admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-10-23T22:00:21.329352+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-10-23 22:03:22 +00:00
parent 2c78827db1
commit 7fe43d1d87
48 changed files with 3731 additions and 409 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
CVE-2020/CVE-2020-356xx/CVE-2020-35698.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-35698",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-25T20:15:12.643",
"lastModified": "2023-11-07T03:22:01.763",
"lastModified": "2024-10-23T20:35:00.873",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

24
CVE-2021/CVE-2021-305xx/CVE-2021-30558.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-30558",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-01-02T23:15:10.393",
"lastModified": "2023-01-09T19:22:07.820",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-23T20:35:01.990",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},

32
CVE-2022/CVE-2022-34xx/CVE-2022-3450.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-3450",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2022-11-09T19:15:11.140",
"lastModified": "2023-05-03T12:16:25.153",
"lastModified": "2024-10-23T21:35:02.000",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

34
CVE-2022/CVE-2022-38xx/CVE-2022-3885.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-3885",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2022-11-09T04:15:09.247",
"lastModified": "2022-12-08T21:49:22.823",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-23T20:35:02.540",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

34
CVE-2022/CVE-2022-38xx/CVE-2022-3886.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-3886",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2022-11-09T04:15:10.070",
"lastModified": "2022-12-08T21:41:14.993",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-23T20:35:03.397",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

34
CVE-2022/CVE-2022-38xx/CVE-2022-3887.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-3887",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2022-11-09T04:15:10.143",
"lastModified": "2022-12-08T21:50:28.317",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-23T20:35:04.290",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

34
CVE-2022/CVE-2022-38xx/CVE-2022-3888.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-3888",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2022-11-09T04:15:10.217",
"lastModified": "2022-12-08T21:51:08.250",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-23T20:35:05.247",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

34
CVE-2022/CVE-2022-38xx/CVE-2022-3889.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-3889",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2022-11-09T04:15:10.323",
"lastModified": "2022-12-08T21:51:46.180",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-23T20:35:06.257",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-843"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"configurations": [

34
CVE-2022/CVE-2022-38xx/CVE-2022-3890.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-3890",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2022-11-09T04:15:10.420",
"lastModified": "2022-12-08T21:43:45.310",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-23T20:35:07.497",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

4
CVE-2024/CVE-2024-101xx/CVE-2024-10125.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-10125",
"sourceIdentifier": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"published": "2024-10-22T00:15:02.457",
"lastModified": "2024-10-23T15:12:34.673",
"lastModified": "2024-10-23T21:15:14.510",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo https://github.com/awslabs/aws-alb-identity-aspnetcore#validatetokensignature contains Middleware that can be used in conjunction with the Application Load Balancer (ALB) OpenId Connect integration and can be used in any ASP.NET http://asp.net/ Core deployment scenario, including Fargate, EKS, ECS, EC2, and Lambda. In the JWT handling code, it performs signature validation but fails to validate the JWT issuer and signer identity. The signer omission, if combined with a scenario where the infrastructure owner allows internet traffic to the ALB targets (not a recommended configuration), can allow for JWT signing by an untrusted entity and an actor may be able to mimic valid OIDC-federated sessions to the ALB targets."
"value": "The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo https://github.com/awslabs/aws-alb-identity-aspnetcore#validatetokensignature contains Middleware that can be used in conjunction with the Application Load Balancer (ALB) OpenId Connect integration and can be used in any ASP.NET https://dotnet.microsoft.com/apps/aspnet Core deployment scenario, including Fargate, EKS, ECS, EC2, and Lambda. In the JWT handling code, it performs signature validation but fails to validate the JWT issuer and signer identity. The signer omission, if combined with a scenario where the infrastructure owner allows internet traffic to the ALB targets (not a recommended configuration), can allow for JWT signing by an untrusted entity and an actor may be able to mimic valid OIDC-federated sessions to the ALB targets.\n\n\n\nThe repository/package has been deprecated, is end of life, and is no longer supported. As a security best practice, ensure that your ELB targets (e.g. EC2 Instances, Fargate Tasks etc.) do not have public IP addresses. Ensure any forked or derivative code validate that the signer\u00a0attribute in the JWT match the ARN of the Application Load Balancer that the service is configured to use."
},
{
"lang": "es",

83
CVE-2024/CVE-2024-101xx/CVE-2024-10141.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10141",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-19T15:15:14.973",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-23T20:27:09.370",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -109,6 +129,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,26 +150,65 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jsbroks:coco_annotator:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79DC05BD-A99B-4986-B494-7A79B0FBCD94"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jsbroks/coco-annotator/issues/626",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/jsbroks/coco-annotator/issues/626#issue-2582440109",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.280929",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.280929",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.422713",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

137
CVE-2024/CVE-2024-103xx/CVE-2024-10300.json Normal file
View File

@ -0,0 +1,137 @@
{
"id": "CVE-2024-10300",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-23T20:15:05.060",
"lastModified": "2024-10-23T20:15:05.060",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /admin/view-enquiry.php of the component View Enquiry Page. The manipulation of the argument viewid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.281567",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.281567",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.427404",
"source": "cna@vuldb.com"
}
]
}

137
CVE-2024/CVE-2024-103xx/CVE-2024-10301.json Normal file
View File

@ -0,0 +1,137 @@
{
"id": "CVE-2024-10301",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-23T20:15:05.310",
"lastModified": "2024-10-23T20:15:05.310",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in PHPGurukul Medical Card Generation System 1.0. Affected is an unknown function of the file /admin/search-medicalcard.php of the component Search. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.281568",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.281568",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.427405",
"source": "cna@vuldb.com"
}
]
}

39
CVE-2024/CVE-2024-353xx/CVE-2024-35315.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35315",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-21T21:15:05.613",
"lastModified": "2024-10-23T15:12:34.673",
"lastModified": "2024-10-23T21:35:04.820",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad en el cliente de escritorio de Mitel MiCollab hasta la versi\u00f3n 9.7.1.110 y en MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25 podr\u00eda permitir que un atacante autenticado realice un ataque de escalada de privilegios debido a una validaci\u00f3n incorrecta de archivos. Una explotaci\u00f3n exitosa podr\u00eda permitir que un atacante ejecute c\u00f3digo arbitrario con privilegios elevados."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0016",

39
CVE-2024/CVE-2024-417xx/CVE-2024-41712.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-41712",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-21T21:15:06.387",
"lastModified": "2024-10-23T15:12:34.673",
"lastModified": "2024-10-23T21:35:05.607",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad en el componente de conferencias web de Mitel MiCollab hasta la versi\u00f3n 9.8.1.5 podr\u00eda permitir que un atacante autenticado realice un ataque de inyecci\u00f3n de comandos, debido a una validaci\u00f3n insuficiente de la entrada del usuario. Una explotaci\u00f3n exitosa podr\u00eda permitir que un atacante ejecute comandos arbitrarios en el sistema dentro del contexto del usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0022",

123
CVE-2024/CVE-2024-476xx/CVE-2024-47673.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47673",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-09T15:15:15.900",
"lastModified": "2024-10-17T14:15:13.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-23T20:19:03.650",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,27 +15,134 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: iwlwifi: mvm: pausar TCM cuando el firmware est\u00e1 detenido. No hacerlo har\u00e1 que enviemos un comando de host al transporte mientras el firmware no est\u00e9 vivo, lo que activar\u00e1 una ADVERTENCIA. estado incorrecto = 0 WARNING: CPU: 2 PID: 17434 at drivers/net/wireless/intel/iwlwifi/iwl-trans.c:115 iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi] RIP: 0010:iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi] Call Trace: iwl_mvm_send_cmd+0x40/0xc0 [iwlmvm] iwl_mvm_config_scan+0x198/0x260 [iwlmvm] iwl_mvm_recalc_tcm+0x730/0x11d0 [iwlmvm] iwl_mvm_tcm_work+0x1d/0x30 [iwlmvm] process_one_work+0x29e/0x640 worker_thread+0x2df/0x690 ? rescuer_thread+0x540/0x540 kthread+0x192/0x1e0 ? set_kthread_struct+0x90/0x90 ret_from_fork+0x22/0x30 "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.112",
"matchCriteriaId": "E4EA94C6-CF4C-4A51-8A5A-A99B713451CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.53",
"matchCriteriaId": "007075FA-C231-42B1-A525-B87CEA313C63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.12",
"matchCriteriaId": "42054751-2A4F-4982-ADE9-A8251AD9A7BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*",
"matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0668ebc8c2282ca1e7eb96092a347baefffb5fe7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2c61b561baf92a2860c76c2302a62169e22c21cc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/55086c97a55d781b04a2667401c75ffde190135c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5948a191906b54e10f02f6b7a7670243a39f99f4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a15df5f37fa3a8b7a8ec7a339d1e897bc524e28f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

122
CVE-2024/CVE-2024-476xx/CVE-2024-47690.json
View File

@ -2,40 +2,144 @@
"id": "CVE-2024-47690",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:05.800",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-23T21:25:11.673",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: get rid of online repaire on corrupted directory\n\nsyzbot reports a f2fs bug as below:\n\nkernel BUG at fs/f2fs/inode.c:896!\nRIP: 0010:f2fs_evict_inode+0x1598/0x15c0 fs/f2fs/inode.c:896\nCall Trace:\n evict+0x532/0x950 fs/inode.c:704\n dispose_list fs/inode.c:747 [inline]\n evict_inodes+0x5f9/0x690 fs/inode.c:797\n generic_shutdown_super+0x9d/0x2d0 fs/super.c:627\n kill_block_super+0x44/0x90 fs/super.c:1696\n kill_f2fs_super+0x344/0x690 fs/f2fs/super.c:4898\n deactivate_locked_super+0xc4/0x130 fs/super.c:473\n cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1373\n task_work_run+0x24f/0x310 kernel/task_work.c:228\n ptrace_notify+0x2d2/0x380 kernel/signal.c:2402\n ptrace_report_syscall include/linux/ptrace.h:415 [inline]\n ptrace_report_syscall_exit include/linux/ptrace.h:477 [inline]\n syscall_exit_work+0xc6/0x190 kernel/entry/common.c:173\n syscall_exit_to_user_mode_prepare kernel/entry/common.c:200 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:205 [inline]\n syscall_exit_to_user_mode+0x279/0x370 kernel/entry/common.c:218\n do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0010:f2fs_evict_inode+0x1598/0x15c0 fs/f2fs/inode.c:896\n\nOnline repaire on corrupted directory in f2fs_lookup() can generate\ndirty data/meta while racing w/ readonly remount, it may leave dirty\ninode after filesystem becomes readonly, however, checkpoint() will\nskips flushing dirty inode in a state of readonly mode, result in\nabove panic.\n\nLet's get rid of online repaire in f2fs_lookup(), and leave the work\nto fsck.f2fs."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: deshacerse de la reparaci\u00f3n en l\u00ednea en un directorio da\u00f1ado syzbot informa un error de f2fs como el siguiente: \u00a1ERROR del kernel en fs/f2fs/inode.c:896! RIP: 0010:f2fs_evict_inode+0x1598/0x15c0 fs/f2fs/inode.c:896 Seguimiento de llamadas: evict+0x532/0x950 fs/inode.c:704 dispose_list fs/inode.c:747 [en l\u00ednea] evict_inodes+0x5f9/0x690 fs/inode.c:797 generic_shutdown_super+0x9d/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1696 kill_f2fs_super+0x344/0x690 fs/f2fs/super.c:4898 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1373 task_work_run+0x24f/0x310 kernel/task_work.c:228 ptrace_notify+0x2d2/0x380 kernel/signal.c:2402 ptrace_report_syscall include/linux/ptrace.h:415 [en l\u00ednea] ptrace_report_syscall_exit include/linux/ptrace.h:477 [en l\u00ednea] syscall_exit_work+0xc6/0x190 kernel/entry/common.c:173 syscall_salir_a_modo_usuario_prepare kernel/entry/common.c:200 [en l\u00ednea] __syscall_salir_a_modo_usuario_work kernel/entry/common.c:205 [en l\u00ednea] syscall_exit_to_user_mode+0x279/0x370 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0010:f2fs_evict_inode+0x1598/0x15c0 fs/f2fs/inode.c:896 La reparaci\u00f3n en l\u00ednea en un directorio da\u00f1ado en f2fs_lookup() puede generar datos/meta sucios mientras se corre con el remontaje de solo lectura, puede dejar un inodo sucio despu\u00e9s de que el sistema de archivos se vuelva de solo lectura, sin embargo, checkpoint() omitir\u00e1 la limpieza del inodo sucio en un estado de modo de solo lectura, lo que dar\u00e1 como resultado el p\u00e1nico mencionado anteriormente. Deshag\u00e1monos de la reparaci\u00f3n en l\u00ednea en f2fs_lookup() y dejemos el trabajo a fsck.f2fs."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1",
"versionEndExcluding": "5.15.168",
"matchCriteriaId": "EAD5095E-29F5-4D9A-8FED-5082AD0A8A01"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.113",
"matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.54",
"matchCriteriaId": "D448821D-C085-4CAF-88FA-2DDE7BE21976"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.13",
"matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.11.2",
"matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/884ee6dc85b959bc152f15bca80c30f06069e6c4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8be95cd607478d85fa4626e86f811e785905bcbf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bcefd0b0611f35b560d0a7281d87529fbe7a1e32",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e8d64f598eeb079c42a52deaa3a91312c736a49d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f4746f2d79507f65cfbde11d3c39ee8338aa50af",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f9ce2f550d53d044ecfb5ce996406cf42cd6b84d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

98
CVE-2024/CVE-2024-476xx/CVE-2024-47691.json
View File

@ -2,32 +2,116 @@
"id": "CVE-2024-47691",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:05.880",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-23T20:42:31.223",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid use-after-free in f2fs_stop_gc_thread()\n\nsyzbot reports a f2fs bug as below:\n\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_report+0xe8/0x550 mm/kasan/report.c:491\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n instrument_atomic_read_write include/linux/instrumented.h:96 [inline]\n atomic_fetch_add_relaxed include/linux/atomic/atomic-instrumented.h:252 [inline]\n __refcount_add include/linux/refcount.h:184 [inline]\n __refcount_inc include/linux/refcount.h:241 [inline]\n refcount_inc include/linux/refcount.h:258 [inline]\n get_task_struct include/linux/sched/task.h:118 [inline]\n kthread_stop+0xca/0x630 kernel/kthread.c:704\n f2fs_stop_gc_thread+0x65/0xb0 fs/f2fs/gc.c:210\n f2fs_do_shutdown+0x192/0x540 fs/f2fs/file.c:2283\n f2fs_ioc_shutdown fs/f2fs/file.c:2325 [inline]\n __f2fs_ioctl+0x443a/0xbe60 fs/f2fs/file.c:4325\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe root cause is below race condition, it may cause use-after-free\nissue in sbi->gc_th pointer.\n\n- remount\n - f2fs_remount\n - f2fs_stop_gc_thread\n - kfree(gc_th)\n\t\t\t\t- f2fs_ioc_shutdown\n\t\t\t\t - f2fs_do_shutdown\n\t\t\t\t - f2fs_stop_gc_thread\n\t\t\t\t - kthread_stop(gc_th->f2fs_gc_task)\n : sbi->gc_thread = NULL;\n\nWe will call f2fs_do_shutdown() in two paths:\n- for f2fs_ioc_shutdown() path, we should grab sb->s_umount semaphore\nfor fixing.\n- for f2fs_shutdown() path, it's safe since caller has already grabbed\nsb->s_umount semaphore."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: correcci\u00f3n para evitar el use after free en f2fs_stop_gc_thread() syzbot informa un error de f2fs como el siguiente: __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_report+0xe8/0x550 mm/kasan/report.c:491 kasan_report+0x143/0x180 mm/kasan/report.c:601 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 instrument_atomic_read_write include/linux/instrumented.h:96 [en l\u00ednea] atomic_fetch_add_relaxed incluir/linux/atomic/atomic-instrumented.h:252 [en l\u00ednea] __refcount_add incluir/linux/refcount.h:184 [en l\u00ednea] __refcount_inc incluir/linux/refcount.h:241 [en l\u00ednea] refcount_inc incluir/linux/refcount.h:258 [en l\u00ednea] obtener_estructura_de_tareas incluir/linux/sched/task.h:118 [en l\u00ednea] kthread_stop+0xca/0x630 kernel/kthread.c:704 f2fs_stop_gc_thread+0x65/0xb0 fs/f2fs/gc.c:210 f2fs_do_shutdown+0x192/0x540 fs/f2fs/file.c:2283 f2fs_ioc_shutdown fs/f2fs/file.c:2325 [en l\u00ednea] __f2fs_ioctl+0x443a/0xbe60 fs/f2fs/file.c:4325 vfs_ioctl fs/ioctl.c:51 [en l\u00ednea] __do_sys_ioctl fs/ioctl.c:907 [en l\u00ednea] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f La causa ra\u00edz est\u00e1 a continuaci\u00f3n de la condici\u00f3n de ejecuci\u00f3n, puede causar un problema de use after free en el puntero sbi->gc_th. - remontar - f2fs_remount - f2fs_stop_gc_thread - kfree(gc_th) - f2fs_ioc_shutdown - f2fs_do_shutdown - f2fs_stop_gc_thread - kthread_stop(gc_th->f2fs_gc_task) : sbi->gc_thread = NULL; Llamaremos a f2fs_do_shutdown() en dos rutas: - para la ruta f2fs_ioc_shutdown(), debemos tomar el sem\u00e1foro sb->s_umount para arreglarlo. - para la ruta f2fs_shutdown(), es seguro ya que el llamador ya ha tomado el sem\u00e1foro sb->s_umount."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.16",
"versionEndExcluding": "6.6.54",
"matchCriteriaId": "955B9A45-6500-43F0-BFD6-27ED37A0DC7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.13",
"matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.11.2",
"matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/7c339dee7eb0f8e4cadc317c595f898ef04dae30",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c7f114d864ac91515bb07ac271e9824a20f5ed95",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d79343cd66343709e409d96b2abb139a0a55ce34",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fc18e655b62ac6bc9f12f5de0d749b4a3fe1e812",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

134
CVE-2024/CVE-2024-476xx/CVE-2024-47692.json
View File

@ -2,44 +2,158 @@
"id": "CVE-2024-47692",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:05.953",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-23T21:19:07.493",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: return -EINVAL when namelen is 0\n\nWhen we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may\nresult in namelen being 0, which will cause memdup_user() to return\nZERO_SIZE_PTR.\nWhen we access the name.data that has been assigned the value of\nZERO_SIZE_PTR in nfs4_client_to_reclaim(), null pointer dereference is\ntriggered.\n\n[ T1205] ==================================================================\n[ T1205] BUG: KASAN: null-ptr-deref in nfs4_client_to_reclaim+0xe9/0x260\n[ T1205] Read of size 1 at addr 0000000000000010 by task nfsdcld/1205\n[ T1205]\n[ T1205] CPU: 11 PID: 1205 Comm: nfsdcld Not tainted 5.10.0-00003-g2c1423731b8d #406\n[ T1205] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014\n[ T1205] Call Trace:\n[ T1205] dump_stack+0x9a/0xd0\n[ T1205] ? nfs4_client_to_reclaim+0xe9/0x260\n[ T1205] __kasan_report.cold+0x34/0x84\n[ T1205] ? nfs4_client_to_reclaim+0xe9/0x260\n[ T1205] kasan_report+0x3a/0x50\n[ T1205] nfs4_client_to_reclaim+0xe9/0x260\n[ T1205] ? nfsd4_release_lockowner+0x410/0x410\n[ T1205] cld_pipe_downcall+0x5ca/0x760\n[ T1205] ? nfsd4_cld_tracking_exit+0x1d0/0x1d0\n[ T1205] ? down_write_killable_nested+0x170/0x170\n[ T1205] ? avc_policy_seqno+0x28/0x40\n[ T1205] ? selinux_file_permission+0x1b4/0x1e0\n[ T1205] rpc_pipe_write+0x84/0xb0\n[ T1205] vfs_write+0x143/0x520\n[ T1205] ksys_write+0xc9/0x170\n[ T1205] ? __ia32_sys_read+0x50/0x50\n[ T1205] ? ktime_get_coarse_real_ts64+0xfe/0x110\n[ T1205] ? ktime_get_coarse_real_ts64+0xa2/0x110\n[ T1205] do_syscall_64+0x33/0x40\n[ T1205] entry_SYSCALL_64_after_hwframe+0x67/0xd1\n[ T1205] RIP: 0033:0x7fdbdb761bc7\n[ T1205] Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 514\n[ T1205] RSP: 002b:00007fff8c4b7248 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ T1205] RAX: ffffffffffffffda RBX: 000000000000042b RCX: 00007fdbdb761bc7\n[ T1205] RDX: 000000000000042b RSI: 00007fff8c4b75f0 RDI: 0000000000000008\n[ T1205] RBP: 00007fdbdb761bb0 R08: 0000000000000000 R09: 0000000000000001\n[ T1205] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000042b\n[ T1205] R13: 0000000000000008 R14: 00007fff8c4b75f0 R15: 0000000000000000\n[ T1205] ==================================================================\n\nFix it by checking namelen."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: devuelve -EINVAL cuando namelen es 0 Cuando tenemos un main.sqlite da\u00f1ado en /var/lib/nfs/nfsdcld/, puede resultar en que namelen sea 0, lo que har\u00e1 que memdup_user() devuelva ZERO_SIZE_PTR. Cuando accedemos al name.data al que se le ha asignado el valor ZERO_SIZE_PTR en nfs4_client_to_reclaim(), se activa la desreferencia de puntero nulo. [ T1205] ========================================================================= [ T1205] ERROR: KASAN: null-ptr-deref en nfs4_client_to_reclaim+0xe9/0x260 [ T1205] Lectura de tama\u00f1o 1 en la direcci\u00f3n 0000000000000010 por la tarea nfsdcld/1205 [ T1205] [ T1205] CPU: 11 PID: 1205 Comm: nfsdcld No contaminado 5.10.0-00003-g2c1423731b8d #406 [ T1205] Hardware nombre: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 01/04/2014 [ T1205] Seguimiento de llamadas: [ T1205] dump_stack+0x9a/0xd0 [ T1205] ? nfs4_client_to_reclaim+0xe9/0x260 [ T1205] __kasan_report.cold+0x34/0x84 [ T1205] ? nfs4_client_to_reclaim+0xe9/0x260 [ T1205] kasan_report+0x3a/0x50 [ T1205] nfs4_client_to_reclaim+0xe9/0x260 [ T1205] ? nfsd4_release_lockowner+0x410/0x410 [ T1205] cld_pipe_downcall+0x5ca/0x760 [ T1205] ? nfsd4_cld_tracking_exit+0x1d0/0x1d0 [ T1205] ? down_write_killable_nested+0x170/0x170 [ T1205] ? avc_policy_seqno+0x28/0x40 [ T1205] ? ktime_get_coarse_real_ts64+0xfe/0x110 [ T1205] ? ktime_get_coarse_real_ts64+0xa2/0x110 [ T1205] do_syscall_64+0x33/0x40 [ T1205] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ T1205] RIP: 0033:0x7fdbdb761bc7 [ T1205] C\u00f3digo: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 &lt;48&gt; 3d 00 f0 ff ff 77 514 [ T1205] RSP: 002b:00007fff8c4b7248 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ T1205] RAX: ffffffffffffffda RBX: 000000000000042b RCX: 00007fdbdb761bc7 [ T1205] RDX: 000000000000042b RSI: 00007fff8c4b75f0 RDI: 000000000000008 [ T1205] RBP: 00007fdbdb761bb0 R08: 000000000000000 R09: 00000000000000001 [ T1205] R10: 00000000000000000 R11: 00000000000000246 R12: 0000000000000042b [ T1205] R13: 0000000000000008 R14: 00007fff8c4b75f0 R15: 0000000000000000 [ T1205] ========================================================================= Arr\u00e9glelo comprobando namelen."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.2",
"versionEndExcluding": "5.10.227",
"matchCriteriaId": "020DEDF4-83FD-45FA-932B-E5711870FC65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.168",
"matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.113",
"matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.54",
"matchCriteriaId": "D448821D-C085-4CAF-88FA-2DDE7BE21976"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.13",
"matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.11.2",
"matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0f1d007bbea38a61cf9c5392708dc70ae9d84a3d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1ff8be8d008b9ddc8e7043fbddd37d5d451b271b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/22451a16b7ab7debefce660672566be887db1637",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/318f70857caab3da9a6ada9bc8c1f4f7591b695e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/766d5fbd78f7a52b3888449a0358760477b74602",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/84a563d136faf514fdad1ade28d7a142fd313cb8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b7b7a8df41ef18862dd6b22289fb46c2c12398af",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

