admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-07-29T18:00:17.026976+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-07-29 18:03:12 +00:00
parent 4d727f9004
commit 791923c993
138 changed files with 3095 additions and 605 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
CVE-2021/CVE-2021-16xx/CVE-2021-1675.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-1675",
"sourceIdentifier": "secure@microsoft.com",
"published": "2021-06-08T23:15:08.267",
"lastModified": "2023-08-08T14:22:24.967",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-29T17:57:23.260",
"vulnStatus": "Analyzed",
"cveTags": [],
"cisaExploitAdd": "2021-11-03",
"cisaActionDue": "2021-11-17",
@ -46,8 +46,8 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
@ -55,10 +55,10 @@
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
@ -109,38 +109,45 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0"
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.18967",
"matchCriteriaId": "C6D804CC-3D0A-442D-AD15-77779C9168F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E2C378B-1507-4C81-82F6-9F599616845A"
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.4467",
"matchCriteriaId": "3330A6EC-E638-4760-91F1-BB920ACDBB17"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE4278F-71A7-43E9-8F79-1CBFAE71D730"
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.1999",
"matchCriteriaId": "0DF9B75A-049E-44AA-B4DD-3384F3ED5E52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64"
"criteria": "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.18363.1621",
"matchCriteriaId": "25BDC753-1696-4A75-AC79-E482662BD743"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1"
"criteria": "cpe:2.3:o:microsoft:windows_10_2004:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.1052",
"matchCriteriaId": "4110DDEF-AFEB-469C-8FF1-9208D5AD254A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
"matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372"
"criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19042.1052",
"matchCriteriaId": "A81D1961-6D36-4BBB-96C2-15D5480637CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8"
"criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19043.1052",
"matchCriteriaId": "579557C6-7D3C-4D9D-B8DF-E3193C01715C"
},
{
"vulnerable": true,
@ -157,6 +164,12 @@
"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.1052",
"matchCriteriaId": "854BE587-9888-4365-ABBA-AC951DC7BCB4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
@ -179,13 +192,15 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.4467",
"matchCriteriaId": "6EC20279-4DB0-4D87-93EF-235D0D36B1D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.1999",
"matchCriteriaId": "ACDF4D88-D052-40A6-96A7-865C33112B4F"
}
]
}

85
CVE-2021/CVE-2021-312xx/CVE-2021-31201.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-31201",
"sourceIdentifier": "secure@microsoft.com",
"published": "2021-06-08T23:15:08.387",
"lastModified": "2023-08-01T23:15:12.057",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-29T17:35:59.193",
"vulnStatus": "Analyzed",
"cveTags": [],
"cisaExploitAdd": "2021-11-03",
"cisaActionDue": "2021-11-17",
@ -107,6 +107,69 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.18967",
"matchCriteriaId": "C6D804CC-3D0A-442D-AD15-77779C9168F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.4467",
"matchCriteriaId": "3330A6EC-E638-4760-91F1-BB920ACDBB17"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.1999",
"matchCriteriaId": "0DF9B75A-049E-44AA-B4DD-3384F3ED5E52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.18363.1621",
"matchCriteriaId": "25BDC753-1696-4A75-AC79-E482662BD743"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_2004:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.1052",
"matchCriteriaId": "4110DDEF-AFEB-469C-8FF1-9208D5AD254A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19042.1052",
"matchCriteriaId": "A81D1961-6D36-4BBB-96C2-15D5480637CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19043.1052",
"matchCriteriaId": "579557C6-7D3C-4D9D-B8DF-E3193C01715C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.1052",
"matchCriteriaId": "854BE587-9888-4365-ABBA-AC951DC7BCB4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
@ -126,6 +189,24 @@
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.4467",
"matchCriteriaId": "6EC20279-4DB0-4D87-93EF-235D0D36B1D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.1999",
"matchCriteriaId": "ACDF4D88-D052-40A6-96A7-865C33112B4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_20h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19042.1052",
"matchCriteriaId": "B963E9AB-D1F7-45D1-8B7E-675732475401"
}
]
}

46
CVE-2021/CVE-2021-319xx/CVE-2021-31955.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-31955",
"sourceIdentifier": "secure@microsoft.com",
"published": "2021-06-08T23:15:08.817",
"lastModified": "2024-07-03T01:36:43.470",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-29T17:34:00.803",
"vulnStatus": "Analyzed",
"cveTags": [],
"cisaExploitAdd": "2021-11-03",
"cisaActionDue": "2021-11-17",
@ -95,7 +95,7 @@
"description": [
{
"lang": "en",
"value": "CWE-200"
"value": "NVD-CWE-noinfo"
}
]
},
@ -119,43 +119,51 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E2C378B-1507-4C81-82F6-9F599616845A"
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.1999",
"matchCriteriaId": "0DF9B75A-049E-44AA-B4DD-3384F3ED5E52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE4278F-71A7-43E9-8F79-1CBFAE71D730"
"criteria": "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.18363.1621",
"matchCriteriaId": "25BDC753-1696-4A75-AC79-E482662BD743"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1"
"criteria": "cpe:2.3:o:microsoft:windows_10_2004:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.1052",
"matchCriteriaId": "4110DDEF-AFEB-469C-8FF1-9208D5AD254A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
"matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372"
"criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19042.1052",
"matchCriteriaId": "A81D1961-6D36-4BBB-96C2-15D5480637CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8"
"criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19043.1052",
"matchCriteriaId": "579557C6-7D3C-4D9D-B8DF-E3193C01715C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A190388-AA82-4504-9D5A-624F23268C9F"
"criteria": "cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.1052",
"matchCriteriaId": "854BE587-9888-4365-ABBA-AC951DC7BCB4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "0B60D940-80C7-49F0-8F4E-3F99AC15FA82"
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.1999",
"matchCriteriaId": "ACDF4D88-D052-40A6-96A7-865C33112B4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
"criteria": "cpe:2.3:o:microsoft:windows_server_20h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19042.1052",
"matchCriteriaId": "B963E9AB-D1F7-45D1-8B7E-675732475401"
}
]
}

96
CVE-2021/CVE-2021-319xx/CVE-2021-31956.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-31956",
"sourceIdentifier": "secure@microsoft.com",
"published": "2021-06-08T23:15:08.847",
"lastModified": "2023-08-08T14:22:24.967",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-29T17:33:52.247",
"vulnStatus": "Analyzed",
"cveTags": [],
"cisaExploitAdd": "2021-11-03",
"cisaActionDue": "2021-11-17",
@ -46,11 +46,11 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
@ -107,26 +107,6 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E2C378B-1507-4C81-82F6-9F599616845A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE4278F-71A7-43E9-8F79-1CBFAE71D730"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
@ -134,13 +114,45 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
"matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372"
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.18967",
"matchCriteriaId": "C6D804CC-3D0A-442D-AD15-77779C9168F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8"
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.4467",
"matchCriteriaId": "3330A6EC-E638-4760-91F1-BB920ACDBB17"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.1999",
"matchCriteriaId": "0DF9B75A-049E-44AA-B4DD-3384F3ED5E52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.18363.1621",
