482307f82d3340f8f9882444e7d65be5d6b058879c9f74011010bb9c4,2024-07-29T14:15:03.773000 +CVE-2024-41021,1,1,461b0fa0da1eda678ac1bc8ed75b9651234b2f046c9d42d589c8c31f712fab7f,2024-07-29T14:15:03.870000 +CVE-2024-41022,1,1,f1f7bb10d7b18bc4f281aafdcddce5e2f80510595add8eef02c9893514c968f8,2024-07-29T14:15:03.943000 +CVE-2024-41023,1,1,8d08911b5e3b3bd9230ecb464f4e745d0d10f0836c075aaacb908f3b4a58f6b2,2024-07-29T15:15:11.200000 +CVE-2024-41024,1,1,f4e669ccd751d34f2276b02ffa24a5ec54bd11d8f2dfd413ff3f6855f9840ba5,2024-07-29T15:15:11.270000 +CVE-2024-41025,1,1,d14b00459f0cddebb3379479d901ce87fa9fe3bf7b562a75dd945324b6cc361c,2024-07-29T15:15:11.343000 +CVE-2024-41026,1,1,b16d9cbc60bc18074fe940a411158635820f41c33870799b6380643ac948cbce,2024-07-29T15:15:11.413000 +CVE-2024-41027,1,1,87356f07161d118da4409c39deb227c653350cb4c645f14c8f62b5c4e456a291,2024-07-29T15:15:11.483000 +CVE-2024-41028,1,1,4a91985d7f74f689f0b69e7502fee9c13458e3a3108fa363b3e9518bc9f8b433,2024-07-29T15:15:11.553000 +CVE-2024-41029,1,1,31b09aa09c2bf267a199af7e840dd456dcb3027466c300eab14c8fb553be84b5,2024-07-29T15:15:11.627000 CVE-2024-4103,0,0,ff27f3988e30e41f465bfc5b7800f7ae2f96b1e2cd71c1414de16617b75fe4fe,2024-05-14T16:11:39.510000 +CVE-2024-41030,1,1,dc64913d4bbc89509a04c6f1f53277876dd24d74b289dcb1c2af730f0f66a990,2024-07-29T15:15:11.697000 +CVE-2024-41031,1,1,6af03e0c019faa005c6ba391dda68bddc86fccd31ad8f8fc1a715fa5bfb56ea2,2024-07-29T15:15:11.770000 +CVE-2024-41032,1,1,c3aa1648bce36719356163dc3f4351c819622e54dd2f54db3dd632451059ea6e,2024-07-29T15:15:11.850000 +CVE-2024-41033,1,1,a88b030b3f61a8047f6d0e5f9805330be2203e52f09db07481bca7305a5982b2,2024-07-29T15:15:11.920000 +CVE-2024-41034,1,1,b09a3947c9077c7f434400a6200ad0fe1a28f7fd0c3440dac3359d86e337e3c3,2024-07-29T15:15:11.990000 +CVE-2024-41035,1,1,9263d202c7cb0444cc6345b9bde88aafa1ef7bedf69cab5342484aa2af9ce120,2024-07-29T15:15:12.077000 +CVE-2024-41036,1,1,01db5d6965d58040252b6b9e1f6facc4747ccc115a052f958ed306df256268fe,2024-07-29T15:15:12.170000 +CVE-2024-41037,1,1,666755ac0e887d61d11965f59ebdda9153378c61a9d9907c257610cc318d6e2e,2024-07-29T15:15:12.240000 +CVE-2024-41038,1,1,a95b12f53e5b01fa11efb6f9f6969f658cad2b48902a7741a3ea9cb9ad23672b,2024-07-29T15:15:12.320000 +CVE-2024-41039,1,1,0ee227d37b630335729a9531ba7e2da89b929ef7e60efa6b9544223223ff4b96,2024-07-29T15:15:12.393000 CVE-2024-4104,0,0,069e7afb1610585640d00d566d3fc4756dff3571ed269cd2ef1d63c8e8ce45e5,2024-05-14T16:11:39.510000 +CVE-2024-41040,1,1,4c7ca113e8f597b232d7d01a2210b856cfd90a57c7cc30f1ed9973e59b421108,2024-07-29T15:15:12.473000 +CVE-2024-41041,1,1,844651cf40e950ca0f25d858d0a35635c0e79d6b21baf01d9ccec3dbeff7abbd,2024-07-29T15:15:12.563000 +CVE-2024-41042,1,1,1b3d7e4605b37f12f1e543f7c031889e1fb58b39b4377d04e4b6ac5837ad07ae,2024-07-29T15:15:12.647000 +CVE-2024-41043,1,1,6e98ddce093e85900300acdfcff65680983e72d04e3966a52f042ddc9a0d7802,2024-07-29T15:15:12.710000 +CVE-2024-41044,1,1,010c3e1c239ee7ebef682e3a2a5c4d4a178618c0aa70b77d3443da84cfdd909f,2024-07-29T15:15:12.783000 +CVE-2024-41045,1,1,eb645e3ece08b7b50964714dc92714d64a2aaa2797c1b7a13a22c4d08df94d58,2024-07-29T15:15:12.873000 +CVE-2024-41046,1,1,bee46df724910f672dc47744671011f3d148f2e29e4ea19e883913ae0f7b48ad,2024-07-29T15:15:12.943000 +CVE-2024-41047,1,1,7493e2c6c9ec4a16645bf74ba4604379a573fb2e4af3ef54b65ad0ed006629a4,2024-07-29T15:15:13.027000 +CVE-2024-41048,1,1,5b84e6ae16a24d34a2ae50d2f489ead2cafbe4de5c299a1086969f6e997094a0,2024-07-29T15:15:13.103000 +CVE-2024-41049,1,1,8b02b300dc26582853d3b45826d937194913dee54e70dfa44b2d9addb3400cc6,2024-07-29T15:15:13.177000 CVE-2024-4105,0,0,5dcbaf8d64f37f58816de0666875f99544dc68f0a9ee2a9bf8d53a5a9c60191e,2024-06-26T12:44:29.693000 +CVE-2024-41050,1,1,398a4cba55944c06896d54021ae2f98aa5369e7b1893d0d6feae4f3e4aefc69e,2024-07-29T15:15:13.260000 +CVE-2024-41051,1,1,a089d1550c2abeab9e1fef18bbc0836b3a4f0bb8908a71614fb2ab6f4d66ef8b,2024-07-29T15:15:13.327000 +CVE-2024-41052,1,1,69414534db22abc2d29319fdd36ebd0c4184683ed4d574ff6f1cc1639e60db83,2024-07-29T15:15:13.407000 +CVE-2024-41053,1,1,5d73a9bcc5631968497e541f8ac174aa396de85fb23704f0308d7eab6e94a1c4,2024-07-29T15:15:13.473000 +CVE-2024-41054,1,1,3ba0aeb9b27191578560c687abab40506c8d4efca9d0d3ee2d43061ffa5035d1,2024-07-29T15:15:13.557000 +CVE-2024-41055,1,1,8e3e94e0fa06798530be66b1cdac266f5eb66b880e527073c750069d1da15e80,2024-07-29T15:15:13.620000 +CVE-2024-41056,1,1,cef58bd0f06b48e23f11cf2ef037e817ec5b5016b56d6b08c8f3fe0745106d14,2024-07-29T15:15:13.703000 +CVE-2024-41057,1,1,2e145c886e3e441ddef632fed669bd450c46e6799d947daba0d0182908ea5f4c,2024-07-29T15:15:13.773000 +CVE-2024-41058,1,1,d70487c92f446b35ff1827baadf7ffd509f56f78f96bd583fc5f82e0de1ec4e6,2024-07-29T15:15:13.847000 +CVE-2024-41059,1,1,3486cc56801c0ac439b12609f6d27ca67163b6d47f068499b01f19be7b8c714a,2024-07-29T15:15:13.927000 CVE-2024-4106,0,0,3fc11eee434aa540a2e37440bd2e3ba6e18faae117022d3f68496d405f62ba7f,2024-06-26T12:44:29.693000 +CVE-2024-41060,1,1,f3e8c69b30f5a8a7edeb75cb5dceceaf775cf39f85de12c81df925ac255d0b83,2024-07-29T15:15:14.030000 +CVE-2024-41061,1,1,8014da99a3b1dfaede19e424bade4d60ddb78e481e92e5b00da7d43fb9df8365,2024-07-29T15:15:14.103000 +CVE-2024-41062,1,1,32c15f5277c3b092cf771e4ef8cf296f54312072ef65f9fd2ef3f1942a671616,2024-07-29T15:15:14.173000 +CVE-2024-41063,1,1,21952fa036d3f06772ec0c3e39eb02bd8019848ec5bfb5067e14eaab2883581c,2024-07-29T15:15:14.243000 +CVE-2024-41064,1,1,7c4451a2b3d61286dab2a04e0b5e0661b9aec81818b0b8fbaed2e4ed04eff8fc,2024-07-29T15:15:14.330000 +CVE-2024-41065,1,1,0abb8d5ab21d920b005f25922b8957b833895a234d465ff9af38c6cbff9a4731,2024-07-29T15:15:14.410000 +CVE-2024-41066,1,1,45f852737ca8eceacb6ea359ed33b7034cceea2ca361e98097b646d457142857,2024-07-29T15:15:14.480000 +CVE-2024-41067,1,1,91a4598c36ab49e1fa021698ff94baa0d1099cf8a70bce269f5cde7a6c148761,2024-07-29T15:15:14.560000 +CVE-2024-41068,1,1,9cbbde67fbddc89a59c5eea6a79e2279bb43097c317f0570a41828cbaac15ab0,2024-07-29T15:15:14.630000 +CVE-2024-41069,1,1,08bffdbf7c3dc2f7d033db583a2a839a8b843c01a3a1fc635e6d175c542df629,2024-07-29T15:15:14.713000 CVE-2024-4107,0,0,ce88498baf95f06d1267d29854f2a9888ac0ddfe7fc00ea3036ccad453e487fa,2024-05-14T16:11:39.510000 -CVE-2024-41090,0,0,78ed623a608e103e3c59c7523733e3ea072241a493ca7aed5554264c7ebaebeb,2024-07-29T07:15:07.287000 -CVE-2024-41091,0,0,39154eee21fc3590cb616807259967af83b8390e8856e93f9fa6e721122c9371,2024-07-29T07:15:07.553000 +CVE-2024-41070,1,1,a1cbf5736d65a45a1e96d2d33349d547556da4989bdbf916445acb06056e94ad,2024-07-29T15:15:14.787000 +CVE-2024-41071,1,1,4d03ca1eeebffe90525eaf866a620c26b3fec69c08f3257a1e60b1ee85bd724e,2024-07-29T15:15:14.863000 +CVE-2024-41072,1,1,d295756b783665276349c6095e554b37776405a28c58d6be64c3c94c391ac1b5,2024-07-29T15:15:14.937000 +CVE-2024-41073,1,1,993386b62f4056baf0a22c2e583476638af0385b92bffa2ea7559ee1606868c1,2024-07-29T15:15:15.020000 +CVE-2024-41074,1,1,9fd232dd143eb719f9fcd0eb6fc2e3b3e9f9e048d53959db02ba0b2d28e14607,2024-07-29T15:15:15.097000 +CVE-2024-41075,1,1,30f49bc9b34e1b0f3cff692fd982bc2d29459776118a6b889a5ef12a8666394e,2024-07-29T15:15:15.163000 +CVE-2024-41076,1,1,4f80570830009aec49129d64398ecaa3c53fdfcfc068bd9837f21122e0cf3f9b,2024-07-29T15:15:15.237000 +CVE-2024-41077,1,1,8b40856685944cd4988e7c994a56d5990419bb2450963e37777fbd4ae3c6aede,2024-07-29T15:15:15.303000 +CVE-2024-41078,1,1,5d67c148eb9a95f400f5956a06310892c9d8fdb0c701b0c688d3d68fb0e615f8,2024-07-29T15:15:15.380000 +CVE-2024-41079,1,1,cbbe51db28b86f942a43a121711a40bdc6c01350e02c5f04510c1d314ec457e8,2024-07-29T15:15:15.457000 +CVE-2024-41080,1,1,08829e4ca87d3cc2cc64da820b37ac45a962b0a643b86bc8f4da20f0b763d4d5,2024-07-29T15:15:15.523000 +CVE-2024-41081,1,1,141f989c77afde9379e063c86553afa7b34c8bb3b9cf8080fe6697c6f0d79365,2024-07-29T15:15:15.593000 +CVE-2024-41082,1,1,6408870e91e242dac099582838a4490d75e6b3d9f02925270c249fb574ec94dd,2024-07-29T15:15:15.670000 +CVE-2024-41090,0,1,6fcac80b2a14c2c34689e44731def02717dedfe18dda82ddf5737822dbb56b40,2024-07-29T14:12:08.783000 +CVE-2024-41091,0,1,3fc4e261f19779ac0e56a4e977593baaf33599d021e440beef3dc9dadc5be94c,2024-07-29T14:12:08.783000 CVE-2024-41107,0,0,8900de25677c2ad7075ce083b915bd87b6a95be071804b0852c57c05697761e4,2024-07-19T14:15:06.080000 CVE-2024-4111,0,0,a3e4bcb39778569b3be84e8d38a6497dbc2fc6b5a3693d9cc21532b8df994ada,2024-06-04T19:20:29.827000 