diff --git a/CVE-2021/CVE-2021-472xx/CVE-2021-47202.json b/CVE-2021/CVE-2021-472xx/CVE-2021-47202.json index 49e9e576098..cc5de6418f5 100644 --- a/CVE-2021/CVE-2021-472xx/CVE-2021-47202.json +++ b/CVE-2021/CVE-2021-472xx/CVE-2021-47202.json @@ -2,8 +2,8 @@ "id": "CVE-2021-47202", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-10T19:15:48.167", - "lastModified": "2024-11-21T06:35:37.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-14T14:42:43.193", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,47 +15,151 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: thermal: Fix NULL pointer dereferences in of_thermal_ functions of_parse_thermal_zones() analiza el nodo thermal-zones y registra un dispositivo thermal_zone para cada subnodo. Sin embargo, si una zona t\u00e9rmica est\u00e1 consumiendo un sensor t\u00e9rmico y ese dispositivo de sensor t\u00e9rmico a\u00fan no ha realizado la prueba, un intento de establecer trip_point_*_temp para ese dispositivo de zona t\u00e9rmica puede provocar una desreferencia de puntero NULL. Arr\u00e9glelo. console:/sys/class/thermal/thermal_zone87 # echo 120000 > trip_point_0_temp ... No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 0000000000000020 ... Seguimiento de llamadas: of_thermal_set_trip_temp+0x40/0xc4 trip_point_temp_store+0xc0/0x1dc dev_attr_store+0x38/0x88 sysfs_kf_write+0x64/0xc0 kernfs_fop_write_iter+0x108/0x1d0 vfs_write+0x2f4/0x368 ksys_write+0x7c/0xec __arm64_sys_write+0x20/0x30 el0_svc_common.llvm.7279915941325364641+0xbc/0x1bc do_el0_svc+0x28/0xa0 el0_svc+0x14/0x24 el0_sync_handler+0x88/0xec el0_sync+0x1c0/0x200 Mientras tanto, corrija tambi\u00e9n la posible desreferencia del puntero NULL en otras funciones: of_thermal_get_temp(), of_thermal_set_emul_temp(), of_thermal_get_trend()." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.4.210", + "matchCriteriaId": "769A1563-4E73-4FA2-BDEB-9DBD40989582" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.81", + "matchCriteriaId": "36581F45-F01C-4014-84F2-F7F59F4F5D10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.14.21", + "matchCriteriaId": "542D1BE5-8431-4A4D-8523-C35DF9570429" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15", + "versionEndExcluding": "5.15.4", + "matchCriteriaId": "562752F1-191C-49DC-921A-2032FAC48FD4" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/0750f769b95841b34a9fe8c418dd792ff526bf86", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6a315471cb6a07f651e1d3adc8962730f4fcccac", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/828f4c31684da94ecf0b44a2cbd35bbede04f0bd", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/96cfe05051fd8543cdedd6807ec59a0e6c409195", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ef2590a5305e0b8e9342f84c2214aa478ee7f28e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0750f769b95841b34a9fe8c418dd792ff526bf86", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6a315471cb6a07f651e1d3adc8962730f4fcccac", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/828f4c31684da94ecf0b44a2cbd35bbede04f0bd", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/96cfe05051fd8543cdedd6807ec59a0e6c409195", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ef2590a5305e0b8e9342f84c2214aa478ee7f28e", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-472xx/CVE-2021-47204.json b/CVE-2021/CVE-2021-472xx/CVE-2021-47204.json index 23bc4511748..7e6a9fc11d8 100644 --- a/CVE-2021/CVE-2021-472xx/CVE-2021-47204.json +++ b/CVE-2021/CVE-2021-472xx/CVE-2021-47204.json @@ -2,8 +2,8 @@ "id": "CVE-2021-47204", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-10T19:15:48.270", - "lastModified": "2024-11-21T06:35:37.460", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-01-14T14:35:39.270", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,136 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: dpaa2-eth: se ha corregido el error use-after-free en dpaa2_eth_remove. El acceso a netdev despu\u00e9s de free_netdev() provocar\u00e1 un error use-after-free. Mueva el registro de depuraci\u00f3n antes de la llamada free_netdev() para evitarlo." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.17", + "versionEndExcluding": "5.4.162", + "matchCriteriaId": "3EB87820-60BB-4776-8344-33AF0E3BA3BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.82", + "matchCriteriaId": "AE501832-500C-4EF1-9489-5C13674F619D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.5", + "matchCriteriaId": "2128A085-4C0C-4C1E-9E9C-0DD868E2170F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*", + "matchCriteriaId": "357AA433-37E8-4323-BFB2-3038D6E4B414" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/1c4099dc0d6a01e76e4f7dd98e4b3e0d55d80ad9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/32d4686224744819ddcae58b666c21d2a4ef4c88", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9b5a333272a48c2f8b30add7a874e46e8b26129c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d74ff10ed2d93dc9b67e99a74b36fb9a83273d8a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1c4099dc0d6a01e76e4f7dd98e4b3e0d55d80ad9", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/32d4686224744819ddcae58b666c21d2a4ef4c88", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9b5a333272a48c2f8b30add7a874e46e8b26129c", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d74ff10ed2d93dc9b67e99a74b36fb9a83273d8a", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-472xx/CVE-2021-47211.json b/CVE-2021/CVE-2021-472xx/CVE-2021-47211.json index 0cabc5d40c2..20fdd1b684c 100644 --- a/CVE-2021/CVE-2021-472xx/CVE-2021-47211.json +++ b/CVE-2021/CVE-2021-472xx/CVE-2021-47211.json @@ -2,8 +2,8 @@ "id": "CVE-2021-47211", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-10T19:15:48.547", - "lastModified": "2024-11-21T06:35:38.357", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-14T14:43:27.637", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,88 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: usb-audio: se corrige la desreferencia de puntero nulo en el puntero cs_desc El puntero cs_desc devuelto por snd_usb_find_clock_source podr\u00eda ser nulo, por lo que existe un posible problema de desreferencia de puntero nulo. Solucione esto agregando una comprobaci\u00f3n de nulo antes de la desreferencia." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.15.5", + "matchCriteriaId": "B2845F69-264B-45BD-B7E7-D12B24338382" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/58fa50de595f152900594c28ec9915c169643739", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b97053df0f04747c3c1e021ecbe99db675342954", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/58fa50de595f152900594c28ec9915c169643739", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b97053df0f04747c3c1e021ecbe99db675342954", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-472xx/CVE-2021-47217.json b/CVE-2021/CVE-2021-472xx/CVE-2021-47217.json index 982e6d135e9..5bd005494c4 100644 --- a/CVE-2021/CVE-2021-472xx/CVE-2021-47217.json +++ b/CVE-2021/CVE-2021-472xx/CVE-2021-47217.json @@ -2,8 +2,8 @@ "id": "CVE-2021-47217", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-10T19:15:48.813", - "lastModified": "2024-11-21T06:35:38.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-14T14:44:11.917", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,47 +15,157 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/hyperv: Se corrige la desreferencia NULL en set_hv_tscchange_cb() si falla la configuraci\u00f3n de Hyper-V. Verifique si hay una matriz hv_vp_index v\u00e1lida antes de desreferenciar hv_vp_index al configurar la devoluci\u00f3n de llamada de cambio de TSC de Hyper-V. Si la configuraci\u00f3n de Hyper-V fall\u00f3 en hyperv_init(), el kernel a\u00fan informar\u00e1 que se est\u00e1 ejecutando bajo Hyper-V, pero habr\u00e1 deshabilitado silenciosamente casi todas las funciones. ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000010 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente PGD 0 P4D 0 Oops: 0000 [#1] SMP CPU: 4 PID: 1 Comm: swapper/0 No contaminado 5.15.0-rc2+ #75 Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:set_hv_tscchange_cb+0x15/0xa0 C\u00f3digo: <8b> 04 82 8b 15 12 17 85 01 48 c1 e0 20 48 0d ee 00 01 00 f6 c6 08 ... Seguimiento de llamadas: kvm_arch_init+0x17c/0x280 kvm_init+0x31/0x330 vmx_init+0xba/0x13a do_one_initcall+0x41/0x1c0 kernel_init_freeable+0x1f2/0x23b kernel_init+0x16/0x120 ret_from_fork+0x22/0x30" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.16", + "versionEndExcluding": "4.19.218", + "matchCriteriaId": "3917EFBF-AD24-48ED-B8B4-4F6BA6A5E0E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.162", + "matchCriteriaId": "51A152D8-D5CE-47BD-9041-DEE164DCE99D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.82", + "matchCriteriaId": "AE501832-500C-4EF1-9489-5C13674F619D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.5", + "matchCriteriaId": "2128A085-4C0C-4C1E-9E9C-0DD868E2170F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*", + "matchCriteriaId": "357AA433-37E8-4323-BFB2-3038D6E4B414" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/8823ea27fff6084bbb4bc71d15378fae0220b1d8", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9c177eee116cf888276d3748cb176e72562cfd5c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b0e44dfb4e4c699cca33ede431b8d127e6e8d661", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b20ec58f8a6f4fef32cc71480ddf824584e24743", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/daf972118c517b91f74ff1731417feb4270625a4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8823ea27fff6084bbb4bc71d15378fae0220b1d8", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9c177eee116cf888276d3748cb176e72562cfd5c", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b0e44dfb4e4c699cca33ede431b8d127e6e8d661", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b20ec58f8a6f4fef32cc71480ddf824584e24743", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/daf972118c517b91f74ff1731417feb4270625a4", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-472xx/CVE-2021-47218.json b/CVE-2021/CVE-2021-472xx/CVE-2021-47218.json index 7953b186fce..0b84ac34656 100644 --- a/CVE-2021/CVE-2021-472xx/CVE-2021-47218.json +++ b/CVE-2021/CVE-2021-472xx/CVE-2021-47218.json @@ -2,8 +2,8 @@ "id": "CVE-2021-47218", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-10T19:15:48.860", - "lastModified": "2024-11-21T06:35:39.020", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-14T14:44:55.610", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,120 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: selinux: corregir la desreferencia de puntero NULL cuando falla la asignaci\u00f3n de hashtab Cuando la asignaci\u00f3n de la matriz de ranuras de la tabla hash falla en hashtab_init(), h->size se deja inicializado con un valor distinto de cero, pero el puntero h->htable es NULL. Esto puede causar una desreferencia de puntero NULL, ya que el c\u00f3digo policydb se basa en la suposici\u00f3n de que incluso despu\u00e9s de un hashtab_init() fallido, se pueden llamar hashtab_map() y hashtab_destroy() de forma segura. Sin embargo, estos detectan un hashtab vac\u00edo solo mirando el tama\u00f1o. Solucione esto asegur\u00e1ndose de que hashtab_init() siempre deje atr\u00e1s un hashtab vac\u00edo v\u00e1lido cuando falla la asignaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.8", + "versionEndExcluding": "5.10.82", + "matchCriteriaId": "AB0877E3-6FA0-42C3-8484-EB609F8F6D4B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.5", + "matchCriteriaId": "2128A085-4C0C-4C1E-9E9C-0DD868E2170F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*", + "matchCriteriaId": "357AA433-37E8-4323-BFB2-3038D6E4B414" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc2:*:*:*:*:*:*", + "matchCriteriaId": "A73429BA-C2D9-4D0C-A75F-06A1CA8B3983" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/83c8ab8503adf56bf68dafc7a382f4946c87da79", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b17dd53cac769dd13031b0ca34f90cc65e523fab", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/dc27f3c5d10c58069672215787a96b4fae01818b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/83c8ab8503adf56bf68dafc7a382f4946c87da79", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b17dd53cac769dd13031b0ca34f90cc65e523fab", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/dc27f3c5d10c58069672215787a96b4fae01818b", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-486xx/CVE-2022-48648.json b/CVE-2022/CVE-2022-486xx/CVE-2022-48648.json index d67731be858..1dfc24117db 100644 --- a/CVE-2022/CVE-2022-486xx/CVE-2022-48648.json +++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48648.json @@ -2,8 +2,8 @@ "id": "CVE-2022-48648", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-28T13:15:07.290", - "lastModified": "2024-11-21T07:33:41.353", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-14T14:52:07.293", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,161 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sfc: corrige la desreferencia del puntero nulo en efx_hard_start_xmit Intentar obtener el canal de la variable tx_queue aqu\u00ed es incorrecto porque solo podemos estar aqu\u00ed si tx_queue es NULL, por lo que no debemos desreferenciarlo. Como dice el comentario anterior en el c\u00f3digo, es muy poco probable que esto suceda, pero de todos modos est\u00e1 mal, as\u00ed que solucion\u00e9moslo. Encontr\u00e9 este problema debido a un error diferente que provoc\u00f3 que tx_queue fuera NULL. Si eso sucede, este es el mensaje de error que recibimos aqu\u00ed: ERROR: no se puede manejar la desreferencia del puntero NULL del kernel en 0000000000000020 [...] RIP: 0010:efx_hard_start_xmit+0x153/0x170 [sfc]" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.10", + "versionEndExcluding": "5.10.146", + "matchCriteriaId": "26BCCE2C-EE0C-437D-A9D6-6714B5AE47CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.71", + "matchCriteriaId": "080C1827-D257-4D5A-9071-779EF7F5EF0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "5.19.12", + "matchCriteriaId": "03B0F56B-C5CC-4E81-BB51-D07D569DE4CA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*", + "matchCriteriaId": "E8BD11A3-8643-49B6-BADE-5029A0117325" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:*", + "matchCriteriaId": "5F0AD220-F6A9-4012-8636-155F1B841FAD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc3:*:*:*:*:*:*", + "matchCriteriaId": "A46498B3-78E1-4623-AAE1-94D29A42BE4E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc4:*:*:*:*:*:*", + "matchCriteriaId": "F8446E87-F5F6-41CA-8201-BAE0F0CA6DD9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc5:*:*:*:*:*:*", + "matchCriteriaId": "8E5FB72F-67CE-43CC-83FE-541604D98182" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc6:*:*:*:*:*:*", + "matchCriteriaId": "3A0A7397-F5F8-4753-82DC-9A11288E696D" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/0a242eb2913a4aa3d6fbdb86559f27628e9466f3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8547c7bfc0617e7184e4da65b9b96681fcfe9998", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b3b41d4d95d3822b2e459ecbc80d030ea6aec5e7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b3b952168ee1f220ba729fa100fd9d5aa752eb03", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0a242eb2913a4aa3d6fbdb86559f27628e9466f3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8547c7bfc0617e7184e4da65b9b96681fcfe9998", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b3b41d4d95d3822b2e459ecbc80d030ea6aec5e7", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b3b952168ee1f220ba729fa100fd9d5aa752eb03", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-486xx/CVE-2022-48663.json b/CVE-2022/CVE-2022-486xx/CVE-2022-48663.json index 3d42e793ae0..de2492babeb 100644 --- a/CVE-2022/CVE-2022-486xx/CVE-2022-48663.json +++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48663.json @@ -2,8 +2,8 @@ "id": "CVE-2022-48663", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-28T13:15:07.980", - "lastModified": "2024-11-21T07:33:43.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-14T14:53:12.910", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,131 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: gpio: maqueta: corrige la desreferencia del puntero NULL al eliminar debugfs Ahora eliminamos las entradas debugfs del dispositivo al desvincular el controlador. Esto ahora provoca una desreferencia del puntero NULL al salir del m\u00f3dulo porque los dispositivos de la plataforma no est\u00e1n registrados *despu\u00e9s* de que el directorio global debugfs se haya eliminado de forma recursiva. Solucionarlo cancelando el registro de los dispositivos primero." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.10.144", + "versionEndExcluding": "5.10.146", + "matchCriteriaId": "2EAE3A2C-3F60-40DD-AF52-8B1F528F2683" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15.69", + "versionEndExcluding": "5.15.71", + "matchCriteriaId": "E59B6451-2447-4C1E-AF94-1971FD9D8B1B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.19.10", + "versionEndExcluding": "5.19.12", + "matchCriteriaId": "D95C917A-1411-4409-A9B3-E2F4514E6A56" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/18352095a0d581f6aeb1e9fc9d68cc0152cd64b4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/af0bfabf06c74c260265c30ba81a34e7dec0e881", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b7df41a6f79dfb18ba2203f8c5f0e9c0b9b57f68", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bdea98b98f844bd8a983ca880893e509a8b4162f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/18352095a0d581f6aeb1e9fc9d68cc0152cd64b4", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/af0bfabf06c74c260265c30ba81a34e7dec0e881", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b7df41a6f79dfb18ba2203f8c5f0e9c0b9b57f68", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bdea98b98f844bd8a983ca880893e509a8b4162f", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37931.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37931.json new file mode 100644 index 00000000000..82cf834536a --- /dev/null +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37931.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2023-37931", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:26.623", + "lastModified": "2025-01-14T14:15:26.623", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-88] in FortiVoice Entreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to perform a blind sql injection attack via sending crafted HTTP or HTTPS requests" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-220", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37936.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37936.json new file mode 100644 index 00000000000..25943987c14 --- /dev/null +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37936.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2023-37936", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:26.790", + "lastModified": "2025-01-14T14:15:26.790", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via crafted requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-321" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-260", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37937.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37937.json new file mode 100644 index 00000000000..e5ef9c7319c --- /dev/null +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37937.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2023-37937", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:26.940", + "lastModified": "2025-01-14T14:15:26.940", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via the FortiSwitch CLI." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-258", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-427xx/CVE-2023-42785.json b/CVE-2023/CVE-2023-427xx/CVE-2023-42785.json new file mode 100644 index 00000000000..7adda9f2a31 --- /dev/null +++ b/CVE-2023/CVE-2023-427xx/CVE-2023-42785.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2023-42785", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:27.083", + "lastModified": "2025-01-14T14:15:27.083", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-293", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-427xx/CVE-2023-42786.json b/CVE-2023/CVE-2023-427xx/CVE-2023-42786.json new file mode 100644 index 00000000000..73f6d844fe9 --- /dev/null +++ b/CVE-2023/CVE-2023-427xx/CVE-2023-42786.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2023-42786", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:27.237", + "lastModified": "2025-01-14T14:15:27.237", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-293", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46715.