"matchCriteriaId": "25BDC753-1696-4A75-AC79-E482662BD743"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_2004:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.1052",
"matchCriteriaId": "4110DDEF-AFEB-469C-8FF1-9208D5AD254A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19042.1052",
"matchCriteriaId": "A81D1961-6D36-4BBB-96C2-15D5480637CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19043.1052",
"matchCriteriaId": "579557C6-7D3C-4D9D-B8DF-E3193C01715C"
},
{
"vulnerable": true,
@ -157,6 +169,12 @@
"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.1052",
"matchCriteriaId": "854BE587-9888-4365-ABBA-AC951DC7BCB4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
@ -179,23 +197,21 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.4467",
"matchCriteriaId": "6EC20279-4DB0-4D87-93EF-235D0D36B1D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A190388-AA82-4504-9D5A-624F23268C9F"
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.1999",
"matchCriteriaId": "ACDF4D88-D052-40A6-96A7-865C33112B4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "0B60D940-80C7-49F0-8F4E-3F99AC15FA82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
"criteria": "cpe:2.3:o:microsoft:windows_server_20h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19042.1052",
"matchCriteriaId": "B963E9AB-D1F7-45D1-8B7E-675732475401"
}
]
}

40
CVE-2021/CVE-2021-337xx/CVE-2021-33739.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-33739",
"sourceIdentifier": "secure@microsoft.com",
"published": "2021-06-08T23:15:09.493",
"lastModified": "2023-08-01T23:15:15.977",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-29T17:32:30.853",
"vulnStatus": "Analyzed",
"cveTags": [],
"cisaExploitAdd": "2021-11-03",
"cisaActionDue": "2021-11-17",
@ -46,11 +46,11 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
@ -109,33 +109,39 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E2C378B-1507-4C81-82F6-9F599616845A"
"criteria": "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.18363.1621",
"matchCriteriaId": "25BDC753-1696-4A75-AC79-E482662BD743"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE4278F-71A7-43E9-8F79-1CBFAE71D730"
"criteria": "cpe:2.3:o:microsoft:windows_10_2004:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.1052",
"matchCriteriaId": "4110DDEF-AFEB-469C-8FF1-9208D5AD254A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
"matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372"
"criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19042.1052",
"matchCriteriaId": "A81D1961-6D36-4BBB-96C2-15D5480637CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8"
"criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19043.1052",
"matchCriteriaId": "579557C6-7D3C-4D9D-B8DF-E3193C01715C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A190388-AA82-4504-9D5A-624F23268C9F"
"criteria": "cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.1052",
"matchCriteriaId": "854BE587-9888-4365-ABBA-AC951DC7BCB4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "0B60D940-80C7-49F0-8F4E-3F99AC15FA82"
"criteria": "cpe:2.3:o:microsoft:windows_server_20h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19042.1052",
"matchCriteriaId": "B963E9AB-D1F7-45D1-8B7E-675732475401"
}
]
}

64
CVE-2021/CVE-2021-337xx/CVE-2021-33742.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-33742",
"sourceIdentifier": "secure@microsoft.com",
"published": "2021-06-08T23:15:09.540",
"lastModified": "2023-12-30T00:15:19.290",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-29T17:06:54.407",
"vulnStatus": "Analyzed",
"cveTags": [],
"cisaExploitAdd": "2021-11-03",
"cisaActionDue": "2021-11-17",
@ -109,38 +109,45 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0"
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.18967",
"matchCriteriaId": "C6D804CC-3D0A-442D-AD15-77779C9168F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E2C378B-1507-4C81-82F6-9F599616845A"
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.4467",
"matchCriteriaId": "3330A6EC-E638-4760-91F1-BB920ACDBB17"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE4278F-71A7-43E9-8F79-1CBFAE71D730"
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.1999",
"matchCriteriaId": "0DF9B75A-049E-44AA-B4DD-3384F3ED5E52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64"
"criteria": "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.18363.1621",
"matchCriteriaId": "25BDC753-1696-4A75-AC79-E482662BD743"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1"
"criteria": "cpe:2.3:o:microsoft:windows_10_2004:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.1052",
"matchCriteriaId": "4110DDEF-AFEB-469C-8FF1-9208D5AD254A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
"matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372"
"criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19042.1052",
"matchCriteriaId": "A81D1961-6D36-4BBB-96C2-15D5480637CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8"
"criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19043.1052",
"matchCriteriaId": "579557C6-7D3C-4D9D-B8DF-E3193C01715C"
},
{
"vulnerable": true,
@ -179,28 +186,15 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.4467",
"matchCriteriaId": "6EC20279-4DB0-4D87-93EF-235D0D36B1D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A190388-AA82-4504-9D5A-624F23268C9F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
"matchCriteriaId": "C253A63F-03AB-41CB-A03A-B2674DEA98AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "0B60D940-80C7-49F0-8F4E-3F99AC15FA82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.1999",
"matchCriteriaId": "ACDF4D88-D052-40A6-96A7-865C33112B4F"
}
]
}

45
CVE-2023/CVE-2023-528xx/CVE-2023-52887.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2023-52887",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T16:15:03.150",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new\n\nThis patch enhances error handling in scenarios with RTS (Request to\nSend) messages arriving closely. It replaces the less informative WARN_ON_ONCE\nbacktraces with a new error handling method. This provides clearer error\nmessages and allows for the early termination of problematic sessions.\nPreviously, sessions were only released at the end of j1939_xtp_rx_rts().\n\nPotentially this could be reproduced with something like:\ntestj1939 -r vcan0:0x80 &\nwhile true; do\n\t# send first RTS\n\tcansend vcan0 18EC8090#1014000303002301;\n\t# send second RTS\n\tcansend vcan0 18EC8090#1014000303002301;\n\t# send abort\n\tcansend vcan0 18EC8090#ff00000000002301;\ndone"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0bc0a7416ea73f79f915c9a05ac0858dff65cfed",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1762ca80c2b72dd1b5821c5e347713ae696276ea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/177e33b655d35d72866b50aec84307119dc5f3d4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/26b18dd30e63d4fd777be429148e8e4ed66f60b2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d3e2904f71ea0fe7eaff1d68a2b0363c888ea0fb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ed581989d7ea9df6f8646beba2341e32cd49a1f9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f6c839e717901dbd6b1c1ca807b6210222eb70f6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-333xx/CVE-2024-33365.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-33365",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-29T17:15:10.947",
"lastModified": "2024-07-29T17:15:10.947",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.20_cn allows a remote attacker to execute arbitrary code via the Virtual_Data_Check function in the bin/httpd component."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/johnathanhuutri/CVE_report/blob/master/CVE-2024-33365/README.md",
"source": "cve@mitre.org"
},
{
"url": "https://hackmd.io/%40JohnathanHuuTri/rJNbEItJC",
"source": "cve@mitre.org"
}
]
}

4
CVE-2024/CVE-2024-379xx/CVE-2024-37906.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37906",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-29T15:15:10.747",
"lastModified": "2024-07-29T15:15:10.747",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-385xx/CVE-2024-38529.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38529",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-29T15:15:10.990",