CVE-2024-41110,0,0,6ff3558a253c7fb43657a983fdd8f716059d35d04d5c39b9395ecb33c679f6d6,2024-07-25T12:36:39.947000 CVE-2024-41111,0,0,52a25c3214b943235db4ca14cf3f4d1ccd955b2141e1d6abf224fc5c4732905d,2024-07-19T13:01:44.567000 -CVE-2024-41112,0,0,7679d463ed430820bbd5fe4d684fd57e9efd3eccabb6db35d8dd00ed3fd4a839,2024-07-26T20:15:05.237000 -CVE-2024-41113,0,0,8f8a08a4d201f78234f24d2e80aed014c1c64de41861c3dc2c4ec3f1774fd234,2024-07-26T20:15:05.560000 -CVE-2024-41114,0,0,56e02891236a87d1cdd60544a051c27e4044b8d6edb80edfc259d7d4d02f66ea,2024-07-26T21:15:12.813000 -CVE-2024-41115,0,0,acb6cf2e22f8d08951963c1dbf649c442b2116847ad9f0bc16c09cdc799ceaa6,2024-07-26T21:15:13.023000 -CVE-2024-41116,0,0,51b08dfacd6b0c7784853b5413b1f109a9598b8c7d04404a2ea5f03b7e3b4686,2024-07-26T21:15:13.237000 -CVE-2024-41117,0,0,28697f502ec5a8a7ef7e9fce8ca077257c763140ea9b1e36b7a3abf899e2fef5,2024-07-26T21:15:13.443000 -CVE-2024-41118,0,0,ab69375553bab9687e7d4362047360dc040cea62a7946a3e0d5f0ac45bea56f4,2024-07-26T21:15:13.653000 -CVE-2024-41119,0,0,62488ae14bb52a2ab88d6c389eb500d9c5493302d80f91f9d9245dfaac83a465,2024-07-26T21:15:13.867000 +CVE-2024-41112,0,1,c1e2935d5067b6b9e390edcde870b73985efea83b9c457e37019ce21e57e3326,2024-07-29T14:12:08.783000 +CVE-2024-41113,0,1,e72ec79e8d81313d3777b3a6a45fd3886cd1a93c2cd46e25a58ccadfa78f3067,2024-07-29T14:12:08.783000 +CVE-2024-41114,0,1,341acf52f1d7ec70c88816cff5ad46bc6fac383fd70e548f5c17a3f7679cc1aa,2024-07-29T14:12:08.783000 +CVE-2024-41115,0,1,5c7df06039a4fb020b8b2261337da30376c6ba3f932dffb134d449b6b7a9f664,2024-07-29T14:12:08.783000 +CVE-2024-41116,0,1,da4d79232740f2ef5ab2cccb9555f042e4f4d89c1e89450ef2fb0225e58768fe,2024-07-29T14:12:08.783000 +CVE-2024-41117,0,1,0a995bc273aa6490071ba6e91f31bbcdf48199ba6a08dad6e740f0e43f2b6382,2024-07-29T14:12:08.783000 +CVE-2024-41118,0,1,9683d18294aa9aabd055eef3c2d7a0923203fbd566165c7092299ec63df00db3,2024-07-29T14:12:08.783000 +CVE-2024-41119,0,1,19e942fe8df1dbb7d807cde9b2c495b4b6c189ae52fd038aaa5087e875bb3aef,2024-07-29T14:12:08.783000 CVE-2024-4112,0,0,66f333e775e64b1480506fa97b6a827bfd5dac62e9e10520346f3a867cac6cdd,2024-05-17T02:40:15.740000 -CVE-2024-41120,0,0,2d2ea1bfe570c1b4fe7d09da0969a469f928daa7927c03fd4db94af775b34ee0,2024-07-26T21:15:14.070000 +CVE-2024-41120,0,1,0ed280e5886f3b18a658413b7ab958546c8474ecff66306df10159af75fbfb74,2024-07-29T14:12:08.783000 CVE-2024-41121,0,0,91cb53bc29963f11fdf64645513c1c2c3bf3f9456a5f423e3cb1f394f830e271,2024-07-22T13:00:53.287000 CVE-2024-41122,0,0,a6a8383a81cf09c9b153a0323d2516ac8ce416bc61d76a25c8333778bb40d081,2024-07-22T13:00:53.287000 CVE-2024-41124,0,0,545390f2812fb35069d3dbe35e40ac5aea11b2900ce09299ced750b1f5fdfac1,2024-07-22T13:00:53.287000 @@ -255890,9 +255956,9 @@ CVE-2024-41133,0,0,a5a4a3159caddd26c0f915a077a27191a1bfb56c31d18d6814d32ccb9198e CVE-2024-41134,0,0,8fa2334156a39d1ebf7e99e45685034ae3d6b02c155d7c1f1ec7acc21744b79d,2024-07-25T12:36:39.947000 CVE-2024-41135,0,0,66c622d4a15bea76906fc51ad68d43d1d4fd2725282204f137e1bed500fb2fb7,2024-07-25T12:36:39.947000 CVE-2024-41136,0,0,020b11b93feff063252b1869b912101e066c5fabc26a5328aa1d1ff14a3e25e0,2024-07-26T13:22:02.033000 -CVE-2024-41139,0,0,64f5dee7b2554e7c4591201cd1f90856f38818ef633fdc0df3197e870bc65ffc,2024-07-29T09:15:02.563000 +CVE-2024-41139,0,1,c2a251a2d8ce013de552afd9007b026ec32daefafa4c07e9fa41357e3f6a71e5,2024-07-29T14:12:08.783000 CVE-2024-4114,0,0,387f9ca6df27ba000d0f44d990ccd6bb074258bb946c87938379db9652dc0a14,2024-05-17T02:40:15.917000 -CVE-2024-41143,0,0,90b6b330637709750a9782da2f64b8e9e33bddb28d06be1bfcc042cebbc98779,2024-07-29T09:15:02.640000 +CVE-2024-41143,0,1,86895945f47e1361478000a71a2798af8709b921e75a70b1e72755ffb197a147,2024-07-29T14:12:08.783000 CVE-2024-4115,0,0,89bc89df66a101d446d6568b359dec67345256fa579984420e2e2fe7ea4994ac,2024-06-04T19:20:29.937000 CVE-2024-4116,0,0,6ee64e85b69f8f11f599040da371bf02d3a94742e1ecd0f467d9a48f26243458,2024-05-17T02:40:16.110000 CVE-2024-4117,0,0,439d2da59fd01a25f254df6698027149837f261eb1a16ba5752d7e62667d1bfc,2024-06-04T19:20:30.043000 @@ -255921,14 +255987,14 @@ CVE-2024-41319,0,0,bfb437b42963b0793282d02b7344fad2f16d4a046fba71ec7cf9211564769 CVE-2024-41320,0,0,c5a875fc50e40098ff2c260c87b7011f6622e714e9083a176560d9c8c9a46cbe,2024-07-24T12:55:13.223000 CVE-2024-4133,0,0,809a3aebbf4e63405fb2f0740c9908f3dfcf1d711b93379e5d465ea9e56d3cba,2024-05-02T18:00:37.360000 CVE-2024-4135,0,0,3adddfced77f8fc8630aec5e175734a40783e3f6b247cb0614a312485a8097a3,2024-05-08T13:15:00.690000 -CVE-2024-41353,0,0,54750c5e4569499a911de3318da8e088d2993f36d63804a6483e463d7bbf8dcd,2024-07-26T17:15:12.457000 -CVE-2024-41354,0,0,a95131d06e3854ea273cae7793f7fb9586163bde0c7b59a8e751b31c88c88275,2024-07-26T17:15:12.513000 -CVE-2024-41355,0,0,c156409bf09a45d25f0a710ec5b831882f88d4579da6b8033e81746055bf5774,2024-07-26T16:15:03.277000 -CVE-2024-41356,0,0,908e97943b9d3b720955cc3e4e0fca842a705eff6efabb4bd05b53df77854d72,2024-07-26T16:15:03.357000 -CVE-2024-41357,0,0,e406848b5b12fe5669062298d4e1d7eaa05802f5c089a2c805f67cda0e099040,2024-07-26T16:15:03.427000 -CVE-2024-41373,0,0,778cdf8c556519d5fa0f9858e8b1c2d8771b65713cb8a295c3c6e29a356a24c1,2024-07-26T17:15:12.573000 -CVE-2024-41374,0,0,254f3a51369b525a0addc0b6825753736c6168eb96b43ce28383cb3cff6e851f,2024-07-26T17:15:12.630000 -CVE-2024-41375,0,0,f960a9806a9c11ad700294b80195f58903c2a066c06d02efa9551a219a53b697,2024-07-26T17:15:12.690000 +CVE-2024-41353,0,1,eb28485e99fc04c940295b4bbc852576f9e5b9cd8b7cacb16c2b69bd16f209c0,2024-07-29T14:12:08.783000 +CVE-2024-41354,0,1,8c1d8828f857362251a5e5a1d0b683ebba2175ebb66cf07329c7de322e1a91cf,2024-07-29T14:12:08.783000 +CVE-2024-41355,0,1,83cb7382de994257ef8bc2bfb010ee73a48daad00fc6a92ec3bd1c6d060bdae2,2024-07-29T14:12:08.783000 +CVE-2024-41356,0,1,19e5d44532aafd45c3cb4bb559cee31000e13301c37bdbd2c3dc980b4d3e621a,2024-07-29T14:12:08.783000 +CVE-2024-41357,0,1,aea6306ad814dad0c7c98e65f37f3102e87c9d8a2d0b0aa98b9f8ccbc56ed967,2024-07-29T14:12:08.783000 +CVE-2024-41373,0,1,faba6aa181e7ed28d6a9264bd5a1c1775023d9c378dfa5b14af5c928feb087ae,2024-07-29T14:12:08.783000 +CVE-2024-41374,0,1,e48c8bb89e17d7481c67f090fac5cec4d814126e32711b1af36e5042c2423e25,2024-07-29T14:12:08.783000 +CVE-2024-41375,0,1,45db50c4764ed49f024ef600eb42e768f30974d4baa4dd8003d1aefff1e58c37,2024-07-29T14:12:08.783000 CVE-2024-4138,0,0,0f7c3171dd014e7915cab9bf533b57ef231d5c30c6ae20f761b745c0767014ec,2024-05-14T19:17:55.627000 CVE-2024-4139,0,0,d53d7324701315788576d545d1c201804fb102fe113eecb6f188d5966156345d,2024-05-14T19:17:55.627000 CVE-2024-4140,0,0,1a159a4a143aac5301b6b2c31977a1ba9c685fc606596154a85964b944248c74,2024-06-10T18:15:36.313000 @@ -255972,9 +256038,9 @@ CVE-2024-41602,0,0,1008bf55cc85541b699d3ce61768b1dcbe9f1fa0beeed1f78306ea877ed05 CVE-2024-41603,0,0,fea24b2a4f5edef8eed4f92099c55619421eb840f7c5615d183c1e7fc6737204,2024-07-22T13:00:53.287000 CVE-2024-4161,0,0,818606f25cf93cd94814d58a9247fa25de635b9142e537f83382fb857b8b71ef,2024-04-25T13:18:13.537000 CVE-2024-4162,0,0,1a4f39929c1df6d420ff35b2d8de51a57c5e5378a57b6e7a1a35abc1b5a3dc57,2024-05-08T13:15:00.690000 -CVE-2024-41628,0,0,31020953ef6de7e0104a79a9286098322fc7dbbf28fce9b1e3c1bc0ec9fa77cd,2024-07-26T21:15:14.303000 +CVE-2024-41628,0,1,5ec8768921bad03bab84b09fc8dfe73d891754e0ae7735ac3fc375a877076401,2024-07-29T14:12:08.783000 CVE-2024-4163,0,0,69022c7df60536fa7bdfb20d2705efebe8d2d6c2c39bf59b2dcb5940921dba2c,2024-07-03T02:07:10.047000 -CVE-2024-41637,0,0,1463da8ce55cf61bc6c37e2dc6f41aafefa1bfbe0f3a3a16be513ffc0c497586,2024-07-29T06:15:02.267000 +CVE-2024-41637,0,1,914ac1a2919f9b0b050b2a6e5abe0136c4e506ec6e973a1399ad1331b2ca31d8,2024-07-29T14:12:08.783000 CVE-2024-4164,0,0,5c582c5408e712b207393008a4bc438580820bad61af8c831d6d320440184b2c,2024-05-17T02:40:17.710000 CVE-2024-4165,0,0,1335796556da8c6a778d77814a8f1d84d8c2dc18b70d9de88815783ed1aa0d77,2024-06-04T19:20:31.500000 CVE-2024-41655,0,0,ef3400d9e58c2cde6c539334829c8042d5ee995783a74a46bd16638786b0b6db,2024-07-24T12:55:13.223000 @@ -255989,8 +256055,10 @@ CVE-2024-41666,0,0,d22b112fe2cbc2407fbf0fec7671b189aa97ad937243b24a856fa8b3a8932 CVE-2024-41667,0,0,d807bfd84f5b74f1e63b53bf5062db02d2089c64840986d53e751cf99f4afa78,2024-07-25T12:36:39.947000 CVE-2024-41668,0,0,d649a2a5c90e957bfc9f2698aae879b13d0f5f730255ef5d13e3e5f57ca747be,2024-07-24T12:55:13.223000 CVE-2024-4167,0,0,a726fa69800dd2a00fe506dc5d29a370681725e72bfe1ac34a8206d50708861e,2024-06-04T19:20:31.593000 -CVE-2024-41670,0,0,996f72e995d69664ab34dbbd85fc02c0043c2bde90c254f11d889789c1ca82a0,2024-07-26T15:15:11.053000 +CVE-2024-41670,0,1,d4de1327e25e7abc39266a562cb92a3c058d45ff783401ce0a66d0266a4c8b41,2024-07-29T14:12:08.783000 +CVE-2024-41671,1,1,642ad1dedc5c9b158c018702b46cdad8eae60a470e29b8af6a2c8a0e65d9837c,2024-07-29T15:15:15.760000 CVE-2024-41672,0,0,22d9ca4e03b108f26bbb384eff42397f3ecb90b1b86b629c7d5509df37cbcfd2,2024-07-25T12:36:39.947000 +CVE-2024-41676,1,1,0d81292eb4bd2f9a53bb087fcc61bfb10dfe8ab620a4ac091ed5053abb9bd171,2024-07-29T15:15:16.040000 CVE-2024-4168,0,0,7f4f833c88738c683a47d814a058bf8a730868170937a9aca799097bc79bf22f,2024-06-04T19:20:31.690000 CVE-2024-41684,0,0,15187a16e3d50aa920a17db9f9940d7239fa5ed873cbc7a8cfd9738753dd0bc2,2024-07-26T12:38:41.683000 CVE-2024-41685,0,0,4f956c9758e7eb71f9f90f7b5468f25ce9be3aedf0fb0f5c33d2639621a5dd4a,2024-07-26T12:38:41.683000 @@ -256001,7 +256069,7 @@ CVE-2024-41689,0,0,e25a894d3c83cbce543b44e8d652d5dc0ac5545adea56f8ed329b98800a6e CVE-2024-4169,0,0,c62ff626929882f5d2c6f5c5b02ad92c379b5b400e34f72b774f8d063efba0f1,2024-06-04T19:20:31.780000 CVE-2024-41690,0,0,b18dad298671eb03eedc4db03bead7013ec614b16f648a4382d81a719b2d2fc8,2024-07-26T12:38:41.683000 CVE-2024-41691,0,0,8445b625b8d8bbb501668875ad0019a23a5b4798b2ca9bb16e1f7ec443c79eb0,2024-07-26T12:38:41.683000 -CVE-2024-41692,0,0,364339748a6a224c205d6feea814dab5015a00ac1afdf2b9f5e3a4748641200f,2024-07-26T13:15:09.947000 +CVE-2024-41692,0,1,0194fb9931aafdb4d2f1b1685143b7b5f004cffb9bb337e8efb40ab4dc65d8ec,2024-07-29T14:12:08.783000 CVE-2024-4170,0,0,62435f89f96f29247c44c5e589e7b97688efd61a202de53db89b1fe5fd4975dc,2024-06-04T19:20:31.883000 CVE-2024-41703,0,0,a85362978996c7d236f30e97fa16c337a7f9d6be679ddc12fca950c1a606cca0,2024-07-25T16:55:48.747000 CVE-2024-41704,0,0,da6c19dec91a04b61d02ede6a13562fab5099a10133c7133c2bc4c7b7733b093,2024-07-25T16:55:24.307000 @@ -256011,24 +256079,25 @@ CVE-2024-41707,0,0,3c5ea333b2404f7e0d9195aa6339fef455f6fa8292255904be4c6dce5c96f CVE-2024-41709,0,0,6713bfc73e81c65bc7923627db30413fcbe413ec587fff89449c3abd86e7e93b,2024-07-25T15:22:06.140000 CVE-2024-4171,0,0,87597e8caa4479ab69c883527c35fc22af72d614757313d16953f50dcfa107c2,2024-06-04T19:20:31.980000 CVE-2024-4172,0,0,ae5cefdd41ee745a5f3463347f20f3f77110439c81ed1ad285dedf4b40da1c57,2024-06-04T19:20:32.077000 -CVE-2024-41726,0,0,88f414969bd3200f6ad1a06603de912af8c9a5c4b5de27c4b2891456308d4dd9,2024-07-29T09:15:02.703000 +CVE-2024-41726,0,1,5d203df137df5c7c028d2640b26e1cb7c09317e0ef803e0b5d0b471759719cc9,2024-07-29T14:12:08.783000 CVE-2024-4173,0,0,47f39f3e8e603eac743ed4815cd724decf015716a2f0d9c17daf4d8fa3affc2d,2024-04-25T23:15:47.240000 CVE-2024-4174,0,0,e168dfb28a2573f66b3120de326c0954bda564c12e3831aed75de7f1338d3089,2024-04-25T13:18:02.660000 CVE-2024-4175,0,0,2f40401bb337bcc37138495e1928fb4d762f69fc829f768d707a278e8a423e1a,2024-04-25T13:18:02.660000 CVE-2024-4176,0,0,2a1e283cc95c7d3d47b09f457f96512613ab4fb1878e9b333c02ce78f75d8385,2024-07-15T16:43:04.163000 CVE-2024-4177,0,0,e1d6d87dc8ef62b0d8de94cfe98a875b1cbd39c3640e8e02d8d5a4e8bb3cca88,2024-06-11T17:53:13.710000 +CVE-2024-41799,1,1,9df8d04da102fc54323e5ee8f4219fb777d3230fd4fa70d805df4c5a4f43cd75,2024-07-29T15:15:16.267000 CVE-2024-4180,0,0,89f84993baa10ab5b41ed58678b5b9e31ff190980a67ee18130266156f7434fc,2024-06-04T16:57:41.053000 CVE-2024-41800,0,0,de10ad962b669cb0e83390124cefb714c566366c680caf05af31d5cbb07531ef,2024-07-26T12:38:41.683000 CVE-2024-41801,0,0,7a4a47d8d4dd1e6f1ffdce276bee976a7b2cf6eead2e5e4570c33554bb7cb103,2024-07-26T12:38:41.683000 -CVE-2024-41805,0,0,3c0ac10ed221b83ae49fa1acd7442eed035719ddcae0f0a73ac4e2fea2344179,2024-07-26T15:15:11.327000 +CVE-2024-41805,0,1,d25981eca346da6da343ee3e5d5d95b55972138683a74ea987fda864ae2895de,2024-07-29T14:12:08.783000 CVE-2024-41806,0,0,538c83928617c702a46380612d20226d3b25d01fddbfea7d5ac18a5a8a9114ce,2024-07-26T12:38:41.683000 CVE-2024-41807,0,0,e86c4e0879be0f622b0de12c8fba430b974ce92b24702bd4e14aaf255cc07969,2024-07-26T16:15:03.593000 CVE-2024-41808,0,0,eee8cfba986a7a6e0e312c331c59644589f8c648c497985f0ce93d189bcf72fd,2024-07-26T12:38:41.683000 CVE-2024-41809,0,0,b0682c8c723c73fc1a0038b3ebbfe70590dc2b09b74a47db560984ce7762a231,2024-07-26T12:38:41.683000 CVE-2024-4181,0,0,318f7b6282445099b873be7e9b6d90d9a8a899d8ebeb5f7676f33b80d9073c4d,2024-05-16T13:03:05.353000 -CVE-2024-41812,0,0,72e03de367442947df70eb890ebc6eb3d5703a91023448c09a49175b3a6f6ea9,2024-07-26T17:15:12.783000 -CVE-2024-41813,0,0,473cd175cc3d2e4776f6c69b35c7c89d44454e8b4cdec7987c900fec982b7760,2024-07-26T17:15:12.990000 -CVE-2024-41815,0,0,af40a3f81d0436c38182488fddbe1695c43ea7520363ee1d4eb7ddfc5e457955,2024-07-26T21:15:14.370000 +CVE-2024-41812,0,1,605ecb75121956b18494e4f351202cd384be9d27e18d4bfd8c3bb9b7ae2660a2,2024-07-29T14:12:08.783000 +CVE-2024-41813,0,1,fe9e6378fcfc8b99f2b48a607bb0a5dba88b4b1c10de034eea904d310b31031b,2024-07-29T14:12:08.783000 +CVE-2024-41815,0,1,ba208e21e1cc4072b07e7947a406e2fc77ed18be9dcff08d15af01e0491d3f24,2024-07-29T14:12:08.783000 CVE-2024-4182,0,0,0d8f83951a03e7673897d4b6402c0de2918a0bc9490e2ea7f1f32823e0e2921f,2024-04-26T12:58:17.720000 CVE-2024-41824,0,0,47989ccb6404b62a8cb0e5c16e1a456b7d013ad0bd3667ac206b0f700dc33163,2024-07-24T12:55:13.223000 CVE-2024-41825,0,0,6aad2331189a4332679fd93c0cdd3f8949299f242c1480d90e032f6f8578050d,2024-07-24T12:55:13.223000 @@ -256042,7 +256111,7 @@ CVE-2024-41839,0,0,5fe8ccf2e82b1dbd1e8f5be23a4b35f149d0ed119de3feeae98a945913864 CVE-2024-4185,0,0,2ebb1e96affd30f65338d1aa453a686ffeaefddcc6c26d6c3c25de17e937fc18,2024-04-30T13:11:16.690000 CVE-2024-4186,0,0,c07cd0df6ca0a9d2dc3c3ba29e1f05004c0a2ac49601b699a13f07e112f9c5ca,2024-05-07T13:39:32.710000 CVE-2024-41880,0,0,2045bc24fb104b692bbe32c5951eb01a25f3639f665062ea76ff47318e893861,2024-07-24T12:55:13.223000 -CVE-2024-41881,0,0,b5402f88b0c46cef5e334380d91d9e96c28f6965e9ee0d73c905b76c007d1742,2024-07-29T09:15:02.773000 +CVE-2024-41881,0,1,dacb56705bd13075a5fc0ecd78dfcda97507df1ba74d6be3b08ddb74fce33a82,2024-07-29T14:12:08.783000 CVE-2024-4190,0,0,937461468fcd73b26e47070e7d0620ac3009210ef2f47e2156f0b87dd1c21bc4,2024-06-13T18:36:09.013000 CVE-2024-41914,0,0,3890dc2e9dfadd1c89a9c37c2efa6249276e0e28c3236b40dae7af311b3a8be5,2024-07-25T17:47:35.247000 CVE-2024-4192,0,0,0768e429bccaed861e82d220deefd437e5feb26a94e95c7a121626318970662c,2024-05-01T13:02:20.750000 @@ -256054,20 +256123,20 @@ CVE-2024-4197,0,0,45da0b07f911473fe59b939894a184bd20b4010bb74cc514ccd6533e9d15c7 CVE-2024-4198,0,0,10694c0c68dfe4c7db6b33a26dfbe4eb44c2b4223bfed9be5285208f068f86b9,2024-04-26T12:58:17.720000 CVE-2024-4199,0,0,fcf36265d6a610d83a178901804339aadd89406ac8a1349d6da6f71c3e13bfe9,2024-05-15T16:40:19.330000 CVE-2024-4200,0,0,4cd240b08c44457e11ab7d0e46f05e7d4edddbc268bf54e61982ff7b6b50f3a4,2024-05-15T18:35:11.453000 -CVE-2024-42007,0,0,6d84e2a9d95a04e8586c8d84a03cf469cc03d2519b9c47d0f96ca65f5ba68740,2024-07-26T19:15:10.917000 +CVE-2024-42007,0,1,aa1494bfd1dd62ef9f320f58e0527e42ae21b7449fffe491126b4c2e2bb9b7d8,2024-07-29T14:12:08.783000 CVE-2024-4201,0,0,ee0badf63a3e9c653031fb01c45e3bab9160ffb251dc5a875d128957347bb089,2024-07-18T19:39:50.667000 CVE-2024-4202,0,0,614a40ef1052d861451b397b9533024f5e9aecccff7f20e945fab06926a9f188,2024-05-15T18:35:11.453000 -CVE-2024-42029,0,0,7624efa481fadca294925d15a56cbfbe32c90de8b83ae40820af25b4ebeb00f5,2024-07-27T04:15:02.760000 +CVE-2024-42029,0,1,29931b636c2ae66b75600148a5e85bac780c147d1383d5e9d6291c676ad4714a,2024-07-29T14:12:08.783000 CVE-2024-4203,0,0,52cf8a9be62388459acdc9c8c655685172127a00eca72ac9344c4d8920cfc78f,2024-05-02T18:00:37.360000 CVE-2024-4204,0,0,862cae0d91d079678d989fc30b77e9abff361be6cebd83fcf5dbeecd5c0be203,2024-05-17T18:36:05.263000 -CVE-2024-42049,0,0,c7d7315748e824c5e8577f30c03ca82c3c97bccfbc34fb2f9d440a8a79086192,2024-07-28T02:15:09.823000 +CVE-2024-42049,0,1,7eba2f57d3a276dbf00d87cabc57490646283a84de730e8212d061f3235507c4,2024-07-29T14:12:08.783000 CVE-2024-4205,0,0,3bc679c8856618cb4acfda15e793a18c79adc1e7d27d459136a04f77802a5775,2024-05-31T13:01:46.727000 -CVE-2024-42050,0,0,069bcb94d92b2ffde631fcb86a8bdcda67ae5d55ac205c0a6f5708f013752202,2024-07-28T03:15:01.767000 -CVE-2024-42051,0,0,bad9dba334e15b5558c45e9e79f249e9028e4ce76f1807fe4771c75cc3bd1670,2024-07-28T03:15:02.033000 -CVE-2024-42052,0,0,f665ee810dccd8da592fe650248815a5f4b838dee88c8934013fa18f8cb2e219,2024-07-28T03:15:02.223000 -CVE-2024-42053,0,0,ab8ba1de76d1d6f71d8f55d55b33a0ba2f2def2faecdc7b266a468894ceca406,2024-07-28T03:15:02.400000 -CVE-2024-42054,0,0,560f9fa97eb1a231d1b4f8d6ad04e2a8721de61fa76eda2b983f48972faac937,2024-07-28T04:15:01.893000 -CVE-2024-42055,0,0,08518701f740fab2c54c86454db3aec4f5fd1f4f4a8499964f137d83c56148e9,2024-07-28T04:15:01.980000 +CVE-2024-42050,0,1,e16fa6d86de2afc9c09f11895649f7cdcdb7693311bb0d40535896269772cdea,2024-07-29T14:12:08.783000 +CVE-2024-42051,0,1,6223ecbf39e4fcec26e73924d18524fb7507b9d732ddd03108c7cbcfe845770a,2024-07-29T14:12:08.783000 +CVE-2024-42052,0,1,af8a8292a6e99512114005b6f9d58ed4fc7c685aefbfc72a703623fe552843f2,2024-07-29T14:12:08.783000 +CVE-2024-42053,0,1,0bd51b2c81d047743bcedc230e7fe8bd32740f85edae45184d65ed8fbe5d905b,2024-07-29T14:12:08.783000 +CVE-2024-42054,0,1,7cefcb5df710c5d52c7b44743e7320cbb773b7864f3adff97191d41734299500,2024-07-29T14:12:08.783000 +CVE-2024-42055,0,1,38832abf63aaabdc907feb9726d6725f630aba764b55549d89c565bd77d3378b,2024-07-29T14:12:08.783000 CVE-2024-4206,0,0,094d5b07d12006961f56a1900b69d613595338528ec5cf7d408eb10d270cfa9f,2024-06-11T10:15:13.553000 CVE-2024-4208,0,0,32e5dd37fcb796c0866341642387d4cc76a1d3ae9362eee8c22ff2c138c94874,2024-05-15T16:40:19.330000 CVE-2024-4209,0,0,73e6ff7069000ef9b882dbeb22ec86d30ab8128c3e8205cf1b4908f467c2faa9,2024-05-14T16:11:39.510000 @@ -256244,7 +256313,7 @@ CVE-2024-4404,0,0,b2ea9ab0ea31a15b40318ebe976f0751d3099071fe47e6a81493f58d308a68 CVE-2024-4405,0,0,45cc63f187ac8ca241b3f6f4ea8115546cfb9789c95e5b84e970d2850f40bb92,2024-05-02T18:00:37.360000 CVE-2024-4406,0,0,4d2edf89174eefb11c1e35948c69459d7b4d6dd1a09c10eb7a0704c1561ef984,2024-05-02T18:00:37.360000 CVE-2024-4409,0,0,ef601ae22761768812ec6eb133885b7a6b08c5417903a944100f49b603e1172f,2024-05-24T13:03:11.993000 -CVE-2024-4410,0,0,6472cdd57e77a030339891c4af1d0428f1c7bfd99f3ca68b19cb6c9006d14d60,2024-07-27T02:15:10.263000 +CVE-2024-4410,0,1,ca43b98286a78ab63b5139b50b93fc074ee9aec4c16e78097aa3514c43622322,2024-07-29T14:12:08.783000 CVE-2024-4411,0,0,9d1b27ccac7555d95c6be5f4488ca4d9772a0570efc26fe6a3f3d131fd0aea06,2024-05-14T16:11:39.510000 CVE-2024-4413,0,0,63e6df043fde5eb9cf937a1f1c34414009dec10f116b4c7a5421dbd8a403038d,2024-05-14T16:11:39.510000 CVE-2024-4417,0,0,9b4dc22c7f1e74f381016fafb921403ecdaeb7b3b80aa5fc2130db180ef5935c,2024-05-14T16:11:39.510000 @@ -256306,7 +256375,7 @@ CVE-2024-4479,0,0,19a5d52fe32f562c79c648f88a021706b773334e3193aa8af739d9d0094fe3 CVE-2024-4480,0,0,f67562e05d6ec09870268aa7f7fb2c1f10d5ffdcd82e1a66baa51eee0cc1551d,2024-06-17T12:42:04.623000 CVE-2024-4481,0,0,c2852db732c7c65c13524ea22e5406663429c55dff3bfe0d5bbffa299f48bbd3,2024-05-14T16:11:39.510000 CVE-2024-4482,0,0,30c719bdf44110f5d77595f668147507c21a010645f412257434e159bd101a38,2024-07-03T18:24:41.627000 -CVE-2024-4483,0,0,89bcd0c34166fcf7585b7b1701f7f1795de252a314df689bf888a86fccb000a3,2024-07-29T06:15:02.357000 +CVE-2024-4483,0,1,7c2f2f414f7785b59ac2c01771e2c432fe1adcacb11caa595e00fa7cf63e85b2,2024-07-29T14:12:08.783000 CVE-2024-4484,0,0,f8c7c7a90ad9fb2504d28a2d6c05b973f8e6ce86f54104c89b314d37b71fcc46,2024-05-24T13:03:05.093000 CVE-2024-4485,0,0,a27e77eb6786137f1ff33a4e5e44b17657a4b120ca60b51b6c6a25a52d6e7411,2024-05-24T13:03:05.093000 CVE-2024-4486,0,0,ae6967e9ce7769ae98c2cf87c0bc0fbb14e19b3005ed8a961bec51e7089d074a,2024-05-24T01:15:30.977000 @@ -256577,7 +256646,7 @@ CVE-2024-4778,0,0,e3020a287fa6ceae8ff9c78434f10af4d17cf4058dd5bf80208c921b6bc68b CVE-2024-4779,0,0,7a9d6158e8d260b03b3581dd37b23bd10d59ba6243714ad236ba79968e8d9b16,2024-05-24T01:15:30.977000 CVE-2024-4780,0,0,4aec24b958d50bff73d14c7bd2f67b2a9793d4893d5ddbdba18f0fb02ea18cc9,2024-07-16T13:43:58.773000 CVE-2024-4783,0,0,413c0436e6758a988a0c847533b21e34b17a9d936626eba8cda1a5d1f87e0181,2024-05-24T01:15:30.977000 -CVE-2024-4786,0,0,b4dbd26f7cb1945bf9272c0938974b06ae6516311e9f9a3727efdd63c78d6ef8,2024-07-26T20:15:05.807000 +CVE-2024-4786,0,1,bbc8c5b9b549878acd4ee1e5896d7add0ba995b55e84e619083dd37cca26f8f1,2024-07-29T14:12:08.783000 CVE-2024-4787,0,0,6e9b8652de9328ef9248746b2fe52f715cb97566c59048ae6277a1aaed304f45,2024-06-20T12:44:01.637000 CVE-2024-4788,0,0,acd4d25f250b666ae8b95ee6f8f49d51b8e36a96fd5390f4584c13d50b924f34,2024-06-06T14:17:35.017000 CVE-2024-4789,0,0,991c3c0809892f7a4ebcc223f96155782fc07af160e30bd64d5fbc63735bec50,2024-05-17T18:35:35.070000 @@ -257004,7 +257073,7 @@ CVE-2024-5281,0,0,060b06867a1a1c8ae3c49fd1bf435135d5f31c9df63d2fac2402a303dd1dca CVE-2024-5282,0,0,0e38a64d94c307cdd25aa8c70504121a3cc6e789cf8bf74fef94d0d9b37394df,2024-07-15T13:00:34.853000 CVE-2024-5283,0,0,158766c6fc63e1521af07a024c96b4a9ea5b7a8f36231f7ef52200c9bb9d7eae,2024-07-15T13:00:34.853000 CVE-2024-5284,0,0,4bfe0f5610c04cde5b0cb2c3dc3ab239b1848149dd6bfd8b564acd2ee160cb2a,2024-07-15T13:00:34.853000 -CVE-2024-5285,0,0,e8f7ea28a01e13485f45d0964d75631c339dee1d815a9e6a26a9c1034538e679,2024-07-29T06:15:02.463000 +CVE-2024-5285,0,1,55fd3b70b1842834adcee0f33651e06dab8ba1655e35fd2291826710e3112270,2024-07-29T14:12:08.783000 CVE-2024-5286,0,0,fc7b78be4389acfb6eeeebdbd1c2b2010558b9a0f60282696859e3db27abfc46,2024-07-15T13:00:34.853000 CVE-2024-5287,0,0,d91964abcbe9a10e4df96379d6411e36555098088be8c568765ee25103481fbe,2024-07-15T13:00:34.853000 CVE-2024-5289,0,0,a02da373ddf627c39a88f09ba37230dcf191b29c84a32613f97fcb834cd9c524,2024-06-28T13:13:36.980000 @@ -257264,7 +257333,7 @@ CVE-2024-5609,0,0,4c03a855f07c8ea18d8e7a70e1e2d3467f32254daea5abf62f130fb919fa93 CVE-2024-5611,0,0,257f707c49e1adeab5f30937de3668453c65dc87c2e8ac71cda38f1fe1bbc4e5,2024-06-17T12:42:04.623000 CVE-2024-5612,0,0,c48d9d85ab6fb6f375c9bae41bb41f013f62cc7d97e523d92c986f223f9ac364,2024-06-07T14:56:05.647000 CVE-2024-5613,0,0,d9550d95a21bd950ae7717d597381d24b04054ec554e6d52d8ed280e70034f18,2024-06-10T02:52:08.267000 -CVE-2024-5614,0,0,276bf27648d5d4f8e4c646cd9cc2d0e5ab60508e776f7b2e910b4ce4f927ffce,2024-07-27T12:15:09.663000 +CVE-2024-5614,0,1,3235a098278ef12466faacc7eb682cba1cb99cc913b9ed567c082bb65c13d254,2024-07-29T14:12:08.783000 CVE-2024-5615,0,0,0b80425a78ce7696e161012e7d95058779d0861d3b6927cc392e7a553c227a9e,2024-06-11T17:55:16.103000 CVE-2024-5616,0,0,5078c1aa917db98652cc6ffd2b310b244194da0fcbabfd9d4ed8ccf7b99de509,2024-07-08T15:49:22.437000 CVE-2024-5618,0,0,ebe36b14a25a2ade3e64c60f6c84014fea87ffe3e6c056e2ec2d4c12a7dbd5bd,2024-07-19T13:01:44.567000 @@ -257308,7 +257377,7 @@ CVE-2024-5664,0,0,c8140580dc5fba46f6fa0e365bb691b18490e120c359f209bcf871e212ff85 CVE-2024-5665,0,0,ee434c76bce552b377f6919bf1c15ee1f70c912b781038fb2d7ab59e3f11029d,2024-06-11T17:47:45.033000 CVE-2024-5666,0,0,97b5f8516d6a83112ace9f54dd19c30ee8d354b5a2cceeea2e9bda093f34ca6c,2024-07-01T12:37:24.220000 CVE-2024-5669,0,0,ddd7772a6277d903bcf1d89da44667af6e9a3df4fd3440e71ca75c5d1aad7a37,2024-07-09T18:19:14.047000 -CVE-2024-5670,0,0,c49c4d906201189e59a26dd74cc670750d45488394df1502148ee3d833c87419,2024-07-29T03:15:02.167000 +CVE-2024-5670,0,1,e086cd448637a314471956eede56ff43db7897b544771c39e00cd0183fd60523,2024-07-29T14:12:08.783000 CVE-2024-5671,0,0,6eae1974e5cd4b5512fcce37ac22f34a170160764d56f46700a3bb82153dc238,2024-06-17T12:42:04.623000 CVE-2024-5672,0,0,ad5d2d4701d4742943be26fd8263f21d3fc9e558b462ac12f17b995fbc4b2ee2,2024-07-05T12:55:51.367000 CVE-2024-5673,0,0,f9aa16fb56b763af05b00632cb48908cf5108948e405353a42c3009f046cba4a,2024-06-11T18:17:10.037000 @@ -257460,8 +257529,8 @@ CVE-2024-5868,0,0,9a8536b47a27c25b7062405f8aad2263147d3121835e9d2d4eb9b37e61c344 CVE-2024-5871,0,0,bfc23a1063e8c2c3d98988ddd8df8ea7002d8802bf04bd4c0c941cb9250f6a3f,2024-06-17T12:42:04.623000 CVE-2024-5873,0,0,5735eb2853c46a5b255fc10b814ec1b6c4f29d136a3521fa8f4d7be256150249,2024-06-12T08:15:51.550000 CVE-2024-5881,0,0,3ae006c5e782ce634c6c6fd24fda313894dca095797874331692050dc97499bf,2024-07-09T18:19:14.047000 -CVE-2024-5882,0,0,54cf41d45cd79d3b39e08bd47f590a63a708c434380f522deb018251c45f47b3,2024-07-29T06:15:02.547000 -CVE-2024-5883,0,0,b845f7dcc53012e04f19c21e4b3c7e7574b7636c513928ad8052b0676664d5e0,2024-07-29T06:15:02.627000 +CVE-2024-5882,0,1,8641497bf3f53e4fba22647265bcf802425247f58cfb7432f44e6bccecc341d5,2024-07-29T14:12:08.783000 +CVE-2024-5883,0,1,6e7a429019d4490ec53539ed9b38a9e0a0428c20d5bb57e358795897567ecef2,2024-07-29T14:12:08.783000 CVE-2024-5885,0,0,4946e96abf9096ba44688feaf0b247be9bc7227d3f0040d31298fc7792a9ccc3,2024-06-27T19:25:12.067000 