122
CVE-2024/CVE-2024-476xx/CVE-2024-47693.json
View File

@ -2,40 +2,144 @@
"id": "CVE-2024-47693",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:06.033",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-23T21:18:31.113",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/core: Fix ib_cache_setup_one error flow cleanup\n\nWhen ib_cache_update return an error, we exit ib_cache_setup_one\ninstantly with no proper cleanup, even though before this we had\nalready successfully done gid_table_setup_one, that results in\nthe kernel WARN below.\n\nDo proper cleanup using gid_table_cleanup_one before returning\nthe err in order to fix the issue.\n\nWARNING: CPU: 4 PID: 922 at drivers/infiniband/core/cache.c:806 gid_table_release_one+0x181/0x1a0\nModules linked in:\nCPU: 4 UID: 0 PID: 922 Comm: c_repro Not tainted 6.11.0-rc1+ #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:gid_table_release_one+0x181/0x1a0\nCode: 44 8b 38 75 0c e8 2f cb 34 ff 4d 8b b5 28 05 00 00 e8 23 cb 34 ff 44 89 f9 89 da 4c 89 f6 48 c7 c7 d0 58 14 83 e8 4f de 21 ff <0f> 0b 4c 8b 75 30 e9 54 ff ff ff 48 8 3 c4 10 5b 5d 41 5c 41 5d 41\nRSP: 0018:ffffc90002b835b0 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff811c8527\nRDX: 0000000000000000 RSI: ffffffff811c8534 RDI: 0000000000000001\nRBP: ffff8881011b3d00 R08: ffff88810b3abe00 R09: 205d303839303631\nR10: 666572207972746e R11: 72746e6520444947 R12: 0000000000000001\nR13: ffff888106390000 R14: ffff8881011f2110 R15: 0000000000000001\nFS: 00007fecc3b70800(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000340 CR3: 000000010435a001 CR4: 00000000003706b0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n ? show_regs+0x94/0xa0\n ? __warn+0x9e/0x1c0\n ? gid_table_release_one+0x181/0x1a0\n ? report_bug+0x1f9/0x340\n ? gid_table_release_one+0x181/0x1a0\n ? handle_bug+0xa2/0x110\n ? exc_invalid_op+0x31/0xa0\n ? asm_exc_invalid_op+0x16/0x20\n ? __warn_printk+0xc7/0x180\n ? __warn_printk+0xd4/0x180\n ? gid_table_release_one+0x181/0x1a0\n ib_device_release+0x71/0xe0\n ? __pfx_ib_device_release+0x10/0x10\n device_release+0x44/0xd0\n kobject_put+0x135/0x3d0\n put_device+0x20/0x30\n rxe_net_add+0x7d/0xa0\n rxe_newlink+0xd7/0x190\n nldev_newlink+0x1b0/0x2a0\n ? __pfx_nldev_newlink+0x10/0x10\n rdma_nl_rcv_msg+0x1ad/0x2e0\n rdma_nl_rcv_skb.constprop.0+0x176/0x210\n netlink_unicast+0x2de/0x400\n netlink_sendmsg+0x306/0x660\n __sock_sendmsg+0x110/0x120\n ____sys_sendmsg+0x30e/0x390\n ___sys_sendmsg+0x9b/0xf0\n ? kstrtouint+0x6e/0xa0\n ? kstrtouint_from_user+0x7c/0xb0\n ? get_pid_task+0xb0/0xd0\n ? proc_fail_nth_write+0x5b/0x140\n ? __fget_light+0x9a/0x200\n ? preempt_count_add+0x47/0xa0\n __sys_sendmsg+0x61/0xd0\n do_syscall_64+0x50/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: IB/core: Arreglar la limpieza del flujo de error ib_cache_setup_one Cuando ib_cache_update devuelve un error, salimos de ib_cache_setup_one instant\u00e1neamente sin una limpieza adecuada, aunque antes de esto ya hab\u00edamos realizado con \u00e9xito gid_table_setup_one, que da como resultado la siguiente ADVERTENCIA del kernel. Realice una limpieza adecuada utilizando gid_table_cleanup_one antes de devolver el error para solucionar el problema. ADVERTENCIA: CPU: 4 PID: 922 en drivers/infiniband/core/cache.c:806 gid_table_release_one+0x181/0x1a0 M\u00f3dulos vinculados: CPU: 4 UID: 0 PID: 922 Comm: c_repro No contaminado 6.11.0-rc1+ #3 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:gid_table_release_one+0x181/0x1a0 C\u00f3digo: 44 8b 38 75 0c e8 2f cb 34 ff 4d 8b b5 28 05 00 00 e8 23 cb 34 ff 44 89 f9 89 da 4c 89 f6 48 c7 c7 d0 58 14 83 e8 4f de 21 ff &lt;0f&gt; 0b 4c 8b 75 30 e9 54 ff ff ff 48 8 3 c4 10 5b 5d 41 5c 41 5d 41 RSP: 0018:ffffc90002b835b0 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff811c8527 RDX: 0000000000000000 RSI: ffffffff811c8534 RDI: 0000000000000001 RBP: ffff8881011b3d00 R08: ffff88810b3abe00 R09: 205d303839303631 R10: 666572207972746e R11: 72746e6520444947 R12: 0000000000000001 R13: ffff888106390000 R14: ffff8881011f2110 R15: 0000000000000001 FS: 00007fecc3b70800(0000) GS:ffff88813bd00000(0000) knlGS:00000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000340 CR3: 000000010435a001 CR4: 00000000003706b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 00000000000000400 Seguimiento de llamadas: ? show_regs+0x94/0xa0 ? __warn+0x9e/0x1c0 ? gid_table_release_one+0x181/0x1a0 ? report_bug+0x1f9/0x340 ? gid_table_release_one+0x181/0x1a0 ? handle_bug+0xa2/0x110 ? exc_invalid_op+0x31/0xa0 ? asm_exc_invalid_op+0x16/0x20 ? __warn_printk+0xc7/0x180 ? __warn_printk+0xd4/0x180 ? __pfx_ib_device_release+0x10/0x10 device_release+0x44/0xd0 kobject_put+0x135/0x3d0 put_device+0x20/0x30 rxe_net_add+0x7d/0xa0 rxe_newlink+0xd7/0x190 nldev_newlink+0x1b0/0x2a0 ? Obtener tarea pid+0xb0/0xd0 ? error_proc_nth_write+0x5b/0x140 ? __fget_light+0x9a/0x200 ? preempt_count_add+0x47/0xa0 __sys_sendmsg+0x61/0xd0 hacer_syscall_64+0x50/0x110 entrada_SYSCALL_64_despu\u00e9s_hwframe+0x76/0x7e"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-459"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.42",
"versionEndExcluding": "5.15.168",
"matchCriteriaId": "366E46BB-45E4-4131-8DEC-92355C5520AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.113",
"matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.54",
"matchCriteriaId": "D448821D-C085-4CAF-88FA-2DDE7BE21976"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.13",
"matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.11.2",
"matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1403c8b14765eab805377dd3b75e96ace8747aed",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1730d47d1865af89efd01cf0469a9a739cbf60f2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/290fe42fe0165205c4451334d8833a9202ae1d52",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/45f63f4bb9a7128a6209d766c2fc02b3d42fbf3e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/af633fd9d9fff59e31c804f47ca0c8a784977773",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d08754be993f270e3d296d8f5d8e071fe6638651",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

74
CVE-2024/CVE-2024-476xx/CVE-2024-47694.json
View File

@ -2,24 +2,88 @@
"id": "CVE-2024-47694",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:06.107",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-23T21:34:29.393",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/mlx5: Fix UMR pd cleanup on error flow of driver init\n\nThe cited commit moves the pd allocation from function\nmlx5r_umr_resource_cleanup() to a new function mlx5r_umr_cleanup().\nSo the fix in commit [1] is broken. In error flow, will hit panic [2].\n\nFix it by checking pd pointer to avoid panic if it is NULL;\n\n[1] RDMA/mlx5: Fix UMR cleanup on error flow of driver init\n[2]\n [ 347.567063] infiniband mlx5_0: Couldn't register device with driver model\n [ 347.591382] BUG: kernel NULL pointer dereference, address: 0000000000000020\n [ 347.593438] #PF: supervisor read access in kernel mode\n [ 347.595176] #PF: error_code(0x0000) - not-present page\n [ 347.596962] PGD 0 P4D 0\n [ 347.601361] RIP: 0010:ib_dealloc_pd_user+0x12/0xc0 [ib_core]\n [ 347.604171] RSP: 0018:ffff888106293b10 EFLAGS: 00010282\n [ 347.604834] RAX: 0000000000000000 RBX: 000000000000000e RCX: 0000000000000000\n [ 347.605672] RDX: ffff888106293ad0 RSI: 0000000000000000 RDI: 0000000000000000\n [ 347.606529] RBP: 0000000000000000 R08: ffff888106293ae0 R09: ffff888106293ae0\n [ 347.607379] R10: 0000000000000a06 R11: 0000000000000000 R12: 0000000000000000\n [ 347.608224] R13: ffffffffa0704dc0 R14: 0000000000000001 R15: 0000000000000001\n [ 347.609067] FS: 00007fdc720cd9c0(0000) GS:ffff88852c880000(0000) knlGS:0000000000000000\n [ 347.610094] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 347.610727] CR2: 0000000000000020 CR3: 0000000103012003 CR4: 0000000000370eb0\n [ 347.611421] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [ 347.612113] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n [ 347.612804] Call Trace:\n [ 347.613130] <TASK>\n [ 347.613417] ? __die+0x20/0x60\n [ 347.613793] ? page_fault_oops+0x150/0x3e0\n [ 347.614243] ? free_msg+0x68/0x80 [mlx5_core]\n [ 347.614840] ? cmd_exec+0x48f/0x11d0 [mlx5_core]\n [ 347.615359] ? exc_page_fault+0x74/0x130\n [ 347.615808] ? asm_exc_page_fault+0x22/0x30\n [ 347.616273] ? ib_dealloc_pd_user+0x12/0xc0 [ib_core]\n [ 347.616801] mlx5r_umr_cleanup+0x23/0x90 [mlx5_ib]\n [ 347.617365] mlx5_ib_stage_pre_ib_reg_umr_cleanup+0x36/0x40 [mlx5_ib]\n [ 347.618025] __mlx5_ib_add+0x96/0xd0 [mlx5_ib]\n [ 347.618539] mlx5r_probe+0xe9/0x310 [mlx5_ib]\n [ 347.619032] ? kernfs_add_one+0x107/0x150\n [ 347.619478] ? __mlx5_ib_add+0xd0/0xd0 [mlx5_ib]\n [ 347.619984] auxiliary_bus_probe+0x3e/0x90\n [ 347.620448] really_probe+0xc5/0x3a0\n [ 347.620857] __driver_probe_device+0x80/0x160\n [ 347.621325] driver_probe_device+0x1e/0x90\n [ 347.621770] __driver_attach+0xec/0x1c0\n [ 347.622213] ? __device_attach_driver+0x100/0x100\n [ 347.622724] bus_for_each_dev+0x71/0xc0\n [ 347.623151] bus_add_driver+0xed/0x240\n [ 347.623570] driver_register+0x58/0x100\n [ 347.623998] __auxiliary_driver_register+0x6a/0xc0\n [ 347.624499] ? driver_register+0xae/0x100\n [ 347.624940] ? 0xffffffffa0893000\n [ 347.625329] mlx5_ib_init+0x16a/0x1e0 [mlx5_ib]\n [ 347.625845] do_one_initcall+0x4a/0x2a0\n [ 347.626273] ? gcov_event+0x2e2/0x3a0\n [ 347.626706] do_init_module+0x8a/0x260\n [ 347.627126] init_module_from_file+0x8b/0xd0\n [ 347.627596] __x64_sys_finit_module+0x1ca/0x2f0\n [ 347.628089] do_syscall_64+0x4c/0x100"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: IB/mlx5: Corregir limpieza de pd de UMR en flujo de error de inicializaci\u00f3n del controlador el commit citada mueve la asignaci\u00f3n de pd de la funci\u00f3n mlx5r_umr_resource_cleanup() a una nueva funci\u00f3n mlx5r_umr_cleanup(). Por lo tanto, la correcci\u00f3n en el commit [1] no funciona. En el flujo de error, se activar\u00e1 el p\u00e1nico [2]. Corr\u00edjalo comprobando el puntero pd para evitar el p\u00e1nico si es NULL; [1] RDMA/mlx5: Se corrige la limpieza de UMR en el flujo de error del inicio del controlador [2] [ 347.567063] infiniband mlx5_0: No se pudo registrar el dispositivo con el modelo del controlador [ 347.591382] ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000020 [ 347.593438] #PF: acceso de lectura del supervisor en modo kernel [ 347.595176] #PF: error_code(0x0000) - p\u00e1gina no presente [ 347.596962] PGD 0 P4D 0 [ 347.601361] RIP: 0010:ib_dealloc_pd_user+0x12/0xc0 [ib_core] [ 347.604171] RSP: 0018:ffff888106293b10 EFLAGS: 00010282 [ 347.604834] RAX: 0000000000000000 RBX: 000000000000000e RCX: 0000000000000000 [ 347.605672] RDX: ffff888106293ad0 RSI: 000000000000000 RDI: 000000000000000 [ 347.606529] RBP: 0000000000000000 R08: ffff888106293ae0 R09: ffff888106293ae0 [ 347.607379] R10: 0000000000000a06 R11: 0000000000000000 R12: 0000000000000000 [ 347.608224] R13: ffffffffa0704dc0 R14: 0000000000000001 R15: 0000000000000001 [ 347.609067] FS: 00007fdc720cd9c0(0000) GS:ffff88852c880000(0000) knlGS:0000000000000000 [ 347.610094] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 347.610727] CR2: 0000000000000020 CR3: 0000000103012003 CR4: 0000000000370eb0 [ 347.611421] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 347.612113] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 347.612804] Seguimiento de llamadas: [ 347.613130] [ 347.613417] ? __die+0x20/0x60 [ 347.613793] ? page_fault_oops+0x150/0x3e0 [ 347.614243] ? free_msg+0x68/0x80 [mlx5_core] [ 347.614840] ? cmd_exec+0x48f/0x11d0 [mlx5_core] [ 347.615359] ? asm_exc_page_fault+0x22/0x30 [ 347.616273] ? kernfs_add_one+0x107/0x150 [347.619478] ? __mlx5_ib_add+0xd0/0xd0 [mlx5_ib] [ 347.619984] sonda_de_bus_auxiliar+0x3e/0x90 [ 347.620448] sonda_realmente+0xc5/0x3a0 [ 347.620857] __dispositivo_de_sonda_del_controlador+0x80/0x160 [ 347.621325] dispositivo_de_sonda_del_controlador+0x1e/0x90 [ 347.621770] __dispositivo_de_sonda_del_controlador+0xec/0x1c0 [ 347.622213] ? __controlador_de_conexi\u00f3n_de_dispositivo+0x100/0x100 [ 347.622724] bus_para_cada_dispositivo+0x71/0xc0 [ 347.623151] bus_agregar_controlador+0xed/0x240 [ 347.623570] registro_del_controlador+0x58/0x100 [ 347.623998] __registro_del_controlador_auxiliar+0x6a/0xc0 [ 347.624499] ? registro_del_controlador+0xae/0x100 [ 347.624940] ? 0xffffffffa0893000 [ 347.625329] mlx5_ib_init+0x16a/0x1e0 [mlx5_ib] [ 347.625845] hacer_una_llamada_inicia+0x4a/0x2a0 [ 347.626273] ? gcov_event+0x2e2/0x3a0 [ 347.626706] hacer_init_module+0x8a/0x260 [ 347.627126] iniciar_m\u00f3dulo_desde_archivo+0x8b/0xd0 [ 347.627596] __x64_sys_finit_module+0x1ca/0x2f0 [ 347.628089] hacer_syscall_64+0x4c/0x100"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.11.2",
"matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/112e6e83a894260cc7efe79a1fc47d4d51461742",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/99e2de5942b0390ddc24efada71edc6593e23f05",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

122
CVE-2024/CVE-2024-476xx/CVE-2024-47695.json
View File

@ -2,40 +2,144 @@
"id": "CVE-2024-47695",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:06.180",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-23T21:32:46.073",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds\n\nIn the function init_conns(), after the create_con() and create_cm() for\nloop if something fails. In the cleanup for loop after the destroy tag, we\naccess out of bound memory because cid is set to clt_path->s.con_num.\n\nThis commits resets the cid to clt_path->s.con_num - 1, to stay in bounds\nin the cleanup loop later."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/rtrs-clt: Restablecer cid a con_num - 1 para permanecer dentro de los l\u00edmites En la funci\u00f3n init_conns(), despu\u00e9s del bucle for create_con() y create_cm() si algo falla. En el bucle for de limpieza despu\u00e9s de la etiqueta destroy, accedemos a memoria fuera de los l\u00edmites porque cid est\u00e1 configurado en clt_path-&gt;s.con_num. Esta confirmaci\u00f3n restablece el cid a clt_path-&gt;s.con_num - 1, para permanecer dentro de los l\u00edmites en el bucle de limpieza m\u00e1s tarde."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.8",
"versionEndExcluding": "5.15.168",
"matchCriteriaId": "A0E4078E-80A6-48F9-A556-77E94F6D88FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.113",
"matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.54",
"matchCriteriaId": "D448821D-C085-4CAF-88FA-2DDE7BE21976"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.13",
"matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.11.2",
"matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/01b9be936ee8839ab9f83a7e84ee02ac6c8303c4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/0429a4e972082e3a2351da414b1c017daaf8aed2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1c50e0265fa332c94a4a182e4efa0fc70d8fad94",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3e4289b29e216a55d08a89e126bc0b37cbad9f38",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5ac73f8191f3de41fef4f934d84d97f3aadb301f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c8b7f3d9fada0d4b4b7db86bf7345cd61f1d972e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

148
CVE-2024/CVE-2024-476xx/CVE-2024-47696.json
View File

@ -2,44 +2,172 @@
"id": "CVE-2024-47696",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:06.257",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-23T21:30:34.897",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency\n\nIn the commit aee2424246f9 (\"RDMA/iwcm: Fix a use-after-free related to\ndestroying CM IDs\"), the function flush_workqueue is invoked to flush the\nwork queue iwcm_wq.\n\nBut at that time, the work queue iwcm_wq was created via the function\nalloc_ordered_workqueue without the flag WQ_MEM_RECLAIM.\n\nBecause the current process is trying to flush the whole iwcm_wq, if\niwcm_wq doesn't have the flag WQ_MEM_RECLAIM, verify that the current\nprocess is not reclaiming memory or running on a workqueue which doesn't\nhave the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee\nleading to a deadlock.\n\nThe call trace is as below:\n\n[ 125.350876][ T1430] Call Trace:\n[ 125.356281][ T1430] <TASK>\n[ 125.361285][ T1430] ? __warn (kernel/panic.c:693)\n[ 125.367640][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\n[ 125.375689][ T1430] ? report_bug (lib/bug.c:180 lib/bug.c:219)\n[ 125.382505][ T1430] ? handle_bug (arch/x86/kernel/traps.c:239)\n[ 125.388987][ T1430] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))\n[ 125.395831][ T1430] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)\n[ 125.403125][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\n[ 125.410984][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\n[ 125.418764][ T1430] __flush_workqueue (kernel/workqueue.c:3970)\n[ 125.426021][ T1430] ? __pfx___might_resched (kernel/sched/core.c:10151)\n[ 125.433431][ T1430] ? destroy_cm_id (drivers/infiniband/core/iwcm.c:375) iw_cm\n[ 125.441209][ T1430] ? __pfx___flush_workqueue (kernel/workqueue.c:3910)\n[ 125.473900][ T1430] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:107 include/linux/atomic/atomic-arch-fallback.h:2170 include/linux/atomic/atomic-instrumented.h:1302 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\n[ 125.473909][ T1430] ? __pfx__raw_spin_lock_irqsave (kernel/locking/spinlock.c:161)\n[ 125.482537][ T1430] _destroy_id (drivers/infiniband/core/cma.c:2044) rdma_cm\n[ 125.495072][ T1430] nvme_rdma_free_queue (drivers/nvme/host/rdma.c:656 drivers/nvme/host/rdma.c:650) nvme_rdma\n[ 125.505827][ T1430] nvme_rdma_reset_ctrl_work (drivers/nvme/host/rdma.c:2180) nvme_rdma\n[ 125.505831][ T1430] process_one_work (kernel/workqueue.c:3231)\n[ 125.515122][ T1430] worker_thread (kernel/workqueue.c:3306 kernel/workqueue.c:3393)\n[ 125.515127][ T1430] ? __pfx_worker_thread (kernel/workqueue.c:3339)\n[ 125.531837][ T1430] kthread (kernel/kthread.c:389)\n[ 125.539864][ T1430] ? __pfx_kthread (kernel/kthread.c:342)\n[ 125.550628][ T1430] ret_from_fork (arch/x86/kernel/process.c:147)\n[ 125.558840][ T1430] ? __pfx_kthread (kernel/kthread.c:342)\n[ 125.558844][ T1430] ret_from_fork_asm (arch/x86/entry/entry_64.S:257)\n[ 125.566487][ T1430] </TASK>\n[ 125.566488][ T1430] ---[ end trace 0000000000000000 ]---"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency En el commit aee2424246f9 (\"RDMA/iwcm: Fix a use-after-free related to destroying CM IDs\"), se invoca la funci\u00f3n flush_workqueue para vaciar la cola de trabajo iwcm_wq. Pero en ese momento, la cola de trabajo iwcm_wq se cre\u00f3 a trav\u00e9s de la funci\u00f3n alloc_ordered_workqueue sin el indicador WQ_MEM_RECLAIM. Debido a que el proceso actual est\u00e1 intentando vaciar todo iwcm_wq, si iwcm_wq no tiene el indicador WQ_MEM_RECLAIM, verifique que el proceso actual no est\u00e9 recuperando memoria o ejecut\u00e1ndose en una cola de trabajo que no tenga el indicador WQ_MEM_RECLAIM, ya que eso puede romper la garant\u00eda de progreso hacia adelante y provocar un bloqueo. El seguimiento de la llamada es el siguiente: [ 125.350876][ T1430] Seguimiento de la llamada: [ 125.356281][ T1430] [ 125.361285][ T1430] ? __warn (kernel/panic.c:693) [ 125.367640][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9)) [ 125.375689][ T1430] ? report_bug (lib/bug.c:180 lib/bug.c:219) [ 125.382505][ T1430] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminador 1)) [ 125.395831][ T1430] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621) [ 125.403125][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminador 9)) [ 125.410984][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminador 9)) [ 125.418764][ T1430] __flush_workqueue (kernel/workqueue.c:3970) [ 125.426021][ T1430] ? __pfx___might_resched (kernel/sched/core.c:10151) [ 125.433431][ T1430] ? destroy_cm_id (drivers/infiniband/core/iwcm.c:375) iw_cm [ 125.441209][ T1430] ? __pfx___flush_workqueue (kernel/workqueue.c:3910) [ 125.473900][ T1430] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:107 include/linux/atomic/atomic-arch-fallback.h:2170 include/linux/atomic/atomic-instrumented.h:1302 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162) [ 125.473909][ T1430] ? __pfx__raw_spin_lock_irqsave (n\u00facleo/bloqueo/spinlock.c:161) [ 125.482537][ T1430] _destroy_id (controladores/infiniband/core/cma.c:2044) rdma_cm [ 125.495072][ T1430] nvme_rdma_free_queue (controladores/nvme/host/rdma.c:656 controladores/nvme/host/rdma.c:650) nvme_rdma [ 125.505827][ T1430] nvme_rdma_reset_ctrl_work (controladores/nvme/host/rdma.c:2180) nvme_rdma [ 125.505831][ T1430] proceso_uno_trabajo (kernel/workqueue.c:3231) [ 125.515122][ T1430] subproceso_de_trabajo (kernel/workqueue.c:3306 kernel/workqueue.c:3393) [ 125.515127][ T1430] ? __pfx_subproceso_de_trabajo (kernel/workqueue.c:3339) [ 125.531837][ T1430] subproceso_de_trabajo (kernel/kthread.c:389) [ 125.539864][ T1430] ? __pfx_kthread (kernel/kthread.c:342) [ 125.550628][ T1430] ret_from_fork (arch/x86/kernel/process.c:147) [ 125.558840][ T1430] ? __pfx_kthread (kernel/kthread.c:342) [ 125.558844][ T1430] ret_from_fork_asm (arch/x86/entry/entry_64.S:257) [ 125.566487][ T1430] [ 125.566488][ T1430] ---[ fin de seguimiento 000000000000000 ]---"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.320",
"versionEndExcluding": "5.4",
"matchCriteriaId": "F09E537F-AD7C-4CDD-94C7-982AB40F0250"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.282",
"versionEndExcluding": "5.10",
"matchCriteriaId": "90BDC6BE-7108-4153-B444-9458B801A490"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.224",
"versionEndExcluding": "5.10.227",
"matchCriteriaId": "7E8BD058-58ED-4814-A074-86C0143050D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.165",
"versionEndExcluding": "5.15.168",
"matchCriteriaId": "7C1D9631-2FF8-491B-B364-0C17573AE285"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.103",
"versionEndExcluding": "6.1.113",
"matchCriteriaId": "B972EDA4-04F8-4699-8D9D-A5DC02BE8618"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6.44",
"versionEndExcluding": "6.6.54",
"matchCriteriaId": "120EDEE6-5DF3-41B7-B899-A20906FEC9A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.10.3",
"versionEndExcluding": "6.10.13",
"matchCriteriaId": "6C8722B8-BE3E-4B88-AA44-E3441523B260"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.11.2",
"matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2efe8da2ddbf873385b4bc55366d09350b408df6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/86dfdd8288907f03c18b7fb462e0e232c4f98d89",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8b7df76356d098f85f3bd2c7cf6fb43f531893d7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a09dc967b3c58899e259c0aea092f421d22a0b04",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a64f30db12bdc937c5108158d98c8eab1925c548",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/da0392698c62397c19deb1b9e9bdf2fbb5a9420e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

134
CVE-2024/CVE-2024-476xx/CVE-2024-47697.json
View File

@ -2,44 +2,158 @@
"id": "CVE-2024-47697",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:06.343",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-23T20:51:37.527",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error\n\nEnsure index in rtl2830_pid_filter does not exceed 31 to prevent\nout-of-bounds access.\n\ndev->filters is a 32-bit value, so set_bit and clear_bit functions should\nonly operate on indices from 0 to 31. If index is 32, it will attempt to\naccess a non-existent 33rd bit, leading to out-of-bounds access.\nChange the boundary check from index > 32 to index >= 32 to resolve this\nissue."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drivers: media: dvb-frontends/rtl2830: corrige un error de escritura fuera de los l\u00edmites Aseg\u00farate de que el \u00edndice en rtl2830_pid_filter no supere 31 para evitar el acceso fuera de los l\u00edmites. dev-&gt;filters es un valor de 32 bits, por lo que las funciones set_bit y clear_bit solo deben funcionar en \u00edndices de 0 a 31. Si el \u00edndice es 32, intentar\u00e1 acceder a un bit 33 inexistente, lo que provocar\u00e1 un acceso fuera de los l\u00edmites. Cambia la comprobaci\u00f3n de l\u00edmites de \u00edndice &gt; 32 a \u00edndice &gt;= 32 para resolver este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0",
"versionEndExcluding": "5.10.227",
"matchCriteriaId": "B048D614-44B2-4635-B88F-66392D68DE86"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.168",
"matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.113",
"matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.54",
"matchCriteriaId": "D448821D-C085-4CAF-88FA-2DDE7BE21976"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.13",
"matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.11.2",
"matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/042b101d7bf70616c4967c286ffa6fcca65babfb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3dba83d3c81de1368d15a39f22df7b53e306052f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/46d7ebfe6a75a454a5fa28604f0ef1491f9d8d14",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/58f31be7dfbc0c84a6497ad51924949cf64b86a2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7fd6aae7e53b94f4035b1bfce28b8dfa0d0ae470",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/86d920d2600c3a48efc2775c1666c1017eec6956",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/badbd736e6649c4e6d7b4ff7e2b9857acfa9ea94",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