"lastModified": "2024-07-29T15:15:10.990",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

65
CVE-2024/CVE-2024-39xx/CVE-2024-3966.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3966",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-06-14T06:15:12.170",
"lastModified": "2024-06-17T12:42:04.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-29T16:52:33.533",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,68 @@
"value": "El complemento Pray For Me de WordPress hasta la versi\u00f3n 1.0.4 no sanitiza ni escapa a algunos par\u00e1metros, lo que podr\u00eda permitir a visitantes no autenticados realizar ataques de Cross-site scripting que se activan cuando un administrador visita las solicitudes de oraci\u00f3n en el administrador de WP."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectcaruso:pray_for_me:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.4",
"matchCriteriaId": "9233B443-1034-424F-BB1A-008F4C1C5AC6"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/9f0a575f-862d-4f2e-8d25-82c6f58dd11a/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2024/CVE-2024-39xx/CVE-2024-3971.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3971",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-06-14T06:15:12.250",
"lastModified": "2024-06-17T12:42:04.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-29T16:51:34.570",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,68 @@
"value": "El complemento Similarity WordPress hasta la versi\u00f3n 3.0 no tiene activada la verificaci\u00f3n CSRF al restablecer su configuraci\u00f3n, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n los restablezca mediante un ataque CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:davidjmiller:similarity:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.0",
"matchCriteriaId": "21FB65B1-B83C-42A7-8102-E247C0334442"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/5dec5719-105d-4989-a97f-bda04d223322/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2024/CVE-2024-39xx/CVE-2024-3972.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3972",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-06-14T06:15:12.330",
"lastModified": "2024-06-17T12:42:04.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-29T16:51:05.463",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,68 @@
"value": "El complemento Similarity WordPress hasta la versi\u00f3n 3.0 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta sanitizaci\u00f3n y escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador que haya iniciado sesi\u00f3n agregue payloads XSS almacenado a trav\u00e9s de un ataque CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:davidjmiller:similarity:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.0",
"matchCriteriaId": "21FB65B1-B83C-42A7-8102-E247C0334442"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/55dfb9b5-d590-478b-bd1f-d420b79037fa/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2024/CVE-2024-39xx/CVE-2024-3977.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3977",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-06-14T06:15:12.427",
"lastModified": "2024-06-17T12:42:04.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-29T16:43:10.197",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,68 @@
"value": "El complemento WordPress Jitsi Shortcode de WordPress hasta la versi\u00f3n 0.1 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:andrewabarber:wordpress_jitsi_shortcode:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "0.1",
"matchCriteriaId": "88986B59-CB43-4AC0-AE27-158841AAE541"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/25851386-eccf-49cb-afbf-c25286c9b19e/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2024/CVE-2024-39xx/CVE-2024-3978.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3978",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-06-14T06:15:12.520",
"lastModified": "2024-06-17T12:42:04.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-29T16:42:44.887",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,68 @@
"value": "El complemento WordPress Jitsi Shortcode de WordPress hasta la versi\u00f3n 0.1 no valida ni escapa algunos de sus atributos de shortcode antes de devolverlos a una p\u00e1gina/publicaci\u00f3n donde est\u00e1 incrustado el shortcode, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superior realizar ataques de Cross-Site Scripting Almacenado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:andrewabarber:wordpress_jitsi_shortcode:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "0.1",
"matchCriteriaId": "88986B59-CB43-4AC0-AE27-158841AAE541"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/a9f47d11-47ac-4998-a82a-dc2f3b0decdf/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-405xx/CVE-2024-40576.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40576",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-29T14:15:03.677",
"lastModified": "2024-07-29T14:15:03.677",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

65
CVE-2024/CVE-2024-40xx/CVE-2024-4005.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4005",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-06-14T06:15:12.753",
"lastModified": "2024-06-17T12:42:04.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-29T16:35:52.363",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,68 @@
"value": "El complemento Social Pixel WordPress hasta la versi\u00f3n 2.1 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:social_pixel:social_pixel:*:*:*:*:*:*:wordpress:*",
"versionEndIncluding": "2.1",
"matchCriteriaId": "B1B0CEFF-C097-4066-B4E2-FF50F25AC985"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/02ca09f8-4080-4969-992d-0e6afb29bc62/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-410xx/CVE-2024-41020.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41020",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T14:15:03.773",
"lastModified": "2024-07-29T14:15:03.773",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41021.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41021",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T14:15:03.870",
"lastModified": "2024-07-29T14:15:03.870",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41022.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41022",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T14:15:03.943",
"lastModified": "2024-07-29T14:15:03.943",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41023.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41023",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:11.200",
"lastModified": "2024-07-29T15:15:11.200",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41024.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41024",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:11.270",
"lastModified": "2024-07-29T15:15:11.270",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41025.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41025",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:11.343",
"lastModified": "2024-07-29T15:15:11.343",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41026.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41026",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:11.413",
"lastModified": "2024-07-29T15:15:11.413",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41027.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41027",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:11.483",
"lastModified": "2024-07-29T15:15:11.483",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41028.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41028",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:11.553",
"lastModified": "2024-07-29T15:15:11.553",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41029.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41029",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:11.627",
"lastModified": "2024-07-29T15:15:11.627",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41030.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41030",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:11.697",