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46715.json new file mode 100644 index 00000000000..2940a9b064a --- /dev/null +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46715.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2023-46715", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:27.387", + "lastModified": "2025-01-14T14:15:27.387", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send (but not receive) packets spoofing the IP of another user via crafted network packets." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", + "baseScore": 5.0, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-346" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-407", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-526xx/CVE-2023-52643.json b/CVE-2023/CVE-2023-526xx/CVE-2023-52643.json index 1877ef21abb..bdf77eb0971 100644 --- a/CVE-2023/CVE-2023-526xx/CVE-2023-52643.json +++ b/CVE-2023/CVE-2023-526xx/CVE-2023-52643.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52643", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-17T10:15:08.503", - "lastModified": "2024-11-21T08:40:16.210", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-14T14:58:40.580", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,47 +15,172 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: core: corrige memleak en iio_device_register_sysfs Cuando falla iio_device_register_sysfs_group(), debemos liberar iio_dev_opaque->chan_attr_group.attrs para evitar posibles fugas de mem." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.13", + "versionEndExcluding": "5.15.149", + "matchCriteriaId": "35E631A3-4D05-4FC9-8CF5-E3E21448663F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.79", + "matchCriteriaId": "656E2F29-1779-4EFC-AA64-8F984E2885B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.18", + "matchCriteriaId": "BD961E49-FEDA-47CF-BF23-4D2BD942B4E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.7.6", + "matchCriteriaId": "C6D6A5C8-7308-42A9-8A72-ABF3DEA4BB82" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", + "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*", + "matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*", + "matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*", + "matchCriteriaId": "62075ACE-B2A0-4B16-829D-B3DA5AE5CC41" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/1c6d19c8cbf6abcea2c8fca2db26abca2cbf0363", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/359f220d0e753bba840eac19ffedcdc816b532f2", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3db312e06851996e7fb27cb5a8ccab4c0f9cdb93", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/95a0d596bbd0552a78e13ced43f2be1038883c81", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b90126c86d83912688501826643ea698f0df1728", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1c6d19c8cbf6abcea2c8fca2db26abca2cbf0363", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/359f220d0e753bba840eac19ffedcdc816b532f2", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3db312e06851996e7fb27cb5a8ccab4c0f9cdb93", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/95a0d596bbd0552a78e13ced43f2be1038883c81", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b90126c86d83912688501826643ea698f0df1728", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-526xx/CVE-2023-52662.json b/CVE-2023/CVE-2023-526xx/CVE-2023-52662.json index 5f083514e00..a7abdee0624 100644 --- a/CVE-2023/CVE-2023-526xx/CVE-2023-52662.json +++ b/CVE-2023/CVE-2023-526xx/CVE-2023-52662.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52662", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-17T14:15:08.373", - "lastModified": "2024-11-21T08:40:18.603", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-14T14:55:24.477", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,55 +15,173 @@ "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/vmwgfx: soluciona un memleak en vmw_gmrid_man_get_node Cuando falla ida_alloc_max, se deben liberar los recursos asignados anteriormente, incluido *res asignado por kmalloc y ttm_resource_init." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.14", + "versionEndExcluding": "5.15.153", + "matchCriteriaId": "D811A71A-BD96-4E48-ABE1-315AD51DCB5C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.83", + "matchCriteriaId": "121A07F6-F505-4C47-86BF-9BB6CC7B6C19" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.23", + "matchCriteriaId": "E00814DC-0BA7-431A-9926-80FEB4A96C68" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.7.11", + "matchCriteriaId": "9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.8", + "versionEndExcluding": "6.8.2", + "matchCriteriaId": "543A75FF-25B8-4046-A514-1EA8EDD87AB1" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/03b1072616a8f7d6e8594f643b416a9467c83fbf", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/40624af6674745e174c754a20d7c53c250e65e7a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6fc6233f6db1579b69b54b44571f1a7fde8186e6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/83e0f220d1e992fa074157fcf14945bf170ffbc5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/89709105a6091948ffb6ec2427954cbfe45358ce", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d1e546ab91c670e536a274a75481034ab7534876", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/03b1072616a8f7d6e8594f643b416a9467c83fbf", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/40624af6674745e174c754a20d7c53c250e65e7a", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6fc6233f6db1579b69b54b44571f1a7fde8186e6", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/83e0f220d1e992fa074157fcf14945bf170ffbc5", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/89709105a6091948ffb6ec2427954cbfe45358ce", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d1e546ab91c670e536a274a75481034ab7534876", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-114xx/CVE-2024-11497.json b/CVE-2024/CVE-2024-114xx/CVE-2024-11497.json new file mode 100644 index 00000000000..aa411bbb707 --- /dev/null +++ b/CVE-2024/CVE-2024-114xx/CVE-2024-11497.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-11497", + "sourceIdentifier": "info@cert.vde.com", + "published": "2025-01-14T14:15:27.720", + "lastModified": "2025-01-14T14:15:27.720", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + } + ], + "references": [ + { + "url": "https://cert.vde.com/en/advisories/VDE-2024-070", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11863.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11863.json new file mode 100644 index 00000000000..86c1beb1494 --- /dev/null +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11863.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-11863", + "sourceIdentifier": "arm-security@arm.com", + "published": "2025-01-14T14:15:27.927", + "lastModified": "2025-01-14T14:15:27.927", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "arm-security@arm.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-755" + } + ] + } + ], + "references": [ + { + "url": "https://developer.arm.com/Arm%20Security%20Center/SCP-Firmware%20Vulnerability%20CVE-2024-11863-11864", + "source": "arm-security@arm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11864.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11864.json new file mode 100644 index 00000000000..4b4b1da8160 --- /dev/null +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11864.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-11864", + "sourceIdentifier": "arm-security@arm.com", + "published": "2025-01-14T14:15:28.053", + "lastModified": "2025-01-14T14:15:28.053", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "arm-security@arm.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-755" + } + ] + } + ], + "references": [ + { + "url": "https://developer.arm.com/Arm%20Security%20Center/SCP-Firmware%20Vulnerability%20CVE-2024-11863-11864", + "source": "arm-security@arm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12147.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12147.json index 32a1f42c5e4..c33fc33b2d0 100644 --- a/CVE-2024/CVE-2024-121xx/CVE-2024-12147.json +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12147.json @@ -2,13 +2,20 @@ "id": "CVE-2024-12147", "sourceIdentifier": "cna@vuldb.com", "published": "2024-12-04T18:15:11.803", - "lastModified": "2024-12-04T18:15:11.803", + "lastModified": "2025-01-14T14:15:28.163", "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "cveTags": [ + { + "sourceIdentifier": "cna@vuldb.com", + "tags": [ + "unsupported-when-assigned" + ] + } + ], "descriptions": [ { "lang": "en", - "value": "A vulnerability was found in Netgear R6900 1.0.1.26_1.0.20. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file upgrade_check.cgi of the component HTTP Header Handler. The manipulation of the argument Content-Length leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + "value": "A vulnerability was found in Netgear R6900 1.0.1.26_1.0.20. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file upgrade_check.cgi of the component HTTP Header Handler. The manipulation of the argument Content-Length leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer." }, { "lang": "es", @@ -144,6 +151,10 @@ { "url": "https://www.netgear.com/", "source": "cna@vuldb.com" + }, + { + "url": "https://www.netgear.com/about/eos/", + "source": "cna@vuldb.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-129xx/CVE-2024-12988.json b/CVE-2024/CVE-2024-129xx/CVE-2024-12988.json index 259644982f5..a5bc1760b55 100644 --- a/CVE-2024/CVE-2024-129xx/CVE-2024-12988.json +++ b/CVE-2024/CVE-2024-129xx/CVE-2024-12988.json @@ -2,13 +2,20 @@ "id": "CVE-2024-12988", "sourceIdentifier": "cna@vuldb.com", "published": "2024-12-27T17:15:08.130", - "lastModified": "2024-12-27T19:15:08.260", + "lastModified": "2025-01-14T14:15:28.347", "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "cveTags": [ + { + "sourceIdentifier": "cna@vuldb.com", + "tags": [ + "unsupported-when-assigned" + ] + } + ], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulnerability is the function sub_16C4C of the component HTTP Header Handler. The manipulation of the argument Host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + "value": "A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulnerability is the function sub_16C4C of the component HTTP Header Handler. The manipulation of the argument Host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer." }, { "lang": "es", @@ -145,6 +152,10 @@ "url": "https://www.netgear.com/", "source": "cna@vuldb.com" }, + { + "url": "https://www.netgear.com/about/eos/", + "source": "cna@vuldb.com" + }, { "url": "https://github.com/physicszq/Routers/tree/main/Netgear/1.3.3.154", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" diff --git a/CVE-2024/CVE-2024-131xx/CVE-2024-13131.json b/CVE-2024/CVE-2024-131xx/CVE-2024-13131.json index 2c468aa2c3b..08e2f65a05c 100644 --- a/CVE-2024/CVE-2024-131xx/CVE-2024-13131.json +++ b/CVE-2024/CVE-2024-131xx/CVE-2024-13131.json @@ -2,144 +2,15 @@ "id": "CVE-2024-13131", "sourceIdentifier": "cna@vuldb.com", "published": "2025-01-05T03:15:05.690", - "lastModified": "2025-01-10T14:15:28.793", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-14T14:15:28.490", + "vulnStatus": "Rejected", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability classified as problematic has been found in Dahua IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z and IPC-HDW1200S up to 20241222. This affects an unknown part of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." - }, - { - "lang": "es", - "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en los dispositivos Dahua IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z e IPC-HDW1200S hasta 20241222. Afecta a una parte desconocida del archivo /web_caps/webCapsConfig del componente Web Interface. La manipulaci\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." + "value": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-9680. Reason: This candidate is a reservation duplicate of CVE-2019-9680. Notes: All CVE users should reference CVE-2019-9680 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ], - "metrics": { - "cvssMetricV40": [ - { - "source": "cna@vuldb.com", - "type": "Secondary", - "cvssData": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "baseScore": 6.9, - "baseSeverity": "MEDIUM", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "attackRequirements": "NONE", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "vulnerableSystemConfidentiality": "LOW", - "vulnerableSystemIntegrity": "NONE", - "vulnerableSystemAvailability": "NONE", - "subsequentSystemConfidentiality": "NONE", - "subsequentSystemIntegrity": "NONE", - "subsequentSystemAvailability": "NONE", - "exploitMaturity": "NOT_DEFINED", - "confidentialityRequirements": "NOT_DEFINED", - "integrityRequirements": "NOT_DEFINED", - "availabilityRequirements": "NOT_DEFINED", - "modifiedAttackVector": "NOT_DEFINED", - "modifiedAttackComplexity": "NOT_DEFINED", - "modifiedAttackRequirements": "NOT_DEFINED", - "modifiedPrivilegesRequired": "NOT_DEFINED", - "modifiedUserInteraction": "NOT_DEFINED", - "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", - "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", - "modifiedVulnerableSystemAvailability": "NOT_DEFINED", - "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", - "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", - "modifiedSubsequentSystemAvailability": "NOT_DEFINED", - "safety": "NOT_DEFINED", - "automatable": "NOT_DEFINED", - "recovery": "NOT_DEFINED", - "valueDensity": "NOT_DEFINED", - "vulnerabilityResponseEffort": "NOT_DEFINED", - "providerUrgency": "NOT_DEFINED" - } - } - ], - "cvssMetricV31": [ - { - "source": "cna@vuldb.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "baseScore": 5.3, - "baseSeverity": "MEDIUM", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "availabilityImpact": "NONE" - }, - "exploitabilityScore": 3.9, - "impactScore": 1.4 - } - ], - "cvssMetricV2": [ - { - "source": "cna@vuldb.com", - "type": "Secondary", - "cvssData": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "baseScore": 5.0, - "accessVector": "NETWORK", - "accessComplexity": "LOW", - "authentication": "NONE", - "confidentialityImpact": "PARTIAL", - "integrityImpact": "NONE", - "availabilityImpact": "NONE" - }, - "baseSeverity": "MEDIUM", - "exploitabilityScore": 10.0, - "impactScore": 2.9, - "acInsufInfo": false, - "obtainAllPrivilege": false, - "obtainUserPrivilege": false, - "obtainOtherPrivilege": false, - "userInteractionRequired": false - } - ] - }, - "weaknesses": [ - { - "source": "cna@vuldb.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-200" - }, - { - "lang": "en", - "value": "CWE-284" - } - ] - } - ], - "references": [ - { - "url": "https://netsecfish.notion.site/IntelBras-IP-Camera-Information-Disclosure-15e6b683e67c80a89f89daf59daa9ea8?pvs=73", - "source": "cna@vuldb.com" - }, - { - "url": "https://vuldb.com/?ctiid.290205", - "source": "cna@vuldb.com" - }, - { - "url": "https://vuldb.com/?id.290205", - "source": "cna@vuldb.com" - }, - { - "url": "https://vuldb.com/?submit.464258", - "source": "cna@vuldb.com" - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-217xx/CVE-2024-21758.json b/CVE-2024/CVE-2024-217xx/CVE-2024-21758.json new file mode 100644 index 00000000000..05494d0b188 --- /dev/null +++ b/CVE-2024/CVE-2024-217xx/CVE-2024-21758.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-21758", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:28.597", + "lastModified": "2025-01-14T14:15:28.597", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1 may allow a privileged user to execute arbitrary code via specially crafted CLI commands, provided the user is able to evade FortiWeb stack protections." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.5, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-458", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23106.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23106.json new file mode 100644 index 00000000000..ef3e57dc932 --- /dev/null +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23106.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-23106", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:28.747", + "lastModified": "2025-01-14T14:15:28.747", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HTTPS requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-307" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-476", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-260xx/CVE-2024-26012.json b/CVE-2024/CVE-2024-260xx/CVE-2024-26012.json new file mode 100644 index 00000000000..41ba99f6af6 --- /dev/null +++ b/CVE-2024/CVE-2024-260xx/CVE-2024-26012.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-26012", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:28.893", + "lastModified": "2025-01-14T14:15:28.893", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2 allow a local authenticated attacker to execute unauthorized code via the CLI." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-405", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26829.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26829.json index e7ffc88260e..82828aefe03 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26829.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26829.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26829", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-17T10:15:09.347", - "lastModified": "2024-11-21T09:03:09.783", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-14T14:58:05.850", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,55 +15,192 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: ir_toy: corrige una fuga de mem en irtoy_tx Cuando falla irtoy_command, se debe liberar buf ya que est\u00e1 asignado por irtoy_tx, o hay una fuga de mem." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.10.210", + "matchCriteriaId": "24443040-F8E0-445D-8395-40A94214526C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15.54", + "versionEndExcluding": "5.15.149", + "matchCriteriaId": "FC55D6FB-B445-4760-AA4E-387BAD7DD8D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.79", + "matchCriteriaId": "656E2F29-1779-4EFC-AA64-8F984E2885B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.18", + "matchCriteriaId": "BD961E49-FEDA-47CF-BF23-4D2BD942B4E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.7.6", + "matchCriteriaId": "C6D6A5C8-7308-42A9-8A72-ABF3DEA4BB82" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", + "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*", + "matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*", + "matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*", + "matchCriteriaId": "62075ACE-B2A0-4B16-829D-B3DA5AE5CC41" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/207557e393a135c1b6fe1df7cc0741d2c1789fff", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/486a4176bc783df798bce2903824801af8d2c3ae", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7219a692ffc00089015ada33b85b334d1a4b6e8e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b37259448bbc70af1d0e52a9dd5559a9c29c9621", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/be76ad74a43f90f340f9f479e6b04f02125f6aef", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/dc9ceb90c4b42c6e5c6757df1d6257110433788e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/207557e393a135c1b6fe1df7cc0741d2c1789fff", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/486a4176bc783df798bce2903824801af8d2c3ae", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7219a692ffc00089015ada33b85b334d1a4b6e8e", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b37259448bbc70af1d0e52a9dd5559a9c29c9621", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/be76ad74a43f90f340f9f479e6b04f02125f6aef", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/dc9ceb90c4b42c6e5c6757df1d6257110433788e", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26839.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26839.json index bb051e61bfe..5a276b28d1c 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26839.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26839.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26839", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-17T10:15:09.860", - "lastModified": "2024-11-21T09:03:10.980", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-14T14:56:47.140", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,79 +15,269 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: IB/hfi1: corrige una fuga de mem en init_credit_return Cuando dma_alloc_coherent no puede asignar dd->cr_base[i].va, init_credit_return deber\u00eda desasignar dd->cr_base y dd->cr_base[i]. ] el asignado antes. O esos recursos nunca se liberar\u00edan y se desencadenar\u00eda una fuga de memoria." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.3", + "versionEndExcluding": "4.19.308", + "matchCriteriaId": "B8C10ACD-3562-46D8-9264-AB7D6E861232" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.270", + "matchCriteriaId": "5D8044B1-C7E8-44A4-9F03-A4D7BCDB1721" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.211", + "matchCriteriaId": "7DDA4DCF-671D-415D-94DF-6E3C77DF0704" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.150", + "matchCriteriaId": "CB6C60DE-9E0C-46C5-904D-D4F4031F8E95" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.80", + "matchCriteriaId": "BA7850CE-97C9-4408-A348-6173296BCA2B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.19", + "matchCriteriaId": "8D82004C-B2AE-4048-9344-32EFF65953B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.7.7", + "matchCriteriaId": "575EE16B-67F2-4B5B-B5F8-1877715C898B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", + "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*", + "matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*", + "matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*", + "matchCriteriaId": "62075ACE-B2A0-4B16-829D-B3DA5AE5CC41" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*", + "matchCriteriaId": "A780F817-2A77-4130-A9B7-5C25606314E3" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/2e4f9f20b32658ef3724aa46f7aef4908d2609e3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3fa240bb6b2dbb3e7a3ee1440a4889cbb6207eb7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/52de5805c147137205662af89ed7e083d656ae25", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/809aa64ebff51eb170ee31a95f83b2d21efa32e2", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8412c86e89cc78d8b513cb25cf2157a2adf3670a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b41d0ade0398007fb746213f09903d52a920e896", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cecfb90cf71d91e9efebd68b9e9b84661b277cc8", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f0d857ce31a6bc7a82afcdbadb8f7417d482604b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2e4f9f20b32658ef3724aa46f7aef4908d2609e3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3fa240bb6b2dbb3e7a3ee1440a4889cbb6207eb7", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/52de5805c147137205662af89ed7e083d656ae25", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/809aa64ebff51eb170ee31a95f83b2d21efa32e2", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8412c86e89cc78d8b513cb25cf2157a2adf3670a", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b41d0ade0398007fb746213f09903d52a920e896", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cecfb90cf71d91e9efebd68b9e9b84661b277cc8", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f0d857ce31a6bc7a82afcdbadb8f7417d482604b", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26868.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26868.json index 857bc834d91..171bd47d2bc 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26868.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26868.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26868", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-17T11:15:09.360", - "lastModified": "2024-11-21T09:03:15.243", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-14T14:45:52.020", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,47 +15,152 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfs: soluciona el p\u00e1nico cuando falla nfs4_ff_layout_prepare_ds() Hemos estado viendo el siguiente error de p\u00e1nico en producci\u00f3n: desreferencia del puntero NULL del kernel, direcci\u00f3n: 0000000000000065 PGD 2f485f067 P4D 2f485f067 PUD 2cc5d8067 PMD RIP : 0010:ff_layout_cancel_io+0x3a/0x90 [nfs_layout_flexfiles] Seguimiento de llamadas: ? __die+0x78/0xc0 ? page_fault_oops+0x286/0x380? __rpc_execute+0x2c3/0x470 [sunrpc] ? rpc_new_task+0x42/0x1c0 [sunrpc] ? exc_page_fault+0x5d/0x110? asm_exc_page_fault+0x22/0x30? ff_layout_free_layoutreturn+0x110/0x110 [nfs_layout_flexfiles]? ff_layout_cancel_io+0x3a/0x90 [nfs_layout_flexfiles]? ff_layout_cancel_io+0x6f/0x90 [nfs_layout_flexfiles] pnfs_mark_matching_lsegs_return+0x1b0/0x360 [nfsv4] pnfs_error_mark_layout_for_return+0x9e/0x110 [nfsv4] ? ff_layout_send_layouterror+0x50/0x160 [nfs_layout_flexfiles] nfs4_ff_layout_prepare_ds+0x11f/0x290 [nfs_layout_flexfiles] ff_layout_pg_init_write+0xf0/0x1f0 [nfs_layout_flexfiles] __nfs_pageio_add_re b\u00fasqueda+0x154/0x6c0 [nfs] nfs_pageio_add_request+0x26b/0x380 [nfs] nfs_do_writepage+0x111/0x1e0 [nfs] nfs_writepages_callback+ 0xf/0x30 [nfs] write_cache_pages+0x17f/0x380 ? nfs_pageio_init_write+0x50/0x50 [nfs] ? nfs_writepages+0x6d/0x210 [nfs]? nfs_writepages+0x6d/0x210 [nfs] nfs_writepages+0x125/0x210 [nfs] do_writepages+0x67/0x220? generic_perform_write+0x14b/0x210 filemap_fdatawrite_wbc+0x5b/0x80 file_write_and_wait_range+0x6d/0xc0 nfs_file_fsync+0x81/0x170 [nfs] ? nfs_file_mmap+0x60/0x60 [nfs] __x64_sys_fsync+0x53/0x90 do_syscall_64+0x3d/0x90 Entry_SYSCALL_64_after_hwframe+0x46/0xb0 Inspeccionando el n\u00facleo con drgn pude extraer esto >>> prog.crashed_thread().stack_trace()[0 ] # 0 en 0xffffffffa079657a (ff_layout_cancel_io+0x3a/0x84) en ff_layout_cancel_io en fs/nfs/flexfilelayout/flexfilelayout.c:2021:27 >>> prog.crashed_thread().stack_trace()[0]['idx'] (u32)1 >>> prog.crashed_thread().stack_trace()[0]['flseg'].mirror_array[1].mirror_ds (struct nfs4_ff_layout_ds *)0xffffffffffffffed Esto queda claro en el seguimiento de la pila, llamamos a nfs4_ff_layout_prepare_ds(), lo que podr\u00eda generar un error inicializando mirror_ds, y luego vamos a limpiarlo todo y nuestra verificaci\u00f3n es solo para if (!mirror->mirror_ds). Esto es inconsistente con el resto de usuarios de mirror_ds, que tienen if (IS_ERR_OR_NULL(mirror_ds)) para evitar tropezar con este escenario exacto. Solucione esto en ff_layout_cancel_io() para asegurarnos de que no entremos en p\u00e1nico cuando recibamos un error. Tambi\u00e9n revis\u00e9 todas las dem\u00e1s instancias de verificaci\u00f3n de mirror_ds y parece que estamos haciendo las verificaciones correctas en todas partes, solo desreferenciando incondicionalmente mirror_ds cuando sabemos que ser\u00eda v\u00e1lido." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.1", + "versionEndExcluding": "6.1.83", + "matchCriteriaId": "3057E4AB-0FB4-49B3-B63D-10D187B96B1B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.23", + "matchCriteriaId": "E00814DC-0BA7-431A-9926-80FEB4A96C68" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.7.11", + "matchCriteriaId": "9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.8", + "versionEndExcluding": "6.8.2", + "matchCriteriaId": "543A75FF-25B8-4046-A514-1EA8EDD87AB1" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/31db25e3141b20e2a76a9f219eeca52e3cab126c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5ada9016b1217498fad876a3d5b07645cc955608", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/719fcafe07c12646691bd62d7f8d94d657fa0766", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7ca651b4ec4a049f5a46a0e5ff921b86b91c47c5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/dac068f164ad05b35e7c0be13f138c3f6adca58f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/31db25e3141b20e2a76a9f219eeca52e3cab126c", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5ada9016b1217498fad876a3d5b07645cc955608", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/719fcafe07c12646691bd62d7f8d94d657fa0766", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7ca651b4ec4a049f5a46a0e5ff921b86b91c47c5", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/dac068f164ad05b35e7c0be13f138c3f6adca58f", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26871.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26871.json index c69f34ec2f7..d393df2b2ed 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26871.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26871.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26871", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-17T11:15:09.513", - "lastModified": "2024-11-21T09:03:15.620", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-14T14:46:37.293", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,131 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: corrige la desreferencia del puntero NULL en f2fs_submit_page_write() ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 0000000000000014 RIP: 0010:f2fs_submit_page_write+0x6cf/0x780 [f2fs] Seguimiento de llamadas: ? show_regs+0x6e/0x80? __morir+0x29/0x70 ? page_fault_oops+0x154/0x4a0? prb_read_valid+0x20/0x30? __irq_work_queue_local+0x39/0xd0 ? irq_work_queue+0x36/0x70? do_user_addr_fault+0x314/0x6c0? exc_page_fault+0x7d/0x190? asm_exc_page_fault+0x2b/0x30? f2fs_submit_page_write+0x6cf/0x780 [f2fs] ? f2fs_submit_page_write+0x736/0x780 [f2fs] do_write_page+0x50/0x170 [f2fs] f2fs_outplace_write_data+0x61/0xb0 [f2fs] f2fs_do_write_data_page+0x3f8/0x660 [f2fs] f2fs_write_single_data_page+0 x5bb/0x7a0 [f2fs] f2fs_write_cache_pages+0x3da/0xbe0 [f2fs] .. Es posible que otros hilos hayan agregado este fio a io->bio y hayan enviado el io->bio antes de ingresar a f2fs_submit_page_write(). En este punto io->bio = NULL. Si is_end_zone_blkaddr(sbi, fio->new_blkaddr) de este fio es verdadero, entonces se produce un error de desreferencia de puntero NULL en bio_get(io->bio). El c\u00f3digo original para determinar el final de la zona estaba despu\u00e9s de \"out:\", lo que habr\u00eda pasado por alto a alg\u00fan fio que es el final de la zona. Mov\u00ed este c\u00f3digo antes de \"omitir:\" para asegurarme de que est\u00e9 hecho para cada fio." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.5", + "versionEndExcluding": "6.6.23", + "matchCriteriaId": "89C006B8-BD53-4D24-9E4A-3482F60C50EC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.7.11", + "matchCriteriaId": "9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.8", + "versionEndExcluding": "6.8.2", + "matchCriteriaId": "543A75FF-25B8-4046-A514-1EA8EDD87AB1" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/4c122a32582b67bdd44ca8d25f894ee2dc54f566", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6d102382a11d5e6035f6c98f6e508a38541f7af3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8e2ea8b04cb8d976110c4568509e67d6a39b2889", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c2034ef6192a65a986a45c2aa2ed05824fdc0e9f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4c122a32582b67bdd44ca8d25f894ee2dc54f566", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6d102382a11d5e6035f6c98f6e508a38541f7af3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8e2ea8b04cb8d976110c4568509e67d6a39b2889", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c2034ef6192a65a986a45c2aa2ed05824fdc0e9f", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26878.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26878.json index 9df9bf342c6..3d6068cc6ff 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26878.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26878.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26878", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-17T11:15:09.870", - "lastModified": "2024-11-21T09:03:16.660", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-14T14:49:44.283", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,87 +15,268 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cuota: corrige una posible desreferencia del puntero NULL La siguiente carrera puede causar una desreferencia del puntero NULL P1 P2 dquot_free_inode quote_off drop_dquot_ref remove_dquot_ref dquots = i_dquot(inode) dquots = i_dquot(inode) srcu_read_lock dquots[cnt]) != NULL (1) dquots[tipo] = NULL (2) spin_lock(&dquots[cnt]->dq_dqb_lock) (3) .... Si dquot_free_inode(u otras rutinas) verifica los punteros de cuota del inodo (1) antes de que cuota_off lo establezca a NULL(2) y usarlo (3) despu\u00e9s de eso, se activar\u00e1 la desreferencia del puntero NULL. Entonces, solucion\u00e9moslo usando un puntero temporal para evitar este problema." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + }, + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.19.311", + "matchCriteriaId": "A6E19FC1-2A3F-4FF8-805C-2864C71553EC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.273", + "matchCriteriaId": "620FD8B7-BF03-43E0-951A-0A58461D4C55" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.214", + "matchCriteriaId": "65987874-467B-4D3B-91D6-68A129B34FB8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.153", + "matchCriteriaId": "ACB69438-845D-4E3C-B114-3140611F9C0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.83", + "matchCriteriaId": "121A07F6-F505-4C47-86BF-9BB6CC7B6C19" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.23", + "matchCriteriaId": "E00814DC-0BA7-431A-9926-80FEB4A96C68" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.7.11", + "matchCriteriaId": "9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.8", + "versionEndExcluding": "6.8.2", + "matchCriteriaId": "543A75FF-25B8-4046-A514-1EA8EDD87AB1" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/1ca72a3de915f87232c9a4cb9bebbd3af8ed3e25", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/40a673b4b07efd6f74ff3ab60f38b26aa91ee5d5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/49669f8e7eb053f91d239df7b1bfb4500255a9d0", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/61380537aa6dd32d8a723d98b8f1bd1b11d8fee0", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6afc9f4434fa8063aa768c2bf5bf98583aee0877", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7f9e833fc0f9b47be503af012eb5903086939754", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8514899c1a4edf802f03c408db901063aa3f05a1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d0aa72604fbd80c8aabb46eda00535ed35570f1f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f2649d98aa9ca8623149b3cb8df00c944f5655c7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1ca72a3de915f87232c9a4cb9bebbd3af8ed3e25", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/40a673b4b07efd6f74ff3ab60f38b26aa91ee5d5", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/49669f8e7eb053f91d239df7b1bfb4500255a9d0", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/61380537aa6dd32d8a723d98b8f1bd1b11d8fee0", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6afc9f4434fa8063aa768c2bf5bf98583aee0877", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7f9e833fc0f9b47be503af012eb5903086939754", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8514899c1a4edf802f03c408db901063aa3f05a1", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d0aa72604fbd80c8aabb46eda00535ed35570f1f", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f2649d98aa9ca8623149b3cb8df00c944f5655c7", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26892.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26892.json index 0478dc319d9..aa8fd7b53a9 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26892.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26892.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26892", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-17T11:15:10.530", - "lastModified": "2024-11-21T09:03:19.010", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-01-14T14:34:50.407", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,138 @@ "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: wifi: mt76: mt7921e: fix use-after-free en free_irq() Desde el commit a304e1b82808 (\"[PATCH] Depurar irqs compartidas\"), existe una prueba para asegurarse de que El controlador de irq compartido deber\u00eda poder manejar el evento inesperado despu\u00e9s de la cancelaci\u00f3n del registro. Para este caso, apliquemos el indicador MT76_REMOVED para indicar que el dispositivo fue eliminado y no volver a acceder al recurso. ERROR: KASAN: use-after-free en mt7921_irq_handler+0xd8/0x100 [mt7921e] Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff88824a7d3b78 por tarea rmmod/11115 CPU: 28 PID: 11115 Comm: rmmod Tainted: GWL 5.17.0 #10 Nombre de hardware: Micro-Star International Co., Ltd. MS-7D73/MPG B650I EDGE WIFI (MS-7D73), BIOS 1.81 05/01/2024 Seguimiento de llamadas: dump_stack_lvl+0x6f/0xa0 print_address_description.constprop.0+0x1f/0x190 ? mt7921_irq_handler+0xd8/0x100 [mt7921e] ? mt7921_irq_handler+0xd8/0x100 [mt7921e] kasan_report.cold+0x7f/0x11b ? mt7921_irq_handler+0xd8/0x100 [mt7921e] mt7921_irq_handler+0xd8/0x100 [mt7921e] free_irq+0x627/0xaa0 devm_free_irq+0x94/0xd0 ? devm_request_any_context_irq+0x160/0x160? kobject_put+0x18d/0x4a0 mt7921_pci_remove+0x153/0x190 [mt7921e] pci_device_remove+0xa2/0x1d0 __device_release_driver+0x346/0x6e0 driver_detach+0x1ef/0x2c0 bus_remove_driver+0xe7/0x2d 0 ? __check_object_size+0x57/0x310 pci_unregister_driver+0x26/0x250 __do_sys_delete_module+0x307/0x510 ? m\u00f3dulo_libre+0x6a0/0x6a0? fpregs_assert_state_consistent+0x4b/0xb0? rcu_read_lock_sched_held+0x10/0x70? syscall_enter_from_user_mode+0x20/0x70? trace_hardirqs_on+0x1c/0x130 do_syscall_64+0x5c/0x80? trace_hardirqs_on_prepare+0x72/0x160? do_syscall_64+0x68/0x80? trace_hardirqs_on_prepare+0x72/0x160 entrada_SYSCALL_64_after_hwframe+0x44/0xae" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2.15", + "versionEndExcluding": "6.3", + "matchCriteriaId": "70B668F1-1B39-45E1-ADAC-438F51BF80D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.3.2", + "versionEndExcluding": "6.6.23", + "matchCriteriaId": "EFF8850B-FC76-4A55-B289-22210F46A872" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.7.11", + "matchCriteriaId": "9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.8", + "versionEndExcluding": "6.8.2", + "matchCriteriaId": "543A75FF-25B8-4046-A514-1EA8EDD87AB1" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/bfe1adf1606f76c180324e53b130f0e76d5cc6c3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bfeaef901194c5923ce3330272786eff2fac513a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c7dd42fbebcfb02bef070fd48f774d6412d0b49d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c957280ef6ab6bdf559a91ae693a6b34310697e3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bfe1adf1606f76c180324e53b130f0e76d5cc6c3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bfeaef901194c5923ce3330272786eff2fac513a", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c7dd42fbebcfb02bef070fd48f774d6412d0b49d", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c957280ef6ab6bdf559a91ae693a6b34310697e3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26895.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26895.json index db576a3d1da..243f51c27cb 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26895.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26895.