134
CVE-2024/CVE-2024-476xx/CVE-2024-47698.json
View File

@ -2,44 +2,158 @@
"id": "CVE-2024-47698",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:06.423",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-23T20:52:11.123",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error\n\nEnsure index in rtl2832_pid_filter does not exceed 31 to prevent\nout-of-bounds access.\n\ndev->filters is a 32-bit value, so set_bit and clear_bit functions should\nonly operate on indices from 0 to 31. If index is 32, it will attempt to\naccess a non-existent 33rd bit, leading to out-of-bounds access.\nChange the boundary check from index > 32 to index >= 32 to resolve this\nissue.\n\n[hverkuil: added fixes tag, rtl2830_pid_filter -> rtl2832_pid_filter in logmsg]"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drivers: media: dvb-frontends/rtl2832: corrige un error de escritura fuera de los l\u00edmites Aseg\u00farate de que el \u00edndice en rtl2832_pid_filter no supere 31 para evitar el acceso fuera de los l\u00edmites. dev-&gt;filters es un valor de 32 bits, por lo que las funciones set_bit y clear_bit solo deben funcionar en \u00edndices de 0 a 31. Si el \u00edndice es 32, intentar\u00e1 acceder a un bit 33 inexistente, lo que provocar\u00e1 un acceso fuera de los l\u00edmites. Cambia la comprobaci\u00f3n de l\u00edmites de \u00edndice &gt; 32 a \u00edndice &gt;= 32 para resolver este problema. [hverkuil: se agreg\u00f3 la etiqueta de correcciones, rtl2830_pid_filter -&gt; rtl2832_pid_filter en logmsg]"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0",
"versionEndExcluding": "5.10.227",
"matchCriteriaId": "B048D614-44B2-4635-B88F-66392D68DE86"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.168",
"matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.113",
"matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.54",
"matchCriteriaId": "D448821D-C085-4CAF-88FA-2DDE7BE21976"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.13",
"matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.11.2",
"matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/15bea004e939d938a6771dfcf2a26cc899ffd20a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/527ab3eb3b0b4a6ee00e183c1de6a730239e2835",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/66dbe0df6eccc7ee53a2c35016ce81e13b3ff447",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6ae3b9aee42616ee93c4585174f40c767828006d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8ae06f360cfaca2b88b98ca89144548b3186aab1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a879b6cdd48134a3d58949ea4f075c75fa2d7d71",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bedd42e07988dbdd124b23e758ffef7a681b9c60",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

134
CVE-2024/CVE-2024-476xx/CVE-2024-47699.json
View File

@ -2,44 +2,158 @@
"id": "CVE-2024-47699",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:06.503",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-23T20:52:39.363",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential null-ptr-deref in nilfs_btree_insert()\n\nPatch series \"nilfs2: fix potential issues with empty b-tree nodes\".\n\nThis series addresses three potential issues with empty b-tree nodes that\ncan occur with corrupted filesystem images, including one recently\ndiscovered by syzbot.\n\n\nThis patch (of 3):\n\nIf a b-tree is broken on the device, and the b-tree height is greater than\n2 (the level of the root node is greater than 1) even if the number of\nchild nodes of the b-tree root is 0, a NULL pointer dereference occurs in\nnilfs_btree_prepare_insert(), which is called from nilfs_btree_insert().\n\nThis is because, when the number of child nodes of the b-tree root is 0,\nnilfs_btree_do_lookup() does not set the block buffer head in any of\npath[x].bp_bh, leaving it as the initial value of NULL, but if the level\nof the b-tree root node is greater than 1, nilfs_btree_get_nonroot_node(),\nwhich accesses the buffer memory of path[x].bp_bh, is called.\n\nFix this issue by adding a check to nilfs_btree_root_broken(), which\nperforms sanity checks when reading the root node from the device, to\ndetect this inconsistency.\n\nThanks to Lizhi Xu for trying to solve the bug and clarifying the cause\nearly on."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: soluciona una posible desreferencia de puntero nulo en nilfs_btree_insert() Serie de parches \"nilfs2: soluciona posibles problemas con nodos de \u00e1rbol b vac\u00edos\". Esta serie aborda tres posibles problemas con nodos de \u00e1rbol b vac\u00edos que pueden ocurrir con im\u00e1genes de sistema de archivos da\u00f1adas, incluido uno descubierto recientemente por syzbot. Este parche (de 3): Si un \u00e1rbol b est\u00e1 roto en el dispositivo y la altura del \u00e1rbol b es mayor que 2 (el nivel del nodo ra\u00edz es mayor que 1) incluso si el n\u00famero de nodos secundarios de la ra\u00edz del \u00e1rbol b es 0, se produce una desreferencia de puntero NULL en nilfs_btree_prepare_insert(), que se llama desde nilfs_btree_insert(). Esto se debe a que, cuando el n\u00famero de nodos secundarios de la ra\u00edz del \u00e1rbol b es 0, nilfs_btree_do_lookup() no establece el encabezado del b\u00fafer de bloque en ninguno de los path[x].bp_bh, dej\u00e1ndolo como el valor inicial de NULL, pero si el nivel del nodo ra\u00edz del \u00e1rbol b es mayor que 1, se llama a nilfs_btree_get_nonroot_node(), que accede a la memoria del b\u00fafer de path[x].bp_bh. Solucione este problema agregando una verificaci\u00f3n a nilfs_btree_root_broken(), que realiza verificaciones de cordura al leer el nodo ra\u00edz desde el dispositivo, para detectar esta inconsistencia. Gracias a Lizhi Xu por intentar resolver el error y aclarar la causa desde el principio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.30",
"versionEndExcluding": "5.10.227",
"matchCriteriaId": "D7AC25F3-FCB6-413C-966C-A41D588398BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.168",
"matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.113",
"matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.54",
"matchCriteriaId": "D448821D-C085-4CAF-88FA-2DDE7BE21976"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.13",
"matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.11.2",
"matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/21839b6fbc3c41b3e374ecbdb0cabbbb2c53cf34",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/24bf40740a3da6b4056721da34997ae6938f3da1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3644554d308ddf2669e459a1551a7edf60b2d62b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/73d23ecf234b7a6d47fb883f2dabe10e3230b31d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9403001ad65ae4f4c5de368bdda3a0636b51d51a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/db73500d3f0e558eb642aae1d4782e7726b4a03f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f68523e0f26faade18833fbef577a4295d8e2c94",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

98
CVE-2024/CVE-2024-477xx/CVE-2024-47700.json
View File

@ -2,32 +2,116 @@
"id": "CVE-2024-47700",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:06.593",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-23T21:27:28.460",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: check stripe size compatibility on remount as well\n\nWe disable stripe size in __ext4_fill_super if it is not a multiple of\nthe cluster ratio however this check is missed when trying to remount.\nThis can leave us with cases where stripe < cluster_ratio after\nremount:set making EXT4_B2C(sbi->s_stripe) become 0 that can cause some\nunforeseen bugs like divide by 0.\n\nFix that by adding the check in remount path as well."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: comprobar la compatibilidad del tama\u00f1o de la franja al volver a montar tambi\u00e9n Deshabilitamos el tama\u00f1o de la franja en __ext4_fill_super si no es un m\u00faltiplo de la relaci\u00f3n del cl\u00faster; sin embargo, esta comprobaci\u00f3n se omite al intentar volver a montar. Esto puede dejarnos con casos en los que stripe &lt; cluster_ratio despu\u00e9s de remount:set, lo que hace que EXT4_B2C(sbi-&gt;s_stripe) se convierta en 0, lo que puede causar algunos errores imprevistos como dividir por 0. Solucione eso agregando la comprobaci\u00f3n en la ruta de montaje tambi\u00e9n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-369"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5",
"versionEndExcluding": "6.6.54",
"matchCriteriaId": "533A887F-F2B4-4445-8C73-11A8013D0A01"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.13",
"matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.11.2",
"matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/297615e992bbb30a55c158141086be6505d5d722",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a31b712f75445d52fc0451dc54fd7b16a552cb7c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ee85e0938aa8f9846d21e4d302c3cf6a2a75110d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/faeff8b1ee2eaa5969c8e994d66c3337298cefed",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

134
CVE-2024/CVE-2024-477xx/CVE-2024-47701.json
View File

@ -2,44 +2,158 @@
"id": "CVE-2024-47701",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:06.663",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-23T20:53:13.877",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid OOB when system.data xattr changes underneath the filesystem\n\nWhen looking up for an entry in an inlined directory, if e_value_offs is\nchanged underneath the filesystem by some change in the block device, it\nwill lead to an out-of-bounds access that KASAN detects as an UAF.\n\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.\nloop0: detected capacity change from 2048 to 2047\n==================================================================\nBUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\nRead of size 1 at addr ffff88803e91130f by task syz-executor269/5103\n\nCPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 Not tainted 6.11.0-rc4-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\n ext4_find_inline_entry+0x4be/0x5e0 fs/ext4/inline.c:1697\n __ext4_find_entry+0x2b4/0x1b30 fs/ext4/namei.c:1573\n ext4_lookup_entry fs/ext4/namei.c:1727 [inline]\n ext4_lookup+0x15f/0x750 fs/ext4/namei.c:1795\n lookup_one_qstr_excl+0x11f/0x260 fs/namei.c:1633\n filename_create+0x297/0x540 fs/namei.c:3980\n do_symlinkat+0xf9/0x3a0 fs/namei.c:4587\n __do_sys_symlinkat fs/namei.c:4610 [inline]\n __se_sys_symlinkat fs/namei.c:4607 [inline]\n __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f3e73ced469\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a\nRAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469\nRDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0\nRBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290\nR10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c\nR13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0\n </TASK>\n\nCalling ext4_xattr_ibody_find right after reading the inode with\next4_get_inode_loc will lead to a check of the validity of the xattrs,\navoiding this problem."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: evitar OOB cuando system.data xattr cambia debajo del sistema de archivos Al buscar una entrada en un directorio en l\u00ednea, si e_value_offs se cambia debajo del sistema de archivos por alg\u00fan cambio en el dispositivo de bloque, conducir\u00e1 a un acceso fuera de los l\u00edmites que KASAN detecta como un UAF. EXT4-fs (loop0): sistema de archivos montado 00000000-0000-0000-0000-00000000000 r/w sin diario. Modo de cuota: ninguno. loop0: se detect\u00f3 un cambio de capacidad de 2048 a 2047 ======================================================================= ERROR: KASAN: use after free en ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500 Lectura de tama\u00f1o 1 en la direcci\u00f3n ffff88803e91130f por la tarea syz-executor269/5103 CPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 No contaminado 6.11.0-rc4-syzkaller #0 Nombre del hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 01/04/2014 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:93 [en l\u00ednea] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 print_address_description mm/kasan/report.c:377 [en l\u00ednea] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500 ext4_find_inline_entry+0x4be/0x5e0 fs/ext4/inline.c:1697 __ext4_find_entry+0x2b4/0x1b30 fs/ext4/namei.c:1573 ext4_lookup_entry fs/ext4/namei.c:1727 [en l\u00ednea] ext4_lookup+0x15f/0x750 fs/ext4/namei.c:1795 lookup_one_qstr_excl+0x11f/0x260 fs/namei.c:1633 filename_create+0x297/0x540 fs/namei.c:3980 do_symlinkat+0xf9/0x3a0 fs/namei.c:4587 __do_sys_symlinkat fs/namei.c:4610 [en l\u00ednea] __se_sys_symlinkat fs/namei.c:4607 [en l\u00ednea] __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3e73ced469 C\u00f3digo: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 &lt;48&gt; 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a RAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469 RDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0 RBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290 R10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c R13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0 Llamada ext4_xattr_ibody_find justo despu\u00e9s de leer el inodo con ext4_get_inode_loc conducir\u00e1 a una verificaci\u00f3n de la validez de los xattrs, evitando este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.8",
"versionEndExcluding": "5.10.227",
"matchCriteriaId": "2422D341-BD04-4C11-A233-0C67AEB040B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.168",
"matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.113",
"matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.54",
"matchCriteriaId": "D448821D-C085-4CAF-88FA-2DDE7BE21976"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.13",
"matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.11.2",
"matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2a6579ef5f2576a940125729f7409cc182f1c8df",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/371d0bacecd529f887ea2547333d9173e7bcdc0a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7fc22c3b3ffc0e952f5e0062dd11aa6ae76affba",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/be2e9b111e2790962cc66a177869b4e9717b4e29",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c6b72f5d82b1017bad80f9ebf502832fc321d796",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ccb8c18076e2e630fea23fbec583cdad61787fc5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ea32883e4a03ed575a2eb7a66542022312bde477",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

122
CVE-2024/CVE-2024-477xx/CVE-2024-47720.json
View File

@ -2,40 +2,144 @@
"id": "CVE-2024-47720",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:08.240",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-23T20:53:54.150",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func\n\nThis commit adds a null check for the set_output_gamma function pointer\nin the dcn30_set_output_transfer_func function. Previously,\nset_output_gamma was being checked for nullity at line 386, but then it\nwas being dereferenced without any nullity check at line 401. This\ncould potentially lead to a null pointer dereference error if\nset_output_gamma is indeed null.\n\nTo fix this, we now ensure that set_output_gamma is not null before\ndereferencing it. We do this by adding a nullity check for\nset_output_gamma before the call to set_output_gamma at line 401. If\nset_output_gamma is null, we log an error message and do not call the\nfunction.\n\nThis fix prevents a potential null pointer dereference error.\n\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:401 dcn30_set_output_transfer_func()\nerror: we previously assumed 'mpc->funcs->set_output_gamma' could be null (see line 386)\n\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c\n 373 bool dcn30_set_output_transfer_func(struct dc *dc,\n 374 struct pipe_ctx *pipe_ctx,\n 375 const struct dc_stream_state *stream)\n 376 {\n 377 int mpcc_id = pipe_ctx->plane_res.hubp->inst;\n 378 struct mpc *mpc = pipe_ctx->stream_res.opp->ctx->dc->res_pool->mpc;\n 379 const struct pwl_params *params = NULL;\n 380 bool ret = false;\n 381\n 382 /* program OGAM or 3DLUT only for the top pipe*/\n 383 if (pipe_ctx->top_pipe == NULL) {\n 384 /*program rmu shaper and 3dlut in MPC*/\n 385 ret = dcn30_set_mpc_shaper_3dlut(pipe_ctx, stream);\n 386 if (ret == false && mpc->funcs->set_output_gamma) {\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ If this is NULL\n\n 387 if (stream->out_transfer_func.type == TF_TYPE_HWPWL)\n 388 params = &stream->out_transfer_func.pwl;\n 389 else if (pipe_ctx->stream->out_transfer_func.type ==\n 390 TF_TYPE_DISTRIBUTED_POINTS &&\n 391 cm3_helper_translate_curve_to_hw_format(\n 392 &stream->out_transfer_func,\n 393 &mpc->blender_params, false))\n 394 params = &mpc->blender_params;\n 395 /* there are no ROM LUTs in OUTGAM */\n 396 if (stream->out_transfer_func.type == TF_TYPE_PREDEFINED)\n 397 BREAK_TO_DEBUGGER();\n 398 }\n 399 }\n 400\n--> 401 mpc->funcs->set_output_gamma(mpc, mpcc_id, params);\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Then it will crash\n\n 402 return ret;\n 403 }"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Agregar comprobaci\u00f3n nula para set_output_gamma en dcn30_set_output_transfer_func Esta confirmaci\u00f3n agrega una comprobaci\u00f3n nula para el puntero de funci\u00f3n set_output_gamma en la funci\u00f3n dcn30_set_output_transfer_func. Anteriormente, se estaba comprobando la nulidad de set_output_gamma en la l\u00ednea 386, pero luego se estaba desreferenciando sin ninguna comprobaci\u00f3n de nulidad en la l\u00ednea 401. Esto podr\u00eda conducir potencialmente a un error de desreferencia de puntero nulo si set_output_gamma es de hecho nulo. Para solucionar esto, ahora nos aseguramos de que set_output_gamma no sea nulo antes de desreferenciarlo. Hacemos esto agregando una comprobaci\u00f3n de nulidad para set_output_gamma antes de la llamada a set_output_gamma en la l\u00ednea 401. Si set_output_gamma es nulo, registramos un mensaje de error y no llamamos a la funci\u00f3n. Esta correcci\u00f3n evita un posible error de desreferencia de puntero nulo. drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:401 error de dcn30_set_output_transfer_func(): anteriormente asumimos que 'mpc-&gt;funcs-&gt;set_output_gamma' podr\u00eda ser nulo (ver l\u00ednea 386) drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c 373 bool dcn30_set_output_transfer_func(struct dc *dc, 374 struct pipe_ctx *pipe_ctx, 375 const struct dc_stream_state *stream) 376 { 377 int mpcc_id = pipe_ctx-&gt;plane_res.hubp-&gt;inst; 378 struct mpc *mpc = pipe_ctx-&gt;stream_res.opp-&gt;ctx-&gt;dc-&gt;res_pool-&gt;mpc; 379 const struct pwl_params *params = NULL; 380 bool ret = false; 381 382 /* programa OGAM o 3DLUT solo para la tuber\u00eda superior*/ 383 if (pipe_ctx-&gt;top_pipe == NULL) { 384 /*programa rmu shaper y 3dlut en MPC*/ 385 ret = dcn30_set_mpc_shaper_3dlut(pipe_ctx, stream); 386 si (ret == falso &amp;&amp; mpc-&gt;funcs-&gt;set_output_gamma) { ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Si esto es NULL 387 si (flujo-&gt;out_transfer_func.type == TF_TYPE_HWPWL) 388 par\u00e1metros = &amp;flujo-&gt;out_transfer_func.pwl; 389 de lo contrario si (pipe_ctx-&gt;flujo-&gt;out_transfer_func.type == 390 TF_TYPE_DISTRIBUTED_POINTS &amp;&amp; 391 cm3_helper_translate_curve_to_hw_format( 392 &amp;flujo-&gt;out_transfer_func, 393 &amp;mpc-&gt;blender_params, falso)) 394 par\u00e1metros = &amp;mpc-&gt;blender_params; 395 /* no hay LUT de ROM en OUTGAM */ 396 if (stream-&gt;out_transfer_func.type == TF_TYPE_PREDEFINED) 397 BREAK_TO_DEBUGGER(); 398 } 399 } 400 --&gt; 401 mpc-&gt;funcs-&gt;set_output_gamma(mpc, mpcc_id, params); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Entonces se bloquear\u00e1 402 return ret; 403 }"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.9",
"versionEndExcluding": "5.15.168",
"matchCriteriaId": "643E292D-C242-4FEC-8A11-034AB46708C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.113",
"matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.54",
"matchCriteriaId": "D448821D-C085-4CAF-88FA-2DDE7BE21976"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.13",
"matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.11.2",
"matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/08ae395ea22fb3d9b318c8bde28c0dfd2f5fa4d2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/44948d3cb943602ba4a0b5ed3c91ae0525838fb1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/64886a4e6f1dce843c0889505cf0673b5211e16a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/72ee32d0907364104fbcf4f68dd5ae63cd8eae9e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/84edd5a3f5fa6aafa4afcaf9f101f46426c620c9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ddf9ff244d704e1903533f7be377615ed34b83e7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

86
CVE-2024/CVE-2024-477xx/CVE-2024-47721.json
View File

@ -2,28 +2,102 @@
"id": "CVE-2024-47721",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:08.313",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-23T20:57:04.897",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: remove unused C2H event ID RTW89_MAC_C2H_FUNC_READ_WOW_CAM to prevent out-of-bounds reading\n\nThe handler of firmware C2H event RTW89_MAC_C2H_FUNC_READ_WOW_CAM isn't\nimplemented, but driver expects number of handlers is\nNUM_OF_RTW89_MAC_C2H_FUNC_WOW causing out-of-bounds access. Fix it by\nremoving ID.\n\nAddresses-Coverity-ID: 1598775 (\"Out-of-bounds read\")"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: rtw89: eliminar el ID de evento C2H no utilizado RTW89_MAC_C2H_FUNC_READ_WOW_CAM para evitar la lectura fuera de los l\u00edmites El controlador del evento C2H del firmware RTW89_MAC_C2H_FUNC_READ_WOW_CAM no est\u00e1 implementado, pero el controlador espera que el n\u00famero de controladores sea NUM_OF_RTW89_MAC_C2H_FUNC_WOW, lo que provoca un acceso fuera de los l\u00edmites. Solucione el problema eliminando el ID. Addresses-Coverity-ID: 1598775 (\"Lectura fuera de los l\u00edmites\")"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.10",
"versionEndExcluding": "6.10.13",
"matchCriteriaId": "767D4D2D-C6E7-4B7D-9446-CFC8F8FF2FBB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.11.2",
"matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/10463308b9454f534d03300cf679bc4b3d078f46",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2c9c2d1a20916589497a7facbea3e82cabec4ab8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/56310ddb50b190b3390fdc974aec455d0a516bd2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

86
CVE-2024/CVE-2024-477xx/CVE-2024-47724.json
View File

@ -2,28 +2,102 @@
"id": "CVE-2024-47724",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T13:15:02.590",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-23T21:41:13.390",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: use work queue to process beacon tx event\n\nCommit 3a415daa3e8b (\"wifi: ath11k: add P2P IE in beacon template\")\nfrom Feb 28, 2024 (linux-next), leads to the following Smatch static\nchecker warning:\n\ndrivers/net/wireless/ath/ath11k/wmi.c:1742 ath11k_wmi_p2p_go_bcn_ie()\nwarn: sleeping in atomic context\n\nThe reason is that ath11k_bcn_tx_status_event() will directly call might\nsleep function ath11k_wmi_cmd_send() during RCU read-side critical\nsections. The call trace is like:\n\nath11k_bcn_tx_status_event()\n-> rcu_read_lock()\n-> ath11k_mac_bcn_tx_event()\n\t-> ath11k_mac_setup_bcn_tmpl()\n\t\u2026\u2026\n\t\t-> ath11k_wmi_bcn_tmpl()\n\t\t\t-> ath11k_wmi_cmd_send()\n-> rcu_read_unlock()\n\nCommit 886433a98425 (\"ath11k: add support for BSS color change\") added the\nath11k_mac_bcn_tx_event(), commit 01e782c89108 (\"ath11k: fix warning\nof RCU usage for ath11k_mac_get_arvif_by_vdev_id()\") added the RCU lock\nto avoid warning but also introduced this BUG.\n\nUse work queue to avoid directly calling ath11k_mac_bcn_tx_event()\nduring RCU critical sections. No need to worry about the deletion of vif\nbecause cancel_work_sync() will drop the work if it doesn't start or\nblock vif deletion until the running work is done.\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: ath11k: usar cola de trabajo para procesar evento beacon tx el commit 3a415daa3e8b (\"wifi: ath11k: agregar P2P IE en plantilla beacon\") del 28 de febrero de 2024 (linux-next) genera la siguiente advertencia del verificador est\u00e1tico de Smatch: drivers/net/wireless/ath/ath11k/wmi.c:1742 ath11k_wmi_p2p_go_bcn_ie() warn: durmiendo en contexto at\u00f3mico La raz\u00f3n es que ath11k_bcn_tx_status_event() llamar\u00e1 directamente a la funci\u00f3n de suspensi\u00f3n ath11k_wmi_cmd_send() durante las secciones cr\u00edticas del lado de lectura de RCU. El seguimiento de la llamada es as\u00ed: ath11k_bcn_tx_status_event() -&gt; rcu_read_lock() -&gt; ath11k_mac_bcn_tx_event() -&gt; ath11k_mac_setup_bcn_tmpl() \u2026\u2026 -&gt; ath11k_wmi_bcn_tmpl() -&gt; ath11k_wmi_cmd_send() -&gt; rcu_read_unlock() el commit 886433a98425 (\"ath11k: agregar soporte para cambio de color BSS\") agreg\u00f3 ath11k_mac_bcn_tx_event(), el commit 01e782c89108 (\"ath11k: corregir advertencia de uso de RCU para ath11k_mac_get_arvif_by_vdev_id()\") agreg\u00f3 el bloqueo de RCU para evitar advertencias pero tambi\u00e9n introdujo este ERROR. Utilice la cola de trabajo para evitar llamar directamente a ath11k_mac_bcn_tx_event() durante las secciones cr\u00edticas de RCU. No es necesario preocuparse por la eliminaci\u00f3n de vif porque cancel_work_sync() descartar\u00e1 el trabajo si no comienza o bloquear\u00e1 la eliminaci\u00f3n de vif hasta que finalice el trabajo en ejecuci\u00f3n. Probado en: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.10",
"versionEndExcluding": "6.10.13",
"matchCriteriaId": "767D4D2D-C6E7-4B7D-9446-CFC8F8FF2FBB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.11.2",
"matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/177b49dbf9c1d8f9f25a22ffafa416fc2c8aa6a3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6db232905e094e64abff1f18249905d068285e09",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/dbd51da69dda1137723b8f66460bf99a9dac8dd2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

110
CVE-2024/CVE-2024-477xx/CVE-2024-47727.json
View File

@ -2,36 +2,130 @@
"id": "CVE-2024-47727",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T13:15:02.883",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-23T20:32:53.743",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/tdx: Fix \"in-kernel MMIO\" check\n\nTDX only supports kernel-initiated MMIO operations. The handle_mmio()\nfunction checks if the #VE exception occurred in the kernel and rejects\nthe operation if it did not.\n\nHowever, userspace can deceive the kernel into performing MMIO on its\nbehalf. For example, if userspace can point a syscall to an MMIO address,\nsyscall does get_user() or put_user() on it, triggering MMIO #VE. The\nkernel will treat the #VE as in-kernel MMIO.\n\nEnsure that the target MMIO address is within the kernel before decoding\ninstruction."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/tdx: Se corrige la comprobaci\u00f3n \"MMIO en el kernel\" TDX solo admite operaciones MMIO iniciadas por el kernel. La funci\u00f3n handle_mmio() comprueba si la excepci\u00f3n #VE se produjo en el kernel y rechaza la operaci\u00f3n si no fue as\u00ed. Sin embargo, el espacio de usuario puede enga\u00f1ar al kernel para que realice MMIO en su nombre. Por ejemplo, si el espacio de usuario puede apuntar una llamada al sistema a una direcci\u00f3n MMIO, la llamada al sistema realiza get_user() o put_user() en ella, lo que activa MMIO #VE. El kernel tratar\u00e1 el #VE como MMIO en el kernel. Aseg\u00farese de que la direcci\u00f3n MMIO de destino est\u00e9 dentro del kernel antes de decodificar la instrucci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.19",
"versionEndExcluding": "6.1.113",
"matchCriteriaId": "7D848431-3C7A-4C40-BC35-515047E89ABE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.54",
"matchCriteriaId": "D448821D-C085-4CAF-88FA-2DDE7BE21976"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.13",
"matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.11.2",
"matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/18ecd5b74682839e7cdafb7cd1ec106df7baa18c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/25703a3c980e21548774eea8c8a87a75c5c8f58c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4c0c5dcb5471de5fc8f0a1c4980e5815339e1cee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bca2e29f7e26ce7c3522f8b324c0bd85612f68e3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d4fc4d01471528da8a9797a065982e05090e1d81",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