"lastModified": "2024-07-29T15:15:11.697",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41031.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41031",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:11.770",
"lastModified": "2024-07-29T15:15:11.770",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41032.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41032",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:11.850",
"lastModified": "2024-07-29T15:15:11.850",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41033.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41033",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:11.920",
"lastModified": "2024-07-29T15:15:11.920",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41034.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41034",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:11.990",
"lastModified": "2024-07-29T15:15:11.990",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41035.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41035",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:12.077",
"lastModified": "2024-07-29T15:15:12.077",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41036.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41036",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:12.170",
"lastModified": "2024-07-29T15:15:12.170",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41037.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41037",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:12.240",
"lastModified": "2024-07-29T15:15:12.240",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41038.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41038",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:12.320",
"lastModified": "2024-07-29T15:15:12.320",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41039.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41039",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:12.393",
"lastModified": "2024-07-29T15:15:12.393",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41040.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41040",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:12.473",
"lastModified": "2024-07-29T15:15:12.473",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41041.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41041",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:12.563",
"lastModified": "2024-07-29T15:15:12.563",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41042.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41042",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:12.647",
"lastModified": "2024-07-29T15:15:12.647",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41043.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41043",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:12.710",
"lastModified": "2024-07-29T15:15:12.710",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41044.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41044",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:12.783",
"lastModified": "2024-07-29T15:15:12.783",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41045.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41045",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:12.873",
"lastModified": "2024-07-29T15:15:12.873",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41046.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41046",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:12.943",
"lastModified": "2024-07-29T15:15:12.943",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41047.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41047",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:13.027",
"lastModified": "2024-07-29T15:15:13.027",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41048.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41048",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:13.103",
"lastModified": "2024-07-29T15:15:13.103",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41049.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41049",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:13.177",
"lastModified": "2024-07-29T15:15:13.177",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41050.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41050",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:13.260",
"lastModified": "2024-07-29T15:15:13.260",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41051.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41051",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:13.327",
"lastModified": "2024-07-29T15:15:13.327",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41052.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41052",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:13.407",
"lastModified": "2024-07-29T15:15:13.407",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41053.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41053",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:13.473",
"lastModified": "2024-07-29T15:15:13.473",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41054.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41054",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:13.557",
"lastModified": "2024-07-29T15:15:13.557",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41055.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41055",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:13.620",
"lastModified": "2024-07-29T15:15:13.620",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41056.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41056",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:13.703",
"lastModified": "2024-07-29T15:15:13.703",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41057.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41057",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:13.773",
"lastModified": "2024-07-29T15:15:13.773",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41058.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41058",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:13.847",
"lastModified": "2024-07-29T15:15:13.847",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41059.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41059",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:13.927",
"lastModified": "2024-07-29T15:15:13.927",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41060.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41060",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:14.030",
"lastModified": "2024-07-29T15:15:14.030",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41061.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41061",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:14.103",
"lastModified": "2024-07-29T15:15:14.103",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41062.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41062",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:14.173",
"lastModified": "2024-07-29T15:15:14.173",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41063.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41063",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:14.243",
"lastModified": "2024-07-29T15:15:14.243",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41064.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41064",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:14.330",
"lastModified": "2024-07-29T15:15:14.330",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41065.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41065",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:14.410",
"lastModified": "2024-07-29T15:15:14.410",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41066.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41066",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:14.480",
"lastModified": "2024-07-29T15:15:14.480",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41067.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41067",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:14.560",