CVE-2024-5886,0,0,c6e7cb024adb68ffe24a326928e4d7c782b39c0023921bf84bad462101dad3b7,2024-06-20T11:15:56.580000 CVE-2024-5887,0,0,9566859cf83ab696aed1d992c858295b1ee73a5dd4c0fa67df0787b71b1dba0d,2024-07-17T12:15:02.013000 @@ -257512,7 +257581,7 @@ CVE-2024-5964,0,0,d6f5f38a4c6449f04f742ee04a5db3f604bc83ddff32647d9051bd1d156e71 CVE-2024-5965,0,0,9678cf2eb18ba50e506ac9918028ddeb3c443af1b219027dc9d98541cb82736a,2024-06-24T20:00:37.057000 CVE-2024-5966,0,0,554ab96b833511e084a1ba15972a76a5727ada41d1caccbee2c2fb11ec3339d5,2024-06-24T20:00:23.970000 CVE-2024-5967,0,0,c675e381b6c54a17455bb64c66cffebfea8bdbd8774aa5359fba110937f85e27,2024-06-20T12:44:01.637000 -CVE-2024-5969,0,0,4bce38e89141bd32267d977e5315277bb59d3c61b84982c44c2593da2e6610a9,2024-07-27T08:15:01.870000 +CVE-2024-5969,0,1,54d46cadd04c8b436788a5c40941c4acf03c3675c749089b56e7845a318ca37a,2024-07-29T14:12:08.783000 CVE-2024-5970,0,0,e17a8b7d022fd70a35f0b32d2191e09c5597e5e1c83547c2cb361b6d17360bc1,2024-06-20T12:44:01.637000 CVE-2024-5971,0,0,e4f98c6267afcbb4d9afd3329ec44a1a1f7f72e0048e7418d4a554bf5527a469,2024-07-25T21:15:11.560000 CVE-2024-5972,0,0,3700c5b3eb4bcd1d3bafe18b568e7aab0a0471128c3ce92a2f73ba8aa9a9cb4f,2024-06-28T19:15:07.500000 @@ -257624,7 +257693,7 @@ CVE-2024-6120,0,0,887a4e2aeba7d554804c74306237ee98da6982710d9ab44cbcf47e59767187 CVE-2024-6121,0,0,ca3a4df866c04d91a8299ec9d7d3d482d90a57c7a8dc29a6fa55ffef02eccb66,2024-07-24T12:55:13.223000 CVE-2024-6122,0,0,c8077cf11281a520f9cddc1bada37060f1a2aaa357eb2389fb60e2b645640b0c,2024-07-24T12:55:13.223000 CVE-2024-6123,0,0,75695c59d88081a795c134128ddb6cd1415db185318a55dfce97b139d1d4e40d,2024-07-09T18:19:14.047000 -CVE-2024-6124,1,1,cba0e70c7023510c03c6f28d92b9d40d4a2c2abaf407dc8456cece3fe0c636be,2024-07-29T13:15:10.810000 +CVE-2024-6124,0,1,149ab6637d7fedee1645eba8cd0b40d54489c4318ada662e0d25f47ae7f70a2e,2024-07-29T14:12:08.783000 CVE-2024-6125,0,0,dcd2ab56787ddae0f7c175c392cba81a8765f3e4738004aeecc40e1ed002ca73,2024-06-20T12:44:01.637000 CVE-2024-6126,0,0,fe32d1d72ee98dda5ecd99b3a7a2dd6c7f2499fcdf431273ff58d6a25ff8ecce,2024-07-05T12:55:51.367000 CVE-2024-6127,0,0,78b2d5dd67e9c05b32bbe278fa7cdf65d5c6c9d848f18552ef9889ec17d13cda,2024-06-28T10:27:00.920000 @@ -257644,7 +257713,7 @@ CVE-2024-6148,0,0,37dad4439e954b5fda1e7a46b5e258ce35fecc0538d233a4c0c651911f1570 CVE-2024-6149,0,0,395390c0a4a5af6048ec84a02f15cc9b9a14b14eb29f0028558366dc9a6418d3,2024-07-11T13:05:54.930000 CVE-2024-6150,0,0,30b18aa77850d40723cb96c8947a52293009392d2d627d33f4d73aaa85165004,2024-07-11T13:05:54.930000 CVE-2024-6151,0,0,cde1d0f1d46af13ac335bf583d915a9a43a7bc6bfa372676b03728b1f5308a4e,2024-07-11T13:05:54.930000 -CVE-2024-6152,0,0,a21893a02ce7745f2d2ff2f635dc6c4333201c44b543063f92ce75568766d368,2024-07-27T02:15:10.473000 +CVE-2024-6152,0,1,c1506a96f086f74002edf68148148e3e99d50eb834b579ad16316f4c018a0385,2024-07-29T14:12:08.783000 CVE-2024-6153,0,0,aefe9e23b8ed1d87e58382d973bdf0f329fa76bb8df894b701324ee041e253eb,2024-06-21T11:22:01.687000 CVE-2024-6154,0,0,35ebac2e0d0212d63c52f8322328795df9a4917e7e1439a1c42bcda24384133e,2024-06-21T11:22:01.687000 CVE-2024-6160,0,0,ef1a3b3e7f3366ded429b369db1d335204ba1e5aa345b7b6a0087f8051f2471a,2024-06-24T12:57:36.513000 @@ -257783,10 +257852,10 @@ CVE-2024-6349,0,0,427eeb1c49748085f9d6a97a6add4281bc215342d4df9759ae2f609f0d24cf CVE-2024-6353,0,0,3e7ee1ed054bc0661b7c1f2f3de9fe2ed8be61a7a777eee50734c66af6748302,2024-07-12T12:49:07.030000 CVE-2024-6354,0,0,c9410e2fdcd521ee7fa5aea0abe57bbff6ce1153eea9fc9c27ad647524c61c5c,2024-07-03T02:09:53.917000 CVE-2024-6355,0,0,7f4c7fb5a41a7b4cf241f6b370777bf2a8cf0ede73cf75d47093e841c71a69f9,2024-06-27T14:15:16.753000 -CVE-2024-6362,0,0,4dee41b47b73d10d4eba22354921879c4feaf29e561c3dd84888b855b83cd1cc,2024-07-29T06:15:02.700000 +CVE-2024-6362,0,1,bd8d296e51c7aaaf47c9805197161088b4285a5ccd0ad9f0742e2aa71c076bfe,2024-07-29T14:12:08.783000 CVE-2024-6363,0,0,994b1c51b9c796771fbc515a7c8c263a84417d1a8472c73bc862555e8a8b6fdf,2024-07-01T12:37:24.220000 CVE-2024-6365,0,0,4363950e80c53434fcfd5afd5a384a9df5c49d102c20d1b50eb31e33005d9f26,2024-07-09T18:19:14.047000 -CVE-2024-6366,0,0,ec28110fa3f09bba4b114119146ff2b4a3d72063f14c44994ece3d869cf72b37,2024-07-29T06:15:02.790000 +CVE-2024-6366,0,1,398cd9e34795a2457b8aa50bf499b79ad845a5ded7b97dda93620bb06c8aea54,2024-07-29T14:12:08.783000 CVE-2024-6367,0,0,0657e75ca91976d2d4beca477f8339cebb9a03d943acbd557f57c4bf89b57702,2024-06-27T12:47:19.847000 CVE-2024-6368,0,0,e298d701aa6c568232c2a1685979818386124e299e97d71dced43164a82e13ff,2024-06-27T18:15:21.083000 CVE-2024-6369,0,0,8b09ff85e5acb66c2b30feef0f9adfffd0c06196dfcccda2083a0a13ec885594,2024-06-27T12:47:19.847000 @@ -257830,7 +257899,7 @@ CVE-2024-6425,0,0,1981db7e64cdcda541cd3fd376e4579d515a61b711b4c458d916795af9b7e4 CVE-2024-6426,0,0,f8400a1dd26a0192767404ca5f7752c12cf287ce03e2990002fc305f7bc08efa,2024-07-05T17:10:26.683000 CVE-2024-6427,0,0,4e3c2a8d1e984293b7a508d6724a6a3f7998f367f7900ab80f87cf0d36ad12b5,2024-07-05T17:10:44.997000 CVE-2024-6428,0,0,8095b4dcd35f897b4650661c439e7e332797ada1bd3807e53dae0badb2379a85,2024-07-05T17:08:11.060000 -CVE-2024-6431,0,0,d7868d140f438b8240f420809d76a6d1135d047a9e2ee13a1283131ff2149654,2024-07-27T02:15:10.677000 +CVE-2024-6431,0,1,fcbb0ceb19b6b17057a6532823d607ef530236adc570023f161f002351d029b0,2024-07-29T14:12:08.783000 CVE-2024-6433,0,0,4cb445c95e15de0c345d2cc06e9508b276183ca5d50834d0b48eec3d0df1757b,2024-07-12T08:15:11.963000 CVE-2024-6434,0,0,0183eab14185d66c3308593554f63a98c54f148b051e07902898143029a6dc1e,2024-07-05T17:22:04.687000 CVE-2024-6435,0,0,537ce55d66a34e30f0cdc2fa5f4ebac2551f4222db736332f8b163433bf2dbed,2024-07-16T13:43:58.773000 @@ -257843,7 +257912,7 @@ CVE-2024-6452,0,0,c694c1bdf54902e69172121aae2a54d0747cfc16750499c01d3cf3c9c6ef32 CVE-2024-6453,0,0,f8f94ef1371b1813320fb500c8f5a2a5c78562059f37a370c24f1cfd03cdaa59,2024-07-03T12:53:24.977000 CVE-2024-6455,0,0,8630ebc1a98e741e91f009e85126d02bca9a8a2c6f3c48f74f4c74c8c868f369,2024-07-19T13:01:44.567000 CVE-2024-6457,0,0,2021b397e47ab38cda013de2c201fe3ea53b49570246fbb65269f60be90e5ab4,2024-07-16T13:43:58.773000 -CVE-2024-6458,0,0,59e1cc26c449af8a7075e602764deabe00152e29e028157bff97e92e65f94dff,2024-07-27T09:15:02.123000 +CVE-2024-6458,0,1,e6f4f9a699790cfa92517dafe90bcdba32232615fceb305817a9ccda94d06fc4,2024-07-29T14:12:08.783000 CVE-2024-6461,0,0,86a214d0c7bd3f57cea37cd567b01f1a0e55f8d4342f6c7c46fd15b8942c8d90,2024-07-03T21:15:04.580000 CVE-2024-6463,0,0,f8d7d80ca565804c0caafdbc8214fe1eca7dc83d43861affc813af07365c0cc0,2024-07-03T21:15:04.640000 CVE-2024-6464,0,0,8fab89d1b3aef32a257cf0d7fb909cce6ac18d5ef8dc898bb9f0cc6c52356cbf,2024-07-03T21:15:04.697000 @@ -257855,7 +257924,7 @@ CVE-2024-6470,0,0,c9a33c23ec7370c50b4df58ad71ec5e181cf8d29947a984c43804e0a58dc77 CVE-2024-6471,0,0,f732e100289c893532526b33b46541a39ba52ce518f7e90d2f97ec4bb67cf877,2024-07-05T12:55:51.367000 CVE-2024-6484,0,0,bc633abd6bfb9da06585afdfb273066dfbc508847026385eb612d46f7c70ed29,2024-07-11T18:09:58.777000 CVE-2024-6485,0,0,b143d2f5de1cad2c57f83d18fe64abfe0ba2da69210341aec4863f07cdd850cb,2024-07-11T18:09:58.777000 -CVE-2024-6487,0,0,5f5355443347e274d682cedd60565bdf2ebb5b8ce4f4b4a0557d897fd36ca492,2024-07-29T06:15:02.873000 +CVE-2024-6487,0,1,e9f99275aa226e2c180f55887fc7811b3e734f63c0a0737e818849572fcdfd7e,2024-07-29T14:12:08.783000 CVE-2024-6488,0,0,0c5ecb49d7296b409f5d61bd70a5d017ad6f69068345855a00f0bd7c78566faa,2024-07-04T21:15:10.403000 CVE-2024-6489,0,0,9e9ca0d507c7dd8804b1fd0a0aa043e3fe6638bfc4af4b9ea109d44e00b0a114,2024-07-22T13:00:53.287000 CVE-2024-6490,0,0,8a5877d317a0eed7b1ae7b123dbc62aa28ad8c8fd8f1b2bd14476905cfed0a05,2024-07-26T12:38:41.683000 @@ -257870,9 +257939,9 @@ CVE-2024-6506,0,0,58310ca3e68e3dacb16dafd9b32db187bdf111a88d3da008267c8c84bbec48 CVE-2024-6507,0,0,4e3b24fd61e25de66a6840473e4d19109a713188592b0f05efa1cbb9de33936e,2024-07-08T14:19:21.610000 CVE-2024-6511,0,0,053f3089b06a0cd915df79eb3301836b5db5c9fe4d3ed571ee6923d36f4d1832,2024-07-05T12:55:51.367000 CVE-2024-6513,0,0,bb977a38eaef5aa918756b3907c97d9805111d3bc118dcf2b0096d1bbd202aea,2024-07-04T16:15:03.103000 -CVE-2024-6518,0,0,3d7e5bfccb39c3666fa70d026abac7397ae8eca74f0e39d749375abec4b05fe7,2024-07-27T12:15:10.780000 -CVE-2024-6520,0,0,9defeeea1e73687f49754c0daad1f9f3cc8c55d04496b7d8cdbf21c3415b5e14,2024-07-27T12:15:11.030000 -CVE-2024-6521,0,0,44afab5ac0543370f21cd1632a2d01bfb91586d204b462b915cd9854a037270f,2024-07-27T12:15:11.250000 +CVE-2024-6518,0,1,7a127ef3c2d090457ff99a50f0f761572ef9ee379e26194986d16a2b77609a00,2024-07-29T14:12:08.783000 +CVE-2024-6520,0,1,da4b03a9e11126ab0f0a0894cb8a440cfc63b3916dfee33ced3ffb195efafdaf,2024-07-29T14:12:08.783000 +CVE-2024-6521,0,1,61feca14382c37723c4016962cdcfba87f0789845a7f3eab7e4a9b311bd86af9,2024-07-29T14:12:08.783000 CVE-2024-6523,0,0,98f0a109b2eb43c22795bc145187860635580ebf6919d959b6614038101f8043,2024-07-08T16:47:11.437000 CVE-2024-6524,0,0,4164bb0736c03a505788360f1634f8030b5ce4107a78a58256f3b4682fe3c19a,2024-07-08T15:33:01.377000 CVE-2024-6525,0,0,2f0f70f02d7062f0146f492a65f00de0208bb8c01fafafd0c2d5a6e3d243b927,2024-07-08T15:30:11.133000 @@ -257884,11 +257953,11 @@ CVE-2024-6535,0,0,d515bd0c9a2788945f1c070eede854437b7a1c58e6a79916f8d2b46233d5b6 CVE-2024-6539,0,0,81a7a773476044a536e1904849aff55df114add8144e8265b917f8120b92d867,2024-07-11T14:56:20.733000 CVE-2024-6540,0,0,f13af52637070826766869c9a967d13110a057955f51f107eb0d0f88b4032338,2024-07-16T18:05:37.267000 CVE-2024-6542,0,0,54f8a75473ca23470adff5375410f0163accbe3baf07cee08839e7a197565332,2024-07-22T13:00:31.330000 -CVE-2024-6545,0,0,075fb942ea87d6bdb0122a4c072ead0d2124f91a4173eaf0ee866aac0f13a794,2024-07-27T02:15:10.883000 -CVE-2024-6546,0,0,6720099ca78e2fda3622786c90f89cdc049795fed23aa4c297f3891296efac59,2024-07-27T02:15:11.097000 -CVE-2024-6547,0,0,df483bd1f5b98104d46b7cf4bd1d5c6848276ea242f994e6e607bde27acb04a9,2024-07-27T02:15:11.307000 -CVE-2024-6548,0,0,703a2788bf6bd80be09c3326ceb61180212d660ae30a5bc655b6c9c23b2b30c1,2024-07-27T02:15:11.513000 -CVE-2024-6549,0,0,cf3b3dea972843d80d08d74bc6773dadf744ee4450d40365a80f510deb9796f2,2024-07-27T02:15:11.713000 +CVE-2024-6545,0,1,97ee5e13519e722f4006d1598ff8b5d6e2e4cb7552f463abeca3e656c343e880,2024-07-29T14:12:08.783000 +CVE-2024-6546,0,1,0eee46a34ab9f84036d2fbded3a46124e4089d04296fa0288f2cdad15177d72e,2024-07-29T14:12:08.783000 +CVE-2024-6547,0,1,18c84e0486ad4b936dd6fb72fb2fdab2178f5a996a76eecb6a226aad2d913b31,2024-07-29T14:12:08.783000 +CVE-2024-6548,0,1,60bfc667942bf486cd849da3893b7634ce066ff37e0b88eef507e7c2b2252b95,2024-07-29T14:12:08.783000 +CVE-2024-6549,0,1,cc28409fa4123f9cfa0020a8bd1acbb74b9f694b50039e5c195a43b7390fbf1b,2024-07-29T14:12:08.783000 CVE-2024-6550,0,0,6c4bb046e65a00df1f67c81af4edc0fc3847fdca60c1beea606bf943b5851318,2024-07-11T13:05:54.930000 CVE-2024-6553,0,0,8a5d95f9a9340732b68e040cf34cd3feae3ce046430b36cadf8644d55781cab3,2024-07-24T12:55:13.223000 CVE-2024-6554,0,0,c39b715167392909a130cc6479af2acca1cb23375ca0bdab5b0fb951f0bce662,2024-07-12T17:01:48.353000 @@ -257901,17 +257970,18 @@ CVE-2024-6560,0,0,131d869035ca470d33b727fd5e6c3ee539b49dab7fe493b3f3155c0a8f2eb3 CVE-2024-6563,0,0,1b4d88909a8afd884220e1df693026407578c717bcca7ba5cdd4e0bbbf29fb3c,2024-07-09T14:19:19.300000 CVE-2024-6564,0,0,b381c943e4dc87d72df0560a8008d835d4542fba3e8b6a3b21a1beca0e3a3fa5,2024-07-09T14:19:14.760000 CVE-2024-6565,0,0,43def900ab0d6afe7974c0f6bcdb1952d3f11b54fce1bb808ab6238edf9d39c2,2024-07-16T13:43:58.773000 -CVE-2024-6566,0,0,38507063f40cf52a69065d313f22e6175b9750c56aafcc8d30163bf566bf50ff,2024-07-27T02:15:11.920000 -CVE-2024-6569,0,0,25dc79520645b340a3dc8eaca0ed83a5324467a44876ee3685668069ceba99a8,2024-07-27T09:15:02.523000 +CVE-2024-6566,0,1,d6506e8698f9fc48107baf6879b3d68aa0d41c6ff56f3284c695ecacd8e825b0,2024-07-29T14:12:08.783000 +CVE-2024-6569,0,1,ea17e16deeca6260fdba738f342a9d86e7275b877d87aa50f5264cd0a02b7a0c,2024-07-29T14:12:08.783000 CVE-2024-6570,0,0,1c2083317d49d5094b93c672429fe80fa3944fba8c36de7f1f2403e55beb6b46,2024-07-16T13:43:58.773000 CVE-2024-6571,0,0,99e28e1eec016aa2ea1a00034153b94fa7a8f3552e46398f5643f95dd38cab4e,2024-07-24T12:55:13.223000 -CVE-2024-6573,0,0,e202c92ea4b6cb9cec3c59842954c336f5290759597448badd52afbb1dc3bf95,2024-07-27T02:15:12.130000 +CVE-2024-6573,0,1,eec8b8537f493346698f7e9346611d53ae9a4a9981bcfb08980cc8315ebb4c8d,2024-07-29T14:12:08.783000 CVE-2024-6574,0,0,63009fc3946aa6aa37035c823fc25710c373929512d42b52b922f4cc721537b8,2024-07-15T13:00:34.853000 +CVE-2024-6576,1,1,66efed42255b5bc1f5154676635b9d60f2fa3053630ab32f5591c345105b498f,2024-07-29T14:15:04.190000 CVE-2024-6579,0,0,70ddc19f754f7cb2643cde5cc84c5570c5648bfc6d8e404da6cc6aa9bb2155c8,2024-07-16T13:43:58.773000 CVE-2024-6580,0,0,d43dfa58651574c4447e8f323f3cb1f6a00d6bdef0613d5834aefccecf968c5d,2024-07-09T18:19:14.047000 CVE-2024-6588,0,0,67672e854c20766f2e15151fa1e111ec8310b7083a57f535c99159d2ce6e5af7,2024-07-12T12:49:07.030000 CVE-2024-6589,0,0,e4bc0ab2e97136ccd5c1f5af72b6ce78b9e640015e8f0534ea10f7ce70ac4c0c,2024-07-25T12:36:39.947000 -CVE-2024-6591,0,0,311ac282907c91341819e69d9d0b4784d3553242c1b5a27cc7b063c84773d19d,2024-07-27T02:15:12.330000 +CVE-2024-6591,0,1,ba434f770e77a561bd09877a3c29228f51c9818a995d0175b55ef4d80494af35,2024-07-29T14:12:08.783000 CVE-2024-6595,0,0,97cf6a37af39b7f5832976478077fe225f57d63ffd9a5f39caf9eca8e3545339,2024-07-19T14:52:54.943000 CVE-2024-6598,0,0,fb802128b1cfc176540749693b684b4374936099ab1c7948c1ec819266291908,2024-07-09T18:19:14.047000 CVE-2024-6599,0,0,6a69a16a0a8781527f95db9310983c42c357e28a72f780fd79d80c9654364b86,2024-07-18T12:28:43.707000 @@ -257934,10 +258004,10 @@ CVE-2024-6615,0,0,21e70ce6d005932fad51efb1cef43277a3ff57e367ed55aea5460b226c9f9b CVE-2024-6621,0,0,75f7ea9becaa66b3030f6b54d6ea12535b72220300e49d7375089d25edbe8b2f,2024-07-16T13:43:58.773000 CVE-2024-6624,0,0,d641d0598d5f0d62f69b2f0bb30153f1263b9aa17a64dd7567b42517a1bc6027,2024-07-12T16:51:31.487000 CVE-2024-6625,0,0,b913737eefce9f28c47dc537f0edd398b1eeb297cd2eb30c69b59c3401317130,2024-07-12T12:49:07.030000 -CVE-2024-6627,0,0,3c8e368f6fbc7e6b7c55afc4d812008225f3d3302f69d4c248bd31e59d72e92c,2024-07-27T12:15:11.477000 +CVE-2024-6627,0,1,c1ab91b855386d03fb23ec47d7ea95469618609ded94a66bedffee95371608e8,2024-07-29T14:12:08.783000 CVE-2024-6629,0,0,0264a6ecc734e6bba34d74cdd2b710d65bfa2f35085e88ade8ee0f09f00a5520,2024-07-24T12:55:13.223000 CVE-2024-6630,0,0,7742b604143993a9d769b9ab9c3e5aab85337a51e6772bb186961af80d29fee2,2024-07-10T18:15:05.407000 -CVE-2024-6634,0,0,034c952bec8de648991ab1d2e28977f51b22472f46a09e1751519f767a2003af,2024-07-27T02:15:12.560000 +CVE-2024-6634,0,1,20e842ed204ff1f080594226c009c0585274acd37661b69fb1d6603728f53ffe,2024-07-29T14:12:08.783000 CVE-2024-6635,0,0,97d6e55960f6f2e5010584395fc193a0feb186e4d795b57d89159c3132b84fff,2024-07-22T13:00:31.330000 CVE-2024-6636,0,0,b927f4aba2100824a9064e3c9444e3f54a47671d743161ced3b5a100a38b49ab,2024-07-22T13:00:31.330000 CVE-2024-6637,0,0,59f76fa21430fd2f815d25b14c560949a8f50f1f9b39a99ada5c48c5c42ab47c,2024-07-22T13:00:31.330000 @@ -257954,7 +258024,7 @@ CVE-2024-6652,0,0,32c4914a2885b2299fef5292f9b5b00052aaeaf4b92ba53d869ce14f17c7c5 CVE-2024-6653,0,0,d93d31cbf15b722e8213bd0a1f350049b73a325a73fea026c81bdae5013a3c4f,2024-07-11T13:15:10.147000 CVE-2024-6655,0,0,485f585861c9543e180875e8c8a03aa176dd69bb5a21887c98c071d6ec8a6317,2024-07-16T18:00:02.110000 CVE-2024-6660,0,0,caad23d7b98522c6f22294c27dcab3f8925f974b7a7faae66643c3e06a0d6672,2024-07-19T15:48:14.040000 -CVE-2024-6661,0,0,327e7bdb92102befa85e6bda48cbd6fdb3151025f708887b75eab3ffefd630fe,2024-07-27T02:15:12.780000 +CVE-2024-6661,0,1,b1af44a52f9370b6a9eee52c0900f8f875202dae713119fd68b00889cf9d23b8,2024-07-29T14:12:08.783000 CVE-2024-6663,0,0,7facb2637e12709d4a455340194f194dba2537cb44d31c2262ed1aa6b9ebcf89,2024-07-10T21:15:11.463000 CVE-2024-6664,0,0,7dcdbd9efac1143da422ef778b0a605b2e75ff3874c65ca5b8e519e1d8523278,2024-07-10T21:15:11.520000 CVE-2024-6666,0,0,6ade2353732c66fc20367582756530c33ec26bf7f6989700bd337bd969227f22,2024-07-12T16:46:48.387000 @@ -257967,7 +258037,7 @@ CVE-2024-6680,0,0,131299d0989a76f846afb0c8ae15f4692f1a0fdd9931fad30c165660cd1232 CVE-2024-6681,0,0,fd87484dafd740c0f788720b14149eb40f6b6d8ce371416d0e039ce9acf82071,2024-07-11T18:09:58.777000 CVE-2024-6689,0,0,d40d4a6e022419e83ed34bb3a74eb0d24556e6d76f7b0a592f90775a9d52873c,2024-07-16T13:43:58.773000 CVE-2024-6694,0,0,7d61bbb6e4266a8c90354c9d0cb6da1ede156f667671ed3e7d5507b5e685e063,2024-07-22T13:00:53.287000 -CVE-2024-6703,0,0,4f662fbdc03fd7cd0be669d3b0e364488aeb120c7cee29fd02a342b2adcc102f,2024-07-27T13:15:09.757000 +CVE-2024-6703,0,1,58688b231f5fc6deacad90c54b9ce0876a71daf3ee0061b5562a2bcbb8052bf3,2024-07-29T14:12:08.783000 