110
CVE-2024/CVE-2024-477xx/CVE-2024-47728.json
View File

@ -2,36 +2,130 @@
"id": "CVE-2024-47728",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T13:15:02.980",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-23T20:36:52.367",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error\n\nFor all non-tracing helpers which formerly had ARG_PTR_TO_{LONG,INT} as input\narguments, zero the value for the case of an error as otherwise it could leak\nmemory. For tracing, it is not needed given CAP_PERFMON can already read all\nkernel memory anyway hence bpf_get_func_arg() and bpf_get_func_ret() is skipped\nin here.\n\nAlso, the MTU helpers mtu_len pointer value is being written but also read.\nTechnically, the MEM_UNINIT should not be there in order to always force init.\nRemoving MEM_UNINIT needs more verifier rework though: MEM_UNINIT right now\nimplies two things actually: i) write into memory, ii) memory does not have\nto be initialized. If we lift MEM_UNINIT, it then becomes: i) read into memory,\nii) memory must be initialized. This means that for bpf_*_check_mtu() we're\nreadding the issue we're trying to fix, that is, it would then be able to\nwrite back into things like .rodata BPF maps. Follow-up work will rework the\nMEM_UNINIT semantics such that the intent can be better expressed. For now\njust clear the *mtu_len on error path which can be lifted later again."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: cero antiguos argumentos ARG_PTR_TO_{LONG,INT} en caso de error Para todos los ayudantes que no son de seguimiento que anteriormente ten\u00edan ARG_PTR_TO_{LONG,INT} como argumentos de entrada, ponga a cero el valor en caso de error, ya que de lo contrario podr\u00eda perder memoria. Para el seguimiento, no es necesario dado que CAP_PERFMON ya puede leer toda la memoria del kernel de todos modos, por lo tanto, bpf_get_func_arg() y bpf_get_func_ret() se omiten aqu\u00ed. Adem\u00e1s, el valor del puntero mtu_len de los ayudantes de MTU se escribe pero tambi\u00e9n se lee. T\u00e9cnicamente, MEM_UNINIT no deber\u00eda estar all\u00ed para forzar siempre la inicializaci\u00f3n. Sin embargo, eliminar MEM_UNINIT necesita m\u00e1s reelaboraci\u00f3n del verificador: MEM_UNINIT en este momento implica dos cosas en realidad: i) escribir en la memoria, ii) la memoria no tiene que ser inicializada. Si eliminamos MEM_UNINIT, se convierte en: i) lectura en memoria, ii) la memoria debe inicializarse. Esto significa que para bpf_*_check_mtu() estamos agregando nuevamente el problema que estamos tratando de solucionar, es decir, entonces podr\u00eda volver a escribir en cosas como mapas BPF .rodata. El trabajo de seguimiento reelaborar\u00e1 la sem\u00e1ntica de MEM_UNINIT de modo que la intenci\u00f3n pueda expresarse mejor. Por ahora, simplemente borre *mtu_len en la ruta de error que se puede eliminar nuevamente m\u00e1s tarde."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-459"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.2",
"versionEndExcluding": "6.1.113",
"matchCriteriaId": "6C4FF0D1-B45B-4E3D-9E2A-F50C67CA711C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.54",
"matchCriteriaId": "D448821D-C085-4CAF-88FA-2DDE7BE21976"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.13",
"matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.11.2",
"matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4b3786a6c5397dc220b1483d8e2f4867743e966f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/594a9f5a8d2de2573a856e506f77ba7dd2cefc6a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/599d15b6d03356a97bff7a76155c5604c42a2962",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8397bf78988f3ae9dbebb0200189a62a57264980",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a634fa8e480ac2423f86311a602f6295df2c8ed0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

74
CVE-2024/CVE-2024-477xx/CVE-2024-47729.json
View File

@ -2,24 +2,88 @@
"id": "CVE-2024-47729",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T13:15:03.070",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-23T20:40:24.640",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Use reserved copy engine for user binds on faulting devices\n\nUser binds map to engines with can fault, faults depend on user binds\ncompletion, thus we can deadlock. Avoid this by using reserved copy\nengine for user binds on faulting devices.\n\nWhile we are here, normalize bind queue creation with a helper.\n\nv2:\n - Pass in extensions to bind queue creation (CI)\nv3:\n - s/resevered/reserved (Lucas)\n - Fix NULL hwe check (Jonathan)"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe: Utilizar un motor de copia reservada para los enlaces de usuario en dispositivos con fallos Los enlaces de usuario se asignan a motores con fallos, los fallos dependen de que se completen los enlaces de usuario, por lo que podemos bloquear. Evite esto utilizando un motor de copia reservada para los enlaces de usuario en dispositivos con fallos. Mientras estamos aqu\u00ed, normalice la creaci\u00f3n de colas de enlaces con un asistente. v2: - Pasar extensiones para la creaci\u00f3n de colas de enlaces (CI) v3: - s/resevered/reserved (Lucas) - Reparar la comprobaci\u00f3n de hwe NULL (Jonathan)"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8",
"versionEndExcluding": "6.11.2",
"matchCriteriaId": "3802D3DC-264E-4BC3-8F30-4574E03388B8"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/439fc1e569c57669dbb842d0a77c7ba0a82a9f5d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/852856e3b6f679c694dd5ec41e5a3c11aa46640b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

134
CVE-2024/CVE-2024-477xx/CVE-2024-47735.json
View File

@ -2,44 +2,158 @@
"id": "CVE-2024-47735",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T13:15:03.630",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-23T21:00:03.940",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled\n\nFix missuse of spin_lock_irq()/spin_unlock_irq() when\nspin_lock_irqsave()/spin_lock_irqrestore() was hold.\n\nThis was discovered through the lock debugging, and the corresponding\nlog is as follows:\n\nraw_local_irq_restore() called with IRQs enabled\nWARNING: CPU: 96 PID: 2074 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x30/0x40\n...\nCall trace:\n warn_bogus_irq_restore+0x30/0x40\n _raw_spin_unlock_irqrestore+0x84/0xc8\n add_qp_to_list+0x11c/0x148 [hns_roce_hw_v2]\n hns_roce_create_qp_common.constprop.0+0x240/0x780 [hns_roce_hw_v2]\n hns_roce_create_qp+0x98/0x160 [hns_roce_hw_v2]\n create_qp+0x138/0x258\n ib_create_qp_kernel+0x50/0xe8\n create_mad_qp+0xa8/0x128\n ib_mad_port_open+0x218/0x448\n ib_mad_init_device+0x70/0x1f8\n add_client_context+0xfc/0x220\n enable_device_and_get+0xd0/0x140\n ib_register_device.part.0+0xf4/0x1c8\n ib_register_device+0x34/0x50\n hns_roce_register_device+0x174/0x3d0 [hns_roce_hw_v2]\n hns_roce_init+0xfc/0x2c0 [hns_roce_hw_v2]\n __hns_roce_hw_v2_init_instance+0x7c/0x1d0 [hns_roce_hw_v2]\n hns_roce_hw_v2_init_instance+0x9c/0x180 [hns_roce_hw_v2]"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/hns: Se corrige el error spin_unlock_irqrestore() llamado con IRQ habilitadas Se corrige el uso incorrecto de spin_lock_irq()/spin_unlock_irq() cuando spin_lock_irqsave()/spin_lock_irqrestore() estaba retenido. Esto se descubri\u00f3 a trav\u00e9s de la depuraci\u00f3n de bloqueo, y el registro correspondiente es el siguiente: raw_local_irq_restore() llamado con IRQs habilitados ADVERTENCIA: CPU: 96 PID: 2074 en kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x30/0x40 ... Rastreo de llamada: warn_bogus_irq_restore+0x30/0x40 _raw_spin_unlock_irqrestore+0x84/0xc8 add_qp_to_list+0x11c/0x148 [hns_roce_hw_v2] hns_r_cocereate_qp_common.constprop.0+0x240/0x780 [hns_roce_hw_v2] hns_roce_create_qp+0x98/0x160 [hns_roce_hw_v2] create_qp+0x138/0x258 ib_create_qp_kernel+0x50/0xe8 create_mad_qp+0xa8/0x128 ib_mad_port_open+0x218/0x448 ib_mad_init_device+0x70/0x1f8 add_client_context+0xfc/0x220 enable_device_and_get+0xd0/0x140 ib_register_device.part.0+0xf4/0x1c8 ib_register_device+0x34/0x50 hns_roce_register_device+0x174/0x3d0 [hns_roce_hw_v2] hns_roce_init+0xfc/0x2c0 [hns_roce_hw_v2] __hns_roce_hw_v2_init_instance+0x7c/0x1d0 [hns_roce_hw_v2] hns_roce_hw_v2_init_instance+0x9c/0x180 [hns_roce_hw_v2]"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-667"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9",
"versionEndExcluding": "5.10.227",
"matchCriteriaId": "8FD49DB2-EC33-4DBD-8D20-8E9ECAF754C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.168",
"matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.113",
"matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.54",
"matchCriteriaId": "D448821D-C085-4CAF-88FA-2DDE7BE21976"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.13",
"matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.11.2",
"matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/07f0f643d7e570dbe8ef6f5c3367a43e3086a335",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/094a1821903f33fb91de4b71087773ee16aeb3a0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2656336a84fcb6802f6e6c233f4661891deea24f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/29c0f546d3fd66238b42cf25bcd5f193bb1cf794",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/425589d4af09c49574bd71ac31f811362a5126c3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/74d315b5af180220d561684d15897730135733a6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a1a3403bb1826c8ec787f0d60c3e7b54f419129e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

134
CVE-2024/CVE-2024-477xx/CVE-2024-47742.json
View File

@ -2,44 +2,158 @@
"id": "CVE-2024-47742",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T13:15:04.297",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-23T21:02:28.867",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware_loader: Block path traversal\n\nMost firmware names are hardcoded strings, or are constructed from fairly\nconstrained format strings where the dynamic parts are just some hex\nnumbers or such.\n\nHowever, there are a couple codepaths in the kernel where firmware file\nnames contain string components that are passed through from a device or\nsemi-privileged userspace; the ones I could find (not counting interfaces\nthat require root privileges) are:\n\n - lpfc_sli4_request_firmware_update() seems to construct the firmware\n filename from \"ModelName\", a string that was previously parsed out of\n some descriptor (\"Vital Product Data\") in lpfc_fill_vpd()\n - nfp_net_fw_find() seems to construct a firmware filename from a model\n name coming from nfp_hwinfo_lookup(pf->hwinfo, \"nffw.partno\"), which I\n think parses some descriptor that was read from the device.\n (But this case likely isn't exploitable because the format string looks\n like \"netronome/nic_%s\", and there shouldn't be any *folders* starting\n with \"netronome/nic_\". The previous case was different because there,\n the \"%s\" is *at the start* of the format string.)\n - module_flash_fw_schedule() is reachable from the\n ETHTOOL_MSG_MODULE_FW_FLASH_ACT netlink command, which is marked as\n GENL_UNS_ADMIN_PERM (meaning CAP_NET_ADMIN inside a user namespace is\n enough to pass the privilege check), and takes a userspace-provided\n firmware name.\n (But I think to reach this case, you need to have CAP_NET_ADMIN over a\n network namespace that a special kind of ethernet device is mapped into,\n so I think this is not a viable attack path in practice.)\n\nFix it by rejecting any firmware names containing \"..\" path components.\n\nFor what it's worth, I went looking and haven't found any USB device\ndrivers that use the firmware loader dangerously."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware_loader: Block path traversal La mayor\u00eda de los nombres de firmware son cadenas codificadas o se construyen a partir de cadenas de formato bastante restringidas donde las partes din\u00e1micas son solo algunos n\u00fameros hexadecimales o algo as\u00ed. Sin embargo, hay un par de rutas de c\u00f3digo en el kernel donde los nombres de archivo de firmware contienen componentes de cadena que se pasan desde un dispositivo o un espacio de usuario semiprivilegiado; los que pude encontrar (sin contar las interfaces que requieren privilegios de root) son: - lpfc_sli4_request_firmware_update() parece construir el nombre de archivo de firmware a partir de \"ModelName\", una cadena que se analiz\u00f3 previamente a partir de alg\u00fan descriptor (\"Vital Product Data\") en lpfc_fill_vpd() - nfp_net_fw_find() parece construir un nombre de archivo de firmware a partir de un nombre de modelo que proviene de nfp_hwinfo_lookup(pf-&gt;hwinfo, \"nffw.partno\"), que creo que analiza alg\u00fan descriptor que se ley\u00f3 desde el dispositivo. (Pero este caso probablemente no sea explotable porque la cadena de formato se parece a \"netronome/nic_%s\", y no deber\u00eda haber ninguna *carpeta* que comience con \"netronome/nic_\". El caso anterior era diferente porque all\u00ed, el \"%s\" est\u00e1 *al comienzo* de la cadena de formato). - module_flash_fw_schedule() es accesible desde el comando netlink ETHTOOL_MSG_MODULE_FW_FLASH_ACT, que est\u00e1 marcado como GENL_UNS_ADMIN_PERM (lo que significa que CAP_NET_ADMIN dentro de un espacio de nombres de usuario es suficiente para pasar la verificaci\u00f3n de privilegios), y toma un nombre de firmware provisto por el espacio de usuario. (Pero creo que para llegar a este caso, necesita tener CAP_NET_ADMIN sobre un espacio de nombres de red en el que se asigna un tipo especial de dispositivo Ethernet, por lo que creo que esta no es una ruta de ataque viable en la pr\u00e1ctica). Arr\u00e9glelo rechazando cualquier nombre de firmware que contenga componentes de ruta \"..\" Por si sirve de algo, he buscado y no he encontrado ning\u00fan controlador de dispositivo USB que utilice el cargador de firmware de forma peligrosa."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.7",
"versionEndExcluding": "5.10.227",
"matchCriteriaId": "3B73A13A-D7BE-4035-BEF2-2821D9D5CB6D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.168",
"matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.113",
"matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.54",
"matchCriteriaId": "D448821D-C085-4CAF-88FA-2DDE7BE21976"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.13",
"matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.11.2",
"matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/28f1cd94d3f1092728fb775a0fe26c5f1ac2ebeb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3d2411f4edcb649eaf232160db459bb4770b5251",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6c4e13fdfcab34811c3143a0a03c05fec4e870ec",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7420c1bf7fc784e587b87329cc6dfa3dca537aa4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a77fc4acfd49fc6076e565445b2bc5fdc3244da4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c30558e6c5c9ad6c86459d9acce1520ceeab9ea6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f0e5311aa8022107d63c54e2f03684ec097d1394",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

57
CVE-2024/CVE-2024-496xx/CVE-2024-49626.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49626",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-20T08:15:04.730",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-23T20:37:57.080",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:piyushmca:shipyaari_shipping_management:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2",
"matchCriteriaId": "4F722347-2C65-4D90-A7D6-A79C8C463E7D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/shipyaari-shipping-managment/wordpress-shipyaari-shipping-management-plugin-1-2-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-496xx/CVE-2024-49630.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49630",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-20T08:15:04.933",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-23T20:44:41.857",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hasthemes:wp_education:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2.9",
"matchCriteriaId": "9758988D-0246-40A7-82BF-32AA70667827"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-education/wordpress-wp-education-for-elementor-plugin-1-2-8-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

93
CVE-2024/CVE-2024-500xx/CVE-2024-50048.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50048",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:17.580",
"lastModified": "2024-10-23T15:12:34.673",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-23T21:46:11.533",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,102 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fbcon: soluciona un problema de desreferencia de puntero NULL en fbcon_putcs syzbot ha encontrado un error de desreferencia de puntero NULL en fbcon. Aqu\u00ed est\u00e1 el reproductor C simplificado: struct param { uint8_t type; struct tiocl_selection ts; }; int main() { struct fb_con2fbmap con2fb; struct param param; int fd = open(\"/dev/fb1\", 0, 0); con2fb.console = 0x19; con2fb.framebuffer = 0; ioctl(fd, FBIOPUT_CON2FBMAP, &amp;con2fb); param.type = 2; param.ts.xs = 0; param.ts.ys = 0; param.ts.xe = 0; param.ts.ye = 0; param.ts.sel_mode = 0; int fd1 = open(\"/dev/tty1\", O_RDWR, 0); ioctl(fd1, TIOCLINUX, &amp;param); con2fb.console = 1; con2fb.framebuffer = 0; ioctl(fd, FBIOPUT_CON2FBMAP, &amp;con2fb); devolver 0; } Despu\u00e9s de llamar a ioctl(fd1, TIOCLINUX, &amp;param), el ioctl(fd, FBIOPUT_CON2FBMAP, &amp;con2fb) subsiguiente hace que el n\u00facleo siga una ruta de ejecuci\u00f3n diferente: set_con2fb_map -&gt; con2fb_init_display -&gt; fbcon_set_disp -&gt; redraw_screen -&gt; hide_cursor -&gt; clear_selection -&gt; highlight -&gt; invert_screen -&gt; do_update_region -&gt; fbcon_putcs -&gt; ops-&gt;putcs Dado que ops-&gt;putcs es un puntero NULL, esto lleva a un p\u00e1nico del n\u00facleo. Para evitar esto, necesitamos llamar a set_blitting_type() dentro de set_con2fb_map() para inicializar correctamente ops-&gt;putcs."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"matchCriteriaId": "180292D6-C3A4-4883-98A3-77F4D56F8081"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.57",
"matchCriteriaId": "05D83DB8-7465-4F88-AFB2-980011992AC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.4",
"matchCriteriaId": "AA84D336-CE9A-4535-B901-1AD77EC17C34"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/5b97eebcce1b4f3f07a71f635d6aa3af96c236e7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8266ae6eafdcd5a3136592445ff4038bbc7ee80e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e5c2dba62996a3a6eeb34bd248b90fc69c5a6a1b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f7fb5dda555344529ce584ff7a28b109528d2f1b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

117
CVE-2024/CVE-2024-500xx/CVE-2024-50049.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50049",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:17.687",
"lastModified": "2024-10-23T15:12:34.673",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-23T21:45:43.657",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,130 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Verificar puntero nulo antes de desreferenciar se [QU\u00c9 Y C\u00d3MO] se verific\u00f3 como nulo previamente en la misma funci\u00f3n, lo que indica que podr\u00eda ser nulo; por lo tanto, se debe verificar cuando se vuelva a utilizar. Esto soluciona 1 problema FORWARD_NULL informado por Coverity."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"matchCriteriaId": "EB525A44-6338-4857-AD90-EA2860D1AD1F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.168",
"matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.113",
"matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.57",
"matchCriteriaId": "05D83DB8-7465-4F88-AFB2-980011992AC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.4",
"matchCriteriaId": "AA84D336-CE9A-4535-B901-1AD77EC17C34"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/65b2d49e55fe13ae56da3a7685bdccadca31134a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/97a79933fb08a002ba9400d1a7a5df707ecdb896",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a9b4fd1946678fa0e069e442f3c5a7d3fa446fac",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c643ef59390e49f1dfab35e8ea65f5db5e527d64",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f4149eec960110ffd5bcb161075dd9f1d7773075",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ff599ef6970ee000fa5bc38d02fa5ff5f3fc7575",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

81
CVE-2024/CVE-2024-500xx/CVE-2024-50055.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50055",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:17.770",
"lastModified": "2024-10-23T15:12:34.673",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-23T21:45:15.137",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,88 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: n\u00facleo del controlador: bus: se corrige la doble liberaci\u00f3n en la API del controlador bus_register() Para bus_register(), cualquier error que ocurra despu\u00e9s de kset_register() provocar\u00e1 que @priv se libere dos veces, lo que se soluciona configurando @priv con NULL despu\u00e9s de la primera liberaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.57",
"matchCriteriaId": "D50B3F37-2EA9-4348-B50C-34DCAAF2076E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.4",
"matchCriteriaId": "AA84D336-CE9A-4535-B901-1AD77EC17C34"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/9ce15f68abedfae7ae0a35e95895aeddfd0f0c6a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bfa54a793ba77ef696755b66f3ac4ed00c7d1248",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d885c464c25018b81a6b58f5d548fc2e3ef87dd1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

81
CVE-2024/CVE-2024-500xx/CVE-2024-50061.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50061",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:18.210",
"lastModified": "2024-10-23T15:12:34.673",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-23T21:48:29.030",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,88 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i3c: master: cdns: Arreglar la vulnerabilidad de use after free en el controlador cdns_i3c_master debido a la condici\u00f3n de ejecuci\u00f3n En la funci\u00f3n cdns_i3c_master_probe, &amp;master-&gt;hj_work est\u00e1 vinculado con cdns_i3c_master_hj. Y cdns_i3c_master_interrupt puede llamar a la funci\u00f3n cnds_i3c_master_demux_ibis para iniciar el trabajo. Si eliminamos el m\u00f3dulo que llamar\u00e1 a cdns_i3c_master_remove para realizar la limpieza, liberar\u00e1 master-&gt;base a trav\u00e9s de i3c_master_unregister mientras se usar\u00e1 el trabajo mencionado anteriormente. La secuencia de operaciones que pueden provocar un error de UAF es la siguiente: CPU0 CPU1 | cdns_i3c_master_hj cdns_i3c_master_remove | Corr\u00edjalo asegur\u00e1ndose de que el trabajo se cancele antes de continuar con la limpieza en cdns_i3c_master_remove."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.57",
"matchCriteriaId": "D50B3F37-2EA9-4348-B50C-34DCAAF2076E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.4",
"matchCriteriaId": "AA84D336-CE9A-4535-B901-1AD77EC17C34"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/609366e7a06d035990df78f1562291c3bf0d4a12",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/687016d6a1efbfacdd2af913e2108de6b75a28d5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ea0256e393e0072e8c80fd941547807f0c28108b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

105
CVE-2024/CVE-2024-500xx/CVE-2024-50062.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50062",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:18.280",
"lastModified": "2024-10-23T15:12:34.673",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-23T21:48:57.737",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,27 +15,116 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/rtrs-srv: Evitar la desreferencia de puntero nulo durante el establecimiento de la ruta Para el establecimiento de la ruta RTRS, el cliente RTRS inicia y completa con_num de conexiones. Despu\u00e9s de establecer todas sus conexiones, la informaci\u00f3n se intercambia entre el cliente y el servidor a trav\u00e9s del mensaje info_req. Durante este intercambio, es esencial que se hayan establecido todas las conexiones y que el estado de la ruta RTRS srv sea CONECTADO. Por lo tanto, agregue estas comprobaciones de cordura para asegurarnos de detectar y abortar el proceso en escenarios de error para evitar la desreferencia de puntero nulo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"matchCriteriaId": "F032D82B-5582-4DF5-B921-BFE0BD301364"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.113",
"matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.57",
"matchCriteriaId": "05D83DB8-7465-4F88-AFB2-980011992AC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.4",
"matchCriteriaId": "AA84D336-CE9A-4535-B901-1AD77EC17C34"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/394b2f4d5e014820455af3eb5859eb328eaafcfd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b5d4076664465487a9a3d226756995b12fb73d71",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b720792d7e8515bc695752e0ed5884e2ea34d12a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ccb8e44ae3e2391235f80ffc6be59bec6b889ead",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d0e62bf7b575fbfe591f6f570e7595dd60a2f5eb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

82
CVE-2024/CVE-2024-500xx/CVE-2024-50064.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50064",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:18.440",
"lastModified": "2024-10-23T15:12:34.673",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-23T21:49:29.423",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,89 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: zram: liberar nombres de algoritmos secundarios Necesitamos ejecutar kfree() en los nombres de algoritmos secundarios cuando reiniciamos un dispositivo zram que ten\u00eda m\u00faltiples transmisiones, de lo contrario, perdemos memoria. [senozhatsky@chromium.org: kfree(NULL) es legal] Enlace: https://lkml.kernel.org/r/20240917013021.868769-1-senozhatsky@chromium.org"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.57",
"matchCriteriaId": "05D83DB8-7465-4F88-AFB2-980011992AC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.4",
"matchCriteriaId": "AA84D336-CE9A-4535-B901-1AD77EC17C34"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/6272936fd242ca1f784c3e21596dfb3859dff276",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/684826f8271ad97580b138b9ffd462005e470b99",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ef35cc0d15b89dd013e1bb829fe97db7b1ab79eb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

4
CVE-2024/CVE-2024-89xx/CVE-2024-8901.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-8901",
"sourceIdentifier": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"published": "2024-10-22T00:15:03.667",
"lastModified": "2024-10-23T15:12:34.673",
"lastModified": "2024-10-23T21:15:14.950",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AWS ALB Route Directive Adapter For Istio repo https://github.com/awslabs/aws-alb-route-directive-adapter-for-istio/tree/master provides an OIDC authentication mechanism that was integrated into the open source Kubeflow project. The adapter uses JWT for authentication, but lacks proper signer and issuer validation. In uncommon deployments of ALB, wherein endpoints are exposed to internet traffic, an actor can provide a JWT signed by an untrusted entity in order to spoof OIDC-federated sessions and successfully bypass authentication."
"value": "The AWS ALB Route Directive Adapter For Istio repo https://github.com/awslabs/aws-alb-route-directive-adapter-for-istio/tree/master provides an OIDC authentication mechanism that was integrated into the open source Kubeflow project. The adapter uses JWT for authentication, but lacks proper signer and issuer validation. In deployments of ALB that ignore security best practices, where ALB targets are directly exposed to internet traffic, an actor can provide a JWT signed by an untrusted entity in order to spoof OIDC-federated sessions and successfully bypass authentication.\n\n\n\nThe repository/package has been deprecated, is end of life, and is no longer supported. As a security best practice, ensure that your ELB targets (e.g. EC2 Instances, Fargate Tasks etc.) do not have public IP addresses. Ensure any forked or derivative code validate that the signer\u00a0attribute in the JWT match the ARN of the Application Load Balancer that the service is configured to use."
},
{
"lang": "es",

16
CVE-2024/CVE-2024-98xx/CVE-2024-9899.json Normal file
View File

@ -0,0 +1,16 @@
{
"id": "CVE-2024-9899",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-23T21:15:15.050",
"lastModified": "2024-10-23T21:15:15.050",
"vulnStatus": "Rejected",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-2143. Reason: This candidate is a reservation duplicate of CVE-2023-2143. Notes: All CVE users should reference CVE-2023-2143 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
],
"metrics": {},
"references": []
}