"lastModified": "2024-07-29T15:15:14.560",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41068.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41068",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:14.630",
"lastModified": "2024-07-29T15:15:14.630",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41069.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41069",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:14.713",
"lastModified": "2024-07-29T15:15:14.713",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41070.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41070",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:14.787",
"lastModified": "2024-07-29T15:15:14.787",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41071.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41071",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:14.863",
"lastModified": "2024-07-29T15:15:14.863",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41072.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41072",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:14.937",
"lastModified": "2024-07-29T15:15:14.937",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41073.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41073",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:15.020",
"lastModified": "2024-07-29T15:15:15.020",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41074.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41074",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:15.097",
"lastModified": "2024-07-29T15:15:15.097",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41075.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41075",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:15.163",
"lastModified": "2024-07-29T15:15:15.163",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41076.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41076",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:15.237",
"lastModified": "2024-07-29T15:15:15.237",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41077.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41077",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:15.303",
"lastModified": "2024-07-29T15:15:15.303",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41078.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41078",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:15.380",
"lastModified": "2024-07-29T15:15:15.380",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41079.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41079",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:15.457",
"lastModified": "2024-07-29T15:15:15.457",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41080.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41080",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:15.523",
"lastModified": "2024-07-29T15:15:15.523",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41081.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41081",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:15.593",
"lastModified": "2024-07-29T15:15:15.593",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-410xx/CVE-2024-41082.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41082",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T15:15:15.670",
"lastModified": "2024-07-29T15:15:15.670",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

25
CVE-2024/CVE-2024-410xx/CVE-2024-41083.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-41083",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T16:15:03.790",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix netfs_page_mkwrite() to check folio->mapping is valid\n\nFix netfs_page_mkwrite() to check that folio->mapping is valid once it has\ntaken the folio lock (as filemap_page_mkwrite() does). Without this,\ngeneric/247 occasionally oopses with something like the following:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n\n RIP: 0010:trace_event_raw_event_netfs_folio+0x61/0xc0\n ...\n Call Trace:\n <TASK>\n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x6e/0xa0\n ? exc_page_fault+0xc2/0xe0\n ? asm_exc_page_fault+0x22/0x30\n ? trace_event_raw_event_netfs_folio+0x61/0xc0\n trace_netfs_folio+0x39/0x40\n netfs_page_mkwrite+0x14c/0x1d0\n do_page_mkwrite+0x50/0x90\n do_pte_missing+0x184/0x200\n __handle_mm_fault+0x42d/0x500\n handle_mm_fault+0x121/0x1f0\n do_user_addr_fault+0x23e/0x3c0\n exc_page_fault+0xc2/0xe0\n asm_exc_page_fault+0x22/0x30\n\nThis is due to the invalidate_inode_pages2_range() issued at the end of the\nDIO write interfering with the mmap'd writes."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3473eb87afd402e415a8ca885b284ea0420dde25",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a81c98bfa40c11f8ea79b5a9b3f5fda73bfbb4d2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2024/CVE-2024-410xx/CVE-2024-41084.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-41084",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T16:15:03.873",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/region: Avoid null pointer dereference in region lookup\n\ncxl_dpa_to_region() looks up a region based on a memdev and DPA.\nIt wrongly assumes an endpoint found mapping the DPA is also of\na fully assembled region. When not true it leads to a null pointer\ndereference looking up the region name.\n\nThis appears during testing of region lookup after a failure to\nassemble a BIOS defined region or if the lookup raced with the\nassembly of the BIOS defined region.\n\nFailure to clean up BIOS defined regions that fail assembly is an\nissue in itself and a fix to that problem will alleviate some of\nthe impact. It will not alleviate the race condition so let's harden\nthis path.\n\nThe behavior change is that the kernel oops due to a null pointer\ndereference is replaced with a dev_dbg() message noting that an\nendpoint was mapped.\n\nAdditional comments are added so that future users of this function\ncan more clearly understand what it provides."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/285f2a08841432fc3e498b1cd00cce5216cdf189",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a9e099e29e925f8b31cfe53e8a786b9796f8e453",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b8a40a6dbfb0150c1081384caa9bbe28ce5d5060",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-410xx/CVE-2024-41085.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-41085",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T16:15:03.960",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/mem: Fix no cxl_nvd during pmem region auto-assembling\n\nWhen CXL subsystem is auto-assembling a pmem region during cxl\nendpoint port probing, always hit below calltrace.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000078\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n RIP: 0010:cxl_pmem_region_probe+0x22e/0x360 [cxl_pmem]\n Call Trace:\n <TASK>\n ? __die+0x24/0x70\n ? page_fault_oops+0x82/0x160\n ? do_user_addr_fault+0x65/0x6b0\n ? exc_page_fault+0x7d/0x170\n ? asm_exc_page_fault+0x26/0x30\n ? cxl_pmem_region_probe+0x22e/0x360 [cxl_pmem]\n ? cxl_pmem_region_probe+0x1ac/0x360 [cxl_pmem]\n cxl_bus_probe+0x1b/0x60 [cxl_core]\n really_probe+0x173/0x410\n ? __pfx___device_attach_driver+0x10/0x10\n __driver_probe_device+0x80/0x170\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x90/0x120\n bus_for_each_drv+0x84/0xe0\n __device_attach+0xbc/0x1f0\n bus_probe_device+0x90/0xa0\n device_add+0x51c/0x710\n devm_cxl_add_pmem_region+0x1b5/0x380 [cxl_core]\n cxl_bus_probe+0x1b/0x60 [cxl_core]\n\nThe cxl_nvd of the memdev needs to be available during the pmem region\nprobe. Currently the cxl_nvd is registered after the endpoint port probe.\nThe endpoint probe, in the case of autoassembly of regions, can cause a\npmem region probe requiring the not yet available cxl_nvd. Adjust the\nsequence so this dependency is met.\n\nThis requires adding a port parameter to cxl_find_nvdimm_bridge() that\ncan be used to query the ancestor root port. The endpoint port is not\nyet available, but will share a common ancestor with its parent, so\nstart the query from there instead."