CVE-2024-6705,0,0,1e166467558902cf3ff2211f8b1aa347feb308f999c65053186e5a13806e8368,2024-07-18T12:28:43.707000 CVE-2024-6714,0,0,11b717ebe6f787348133e2783f9d140b140bb610f91df0dde9f6c41f4dbdce83,2024-07-24T12:55:13.223000 CVE-2024-6716,0,0,8ffb92442f0506288b44c8e147b3f474301f4b7d486d9477f8f7548823d67c07,2024-07-17T14:15:04.210000 @@ -258029,11 +258099,11 @@ CVE-2024-6834,0,0,9b06026f568f95c4c2a4be9208340b1bc5ab27fea601ce9296ee0a0b671ec6 CVE-2024-6836,0,0,e390cd7e31e7aaebb0300f845059693a0906a0a80bba3b00492cbc2a5c299f21,2024-07-24T12:55:13.223000 CVE-2024-6848,0,0,e171c12c58967922126feefb09977b436bb9e206684562a37899ca6ed3e35d20,2024-07-22T13:00:31.330000 CVE-2024-6874,0,0,6fdb828244d0878bf4334f6c8b61a3ad657fa405006bc4b1bc91d03b240bfdb1,2024-07-24T12:55:13.223000 -CVE-2024-6881,1,1,1eb624a5b6c0fdb521790a299264411b6602f7bb26882556682b7a575ee97326,2024-07-29T13:15:10.990000 +CVE-2024-6881,0,1,ae484b8b97ecbaca3d459a043a0b9e7c17dfa3db2ae41eab10b19174db4e67d5,2024-07-29T14:12:08.783000 CVE-2024-6885,0,0,820342a8aad3354940c223afe57157bbf13eee743fbe19265a63d35dde973086,2024-07-24T12:55:13.223000 CVE-2024-6895,0,0,ba732cd0d0196677d9fba02b4344054d4844d09e5d174114e4dcf4446ecf9262,2024-07-22T13:00:53.287000 CVE-2024-6896,0,0,801c74edfd9bf4c5786030707fac190d86b113e6627f16ad4c2e5810705558a7,2024-07-24T12:55:13.223000 -CVE-2024-6897,0,0,d4aba1ee6695ecb86b55721c90294563157d1488e9edd7a287c523fc536ffcea,2024-07-27T12:15:11.707000 +CVE-2024-6897,0,1,0bc0c3c85d38c464186c16b9bc40451a421eb7b428d66cf1c3a2509fdf188e66,2024-07-29T14:12:08.783000 CVE-2024-6898,0,0,98dae2dc951da0c9f1ac4e695a7ad38573b2abb15f5508f51642ed9635c194c6,2024-07-19T13:01:44.567000 CVE-2024-6899,0,0,397359020457c655f416abd05bdc982e2cbc9cd703cb46d21be66b71a5df8e91,2024-07-19T13:01:44.567000 CVE-2024-6900,0,0,e500188038c3ea14b8e23eb8bbafe809d907d6d44fb62c1134048b209905575c,2024-07-24T16:55:06.977000 @@ -258049,7 +258119,7 @@ CVE-2024-6911,0,0,46d89096f6e412b4d1b26c4491b89cca1edef35f1edb197cda4640c904cf98 CVE-2024-6912,0,0,b579ffc43dbaf89f50f93b1659dc012bb7b84a2d36bcb32b984560565416f527,2024-07-24T12:55:13.223000 CVE-2024-6913,0,0,a7b65a58f468735b3782ca0a056db617c72da8825fc6f7975e6b5a68a6fa7e93,2024-07-24T12:55:13.223000 CVE-2024-6916,0,0,07530be58a74756ca63b407a63f3e63926b78ec1f0980442182c2c4ab60c9be4,2024-07-19T13:01:44.567000 -CVE-2024-6922,0,0,8f5221871e45dc47cd64706a094fd915a7222fa61d034a8129002705e5734e02,2024-07-26T14:15:03.377000 +CVE-2024-6922,0,1,06f94107ca0d2a59d9bc293905aa46a216c7a8ead08ee7b0b3a0f5d8d9c7d0a8,2024-07-29T14:12:08.783000 CVE-2024-6930,0,0,de9484f0df1ac338aa3b09c73b4d890cbda7e2129d6e265be8ed1831a07d234d,2024-07-24T12:55:13.223000 CVE-2024-6932,0,0,67a8aa74150c82de9338c7f5e13237de6a0b3fc058478249ab687a9bbea18d6e,2024-07-22T13:00:31.330000 CVE-2024-6933,0,0,31e003a378d639e27641dced44e726d35d058acd0301a48a16d76976ef2aa1ee,2024-07-22T13:00:31.330000 @@ -258090,11 +258160,12 @@ CVE-2024-6968,0,0,57675d10d151b515d8654e4a2d23336a097aabe29c179fc0cfbb72272365b2 CVE-2024-6969,0,0,2345a97b06e5d388bdf778f25c67289987f0f6d0622466c7c196f2cd07649113,2024-07-25T15:38:51.787000 CVE-2024-6970,0,0,4194a84f3c5724b9bace97395e0f8e6456cd70a8d0cf3d46afccc165b27983cb,2024-07-25T15:36:44.567000 CVE-2024-6972,0,0,136930c91bb85ebbdb27bc99dae627302f90363fa18ab987405ebabe27d12e99,2024-07-25T12:36:39.947000 +CVE-2024-6984,1,1,1eb6d0d1d54fcb8aba5282d66fcf2164565b4f87ff4446242ecdd94e6133f611,2024-07-29T14:15:04.477000 CVE-2024-7007,0,0,d661b80f381c5e5a20762050cd26d7cdbc7442dd5816d04953c75c3bb9a2e0ae,2024-07-26T12:38:41.683000 CVE-2024-7014,0,0,bf4bcb57365a86d29a45ebd019245eec542daaec8aac5d2bd790565f954bcfee,2024-07-24T12:55:13.223000 CVE-2024-7027,0,0,5a505a0256616ae7086bad971714674072a78d2b5b489c23bd05df293d4823ce,2024-07-24T12:55:13.223000 CVE-2024-7047,0,0,c626b8092c8533dfe4198c51e8e35d5946df1ed097b6fb1d01ca755685dc1b0d,2024-07-25T12:36:39.947000 -CVE-2024-7050,0,0,87eb65c2fa0193ce614b51e63bdcf9b31a6757244623cb5a8ed10e25fea6ffc5,2024-07-26T16:15:03.847000 +CVE-2024-7050,0,1,f402c0a89ba2917236fe6639793bd54ee4751807250eba7a4dde84d4a362ffd7,2024-07-29T14:12:08.783000 CVE-2024-7057,0,0,e86292da776d8c2eee12db885a241ac453174252cdfea8e6058f6d373bd4dc19,2024-07-25T12:36:39.947000 CVE-2024-7060,0,0,2e0c92013c1ddde1bca0ad9e62aa50d23e69e1a598796a2170f54fccf61e7f4b,2024-07-25T12:36:39.947000 CVE-2024-7062,0,0,d6f409aeb13130ff6f4252d4a7aadcbcfc3eecb0d68f9e3338eff0add9df7d66,2024-07-26T12:38:41.683000 @@ -258117,56 +258188,56 @@ CVE-2024-7117,0,0,1e4afcc6cca6c4e7beb85fac1a7fed4a23e63b6654ed7d583e0579875d0c65 CVE-2024-7118,0,0,6ddf36fc8a10a330c27e6abbf544962e1f8806ebf38d58bb308a1fa31785fd26,2024-07-26T12:38:41.683000 CVE-2024-7119,0,0,0d4c04861267ba0260c186040cffb33b88f1cb2cf783b33962c97c266a3b660d,2024-07-26T12:38:41.683000 CVE-2024-7120,0,0,61740476c5bf721de3ec3243fb937e4e04eb802316b459df4612d60639785741,2024-07-26T12:38:41.683000 -CVE-2024-7128,0,0,47460bc57c903b3fabdb73433c3bfc4f54879d354fc8cdc474587e0d4d4fa63d,2024-07-26T14:15:03.573000 -CVE-2024-7151,0,0,06232e614d6867686f3c84d16156f95141f38a0335ce80e22280064659e83e56,2024-07-27T20:15:09.650000 -CVE-2024-7152,0,0,aac814756563dfb6eac01900cd30616c2d9c9df404e1ca487beb8a14d5d8de14,2024-07-27T21:15:09.743000 -CVE-2024-7153,0,0,32210d4464beb2119e16e6b44aee6361e3b850929f8029ca84d08fdbc2594529,2024-07-27T22:15:01.833000 -CVE-2024-7154,0,0,722e1cbe890e398365f8f0cf4f116924e0c3343019d5ec36c94189f3fa92b41d,2024-07-28T10:15:01.897000 -CVE-2024-7155,0,0,4216904d1fea5d4ec7e81cf57cd860ab32f7a4a7c445fe5cd8c2c9d3583d0fb7,2024-07-28T10:15:03.053000 -CVE-2024-7156,0,0,a04911f2fb7c065ecb3a79e8f1ac4e166133c01ea464282e46a6dc652b3dd459,2024-07-28T11:15:11.820000 -CVE-2024-7157,0,0,fc6f6b2cc34fd8697df19cbf17fcd4cd27eae2140fe5a399729db35436fd0871,2024-07-28T11:15:12.107000 -CVE-2024-7158,0,0,8b4598ff93542df87dc175453c9bd95fdcaeec8b3f59030fa45c1c99578e1b2d,2024-07-28T14:15:11.303000 -CVE-2024-7159,0,0,aa09cdc774bb904f7578dd0ed9d500a7cba38cf5f5fa8676610887cb373b3a30,2024-07-28T15:15:09.897000 -CVE-2024-7160,0,0,bd957275ec2f0f7bf2b2b785f1d1add29975b97e07067566cb44747fa4fcc461,2024-07-28T15:15:10.163000 -CVE-2024-7161,0,0,48dccc008eb3fd3321c03cc8f39414564a6e7517c5328a48d623edbeb7dc27b0,2024-07-28T16:15:02.047000 -CVE-2024-7162,0,0,e0a0f66b0fb0446ebcd55f1f10f62ebc696e4dc21ba0bd0598d435533b778fb8,2024-07-28T16:15:02.347000 -CVE-2024-7163,0,0,614624da553eca694932fb6bd646443cabbc72205fe1db7ecb192b2c04a1c276,2024-07-28T17:15:09.797000 -CVE-2024-7164,0,0,81f225beef0a6515bde342fba0486c4aa02307f078d1a28a867adf06cc3997f9,2024-07-28T17:15:10.057000 -CVE-2024-7165,0,0,8b0a6c114d77f4576b0459a5fb00e79e42379194940b483d01e5c1b1e30ef7e6,2024-07-28T18:15:02.123000 -CVE-2024-7166,0,0,214c1cb988bb77b97e34dbab593e349f82d85e02eb1319554a3cfe91290aec7b,2024-07-28T18:15:02.420000 -CVE-2024-7167,0,0,414df381b84603a8a6e855d293659c9444b1bf41e89dddb552f745827b1f27ce,2024-07-28T19:15:10.697000 -CVE-2024-7168,0,0,12f38d99b2927640de4a3421acd94ba64943387e05be840f669c87a0aea2a562,2024-07-28T19:15:11.007000 -CVE-2024-7169,0,0,9f1b45509a23ccf222d7104c51c66a34143e10bed2884c00fa9e73c4040a060f,2024-07-28T20:15:01.903000 -CVE-2024-7170,0,0,56be3a455f7d97346b7f96f42c1ea852d79ed554a2984962d6a7a9c3bd2a8bbc,2024-07-28T22:15:01.820000 -CVE-2024-7171,0,0,80fea255434ea736ed2127d5addc87627fe2454200d3905dc648a0ed127ad101,2024-07-28T23:15:09.837000 -CVE-2024-7172,0,0,2b53968e6b5fd05292ac2cd324e8c18d4b50f486576062dd79c068aa40a8d6ca,2024-07-28T23:15:10.117000 -CVE-2024-7173,0,0,29b7873ddfe574fa23febc5ab611b3a97aba7b37dabbaaf245bb7f2b918cadaf,2024-07-29T00:15:02.030000 -CVE-2024-7174,0,0,5023081295b1fa1dea32ce74885e1c3dabc9f7aaf77573e3c76b0a75dc8db3e2,2024-07-29T00:15:02.320000 -CVE-2024-7175,0,0,ac76eaf6357300020e6e09fe9fb2a1169a26fad02e87cbd42664940f82e83e72,2024-07-29T01:15:09.830000 -CVE-2024-7176,0,0,e33412a9a84acde1ff9a2818d95a72331a09bdbc340f67acf4af22d6c6fea6c5,2024-07-29T02:15:12.810000 -CVE-2024-7177,0,0,4bff88bcd73db8b2aaef964ae417990adfbce7f01a62ba261db2fa4761a3997e,2024-07-29T02:15:13.077000 -CVE-2024-7178,0,0,df55e9afa0a1f513e0e67c8806c711c7fc345b62da781100db34476372e27504,2024-07-29T03:15:02.417000 -CVE-2024-7179,0,0,fc80efb2a9f8c145f463ae251c59db76422786d1797c4de60e3b385c4988f497,2024-07-29T03:15:02.703000 -CVE-2024-7180,0,0,a1c33ef39e6f8a6b45ceb05246dc66f90c752f92366103a9b74220d9c475cb3b,2024-07-29T03:15:03 -CVE-2024-7181,0,0,ec774c75c90b4c019fd6836b41d886ae8fdad52692ded8b3101bdf0e9965b337,2024-07-29T04:15:02.087000 -CVE-2024-7182,0,0,a840bbbf4c86cb7b1060f7dfdeedcec84fdc7e091c2fc826cf697d52f91a8d86,2024-07-29T04:15:02.473000 -CVE-2024-7183,0,0,7b2532f176b2f24dd5232f9e391254061f920c7e382fc99d4788606a854dce29,2024-07-29T05:15:01.820000 -CVE-2024-7184,0,0,6417003ca7661607867b29229dc79991a8c0f5c529ccf8e7ff86605e25673ced,2024-07-29T05:15:02.203000 -CVE-2024-7185,0,0,c52e16bf9f9f42a8927241cae4302277dea92592a051435fb99b8b22f06fb122,2024-07-29T06:15:02.980000 -CVE-2024-7186,0,0,1fca5bf3b4e197b63e258046d7ceffac9bb5f4226bedafb5e3b93fcdf29c8281,2024-07-29T06:15:03.420000 -CVE-2024-7187,0,0,f35654ac501888a0f278af49d6fb4bcb3ef738af2e2b97cc401df743772848a7,2024-07-29T07:15:07.830000 -CVE-2024-7188,0,0,becd39a6aa7990584748f5287876db63518ab0ae9f2005c4ef08178e66949aa8,2024-07-29T07:15:08.713000 -CVE-2024-7189,0,0,35eeb18c886375b73bd239786d0dd9e06eb28ad1148bfdbab13be9366afd5de7,2024-07-29T08:15:01.703000 -CVE-2024-7190,0,0,ca1374ebbe0d80aa77b5e602ff3d9a9186474bf4da7cd883864d55234de117dc,2024-07-29T08:15:02.010000 -CVE-2024-7191,0,0,03be4729ed5cdd408154ea492efb83ab303676d2b1c6438848697eed77545b91,2024-07-29T09:15:03.410000 -CVE-2024-7192,0,0,ae47a94e3c72124e5358a3ce89431bc11204defc4d6e7ff84b9cec92c7e6969f,2024-07-29T09:15:03.693000 -CVE-2024-7193,0,0,df52f6dfb8dfa1e38ce458f960c0d0a45b32c7b4dd234893f1d04240fa045b9b,2024-07-29T10:15:02.107000 -CVE-2024-7194,0,0,5f1eeb91325db7d845067d278313c17e707631f1547243ba6b16165375156100,2024-07-29T10:15:02.933000 -CVE-2024-7195,0,0,a98e1012bc097fd53cccbe36a849d8a9d349afa5daabb788e9cc4b77f6e702e0,2024-07-29T11:15:10.197000 -CVE-2024-7196,0,1,035f7bce9fe659394393d7222984d7c15724235c049d7ce9f018a99674541d30,2024-07-29T11:15:10.503000 -CVE-2024-7197,1,1,f9443b63ff9cdc544560d6f66ce48c5cf73b2bbea4f1d2d1e141f366c62e9198,2024-07-29T12:15:02.320000 -CVE-2024-7198,1,1,4254843b666058c4a04dc202c50775cea82e0664fab3b32237257ad5ab0aec0b,2024-07-29T12:15:02.610000 -CVE-2024-7199,1,1,e0bdc0098d8600bfe7dcdb8e505834c1d413b321c1dd8d09140b34b0f0b4f304,2024-07-29T13:15:11.123000 -CVE-2024-7200,1,1,796233832912ad86dd4633896a825bdf57e2cda0a45f44181a677611ac259c52,2024-07-29T13:15:11.400000 -CVE-2024-7201,0,0,7be4dae6a4185f4cd25c1f8f884039dbbeadd8a2aceec8d6c898f20222370dfb,2024-07-29T03:15:03.267000 -CVE-2024-7202,0,0,65ac55258284a64f4b9d6679d59d4464aa901cdf53880e6ffdc4430ae23e65ac,2024-07-29T04:15:02.807000 +CVE-2024-7128,0,1,22b40e3236f05da8de2b73f629340b5796a3b45429dedc50864bf862ccb583f9,2024-07-29T14:12:08.783000 +CVE-2024-7151,0,1,27748e77ac666f37b5ea95444b5871c2d624c12d124d7b3d9588f7bd43672a12,2024-07-29T14:12:08.783000 +CVE-2024-7152,0,1,dcb2ef4ff482b2e3310b87257a8cfd0ded02bb0f2f9cc18d404e9808150d9dbb,2024-07-29T14:12:08.783000 +CVE-2024-7153,0,1,9aefcf5212f7daa00d220d7b2b9f573be0a36b383139766fde3ad17e71ad7b77,2024-07-29T14:12:08.783000 +CVE-2024-7154,0,1,d39e89f94f60e8d7b79da52df9d630b9e81b2b245d2f85488b74e63c84749625,2024-07-29T14:12:08.783000 +CVE-2024-7155,0,1,f5d8fd6ea549865a120b84df9be93cc729fc94148b48501efc2a1336d4453b69,2024-07-29T14:12:08.783000 +CVE-2024-7156,0,1,c04270c954b828ec763b97e8ed2b78c708b74a47e6721967a3457c8a9e1757f9,2024-07-29T14:12:08.783000 +CVE-2024-7157,0,1,8931cf89829462eec766ef746a4df63fed2464177966f213542a55d19c1e58d8,2024-07-29T14:12:08.783000 +CVE-2024-7158,0,1,8eeb2027bd614b39229013c89fa87c0faae1b21e4ff9300ebed3e09a05e7621e,2024-07-29T14:12:08.783000 +CVE-2024-7159,0,1,51344c47b8eb3e5995bb3f068befefc9478cc85a0bdf7d4262df8af84d61054a,2024-07-29T14:12:08.783000 +CVE-2024-7160,0,1,7a68b956977c10119ffc6d81803eeef1fb41a452ce84d40c98b0c64707958ef7,2024-07-29T14:12:08.783000 +CVE-2024-7161,0,1,3a84ea99e48e8a8d8048664ee759fce102c4899e7bf3a25b129131d6e118a2d3,2024-07-29T14:12:08.783000 +CVE-2024-7162,0,1,89a4bb0daa62a108ba37ba1cd76131a6b4592ff5908e4382e3ba0ccae44d808b,2024-07-29T14:12:08.783000 +CVE-2024-7163,0,1,81c756b3132cc48183d1a3c3acfd78fbea5503464491879bb3d1859dc5f53baf,2024-07-29T14:12:08.783000 +CVE-2024-7164,0,1,5d92d638c278ca9b7f581166aa96b475d47a310ffdc9cdf15fb9784e0b067773,2024-07-29T14:12:08.783000 +CVE-2024-7165,0,1,0bc7383077366dd24da152b87a65e6a1857c520c5e597d17ead367cb950cf01e,2024-07-29T14:12:08.783000 +CVE-2024-7166,0,1,2471fc9d9b4adea2a4a21ba89c51e6bd9133a6eafa6ec94da9724ccb80314f9e,2024-07-29T14:12:08.783000 +CVE-2024-7167,0,1,8e381ee0ac8313f716191f3edc8c82f168cf4449672c922534642a842be91b2f,2024-07-29T14:12:08.783000 +CVE-2024-7168,0,1,910224f79b3b67b053997cba38db0b80d710f3c8549be559cd68336fed4d2890,2024-07-29T14:12:08.783000 +CVE-2024-7169,0,1,f5980a4e5d2ccbce4c06d69d429b6969821394672e47084769e90ea39f080d62,2024-07-29T14:12:08.783000 +CVE-2024-7170,0,1,c911de3ed6eb8f888dabc0e3c5c43c4020953d0677c78f27e334ac1aaf9f28b3,2024-07-29T14:12:08.783000 +CVE-2024-7171,0,1,f9af9fb0c23fb7b822f7b4be7ea437b892bcf51d425201c5590fc38d73eb9531,2024-07-29T14:12:08.783000 +CVE-2024-7172,0,1,48098f2f8b9e9c93b1a36d2a3706aa815a76b5f3bfc9549c1d0a9bf89fd6f736,2024-07-29T14:12:08.783000 +CVE-2024-7173,0,1,9c8ef6624b932caeb4662918a0a810616d2ba8f9906f81dcebfdec59369b0574,2024-07-29T14:12:08.783000 +CVE-2024-7174,0,1,f1781e199cf66c66c4adc46ab76c589281b54a81300f6b034e26a8b728475a75,2024-07-29T14:12:08.783000 +CVE-2024-7175,0,1,5d4eeb7489132ec6e77d74f58648a42d6a5be9593c8b5cc1f115573e2980a84a,2024-07-29T14:12:08.783000 +CVE-2024-7176,0,1,87bd822da2f12dde6101b55907e007b11fb359e449d64ec7b52cb66f9d43adf6,2024-07-29T14:12:08.783000 +CVE-2024-7177,0,1,9b8744673605b28dba8faef7865b0aaa6e010d681eb7e62063dcb56018b8bdec,2024-07-29T14:12:08.783000 +CVE-2024-7178,0,1,52ae2b809c77291d60a9036321df7d8e5ce81e3908bf9bb5c27800ec4dcd8e64,2024-07-29T14:12:08.783000 +CVE-2024-7179,0,1,65e0f2454d780ae3c2ff2d614aa12167e348369191f0ac2bf926afbe4156da4a,2024-07-29T14:12:08.783000 +CVE-2024-7180,0,1,04e3dd812b22b1656218c3dd237532ed09069916c415498e7f349131a50802ae,2024-07-29T14:12:08.783000 +CVE-2024-7181,0,1,93007afc4944b4c85d6725623b8ece0fac3a3c46755f18c310c14af1436e8bcc,2024-07-29T14:12:08.783000 +CVE-2024-7182,0,1,6182ce71a82c92a02800c0dce0faacb01a7f0ed4f6bb694c052b6666bf11ab63,2024-07-29T14:12:08.783000 +CVE-2024-7183,0,1,546b9cc18db3572c3408dacf224c4840ff31bb7e257f07f1276cf686020891cb,2024-07-29T14:12:08.783000 +CVE-2024-7184,0,1,781197b9f7a46e264e1ec9bc79ea5b1e8bd5e7ff30f591037bdb2fc7bc8b28b4,2024-07-29T14:12:08.783000 +CVE-2024-7185,0,1,4d2680906aadd57f9447b5e6b03e4cb32097376975a9704fc3e85e058a3b58a8,2024-07-29T14:12:08.783000 +CVE-2024-7186,0,1,b2bc1109fb488f280319438e0668393ce4eace8029ac5f2d88ac272d154e53f7,2024-07-29T14:12:08.783000 +CVE-2024-7187,0,1,ef47dee281b861e2fbb32b5190ca7ae381b7d4b01547744750a5fe154f1ed708,2024-07-29T14:12:08.783000 +CVE-2024-7188,0,1,4b4e672447c0b6e89b97b7fbc1448d8f9bd8f8a454ffa3eacb9aed7610d4148a,2024-07-29T14:12:08.783000 +CVE-2024-7189,0,1,e70706885872860a6f58eb535d4da44551ede2a01c3fe4eb2ddbc76b884a7e55,2024-07-29T14:12:08.783000 +CVE-2024-7190,0,1,2b3153272ef04df16e3b3b82082543891fd5ef4c119d2c927810c48999ba5cb6,2024-07-29T14:12:08.783000 +CVE-2024-7191,0,1,3de5f98b75f962a7bf81367cbbf7b9a6b561be4de787108b05ec954ed9012a18,2024-07-29T14:12:08.783000 +CVE-2024-7192,0,1,8c1866f67c09e02aac206ab64e201e7bc7f8c1e59231c06a52249d22cc047da6,2024-07-29T14:12:08.783000 +CVE-2024-7193,0,1,471f89b1f9e21dd135e74be96458737d2a22d1977909084981ac0db538f96c8f,2024-07-29T14:12:08.783000 +CVE-2024-7194,0,1,c8b0d7991b5ee6e00ffbbc64a6ab1f39fe9d6a82b9bf24c2238ab6753aff32df,2024-07-29T14:12:08.783000 +CVE-2024-7195,0,1,f7da8846d38917b002b2b5180ea4d9dfe045dbd2366df57dc48d23d9f467bf7e,2024-07-29T14:12:08.783000 +CVE-2024-7196,0,1,39d23cef38325ecf26226fe3be85d15a455fca8c58ec9aec865b5e3e8e46a122,2024-07-29T14:12:08.783000 +CVE-2024-7197,0,1,5d31abf7bbec1a1e9c73407b33a1eac65b603572b6614585eac60c62db7f2f75,2024-07-29T14:12:08.783000 +CVE-2024-7198,0,1,19b2c36b5e0bfb10044c7e6ef90326036ca4d51ac224f6fe5c0ea3590aa3b04f,2024-07-29T14:12:08.783000 +CVE-2024-7199,0,1,1c38ae71600e9c4c0d209d192fce66196ad6d1d1454dfe95d9b268bf29c6a54f,2024-07-29T14:12:08.783000 +CVE-2024-7200,0,1,d21a4dd541acbc0094d3b150aee5dc57732e3b43b8983d68802bfc40bea446f0,2024-07-29T14:12:08.783000 +CVE-2024-7201,0,1,ada84f4b903b0c95dc45be4013db2022612c9fdb66b840b2138f16a8a9061fa8,2024-07-29T14:12:08.783000 +CVE-2024-7202,0,1,47ee30ff0ebecde915aadd7cf1bd702d0bebf04cac4786411e427c0fde39b1f2,2024-07-29T14:12:08.783000