84
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-10-23T20:00:18.487407+00:00
2024-10-23T22:00:21.329352+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-10-23T19:44:08.623000+00:00
2024-10-23T21:49:29.423000+00:00
```
### Last Data Feed Release
@ -33,65 +33,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
266880
266883
```
### CVEs added in the last Commit
Recently added CVEs: `39`
Recently added CVEs: `3`
- [CVE-2024-20402](CVE-2024/CVE-2024-204xx/CVE-2024-20402.json) (`2024-10-23T18:15:07.930`)
- [CVE-2024-20403](CVE-2024/CVE-2024-204xx/CVE-2024-20403.json) (`2024-10-23T18:15:08.193`)
- [CVE-2024-20407](CVE-2024/CVE-2024-204xx/CVE-2024-20407.json) (`2024-10-23T18:15:08.413`)
- [CVE-2024-20408](CVE-2024/CVE-2024-204xx/CVE-2024-20408.json) (`2024-10-23T18:15:08.697`)
- [CVE-2024-20409](CVE-2024/CVE-2024-204xx/CVE-2024-20409.json) (`2024-10-23T18:15:08.970`)
- [CVE-2024-20410](CVE-2024/CVE-2024-204xx/CVE-2024-20410.json) (`2024-10-23T18:15:09.197`)
- [CVE-2024-20412](CVE-2024/CVE-2024-204xx/CVE-2024-20412.json) (`2024-10-23T18:15:09.430`)
- [CVE-2024-20415](CVE-2024/CVE-2024-204xx/CVE-2024-20415.json) (`2024-10-23T18:15:09.713`)
- [CVE-2024-20424](CVE-2024/CVE-2024-204xx/CVE-2024-20424.json) (`2024-10-23T18:15:09.930`)
- [CVE-2024-20426](CVE-2024/CVE-2024-204xx/CVE-2024-20426.json) (`2024-10-23T18:15:10.147`)
- [CVE-2024-20431](CVE-2024/CVE-2024-204xx/CVE-2024-20431.json) (`2024-10-23T18:15:10.440`)
- [CVE-2024-20471](CVE-2024/CVE-2024-204xx/CVE-2024-20471.json) (`2024-10-23T18:15:10.773`)
- [CVE-2024-20472](CVE-2024/CVE-2024-204xx/CVE-2024-20472.json) (`2024-10-23T18:15:11.007`)
- [CVE-2024-20473](CVE-2024/CVE-2024-204xx/CVE-2024-20473.json) (`2024-10-23T18:15:11.280`)
- [CVE-2024-20474](CVE-2024/CVE-2024-204xx/CVE-2024-20474.json) (`2024-10-23T18:15:11.517`)
- [CVE-2024-20481](CVE-2024/CVE-2024-204xx/CVE-2024-20481.json) (`2024-10-23T18:15:11.737`)
- [CVE-2024-20482](CVE-2024/CVE-2024-204xx/CVE-2024-20482.json) (`2024-10-23T18:15:12.063`)
- [CVE-2024-20485](CVE-2024/CVE-2024-204xx/CVE-2024-20485.json) (`2024-10-23T18:15:12.273`)
- [CVE-2024-20493](CVE-2024/CVE-2024-204xx/CVE-2024-20493.json) (`2024-10-23T18:15:12.533`)
- [CVE-2024-20494](CVE-2024/CVE-2024-204xx/CVE-2024-20494.json) (`2024-10-23T18:15:12.783`)
- [CVE-2024-20495](CVE-2024/CVE-2024-204xx/CVE-2024-20495.json) (`2024-10-23T18:15:13.007`)
- [CVE-2024-20526](CVE-2024/CVE-2024-205xx/CVE-2024-20526.json) (`2024-10-23T18:15:13.303`)
- [CVE-2024-48963](CVE-2024/CVE-2024-489xx/CVE-2024-48963.json) (`2024-10-23T19:15:19.607`)
- [CVE-2024-48964](CVE-2024/CVE-2024-489xx/CVE-2024-48964.json) (`2024-10-23T19:15:19.833`)
- [CVE-2024-9949](CVE-2024/CVE-2024-99xx/CVE-2024-9949.json) (`2024-10-23T18:15:13.763`)
- [CVE-2024-10300](CVE-2024/CVE-2024-103xx/CVE-2024-10300.json) (`2024-10-23T20:15:05.060`)
- [CVE-2024-10301](CVE-2024/CVE-2024-103xx/CVE-2024-10301.json) (`2024-10-23T20:15:05.310`)
- [CVE-2024-9899](CVE-2024/CVE-2024-98xx/CVE-2024-9899.json) (`2024-10-23T21:15:15.050`)
### CVEs modified in the last Commit
Recently modified CVEs: `21`
Recently modified CVEs: `43`
- [CVE-2023-25696](CVE-2023/CVE-2023-256xx/CVE-2023-25696.json) (`2024-10-23T19:35:03.353`)
- [CVE-2023-52160](CVE-2023/CVE-2023-521xx/CVE-2023-52160.json) (`2024-10-23T19:34:09.370`)
- [CVE-2024-25209](CVE-2024/CVE-2024-252xx/CVE-2024-25209.json) (`2024-10-23T18:10:52.630`)
- [CVE-2024-25210](CVE-2024/CVE-2024-252xx/CVE-2024-25210.json) (`2024-10-23T18:16:34.577`)
- [CVE-2024-25211](CVE-2024/CVE-2024-252xx/CVE-2024-25211.json) (`2024-10-23T18:16:31.940`)
- [CVE-2024-25217](CVE-2024/CVE-2024-252xx/CVE-2024-25217.json) (`2024-10-23T18:08:33.577`)
- [CVE-2024-25223](CVE-2024/CVE-2024-252xx/CVE-2024-25223.json) (`2024-10-23T18:06:48.657`)
- [CVE-2024-25224](CVE-2024/CVE-2024-252xx/CVE-2024-25224.json) (`2024-10-23T18:07:49.573`)
- [CVE-2024-25225](CVE-2024/CVE-2024-252xx/CVE-2024-25225.json) (`2024-10-23T18:07:34.100`)
- [CVE-2024-25226](CVE-2024/CVE-2024-252xx/CVE-2024-25226.json) (`2024-10-23T18:05:01.290`)
- [CVE-2024-42005](CVE-2024/CVE-2024-420xx/CVE-2024-42005.json) (`2024-10-23T18:22:48.937`)
- [CVE-2024-42643](CVE-2024/CVE-2024-426xx/CVE-2024-42643.json) (`2024-10-23T18:35:01.897`)
- [CVE-2024-43577](CVE-2024/CVE-2024-435xx/CVE-2024-43577.json) (`2024-10-23T19:15:18.673`)
- [CVE-2024-44331](CVE-2024/CVE-2024-443xx/CVE-2024-44331.json) (`2024-10-23T18:35:02.893`)
- [CVE-2024-45526](CVE-2024/CVE-2024-455xx/CVE-2024-45526.json) (`2024-10-23T19:35:10.713`)
- [CVE-2024-46482](CVE-2024/CVE-2024-464xx/CVE-2024-46482.json) (`2024-10-23T18:35:03.670`)
- [CVE-2024-46483](CVE-2024/CVE-2024-464xx/CVE-2024-46483.json) (`2024-10-23T19:35:11.493`)
- [CVE-2024-47670](CVE-2024/CVE-2024-476xx/CVE-2024-47670.json) (`2024-10-23T19:16:56.403`)
- [CVE-2024-47671](CVE-2024/CVE-2024-476xx/CVE-2024-47671.json) (`2024-10-23T19:36:08.090`)
- [CVE-2024-47672](CVE-2024/CVE-2024-476xx/CVE-2024-47672.json) (`2024-10-23T19:44:08.623`)
- [CVE-2024-48644](CVE-2024/CVE-2024-486xx/CVE-2024-48644.json) (`2024-10-23T19:35:12.593`)
- [CVE-2024-47694](CVE-2024/CVE-2024-476xx/CVE-2024-47694.json) (`2024-10-23T21:34:29.393`)
- [CVE-2024-47695](CVE-2024/CVE-2024-476xx/CVE-2024-47695.json) (`2024-10-23T21:32:46.073`)
- [CVE-2024-47696](CVE-2024/CVE-2024-476xx/CVE-2024-47696.json) (`2024-10-23T21:30:34.897`)
- [CVE-2024-47697](CVE-2024/CVE-2024-476xx/CVE-2024-47697.json) (`2024-10-23T20:51:37.527`)
- [CVE-2024-47698](CVE-2024/CVE-2024-476xx/CVE-2024-47698.json) (`2024-10-23T20:52:11.123`)
- [CVE-2024-47699](CVE-2024/CVE-2024-476xx/CVE-2024-47699.json) (`2024-10-23T20:52:39.363`)
- [CVE-2024-47700](CVE-2024/CVE-2024-477xx/CVE-2024-47700.json) (`2024-10-23T21:27:28.460`)
- [CVE-2024-47701](CVE-2024/CVE-2024-477xx/CVE-2024-47701.json) (`2024-10-23T20:53:13.877`)
- [CVE-2024-47720](CVE-2024/CVE-2024-477xx/CVE-2024-47720.json) (`2024-10-23T20:53:54.150`)
- [CVE-2024-47721](CVE-2024/CVE-2024-477xx/CVE-2024-47721.json) (`2024-10-23T20:57:04.897`)
- [CVE-2024-47724](CVE-2024/CVE-2024-477xx/CVE-2024-47724.json) (`2024-10-23T21:41:13.390`)
- [CVE-2024-47727](CVE-2024/CVE-2024-477xx/CVE-2024-47727.json) (`2024-10-23T20:32:53.743`)
- [CVE-2024-47728](CVE-2024/CVE-2024-477xx/CVE-2024-47728.json) (`2024-10-23T20:36:52.367`)
- [CVE-2024-47729](CVE-2024/CVE-2024-477xx/CVE-2024-47729.json) (`2024-10-23T20:40:24.640`)
- [CVE-2024-47735](CVE-2024/CVE-2024-477xx/CVE-2024-47735.json) (`2024-10-23T21:00:03.940`)
- [CVE-2024-47742](CVE-2024/CVE-2024-477xx/CVE-2024-47742.json) (`2024-10-23T21:02:28.867`)
- [CVE-2024-49626](CVE-2024/CVE-2024-496xx/CVE-2024-49626.json) (`2024-10-23T20:37:57.080`)
- [CVE-2024-49630](CVE-2024/CVE-2024-496xx/CVE-2024-49630.json) (`2024-10-23T20:44:41.857`)
- [CVE-2024-50048](CVE-2024/CVE-2024-500xx/CVE-2024-50048.json) (`2024-10-23T21:46:11.533`)
- [CVE-2024-50049](CVE-2024/CVE-2024-500xx/CVE-2024-50049.json) (`2024-10-23T21:45:43.657`)
- [CVE-2024-50055](CVE-2024/CVE-2024-500xx/CVE-2024-50055.json) (`2024-10-23T21:45:15.137`)
- [CVE-2024-50061](CVE-2024/CVE-2024-500xx/CVE-2024-50061.json) (`2024-10-23T21:48:29.030`)
- [CVE-2024-50062](CVE-2024/CVE-2024-500xx/CVE-2024-50062.json) (`2024-10-23T21:48:57.737`)
- [CVE-2024-50064](CVE-2024/CVE-2024-500xx/CVE-2024-50064.json) (`2024-10-23T21:49:29.423`)
- [CVE-2024-8901](CVE-2024/CVE-2024-89xx/CVE-2024-8901.json) (`2024-10-23T21:15:14.950`)
## Download and Usage