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1d064e4fbebcf5b18dc10c1f3973487eb163b600",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/84ec985944ef34a34a1605b93ce401aa8737af96",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-410xx/CVE-2024-41086.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-41086",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T16:15:04.043",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcachefs: Fix sb_field_downgrade validation\n\n- bch2_sb_downgrade_validate() wasn't checking for a downgrade entry\n extending past the end of the superblock section\n\n- for_each_downgrade_entry() is used in to_text() and needs to work on\n malformed input; it also was missing a check for a field extending\n past the end of the section"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/692aa7a54b2b28d59f24b3bf8250837805484b99",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bf920ed92ef24dcd6970c88881cd4700b3acf05b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2024/CVE-2024-410xx/CVE-2024-41087.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2024-41087",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T16:15:04.120",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-core: Fix double free on error\n\nIf e.g. the ata_port_alloc() call in ata_host_alloc() fails, we will jump\nto the err_out label, which will call devres_release_group().\ndevres_release_group() will trigger a call to ata_host_release().\nata_host_release() calls kfree(host), so executing the kfree(host) in\nata_host_alloc() will lead to a double free:\n\nkernel BUG at mm/slub.c:553!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 11 PID: 599 Comm: (udev-worker) Not tainted 6.10.0-rc5 #47\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\nRIP: 0010:kfree+0x2cf/0x2f0\nCode: 5d 41 5e 41 5f 5d e9 80 d6 ff ff 4d 89 f1 41 b8 01 00 00 00 48 89 d9 48 89 da\nRSP: 0018:ffffc90000f377f0 EFLAGS: 00010246\nRAX: ffff888112b1f2c0 RBX: ffff888112b1f2c0 RCX: ffff888112b1f320\nRDX: 000000000000400b RSI: ffffffffc02c9de5 RDI: ffff888112b1f2c0\nRBP: ffffc90000f37830 R08: 0000000000000000 R09: 0000000000000000\nR10: ffffc90000f37610 R11: 617461203a736b6e R12: ffffea00044ac780\nR13: ffff888100046400 R14: ffffffffc02c9de5 R15: 0000000000000006\nFS: 00007f2f1cabe980(0000) GS:ffff88813b380000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f2f1c3acf75 CR3: 0000000111724000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n <TASK>\n ? __die_body.cold+0x19/0x27\n ? die+0x2e/0x50\n ? do_trap+0xca/0x110\n ? do_error_trap+0x6a/0x90\n ? kfree+0x2cf/0x2f0\n ? exc_invalid_op+0x50/0x70\n ? kfree+0x2cf/0x2f0\n ? asm_exc_invalid_op+0x1a/0x20\n ? ata_host_alloc+0xf5/0x120 [libata]\n ? ata_host_alloc+0xf5/0x120 [libata]\n ? kfree+0x2cf/0x2f0\n ata_host_alloc+0xf5/0x120 [libata]\n ata_host_alloc_pinfo+0x14/0xa0 [libata]\n ahci_init_one+0x6c9/0xd20 [ahci]\n\nEnsure that we will not call kfree(host) twice, by performing the kfree()\nonly if the devres_open_group() call failed."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/010de9acbea58fbcbda08e3793d6262086a493fe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/062e256516d7db5e7dcdef117f52025cd5c456e3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/290073b2b557e4dc21ee74a1e403d9ae79e393a2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/56f1c7e290cd6c69c948fcd2e2a49e6a637ec38f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5dde5f8b790274723640d29a07c5a97d57d62047",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/702c1edbafb2e6f9d20f6d391273b5be09d366a5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8106da4d88bbaed809e023cc8014b766223d6e76",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ab9e0c529eb7cafebdd31fe1644524e80a48b05d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2024/CVE-2024-410xx/CVE-2024-41088.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-41088",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T16:15:04.217",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251xfd: fix infinite loop when xmit fails\n\nWhen the mcp251xfd_start_xmit() function fails, the driver stops\nprocessing messages, and the interrupt routine does not return,\nrunning indefinitely even after killing the running application.\n\nError messages:\n[ 441.298819] mcp251xfd spi2.0 can0: ERROR in mcp251xfd_start_xmit: -16\n[ 441.306498] mcp251xfd spi2.0 can0: Transmit Event FIFO buffer not empty. (seq=0x000017c7, tef_tail=0x000017cf, tef_head=0x000017d0, tx_head=0x000017d3).\n... and repeat forever.\n\nThe issue can be triggered when multiple devices share the same SPI\ninterface. And there is concurrent access to the bus.\n\nThe problem occurs because tx_ring->head increments even if\nmcp251xfd_start_xmit() fails. Consequently, the driver skips one TX\npackage while still expecting a response in\nmcp251xfd_handle_tefif_one().\n\nResolve the issue by starting a workqueue to write the tx obj\nsynchronously if err = -EBUSY. In case of another error, decrement\ntx_ring->head, remove skb from the echo stack, and drop the message.\n\n[mkl: use more imperative wording in patch description]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3e72558c1711d524e3150103739ddd06650e291b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6c6b4afa59c2fb4d1759235f866d8caed2aa4729",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d8fb63e46c884c898a38f061c2330f7729e75510",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f926c022ebaabf7963bebf89a97201d66978a025",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2024/CVE-2024-410xx/CVE-2024-41089.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2024-41089",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T16:15:04.300",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes\n\nIn nv17_tv_get_hd_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). The same applies to drm_cvt_mode().\nAdd a check to avoid null pointer dereference."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1c9f2e60150b4f13789064370e37f39e6e060f50",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/30cbf6ffafbbdd8a6e4e5f0a2e9a9827ee83f3ad",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/56fc4d3b0bdef691831cd95715a7ca3ebea98b2d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5eecb49a6c268dc229005bf6e8167d4001dc09a0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6d411c8ccc0137a612e0044489030a194ff5c843",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6e49a157d541e7e97b815a56f4bdfcbc89844a59",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7ece609b0ce7a7ea8acdf512a77d1fee26621637",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ffabad4aa91e33ced3c6ae793fb37771b3e9cb51",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2024/CVE-2024-410xx/CVE-2024-41092.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2024-41092",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T16:15:04.383",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gt: Fix potential UAF by revoke of fence registers\n\nCI has been sporadically reporting the following issue triggered by\nigt@i915_selftest@live@hangcheck on ADL-P and similar machines:\n\n<6> [414.049203] i915: Running intel_hangcheck_live_selftests/igt_reset_evict_fence\n...\n<6> [414.068804] i915 0000:00:02.0: [drm] GT0: GUC: submission enabled\n<6> [414.068812] i915 0000:00:02.0: [drm] GT0: GUC: SLPC enabled\n<3> [414.070354] Unable to pin Y-tiled fence; err:-4\n<3> [414.071282] i915_vma_revoke_fence:301 GEM_BUG_ON(!i915_active_is_idle(&fence->active))\n...\n<4>[ 609.603992] ------------[ cut here ]------------\n<2>[ 609.603995] kernel BUG at drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c:301!\n<4>[ 609.604003] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n<4>[ 609.604006] CPU: 0 PID: 268 Comm: kworker/u64:3 Tainted: G U W 6.9.0-CI_DRM_14785-g1ba62f8cea9c+ #1\n<4>[ 609.604008] Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-P DDR4 RVP, BIOS RPLPFWI1.R00.4035.A00.2301200723 01/20/2023\n<4>[ 609.604010] Workqueue: i915 __i915_gem_free_work [i915]\n<4>[ 609.604149] RIP: 0010:i915_vma_revoke_fence+0x187/0x1f0 [i915]\n...\n<4>[ 609.604271] Call Trace:\n<4>[ 609.604273] <TASK>\n...