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26895", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-17T11:15:10.677", - "lastModified": "2024-11-21T09:03:19.490", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-01-14T14:33:40.417", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,67 +15,216 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: wilc1000: evita el use-after-free en vif al limpiar todas las interfaces wilc_netdev_cleanup activa actualmente una advertencia KASAN, que se puede observar en la ruta del error de registro de la interfaz, o simplemente eliminando el m\u00f3dulo/dispositivo de desvinculaci\u00f3n del controlador: echo spi0.1 > /sys/bus/spi/drivers/wilc1000_spi/unbind ========================== ========================================= ERROR: KASAN: uso de losa despu\u00e9s -free en wilc_netdev_cleanup+0x508/0x5cc Lectura de tama\u00f1o 4 en addr c54d1ce8 por tarea sh/86 CPU: 0 PID: 86 Comm: sh Not tainted 6.8.0-rc1+ #117 Nombre de hardware: Atmel SAMA5 unwind_backtrace from show_stack+0x18/0x1c show_stack de dump_stack_lvl+0x34/0x58 dump_stack_lvl de print_report+0x154/0x500 print_report de kasan_report+0xac/0xd8 kasan_report de wilc_netdev_cleanup+0x508/0x5cc wilc_netdev_cleanup de wilc_bus_remove+0xc8/0xec wilc_bus_remove de spi_remove+0x8c/0xac spi_remove de dispositivo_release_driver_internal+0x434/0x5f8 dispositivo_release_driver_internal de unbind_store+0xbc/0x108 unbind_store de kernfs_fop_write_iter+0x398/0x584 kernfs_fop_write_iter de vfs_write+0x728/0xf88 vfs_write de ksys_write+0x110/0x1e4 ksys_write de ret_fast_syscall+0x0/0 x1c [...] Asignado por la tarea 1: kasan_save_track+0x30/0x5c __kasan_kmalloc +0x8c/0x94 __kmalloc_node+0x1cc/0x3e4 kvmalloc_node+0x48/0x180 alloc_netdev_mqs+0x68/0x11dc alloc_etherdev_mqs+0x28/0x34 wilc_netdev_ifc_init+0x34/0x8ec wilc_cfg80211 _init+0x690/0x910 wilc_bus_probe+0xe0/0x4a0 spi_probe+0x158/0x1b0 Actually_probe+0x270/0xdf4 __driver_probe_device +0x1dc/0x580 driver_probe_device+0x60/0x140 __driver_attach+0x228/0x5d4 bus_for_each_dev+0x13c/0x1a8 bus_add_driver+0x2a0/0x608 driver_register+0x24c/0x578 do_one_initcall+0x180/0x310 kernel _init_freeable+0x424/0x484 kernel_init+0x20/0x148 ret_from_fork+0x14/0x28 Liberado por tarea 86: kasan_save_track+0x30/0x5c kasan_save_free_info+0x38/0x58 __kasan_slab_free+0xe4/0x140 kfree+0xb0/0x238 device_release+0xc0/0x2a8 kobject_put+0x1d4/0x46c netdev_run_todo+0x8fc/0x11 d0 wilc_netdev_cleanup+0x1e4/0x5cc wilc_bus_remove+0xc8/0xec spi_remove +0x8c/0xac dispositivo_release_driver_internal+0x434/0x5f8 unbind_store+0xbc/0x108 kernfs_fop_write_iter+0x398/0x584 vfs_write+0x728/0xf88 ksys_write+0x110/0x1e4 ret_fast_syscall+0x0/0x1c [...] La investigaci\u00f3n inicial de David Mosberger-Tan [1] mostr\u00f3 que Este use-after-free se debe a la cancelaci\u00f3n del registro del dispositivo de red durante el recorrido de la lista vif. Al cancelar el registro de un dispositivo de red, dado que need_free_netdev se configur\u00f3 en verdadero durante el registro, el objeto netdevice tambi\u00e9n se libera y, como consecuencia, tambi\u00e9n el objeto vif correspondiente, ya que est\u00e1 adjunto a \u00e9l como datos privados del dispositivo de red. La siguiente aparici\u00f3n del bucle intenta acceder al puntero vif liberado a la lista para avanzar en la lista. Solucionar este use-after-free gracias a dos mecanismos: - navegar en la lista con list_for_each_entry_safe, que permite modificar de forma segura la lista a medida que avanzamos por cada elemento. Para cada elemento, elim\u00ednelo de la lista con list_del_rcu; aseg\u00farese de esperar a que finalice el per\u00edodo de gracia de RCU despu\u00e9s de cada eliminaci\u00f3n de vif para asegurarse de que tambi\u00e9n sea seguro liberar el vif correspondiente (a trav\u00e9s de unregister_netdev). Ya que estamos en un \"modificador\" de RCU. ruta (no una ruta de \"lector\"), y debido a que se espera que dicha ruta no sea concurrente con ning\u00fan otro modificador (estamos usando el bloqueo vif_mutex), no necesitamos usar la API de lista RCU, es por eso que podemos beneficiarnos de list_for_each_entry_safe . [1] https://lore.kernel.org/linux-wireless/ab077dbe58b1ea5de0a3b2ca21f275a07af967d2.camel@egauge.net/" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.214", + "matchCriteriaId": "65987874-467B-4D3B-91D6-68A129B34FB8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.153", + "matchCriteriaId": "ACB69438-845D-4E3C-B114-3140611F9C0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.83", + "matchCriteriaId": "121A07F6-F505-4C47-86BF-9BB6CC7B6C19" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.23", + "matchCriteriaId": "E00814DC-0BA7-431A-9926-80FEB4A96C68" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.7.11", + "matchCriteriaId": "9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.8", + "versionEndExcluding": "6.8.2", + "matchCriteriaId": "543A75FF-25B8-4046-A514-1EA8EDD87AB1" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/24228dcf1d30c2231caa332be7d3090ac59fbfe9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3da9d32b7f4a1a9f7e4bb15bb82f2b2dd6719447", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5956f4203b6cdd0755bbdd21b45f3933c7026208", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/73a2aa0aef86c2c07be5a2f42c9e6047e1a2f7bb", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a9545af2a533739ffb64d6c9a6fec6f13e2b505f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cb5942b77c05d54310a0420cac12935e9b6aa21c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/fe20e3d56bc911408fc3c27a17c59e9d7885f7d1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/24228dcf1d30c2231caa332be7d3090ac59fbfe9", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3da9d32b7f4a1a9f7e4bb15bb82f2b2dd6719447", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5956f4203b6cdd0755bbdd21b45f3933c7026208", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/73a2aa0aef86c2c07be5a2f42c9e6047e1a2f7bb", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a9545af2a533739ffb64d6c9a6fec6f13e2b505f", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cb5942b77c05d54310a0420cac12935e9b6aa21c", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/fe20e3d56bc911408fc3c27a17c59e9d7885f7d1", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26941.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26941.json index bfe480223cd..feb7e531da1 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26941.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26941.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26941", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T06:15:09.487", - "lastModified": "2024-11-21T09:03:26.373", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-01-14T14:37:37.710", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,94 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/dp: Se corrigi\u00f3 la regresi\u00f3n de divisi\u00f3n por cero en DP MST desconectar con nouveau Se corrigi\u00f3 una regresi\u00f3n al usar nouveau y desconectar un concentrador MST StarTech MSTDP122DP DisplayPort 1.2 (la misma regresi\u00f3n no aparecen cuando se utiliza un concentrador Cable Matters DisplayPort 1.4 MST). Seguimiento: error de divisi\u00f3n: 0000 [#1] PREEMPT SMP PTI CPU: 7 PID: 2962 Comm: Xorg Not tainted 6.8.0-rc3+ #744 Nombre de hardware: Razer Blade/DANA_MB, BIOS 01.01 31/08/2018 RIP: 0010: drm_dp_bw_overhead+0xb4/0x110 [drm_display_helper] C\u00f3digo: c6 b8 01 00 00 00 75 61 01 c6 41 0f af f3 41 0f af f1 c1 e1 04 48 63 c7 31 d2 89 ff 48 8b 5d f8 c9 48 0f af f1 48 8d 44 06 y siguientes <48> f7 f7 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 45 31 RSP: 0018:ffffb2c5c211fa30 EFLAGS: 00010206 RAX: ffffffffffffffff RBX: 000000000 RCX: 0000000000f59b00 RDX: 0000000000000000 RSI: 0000000000000000 RDI : 0000000000000000 RBP: ffffb2c5c211fa48 R08: 0000000000000001 R09: 0000000000000020 R10: 00000000000000004 R11: 0000000000000000 R12: 0000000000023b4a R13: ffff91d37d165800 R14: ffff91d36fac6d80 R15: ffff91d34a764010 FS: 00007f4a1ca3fa80(0000) GS:ffff91d6edbc0000(0000) 00000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000559491d49000 CR3: 000000011d180002 CR4: 00000000003706f0 Seguimiento de llamadas: ? show_regs+0x6d/0x80? morir+0x37/0xa0? do_trap+0xd4/0xf0? do_error_trap+0x71/0xb0? drm_dp_bw_overhead+0xb4/0x110 [drm_display_helper] ? exc_divide_error+0x3a/0x70? drm_dp_bw_overhead+0xb4/0x110 [drm_display_helper] ? asm_exc_divide_error+0x1b/0x20? drm_dp_bw_overhead+0xb4/0x110 [drm_display_helper] ? drm_dp_calc_pbn_mode+0x2e/0x70 [drm_display_helper] nv50_msto_atomic_check+0xda/0x120 [nuevo] drm_atomic_helper_check_modeset+0xa87/0xdf0 [drm_kms_helper] drm_atomic_helper_check+0x19/0xa0 [drm_km s_helper] nv50_disp_atomic_check+0x13f/0x2f0 [nuevo] drm_atomic_check_only+0x668/0xb20 [drm]? drm_connector_list_iter_next+0x86/0xc0 [drm] drm_atomic_commit+0x58/0xd0 [drm] ? __pfx___drm_printfn_info+0x10/0x10 [drm] drm_atomic_connector_commit_dpms+0xd7/0x100 [drm] drm_mode_obj_set_property_ioctl+0x1c5/0x450 [drm] ? __pfx_drm_connector_property_set_ioctl+0x10/0x10 [drm] drm_connector_property_set_ioctl+0x3b/0x60 [drm] drm_ioctl_kernel+0xb9/0x120 [drm] drm_ioctl+0x2d0/0x550 [drm] ? __pfx_drm_connector_property_set_ioctl+0x10/0x10 [drm] nouveau_drm_ioctl+0x61/0xc0 [nuevo] __x64_sys_ioctl+0xa0/0xf0 do_syscall_64+0x76/0x140 ? do_syscall_64+0x85/0x140? do_syscall_64+0x85/0x140 Entry_SYSCALL_64_after_hwframe+0x6e/0x76 RIP: 0033:0x7f4a1cd1a94f C\u00f3digo: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <41> 89 c0 3d 00 f0 ff ff 77 1f 48 8b 44 24 18 64 48 2b 04 25 28 00 RSP: 002b:00007ffd2f1df520 EFLAGS: 0246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007ffd2f1df5b0 RCX: 00007f4a1cd1a94f RDX: 00007ffd2f1df5b0 RSI: 00000000c01064ab RDI: 000000000000000f RBP: 00000000c01064ab R08: 000056347932deb8 R09: 00056347a7d99c0 R10: 0000000000000000 R11: 0000000000000246 R12: 000056347938a220 R13: 0000000000000000f R14: 0000563479d9f3f0 0000000000000000 M\u00f3dulos vinculados en: rfcomm xt_conntrack nft_chain_nat xt_masquerade nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xfrm_user xfrm_algo Xad_addrtype nft_compat nf_tables nfnetlink br_netfilter puente stp llc ccm cmac alkh_ overkh_ overkh_ overkh_ overkh_ overgh_ upny _alg bnep binfmt_misc snd_sof_pci_intel_cnl snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof_intel_hda SOC_ACPP SOCPI SND_SOC_CORE SND_COMPRESS SND_SOF_INTEL_INTEL_HDA_MLINK SND_HDA_EXT_CORE IWLMVM Intel_raPl_MMSR Intel_raPl_Common Intel_tccc_Cooling x86_pkg_temp_Thermal Intel_PowerClAMCCLAMCCLAMCCLAMCO11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111. a_codec_hdmi kvm snd_hda_ ---truncado---" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-369" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.8", + "versionEndExcluding": "6.8.3", + "matchCriteriaId": "4C59BBC3-6495-4A77-9C82-55EC7CDF5E02" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", + "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/828862071a6ca0c52655e6e62ac7abfef3e5c578", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9cbd1dae842737bfafa4b10a87909fa209dde250", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/828862071a6ca0c52655e6e62ac7abfef3e5c578", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9cbd1dae842737bfafa4b10a87909fa209dde250", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26944.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26944.json index f14cc135e60..f2fb544c2bb 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26944.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26944.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26944", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T06:15:10.010", - "lastModified": "2024-11-21T09:03:26.850", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-01-14T14:29:21.517", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,93 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: btrfs:zoned: corrige use-after-free en do_zone_finish() Shinichiro inform\u00f3 el siguiente use-after-free desencadenado por la operaci\u00f3n de reemplazo de dispositivo en fstests btrfs/070. Informaci\u00f3n BTRFS (dispositivo nullb1): limpieza: finalizado en el dispositivo 1 con estado: 0 ================================== ================================= ERROR: KASAN: uso de losa despu\u00e9s de liberarlo en do_zone_finish+0x91a/0xb90 [btrfs] Lectura del tama\u00f1o 8 en la direcci\u00f3n ffff8881543c8060 mediante la tarea btrfs-cleaner/3494007 CPU: 0 PID: 3494007 Comm: btrfs-cleaner Contaminado: GW 6.8.0-rc5-kts #1 Nombre del hardware: Supermicro Super Server/X11SPi-TF , BIOS 3.3 21/02/2020 Seguimiento de llamadas: dump_stack_lvl+0x5b/0x90 print_report+0xcf/0x670 ? __virt_addr_valid+0x200/0x3e0 kasan_report+0xd8/0x110 ? do_zone_finish+0x91a/0xb90 [btrfs]? do_zone_finish+0x91a/0xb90 [btrfs] do_zone_finish+0x91a/0xb90 [btrfs] btrfs_delete_unused_bgs+0x5e1/0x1750 [btrfs] ? __pfx_btrfs_delete_unused_bgs+0x10/0x10 [btrfs] ? btrfs_put_root+0x2d/0x220 [btrfs] ? btrfs_clean_one_deleted_snapshot+0x299/0x430 [btrfs] clean_kthread+0x21e/0x380 [btrfs] ? __pfx_cleaner_kthread+0x10/0x10 [btrfs] kthread+0x2e3/0x3c0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x70 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 Asignado por tarea 3493983: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 __kasan_kmalloc+0xaa/0xb0 btrfs_alloc_device+0x b3/0x4e0 [btrfs] lista_dispositivo_add.constprop.0+0x993/ 0x1630 [btrfs] btrfs_scan_one_device+0x219/0x3d0 [btrfs] btrfs_control_ioctl+0x26e/0x310 [btrfs] __x64_sys_ioctl+0x134/0x1b0 do_syscall_64+0x99/0x190 entrada_SYSCALL_6 4_after_hwframe+0x6e/0x76 Liberado por la tarea 3494056: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3f/0x60 veneno_slab_object+0x102/0x170 __kasan_slab_free+0x32/0x70 kfree+0x11b/0x320 btrfs_rm_dev_replace_free_srcdev+0xca/0x280 [btrfs_dev_replace_finishing+0xd 7e/0x14f0 [btrfs] btrfs_dev_replace_by_ioctl+0x1286/0x25a0 [btrfs] btrfs_ioctl+0xb27/0x57d0 [ btrfs] __x64_sys_ioctl+0x134/0x1b0 do_syscall_64+0x99/0x190 Entry_SYSCALL_64_after_hwframe+0x6e/0x76 La direcci\u00f3n con errores pertenece al objeto en ffff8881543c8000 que pertenece al cach\u00e9 kmalloc-1k de tama\u00f1o 1024 Se encuentra la direcci\u00f3n con errores 96 bytes dentro de los 1024 bytes liberados regi\u00f3n [ffff8881543c8000, ffff8881543c8400) La direcci\u00f3n del error pertenece a la p\u00e1gina f\u00edsica: p\u00e1gina:00000000fe2c1285 refcount:1 mapcount:0 mapeo:00000000000000000 index:0x0 pfn:0x1543c8 head:00000000fe2c1285 entero_mapcount:0 nr_pages_mapped:0 pincount:0 banderas: 0x17ffffc0000840(slab|head|node=0|zone=2|lastcpupid=0x1fffff) tipo de p\u00e1gina: 0xffffffff() raw: 0017ffffc0000840 ffff888100042dc0 ffffea0019e8f200 dead000000000002 raw: 0000000000 0000000000100010 00000001ffffffff 0000000000000000 p\u00e1gina volcada porque: kasan: mal acceso detectado Estado de la memoria alrededor de la direcci\u00f3n con errores : ffff8881543c7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8881543c7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff8881543c8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8881543c8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8881543c8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb Esta UAF sucede porque estamos acceder a informaci\u00f3n de zona obsoleta de un btrfs_device ya eliminado en do_zone_finish(). La secuencia de eventos es la siguiente: btrfs_dev_replace_start btrfs_scrub_dev btrfs_dev_replace_finishing btrfs_dev_replace_update_device_in_mapping_tree <-- dispositivos reemplazados btrfs_rm_dev_replace_free_srcdev btrfs_free_device <-- dispositivo liberado clean_kthread btrfs_delete_unused_ bgs btrfs_zone_finish do_zone_finish <-- hace referencia al dispositivo liberado. La raz\u00f3n de esto es que estamos usando un ---truncado ---" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.8.3", + "matchCriteriaId": "45CAC835-1C61-4C27-A919-EF08207D3099" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", + "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/1ec17ef59168a1a6f1105f5dc517f783839a5302", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/34ca809e055eca5cfe63d9c7efbf80b7c21b4e57", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1ec17ef59168a1a6f1105f5dc517f783839a5302", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/34ca809e055eca5cfe63d9c7efbf80b7c21b4e57", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27059.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27059.json index c582b31ea9e..278bde6b1ba 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27059.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27059.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27059", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:50.493", - "lastModified": "2024-11-21T09:03:46.410", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-01-14T14:36:42.747", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,79 +15,274 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: USB: almacenamiento-usb: evita el error de divisi\u00f3n por 0 en isd200_ata_command El subcontrolador isd200 en almacenamiento-usb utiliza los valores HEADS y SECTORES en la informaci\u00f3n de ID de ATA para calcular el cilindro y valores principales al crear un CDB para comandos LEER o ESCRIBIR. El c\u00e1lculo implica operaciones de divisi\u00f3n y m\u00f3dulo, lo que provocar\u00e1 un bloqueo si cualquiera de estos valores es 0. Si bien esto nunca sucede con un dispositivo genuino, podr\u00eda suceder con una emulaci\u00f3n defectuosa o subversiva, seg\u00fan lo informado por syzbot fuzzer. Prot\u00e9jase contra esta posibilidad neg\u00e1ndose a vincularse al dispositivo si el valor ATA_ID_HEADS o ATA_ID_SECTORS en la informaci\u00f3n de ID del dispositivo es 0. Esto requiere que isd200_Initialization() devuelva un c\u00f3digo de error negativo cuando falla la inicializaci\u00f3n; actualmente siempre devuelve 0 (incluso cuando hay un error)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-369" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.6.12", + "versionEndExcluding": "4.19.312", + "matchCriteriaId": "0E489D47-7C41-43B5-A426-E0D8822EFB5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.274", + "matchCriteriaId": "F45A0F3C-C16D-49C4-86D6-D021C3D4B834" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.215", + "matchCriteriaId": "9CD5894E-58E9-4B4A-B0F4-3E6BC134B8F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.154", + "matchCriteriaId": "577E212E-7E95-4A71-9B5C-F1D1A3AFFF46" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.84", + "matchCriteriaId": "834D9BD5-42A6-4D74-979E-4D6D93F630FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.64", + "matchCriteriaId": "CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.7.12", + "matchCriteriaId": "6BE9771A-BAFD-4624-95F9-58D536540C53" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", + "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*", + "matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*", + "matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*", + "matchCriteriaId": "62075ACE-B2A0-4B16-829D-B3DA5AE5CC41" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*", + "matchCriteriaId": "A780F817-2A77-4130-A9B7-5C25606314E3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc6:*:*:*:*:*:*", + "matchCriteriaId": "AEB9199B-AB8F-4877-8964-E2BA95B5F15C" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/014bcf41d946b36a8f0b8e9b5d9529efbb822f49", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/284fb1003d5da111019b9e0bf99b084fd71ac133", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3a67d4ab9e730361d183086dfb0ddd8c61f01636", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6c1f36d92c0a8799569055012665d2bb066fb964", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/871fd7b10b56d280990b7e754f43d888382ca325", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9968c701cba7eda42e5f0052b040349d6222ae34", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/eb7b01ca778170654e1c76950024270ba74b121f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f42ba916689f5c7b1642092266d2f53cf527aaaa", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/014bcf41d946b36a8f0b8e9b5d9529efbb822f49", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/284fb1003d5da111019b9e0bf99b084fd71ac133", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3a67d4ab9e730361d183086dfb0ddd8c61f01636", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6c1f36d92c0a8799569055012665d2bb066fb964", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/871fd7b10b56d280990b7e754f43d888382ca325", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9968c701cba7eda42e5f0052b040349d6222ae34", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/eb7b01ca778170654e1c76950024270ba74b121f", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f42ba916689f5c7b1642092266d2f53cf527aaaa", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27388.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27388.json index 80564daba11..fca040c3592 100644 --- a/CVE-2024/CVE-2024-273xx/CVE-2024-27388.json +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27388.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27388", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:51.550", - "lastModified": "2024-11-21T09:04:30.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-14T14:56:08.617", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,87 +15,265 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: SUNRPC: corrige algunas fugas de mem en gssx_dec_option_array Los creds y oa->data deben liberarse en las rutas de manejo de errores despu\u00e9s de su asignaci\u00f3n. Entonces este parche agrega estas desasignaciones en las rutas correspondientes." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.10", + "versionEndExcluding": "4.19.311", + "matchCriteriaId": "AA8D2CD8-65D2-47A7-9391-35AFA94D8CCC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.273", + "matchCriteriaId": "620FD8B7-BF03-43E0-951A-0A58461D4C55" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.214", + "matchCriteriaId": "65987874-467B-4D3B-91D6-68A129B34FB8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.153", + "matchCriteriaId": "ACB69438-845D-4E3C-B114-3140611F9C0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.83", + "matchCriteriaId": "121A07F6-F505-4C47-86BF-9BB6CC7B6C19" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.23", + "matchCriteriaId": "E00814DC-0BA7-431A-9926-80FEB4A96C68" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.7.11", + "matchCriteriaId": "9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.8", + "versionEndExcluding": "6.8.2", + "matchCriteriaId": "543A75FF-25B8-4046-A514-1EA8EDD87AB1" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/3cfcfc102a5e57b021b786a755a38935e357797d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5e6013ae2c8d420faea553d363935f65badd32c3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/934212a623cbab851848b6de377eb476718c3e4c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/996997d1fb2126feda550d6adcedcbd94911fc69", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b97c37978ca825557d331c9012e0c1ddc0e42364", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/dd292e884c649f9b1c18af0ec75ca90b390cd044", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3cfcfc102a5e57b021b786a755a38935e357797d", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5e6013ae2c8d420faea553d363935f65badd32c3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/934212a623cbab851848b6de377eb476718c3e4c", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/996997d1fb2126feda550d6adcedcbd94911fc69", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b97c37978ca825557d331c9012e0c1ddc0e42364", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/dd292e884c649f9b1c18af0ec75ca90b390cd044", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27395.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27395.json index 541333a9832..f394092a985 100644 --- a/CVE-2024/CVE-2024-273xx/CVE-2024-27395.json +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27395.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27395", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-14T15:12:27.683", - "lastModified": "2024-11-21T09:04:31.553", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-01-14T14:27:22.167", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,79 +15,269 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: openvswitch: Fix Use-After-Free en ovs_ct_exit Dado que kfree_rcu, que se llama en el recorrido hlist_for_each_entry_rcu de ovs_ct_limit_exit, no forma parte de la secci\u00f3n cr\u00edtica de lectura de RCU, es posible que el per\u00edodo de gracia de RCU pasar\u00e1 durante el recorrido y la clave quedar\u00e1 libre. Para evitar esto, se debe cambiar a hlist_for_each_entry_safe." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.18", + "versionEndExcluding": "4.19.313", + "matchCriteriaId": "50CBAC7D-95E2-40F3-8EC6-E2B23E7363E6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.275", + "matchCriteriaId": "5FF6D8DE-C559-4586-86C8-2C6B4420A2C2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.216", + "matchCriteriaId": "A44ABF89-F1BD-4C9A-895D-7596650DCD27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.158", + "matchCriteriaId": "65D80EF6-76AF-4186-B680-55516EA42EED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.90", + "matchCriteriaId": "59CEDDCF-5C0D-4939-9CFE-2F4524892DD3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.30", + "matchCriteriaId": "84046DAF-73CF-429D-9BA4-05B658B377B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.8.9", + "matchCriteriaId": "5F9041E5-8358-4EF7-8F98-B812EDE49612" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", + "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", + "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*", + "matchCriteriaId": "52048DDA-FC5A-4363-95A0-A6357B4D7F8C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*", + "matchCriteriaId": "A06B2CCF-3F43-4FA9-8773-C83C3F5764B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*", + "matchCriteriaId": "F850DCEC-E08B-4317-A33B-D2DCF39F601B" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/2db9a8c0a01fa1c762c1e61a13c212c492752994", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/35880c3fa6f8fe281a19975d2992644588ca33d3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/589523cf0b384164e445dd5db8d5b1bf97982424", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5ea7b72d4fac2fdbc0425cd8f2ea33abe95235b2", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9048616553c65e750d43846f225843ed745ec0d4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bca6fa2d9a9f560e6b89fd5190b05cc2f5d422c1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/eaa5e164a2110d2fb9e16c8a29e4501882235137", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/edee0758747d7c219e29db9ed1d4eb33e8d32865", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2db9a8c0a01fa1c762c1e61a13c212c492752994", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/35880c3fa6f8fe281a19975d2992644588ca33d3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/589523cf0b384164e445dd5db8d5b1bf97982424", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5ea7b72d4fac2fdbc0425cd8f2ea33abe95235b2", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9048616553c65e750d43846f225843ed745ec0d4", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bca6fa2d9a9f560e6b89fd5190b05cc2f5d422c1", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/eaa5e164a2110d2fb9e16c8a29e4501882235137", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/edee0758747d7c219e29db9ed1d4eb33e8d32865", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27396.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27396.json index 161cd6a09e0..9a49260d87d 100644 --- a/CVE-2024/CVE-2024-273xx/CVE-2024-27396.json +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27396.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27396", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-14T15:12:27.983", - "lastModified": "2024-11-21T09:04:31.693", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-01-14T14:26:09.117", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,79 +15,276 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: gtp: corrige Use-After-Free en gtp_dellink Dado que call_rcu, que se llama en el recorrido hlist_for_each_entry_rcu de gtp_dellink, no forma parte de la secci\u00f3n cr\u00edtica de lectura de RCU, es posible que el per\u00edodo de gracia de RCU pasar\u00e1 durante el recorrido y la clave quedar\u00e1 libre. Para evitar esto, se debe cambiar a hlist_for_each_entry_safe." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.14.162", + "versionEndExcluding": "4.15", + "matchCriteriaId": "D8E34938-B599-4B3F-9871-2341E248D9A4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.19.93", + "versionEndExcluding": "4.19.313", + "matchCriteriaId": "8186A8B1-49E7-44C9-8D09-6B053D4BDCBD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.4.8", + "versionEndExcluding": "5.4.275", + "matchCriteriaId": "08BA6295-1810-4C9A-B4D8-E799A4533B19" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.216", + "matchCriteriaId": "A44ABF89-F1BD-4C9A-895D-7596650DCD27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.158", + "matchCriteriaId": "65D80EF6-76AF-4186-B680-55516EA42EED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.90", + "matchCriteriaId": "59CEDDCF-5C0D-4939-9CFE-2F4524892DD3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.30", + "matchCriteriaId": "84046DAF-73CF-429D-9BA4-05B658B377B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.8.9", + "matchCriteriaId": "5F9041E5-8358-4EF7-8F98-B812EDE49612" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", + "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", + "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*", + "matchCriteriaId": "52048DDA-FC5A-4363-95A0-A6357B4D7F8C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*", + "matchCriteriaId": "A06B2CCF-3F43-4FA9-8773-C83C3F5764B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*", + "matchCriteriaId": "F850DCEC-E08B-4317-A33B-D2DCF39F601B" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/07b20d0a3dc13fb1adff10b60021a4924498da58", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0caff3e6390f840666b8dc1ecebf985c2ef3f1dd", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/25a1c2d4b1fcf938356a9688a96a6456abd44b29", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2aacd4de45477582993f8a8abb9505a06426bfb6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2e74b3fd6bf542349758f283676dff3660327c07", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/718df1bc226c383dd803397d7f5d95557eb81ac7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cd957d1716ec979d8f5bf38fc659aeb9fdaa2474", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f2a904107ee2b647bb7794a1a82b67740d7c8a64", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/07b20d0a3dc13fb1adff10b60021a4924498da58", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0caff3e6390f840666b8dc1ecebf985c2ef3f1dd", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/25a1c2d4b1fcf938356a9688a96a6456abd44b29", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2aacd4de45477582993f8a8abb9505a06426bfb6", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2e74b3fd6bf542349758f283676dff3660327c07", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/718df1bc226c383dd803397d7f5d95557eb81ac7", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cd957d1716ec979d8f5bf38fc659aeb9fdaa2474", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f2a904107ee2b647bb7794a1a82b67740d7c8a64", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-277xx/CVE-2024-27778.json b/CVE-2024/CVE-2024-277xx/CVE-2024-27778.json new file mode 100644 index 00000000000..874e3882c2f --- /dev/null +++ b/CVE-2024/CVE-2024-277xx/CVE-2024-27778.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-27778", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:29.053", + "lastModified": "2025-01-14T14:15:29.053", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 4.4.0 through 4.4.4, 4.2.0 through 4.2.6 and below 4.0.4 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-061", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-321xx/CVE-2024-32115.json b/CVE-2024/CVE-2024-321xx/CVE-2024-32115.json new file mode 100644 index 00000000000..6c62f005f0d --- /dev/null +++ b/CVE-2024/CVE-2024-321xx/CVE-2024-32115.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-32115", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:29.200", + "lastModified": "2025-01-14T14:15:29.200", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A relative path traversal vulnerability [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-23" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-097", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-335xx/CVE-2024-33502.json b/CVE-2024/CVE-2024-335xx/CVE-2024-33502.json new file mode 100644 index 00000000000..b48c128d5d7 --- /dev/null +++ b/CVE-2024/CVE-2024-335xx/CVE-2024-33502.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-33502", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:29.360", + "lastModified": "2025-01-14T14:15:29.360", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPs requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-143", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-335xx/CVE-2024-33503.json b/CVE-2024/CVE-2024-335xx/CVE-2024-33503.json new file mode 100644 index 00000000000..622e2c5d782 --- /dev/null +++ b/CVE-2024/CVE-2024-335xx/CVE-2024-33503.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-33503", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:29.517", + "lastModified": "2025-01-14T14:15:29.517", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specific shell commands" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-127", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-352xx/CVE-2024-35273.json b/CVE-2024/CVE-2024-352xx/CVE-2024-35273.json new file mode 100644 index 00000000000..cfd60b0f6ff --- /dev/null +++ b/CVE-2024/CVE-2024-352xx/CVE-2024-35273.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-35273", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:29.663", + "lastModified": "2025-01-14T14:15:29.663", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-106", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-352xx/CVE-2024-35275.json b/CVE-2024/CVE-2024-352xx/CVE-2024-35275.json new file mode 100644 index 00000000000..b3713f070d5 --- /dev/null +++ b/CVE-2024/CVE-2024-352xx/CVE-2024-35275.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-35275", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:29.817", + "lastModified": "2025-01-14T14:15:29.817", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-091", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-352xx/CVE-2024-35276.json b/CVE-2024/CVE-2024-352xx/CVE-2024-35276.json new file mode 100644 index 00000000000..5a5b7318fdc --- /dev/null +++ b/CVE-2024/CVE-2024-352xx/CVE-2024-35276.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-35276", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:29.973", + "lastModified": "2025-01-14T14:15:29.973", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7 allows attacker to execute unauthorized code or commands via specially crafted packets." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 5.6, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-165", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-352xx/CVE-2024-35277.json b/CVE-2024/CVE-2024-352xx/CVE-2024-35277.json new file mode 100644 index 00000000000..5e0865e6a48 --- /dev/null +++ b/CVE-2024/CVE-2024-352xx/CVE-2024-35277.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-35277", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:30.130", + "lastModified": "2025-01-14T14:15:30.130", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending specifically crafted packets" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-135", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-352xx/CVE-2024-35278.json b/CVE-2024/CVE-2024-352xx/CVE-2024-35278.json new file mode 100644 index 00000000000..7bc0778f1dc --- /dev/null +++ b/CVE-2024/CVE-2024-352xx/CVE-2024-35278.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-35278", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:30.280", + "lastModified": "2025-01-14T14:15:30.280", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker to view the SQL query being run server-side when submitting an HTTP request, via including special elements in said request." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-086", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-358xx/CVE-2024-35811.json b/CVE-2024/CVE-2024-358xx/CVE-2024-35811.json index 2b7b244d4be..8457353696d 100644 --- a/CVE-2024/CVE-2024-358xx/CVE-2024-35811.json +++ b/CVE-2024/CVE-2024-358xx/CVE-2024-35811.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35811", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-17T14:15:15.177", - "lastModified": "2024-11-21T09:20:57.097", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-01-14T14:23:38.660", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,87 +15,265 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: brcmfmac: corregido el error de use after free en brcmf_cfg80211_detach Este es el parche candidato de CVE-2023-47233: https://nvd.nist.gov/vuln/detail /CVE-2023-47233 En el controlador brcm80211, comienza con la siguiente cadena de invocaci\u00f3n para iniciar un trabajador de tiempo de espera: ->brcmf_usb_probe ->brcmf_usb_probe_cb ->brcmf_attach ->brcmf_bus_started ->brcmf_cfg80211_attach ->wl_init_priv ->brcmf_init_escan ->INIT_WORK(&cfg ->escan_timeout_work, brcmf_cfg80211_escan_timeout_worker); Si desconectamos el USB mediante hotplug, llamar\u00e1 a brcmf_usb_disconnect para realizar la limpieza. La cadena de invocaci\u00f3n es: brcmf_usb_disconnect ->brcmf_usb_disconnect_cb ->brcmf_detach ->brcmf_cfg80211_detach ->kfree(cfg); Mientras que el activador de tiempo de espera a\u00fan puede estar ejecut\u00e1ndose. Esto provocar\u00e1 un error de use after free en cfg en brcmf_cfg80211_escan_timeout_worker. Soluci\u00f3nelo eliminando el temporizador y cancelando el trabajador en brcmf_cfg80211_detach. [arend.vanspriel@broadcom.com: mantenga la eliminaci\u00f3n del temporizador tal como est\u00e1 y cancele el trabajo justo antes de liberarlo]" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.7", + "versionEndExcluding": "4.19.312", + "matchCriteriaId": "48A978A1-082D-4FD8-B0A8-15D857F7935B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.274", + "matchCriteriaId": "F45A0F3C-C16D-49C4-86D6-D021C3D4B834" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.215", + "matchCriteriaId": "9CD5894E-58E9-4B4A-B0F4-3E6BC134B8F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.154", + "matchCriteriaId": "577E212E-7E95-4A71-9B5C-F1D1A3AFFF46" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.84", + "matchCriteriaId": "834D9BD5-42A6-4D74-979E-4D6D93F630FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.24", + "matchCriteriaId": "8018C1D0-0A5F-48D0-BC72-A2B33FDDA693" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.7.12", + "matchCriteriaId": "6BE9771A-BAFD-4624-95F9-58D536540C53" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.8", + "versionEndExcluding": "6.8.3", + "matchCriteriaId": "4C59BBC3-6495-4A77-9C82-55EC7CDF5E02" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/0a7591e14a8da794d0b93b5d1c6254ccb23adacb", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0b812f706fd7090be74812101114a0e165b36744", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0f7352557a35ab7888bc7831411ec8a3cbe20d78", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/190794848e2b9d15de92d502b6ac652806904f5a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/202c503935042272e2f9e1bb549d5f69a8681169", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6678a1e7d896c00030b31491690e8ddc9a90767a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8c36205123dc57349b59b4f1a2301eb278cbc731", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8e3f03f4ef7c36091f46e7349096efb5a2cdb3a1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bacb8c3ab86dcd760c15903fcee58169bc3026aa", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0a7591e14a8da794d0b93b5d1c6254ccb23adacb", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0b812f706fd7090be74812101114a0e165b36744", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0f7352557a35ab7888bc7831411ec8a3cbe20d78", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/190794848e2b9d15de92d502b6ac652806904f5a", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/202c503935042272e2f9e1bb549d5f69a8681169", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6678a1e7d896c00030b31491690e8ddc9a90767a", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8c36205123dc57349b59b4f1a2301eb278cbc731", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8e3f03f4ef7c36091f46e7349096efb5a2cdb3a1", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bacb8c3ab86dcd760c15903fcee58169bc3026aa", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-358xx/CVE-2024-35828.json b/CVE-2024/CVE-2024-358xx/CVE-2024-35828.json index 5a9e6711773..42fdc609e8b 100644 --- a/CVE-2024/CVE-2024-358xx/CVE-2024-35828.json +++ b/CVE-2024/CVE-2024-358xx/CVE-2024-35828.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35828", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-17T14:15:18.887", - "lastModified": "2024-11-21T09:20:59.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-14T14:54:31.167", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,87 +15,265 @@ "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: wifi: libertas: arreglados algunas memleaks en lbs_allocate_cmd_buffer() En la declaraci\u00f3n for de lbs_allocate_cmd_buffer(), si fall\u00f3 la asignaci\u00f3n de cmdarray[i].cmdbuf, tanto cmdarray como cmdarray[i] Es necesario liberar ].cmdbuf. De lo contrario, habr\u00e1 fugas de memoria en lbs_allocate_cmd_buffer()." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.6.22", + "versionEndExcluding": "4.19.311", + "matchCriteriaId": "0C11EA91-49A5-48C2-88DC-31A895CF5BA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.273", + "matchCriteriaId": "620FD8B7-BF03-43E0-951A-0A58461D4C55" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.214", + "matchCriteriaId": "65987874-467B-4D3B-91D6-68A129B34FB8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.153", + "matchCriteriaId": "ACB69438-845D-4E3C-B114-3140611F9C0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.83", + "matchCriteriaId": "121A07F6-F505-4C47-86BF-9BB6CC7B6C19" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.23", + "matchCriteriaId": "E00814DC-0BA7-431A-9926-80FEB4A96C68" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.7.11", + "matchCriteriaId": "9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.8", + "versionEndExcluding": "6.8.2", + "matchCriteriaId": "543A75FF-25B8-4046-A514-1EA8EDD87AB1" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/4d99d267da3415db2124029cb5a6d2d955ca43f9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5f0e4aede01cb01fa633171f0533affd25328c3a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8e243ac649c10922a6b4855170eaefe4c5b3faab", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/96481624fb5a6319079fb5059e46dbce43a90186", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bea9573c795acec5614d4ac2dcc7b3b684cea5bf", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d219724d4b0ddb8ec7dfeaed5989f23edabaf591", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/da10f6b7918abd5b4bc5c9cb66f0fc6763ac48f3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e888c4461e109f7b93c3522afcbbaa5a8fdf29d2", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f0dd27314c7afe34794c2aa19dd6f2d30eb23bc7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4d99d267da3415db2124029cb5a6d2d955ca43f9", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5f0e4aede01cb01fa633171f0533affd25328c3a", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8e243ac649c10922a6b4855170eaefe4c5b3faab", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/96481624fb5a6319079fb5059e46dbce43a90186", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bea9573c795acec5614d4ac2dcc7b3b684cea5bf", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d219724d4b0ddb8ec7dfeaed5989f23edabaf591", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/da10f6b7918abd5b4bc5c9cb66f0fc6763ac48f3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e888c4461e109f7b93c3522afcbbaa5a8fdf29d2", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f0dd27314c7afe34794c2aa19dd6f2d30eb23bc7", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-359xx/CVE-2024-35968.json b/CVE-2024/CVE-2024-359xx/CVE-2024-35968.json index 3df8cc093cb..9e028c5ddf1 100644 --- a/CVE-2024/CVE-2024-359xx/CVE-2024-35968.json +++ b/CVE-2024/CVE-2024-359xx/CVE-2024-35968.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35968", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-20T10:15:11.713", - "lastModified": "2024-11-21T09:21:19.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-14T14:41:00.457", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,111 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pds_core: corrige la funci\u00f3n pdsc_check_pci_health para usar el subproceso de trabajo. Cuando el controlador nota fw_status == 0xff, intenta realizar un restablecimiento de PCI sobre s\u00ed mismo a trav\u00e9s de pci_reset_function() en el contexto del subproceso de estado del controlador. . Sin embargo, pdsc_reset_prepare llama a pdsc_stop_health_thread(), que intenta detener/vaciar el hilo de salud. Esto da como resultado un punto muerto porque la parada/vaciado nunca se completar\u00e1 ya que el controlador llam\u00f3 a pci_reset_function() desde el contexto del hilo de salud. Para solucionarlo, cambie pdsc_check_pci_health_function() para poner en cola un pdsc_pci_reset_thread() reci\u00e9n introducido en la cola de trabajo del pdsc. La descarga del controlador en el estado fw_down/dead descubri\u00f3 otro problema, que se puede ver en el siguiente seguimiento: ADVERTENCIA: CPU: 51 PID: 6914 en kernel/workqueue.c:1450 __queue_work+0x358/0x440 [...] RIP: 0010:__queue_work+0x358/0x440 [...] Seguimiento de llamadas: ? __warn+0x85/0x140 ? __queue_work+0x358/0x440? report_bug+0xfc/0x1e0? handle_bug+0x3f/0x70? exc_invalid_op+0x17/0x70? asm_exc_invalid_op+0x1a/0x20? __queue_work+0x358/0x440 queue_work_on+0x28/0x30 pdsc_devcmd_locked+0x96/0xe0 [pds_core] pdsc_devcmd_reset+0x71/0xb0 [pds_core] pdsc_teardown+0x51/0xe0 [pds_core] pdsc_remove+0x106/0x200 [pds_core] pci_device_remove+0x37/0xc0 device_release_driver_internal+0xae /0x140 driver_detach+0x48/0x90 bus_remove_driver+0x6d/0xf0 pci_unregister_driver+0x2e/0xa0 pdsc_cleanup_module+0x10/0x780 [pds_core] __x64_sys_delete_module+0x142/0x2b0 ? syscall_trace_enter.isra.18+0x126/0x1a0 do_syscall_64+0x3b/0x90 Entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7fbd9d03a14b [...] Solucione este problema evitando que devcmd se reinicie si el FW no se est\u00e1 ejecutando." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-667" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.6.16", + "versionEndExcluding": "6.7", + "matchCriteriaId": "CA039DA0-F81C-49F2-8BC2-CBBCF83EE6A4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7.4", + "versionEndExcluding": "6.8.7", + "matchCriteriaId": "DA814412-CD30-4333-AA23-FB18D865BFD6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", + "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", + "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*", + "matchCriteriaId": "52048DDA-FC5A-4363-95A0-A6357B4D7F8C" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/38407914d48273d7f8ab765b9243658afe1c3ab6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/81665adf25d28a00a986533f1d3a5df76b79cad9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/38407914d48273d7f8ab765b9243658afe1c3ab6", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/81665adf25d28a00a986533f1d3a5df76b79cad9", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-365xx/CVE-2024-36504.json b/CVE-2024/CVE-2024-365xx/CVE-2024-36504.json new file mode 100644 index 00000000000..ad3677467fc --- /dev/null +++ b/CVE-2024/CVE-2024-365xx/CVE-2024-36504.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-36504", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:30.433", + "lastModified": "2025-01-14T14:15:30.433", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 all verisons, and 6.4 all versions may allow an authenticated attacker to perform a denial of service on the SSLVPN web portal via a specially crafted URL." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-473", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-365xx/CVE-2024-36506.json b/CVE-2024/CVE-2024-365xx/CVE-2024-36506.json new file mode 100644 index 00000000000..bc3e515e270 --- /dev/null +++ b/CVE-2024/CVE-2024-365xx/CVE-2024-36506.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-36506", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:30.590", + "lastModified": "2025-01-14T14:15:30.590", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 3.7, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-940" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-078", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-365xx/CVE-2024-36510.json b/CVE-2024/CVE-2024-365xx/CVE-2024-36510.json new file mode 100644 index 00000000000..d58b2820810 --- /dev/null +++ b/CVE-2024/CVE-2024-365xx/CVE-2024-36510.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-36510", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:30.737", + "lastModified": "2025-01-14T14:15:30.737", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-204" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-071", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-365xx/CVE-2024-36512.json b/CVE-2024/CVE-2024-365xx/CVE-2024-36512.json new file mode 100644 index 00000000000..22ca49c0fd2 --- /dev/null +++ b/CVE-2024/CVE-2024-365xx/CVE-2024-36512.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-36512", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:30.880", + "lastModified": "2025-01-14T14:15:30.880", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer 7.4.0 through 7.4.3 and 7.2.0 through 7.2.5 and 7.0.2 through 7.0.12 and 6.2.10 through 6.2.13 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-152", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-405xx/CVE-2024-40587.json b/CVE-2024/CVE-2024-405xx/CVE-2024-40587.json new file mode 100644 index 00000000000..603026f3213 --- /dev/null +++ b/CVE-2024/CVE-2024-405xx/CVE-2024-40587.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-40587", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:31.027", + "lastModified": "2025-01-14T14:15:31.027", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiVoice version 7.0.0 through 7.0.4 and before 6.4.9 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-304", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-453xx/CVE-2024-45326.json b/CVE-2024/CVE-2024-453xx/CVE-2024-45326.json new file mode 100644 index 00000000000..b0aaa47f483 --- /dev/null +++ b/CVE-2024/CVE-2024-453xx/CVE-2024-45326.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45326", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:31.183", + "lastModified": "2025-01-14T14:15:31.183", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An\u00a0Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-285", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-466xx/CVE-2024-46664.json b/CVE-2024/CVE-2024-466xx/CVE-2024-46664.json new file mode 100644 index 00000000000..90182fc2b52 --- /dev/null +++ b/CVE-2024/CVE-2024-466xx/CVE-2024-46664.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-46664", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:31.330", + "lastModified": "2025-01-14T14:15:31.330", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A relative path traversal in Fortinet FortiRecorder [CWE-23] version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to read files from the underlying filesystem via crafted HTTP or HTTPs requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-23" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-310", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-466xx/CVE-2024-46665.json b/CVE-2024/CVE-2024-466xx/CVE-2024-46665.json new file mode 100644 index 00000000000..856cee7a97e --- /dev/null +++ b/CVE-2024/CVE-2024-466xx/CVE-2024-46665.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-46665", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:31.490", + "lastModified": "2025-01-14T14:15:31.490", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 3.7, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-201" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-326", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-466xx/CVE-2024-46666.json b/CVE-2024/CVE-2024-466xx/CVE-2024-46666.json new file mode 100644 index 00000000000..38cf65a4d8a --- /dev/null +++ b/CVE-2024/CVE-2024-466xx/CVE-2024-46666.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-46666", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:31.647", + "lastModified": "2025-01-14T14:15:31.647", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An allocation of resources without limits or throttling [CWE-770] vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow a remote unauthenticated attacker to prevent access to the GUI via specially crafted requests directed at specific endpoints." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-250", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-466xx/CVE-2024-46667.json b/CVE-2024/CVE-2024-466xx/CVE-2024-46667.json new file mode 100644 index 00000000000..2fdea65b95e --- /dev/null +++ b/CVE-2024/CVE-2024-466xx/CVE-2024-46667.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-46667", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:31.797", + "lastModified": "2025-01-14T14:15:31.797", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-164", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-466xx/CVE-2024-46668.json b/CVE-2024/CVE-2024-466xx/CVE-2024-46668.json new file mode 100644 index 00000000000..f6c8b27db3d --- /dev/null +++ b/CVE-2024/CVE-2024-466xx/CVE-2024-46668.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-46668", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:31.950", + "lastModified": "2025-01-14T14:15:31.950", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenticated remote user to consume all system memory via multiple large file uploads." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-219", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-466xx/CVE-2024-46669.json b/CVE-2024/CVE-2024-466xx/CVE-2024-46669.json new file mode 100644 index 00000000000..23a09c6fb32 --- /dev/null +++ b/CVE-2024/CVE-2024-466xx/CVE-2024-46669.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-46669", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:32.100", + "lastModified": "2025-01-14T14:15:32.100", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An\u00a0Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-267", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-466xx/CVE-2024-46670.json b/CVE-2024/CVE-2024-466xx/CVE-2024-46670.json new file mode 100644 index 00000000000..bfa61ea2548 --- /dev/null +++ b/CVE-2024/CVE-2024-466xx/CVE-2024-46670.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-46670", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:32.243", + "lastModified": "2025-01-14T14:15:32.243", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An\u00a0Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an unauthenticated remote attacker to trigger memory consumption leading to Denial of Service via crafted requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-266", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-475xx/CVE-2024-47566.json b/CVE-2024/CVE-2024-475xx/CVE-2024-47566.json new file mode 100644 index 00000000000..eb5dbb28054 --- /dev/null +++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47566.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-47566", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:32.400", + "lastModified": "2025-01-14T14:15:32.400", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A improper limitation of a pathname to a restricted directory ('path traversal') [CWE-23] in Fortinet FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-401", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-475xx/CVE-2024-47571.json b/CVE-2024/CVE-2024-475xx/CVE-2024-47571.json new file mode 100644 index 00000000000..a7b2f80fcd2 --- /dev/null +++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47571.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-47571", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:32.560", + "lastModified": "2025-01-14T14:15:32.560", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7.4.0 allows an attacker to gain improper access to FortiGate via valid credentials." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-672" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-239", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-475xx/CVE-2024-47572.json b/CVE-2024/CVE-2024-475xx/CVE-2024-47572.json new file mode 100644 index 00000000000..81e0c8e92e4 --- /dev/null +++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47572.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-47572", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:32.717", + "lastModified": "2025-01-14T14:15:32.717", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "baseScore": 9.0, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1236" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-210", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-488xx/CVE-2024-48884.json b/CVE-2024/CVE-2024-488xx/CVE-2024-48884.json new file mode 100644 index 00000000000..9949bf63ade --- /dev/null +++ b/CVE-2024/CVE-2024-488xx/CVE-2024-48884.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-48884", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:32.873", + "lastModified": "2025-01-14T14:15:32.873", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiVoice versions 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.0 through 6.0.12, FortiWeb 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3 allows attacker to trigger an escalation of privilege via specially crafted packets." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-259", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-488xx/CVE-2024-48886.json b/CVE-2024/CVE-2024-488xx/CVE-2024-48886.json new file mode 100644 index 00000000000..67a790fca41 --- /dev/null +++ b/CVE-2024/CVE-2024-488xx/CVE-2024-48886.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-48886", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:33.027", + "lastModified": "2025-01-14T14:15:33.027", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.0, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1390" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-221", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-488xx/CVE-2024-48890.json b/CVE-2024/CVE-2024-488xx/CVE-2024-48890.json new file mode 100644 index 00000000000..c8c2122e1cc --- /dev/null +++ b/CVE-2024/CVE-2024-488xx/CVE-2024-48890.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-48890", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:33.187", + "lastModified": "2025-01-14T14:15:33.187", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR IMAP connector version 3.5.7 and below may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted playbook" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-415", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-488xx/CVE-2024-48893.json b/CVE-2024/CVE-2024-488xx/CVE-2024-48893.json new file mode 100644 index 00000000000..2437500778e --- /dev/null +++ b/CVE-2024/CVE-2024-488xx/CVE-2024-48893.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-48893", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:33.333", + "lastModified": "2025-01-14T14:15:33.333", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via the creation of malicious playbook." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-405", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50312.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50312.json index f5088f15567..c45ce905f3e 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50312.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50312.json @@ -2,7 +2,7 @@ "id": "CVE-2024-50312", "sourceIdentifier": "secalert@redhat.com", "published": "2024-10-22T14:15:19.973", - "lastModified": "2025-01-09T07:15:26.893", + "lastModified": "2025-01-14T13:15:19.733", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", @@ -59,7 +59,7 @@ }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", @@ -119,6 +119,10 @@ } ], "references": [ + { + "url": "https://access.redhat.com/errata/RHSA-2025:0115", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-50312", "source": "secalert@redhat.com", diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50564.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50564.json new file mode 100644 index 00000000000..0950c905199 --- /dev/null +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50564.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-50564", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:33.490", + "lastModified": "2025-01-14T14:15:33.490", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-321" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-216", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50566.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50566.json new file mode 100644 index 00000000000..a8c8b5689ed --- /dev/null +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50566.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-50566", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:33.650", + "lastModified": "2025-01-14T14:15:33.650", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager versions 7.6.0 through 7.6.1, versions 7.4.5 through 7.4.0, and versions 7.2.1 through 7.2.8, FortiManager Cloud versions 7.6.0 through 7.6.1, versions 7.4.0 through 7.4.4, and versions 7.2.2 through 7.2.7 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-463", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-529xx/CVE-2024-52963.json b/CVE-2024/CVE-2024-529xx/CVE-2024-52963.json new file mode 100644 index 00000000000..81b96baf7f4 --- /dev/null +++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52963.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-52963", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:33.807", + "lastModified": "2025-01-14T14:15:33.807", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 3.7, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-373", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-529xx/CVE-2024-52967.json b/CVE-2024/CVE-2024-529xx/CVE-2024-52967.json new file mode 100644 index 00000000000..695d1954291 --- /dev/null +++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52967.