209
_state.csv
View File

@ -158413,7 +158413,7 @@ CVE-2020-35686,0,0,bfb17b8013ec180b19b94c96b0eb292174e9b0493ab131edb5e16575a4d13
CVE-2020-35687,0,0,4b7b6800507b653f66092fcd0a5bb7e46923deba674fabd9c4946ce1c99bd8a5,2021-02-02T17:51:04.163000
CVE-2020-3569,0,0,d3a67ed9b6c436abd357e7b78284593306776b08e9e4e3fa15d893d4bc4bf654,2024-07-25T17:21:08.993000
CVE-2020-35693,0,0,fa53cd93c8e2403f51dcde1c41a20cebb5100fbdd62e3adc0be134876c6c6c8b,2020-12-31T18:31:13.827000
CVE-2020-35698,0,0,a96f86dfb51bc42ee9736bb56d7476bd181b889d0316769520930c5686caacbd,2023-11-07T03:22:01.763000
CVE-2020-35698,0,1,a484622128d24b1e46947f39c46e8d62ab563c0462aff7b71e2c3d5c5314206d,2024-10-23T20:35:00.873000
CVE-2020-35700,0,0,12b68552360bd2e635a748835683f0a8ae6b1f47283ecb674c81851a41f08272,2021-02-09T18:42:41.113000
CVE-2020-35701,0,0,300a1ca8c8a86e365f3860cb04cf8f4fbd734ded5b5051fad75af88b378eff37,2023-11-07T03:22:01.847000
CVE-2020-35702,0,0,612e6c93684a60463f26100520468515f11a223a261d89c2956082d6bc713075,2024-08-04T17:16:03.230000
@ -174646,7 +174646,7 @@ CVE-2021-30554,0,0,18607ecf53e94ac84f37a682b33e083cbaa5c041cd26aa86a4073135d294e
CVE-2021-30555,0,0,7cad134945e84533a493e85066355aa424e6bda14ff3e11d3bce14358514a025,2023-11-07T03:33:07.103000
CVE-2021-30556,0,0,79b84a49f0b4154926444025cfac64c6e0ca169c7a69236309c4185a7b48715e,2023-11-07T03:33:07.307000
CVE-2021-30557,0,0,6f1b65acb798cad18c1ee4f0588d3dcb30b7537e9c1f880540cd9a9c3c3e60da,2023-11-07T03:33:07.383000
CVE-2021-30558,0,0,baa8efe393eb32159356b3353e1c025f08a07d31546650e350967938f284bdb6,2023-01-09T19:22:07.820000
CVE-2021-30558,0,1,82e69bddf38d6c4347884bea2cd4090c7261fe7798d11fa75d0f11addf8cbbef,2024-10-23T20:35:01.990000
CVE-2021-30559,0,0,926979b4e2643192be50ce582463781405662052b1e48ebf18f25fca84961fd7,2021-08-09T16:41:50.523000
CVE-2021-3056,0,0,90b46285bcdb05709adea2e0b792cf39823a1aeca031787fca7598ca5c7c002b,2021-11-15T13:03:34.837000
CVE-2021-30560,0,0,58997fea465bcc300d1e2a5b76e4ea72ca142bef79d25f0f71b70e19157f35d9,2024-03-27T14:45:52.567000
@ -201699,7 +201699,7 @@ CVE-2022-34491,0,0,6187ed181d7b674a78943e3d774b41de94989ca40b50c2995c2fe8e77a783
CVE-2022-34494,0,0,133732b4da186c3b9b06c9705864951ffb0dd7c6955480ef39cf7ac80eb7de48,2022-07-08T03:59:53.243000
CVE-2022-34495,0,0,e45828bc64813c8a245129ecf879ef2df77a442f8b28a7e885cec34aa0fa5a1e,2022-07-08T03:59:38.723000
CVE-2022-34496,0,0,33011f87b7ed6dd7eb55ca02f9728931d2722a16a5531b8a5527c3a9a6029db6,2022-08-05T14:13:42.640000
CVE-2022-3450,0,0,26fa6c11302cb4cf757a81721a4216bde2138111f3f67aa3348b934ae90b52fa,2023-05-03T12:16:25.153000
CVE-2022-3450,0,1,084502784cfaf7c61ae2f1840cead4a8baff20f64c89579820fcf20e72ef85f2,2024-10-23T21:35:02
CVE-2022-34500,0,0,b3c475191bff525c6d111107f344ac8bee202270ef3150142c2c3813d8ab334e,2022-07-29T01:30:04.293000
CVE-2022-34501,0,0,de4640b9d2af5cc5fac8071a4fbbe528c905bb363861b9a596fcfbd89bb17eaf,2022-07-29T01:34:49.420000
CVE-2022-34502,0,0,3619b329a3a91c95b7694f680772bd8f79a200f1e1b87c76e24d0e344687f42f,2023-08-08T14:21:49.707000
@ -205180,14 +205180,14 @@ CVE-2022-38843,0,0,879415903bb32171a56306f9c902299a7d952e411dc660a2a9ae1d199fc5c
CVE-2022-38844,0,0,65cd30bf9e104db710974317d52c9905918f1ce7e1c888b8fef4914eb5d6ba79,2022-09-17T02:30:00.210000
CVE-2022-38845,0,0,32cfe3e3708c8dd9b8e6c7e30237a3b68867695b0f44571b32d1b06f3d8a2248,2023-08-08T14:21:49.707000
CVE-2022-38846,0,0,9539c472d5c3f7b091f11e7ee7a1ee6228166f6ebd8331c38d9ba4216e0d3d6f,2022-09-17T02:26:16.420000
CVE-2022-3885,0,0,a41df90193494d630c685313092c8bb2b543a086f1b52c7c7635e6d03c32b3b1,2022-12-08T21:49:22.823000
CVE-2022-3885,0,1,34535b3c9bfe35151f4e437de93125597905f257a19a55cd49a0d5cbe4cadc53,2024-10-23T20:35:02.540000
CVE-2022-38850,0,0,5a2e1a2a796434b64838d822ef1b9a590735fe829cbaccc9fc06b52b371b784e,2023-01-17T19:44:17.317000
CVE-2022-38851,0,0,f5d71775b2fc45fa72d868606d826795dc5d8bd6704e62a8a870a9b539f2dbfa,2023-01-17T19:44:21.687000
CVE-2022-38853,0,0,57d6a369c79ca97f48dd882ce4a894f3ff0a9997108ba977ed4e490831fe5b4e,2022-09-20T15:04:16.727000
CVE-2022-38855,0,0,995641b802dab59279b8297f839cb80a1b68a90d7440247db5af167d6c76c469,2023-01-17T19:43:31.167000
CVE-2022-38856,0,0,45180a77034f4d80d2d0e6c0780434a5cca5b267360b70898ffb9c4bad8ca49b,2022-09-19T18:55:33.353000
CVE-2022-38858,0,0,5fcee8b3cf3594ef2d7474b6f282fd0ec0c56e64caa8883be357606d37bddd0c,2023-01-17T19:43:37.097000
CVE-2022-3886,0,0,0f3b0da75955aeaeb110b998238d265e1eed3d711d28fe830a72dfb8326ec528,2022-12-08T21:41:14.993000
CVE-2022-3886,0,1,ad8ee369d820adace097f3c68bafe5ca2ef514454d1c04436bf9033b4f3c5335,2024-10-23T20:35:03.397000
CVE-2022-38860,0,0,58602f6a8982dd549fcdeaec7b11c9e3a6df34de6fe5436e251926eff1a7bae3,2023-01-17T19:43:42.817000
CVE-2022-38861,0,0,6ba88ea9f6b48d456c8c772b33dd28d8286c29ef31cbc1b4b0efc00b0b23a9a3,2023-01-17T19:43:47.947000
CVE-2022-38862,0,0,3b1468073c567e6d1e296aaf7d4bdc9ea2e25124f609f676f728191cadf0d0d6,2022-09-19T18:42:24.557000
@ -205197,13 +205197,13 @@ CVE-2022-38865,0,0,ab0969c3bfac878de43cbb9dd41cb34d4c64fac7f20f609a2e144f5b6ccdd
CVE-2022-38866,0,0,9b87ef17eeae5bec51346486365b3c613c792a2968c73fe5da5a3964c6f31366,2023-01-17T19:44:12.550000
CVE-2022-38867,0,0,33ff2a43575f56a9f68450889dd94f383ccc069135c68658fa2b7fa25166f520,2023-02-23T04:59:52.290000
CVE-2022-38868,0,0,2b0c5c6570e27644602e1ce90210efd0ae7253249ee74d886fc3719962829a97,2023-02-23T05:01:23.217000
CVE-2022-3887,0,0,acfa0e07e9192abd8c7c682b270a8ad5ae66d1eba829e176208c632421cff9f2,2022-12-08T21:50:28.317000
CVE-2022-3887,0,1,8f70ddaa5a2891a88769e3e471c386c58862263e4acc47316a4ea33c60a3f98f,2024-10-23T20:35:04.290000
CVE-2022-38870,0,0,e7d86e966916db0d117d1fe21f2c2a85deb376975f6402daf25f17c5f62d5dd3,2022-10-26T17:38:29.500000
CVE-2022-38871,0,0,09a0d5793153bb98d56a524e9e4463457a7301e49ca8ae59fef13e59ed30248e,2022-11-24T04:01:10.147000
CVE-2022-38873,0,0,2f74e95561fb3586e87bf7f37b20d91ffcc7bc76c11d470dde98bed4e525d832,2022-12-29T17:31:17.430000
CVE-2022-38877,0,0,6082aedd808a5e5c34cd389f8973a971b8b0a62d10d3de5c4d085343ef2392ce,2022-09-17T03:48:00.760000
CVE-2022-38878,0,0,d32ad1c5b66d4dfeeeaff33aa0b18024f63186f073c5afca39dafb7e6de89d6c,2022-09-17T03:50:21.790000
CVE-2022-3888,0,0,3796a10cace70f8e2bf0b933ae0a6a70265f5b270d040134656b4790b8b30b03,2022-12-08T21:51:08.250000
CVE-2022-3888,0,1,5745826cc32fa59ab1d82239f0dc3f80cd4209bba01f8cc75854fefa1575379c,2024-10-23T20:35:05.247000
CVE-2022-38880,0,0,c6fde9649b71bbf3a83d181f51a296731be8c9555e3cb46dfe3875e4d72cc827,2022-09-21T14:56:29.610000
CVE-2022-38881,0,0,cce48476e9bb534c4a17dd70a1f5f912401853f55203dcb5e5e09098e5a4162e,2022-09-21T16:29:57.397000
CVE-2022-38882,0,0,d913ac9cd238fc7cd6490b29fb786acea3a56c08090becc88ed007f50c8b5896,2022-09-21T16:30:05.680000
@ -205212,9 +205212,9 @@ CVE-2022-38884,0,0,4c6ce0eb6e83d9914de8d133610678bd2e6e0b80e0d3b8721ae6002f29592
CVE-2022-38885,0,0,f8c420a50c8ce9c811e849e5910f4625bb1759e76416a0a398d8a1f59824bd04,2022-09-21T16:28:46.707000
CVE-2022-38886,0,0,f12df0d7c97353c27ffc98648d5d8316d7710fbda99f37f674ca5d235574c148,2022-09-21T16:28:39.527000
CVE-2022-38887,0,0,aeab16653ade6b646663d76a3620204fe8bee10708debe889e10f1e62540e5f6,2022-09-21T18:02:58.653000
CVE-2022-3889,0,0,3be69129d7fac158682eebbe77b845d7c6a79d1088ed9014accccb2629fb8221,2022-12-08T21:51:46.180000
CVE-2022-3889,0,1,2121a381c470f10f6af63946be03413d6fabc144c954d94396c56a44d0dd349d,2024-10-23T20:35:06.257000
CVE-2022-38890,0,0,0bee5cb29aa49f0acc4d297a401955c8552a79e6a8713efa1289f7f8c0e5c00a,2022-11-21T18:17:15.827000
CVE-2022-3890,0,0,34ed88302ff677fb45adef5f695786c6af5afb76288458336dd52c94c4b23598,2022-12-08T21:43:45.310000
CVE-2022-3890,0,1,299c6d24e291bafa04446f3d2f247767a5dffa55793edcea9905fd5d9c01cca4,2024-10-23T20:35:07.497000
CVE-2022-38900,0,0,fbb28e8d2b567fb0b97f0d3d56b6730961a67885856fcb2e978817d15e07289b,2023-11-07T03:50:17.220000
CVE-2022-38901,0,0,c6f2a385622dca97faa3f59fd6f7715e4cda78a744527d8eb257fb8ef39483f4,2022-10-21T20:19:48.433000
CVE-2022-38902,0,0,d030a6c1a42c992f66b828d877fa341a015e2f0f1c79030c4bc10a09d7eb4a7c,2022-10-17T14:09:14.437000
@ -219351,7 +219351,7 @@ CVE-2023-25692,0,0,fe8ce10778331217120a3d16c6be1c4e7fe49de5460740279374417fff536
CVE-2023-25693,0,0,916c6115d79d2537f418bfc1a65c91efc6f5f6c5cc4c02ee9bbca7b14646920f,2023-11-07T04:09:07.557000
CVE-2023-25694,0,0,691788347499d8910b0fb9d838b2ec03f561930ff4f163b5d5059696a97b673c,2023-11-07T04:09:07.633000
CVE-2023-25695,0,0,37e6663510c8059f3afecc18e486b7c3b47d5b2bc1f3881e774cc51cfa3ee131,2023-11-07T04:09:08.003000
CVE-2023-25696,0,1,59c620a111b2925e4d0db60ab1ca946a03d1f9eb1c487416687720f8535b1615,2024-10-23T19:35:03.353000
CVE-2023-25696,0,0,59c620a111b2925e4d0db60ab1ca946a03d1f9eb1c487416687720f8535b1615,2024-10-23T19:35:03.353000
CVE-2023-25697,0,0,850bdc0b445737adcac3c2df5d7a1c5b49d3e27d7b30fd188b38487c111cf221,2024-07-31T20:08:06.667000
CVE-2023-25698,0,0,09d3f741592a2d751e1f39b5dcc9ec5ccc34a7da0de196ac5378bd69524d6974,2023-05-25T16:27:29.670000
CVE-2023-25699,0,0,2b97d86fa171c399b8b2276a7bb72273a6a4094537f7eac2d1488ba23e51b76b,2024-04-03T17:24:18.150000
@ -238888,7 +238888,7 @@ CVE-2023-52153,0,0,8610f30de3b3ae26b18922885a0ae2aaa344e98001b8664f3e5b159222943
CVE-2023-52154,0,0,584c31e9dcb509dcf4ec6529c6b2b60f796cc6725c9995bdaa5fe8eac3b0afde,2024-08-29T20:35:45.453000
CVE-2023-52155,0,0,66b2036b8aa4b2b0821aeadedccb952fd85f88f5197038ead7aa814bc9f3095a,2024-08-14T17:35:02.300000
CVE-2023-52159,0,0,bec77c293fd7ebf7e62680f3fc4955e6930fe18607be4ec5691592c67d41ceeb,2024-03-25T14:15:09.267000
CVE-2023-52160,0,1,d681b5845c0678b995a2e5dd0fb68ca43d9a2f91fb854a11ec3a8bfd082851d2,2024-10-23T19:34:09.370000
CVE-2023-52160,0,0,d681b5845c0678b995a2e5dd0fb68ca43d9a2f91fb854a11ec3a8bfd082851d2,2024-10-23T19:34:09.370000
CVE-2023-52161,0,0,7435ff27094b5f516c6d4ae117b3b32a667f2734906d5b71227e934eb1b22dd4,2024-08-29T20:35:46.440000
CVE-2023-52162,0,0,1bd9338733b6c2d388fd5a0badb736e81147c7da89aba74926195068a6aea86e,2024-07-03T01:43:27.207000
CVE-2023-52168,0,0,2060585b65f263d6d67dbd4e8280988fb72cd05eaf965a48557428598a2a0937,2024-07-12T16:11:20.130000
@ -242367,7 +242367,7 @@ CVE-2024-10120,0,0,c466bf566e1f967eaf89709a18be2244947274563a08f6d81f9be121740d5
CVE-2024-10121,0,0,027182529cfee940508ffb4070951b9c88b4b8cda22059e126804038d2c848e4,2024-10-21T17:10:22.857000
CVE-2024-10122,0,0,153862f3f9eb72281b1c72dbca34e4eb5ada0e8c96788af32355e9b86fecda30,2024-10-21T17:10:22.857000
CVE-2024-10123,0,0,325a6a57a5064913151c5985ffe615d4882dfebfa3dba79aced7ca6e42d126e2,2024-10-21T17:10:22.857000
CVE-2024-10125,0,0,f4c120fab70482ccb83c9dab18998f050be65f8640635deee9e5476e3051b2ad,2024-10-23T15:12:34.673000
CVE-2024-10125,0,1,57aa34408f8260c656e1d34a999469d8529d9afe80be211b41d76ddc0eb4278d,2024-10-23T21:15:14.510000
CVE-2024-10128,0,0,88b9e310a7215917b3c3eb4a7cebbad5131b0eb240c8e3b152a59db372aef3f9,2024-10-21T17:10:22.857000
CVE-2024-10129,0,0,ec801a1f21eba257d935123cd915f870568d53f742fe5aad47c455a4df207feb,2024-10-21T17:10:22.857000
CVE-2024-1013,0,0,0ecf415fc1e3c9674ce36da20d6e67872f02747822a72b780ad0899083ff5765,2024-03-18T12:38:25.490000
@ -242382,7 +242382,7 @@ CVE-2024-10138,0,0,96b8afb0bc9d868623cd6816cbcb5468c3586235a65dd6af646eb37bb10cc
CVE-2024-10139,0,0,11c32ddb1edfb399f29c4753543b82ea66d92ffc686e3d29b4d68af5ac18b5a1,2024-10-22T14:18:12.087000
CVE-2024-1014,0,0,8e546db835ee0e62e0f6ed5b95e90d5586231fc78746cbbfef7db3d61b3c5f3d,2024-02-02T02:05:39.277000
CVE-2024-10140,0,0,ec9d51c2fc14eea2e4cdb7aa8f8bd180db2ec005ceca8608d4d081404a2e210c,2024-10-22T14:19:08.420000
CVE-2024-10141,0,0,17ce1823f9e1032ce4106436ffa20ca67724ebc3ab8b7874ba66330fada06176,2024-10-21T17:09:45.417000
CVE-2024-10141,0,1,1a2024f75553982bce647b93dbf2bff672eefec5950fa457467c64b98f6e45c7,2024-10-23T20:27:09.370000
CVE-2024-10142,0,0,f8d897c68f0699e753bf4964aa75eec3baa1d06414695c8d5256c262c45a3b84,2024-10-22T18:11:20.450000
CVE-2024-1015,0,0,5516b1d1af5a9d3814b8a6e102d3692fcdb9c463b2e2645787afdcb157946f20,2024-02-02T02:04:13.267000
CVE-2024-10153,0,0,d622b7ea723b18e6ddfc603f2d4acbb1cff3ff02ebe01257835c2e3461165bac,2024-10-22T14:45:04.670000
@ -242452,10 +242452,12 @@ CVE-2024-10291,0,0,4221f9dc258e6d84993fa0f34bdeaf5dfcbfbf20fdb69558d099a0b3635f0
CVE-2024-10292,0,0,8f4c4ab580d9e369d7e7dd331e4604716d13ad341c8b824d3d76d119c02d65de,2024-10-23T16:15:04.943000
CVE-2024-10293,0,0,a923f6e085338d69ea2111da01f3e4f9e0b9ff921e35106d46ce0e7cea63eda3,2024-10-23T16:15:05.207000
CVE-2024-10296,0,0,6780536acb419474ab08f42f0ff74d0f3d24a7a6b50377aafc4dcdaecc7d294f,2024-10-23T17:15:13.690000
CVE-2024-10297,1,1,21e16b153ab50c5e76cb5a479cf3c5f080b3f490cdf8b294a5380f2a80d7bd42,2024-10-23T18:15:05.137000
CVE-2024-10298,1,1,62d5e88eb741969e4d70e673f71e4b81aab32ca793b396e4ddc4938c3dc3242a,2024-10-23T19:15:14.920000
CVE-2024-10299,1,1,6195810db7c440da4266e61e5a52ee7993d76183ab9acfe71c1ede9ba57163f7,2024-10-23T19:15:15.183000
CVE-2024-10297,0,0,21e16b153ab50c5e76cb5a479cf3c5f080b3f490cdf8b294a5380f2a80d7bd42,2024-10-23T18:15:05.137000
CVE-2024-10298,0,0,62d5e88eb741969e4d70e673f71e4b81aab32ca793b396e4ddc4938c3dc3242a,2024-10-23T19:15:14.920000
CVE-2024-10299,0,0,6195810db7c440da4266e61e5a52ee7993d76183ab9acfe71c1ede9ba57163f7,2024-10-23T19:15:15.183000
CVE-2024-1030,0,0,34264c5a1a4e97f6ee4441192a69e3a5aa9d9614a8467bdc88cd76d1a9884fe0,2024-05-17T02:35:11.737000
CVE-2024-10300,1,1,d1168f9c1ffba532571d74378610bb66b2289577686fbcbcb64095e338234da5,2024-10-23T20:15:05.060000
CVE-2024-10301,1,1,29f96455927e9f4a2ae674b61ef5b8d39692dd5959eef8ab3ccd238c47977136,2024-10-23T20:15:05.310000
CVE-2024-1031,0,0,6576162a78ac686f55e5931a6b8f02ff6c7312ac04792581e6d78da8a91700d4,2024-05-17T02:35:11.843000
CVE-2024-1032,0,0,06925fc416f8ceea7fb895efc2e3f765d4f064c5150968a9409448741aa1fb78,2024-05-17T02:35:11.947000
CVE-2024-1033,0,0,6041b3ccd70df4052a8c26438331689f702c93b37a47aeb2d707df9d77ed7f49,2024-05-17T02:35:12.047000
@ -243609,30 +243611,30 @@ CVE-2024-20360,0,0,b9376885f3bd33f8b376cfcd9d1a4c2997937c1a075603d8638d862812d3e
CVE-2024-20361,0,0,8fc8c6bd1287a52550fd38650e66a5006a20e7eae1aa8f8c99b728af1c48ddd5,2024-05-22T18:59:20.240000
CVE-2024-20362,0,0,0fe85dbbc396fc356835f570820efb6142358d26355d59753469b06ab8b1d26f,2024-04-03T17:24:18.150000
CVE-2024-20363,0,0,fd62098992468346229d2c9f8f88c3a0bdc7312cacd90d8bf7a2b7925976c048,2024-07-03T01:46:06.070000
CVE-2024-20364,1,1,53e19904c9e0d94b7a4802511c05ec5eafd79488f2c0b268be0f80cfc187164d,2024-10-23T18:15:05.427000
CVE-2024-20364,0,0,53e19904c9e0d94b7a4802511c05ec5eafd79488f2c0b268be0f80cfc187164d,2024-10-23T18:15:05.427000
CVE-2024-20365,0,0,b941e81c62a5622fb3207cd284578983abbf20cf62d6c3be738ab76890047c8c,2024-10-08T14:28:42.727000
CVE-2024-20366,0,0,ce7e4ab0363f4b2934fc27a08480c4ec05827340dd08325d4de96e54b996f48f,2024-05-15T18:35:11.453000
CVE-2024-20367,0,0,0d59cd325b5448a23ac62ba4d011225bdec20c6d4a20e9044f14a66801d9654b,2024-04-03T17:24:18.150000
CVE-2024-20368,0,0,11ba77e6ca928b43fcf33bd9b64c67655ca382b15bfec85a328bbca787a43cf3,2024-04-03T17:24:18.150000
CVE-2024-20369,0,0,e23910e4adf6ac7fe444b246c85eb12e2e56e7b12054f1339b9256c8ec4ec112,2024-05-15T18:35:11.453000
CVE-2024-20370,1,1,e17f06dab842aafa4eb25216b3afbdf725e8401dde85d330c6bf3cd3dc279393,2024-10-23T18:15:05.637000
CVE-2024-20372,1,1,083a72f953ca2d824008d9e66807a6c80e336d49075ae5aa3dc58f95ce280a9b,2024-10-23T18:15:05.863000
CVE-2024-20374,1,1,91b2ce8a99789e3e6ba9fe42f419cc89f03cf74f27f8086d871ae5080005d729,2024-10-23T18:15:06.100000
CVE-2024-20370,0,0,e17f06dab842aafa4eb25216b3afbdf725e8401dde85d330c6bf3cd3dc279393,2024-10-23T18:15:05.637000
CVE-2024-20372,0,0,083a72f953ca2d824008d9e66807a6c80e336d49075ae5aa3dc58f95ce280a9b,2024-10-23T18:15:05.863000
CVE-2024-20374,0,0,91b2ce8a99789e3e6ba9fe42f419cc89f03cf74f27f8086d871ae5080005d729,2024-10-23T18:15:06.100000
CVE-2024-20375,0,0,a4ae364a987d406a5046b71b718fe2e5ce4da208cd9db67ac24eb19997b1276b,2024-08-21T17:24:59.627000
CVE-2024-20376,0,0,616e740c2ab9d6be811f96c68e43db8bad88fc7cef9833f2acf95234fb3cc478,2024-05-01T19:50:25.633000
CVE-2024-20377,1,1,6e4dc4a45da877257b356117e0e47304b23333c92ece0717a36cc60353e8113c,2024-10-23T18:15:06.327000
CVE-2024-20377,0,0,6e4dc4a45da877257b356117e0e47304b23333c92ece0717a36cc60353e8113c,2024-10-23T18:15:06.327000
CVE-2024-20378,0,0,1d0c211142ee7b64cb979c7d6fe81a8dda4cc3d613763c0904f9ebf5643e5461,2024-05-01T19:50:25.633000
CVE-2024-20379,1,1,94b044f9dc079108b4ce7c03f84a8a93273b2af1b15545c7829d5d3e65871c51,2024-10-23T18:15:06.553000
CVE-2024-20379,0,0,94b044f9dc079108b4ce7c03f84a8a93273b2af1b15545c7829d5d3e65871c51,2024-10-23T18:15:06.553000
CVE-2024-2038,0,0,84783e34583c406994ceb062343516951516f0b07f0d721026ee845e3108d0ec,2024-05-24T01:15:30.977000
CVE-2024-20380,0,0,ed7ad99e229e06574506624c01ede2d6fb857cd8a1e722ec6a335ed1ef4a76e1,2024-04-19T13:10:25.637000
CVE-2024-20381,0,0,5afd1f58e322b631892fd0b679ab12e22dc7593190ff9ffdf30dc24fabdc730b,2024-10-08T21:43:28.757000
CVE-2024-20382,1,1,9c4240ac4ccb3a36d448c31cb4a230e7b1b476e8c2c2ecfd509f2219352ce477,2024-10-23T18:15:06.780000
CVE-2024-20382,0,0,9c4240ac4ccb3a36d448c31cb4a230e7b1b476e8c2c2ecfd509f2219352ce477,2024-10-23T18:15:06.780000
CVE-2024-20383,0,0,3adbaddaf4554eb7166804e65fe9fdbf83fea813b82dd738821e310951cf1618,2024-05-15T19:15:07.900000
CVE-2024-20384,1,1,58f09ed3191e76c521d3535894d5ace5a044a3f198e6037195fa6d2ce5a3bd93,2024-10-23T18:15:07.030000
CVE-2024-20384,0,0,58f09ed3191e76c521d3535894d5ace5a044a3f198e6037195fa6d2ce5a3bd93,2024-10-23T18:15:07.030000
CVE-2024-20385,0,0,acb41bb9b0e8de27149b5546043f469887d2173135754c6ef5f9970c450eec9d,2024-10-08T14:22:34.120000
CVE-2024-20386,1,1,0c0984c652b5711f67cf28af8db71b168906c2b795c12c350d90f9b2c6a625e5,2024-10-23T18:15:07.257000
CVE-2024-20387,1,1,27143a3b9fc5ddde4b47171d9ada6f0bfeea9d36e048a90421af3e635a6b4d9d,2024-10-23T18:15:07.480000
CVE-2024-20388,1,1,6b70fa570c6267413ccb4b09ab0209e11e75f4e65458cd5591c4c499b6d4f2eb,2024-10-23T18:15:07.697000
CVE-2024-20386,0,0,0c0984c652b5711f67cf28af8db71b168906c2b795c12c350d90f9b2c6a625e5,2024-10-23T18:15:07.257000
CVE-2024-20387,0,0,27143a3b9fc5ddde4b47171d9ada6f0bfeea9d36e048a90421af3e635a6b4d9d,2024-10-23T18:15:07.480000
CVE-2024-20388,0,0,6b70fa570c6267413ccb4b09ab0209e11e75f4e65458cd5591c4c499b6d4f2eb,2024-10-23T18:15:07.697000
CVE-2024-20389,0,0,9d9dfa82add773af2318fea3c227cdb315f4c8df4ee8e66f868a7095c866fa43,2024-05-16T15:44:44.683000
CVE-2024-2039,0,0,0fb3eb6d9df1cb8dd04206e4fde20555dc794b24595aa985157932f2a933450d,2024-04-10T13:23:38.787000
CVE-2024-20390,0,0,7596f8a252957b7a86b18b13b44a3f994e7e9bd3a3934d5a22e0cf6b5c4165f3,2024-10-07T17:51:37.197000
@ -243647,33 +243649,33 @@ CVE-2024-20399,0,0,164174c543ab6ae29aa0171daa283df0ddb65a3fecfd5ef8bf748eebe57b6
CVE-2024-2040,0,0,84818b4f00c676396e69702449b7daec96ba4021835b05a5adb074a919ab8480,2024-07-08T14:18:10.367000
CVE-2024-20400,0,0,e22f5359b4eae3d1123c96473d077f1ed8cfcffe9256c923e22249fabd71dd12,2024-07-18T12:28:43.707000
CVE-2024-20401,0,0,4e570494182ec3fb0c9186b46f7948499e59b61e9f8ec1f0ca5200f010002753,2024-07-18T12:28:43.707000
CVE-2024-20402,1,1,60133d71f30bcf4e3ad530c1d8460057e794aeeda4fa4bf24216494d038441b3,2024-10-23T18:15:07.930000
CVE-2024-20403,1,1,05685ccbfd2eba3eb3b33053a1870911f5bb7d9c6bd131c8a011f640f20030ed,2024-10-23T18:15:08.193000
CVE-2024-20402,0,0,60133d71f30bcf4e3ad530c1d8460057e794aeeda4fa4bf24216494d038441b3,2024-10-23T18:15:07.930000
CVE-2024-20403,0,0,05685ccbfd2eba3eb3b33053a1870911f5bb7d9c6bd131c8a011f640f20030ed,2024-10-23T18:15:08.193000
CVE-2024-20404,0,0,9ff8f593f71d4a0ff7aecb6b668971610942799ed16450e68ad59cf7f0b9f5af,2024-06-13T20:25:46.837000
CVE-2024-20405,0,0,2fa5b4e65c2f399507a2e57227d51876c94b3517d024d761ea8ec8bc4f4a8a91,2024-06-18T18:04:04.497000
CVE-2024-20406,0,0,7d60bf0d9d6961c2b6b66dc82a40eb5c60b9f8634630e4f8bc14ebf8ca20093e,2024-10-07T17:56:43.103000
CVE-2024-20407,1,1,a2953b74cedac4344a7884b9bd2c46dc5877f9a6b032e65275134515de973dad,2024-10-23T18:15:08.413000
CVE-2024-20408,1,1,0354a7c0be1805929a7d16876d6724d613b7c00f95222a5d5c93d7dff338127a,2024-10-23T18:15:08.697000
CVE-2024-20409,1,1,4f85793aa90ebd008f9180a2ea8bd0ecd294622d43d399c42ca210e9bab6f432,2024-10-23T18:15:08.970000
CVE-2024-20407,0,0,a2953b74cedac4344a7884b9bd2c46dc5877f9a6b032e65275134515de973dad,2024-10-23T18:15:08.413000
CVE-2024-20408,0,0,0354a7c0be1805929a7d16876d6724d613b7c00f95222a5d5c93d7dff338127a,2024-10-23T18:15:08.697000