\n<4>[ 609.604716] __i915_vma_evict+0x2e9/0x550 [i915]\n<4>[ 609.604852] __i915_vma_unbind+0x7c/0x160 [i915]\n<4>[ 609.604977] force_unbind+0x24/0xa0 [i915]\n<4>[ 609.605098] i915_vma_destroy+0x2f/0xa0 [i915]\n<4>[ 609.605210] __i915_gem_object_pages_fini+0x51/0x2f0 [i915]\n<4>[ 609.605330] __i915_gem_free_objects.isra.0+0x6a/0xc0 [i915]\n<4>[ 609.605440] process_scheduled_works+0x351/0x690\n...\n\nIn the past, there were similar failures reported by CI from other IGT\ntests, observed on other platforms.\n\nBefore commit 63baf4f3d587 (\"drm/i915/gt: Only wait for GPU activity\nbefore unbinding a GGTT fence\"), i915_vma_revoke_fence() was waiting for\nidleness of vma->active via fence_update(). That commit introduced\nvma->fence->active in order for the fence_update() to be able to wait\nselectively on that one instead of vma->active since only idleness of\nfence registers was needed. But then, another commit 0d86ee35097a\n(\"drm/i915/gt: Make fence revocation unequivocal\") replaced the call to\nfence_update() in i915_vma_revoke_fence() with only fence_write(), and\nalso added that GEM_BUG_ON(!i915_active_is_idle(&fence->active)) in front.\nNo justification was provided on why we might then expect idleness of\nvma->fence->active without first waiting on it.\n\nThe issue can be potentially caused by a race among revocation of fence\nregisters on one side and sequential execution of signal callbacks invoked\non completion of a request that was using them on the other, still\nprocessed in parallel to revocation of those fence registers. Fix it by\nwaiting for idleness of vma->fence->active in i915_vma_revoke_fence().\n\n(cherry picked from commit 24bb052d3dd499c5956abad5f7d8e4fd07da7fb1)"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/06dec31a0a5112a91f49085e8a8fa1a82296d5c7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/29c0fdf49078ab161570d3d1c6e13d66f182717d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/414f4a31f7a811008fd9a33b06216b060bad18fc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/996c3412a06578e9d779a16b9e79ace18125ab50",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ca0fabd365a27a94a36e68a7a02df8ff3c13dac6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f771b91f21c46ad1217328d05e72a2c7e3add535",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2024/CVE-2024-410xx/CVE-2024-41093.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2024-41093",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T16:15:04.463",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: avoid using null object of framebuffer\n\nInstead of using state->fb->obj[0] directly, get object from framebuffer\nby calling drm_gem_fb_get_obj() and return error code when object is\nnull to avoid using null object of framebuffer."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/330c8c1453848c04d335bad81371a66710210800",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6ce0544cabaa608018d5922ab404dc656a9d8447",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7f35e01cb0ea4d295f5c067bb5c67dfcddaf05bc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bcfa48ff785bd121316592b131ff6531e3e696bb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dd9ec0ea4cdde0fc48116e63969fc83e81d7ef46",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2024/CVE-2024-410xx/CVE-2024-41094.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-41094",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T16:15:04.543",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/fbdev-dma: Only set smem_start is enable per module option\n\nOnly export struct fb_info.fix.smem_start if that is required by the\nuser and the memory does not come from vmalloc().\n\nSetting struct fb_info.fix.smem_start breaks systems where DMA\nmemory is backed by vmalloc address space. An example error is\nshown below.\n\n[ 3.536043] ------------[ cut here ]------------\n[ 3.540716] virt_to_phys used for non-linear address: 000000007fc4f540 (0xffff800086001000)\n[ 3.552628] WARNING: CPU: 4 PID: 61 at arch/arm64/mm/physaddr.c:12 __virt_to_phys+0x68/0x98\n[ 3.565455] Modules linked in:\n[ 3.568525] CPU: 4 PID: 61 Comm: kworker/u12:5 Not tainted 6.6.23-06226-g4986cc3e1b75-dirty #250\n[ 3.577310] Hardware name: NXP i.MX95 19X19 board (DT)\n[ 3.582452] Workqueue: events_unbound deferred_probe_work_func\n[ 3.588291] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 3.595233] pc : __virt_to_phys+0x68/0x98\n[ 3.599246] lr : __virt_to_phys+0x68/0x98\n[ 3.603276] sp : ffff800083603990\n[ 3.677939] Call trace:\n[ 3.680393] __virt_to_phys+0x68/0x98\n[ 3.684067] drm_fbdev_dma_helper_fb_probe+0x138/0x238\n[ 3.689214] __drm_fb_helper_initial_config_and_unlock+0x2b0/0x4c0\n[ 3.695385] drm_fb_helper_initial_config+0x4c/0x68\n[ 3.700264] drm_fbdev_dma_client_hotplug+0x8c/0xe0\n[ 3.705161] drm_client_register+0x60/0xb0\n[ 3.709269] drm_fbdev_dma_setup+0x94/0x148\n\nAdditionally, DMA memory is assumed to by contiguous in physical\naddress space, which is not guaranteed by vmalloc().\n\nResolve this by checking the module flag drm_leak_fbdev_smem when\nDRM allocated the instance of struct fb_info. Fbdev-dma then only\nsets smem_start only if required (via FBINFO_HIDE_SMEM_START). Also\nguarantee that the framebuffer is not located in vmalloc address\nspace."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/00702cfa8432ac67a72f56de5e1d278ddea2ebde",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d92a7580392ad4681b1d4f9275d00b95375ebe01",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f29fcfbf6067c0d8c83f84a045da9276c08deac5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2024/CVE-2024-410xx/CVE-2024-41095.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2024-41095",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T16:15:04.613",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes\n\nIn nv17_tv_get_ld_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). Add a check to avoid npd."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0d17604f2e44b3df21e218fe8fb3b836d41bac49",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/259549b2ccf795b7f91f7b5aba47286addcfa389",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/66edf3fb331b6c55439b10f9862987b0916b3726",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9289cd3450d1da3e271ef4b054d4d2932c41243e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bdda5072494f2a7215d94fc4124ad1949a218714",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cb751e48bbcffd292090f7882b23b215111b3d72",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dbd75f32252508ed6c46c3288a282c301a57ceeb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f95ed0f54b3d3faecae1140ddab854f904a6e7c8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2024/CVE-2024-410xx/CVE-2024-41096.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-41096",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T16:15:04.683",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/MSI: Fix UAF in msi_capability_init\n\nKFENCE reports the following UAF:\n\n BUG: KFENCE: use-after-free read in __pci_enable_msi_range+0x2c0/0x488\n\n Use-after-free read at 0x0000000024629571 (in kfence-#12):\n __pci_enable_msi_range+0x2c0/0x488\n pci_alloc_irq_vectors_affinity+0xec/0x14c\n pci_alloc_irq_vectors+0x18/0x28\n\n kfence-#12: 0x0000000008614900-0x00000000e06c228d, size=104, cache=kmalloc-128\n\n allocated by task 81 on cpu 7 at 10.808142s:\n __kmem_cache_alloc_node+0x1f0/0x2bc\n kmalloc_trace+0x44/0x138\n msi_alloc_desc+0x3c/0x9c\n msi_domain_insert_msi_desc+0x30/0x78\n msi_setup_msi_desc+0x13c/0x184\n __pci_enable_msi_range+0x258/0x488\n pci_alloc_irq_vectors_affinity+0xec/0x14c\n pci_alloc_irq_vectors+0x18/0x28\n\n freed by task 81 on cpu 7 at 10.811436s:\n msi_domain_free_descs+0xd4/0x10c\n msi_domain_free_locked.part.0+0xc0/0x1d8\n msi_domain_alloc_irqs_all_locked+0xb4/0xbc\n pci_msi_setup_msi_irqs+0x30/0x4c\n __pci_enable_msi_range+0x2a8/0x488\n pci_alloc_irq_vectors_affinity+0xec/0x14c\n pci_alloc_irq_vectors+0x18/0x28\n\nDescriptor allocation done in:\n__pci_enable_msi_range\n msi_capability_init\n msi_setup_msi_desc\n msi_insert_msi_desc\n msi_domain_insert_msi_desc\n msi_alloc_desc\n ...