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-52967", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:33.967", + "lastModified": "2025-01-14T14:15:33.967", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-80" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-211", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-529xx/CVE-2024-52969.json b/CVE-2024/CVE-2024-529xx/CVE-2024-52969.json new file mode 100644 index 00000000000..fc854a79ef0 --- /dev/null +++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52969.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-52969", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:34.123", + "lastModified": "2025-01-14T14:15:34.123", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.5.3 and below, version 6.4.4 and below Update/Create Case feature may allow an authenticated attacker to extract database information via crafted requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-417", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-540xx/CVE-2024-54021.json b/CVE-2024/CVE-2024-540xx/CVE-2024-54021.json new file mode 100644 index 00000000000..8b6b2ffc49d --- /dev/null +++ b/CVE-2024/CVE-2024-540xx/CVE-2024-54021.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54021", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:34.287", + "lastModified": "2025-01-14T14:15:34.287", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 allows attacker to execute unauthorized code or commands via crafted HTTP header." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-113" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-282", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-555xx/CVE-2024-55591.json b/CVE-2024/CVE-2024-555xx/CVE-2024-55591.json new file mode 100644 index 00000000000..4eeea7b40e2 --- /dev/null +++ b/CVE-2024/CVE-2024-555xx/CVE-2024-55591.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55591", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:34.450", + "lastModified": "2025-01-14T14:15:34.450", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An\u00a0Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to\u00a0Node.js websocket module." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-288" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-535", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-555xx/CVE-2024-55593.json b/CVE-2024/CVE-2024-555xx/CVE-2024-55593.json new file mode 100644 index 00000000000..1218778848b --- /dev/null +++ b/CVE-2024/CVE-2024-555xx/CVE-2024-55593.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55593", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:34.610", + "lastModified": "2025-01-14T14:15:34.610", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 2.7, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-465", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-564xx/CVE-2024-56497.json b/CVE-2024/CVE-2024-564xx/CVE-2024-56497.json new file mode 100644 index 00000000000..8befd3c7b19 --- /dev/null +++ b/CVE-2024/CVE-2024-564xx/CVE-2024-56497.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56497", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-14T14:15:34.760", + "lastModified": "2025-01-14T14:15:34.760", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows attacker to execute unauthorized code or commands via the CLI." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-170", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-73xx/CVE-2024-7344.json b/CVE-2024/CVE-2024-73xx/CVE-2024-7344.json new file mode 100644 index 00000000000..1abe82435a7 --- /dev/null +++ b/CVE-2024/CVE-2024-73xx/CVE-2024-7344.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-7344", + "sourceIdentifier": "cret@cert.org", + "published": "2025-01-14T14:15:34.930", + "lastModified": "2025-01-14T14:15:34.930", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Howyar UEFI Application \"Reloader\" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://uefi.org/revocationlistfile", + "source": "cret@cert.org" + }, + { + "url": "https://uefi.org/specs/UEFI/2.10/03_Boot_Manager.html", + "source": "cret@cert.org" + }, + { + "url": "https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html", + "source": "cret@cert.org" + }, + { + "url": "https://www.eset.com/blog/enterprise/preparing-for-uefi-bootkits-eset-discovery-shows-the-importance-of-cyber-intelligence/", + "source": "cret@cert.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 71c3c857436..3bcee6318ad 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-01-14T13:00:28.856460+00:00 +2025-01-14T15:00:40.394190+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-01-14T11:15:17.020000+00:00 +2025-01-14T14:58:40.580000+00:00 ``` ### Last Data Feed Release @@ -33,39 +33,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -277015 +277066 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `51` -- [CVE-2024-12240](CVE-2024/CVE-2024-122xx/CVE-2024-12240.json) (`2025-01-14T11:15:15.137`) -- [CVE-2024-45385](CVE-2024/CVE-2024-453xx/CVE-2024-45385.json) (`2025-01-14T11:15:15.750`) -- [CVE-2024-47100](CVE-2024/CVE-2024-471xx/CVE-2024-47100.json) (`2025-01-14T11:15:16.573`) -- [CVE-2024-53649](CVE-2024/CVE-2024-536xx/CVE-2024-53649.json) (`2025-01-14T11:15:16.820`) -- [CVE-2024-56841](CVE-2024/CVE-2024-568xx/CVE-2024-56841.json) (`2025-01-14T11:15:17.020`) +- [CVE-2024-45326](CVE-2024/CVE-2024-453xx/CVE-2024-45326.json) (`2025-01-14T14:15:31.183`) +- [CVE-2024-46664](CVE-2024/CVE-2024-466xx/CVE-2024-46664.json) (`2025-01-14T14:15:31.330`) +- [CVE-2024-46665](CVE-2024/CVE-2024-466xx/CVE-2024-46665.json) (`2025-01-14T14:15:31.490`) +- [CVE-2024-46666](CVE-2024/CVE-2024-466xx/CVE-2024-46666.json) (`2025-01-14T14:15:31.647`) +- [CVE-2024-46667](CVE-2024/CVE-2024-466xx/CVE-2024-46667.json) (`2025-01-14T14:15:31.797`) +- [CVE-2024-46668](CVE-2024/CVE-2024-466xx/CVE-2024-46668.json) (`2025-01-14T14:15:31.950`) +- [CVE-2024-46669](CVE-2024/CVE-2024-466xx/CVE-2024-46669.json) (`2025-01-14T14:15:32.100`) +- [CVE-2024-46670](CVE-2024/CVE-2024-466xx/CVE-2024-46670.json) (`2025-01-14T14:15:32.243`) +- [CVE-2024-47566](CVE-2024/CVE-2024-475xx/CVE-2024-47566.json) (`2025-01-14T14:15:32.400`) +- [CVE-2024-47571](CVE-2024/CVE-2024-475xx/CVE-2024-47571.json) (`2025-01-14T14:15:32.560`) +- [CVE-2024-47572](CVE-2024/CVE-2024-475xx/CVE-2024-47572.json) (`2025-01-14T14:15:32.717`) +- [CVE-2024-48884](CVE-2024/CVE-2024-488xx/CVE-2024-48884.json) (`2025-01-14T14:15:32.873`) +- [CVE-2024-48886](CVE-2024/CVE-2024-488xx/CVE-2024-48886.json) (`2025-01-14T14:15:33.027`) +- [CVE-2024-48890](CVE-2024/CVE-2024-488xx/CVE-2024-48890.json) (`2025-01-14T14:15:33.187`) +- [CVE-2024-48893](CVE-2024/CVE-2024-488xx/CVE-2024-48893.json) (`2025-01-14T14:15:33.333`) +- [CVE-2024-50564](CVE-2024/CVE-2024-505xx/CVE-2024-50564.json) (`2025-01-14T14:15:33.490`) +- [CVE-2024-50566](CVE-2024/CVE-2024-505xx/CVE-2024-50566.json) (`2025-01-14T14:15:33.650`) +- [CVE-2024-52963](CVE-2024/CVE-2024-529xx/CVE-2024-52963.json) (`2025-01-14T14:15:33.807`) +- [CVE-2024-52967](CVE-2024/CVE-2024-529xx/CVE-2024-52967.json) (`2025-01-14T14:15:33.967`) +- [CVE-2024-52969](CVE-2024/CVE-2024-529xx/CVE-2024-52969.json) (`2025-01-14T14:15:34.123`) +- [CVE-2024-54021](CVE-2024/CVE-2024-540xx/CVE-2024-54021.json) (`2025-01-14T14:15:34.287`) +- [CVE-2024-55591](CVE-2024/CVE-2024-555xx/CVE-2024-55591.json) (`2025-01-14T14:15:34.450`) +- [CVE-2024-55593](CVE-2024/CVE-2024-555xx/CVE-2024-55593.json) (`2025-01-14T14:15:34.610`) +- [CVE-2024-56497](CVE-2024/CVE-2024-564xx/CVE-2024-56497.json) (`2025-01-14T14:15:34.760`) +- [CVE-2024-7344](CVE-2024/CVE-2024-73xx/CVE-2024-7344.json) (`2025-01-14T14:15:34.930`) ### CVEs modified in the last Commit -Recently modified CVEs: `15` +Recently modified CVEs: `29` -- [CVE-2022-34821](CVE-2022/CVE-2022-348xx/CVE-2022-34821.json) (`2025-01-14T11:15:10.343`) -- [CVE-2022-46140](CVE-2022/CVE-2022-461xx/CVE-2022-46140.json) (`2025-01-14T11:15:10.960`) -- [CVE-2022-46142](CVE-2022/CVE-2022-461xx/CVE-2022-46142.json) (`2025-01-14T11:15:11.407`) -- [CVE-2022-46143](CVE-2022/CVE-2022-461xx/CVE-2022-46143.json) (`2025-01-14T11:15:11.840`) -- [CVE-2022-46144](CVE-2022/CVE-2022-461xx/CVE-2022-46144.json) (`2025-01-14T11:15:12.270`) -- [CVE-2023-32736](CVE-2023/CVE-2023-327xx/CVE-2023-32736.json) (`2025-01-14T11:15:12.847`) -- [CVE-2023-44317](CVE-2023/CVE-2023-443xx/CVE-2023-44317.json) (`2025-01-14T11:15:13.027`) -- [CVE-2023-44318](CVE-2023/CVE-2023-443xx/CVE-2023-44318.json) (`2025-01-14T11:15:13.360`) -- [CVE-2023-44319](CVE-2023/CVE-2023-443xx/CVE-2023-44319.json) (`2025-01-14T11:15:13.777`) -- [CVE-2023-44374](CVE-2023/CVE-2023-443xx/CVE-2023-44374.json) (`2025-01-14T11:15:14.157`) -- [CVE-2023-49069](CVE-2023/CVE-2023-490xx/CVE-2023-49069.json) (`2025-01-14T11:15:14.827`) -- [CVE-2023-50821](CVE-2023/CVE-2023-508xx/CVE-2023-50821.json) (`2025-01-14T11:15:14.980`) -- [CVE-2024-33698](CVE-2024/CVE-2024-336xx/CVE-2024-33698.json) (`2025-01-14T11:15:15.373`) -- [CVE-2024-35783](CVE-2024/CVE-2024-357xx/CVE-2024-35783.json) (`2025-01-14T11:15:15.557`) -- [CVE-2025-20620](CVE-2025/CVE-2025-206xx/CVE-2025-20620.json) (`2025-01-14T10:15:07.860`) +- [CVE-2021-47218](CVE-2021/CVE-2021-472xx/CVE-2021-47218.json) (`2025-01-14T14:44:55.610`) +- [CVE-2022-48648](CVE-2022/CVE-2022-486xx/CVE-2022-48648.json) (`2025-01-14T14:52:07.293`) +- [CVE-2022-48663](CVE-2022/CVE-2022-486xx/CVE-2022-48663.json) (`2025-01-14T14:53:12.910`) +- [CVE-2023-52643](CVE-2023/CVE-2023-526xx/CVE-2023-52643.json) (`2025-01-14T14:58:40.580`) +- [CVE-2023-52662](CVE-2023/CVE-2023-526xx/CVE-2023-52662.json) (`2025-01-14T14:55:24.477`) +- [CVE-2024-12147](CVE-2024/CVE-2024-121xx/CVE-2024-12147.json) (`2025-01-14T14:15:28.163`) +- [CVE-2024-12988](CVE-2024/CVE-2024-129xx/CVE-2024-12988.json) (`2025-01-14T14:15:28.347`) +- [CVE-2024-13131](CVE-2024/CVE-2024-131xx/CVE-2024-13131.json) (`2025-01-14T14:15:28.490`) +- [CVE-2024-26829](CVE-2024/CVE-2024-268xx/CVE-2024-26829.json) (`2025-01-14T14:58:05.850`) +- [CVE-2024-26839](CVE-2024/CVE-2024-268xx/CVE-2024-26839.json) (`2025-01-14T14:56:47.140`) +- [CVE-2024-26868](CVE-2024/CVE-2024-268xx/CVE-2024-26868.json) (`2025-01-14T14:45:52.020`) +- [CVE-2024-26871](CVE-2024/CVE-2024-268xx/CVE-2024-26871.json) (`2025-01-14T14:46:37.293`) +- [CVE-2024-26878](CVE-2024/CVE-2024-268xx/CVE-2024-26878.json) (`2025-01-14T14:49:44.283`) +- [CVE-2024-26892](CVE-2024/CVE-2024-268xx/CVE-2024-26892.json) (`2025-01-14T14:34:50.407`) +- [CVE-2024-26895](CVE-2024/CVE-2024-268xx/CVE-2024-26895.json) (`2025-01-14T14:33:40.417`) +- [CVE-2024-26941](CVE-2024/CVE-2024-269xx/CVE-2024-26941.json) (`2025-01-14T14:37:37.710`) +- [CVE-2024-26944](CVE-2024/CVE-2024-269xx/CVE-2024-26944.json) (`2025-01-14T14:29:21.517`) +- [CVE-2024-27059](CVE-2024/CVE-2024-270xx/CVE-2024-27059.json) (`2025-01-14T14:36:42.747`) +- [CVE-2024-27388](CVE-2024/CVE-2024-273xx/CVE-2024-27388.json) (`2025-01-14T14:56:08.617`) +- [CVE-2024-27395](CVE-2024/CVE-2024-273xx/CVE-2024-27395.json) (`2025-01-14T14:27:22.167`) +- [CVE-2024-27396](CVE-2024/CVE-2024-273xx/CVE-2024-27396.json) (`2025-01-14T14:26:09.117`) +- [CVE-2024-35811](CVE-2024/CVE-2024-358xx/CVE-2024-35811.json) (`2025-01-14T14:23:38.660`) +- [CVE-2024-35828](CVE-2024/CVE-2024-358xx/CVE-2024-35828.json) (`2025-01-14T14:54:31.167`) +- [CVE-2024-35968](CVE-2024/CVE-2024-359xx/CVE-2024-35968.json) (`2025-01-14T14:41:00.457`) +- [CVE-2024-50312](CVE-2024/CVE-2024-503xx/CVE-2024-50312.json) (`2025-01-14T13:15:19.733`) ## Download and Usage diff --git a/_state.csv b/_state.csv index c45ed562156..c1391f0e254 100644 --- a/_state.csv +++ b/_state.csv @@ -187394,23 +187394,23 @@ CVE-2021-47198,0,0,b993f750c37c4c38f432a1fa687c613c700df27bc966490e10b5bbb5b658e CVE-2021-47199,0,0,156f51d5a11adb42866210cbf1fd4c5bab73e4e3a6e1ce374d8f5e2ced68ce10,2024-11-21T06:35:36.887000 CVE-2021-47200,0,0,f7d0a9f6d9d00fe034547827f9d38362c4dd747ef6c9609a6880de97be1ec3ee,2025-01-07T17:12:06.773000 CVE-2021-47201,0,0,95dca28d1aec2043b14c4b3d34caf8b5c6cf58f315fe66aad9fdae98e9727b41,2024-11-21T06:35:37.100000 -CVE-2021-47202,0,0,a628118a2bcd86097b64a32a6575f766823194503c974f84f61048c0ba9fd763,2024-11-21T06:35:37.220000 +CVE-2021-47202,0,1,f71fdf699570077845ea4020f7dda9b1b42ec5830520d11735bde0982f5ac699,2025-01-14T14:42:43.193000 CVE-2021-47203,0,0,9564d820cb2d93da0a0ae7eda2757d5eef2fa0adaa3776421915d06aab3e590c,2024-11-21T06:35:37.340000 -CVE-2021-47204,0,0,0807d36e06039a60390844a27b9c29f575861e7c311ab45fd65648923120e6f2,2024-11-21T06:35:37.460000 +CVE-2021-47204,0,1,d855ea7a1c34fec98e08b6ec6fc4b87aa056a23800ca368fb608f86f4465fa84,2025-01-14T14:35:39.270000 CVE-2021-47205,0,0,18551c172472e25239345747128ada0ccd7cc6fe471b57ef495541cf1516fa26,2024-11-21T06:35:37.577000 CVE-2021-47206,0,0,6c20cc18955b069ca564695979ba4d69e50258ddcc033c348c73d4096f845cb1,2025-01-07T17:12:26.390000 CVE-2021-47207,0,0,be89cb642a87a43cfb086c29deaea9f168d7b93104889775861d4b914bc2974c,2025-01-13T20:42:37.580000 CVE-2021-47208,0,0,0aedc6593001cbe298d9e706064e1d980e47bb2fd7444fd7cad250e7521e5eb1,2024-11-21T06:35:37.923000 CVE-2021-47209,0,0,1536c1bef2c14e12d373ca6bd92154342840694d5f784ecde3999106c390f9bf,2024-11-21T06:35:38.130000 CVE-2021-47210,0,0,6f92e3d2c3c1a5d96775ad98a3288fba55e822f3f6095cf6048826173f313db7,2024-11-21T06:35:38.243000 -CVE-2021-47211,0,0,6ea5f31caae1bffb13cb2d37ba316c5a03313283cbc143d4800a6d800012733c,2024-11-21T06:35:38.357000 +CVE-2021-47211,0,1,c3bfb66ece2fcfaecd7a9c09b11fb23218079e6a89ad9ae3b4e7290a749fa7ef,2025-01-14T14:43:27.637000 CVE-2021-47212,0,0,6a45e3dd8ea67cd6bd96a1783c03eb0d0cb9dd577cd77e8c7f9bbd0ae288de98,2024-11-21T06:35:38.460000 CVE-2021-47213,0,0,245ac7a9225a365f5c662ae6caf0adb8cd59aebebb5b4d7c789ce306b6d785a3,2024-04-15T09:15:07.570000 CVE-2021-47214,0,0,0f59d9eb8ddd0de137bac6f9a3bbd8e6a9a2c091edb7603b11c134ce165d7562,2024-11-21T06:35:38.583000 CVE-2021-47215,0,0,cfdefaf9b029543f16aac32420ba933dec7095dbd6f0caf21f6b7dae971c2b10,2024-11-21T06:35:38.693000 CVE-2021-47216,0,0,b9923a9bb40b309501da4df280ea3daae9d799fc68ae86aeac9aec8067d1b429,2024-11-21T06:35:38.797000 -CVE-2021-47217,0,0,f2f51612c5c4199b3003b6404cd8aa4b5fc9389d777ab07990f7d3521c76078e,2024-11-21T06:35:38.900000 -CVE-2021-47218,0,0,3167a34266a6ccff18d8f25759753920f30125c8f5cff71d229fe1cbb33166a0,2024-11-21T06:35:39.020000 +CVE-2021-47217,0,1,0a489705239b1608b1dac0f9ef137450310d629ac310e04d5fbc0878960cf64a,2025-01-14T14:44:11.917000 +CVE-2021-47218,0,1,cdeb5c7e6dbdcca4a12e7f3fd8c0c1023ff2d2f036ea1b66236860ff4b09a050,2025-01-14T14:44:55.610000 CVE-2021-47219,0,0,9ad9b10f09fd1a84fa498833738613ddb8e64487ca1b0852da8e62176003f093,2024-11-21T06:35:39.137000 CVE-2021-47220,0,0,3b5282a5a78ae38dd9afefd942320359b1e71d1f67c1eff9fa622a893f6cd809,2024-10-03T15:15:13.703000 CVE-2021-47221,0,0,7afbe582defa95f34b58ec3b4d10fc6db91ded7409ab2f1fde46bee521aabd80,2024-11-21T06:35:39.267000 @@ -202308,7 +202308,7 @@ CVE-2022-34818,0,0,29b737f11fe2ef548f4d8bb6e1f4c3f1804d2c189bb853999218e4fb1a0fd CVE-2022-34819,0,0,17d7be023baae61b6368de74b91df36310924fd4b6d4e5cda1f642e9ec8011a2,2024-11-21T07:10:14.917000 CVE-2022-3482,0,0,f2b0e728823ab0983ae46ccc0f2f5c417ca6187da187a90bfacb9d5d82019491,2024-11-21T07:19:37.557000 CVE-2022-34820,0,0,b0cd8903a339d60c797766f8c0184643570737952e552ea0a0797aedc101427c,2024-11-21T07:10:15.080000 -CVE-2022-34821,0,1,fe3a2b0f5e4838a0accb793a3670e349a143072904f9e01c78e75cc2206e992b,2025-01-14T11:15:10.343000 +CVE-2022-34821,0,0,fe3a2b0f5e4838a0accb793a3670e349a143072904f9e01c78e75cc2206e992b,2025-01-14T11:15:10.343000 CVE-2022-34822,0,0,18dcffcd54884b0cb08bb90eabd875e0b96d24c3c554a5f12a43ff763ce481b1,2024-11-21T07:10:15.440000 CVE-2022-34823,0,0,0545f066d01d26a1466efb9beaefaca6ce66688ceee33b2dc28e911bf755e164,2024-11-21T07:10:15.557000 CVE-2022-34824,0,0,c288a5af99db4cb7304e20be603441acb2c1d900db701a2adc6a5d8370bfed79,2024-11-21T07:10:15.670000 @@ -210886,11 +210886,11 @@ CVE-2022-46135,0,0,634d8b6cd7aae9fdad643b2b7a4ac731289a6a884c872b0de36e1ec61ae82 CVE-2022-46137,0,0,993a065d055cf1614cc31334b5a427321f80c170ac781a17bfdbe28686d480f8,2024-11-21T07:30:10.233000 CVE-2022-46139,0,0,552021b6918488adaa9adf9e5a0a1baec5f48ba7e97eb40943403bea150949b0,2024-11-21T07:30:10.370000 CVE-2022-4614,0,0,aa347227c1cb2a8317d94d41d3f7c69ad55279871720d36a489acf11ebc70546,2024-11-21T07:35:36.133000 -CVE-2022-46140,0,1,64266eb5cda70ded3d57f1b8ff53ce886eabc84c878b83f5ac89ccad855d7ca3,2025-01-14T11:15:10.960000 +CVE-2022-46140,0,0,64266eb5cda70ded3d57f1b8ff53ce886eabc84c878b83f5ac89ccad855d7ca3,2025-01-14T11:15:10.960000 CVE-2022-46141,0,0,0de5aa29c707908ab4db17d2412ae0953f4f660138caa36cbd0a2d5ff259c142,2024-11-21T07:30:10.817000 -CVE-2022-46142,0,1,725b244903e0f0acaedecb4dcc254fe948f7e5f59caf63934d6b8f871525356d,2025-01-14T11:15:11.407000 -CVE-2022-46143,0,1,0409a2ae2e4005ff038c0191aab04a08b5952e7318fadc9ec3f59c55ee3726d1,2025-01-14T11:15:11.840000 -CVE-2022-46144,0,1,e691377a4171fcf7d9b216729355bb25f0549d9822630479dec9174b622b0d39,2025-01-14T11:15:12.270000 +CVE-2022-46142,0,0,725b244903e0f0acaedecb4dcc254fe948f7e5f59caf63934d6b8f871525356d,2025-01-14T11:15:11.407000 +CVE-2022-46143,0,0,0409a2ae2e4005ff038c0191aab04a08b5952e7318fadc9ec3f59c55ee3726d1,2025-01-14T11:15:11.840000 +CVE-2022-46144,0,0,e691377a4171fcf7d9b216729355bb25f0549d9822630479dec9174b622b0d39,2025-01-14T11:15:12.270000 CVE-2022-46145,0,0,e66f37d6cf48aaa50ea00b2c5ff6f59eb97d61ad3a5e98cf903ef9002f453ad3,2024-11-21T07:30:11.823000 CVE-2022-46146,0,0,fe094c95381ce5568620d743cd91c3e41fd585224cf22d52591a9b33c032d2ca,2024-11-21T07:30:11.987000 CVE-2022-46147,0,0,60d1153f2ef8f0f43a39d30a99036e71585da44cb9f4a1e2c8be6ba6d2344bd2,2024-11-21T07:30:12.140000 @@ -212622,7 +212622,7 @@ CVE-2022-48644,0,0,c5039b46b0d136554ba427d83c4470091587ebeb56eef158e382b1a908e7e CVE-2022-48645,0,0,4d8ec773eaf2c6a6981744ed20ef9fe75b117903e4fb588c647780c2e96ceca6,2024-11-21T07:33:40.933000 CVE-2022-48646,0,0,9e9b16cae9443a1a8f7fd4df9deccab6cb495e92598824862ef68bc74e753d97,2024-11-21T07:33:41.050000 CVE-2022-48647,0,0,9356088bad86dcb5c020a4acaf97bba79e700c947a479268e7d0dfcd6db83a36,2024-11-21T07:33:41.237000 -CVE-2022-48648,0,0,b65c26b4ac587cd7ee774a5fbc7f49a94e99c23f5acf39ca7fe598f3d340dbbc,2024-11-21T07:33:41.353000 +CVE-2022-48648,0,1,9a846fbdbad309d97836e69fabd5197db1c3b2910cc6f57468045df41e3f2876,2025-01-14T14:52:07.293000 CVE-2022-48649,0,0,2ab33e79ca9b4194d6d75677c978f0f9883b10a83b196d871b3a9d72b7c8b216,2025-01-10T17:49:53.747000 CVE-2022-4865,0,0,18e0a04c007aee1df9befeaf56e83e037df0050950a376d12b247ab05acba711,2024-11-21T07:36:05.920000 CVE-2022-48650,0,0,a5821d878ab1650afccfbad666d927d4460eab14be7fd7264a6423acfdea9623,2024-11-21T07:33:41.570000 @@ -212639,7 +212639,7 @@ CVE-2022-4866,0,0,2b3d553bfd2711b634dfd0462efa70df9a6f87dff1bfc24057de57bec293ff CVE-2022-48660,0,0,518169dbb207acc37c182be641bad0d71ffbed2f84a7b4770e750e28cb281550,2024-11-21T07:33:43.200000 CVE-2022-48661,0,0,94c13e365643a5d9040a31d1e4eea8f613f702a030a6610cd26fd8caacb1f27b,2024-11-21T07:33:43.400000 CVE-2022-48662,0,0,75edba33f99be87a3ec236061e56838d7aed46dc4f6625d858676ad5d26dd960,2024-11-21T07:33:43.523000 -CVE-2022-48663,0,0,e53b981ec37d7376bc26fc7d733efe19b1f0ba36fa84fc360c931102095cc02e,2024-11-21T07:33:43.727000 +CVE-2022-48663,0,1,8f56fbd2f2681c688d4bb0648692f2f15f38837513977faebd870611b3e66851,2025-01-14T14:53:12.910000 CVE-2022-48664,0,0,0296ec528f99a30bc8a1409f955b52981ac595ef8b55d8a9605d9b7a23656df6,2024-11-21T07:33:43.840000 CVE-2022-48665,0,0,4cdb6b337ea1021d4626bec78d7a4fa0316ede88a6a1eb36b9a3e96f2bef5059,2024-11-21T07:33:43.953000 CVE-2022-48666,0,0,6bfc4573b076329d425640124c941dd47658b95e569165673a4d60c3e8e0c73a,2024-11-21T07:33:44.053000 @@ -225463,7 +225463,7 @@ CVE-2023-32731,0,0,3f73c3ab16945717efd6fc795e32d5368f02993df998102cdf4602e18e028 CVE-2023-32732,0,0,411c0ac6618c11623d9bd8f003400076844ed6354e96b4ee168e3a7db6728c5b,2024-11-21T08:03:55.950000 CVE-2023-32734,0,0,9ceb39fb535d2d99423200ac730088f88075177cb622ae47c79425d04303f49d,2024-11-21T08:03:56.110000 CVE-2023-32735,0,0,16230de63062d69122972d13aa27dd354039cb527e96535d9d06058cfbe0f622,2024-11-21T08:03:56.237000 -CVE-2023-32736,0,1,904d413938e50f5e4b49a8b45d153cd0fd042a4ade21542e79a83749769af34a,2025-01-14T11:15:12.847000 +CVE-2023-32736,0,0,904d413938e50f5e4b49a8b45d153cd0fd042a4ade21542e79a83749769af34a,2025-01-14T11:15:12.847000 CVE-2023-32737,0,0,b249d785a5896d54d320f3a26bbdc7f65c471427f6dc9e09dde05905137058f2,2024-11-21T08:03:56.490000 CVE-2023-32738,0,0,82c581fa0c3c3273726a6402cfcde575390d6c73c1cd34da9c0b73c1020ccfdf,2024-11-21T08:03:56.613000 CVE-2023-32739,0,0,9874756eef1d5bdf68d6d936207ad994f5a7be287b03095be4396ff748fdaee4,2024-11-21T08:03:56.747000 @@ -229266,9 +229266,12 @@ CVE-2023-37927,0,0,91c985b74b4cf0c20cf9ee2e34abb6e9d5e5bc09f1967cdc6aacd97f6165b CVE-2023-37928,0,0,dec776d364ef37b6e291aec9a18f90850b125ef62937fdd2b294a62c2fd46954,2024-11-21T08:12:29.503000 