CVE-2024-20409,0,0,4f85793aa90ebd008f9180a2ea8bd0ecd294622d43d399c42ca210e9bab6f432,2024-10-23T18:15:08.970000
CVE-2024-2041,0,0,7b4fc911113d944c485bed2a7f958b069e0536bf197811dc0e3dcb8018df3bd7,2024-05-06T14:15:07.747000
CVE-2024-20410,1,1,ab2a7f36feb02c2a8cb37c790377914d7e8c4c68030f03ac6ffa64ad1c15c5ac,2024-10-23T18:15:09.197000
CVE-2024-20410,0,0,ab2a7f36feb02c2a8cb37c790377914d7e8c4c68030f03ac6ffa64ad1c15c5ac,2024-10-23T18:15:09.197000
CVE-2024-20411,0,0,4f003e5090f28bf95bd35a4fbdae5180d9a8ba20c425549807eec3131f67ce95,2024-08-29T13:25:27.537000
CVE-2024-20412,1,1,0c3ce6f8afa2291828e9a587cb220d8ad5b79ecf993dcfb7bb6ccfe8c8f136b6,2024-10-23T18:15:09.430000
CVE-2024-20412,0,0,0c3ce6f8afa2291828e9a587cb220d8ad5b79ecf993dcfb7bb6ccfe8c8f136b6,2024-10-23T18:15:09.430000
CVE-2024-20413,0,0,eef91fa550f9bdcbf9b050eb11a257fdd75cd91f9c74286f67575b2cf9d8093e,2024-08-29T13:25:27.537000
CVE-2024-20414,0,0,18adcabc3ea83c021e3e42e80805abb0da254bdf76c23740c5471d9c9fa12ab4,2024-10-02T20:02:22.740000
CVE-2024-20415,1,1,b94f136f4175c9ce84789a2c17769eeb98b1b8f85f003c58e52d9c56b2dcfe58,2024-10-23T18:15:09.713000
CVE-2024-20415,0,0,b94f136f4175c9ce84789a2c17769eeb98b1b8f85f003c58e52d9c56b2dcfe58,2024-10-23T18:15:09.713000
CVE-2024-20416,0,0,36fba5d0b9a663051d43c2072f34c721bf06b423d2ffa103fc7cf93ef9750d67,2024-07-18T12:28:43.707000
CVE-2024-20417,0,0,2b2621922f4e9896d58ad85f7dd970402245ce4da0539fb0012d7404735b7f45,2024-08-22T12:48:02.790000
CVE-2024-20419,0,0,0795f6e87845f9b46dc3400495c49fb48a047d8ed4e9d1842a04ff7724f0ad68,2024-08-13T17:15:22.787000
CVE-2024-2042,0,0,148bfce3b5f48e2144e9167826ed5f6f120e539bf15296a435b2ce580e8b1f74,2024-03-17T22:38:29.433000
CVE-2024-20420,0,0,1b6307b08ac5336375cc3664c71d09f27461a9a614efe41992a97e5a892448ec,2024-10-22T15:12:47.983000
CVE-2024-20421,0,0,b8d90bf4638dbe0c37023b3ff1bd11c5ac7ded44281786691979af6c9dbb0983,2024-10-22T17:51:08.113000
CVE-2024-20424,1,1,3cb1ac75a498d4dbd7bfac5cf8fa5dbdec073bae9c2cdfa4d469becb7492a462,2024-10-23T18:15:09.930000
CVE-2024-20426,1,1,593f7fc6877e97c3095b4f074b5375f35e9b1312c49cf610dee00295e7e22832,2024-10-23T18:15:10.147000
CVE-2024-20424,0,0,3cb1ac75a498d4dbd7bfac5cf8fa5dbdec073bae9c2cdfa4d469becb7492a462,2024-10-23T18:15:09.930000
CVE-2024-20426,0,0,593f7fc6877e97c3095b4f074b5375f35e9b1312c49cf610dee00295e7e22832,2024-10-23T18:15:10.147000
CVE-2024-20429,0,0,f467ae3dedce5a1f38518317999bbc8fc79bc2960eb95679505ee1fcb992ae20,2024-07-18T12:28:43.707000
CVE-2024-2043,0,0,7a3896d230f6f1ae602a08f92e2eaaa644b5893021849dee8a675eb9b7c81e88,2024-05-02T18:00:37.360000
CVE-2024-20430,0,0,10fa05ef1e262e03d3ec6f9856a4fd60e476d60000f282e33b3976f1a0227974,2024-09-18T18:56:05.510000
CVE-2024-20431,1,1,d98ed39aa58ca2a199f6cf94d07363107f0f718f064440b900ffbd7bad0a347d,2024-10-23T18:15:10.440000
CVE-2024-20431,0,0,d98ed39aa58ca2a199f6cf94d07363107f0f718f064440b900ffbd7bad0a347d,2024-10-23T18:15:10.440000
CVE-2024-20432,0,0,7fd746c387447b9ece17aaab52e949ef84dfd8dfcd9de8216b6df6b205f1574f,2024-10-08T14:10:35.317000
CVE-2024-20433,0,0,5e566651815d3cb842d80bb54328b0e8280ee578655d8a254f288aa4418bce20,2024-10-03T13:34:37.547000
CVE-2024-20434,0,0,904368830c218856dc09e88c749c79a929855ae5c25f03306a83a7691e310e6c,2024-10-08T16:20:30.933000
@ -243710,20 +243712,20 @@ CVE-2024-20467,0,0,c1af58980ccad99499fcb95639264b5a0614f69936f5a7ffc5edb35f8fbf6
CVE-2024-20469,0,0,394110c2afcd5812c9d147805c76bc56d743563b5c07576e0d27ad32427aafe0,2024-09-20T16:58:14.327000
CVE-2024-2047,0,0,65f16d2420b90c918e9e57877aac5f0440eb772d779ccbd58288e6312f3c8025,2024-04-01T01:12:59.077000
CVE-2024-20470,0,0,f40c5f3d443e730674f42085e42ea8d2de51e3f4830b15dca54c9f67812afae9,2024-10-09T16:55:23.887000
CVE-2024-20471,1,1,6af2de359d64426abda8c5ecf7a2f6fac81d32aba2d81a87c414b825931d6b2d,2024-10-23T18:15:10.773000
CVE-2024-20472,1,1,bdc5c52fb0474740ab8303919c88230f31e097520bd6557ce8365054e69fa6ee,2024-10-23T18:15:11.007000
CVE-2024-20473,1,1,fa29d6dbacdc64f0c1ac8b38950b4beedbf4361353838b488e1d931dd2618066,2024-10-23T18:15:11.280000
CVE-2024-20474,1,1,1526abcb15aa524acfb7a6c2824a2d55dd1ee57351070ff6a84bd540013cfcb8,2024-10-23T18:15:11.517000
CVE-2024-20471,0,0,6af2de359d64426abda8c5ecf7a2f6fac81d32aba2d81a87c414b825931d6b2d,2024-10-23T18:15:10.773000
CVE-2024-20472,0,0,bdc5c52fb0474740ab8303919c88230f31e097520bd6557ce8365054e69fa6ee,2024-10-23T18:15:11.007000
CVE-2024-20473,0,0,fa29d6dbacdc64f0c1ac8b38950b4beedbf4361353838b488e1d931dd2618066,2024-10-23T18:15:11.280000
CVE-2024-20474,0,0,1526abcb15aa524acfb7a6c2824a2d55dd1ee57351070ff6a84bd540013cfcb8,2024-10-23T18:15:11.517000
CVE-2024-20475,0,0,3f291467cc737decf2fac9adb4dea13bddd59923e910f2a0d4abb07dc30557b9,2024-10-03T17:49:17.797000
CVE-2024-20477,0,0,546baafd3f9cb181a62a5bf8f2d6a935693c1d9566bac043856053043d6e851c,2024-10-08T16:00:30.167000
CVE-2024-20478,0,0,7159d6f0353997233b844f180b9acaa4a22410a663dfe8445f14235dd4611029,2024-08-29T13:25:27.537000
CVE-2024-20479,0,0,ced5b461eb6ab05478119ddf8b399bbc19a6ff248adc19d6fde8eab586c6db76,2024-08-23T15:14:45.913000
CVE-2024-2048,0,0,3fe9d949673d5eedf190595df45c4c7d30c6a66a4722ea0631f740f815dd3cc0,2024-06-10T17:16:25.067000
CVE-2024-20480,0,0,1929c3dc705e1e48392e67050891180fdb659aa9ab6d1d255c10d5b0e58c773c,2024-10-03T20:07:33.900000
CVE-2024-20481,1,1,b62955fb190ed786dd124dfc5a9bb8b8ac45c1667eb04c2d4b7906348f68d84d,2024-10-23T18:15:11.737000
CVE-2024-20482,1,1,4e9e2d047418217629e6536e3facec9d517fc08e2d0091ccd73aa8ec445bca2a,2024-10-23T18:15:12.063000
CVE-2024-20481,0,0,b62955fb190ed786dd124dfc5a9bb8b8ac45c1667eb04c2d4b7906348f68d84d,2024-10-23T18:15:11.737000
CVE-2024-20482,0,0,4e9e2d047418217629e6536e3facec9d517fc08e2d0091ccd73aa8ec445bca2a,2024-10-23T18:15:12.063000
CVE-2024-20483,0,0,7bbf4d5b1e3697b5bad7f81531333e630361007007985921b04d8f51e2bedc77,2024-10-03T01:44:17.827000
CVE-2024-20485,1,1,e20fbea5c2873101d5a1ba041773570d1e3a6ca1eeb59eb55f296172b87929d1,2024-10-23T18:15:12.273000
CVE-2024-20485,0,0,e20fbea5c2873101d5a1ba041773570d1e3a6ca1eeb59eb55f296172b87929d1,2024-10-23T18:15:12.273000
CVE-2024-20486,0,0,1ec7a6c2a991b67e11827b3b316fed30b5b5340988b303f9088e0f10e2e894f9,2024-08-22T12:48:02.790000
CVE-2024-20488,0,0,b3c319abc05ee7d52fc498f08ba4c2d91fe7b6f1527a7957b5c4a113170ee559,2024-09-06T17:18:11.813000
CVE-2024-20489,0,0,d68cce5506ad42f67e500e952ef8846db91b43a7e51bd083fc776681145c15d8,2024-10-03T01:40:11.637000
@ -243731,9 +243733,9 @@ CVE-2024-2049,0,0,398a9eaf0287296877598afba029844504bbde28a3270479d8cbbb594cc11b
CVE-2024-20490,0,0,35fe5d8ca4a68248677c43c34084b321931d0d2945ab4df4da8782f5e23eb605,2024-10-08T15:15:39.160000
CVE-2024-20491,0,0,a6a1b451f6dda658d800035b80719f5bd0d6502321ff1f094bbee2194c64d03b,2024-10-08T15:55:08.933000
CVE-2024-20492,0,0,2a16b24462714ef70d9e342f3dfc09a86ef4cf713f3ed6d37bd4c4f35d4f0135,2024-10-08T16:07:26.280000
CVE-2024-20493,1,1,7db4eaa7af6126ed4826b14736fa5386fd532ae0b5c91a9a1a6bf155a57fed06,2024-10-23T18:15:12.533000
CVE-2024-20494,1,1,f8a26e99e1efb1f6312688084f8eef4516e1e10bf0eede404bf0c418cba250a5,2024-10-23T18:15:12.783000
CVE-2024-20495,1,1,036002374c3b88a9a021999f059971039cf026e5a414bbc25a243eee2c026631,2024-10-23T18:15:13.007000
CVE-2024-20493,0,0,7db4eaa7af6126ed4826b14736fa5386fd532ae0b5c91a9a1a6bf155a57fed06,2024-10-23T18:15:12.533000
CVE-2024-20494,0,0,f8a26e99e1efb1f6312688084f8eef4516e1e10bf0eede404bf0c418cba250a5,2024-10-23T18:15:12.783000
CVE-2024-20495,0,0,036002374c3b88a9a021999f059971039cf026e5a414bbc25a243eee2c026631,2024-10-23T18:15:13.007000
CVE-2024-20496,0,0,127f60097f974f24aadc62900a388547cdf18c3a62d9e6416696d085e67625df,2024-09-26T13:32:02.803000
CVE-2024-20497,0,0,422eb4ecec5d7dd92ef5d49505af3bc2f0e220b53f5fa76471b6dd3d460b94cb,2024-09-05T12:53:21.110000
CVE-2024-20498,0,0,f163bbceccccd5135efcc240b318bf6f09c1a57795ce60620399b214d4e300ea,2024-10-08T18:32:54.457000
@ -243762,7 +243764,7 @@ CVE-2024-20521,0,0,1256f22cccdc014ca7c6dcaf50cda0cfa20b26ee2ae968d316f808a9bafa0
CVE-2024-20522,0,0,4751fc0b46eb3f3442a4302d9aa0da06e525e7320f0f9f33ce2b1091dde97b23,2024-10-08T13:48:19.060000
CVE-2024-20523,0,0,c7bf45998c89086dd758eb4d3eeb25d63406d90c0a145566280d2888a4fab120,2024-10-08T13:48:29.500000
CVE-2024-20524,0,0,1ddae342fccf4faf6880cbe25cc035c1903428edec9e63909e1d89933e06b31e,2024-10-08T13:48:58.273000
CVE-2024-20526,1,1,015e035bdcefa7dd41ccce19d529f68aa0ca4c90da5d8202abaf33b8011a6499,2024-10-23T18:15:13.303000
CVE-2024-20526,0,0,015e035bdcefa7dd41ccce19d529f68aa0ca4c90da5d8202abaf33b8011a6499,2024-10-23T18:15:13.303000
CVE-2024-2053,0,0,0d41c4e474c0960eb5e2399ded25845c51347c47ec843b53809f61d1e3d8fe3e,2024-08-06T15:35:13.397000
CVE-2024-2054,0,0,5af7272a2140be959232b9c889b5facdacd3c4cf8342e14293010d7ec8d01b60,2024-08-05T20:35:09.723000
CVE-2024-2055,0,0,07b933beaff1c6c6636c1d85ffcd111ff83285195075526678d7cb747831ae01,2024-08-26T16:35:08.047000
@ -247158,26 +247160,26 @@ CVE-2024-25201,0,0,4fdcb35250323e572813a693d6853c3ef4ab83f766da9aed4664bbcb27b57
CVE-2024-25202,0,0,9adfc980042282b2282c5de366e0faab584a67a356cb2bc8d9fefc993344243a,2024-08-01T13:47:35.900000
CVE-2024-25207,0,0,ec83a3d2fdfbcc8587a8c698a4db83963fe7b272fef5e645520fca4923aa1dac,2024-02-15T06:26:56.397000
CVE-2024-25208,0,0,f36b1a6d7aae28307bb7793a95052fac69e54ce6608a781b44e351b5e3bee7f4,2024-08-01T13:47:36.680000
CVE-2024-25209,0,1,b1f6e3cb76f55767067781f1fa474868eaee82b51b5724ac518a7dae1856da97,2024-10-23T18:10:52.630000
CVE-2024-25209,0,0,b1f6e3cb76f55767067781f1fa474868eaee82b51b5724ac518a7dae1856da97,2024-10-23T18:10:52.630000
CVE-2024-2521,0,0,0838497f1916a708252295ddb1e5512e6c3ac757ef93b04ae3f403784c7490e3,2024-05-17T02:38:16.787000
CVE-2024-25210,0,1,e2236a1ca9a28c613c58f91408c4689148114b702761c3d9e2b9b93ca58582e6,2024-10-23T18:16:34.577000
CVE-2024-25211,0,1,9b81b7a573fcda1b42e078eda6a072273266dba8db71d1e7cb852fa7a214936a,2024-10-23T18:16:31.940000
CVE-2024-25210,0,0,e2236a1ca9a28c613c58f91408c4689148114b702761c3d9e2b9b93ca58582e6,2024-10-23T18:16:34.577000
CVE-2024-25211,0,0,9b81b7a573fcda1b42e078eda6a072273266dba8db71d1e7cb852fa7a214936a,2024-10-23T18:16:31.940000
CVE-2024-25212,0,0,2f511dbe53dda725f1026e6fb3684ad3dcdbb4e3a9bf4b3999eacf1d7a2579a0,2024-08-28T20:35:07.213000
CVE-2024-25213,0,0,c54ec18894af4a5d6ced7000bcaa8c487846e8fcbfc5321ba8aad242a58f22d8,2024-02-15T06:27:20.520000
CVE-2024-25214,0,0,1ba8af84b5d311dbb39674bae13cefbf6d7fcb4d9ffa5558f51b66ae2fef5be2,2024-08-16T20:35:06.060000
CVE-2024-25215,0,0,3b37a94df90b65e7417dee74161c3b1b221d93df92a185b49be1c5811fcd762a,2024-02-15T06:27:41.287000
CVE-2024-25216,0,0,11c4d54de29132b318d8fac4cf2638f23334598861bfc6052b13658ed431e101,2024-02-15T06:27:52.447000
CVE-2024-25217,0,1,b12c0a70895784380388972b1e6d209bac8636e8e59753bf100055ee92d5fc1b,2024-10-23T18:08:33.577000
CVE-2024-25217,0,0,b12c0a70895784380388972b1e6d209bac8636e8e59753bf100055ee92d5fc1b,2024-10-23T18:08:33.577000
CVE-2024-25218,0,0,24ef98e1bccb157a2451c5f9b220886a7fb0241b266eff1652e4e6ac16c1f097,2024-02-16T19:45:37.420000
CVE-2024-25219,0,0,2b14c2a937dde787f169ebecefb0773ff2a33faa5372ec5d4d94840140008c7f,2024-08-01T13:47:37.463000
CVE-2024-2522,0,0,b1904c746f2168a450105eeee7c6ec024878645f7c80803e5354174d41069fb1,2024-05-17T02:38:16.867000
CVE-2024-25220,0,0,daa59dcd9ece57f6686d3daab3ad1c6bf87173bccf0e7b0d45f22f663c276cc6,2024-02-16T19:34:51.807000
CVE-2024-25221,0,0,836a2ef30482eb3c912fcb2ea8423f311ca51ef1df402038f46280db854b0fca,2024-02-16T19:33:17.330000
CVE-2024-25222,0,0,b478769e227f88ae785ae926f36de4c67ad090de60d1c993e61fb1a7c9115dcf,2024-08-16T19:35:05.500000
CVE-2024-25223,0,1,5d6cacf2b13647324dfa76310a55aaf8e1884b61852ade33cb69a8edc8d7c837,2024-10-23T18:06:48.657000
CVE-2024-25224,0,1,b2669ebf3135683eb85c1805f64ddfb5a30c91a61ee983f1c2767c163a7cb404,2024-10-23T18:07:49.573000
CVE-2024-25225,0,1,f66ea50e2f5c6fabf8cab20ca33e7d24f86fcb5d5bda0fe98505e1caf9a4ba36,2024-10-23T18:07:34.100000
CVE-2024-25226,0,1,97f7b16f186ea0179a22a0c87da3f54d3414f8a1469856acbaf9c5340044a008,2024-10-23T18:05:01.290000
CVE-2024-25223,0,0,5d6cacf2b13647324dfa76310a55aaf8e1884b61852ade33cb69a8edc8d7c837,2024-10-23T18:06:48.657000
CVE-2024-25224,0,0,b2669ebf3135683eb85c1805f64ddfb5a30c91a61ee983f1c2767c163a7cb404,2024-10-23T18:07:49.573000
CVE-2024-25225,0,0,f66ea50e2f5c6fabf8cab20ca33e7d24f86fcb5d5bda0fe98505e1caf9a4ba36,2024-10-23T18:07:34.100000
CVE-2024-25226,0,0,97f7b16f186ea0179a22a0c87da3f54d3414f8a1469856acbaf9c5340044a008,2024-10-23T18:05:01.290000
CVE-2024-25227,0,0,ea5530dbbdd5c3d6d19d0f04e703afa5a7f7647312c2414a8b6eea3327fe905b,2024-03-15T12:53:06.423000
CVE-2024-25228,0,0,3af3abe7eded0e11771171c4cdbd8c63732731a741dfc258ccf129037aa6c61d,2024-08-26T21:35:07.760000
CVE-2024-2523,0,0,e99f827828881b6023c3d0b03cc5186561dec89c809d2a0b1bf23b937570e859,2024-05-17T02:38:16.957000
@ -254539,7 +254541,7 @@ CVE-2024-35311,0,0,94751a7e140c2a3ff83ee374530e5919b0823edf97b2e344646a9709229c5
CVE-2024-35312,0,0,81ee7e5cffa0828718ff42985b5f71e3223019ea36fce71fb3a2d6856e31b3e3,2024-05-20T13:00:34.807000
CVE-2024-35313,0,0,1eb4867830818e97987762ca58d043d2f7f53fc926bce8bfb2e66b630c99ca4a,2024-05-20T13:00:34.807000
CVE-2024-35314,0,0,dd6af0f66de20db386ca5e2b413231717b44ab4a64aa857fe87b8a5b714ae4c5,2024-10-23T15:12:34.673000
CVE-2024-35315,0,0,289cfa0e1db3df642660f595c400326d64d272ac3fb0d9faaa1a93e0a8059cef,2024-10-23T15:12:34.673000
CVE-2024-35315,0,1,31fa8a7e665c8db5f766edb029a5be575d5f1bd96401af0ef626172849a06796,2024-10-23T21:35:04.820000
CVE-2024-3532,0,0,861b69b5ea2c2097afdbe40dd2c40123c9da7c07e730e8c939be6340175b992f,2024-05-17T02:39:59.520000
CVE-2024-35324,0,0,97e62876b974bdb37d65a00c14d6ae80121537e286249b5814c033b73ffdbb1b,2024-08-20T16:35:11.473000
CVE-2024-35325,0,0,073df6c9b920e39e00ae6bf411b4ce7fcbfdedf8b124ea4a78741a586d12ac92,2024-08-28T16:15:08.417000
@ -258799,7 +258801,7 @@ CVE-2024-41709,0,0,6713bfc73e81c65bc7923627db30413fcbe413ec587fff89449c3abd86e7e
CVE-2024-4171,0,0,87597e8caa4479ab69c883527c35fc22af72d614757313d16953f50dcfa107c2,2024-06-04T19:20:31.980000
CVE-2024-41710,0,0,60d485e1ae4ab9a6a76b69400c8e45c5632e291398c40e0cff7baeda3bb118be,2024-08-14T18:35:06.257000
CVE-2024-41711,0,0,a7d50100784e2b53720ec9203abd546adbf9c7f45f11894e83b991465b2f1919,2024-08-14T16:35:15.033000
CVE-2024-41712,0,0,8c4bb48b748182bd628e14f15afed97c64418398e71d45ef945a735ca0cfa2e3,2024-10-23T15:12:34.673000
CVE-2024-41712,0,1,ae69b57f644845e0a20b27d8f63f59a669c9643ecbbf60be8b31e88c433576af,2024-10-23T21:35:05.607000
CVE-2024-41713,0,0,8f0d6ce2b16af2d5fa9efbd57c386308e27393dc3408acba0a4aabd0d256c1a6,2024-10-23T15:12:34.673000
CVE-2024-41714,0,0,5c1b3ca0f3768b3facc3c2a64b0fa3bb9a4fa7a97e0d9eefaa64355f631be3eb,2024-10-23T15:12:34.673000
CVE-2024-41715,0,0,35d1e19982d6029b0a8b7671c2382ff20d85aa479fa52b1ecc90bc4ca8088cf0,2024-10-17T17:15:11.530000
@ -259000,7 +259002,7 @@ CVE-2024-41997,0,0,84a3f0ea395077fa02b4a334ab8509ff391bef43bdcea38ddd875b5794f83
CVE-2024-41999,0,0,a370380ae5e595c1d409f5d8d8f92b14e0e23ae9708051ce0a7058f9d91625a3,2024-09-30T17:35:09.340000
CVE-2024-4200,0,0,4cd240b08c44457e11ab7d0e46f05e7d4edddbc268bf54e61982ff7b6b50f3a4,2024-05-15T18:35:11.453000
CVE-2024-42001,0,0,fcbbb9fe256b159250061e78a0e74ebb6632e1ed1a0fdada8381ebf9439eb017,2024-08-20T16:37:05.447000
CVE-2024-42005,0,1,6e7acd676fdd0820d0ef383abbd9c31b747692d4d747e9756762f959c9b515e9,2024-10-23T18:22:48.937000
CVE-2024-42005,0,0,6e7acd676fdd0820d0ef383abbd9c31b747692d4d747e9756762f959c9b515e9,2024-10-23T18:22:48.937000
CVE-2024-42006,0,0,cac16dcebbdfd7db60164c8c9c083b31913f86e474f6e93c1530c3119039cdca,2024-08-21T13:26:54.577000
CVE-2024-42007,0,0,e1546757cdc0e5c84d17bb4943631a838464f4ec8f81323b11df4d863b67b3f8,2024-08-01T13:59:16.630000
CVE-2024-42008,0,0,239b4738ade78ee5cb428e4f0bc1011e17071df970bcf82670ecd9f70d12e2c4,2024-09-06T21:48:31.597000
@ -259514,7 +259516,7 @@ CVE-2024-42639,0,0,1a5c2259211b7b8d7a3c9ad7a85700d339edaffc744195b682680689ea5c3
CVE-2024-4264,0,0,aceade487dcdf82d5a23a178a070b3c07d4cce69337175854977fa24341a320c,2024-05-20T13:00:34.807000
CVE-2024-42640,0,0,aa9fdc0f8db2e7e48ae8090075d403a2f9c88e4c7abd16509bc27a944cdc3dcd,2024-10-15T17:35:04.623000
CVE-2024-42642,0,0,368dc5dc34a16a5f055bfb8f43121adeaf05034c9b1b73657cc5e8228e1781ec,2024-09-10T13:46:25.733000
CVE-2024-42643,0,1,bc822a6b73ba664d99782bb83e8cc157e110a7a6a996980d55e1c973153f8531,2024-10-23T18:35:01.897000
CVE-2024-42643,0,0,bc822a6b73ba664d99782bb83e8cc157e110a7a6a996980d55e1c973153f8531,2024-10-23T18:35:01.897000
CVE-2024-4265,0,0,674cb78ce8c95e07c05495b52772b5d4a079c608362a6e67c2dfb567e6b8517a,2024-05-02T18:00:37.360000
CVE-2024-42657,0,0,7a9e5456dd66d94be3a75e811d67a1de5788317e788930f1ba2e8b5887d23144,2024-08-20T16:13:12.413000
CVE-2024-42658,0,0,54060235edd9bcf5ce68f6b48efde0940a62552fb8b9f2dcc8d06d163b4ded88,2024-08-20T16:12:50.290000
@ -260079,7 +260081,7 @@ CVE-2024-43573,0,0,7cb2a96662a466abf265ca3d01d38469acb4c1db062ef75727d0e2c8e1756
CVE-2024-43574,0,0,27cb32f4bd91a68a1d79359c4fa56d2ab297703b1b8d3a2c872a415c852b6007,2024-10-17T18:58:37.100000
CVE-2024-43575,0,0,24f2c5a591586cc897a2d8a6a2db6f48b0fde505b74f11c59d7d9cf153abc125,2024-10-16T21:53:59.407000
CVE-2024-43576,0,0,fe1fcad43644aa438f5b12fd73a64989a355f1461202f1bc35d3359c0344ca8c,2024-10-16T21:54:24.047000
CVE-2024-43577,0,1,9ad14dcefbd030fa0688c88dbbfc5058326bcc0356d042cfd158d58c49892f41,2024-10-23T19:15:18.673000
CVE-2024-43577,0,0,9ad14dcefbd030fa0688c88dbbfc5058326bcc0356d042cfd158d58c49892f41,2024-10-23T19:15:18.673000
CVE-2024-43578,0,0,6e078fa937e90c65f5f983f7a227c4832334de65ca7467e3741fe920a590572e,2024-10-18T16:59:29.557000
CVE-2024-43579,0,0,75408e79b417f23da70191f7a80539f890575fc25e973282afc3f46a6611c497,2024-10-18T16:54:06.810000
CVE-2024-4358,0,0,947921f329844fe043b805245fd7e3c28f7c0f168bb436200605d302b39b1665,2024-06-14T17:59:33.993000
@ -260537,7 +260539,7 @@ CVE-2024-4430,0,0,137066e4356a4d04e3ad731fb42c3579f278eca0ad3e41ea882926334c7109
CVE-2024-4431,0,0,8d95de6ec075320f55907047db89835dd68db45859f7bae49d6625b2a3240b6b,2024-05-24T01:15:30.977000
CVE-2024-4432,0,0,492ff6791a7b1a2e081b9c5249b748792a54b9554ba3a2422039c4bfa6a7bf50,2024-05-20T13:00:34.807000
CVE-2024-4433,0,0,29650c676957862ed8f96380f29298acd09e1ae0c4c0eae7a19f73eb896474af,2024-05-02T18:00:37.360000
CVE-2024-44331,0,1,73262ef7340ef820af39aead30aed03cb4a68bd84c03029c20d228a5fd73829a,2024-10-23T18:35:02.893000
CVE-2024-44331,0,0,73262ef7340ef820af39aead30aed03cb4a68bd84c03029c20d228a5fd73829a,2024-10-23T18:35:02.893000
CVE-2024-44333,0,0,d4fac21295587aa2979fd79e1578e51567e5183cd9197e256154e36309cd2381,2024-09-09T21:35:11.347000
CVE-2024-44334,0,0,27220524666d063359048a7f3de8a9bf531c5b74b035bcd3d68284cc277b9a46,2024-09-09T20:35:12.473000
CVE-2024-44335,0,0,bea255eb7004ca14c44e24d39ca0678896b2d706dfe75c727ca75c52a4a40bff,2024-09-09T20:35:17.330000
@ -261181,7 +261183,7 @@ CVE-2024-45519,0,0,ba02770fed1525b5b4f0df98b6cf30b24de2e09da9e676dc121caef23db29
CVE-2024-4552,0,0,a910e848f992d4848b5a9057809234cfe8833a167abb01396097dc34db4ca3d3,2024-06-04T16:57:41.053000
CVE-2024-45522,0,0,cfbe5f5b4866198ecf4773ddc4ec07a576ac517554c3c987f558bc88648f0e9a,2024-09-05T14:29:32.737000
CVE-2024-45523,0,0,e7d93fa702fd02b5bced215282921c641c45ca521a1d9282d8eeca5a4c9e6cac,2024-09-20T14:35:11.523000
CVE-2024-45526,0,1,f14e1fcc5198e28bcb9f7b3a43daa36e99814812ca109c1c007380ac29ec0aa1,2024-10-23T19:35:10.713000
CVE-2024-45526,0,0,f14e1fcc5198e28bcb9f7b3a43daa36e99814812ca109c1c007380ac29ec0aa1,2024-10-23T19:35:10.713000
CVE-2024-45527,0,0,0ed4b7876171a991bf7220f1ee96f2007c9fed522b397370892e632e0f15c024,2024-09-03T15:35:13.673000
CVE-2024-45528,0,0,b726a60695697377572ea54be1902b1c537e8da89a7623e441b7aa9130d0fc17,2024-09-03T15:35:14.480000
CVE-2024-4553,0,0,a1e8f5bd1acd4a97b93bbbe85c146f94099965137fad1ebd49acd106c4b8e00a,2024-05-21T12:37:59.687000
@ -261517,8 +261519,8 @@ CVE-2024-46471,0,0,470c933b4642dc2897ace8d3fcae6cce28009d5c4dc28b3858aee18cd52a0
CVE-2024-46472,0,0,905efea5ffd69a3fd22b9ebc43e76cd3335e2f2038a60c220dd9d439817a4610,2024-09-30T12:45:57.823000
CVE-2024-46475,0,0,6dd32d21b34d5ed62fc4d47e4e31b7806525d2f693fc3da0c33e5fca3fe88762,2024-10-04T13:51:25.567000
CVE-2024-4648,0,0,911dfdcd448576dec5371ac5fe5f3ab9d434d7a73d2296063b028e9785e0deda,2024-06-04T19:20:44.580000
CVE-2024-46482,0,1,0bd11529577a79bda1c61c449bff3d306490c152de71c2fae5d4eea05925babd,2024-10-23T18:35:03.670000