\n\nFreed in case of failure in __msi_domain_alloc_locked()\n__pci_enable_msi_range\n msi_capability_init\n pci_msi_setup_msi_irqs\n msi_domain_alloc_irqs_all_locked\n msi_domain_alloc_locked\n __msi_domain_alloc_locked => fails\n msi_domain_free_locked\n ...\n\nThat failure propagates back to pci_msi_setup_msi_irqs() in\nmsi_capability_init() which accesses the descriptor for unmasking in the\nerror exit path.\n\nCure it by copying the descriptor and using the copy for the error exit path\nunmask operation.\n\n[ tglx: Massaged change log ]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/45fc8d20e0768ab0a0ad054081d0f68aa3c83976",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9eee5330656bf92f51cb1f09b2dc9f8cf975b3d1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ff1121d2214b794dc1772081f27bdd90721a84bc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2024/CVE-2024-410xx/CVE-2024-41097.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2024-41097",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T16:15:04.753",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: atm: cxacru: fix endpoint checking in cxacru_bind()\n\nSyzbot is still reporting quite an old issue [1] that occurs due to\nincomplete checking of present usb endpoints. As such, wrong\nendpoints types may be used at urb sumbitting stage which in turn\ntriggers a warning in usb_submit_urb().\n\nFix the issue by verifying that required endpoint types are present\nfor both in and out endpoints, taking into account cmd endpoint type.\n\nUnfortunately, this patch has not been tested on real hardware.\n\n[1] Syzbot report:\nusb 1-1: BOGUS urb xfer, pipe 1 != type 3\nWARNING: CPU: 0 PID: 8667 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\nModules linked in:\nCPU: 0 PID: 8667 Comm: kworker/0:4 Not tainted 5.14.0-rc4-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\n...\nCall Trace:\n cxacru_cm+0x3c0/0x8e0 drivers/usb/atm/cxacru.c:649\n cxacru_card_status+0x22/0xd0 drivers/usb/atm/cxacru.c:760\n cxacru_bind+0x7ac/0x11a0 drivers/usb/atm/cxacru.c:1209\n usbatm_usb_probe+0x321/0x1ae0 drivers/usb/atm/usbatm.c:1055\n cxacru_usb_probe+0xdf/0x1e0 drivers/usb/atm/cxacru.c:1363\n usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396\n call_driver_probe drivers/base/dd.c:517 [inline]\n really_probe+0x23c/0xcd0 drivers/base/dd.c:595\n __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:747\n driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:777\n __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:894\n bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427\n __device_attach+0x228/0x4a0 drivers/base/dd.c:965\n bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487\n device_add+0xc2f/0x2180 drivers/base/core.c:3354\n usb_set_configuration+0x113a/0x1910 drivers/usb/core/message.c:2170\n usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238\n usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1aac4be1aaa5177506219f01dce5e29194e5e95a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/23926d316d2836315cb113569f91393266eb5b47",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2eabb655a968b862bc0c31629a09f0fbf3c80d51",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5159a81924311c1ec786ad9fdef784ead8676a6a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5584c776a1af7807ca815ee6265f2c1429fc5727",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/75ddbf776dd04a09fb9e5267ead5d0c989f84506",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ac9007520e392541a29daebaae8b9109007bc781",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f536f09eb45e4de8d1b9accee9d992aa1846f1d4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2024/CVE-2024-410xx/CVE-2024-41098.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-41098",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T16:15:04.837",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-core: Fix null pointer dereference on error\n\nIf the ata_port_alloc() call in ata_host_alloc() fails,\nata_host_release() will get called.\n\nHowever, the code in ata_host_release() tries to free ata_port struct\nmembers unconditionally, which can lead to the following:\n\nBUG: unable to handle page fault for address: 0000000000003990\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 10 PID: 594 Comm: (udev-worker) Not tainted 6.10.0-rc5 #44\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\nRIP: 0010:ata_host_release.cold+0x2f/0x6e [libata]\nCode: e4 4d 63 f4 44 89 e2 48 c7 c6 90 ad 32 c0 48 c7 c7 d0 70 33 c0 49 83 c6 0e 41\nRSP: 0018:ffffc90000ebb968 EFLAGS: 00010246\nRAX: 0000000000000041 RBX: ffff88810fb52e78 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffff88813b3218c0 RDI: ffff88813b3218c0\nRBP: ffff88810fb52e40 R08: 0000000000000000 R09: 6c65725f74736f68\nR10: ffffc90000ebb738 R11: 73692033203a746e R12: 0000000000000004\nR13: 0000000000000000 R14: 0000000000000011 R15: 0000000000000006\nFS: 00007f6cc55b9980(0000) GS:ffff88813b300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000003990 CR3: 00000001122a2000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n <TASK>\n ? __die_body.cold+0x19/0x27\n ? page_fault_oops+0x15a/0x2f0\n ? exc_page_fault+0x7e/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? ata_host_release.cold+0x2f/0x6e [libata]\n ? ata_host_release.cold+0x2f/0x6e [libata]\n release_nodes+0x35/0xb0\n devres_release_group+0x113/0x140\n ata_host_alloc+0xed/0x120 [libata]\n ata_host_alloc_pinfo+0x14/0xa0 [libata]\n ahci_init_one+0x6c9/0xd20 [ahci]\n\nDo not access ata_port struct members unconditionally."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/119c97ace2a9ffcf4dc09a23bb057d6c281aff28",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5d92c7c566dc76d96e0e19e481d926bbe6631c1e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8a8ff7e3b736a70d7b7c8764cbcd2724d4079ec8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-416xx/CVE-2024-41624.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-41624",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-29T16:15:04.917",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect access control in Himalaya Xiaoya nano smart speaker rom_version 1.6.96 allows a remote attacker to have an unspecified impact."
}
],
"metrics": {},
"references": [
{
"url": "http://himalaya.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/x1ngg3/cve/tree/main/CVE-2024-41624",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-416xx/CVE-2024-41631.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-41631",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-29T16:15:04.987",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in host-host NEUQ_board v.1.0 allows a remote attacker to cause a denial of service via the password.h component."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/host-host",
"source": "cve@mitre.org"
},
{
"url": "https://platform.akyuu.space/exploit.txt",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-416xx/CVE-2024-41640.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-41640",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-29T16:15:05.057",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in AML Surety Eco up to 3.5 allows an attacker to run arbitrary code via crafted GET request using the id parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/alemusix/CVE-2024-41640",
"source": "cve@mitre.org"
}
]
}

4
CVE-2024/CVE-2024-416xx/CVE-2024-41671.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41671",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-29T15:15:15.760",
"lastModified": "2024-07-29T15:15:15.760",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-416xx/CVE-2024-41676.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41676",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-29T15:15:16.040",
"lastModified": "2024-07-29T15:15:16.040",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-417xx/CVE-2024-41799.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41799",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-29T15:15:16.267",
"lastModified": "2024-07-29T15:15:16.267",
"vulnStatus": "Received",
"lastModified": "2024-07-29T16:21:52.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

Some files were not shown because too many files have changed in this diff Show More