CVE-2024-46483,0,1,efd1621b21138809f35625ddb77fc021e753097710878e96af20d908574d610c,2024-10-23T19:35:11.493000
CVE-2024-46482,0,0,0bd11529577a79bda1c61c449bff3d306490c152de71c2fae5d4eea05925babd,2024-10-23T18:35:03.670000
CVE-2024-46483,0,0,efd1621b21138809f35625ddb77fc021e753097710878e96af20d908574d610c,2024-10-23T19:35:11.493000
CVE-2024-46485,0,0,904850996ff0ccd2e4983d6545a4277eb41afbf1d891eac2f17d8f906616c485,2024-09-26T13:32:02.803000
CVE-2024-46486,0,0,6fe755bff404a9260861863774df3deb9fd23fe20cfc4f9cee682ab32adf5d48,2024-10-07T19:37:29.423000
CVE-2024-46488,0,0,41c2092a15aede67b224d6f9481dd8740d600089d5047373dfa98024a8d780a7,2024-10-02T16:21:36.507000
@ -262268,10 +262270,10 @@ CVE-2024-47667,0,0,0d67103013a699588d2c658822c71f03525e987820a1f237d10bb2d28261a
CVE-2024-47668,0,0,cf94068f0e7f8e5e7d64a7e8a1d91fb4c9f70ff81ce5d918148c4e18a53dc56f,2024-10-23T15:30:00.057000
CVE-2024-47669,0,0,cc07106cf0c3934e18c2295dc4d9599646844641786bb44db10c2dc10f6e6435,2024-10-21T13:28:34.330000
CVE-2024-4767,0,0,ac8fd08be8bf5dfebff2c5bd3958a6b91cd60ea11215d2f819ca56e82a8bdf8b,2024-07-03T02:08:05.290000
CVE-2024-47670,0,1,4f6f24b9d042d05ec6e48a849d4c3d1cf2732e084a5df0c8e882387f060847a0,2024-10-23T19:16:56.403000
CVE-2024-47671,0,1,c766f4d06d7fa92c1ab21a038deb8b785ad54c89553a98d3a1e0620d6f119cde,2024-10-23T19:36:08.090000
CVE-2024-47672,0,1,b0413c6242def5ae2c81fa9ccaa43041d25435df473c2d18634172bf0cf9639d,2024-10-23T19:44:08.623000
CVE-2024-47673,0,0,2317135deeb5a2ba1be6a2e702cd3dee3239bc7e08807d40785f15a0d93329d9,2024-10-17T14:15:13.853000
CVE-2024-47670,0,0,4f6f24b9d042d05ec6e48a849d4c3d1cf2732e084a5df0c8e882387f060847a0,2024-10-23T19:16:56.403000
CVE-2024-47671,0,0,c766f4d06d7fa92c1ab21a038deb8b785ad54c89553a98d3a1e0620d6f119cde,2024-10-23T19:36:08.090000
CVE-2024-47672,0,0,b0413c6242def5ae2c81fa9ccaa43041d25435df473c2d18634172bf0cf9639d,2024-10-23T19:44:08.623000
CVE-2024-47673,0,1,191c5dd6c1e2e4c466371004e05d7c18d06a27aea3da7d37d6ddd6f44f42a46f,2024-10-23T20:19:03.650000
CVE-2024-47674,0,0,9273dcf5991b9b8c8433130a4938740f9721051fe1fcb6d45b5c4bc4625153d6,2024-10-21T18:15:05.993000
CVE-2024-47675,0,0,624f315494e47c95b1269b56800071e724c94a3629173e26cf42531c4b63e4de,2024-10-23T13:39:38.647000
CVE-2024-47676,0,0,d31d6f56ccab7b160561fa0b3c682aa5c75e9dbbe155592bcb66f3a4628abbed,2024-10-22T16:12:39.830000
@ -262290,19 +262292,19 @@ CVE-2024-47687,0,0,8395d2f1197b10b881cfc99c8cbe4e99a9a7142c9f350fac2e5252f27d320
CVE-2024-47688,0,0,e342f1a85a423eeb25e5887c6a7e3ca064156a5f85774a6b7da8769bd9bb7428,2024-10-23T15:36:21.977000
CVE-2024-47689,0,0,3f75c6785b241c3eacb9ccaf62f165a533348a414404d2e40f2e1dab85da5dde,2024-10-23T15:53:06.410000
CVE-2024-4769,0,0,27e569a8d015b1733830e438c3e7532f74e5dc1a595d9d72a9cda524aaf6545e,2024-07-03T02:08:05.617000
CVE-2024-47690,0,0,448d7fd9a4748a1d25367ec5280b83293a5830a569687c37d4d84e0edb81fe89,2024-10-21T17:09:45.417000
CVE-2024-47691,0,0,3fdc4f49a381b730d9addaf6deb128b8a633a5acbe8c6f6cd5c757255fd2b7cd,2024-10-21T17:09:45.417000
CVE-2024-47692,0,0,4809df75deeaaae1a9fd666ca9306de48b94ddabb018268fa2dd4ac3c22b0aa9,2024-10-21T17:09:45.417000
CVE-2024-47693,0,0,bece60483438719441451ef5ba1d690153757c7da99172061ac17f2fd7feb1ae,2024-10-21T17:09:45.417000
CVE-2024-47694,0,0,638278aad8111eb88ee881c87f8d44bcbc6d9563df95d3601378d58387800f5c,2024-10-21T17:09:45.417000
CVE-2024-47695,0,0,c914fe7c9050898e6bf1bd39cfb1d9b02d81613d3b8a46e83a95986bfb55ceaa,2024-10-21T17:09:45.417000
CVE-2024-47696,0,0,c5add6c9eb11a27b3ec8b40c878f02d4c4f426b811a1741023750e7a1c711854,2024-10-21T17:09:45.417000
CVE-2024-47697,0,0,fedac310d965db0eb7ce43730316b8311770148b3c5445a8214433cccc61b2f9,2024-10-21T17:09:45.417000
CVE-2024-47698,0,0,430be1979bbe48396cfe608e2022f2735b39713b5a6a45574d717f8b1d1c9d8a,2024-10-21T17:09:45.417000
CVE-2024-47699,0,0,b7946d49555425cdc184f3b84c4b1f6b5f889162b966b32bff713c85ff41669e,2024-10-21T17:09:45.417000
CVE-2024-47690,0,1,5ccdf5d611fc8d76cad83d91898c49e53798014d76cb8534012791726e111568,2024-10-23T21:25:11.673000
CVE-2024-47691,0,1,26848283ba64dfd600584e36935786c17efdafe64df6cdf1dbd1e217ee0f6e5f,2024-10-23T20:42:31.223000
CVE-2024-47692,0,1,d429159584cfed78b871fcc7bce6ecf41437139cacd98cb6341158c3bf50184e,2024-10-23T21:19:07.493000
CVE-2024-47693,0,1,44c3bcc907e347d510b78d4bb93a86313ad6c85fb9b63908afb2c31b61caa1cd,2024-10-23T21:18:31.113000
CVE-2024-47694,0,1,66c6cc0ef6f64c2f7f748397df5eb4627d209817170d81ad6cd4d93f58978125,2024-10-23T21:34:29.393000
CVE-2024-47695,0,1,e093ed32fd98dfa2cd89ba2372bfd8abd60e310af9411d9fa942f8ca6e60114a,2024-10-23T21:32:46.073000
CVE-2024-47696,0,1,95ed51c89b16cc08f7fc8ae8ce5749b980a9c65ff40d4bc1cc1a5d886896b495,2024-10-23T21:30:34.897000
CVE-2024-47697,0,1,295a2c43b2b44902a5e5181074bc8c9772b3746b5d68ba9d3e753c43a6165fb5,2024-10-23T20:51:37.527000
CVE-2024-47698,0,1,ed4e24a50346af2af753b1c14f4fcb1380949065366fa511759fe7c276256792,2024-10-23T20:52:11.123000
CVE-2024-47699,0,1,a649321c3c62946c27d09d6c13d5161ed777809ecd0e53e52f303ff6b209ebc2,2024-10-23T20:52:39.363000
CVE-2024-4770,0,0,9501f8bb52643b4bcadd7b11da17e463cda395ec382733177c6b60e7ef1c0b7b,2024-08-01T13:59:34.293000
CVE-2024-47700,0,0,40198de1f613d5467e296173f74ed3e37b2c93c376750f70f83020f05524933f,2024-10-21T17:09:45.417000
CVE-2024-47701,0,0,319944ddbc3afb0231c37c7b3bddb711046a4ec0a946243baaf1167d1e3446b7,2024-10-21T17:09:45.417000
CVE-2024-47700,0,1,2017f4ecdf3ac9fb945c295c530239c6c5325bbead194b7829d425a5314d8537,2024-10-23T21:27:28.460000
CVE-2024-47701,0,1,e7fd8ef13cfb1aa2224c6841a816ccccc9f12292bc7638f5e524d658b41c3f0f,2024-10-23T20:53:13.877000
CVE-2024-47702,0,0,1b176727fedcedd5b8973a84195d93175933b0894c79e5c2740e9b70a36ddcf8,2024-10-21T17:09:45.417000
CVE-2024-47703,0,0,9eac4d36302ce06105e5020ceb3945728f57951f5fa6d1cfaab9ed8458b88de8,2024-10-21T17:09:45.417000
CVE-2024-47704,0,0,777223417a57faae9e69f5df24021dc8757bfc71dd81953f121c9d5e8c567675,2024-10-21T17:09:45.417000
@ -262323,23 +262325,23 @@ CVE-2024-47717,0,0,1f16a2dea7123b560b45f1d5577cea2499c14593f46e8b947c80eaec41cca
CVE-2024-47718,0,0,b58fc361c85af159283e0d7c725f5be71f82b030723471120f8cf3a71cb6ecd8,2024-10-21T17:09:45.417000
CVE-2024-47719,0,0,898fea7ef9b2c420d78f61822149f872729ff53db69e2ba127d283cb3de507b3,2024-10-21T17:09:45.417000
CVE-2024-4772,0,0,49f0c7fc95339e6e98a7cbd8d8849904a773b2a05345b7622006e8647831f13b,2024-05-14T19:17:55.627000
CVE-2024-47720,0,0,fe2944aa6bb0bb0501763994144150c79b2f3ca0116c7a217bd698765f69b248,2024-10-21T17:09:45.417000
CVE-2024-47721,0,0,04edd5df09b5c82f2a2feeea71eab7461d88f3c2fa180c2013bad25f1ea8da48,2024-10-21T17:09:45.417000
CVE-2024-47720,0,1,5042c4947e2165e57f3040e4c9baad4564addab44bedf4897d2ef5a5f6157f9a,2024-10-23T20:53:54.150000
CVE-2024-47721,0,1,b4c62ba19409dfd2e8a64e410001d91528bd89da7482b214ac6cc576b4cc2348,2024-10-23T20:57:04.897000
CVE-2024-47722,0,0,68c8d2f090df61a9f49a1f01f75a7ac8cda9d407591cfa0dc0a92c1e0656c53f,2024-10-21T13:15:02.360000
CVE-2024-47723,0,0,e78b215d0cbedf337fc4d670e1844dbbd29b556e5053e7d66b95322a621daa0b,2024-10-21T17:09:45.417000
CVE-2024-47724,0,0,9c1d4dd363597ace78d1c7ebbef0e1f2e96a212b96b6a09618a577838f46fe1f,2024-10-21T17:09:45.417000
CVE-2024-47724,0,1,b0b6218a8d1556c24347cd250db3aa8881cbc479b3592b0207e222b0cd9706a4,2024-10-23T21:41:13.390000
CVE-2024-47725,0,0,8d79cfc5f420589203ee56c1d45c4e18a5d4c2e87a501b10347996e89a7f75b1,2024-10-23T06:15:05.200000
CVE-2024-47726,0,0,c446e3e2dffbcccbc0186f0322a85b4a05a0668ee60808d5804eca57a29d9a39,2024-10-21T17:09:45.417000
CVE-2024-47727,0,0,b4841d049fe7977d7ae76ed99e0c8291d4ff9401863cf2613bdea9ae7e9a1347,2024-10-21T17:09:45.417000
CVE-2024-47728,0,0,20d7130b4cb2af3704697b2735b8691238f821693df5a91fa37a4e7099218c8a,2024-10-21T17:09:45.417000
CVE-2024-47729,0,0,7d1f6f34e39d97ae406ce74219e7048254356610a727b3668c7c3f2cd0d70ad2,2024-10-21T17:09:45.417000
CVE-2024-47727,0,1,fc32a56adcbbff4e2799b546fb9615ee8b3a5b9f2ec8d528896d932f20815110,2024-10-23T20:32:53.743000
CVE-2024-47728,0,1,078cddb648129de67d827b2e4c30d6b1648a6580771fed27f0882586adfa8cdb,2024-10-23T20:36:52.367000
CVE-2024-47729,0,1,5d214513e4d9a710b6705bcad68845bc2180f0d8127eb64a1f49d79bf4532b79,2024-10-23T20:40:24.640000
CVE-2024-4773,0,0,451efafbcecc3ef1a9913dd6e3fbbf39d79f9aa10bbe1841409a244ef36a044e,2024-08-01T13:59:35.080000
CVE-2024-47730,0,0,c0a5c91cff9686d35e7d5bba835997d9b023fdf179e028f8bc2ed84a7532d3a2,2024-10-23T17:03:23.140000
CVE-2024-47731,0,0,638886df73f40aa07e5281bd61c3b7b99724fd1016f0d993a184b6b88ee52510,2024-10-23T17:06:14.323000
CVE-2024-47732,0,0,9bc62d67d7f143b6014d17a7ed2de2f0043ff2b794c0d08b7eea0116f4ed29c9,2024-10-23T16:31:03.873000
CVE-2024-47733,0,0,1c9459511d59622fe23ef7946b3f574a7492e174f9c27d9f4ffcf7cfc5787cac,2024-10-23T17:11:29.537000
CVE-2024-47734,0,0,e239ae2a9be9c00fbcd9a4d42a9a7fa3b7a748dc8899bc352b365478d6153c50,2024-10-23T17:16:13.457000
CVE-2024-47735,0,0,918ed1ed6ba7267950dd2758ef51888a5f5662ceef4cc5d4887e675b3769fc56,2024-10-21T17:09:45.417000
CVE-2024-47735,0,1,c551cf8358c8467d11221428b3f961e6fff06257f6ae995e31cb84bb286f09ae,2024-10-23T21:00:03.940000
CVE-2024-47736,0,0,80e1bfd6b5ee20de3403a27bfa1c47b54d41ea5fc193ba9fd9ef66cf274c64f3,2024-10-21T17:09:45.417000
CVE-2024-47737,0,0,7ecc6ae6c1b7ceace54d63a73c9f7205b0dc762c4dd0ff8f399efa15e9e49515,2024-10-23T17:00:01.357000
CVE-2024-47738,0,0,df8a42001823c1e7a29c78a2dc7b7b033a870108f55c2c690b931c943d1f277c,2024-10-21T17:09:45.417000
@ -262347,7 +262349,7 @@ CVE-2024-47739,0,0,e6e0a492029d3fb19a9a4e9cd0586875e46e9d018e544231fa7b5cba2e661
CVE-2024-4774,0,0,a30e3c0a9681e5745664b5a7d21e43f4931cba5ae0f7ac5d13f7a53db899f70a,2024-05-14T19:17:55.627000
CVE-2024-47740,0,0,768c60cc2aa6353990ba6be4a715ba73240d08f7aa920e59da8dba820cceb126,2024-10-21T17:09:45.417000
CVE-2024-47741,0,0,16de1929b973495fab2b76c1e0c3aec13d1144f771036e4c19ce75034196e012,2024-10-21T17:09:45.417000
CVE-2024-47742,0,0,d4bdf050ad676b843a45f07aa46808bebd66cb4930bdf4a3846418b0470ff5e9,2024-10-21T17:09:45.417000
CVE-2024-47742,0,1,e1b1ca47464837025f1998c6005541dbeb0d9501c42e7d0650369e4a3fd43041,2024-10-23T21:02:28.867000
CVE-2024-47743,0,0,6b4acbe7a7043ae54c1f28957f686ffc42acda1a8ed60d34df4a0d291938201c,2024-10-22T15:45:15.463000
CVE-2024-47744,0,0,99166239884b034553d12d8945cc60c036dfa495284cc2c4bfa4dd05b603e080,2024-10-22T15:44:40.393000
CVE-2024-47745,0,0,c7b92baa4d45cc2fb4fb2eb6cde3f0f6e977a7a8941cf2bba229f794ae1dde12,2024-10-23T17:25:19.657000
@ -262604,7 +262606,7 @@ CVE-2024-48635,0,0,70acc62db2773972323caa582098c14d2ba0630ccd28542fd3671e2f06f9a
CVE-2024-48636,0,0,a1b3046a0d6b06507f3010f4369f5a0d6853a8c7798cca6c53bc4bbbc77e9757,2024-10-18T12:52:33.507000
CVE-2024-48637,0,0,d42c2fa4f588b75285bfd9e74cf828ce6be24d319097efc6470bbe43fee07e4e,2024-10-18T12:52:33.507000
CVE-2024-48638,0,0,93a9606c88551eca2a43d58a9a18871f8de782bd448d66dc6474dd57c860ad86,2024-10-18T12:52:33.507000
CVE-2024-48644,0,1,767bea0974441fd2cc19792b3d98e4d360220265a6636145290e8043d3dbc5a5,2024-10-23T19:35:12.593000
CVE-2024-48644,0,0,767bea0974441fd2cc19792b3d98e4d360220265a6636145290e8043d3dbc5a5,2024-10-23T19:35:12.593000
CVE-2024-48645,0,0,68a6d6f0e4b4f7bc96fb65a4350b69a13ff6b55f133c0422ecbf10590166619b,2024-10-23T15:12:34.673000
CVE-2024-4865,0,0,df8706c5d26e485ec9b623150b314bb58c6338346ba72ce79d78a6dbca58bc77,2024-05-20T13:00:34.807000
CVE-2024-48652,0,0,49154ba7497ef192453221e4060c2b6cb066a0169e9fec9edb64b7bf9a759b2f,2024-10-23T16:35:10.103000
@ -262709,8 +262711,8 @@ CVE-2024-4895,0,0,f6b1e62d3b5bd64aea52e6768b6c469e049c941759a77bf99aa3b85ad7e20c
CVE-2024-48957,0,0,73c8e1634cf56d3192b3375f11aa72eac69f0bcf8a4cb1f3b137dcc189616d8f,2024-10-11T21:36:47.930000
CVE-2024-48958,0,0,92a426e369946b14ff79b98b6fb42dd0c692d3b7d45d68198a4072bdaadf4922,2024-10-11T21:36:48.687000
CVE-2024-4896,0,0,20cc2dc19f323150528d4fb3a23b846b2e602fa65e075afe5dc2b86cb95d9c94,2024-05-22T12:46:53.887000
CVE-2024-48963,1,1,a80eb473adddad3c7e25a46f2cb5ec9ff71f6a8e537f2b9fe0c636994cb676ca,2024-10-23T19:15:19.607000
CVE-2024-48964,1,1,43e47a7beb9bb42e759d82f399879b4d270263761d98bba5d56af008ca3b4ad0,2024-10-23T19:15:19.833000
CVE-2024-48963,0,0,a80eb473adddad3c7e25a46f2cb5ec9ff71f6a8e537f2b9fe0c636994cb676ca,2024-10-23T19:15:19.607000
CVE-2024-48964,0,0,43e47a7beb9bb42e759d82f399879b4d270263761d98bba5d56af008ca3b4ad0,2024-10-23T19:15:19.833000
CVE-2024-4897,0,0,b80483aa02f533d1f5c4695afa1f7ec5dae4ecfa8b472cf561efa5d05f8ff11d,2024-07-02T17:44:45.700000
CVE-2024-4898,0,0,a64ada88476e7dbd5dca1f8ed9406bed15a3acb87fadbe7d9a4f3102502b7a67,2024-07-23T17:50:44.033000
CVE-2024-48987,0,0,bb1285db59c3075341f96aec62f9b4ce4709041d90082c7f3534792a4d32fb84,2024-10-15T12:58:51.050000
@ -262938,12 +262940,12 @@ CVE-2024-49622,0,0,f0d5dfa8c1ebf53d61bf597989f9b1e80a9b4ef9f6fb536f6dfaf31578dfe
CVE-2024-49623,0,0,92ff26855c35b1121f5df0b6550942b0b302d581178f4d79b65884f9961098bf,2024-10-21T17:09:45.417000
CVE-2024-49624,0,0,94bbce3e9ae8d90bc2dd4db17a45b73dbd3b3950e84c88aa4d648b5929508d4d,2024-10-21T17:09:45.417000
CVE-2024-49625,0,0,5b73196ab0d05a93dafb194b451d298f78f2ee157d4632f83bd5b31758525297,2024-10-21T17:09:45.417000
CVE-2024-49626,0,0,30b476bad37b23d5536d26c14f0dafff57d002dc743ec7c754db73e32a2b6557,2024-10-21T17:09:45.417000
CVE-2024-49626,0,1,edb127e9ec4bef5bc6c17b0d4b29695a6ff09e6e1d533c0c67079f9736d4e2d7,2024-10-23T20:37:57.080000
CVE-2024-49627,0,0,bcaa0babc7595e20da0ee6aff989d75da8873fe4c4069d8f25a5d1f39da5ea2c,2024-10-22T18:33:16.137000
CVE-2024-49628,0,0,f5e060d92886ef93409b047c07ce6c478a5c53c1f95e20f768b3d9e752147d52,2024-10-22T18:31:22.643000
CVE-2024-49629,0,0,60f0852b23beb1819b5458d406150de82aa310255dbbddedffa202b89c290697,2024-10-22T18:57:42.743000
CVE-2024-4963,0,0,ef1fba35c0790604656a5e5622c9c7f4af0f1d1414e5784cd7a21207910d8397,2024-08-01T21:15:54.113000
CVE-2024-49630,0,0,fc02361dbe836b234c4f2baea1ce95c4f8783a553a50fe9d797af011750ca971,2024-10-21T17:09:45.417000
CVE-2024-49630,0,1,34d75746c00996da3a49f93eed6bc8a4f3be9da6c45cb9f15692d41526269ce7,2024-10-23T20:44:41.857000
CVE-2024-49631,0,0,90e84d249ffc88bac8ba7984e2725c172d8e09dd6e795888b9ed719f758a8be8,2024-10-21T17:09:45.417000
CVE-2024-4964,0,0,786ceb95d48675f478c0edd25187f0304d39eb81096edb79d2e9ae0401f68be3,2024-08-01T21:15:54.223000
CVE-2024-4965,0,0,5bd9bf33c1ad1b27237ab2761363d4d9817c8f50155c84d844f98b12772718a0,2024-08-08T15:15:18.730000
@ -263188,21 +263190,21 @@ CVE-2024-50044,0,0,99adc3b386d7b0b967167aa7a713bc7f801d66056d94b4526b6f57fba90cb
CVE-2024-50045,0,0,fe55a30d3128e36327b37c82ba94a1ff0132cabb54f3adbbcc568b84d8fc966e,2024-10-23T15:12:34.673000
CVE-2024-50046,0,0,4e255f676ca189e5e9e50101b26a65e95afe2fd8c7d6b981181f54054bdf130d,2024-10-23T15:12:34.673000
CVE-2024-50047,0,0,2b207a2a293c77a5b4c3a31569dc164f8277d0179d455cd9b507078393309111,2024-10-23T15:12:34.673000
CVE-2024-50048,0,0,bbd23138e80805a57e396cc9887dad63617290c67454d76acda269e557ea2f54,2024-10-23T15:12:34.673000
CVE-2024-50049,0,0,09afa0a2be58ba607560df205b0898b8b28ee2e6ee587a6115c8699c00e8bc60,2024-10-23T15:12:34.673000
CVE-2024-50048,0,1,d005bc43ac7dffe85bb1b4c62a0be79335a5f23ef87660a48780d7c73272a7ca,2024-10-23T21:46:11.533000
CVE-2024-50049,0,1,8a3f3791bfb77ef3d490e872a72df28d44a50dd01f038b8f63798b04c8c73740,2024-10-23T21:45:43.657000
CVE-2024-5005,0,0,28bdb1683e492d24b33087981d0823dd42f49eeb8c271eabba28b1e925e506ca,2024-10-15T12:58:51.050000
CVE-2024-50050,0,0,75d86e88f7994c1f3b20bb87cac7d396514a1e4ee924d9d29743f3bd699759ce,2024-10-23T15:12:34.673000
CVE-2024-50055,0,0,10b598d3a0269b0f307eaabbc2b716f722fcf5535b65c85d86a0eaf85ce88670,2024-10-23T15:12:34.673000
CVE-2024-50055,0,1,223ed98e7a7f4160f8634a62679e487b1296c8eb2d61be84de5731c91a2cb49b,2024-10-23T21:45:15.137000
CVE-2024-50056,0,0,67d5758c0ace6615570a11511305d2b63ab44abb1709d3f0417dc90e404e22ad,2024-10-23T15:12:34.673000
CVE-2024-50057,0,0,f555ac9c828db06432a047b9e7eb871f60ff001319e6c1d4d6ade5425ae58ba9,2024-10-23T15:12:34.673000
CVE-2024-50058,0,0,c4f2f522ded53fa0475123933c29f621ce5dd5483ec6a179037df3352956be04,2024-10-23T15:12:34.673000
CVE-2024-50059,0,0,1a780b20170c340af075dbf31665516511f24a1a8d6b1513298259637be6503b,2024-10-23T15:12:34.673000
CVE-2024-5006,0,0,275a7db4a7750ed7acf4e95109b09b599d0f03c3ae61db2773b61bbc80a38eed,2024-06-11T17:36:24
CVE-2024-50060,0,0,01f3d5625dc49ef407dd1399459de4e55c9dc18499ec441f495a2f6b728ede8c,2024-10-23T15:12:34.673000
CVE-2024-50061,0,0,bc3a7751cc02130d6e355a5fd87d288a623ee842a3c5388e63bd720da58709ae,2024-10-23T15:12:34.673000
CVE-2024-50062,0,0,1537eaa0ebc19268aec1be9df183deb52cc4159c434eceb6998e096f5503bcf3,2024-10-23T15:12:34.673000
CVE-2024-50061,0,1,adfa4c7105f2a2d6ac6001b08865d994315eaf40295441d8499676332f52333c,2024-10-23T21:48:29.030000
CVE-2024-50062,0,1,fb76c5d17773e9b99ba2a7f2c28322bbec6aca19454d77f6ffd53fa694af65b4,2024-10-23T21:48:57.737000
CVE-2024-50063,0,0,1d1881a47d554fc29d203efb6c8521669e1b28611f2bbf99ab231399dab599e1,2024-10-23T15:12:34.673000
CVE-2024-50064,0,0,c980eae6fee1a420ecee8691838857535f4e51105a3766ff7633430adb0de9f6,2024-10-23T15:12:34.673000
CVE-2024-50064,0,1,0fbb48f98a0eb4f4ff5ac7ecc0e869de5fbcd36b7eb760b827cf0f646f0d7eab,2024-10-23T21:49:29.423000
CVE-2024-50065,0,0,798ea878f6caa10adb303d247fc046bf695b098e873c9993ee906b7bb5d17e5c,2024-10-23T15:12:34.673000
CVE-2024-50066,0,0,d94429be94d535aee100ff68d7809fe3a46ae84c5531ba245573459a38823316,2024-10-23T15:12:34.673000
CVE-2024-5008,0,0,41c3cff745583fe16908c309126d70e41415ad78f2790f83925cbb0a70eb9065,2024-09-06T22:43:49.557000
@ -266308,7 +266310,7 @@ CVE-2024-8891,0,0,aa12a440054ffbd9bbb7dd25787b2c9efe1fc6e33a09eaeb1daa5594da775b
CVE-2024-8892,0,0,b5404a9c6df12d8f66b57eddda13f138d35d7b48bdd71ae1e8b3a805c49716e0,2024-10-07T17:10:26.673000
CVE-2024-8897,0,0,73bf9affb964d11dd95d3adbb34f86a16b9ae0fd786e64b4bbd48b1e4387bb49,2024-09-25T19:49:02.493000
CVE-2024-8900,0,0,7e1ef63767445d80c050e52e96753e1c9a46fb23d2b1e0137f2a2c5bdcba53e3,2024-10-01T16:15:10.293000
CVE-2024-8901,0,0,5296fd97c17e19a2d9fe2e0dab7936fdd9516207bfc538f5a85aa6e6692205b3,2024-10-23T15:12:34.673000
CVE-2024-8901,0,1,c42abead2f721e44cbad55763c07a3fd24e0a842c194ee61580274699db985ca,2024-10-23T21:15:14.950000
CVE-2024-8902,0,0,e5dace8ff5577040ad4e028bf354543120981f772810138844b5cb4413778526,2024-10-15T12:57:46.880000
CVE-2024-8903,0,0,2ce54562e46551a15b98a64a6437d41656e447939ac76ef855f5d59decf764b8,2024-09-26T13:32:55.343000
CVE-2024-8904,0,0,d8dcf25b3cbae62dbf75fa5380e6989346805c7240b139b8d28c46adffd353f1,2024-09-20T12:30:51.220000
@ -266816,6 +266818,7 @@ CVE-2024-9894,0,0,32055c4142b72d0a3f9c19293b700e4df1192ff16d337368689045e8c50a9c
CVE-2024-9895,0,0,9f4575888232de3c29cfc8d0d4e2d5d892b3f5ec9e574dd895cb53771a8a3d74,2024-10-17T20:50:03.503000
CVE-2024-9897,0,0,f308c0111617eadaadafb29e97ec039364f5185710cd1efe1ec56329c77092f7,2024-10-21T17:09:45.417000
CVE-2024-9898,0,0,34647a8f54872789fb9d153b7e32e611f940664cb6907ab09e4df7e32cdaa8ba,2024-10-18T12:52:33.507000
CVE-2024-9899,1,1,6c76ba1fcc7597d7958a7e74c7de009221352c8fe34414d847a1d4d85ee09e27,2024-10-23T21:15:15.050000
CVE-2024-9903,0,0,244e0ad624c75743e190bc7da6a1b45fe195aaf738d59f8decfde97c8722448f,2024-10-15T12:57:46.880000
CVE-2024-9904,0,0,b8f5bdf1fde920247f061f9c3939c42469f53e3148abd589ac11ba36d4728079,2024-10-15T12:57:46.880000
CVE-2024-9905,0,0,09e20420cf063b331c2f2444287faaf461bdb42e483d150bc77bc6c327c543d3,2024-10-16T22:12:18.153000
@ -266843,7 +266846,7 @@ CVE-2024-9937,0,0,4e7ae54d6a9c5099857ac0a66ba44c96220fc2ab3e1844c918c371d4dbb6d3
CVE-2024-9940,0,0,0591f213f2bec6924fef18017d23419024c9c5bdc4c598c1e0fd80a492ebb13b,2024-10-18T12:53:04.627000
CVE-2024-9944,0,0,0b8e9f26d6b78f71e8a64eb7650f72f57e1c6a31a17ce0fafe5b6b8377b71371,2024-10-17T20:47:35.817000
CVE-2024-9947,0,0,6d7ad994cc9a7fac36825c8cc7c424fb9dcf9e1f8fd3a9311a9b488ef62fd2d0,2024-10-23T15:12:34.673000
CVE-2024-9949,1,1,809d1c3ab15f5e798ce5cb068f046ea68c92b35fa3cdf8747557251b5a8ea50c,2024-10-23T18:15:13.763000
CVE-2024-9949,0,0,809d1c3ab15f5e798ce5cb068f046ea68c92b35fa3cdf8747557251b5a8ea50c,2024-10-23T18:15:13.763000
CVE-2024-9951,0,0,5d941c75af8c4072e469beaa1d6ae2855b0ca23ecdce87314ecd326f6a54014a,2024-10-18T12:52:33.507000
CVE-2024-9952,0,0,d5c643eb1b76a39b13753ce231704557bf9fa9c82efce6d96f1e313e65eab479,2024-10-16T15:05:13.467000
CVE-2024-9953,0,0,d45e8bc6b31e34e84fbff0a12af100dea5cf3de9adda836e3ebc3a7410262455,2024-10-17T20:59:01.940000

Can't render this file because it is too large.