CVE-2023-37929,0,0,011bb9e7d58d16b19d04566442236b3df9072ac9a89827895b435ccc7008da47,2024-11-21T08:12:29.643000 CVE-2023-3793,0,0,e9ede59406bf67af7b0914c618fd7187696ca61b0cb1dc2d5985173c262f0733,2024-11-21T08:18:04.660000 +CVE-2023-37931,1,1,cc0719a57fb4fc10cd70b4c23ee3d0104887fd9daa43fd8faa7e294930f9dcec,2025-01-14T14:15:26.623000 CVE-2023-37932,0,0,f0df6819630bb22aa824d7b6acf6b4dd3a2036be6cce60c742b53c8d1d382fd2,2024-11-21T08:12:29.797000 CVE-2023-37934,0,0,4e265b9ab5d64a68f77d4af970245395e5cadba01a90f14cccc92367afbeed0f,2024-11-21T08:12:29.930000 CVE-2023-37935,0,0,e2680834b672fa8ed2fa3700d283e20af31e71aaa863e0a1bb6357a666cbb04b,2024-11-21T08:12:30.057000 +CVE-2023-37936,1,1,4d1bda336c23c74ec8906c59511da48fa45a47e8c6b8805364ae7a81d5bdb9f8,2025-01-14T14:15:26.790000 +CVE-2023-37937,1,1,c3da49b12f83696a8955b90c7c5fe1257e64d4289776609f188aa20bca9391d9,2025-01-14T14:15:26.940000 CVE-2023-37939,0,0,d3b772421f93766dd5d56ed8a17336460359db9420b069ecd7dc476dd713d5ac,2024-11-21T08:12:30.200000 CVE-2023-3794,0,0,927c15dbb6ac6053f144e81718d1e10b00b61d9e23d4cd5797afe957900c37b5,2024-11-21T08:18:04.807000 CVE-2023-37940,0,0,047021639e76af7b35157c12ff0afa1b906590a238eefc242a6a5cc5dab05f2b,2024-12-17T22:15:05.080000 @@ -233181,6 +233184,8 @@ CVE-2023-42780,0,0,cdd093383de8ac80b2dd603c4cd8b5fb12111fdfaea151dda39675c869053 CVE-2023-42781,0,0,e6266811e943f5b3219ef0407d2b4114a945fd77347810cc844cb61ed53dc644,2024-11-21T08:23:08.683000 CVE-2023-42782,0,0,da0c83cbed17a04613b39ce2336362e43c1e910e28a92e71a36daf2e58e858be,2024-11-21T08:23:08.817000 CVE-2023-42783,0,0,98b628fd4937ef156152a20479ae772c8ff5e58950f81df1627766b6fb5ac59b,2024-11-21T08:23:08.960000 +CVE-2023-42785,1,1,3d9ece452e34687f5329530909c65c326e945d40402bdb0c210ed91811ba5b63,2025-01-14T14:15:27.083000 +CVE-2023-42786,1,1,d087b8777cd3e45012b1ae4792645d3810bf081664a0217ce1a70382125b0e04,2025-01-14T14:15:27.237000 CVE-2023-42787,0,0,9495dbf34a13c743d9a5e135b36546505b91d005fdd69c84cafbd04056c07414,2024-11-21T08:23:09.100000 CVE-2023-42788,0,0,0c30b35d8520306a2f83f71d70c6e59375e6c5852cdeb5813f843ade4b3abedb,2024-11-21T08:23:09.237000 CVE-2023-42789,0,0,eebbac5c484c3f93b2be647e7bb4c1bcdda0e75aa8868e3a113ae482b9f36f7e,2024-11-21T08:23:09.387000 @@ -234262,9 +234267,9 @@ CVE-2023-44311,0,0,b491a6644768c419531cd2686d12c6b28e55f6ee59631bad8acdf026c6c67 CVE-2023-44312,0,0,6e13af31b3c5403cb1f8af32d244cfb2bca734d3108887b6626be7dde486b488,2024-11-21T08:25:38.763000 CVE-2023-44313,0,0,5b0539dc3155f9747e122039f5b7d6a608fcd39ca5aff5a5e43cdb62c3f0e4c3,2024-11-21T08:25:38.913000 CVE-2023-44315,0,0,75c2b7539e4de2f4917d1f34bfa248aba4d0594d88f8d44c071be8a20d2a88ed,2024-11-21T08:25:39.047000 -CVE-2023-44317,0,1,252903586afca40c30b5f02df9bf966a801e9eaf3803e50aaa52f09e041a5251,2025-01-14T11:15:13.027000 -CVE-2023-44318,0,1,c8108182e77fecd6ba290850d5f589b4aa48ca032f328dc4803ebed343e40a05,2025-01-14T11:15:13.360000 -CVE-2023-44319,0,1,c6f88099b85be13d59aea00f3c7c4d2a2693142dc4c4594797a437491647fee4,2025-01-14T11:15:13.777000 +CVE-2023-44317,0,0,252903586afca40c30b5f02df9bf966a801e9eaf3803e50aaa52f09e041a5251,2025-01-14T11:15:13.027000 +CVE-2023-44318,0,0,c8108182e77fecd6ba290850d5f589b4aa48ca032f328dc4803ebed343e40a05,2025-01-14T11:15:13.360000 +CVE-2023-44319,0,0,c6f88099b85be13d59aea00f3c7c4d2a2693142dc4c4594797a437491647fee4,2025-01-14T11:15:13.777000 CVE-2023-4432,0,0,788427dbeb34e26335020469a1276cd43a884f59b9af661fc13b42605fb9e6a2,2024-11-21T08:35:08.317000 CVE-2023-44320,0,0,4d2ae9325a25623d48b470b51039d4ef00f65d477520d92af4e8921306b7e5b8,2024-11-21T08:25:40.010000 CVE-2023-44321,0,0,15e8a0616ed83135ae192e573d335e5297864dde5a1ab6878a86d3f8f4e23d47,2024-11-21T08:25:40.227000 @@ -234318,7 +234323,7 @@ CVE-2023-4437,0,0,d799133c7f4d4ed119a68e52f64a38a07b87120074d4a7950c2a3da8df48a7 CVE-2023-44371,0,0,08ed75157f855f061fbc754bcf86c9f18faddbf23563105e3515c14b23016dc1,2024-11-21T08:25:45.983000 CVE-2023-44372,0,0,d68bcb236f0db00a725c73d58fb01f39bc215ae9800b1c3ec3bc1bec55145f08,2024-11-21T08:25:46.107000 CVE-2023-44373,0,0,d996ef030580458c73f740354c4b743796ff872bbb1ff1aa1e4f2e37bc14ce69,2024-11-21T08:25:46.240000 -CVE-2023-44374,0,1,1f5a5e8c0750c6a5df2a75bd0d5021a92fed9b5ea97189cbf95a459ddf83cd6a,2025-01-14T11:15:14.157000 +CVE-2023-44374,0,0,1f5a5e8c0750c6a5df2a75bd0d5021a92fed9b5ea97189cbf95a459ddf83cd6a,2025-01-14T11:15:14.157000 CVE-2023-44375,0,0,48b5cc51553000a2cfa67cea7f8a951d3659b6e093f2df35e76499db8afb9eef,2024-01-02T19:15:10.480000 CVE-2023-44376,0,0,03f27121c4f8ffca1841f5abcc6f000d7525e270077c8b212bbafd4e41d1bb9e,2024-01-02T19:15:10.550000 CVE-2023-44377,0,0,960eac8de781cbaac5ac605f1641529954ab7d1adeca62e37948b52710054780,2024-01-02T19:15:10.630000 @@ -235882,6 +235887,7 @@ CVE-2023-46711,0,0,10461e3199ca74c0551a32116631ff9e2136d0c732f728f9ed6f949c7cf46 CVE-2023-46712,0,0,fdf304acb640d6c5c9b27fb14d1c1f950387e795ef7592ee75fefc3ca09147b0,2024-11-21T08:29:08.037000 CVE-2023-46713,0,0,7ec948e1197bfd8e51899d82f0712028840dbf3cba1b2aed7e6646afcea7270a,2024-11-21T08:29:08.233000 CVE-2023-46714,0,0,ce18037b36677f2816f54477a037a4b84221f3eae040dc2e14897e192dcc0255,2024-11-21T08:29:08.413000 +CVE-2023-46715,1,1,f9696c467f8f797e696f1f2ad723b9b0f8a430d65b542ef7afdaffa44ee9c774,2025-01-14T14:15:27.387000 CVE-2023-46717,0,0,1f36867e76f044e23cc25eb25fb4f43d162c6cd99285a154e9a8c2369700b343,2024-11-21T08:29:08.597000 CVE-2023-4672,0,0,1d76ac05ce5b5babe10629a223016fb95a73366a13d7ac98420609b090cf2b39,2024-11-21T08:35:39.357000 CVE-2023-46720,0,0,78c156e18431d5e3d721b08abf3277e6716e1b8c318d85959bda17346eee6727,2024-11-21T08:29:08.810000 @@ -237639,7 +237645,7 @@ CVE-2023-49060,0,0,4c0d752f52234ac5b2c5afa73fa3bd5f4d490c81b175ad6b9dd8f7509e06e CVE-2023-49061,0,0,7af406d30b2caa1b6fd7c257680f774d6fb0a30f02df3c6d99ace0a0c64683ce,2024-11-21T08:32:45.193000 CVE-2023-49062,0,0,3f72bcc43e8d39618a32732cc6fdb32aa26187117eb8dbf2cde612d2322c6a42,2024-11-21T08:32:45.310000 CVE-2023-49068,0,0,f934d451589c0486639c7452250c50f87bff70e169120c3b6e2d48b968d911f7,2024-11-21T08:32:45.430000 -CVE-2023-49069,0,1,d5da5ea9c386cddba16f2cf91dc700b7766ad25ab428c205432beaa763afaecb,2025-01-14T11:15:14.827000 +CVE-2023-49069,0,0,d5da5ea9c386cddba16f2cf91dc700b7766ad25ab428c205432beaa763afaecb,2025-01-14T11:15:14.827000 CVE-2023-4907,0,0,90be30672dd3ea93872990567976373933c812f92a368cb35abe26c70cc23ea6,2024-11-21T08:36:14.203000 CVE-2023-49070,0,0,7d32f96f04703e2a198f9c064db7c84899ca0e6dd06b4377be69d1bca8fe769d,2024-11-21T08:32:45.697000 CVE-2023-49073,0,0,a59c7f971c52a4d5004cf2ba397f8b1bff7a40aa00abdd575b19a18ae50de0c5,2024-11-21T08:32:45.843000 @@ -238790,7 +238796,7 @@ CVE-2023-5081,0,0,9dcd735fc6d031ccd70a81f328a28ba4aed170bc4cf606667764daab41dc00 CVE-2023-50810,0,0,6dcaf0b38d14bf0da270503225efec303fb69579cb09c8f8e59be057bed6dcb0,2024-08-23T15:35:03.107000 CVE-2023-50811,0,0,0221ffb33b4cdd55c38ae7edad4ec46bdc093e9aa29e8785fbef12f94412394b,2024-11-21T08:37:20.580000 CVE-2023-5082,0,0,6541097524817ed2d54d4b0beb327d1a43ca1598ea63be87178fd58605a3847d,2024-11-21T08:41:01.900000 -CVE-2023-50821,0,1,929c2a9fa3523fe9e55d60bf69d848ee42df7d3248192dffc0985a5cce08b2fe,2025-01-14T11:15:14.980000 +CVE-2023-50821,0,0,929c2a9fa3523fe9e55d60bf69d848ee42df7d3248192dffc0985a5cce08b2fe,2025-01-14T11:15:14.980000 CVE-2023-50822,0,0,7cfaac4a512a0ba09ee6f153ec1de3a0dcd0ae5d1b7e901346252c674fc8d725,2024-11-21T08:37:20.907000 CVE-2023-50823,0,0,9b1f69e106cc946632f0578eb4b321a30b14b999bc72fa3d457beab7cbbe1845,2024-11-21T08:37:21.030000 CVE-2023-50824,0,0,12df8d623c7c22f9990f74f6c76f4b1851b1f00ff184f81df8e31075a56c8fe1,2024-11-21T08:37:21.153000 @@ -240188,7 +240194,7 @@ CVE-2023-5264,0,0,3e616cabf1a089b6e6cdd95ca27e570fd2ac3366b640b4e1c4e5769bd4fd0c CVE-2023-52640,0,0,708b1b04581c76bbcca2f83a78734877c6b33f6cded25f181b3a228af75a749a,2024-11-21T08:40:15.817000 CVE-2023-52641,0,0,592af7f4c429865af31c53495a7c752ac71766466d99208a5aded5501f7c7deb,2025-01-07T20:18:38.497000 CVE-2023-52642,0,0,05d60fedf578d1ba56385f5513e46bbdf0600669e68de5121a528e674c343d1c,2024-11-21T08:40:16.077000 -CVE-2023-52643,0,0,a052e4860e296c0ee05d86ba39ef967c09f91349f04358ad0c2d31e70cf765ee,2024-11-21T08:40:16.210000 +CVE-2023-52643,0,1,d50d31e5bb6a9cdf07b3e088fc3b5fda79f9ea816bd8b6d8c44559eebb408f0c,2025-01-14T14:58:40.580000 CVE-2023-52644,0,0,c34c6ce67f7bd1744e5ffb2bc7e1ab174b24b6c795ada11f0160dd6a25188de3,2024-11-21T08:40:16.333000 CVE-2023-52645,0,0,b7243e0650448847f32080e14db91cf203d54c57d7b28acbe818fbd2b13c53f4,2024-11-21T08:40:16.490000 CVE-2023-52646,0,0,139aee8a121c8d7a2a15bab8da8b6e42f6d1800d9c6146dd3e1fb095deeb5cfc,2024-11-21T08:40:16.687000 @@ -240209,7 +240215,7 @@ CVE-2023-52659,0,0,12014b1e0c02fea24ca1ce52074272db691cfe6ae39ed530e006a5540be4d CVE-2023-5266,0,0,36a025257ca1a5a01d1722477c5cdddc95c4c243398db33d451514cf043d9aad,2024-11-21T08:41:24.657000 CVE-2023-52660,0,0,358e8dc47410610b9f9672166cf82c0f3b48f9a136624210ebe4beaef46e7ab7,2024-11-21T08:40:18.393000 CVE-2023-52661,0,0,0db12b4ae9b466f647d72616423afc1e5dd602ae3df1ae15ad3bd6d59fb9c4be,2024-11-21T08:40:18.493000 -CVE-2023-52662,0,0,71b7d56d340dab206fb48342916ff0b200957de03180e9c58fa9a030a0275af4,2024-11-21T08:40:18.603000 +CVE-2023-52662,0,1,1505a0f052bc5e81abe77b427bfb604609858a2554981b82e79c669585efebe3,2025-01-14T14:55:24.477000 CVE-2023-52663,0,0,aefc7fb34e639ac7685e30d0b290105bfc4363d7a68f57c98b607c4c70ad7ba4,2025-01-07T16:58:24.913000 CVE-2023-52664,0,0,53dda01e84d35fa34f80702d177af01142220912b2b78efcb2f400625fec3ee0,2025-01-07T17:00:00.897000 CVE-2023-52665,0,0,791f31a412c848c4b6b18dc59ee81ece8b7e34e43416814b97f8d3b507c03dd4,2024-05-21T07:15:08.063000 @@ -244482,6 +244488,7 @@ CVE-2024-11493,0,0,d49eb92c8c562ba2101f389cdd764449ac518734f087aed95f5fe12a18b9a CVE-2024-11494,0,0,120185b1f5452b090fd317862ca91721f9197720b68abdbed625f37e80933fbd,2024-11-22T00:16:41.223000 CVE-2024-11495,0,0,9c4e4a6f33e735c288ef4e55e53a3e0727ff8f6642201545ed0c9f418349e2e2,2024-11-21T13:57:24.187000 CVE-2024-11496,0,0,43ea7dbd5a3dc8b24d5b87bfdc0e0bfa9c873f8eb1655750b06676344c313b9a,2025-01-07T05:15:13.480000 +CVE-2024-11497,1,1,ea8bb0e7311b90f6021b27100b07d2c0ca28551085fa537eff4f62faa14ca35b,2025-01-14T14:15:27.720000 CVE-2024-11498,0,0,7272009b792fcdecf70fc17a50bede0518cbaf4c2694bef021eda391707cdede,2024-11-25T14:15:06.607000 CVE-2024-1150,0,0,1edff0fc21d5f22172836448fdcc7da772ab8a792f462f53ba0bc1c0fbae9271,2024-11-21T08:49:54.780000 CVE-2024-11501,0,0,6aa155b5e971a466b4f7473002330671c6add4e056433a95089c7dc638a9cf0a,2024-12-07T12:15:19.783000 @@ -244827,6 +244834,8 @@ CVE-2024-11858,0,0,73fd067f9f80a3fe9add2844a0fc8b12fbc4555aad7446ed909f2e6252e70 CVE-2024-1186,0,0,2e273a7149091b295fd44850226681809150a1697d95b70cddb9945c7f5d2c46,2024-11-21T08:49:59.387000 CVE-2024-11860,0,0,3a70209f793392595a3a51a4d60b0579da591107f99f2af8b8ca46fce7a60e47,2024-12-04T21:08:39.133000 CVE-2024-11862,0,0,7712aab25e9f815f730578195e7a4831741702c7ef40dfbc871d5c94d52129b1,2024-11-27T15:15:25.393000 +CVE-2024-11863,1,1,2a4ef3cebd8a70c9376a25155496f4fea09b39fb81ac537f5388878ca8a77515,2025-01-14T14:15:27.927000 +CVE-2024-11864,1,1,eddb51b4ceec4d4cf789c3cd278862c24df4709fe53bbdbd01b7cb90195f96dc,2025-01-14T14:15:28.053000 CVE-2024-11865,0,0,42a8c32e42c8481cd421b33152335a9be7ed2d851fbfbce47808d03a397b663a,2024-12-14T05:15:08.150000 CVE-2024-11866,0,0,f98849df3d1b11c4a74b976ef8b2271c79a4b31b45f414582e51d5b7f2d3bff7,2024-12-03T09:15:05.487000 CVE-2024-11867,0,0,f6acb417b5c25ca0787745f2bd6aa4f31f6cfd5553556db6c5bd027949960f0f,2024-12-14T05:15:08.343000 @@ -245033,7 +245042,7 @@ CVE-2024-12132,0,0,80a7c8d496b1886913eb9109e260df5ae2c0aa6f78d2c4d5ff0aee7f1f0cf CVE-2024-12138,0,0,8d975d6d21268c978bf38e4ecd10070b486d972f9cb2bde16883c51e239ae6fa,2024-12-04T14:15:19.413000 CVE-2024-1214,0,0,006edfeb44add0513d6df0049d407da5a783feee7b6e41af090a449d9f26b334,2024-11-21T08:50:03.383000 CVE-2024-12140,0,0,c2add199266b1c986c32a034700db286963405079b6f69910eeedd64a6ce0f35,2025-01-07T05:15:14.730000 -CVE-2024-12147,0,0,0ebd2d9e73219a39fb6777c8b0dc3255058db7114ec6ee0c20c337fec7f9520f,2024-12-04T18:15:11.803000 +CVE-2024-12147,0,1,a60a326d5e97949b76dd4b6bfe3685435b958d0b913ec9ae9ab905066656d093,2025-01-14T14:15:28.163000 CVE-2024-12148,0,0,2d82ecdcd1ae8b06b2bbc4387f4ec8d5588d3a1672ec54422fedc0a9fcb34bf5,2024-12-05T19:15:07.473000 CVE-2024-12149,0,0,6cea541fb8390eb73924fcce3986b6c54a0134049e02ebc343dd9227319eb6b2,2024-12-05T19:15:07.627000 CVE-2024-1215,0,0,4329416f300d2c475797311e08de13347ae9dc69f951944050207e3d4abf36b5,2024-11-21T08:50:03.560000 @@ -245115,7 +245124,7 @@ CVE-2024-12237,0,0,bc9c0d4c537bace6ba73f5084a4978adc8d5b928619c3c4d0e52cb7bef9d5 CVE-2024-12238,0,0,0b2506120279c72470fe6ced119aba981e066d08bdac68bd9b96e39e9d942dde,2024-12-29T06:15:05.487000 CVE-2024-12239,0,0,6402c790bc7203c11dca14fab5982d0c29c8034f8baef3a6d7c350a55d38d141,2024-12-17T03:15:06.710000 CVE-2024-1224,0,0,cbfbaa5b4f0e1c410530412d727d5bf58dfe126bd3d740f330bf5c6e93a0658e,2024-11-21T08:50:05.487000 -CVE-2024-12240,1,1,da234d125bab02f32b25b5e43ff7fe4ebb93d6e8868ab7cdfaa9e75f89be7500,2025-01-14T11:15:15.137000 +CVE-2024-12240,0,0,da234d125bab02f32b25b5e43ff7fe4ebb93d6e8868ab7cdfaa9e75f89be7500,2025-01-14T11:15:15.137000 CVE-2024-12247,0,0,ad117a7da5529073984608210b9ebf0c8357341e47d0f7a47c01f4275cf4ac25,2024-12-05T16:15:25.243000 CVE-2024-12249,0,0,e2547863ff0e51895fdd9ac079296565876947375b7269d971dfde5e35972170,2025-01-09T11:15:12.683000 CVE-2024-1225,0,0,1335eabc5dc5752fbd7f31a11bdeda2f1be9be2c21abaca809140eabb8940f2a,2024-11-21T08:50:05.673000 @@ -245628,7 +245637,7 @@ CVE-2024-12984,0,0,f0a40bfb4434122b7dd8ba661c6c69bf64d3d6f43bb0e348d606e1d5197ac CVE-2024-12985,0,0,6531cd927cf23f31fa55a97e93021ae992bc51e6aa4997700dc1a3f1c1bbe3bc,2024-12-27T16:15:23.807000 CVE-2024-12986,0,0,9fe6763e6eaae8601cf98cfafc9a1a86fa65061195b84f986c70f384863d74a7,2024-12-30T15:15:08.390000 CVE-2024-12987,0,0,88eb7e923d5d7a4cf0f7e7d11fe92e10cd0691a931c33700e34eae909cc4cb3a,2024-12-27T21:15:07.510000 -CVE-2024-12988,0,0,c594a4e936c1c4ca5228618246aca4c8ec6e5eafcd7d1a90db07420fe624d753,2024-12-27T19:15:08.260000 +CVE-2024-12988,0,1,9436c36281befeb1cac2efa51e2b3b5b17935e2caad4832857798d8fea30b6ca,2025-01-14T14:15:28.347000 CVE-2024-12989,0,0,33fd61b2109762e88dcc5e09bc6c744e5b6c24b2b8866869053bb4fe1f13d8f6,2024-12-27T18:15:24.777000 CVE-2024-1299,0,0,c7f245e662ec35ddd87c48ae29ff03e74531f9ba7973bf15293ed4e82f111599,2024-12-11T20:23:27.497000 CVE-2024-12990,0,0,f5b782d9dc1296a073e6572b42dc4c6e0569ced9955dbc4828874227d5043cc1,2024-12-27T19:15:08.453000 @@ -245734,7 +245743,7 @@ CVE-2024-1312,0,0,d16b3ecc82cd74d4071dc20055eab0a36b43013bc6757c1d62cda1a87b890d CVE-2024-13129,0,0,c8465ea9fafd80ae001698785c09dec31df42294cc4a62b87a1aaef854b51892,2025-01-03T22:15:06.677000 CVE-2024-1313,0,0,cad1078661641c2022e5f0188a431d9a70908db5ab4b61d98e0389abbba8b680,2024-11-21T08:50:18.207000 CVE-2024-13130,0,0,11faf417785d12b2b829d9b6bcccc37fdbc1730d9810cb9c4f93c832649c2012,2025-01-10T14:15:27.740000 -CVE-2024-13131,0,0,b2e61750ac10a0f0335a98de23f2a0f4134c4b67b2d954e7edfaed8137694b3e,2025-01-10T14:15:28.793000 +CVE-2024-13131,0,1,37e9e5f47f4bbb5563e0abcd91356d09acb74457b68fc9d78a9e9f1fd366a24c,2025-01-14T14:15:28.490000 CVE-2024-13132,0,0,594571502108d1bbe5e2eea9ba980d95a2fa434713b832f566b58ef0a91c4dfa,2025-01-05T05:15:06.400000 CVE-2024-13133,0,0,e47f60b53979830f63f2a82ea9286fe0a882be09d003097342682dcb8cf9204a,2025-01-05T05:15:07.507000 CVE-2024-13134,0,0,cfa8d5a9a0d9f46619da3acacfcfd078e2a961f271cc9aaaab38523ffadcc77f,2025-01-05T08:15:05.443000 @@ -248097,6 +248106,7 @@ CVE-2024-21754,0,0,6726148c9c00979954f8e0e43980573889b19508b76c8b84b92cd601e38d1 CVE-2024-21755,0,0,3db688cacd77dd473c848be3e1117c1b29b56eeefd4b3b05f3fefc4fcada771b,2024-12-23T14:58:10.797000 CVE-2024-21756,0,0,55671466161da604c39db4e12f80a3997fbb2c1ad8da690a7c82c7bcf4da8114,2024-12-23T15:02:00.357000 CVE-2024-21757,0,0,2977bcabeb1633cac10a5d2b68ce6f1b718f97760675ba593569c66c881c2f72,2024-08-22T14:34:54.550000 +CVE-2024-21758,1,1,e713bbad39e7b247b7a459c55702191de3f7d64d4c77edeeacac36fafec474bc,2025-01-14T14:15:28.597000 CVE-2024-21759,0,0,c7b87faa73119d13eeff29f1fcc441192710ec05905507e64f7a792b951b9ab6,2024-11-21T08:54:57.347000 CVE-2024-2176,0,0,1aeee7ae52b7f70f1b987c126ac25fd385f727623c97d4e6f5fec3aa0f1aa936,2024-12-19T20:23:37.707000 CVE-2024-21761,0,0,82642bae2920dd7ff8b514e57bc1c1f5d6d71d9ec15a1b10f21b90ef60b69c46,2024-11-21T08:54:57.477000 @@ -248968,6 +248978,7 @@ CVE-2024-23091,0,0,ac809bd19f7e627635a79d83b5695bf1c2fb09ece061006c0f1815b6022ec CVE-2024-23094,0,0,39856c4da401f038553ce13c83297dd603ae7bf5ca4cf6ae32992dbd89dce5ce,2024-11-21T08:56:56.250000 CVE-2024-2310,0,0,b6f8a00e8715d4b3b60be0214b575fc22e21dc1cce049eb25d1bfde853925611,2024-11-21T09:09:28.823000 CVE-2024-23105,0,0,cc92d5b7f0e64822efb2303bf788a510716bf4a22d1dd8fe4f1ced2ca7c2db73,2024-11-21T08:56:56.483000 +CVE-2024-23106,1,1,0f5c4218ea98af41b237014ca5ec2b68d4cffa29cd00f77fd5e4397dac7805ba,2025-01-14T14:15:28.747000 CVE-2024-23107,0,0,fb9f269ff9a1721dc70633ce33277322f1dbc0036fc8172640447e4431712b1e,2024-12-17T16:51:35.250000 CVE-2024-23108,0,0,9d659a0c56266d107dd050234c8418f99361db23121c8ca000992c1044ae9639,2024-11-21T08:56:56.783000 CVE-2024-23109,0,0,c8b681856326059919d7eca87f263b10c76f30a97cdf3c7093cdd3ba11934f09,2024-11-21T08:56:56.940000 @@ -251100,6 +251111,7 @@ CVE-2024-26005,0,0,ab8dec86b835a1025d9007a91813d1fb4ad91c2949fe7b6a778b69a8a5e19 CVE-2024-26007,0,0,5566a1952f2701dd4149a375a6c93e3c6434006ebc54211b6a50bcacb2b01156,2024-12-11T19:55:59.830000 CVE-2024-26010,0,0,aa94400b6d9b88521b847077f70baf8416af93283c6afed0d9452bca0e3c5cd0,2024-12-11T19:54:35.323000 CVE-2024-26011,0,0,c11541fdad772e94b22af8e91bceb09116d56319f79d2943860d22ca66673a67,2024-12-12T19:33:58.833000 +CVE-2024-26012,1,1,7643cdf3fff5394f6b847987ffcd78802404787b2d7068c3292d6b9f572e0545,2025-01-14T14:15:28.893000 CVE-2024-26015,0,0,61e1ee285e159a140490fe9bac1615210ace2b02df5e5f1a9d7b48836125a67e,2024-11-21T09:01:45.940000 CVE-2024-26016,0,0,2610bd296695018d3e38024798d9b1b7a39a4da11d75be17fe8b8abc7a84b7e3,2024-12-31T16:27:58.487000 CVE-2024-26017,0,0,11d040a25f5c2d5c2e1e2401973b3159ea6e8ba153c9a2238d873c2f164fc160,2024-11-15T14:00:09.720000 @@ -251766,7 +251778,7 @@ CVE-2024-26825,0,0,2feb155c5efa06f486698a360c335e005f63fc9c52454f52650f2ab570e7e CVE-2024-26826,0,0,8a76cca28c3c2d413800dd144db2d6b32acef4b31f42545b0b8cce3f9e697a32,2024-11-21T09:03:09.463000 CVE-2024-26827,0,0,4cc514efbe22ca04935a47f409b758351113d51b04fbbf02df44e27fcf8c06d7,2024-04-18T15:15:28.957000 CVE-2024-26828,0,0,bd00e52c625d709e58fad6c68a7b5a17f577546fe0f6a4f902334be57e619af3,2024-11-21T09:03:09.600000 -CVE-2024-26829,0,0,ab2ebb8b0a4a4331a20639e64a0f4d6262660fa23e28f26bf823e359afd52db9,2024-11-21T09:03:09.783000 +CVE-2024-26829,0,1,33b858020b676d55d8dbfd0b8da63d045ba99285dcf6c6b1575c915b01f21130,2025-01-14T14:58:05.850000 CVE-2024-2683,0,0,c666bc0f8d4f99c33749c0e66ad30a4fb205835cded4157d2383c256488564ce,2024-11-21T09:10:17.113000 CVE-2024-26830,0,0,79942d49d5f2eb06b207a086e5327469b8f22e82ed05e882883226083eef8816,2024-11-21T09:03:09.897000 CVE-2024-26831,0,0,6571b4816f74c1ad7263d31c34d0dfe7efca4bf7da100dedb1dd929fef02110e,2024-11-21T09:03:10.007000 @@ -251777,7 +251789,7 @@ CVE-2024-26835,0,0,835030cc1d535a21663a5d77b99df1febce90a20bd2caee76203fbcaedc89 CVE-2024-26836,0,0,4ad3e2a9dcf9d2db56d93279f59d5b475a06711095747d2d93b4c8b1a17e4c49,2024-11-21T09:03:10.607000 CVE-2024-26837,0,0,d7cf0d497a1934810d8d36e7cad91f83f8ba7a4fc7f73dc96f665ed0bb4f9c8e,2024-11-21T09:03:10.730000 CVE-2024-26838,0,0,4aa246ce2481b80eb12cfbdfe842d038f2f45b2a62604835a6ac9fb8a19802f5,2024-11-21T09:03:10.853000 -CVE-2024-26839,0,0,94831cb58e8ca8a43716949ef42ec744b2bef3a31caad721b703815d66491641,2024-11-21T09:03:10.980000 +CVE-2024-26839,0,1,86fe097dcbf1f910ddfbdc3d002b0e89833c44044f118c1ed9d8f2af583392e9,2025-01-14T14:56:47.140000 CVE-2024-2684,0,0,2addc2ca38f6caafae58093a53a83a40b02f9350a4d9c9280dc3fac70a7a6d56,2024-11-21T09:10:17.277000 CVE-2024-26840,0,0,184a6898c218b037239b30da9b8ff36296b7dddccc7007005850bd631f698139,2025-01-07T17:13:19.863000 CVE-2024-26841,0,0,595c74555dc4b25e8ea88566fd859ea64ec149ad165f7c91a511ba37a9b2ffc6,2024-11-21T09:03:11.233000 @@ -251809,18 +251821,18 @@ CVE-2024-26864,0,0,eb2f6d1cc842168692d58368c5385a125dd9b538c58507cdba23f5736373b CVE-2024-26865,0,0,425ec1e666ffd707bf5be9f39ce33453ce0f57a20ff8f1bd74eaf4b15ccb3949,2025-01-07T17:14:10.927000 CVE-2024-26866,0,0,5a4c4e85054f22132b72e870bf4ca5192ad00542c720bff41708d831fa0c657a,2024-11-21T09:03:15 CVE-2024-26867,0,0,f4c3e98cf18f5362ba9d8cbace769954683f72425fbef623fdb1cff3c29bca91,2024-11-21T09:03:15.117000 -CVE-2024-26868,0,0,055bdae3e7e29d3f52563d5563ba9980e87a61b4ffd69a55f8c0e79220a94325,2024-11-21T09:03:15.243000 +CVE-2024-26868,0,1,470780f3eedbe54e0715c09aacacd15d602e690928f9f1f3cc056aa7f149c140,2025-01-14T14:45:52.020000 CVE-2024-26869,0,0,02922038ad2af42246888c4202e00a6e69990dd39e8a7ee4b0bde6c82bbc6099,2024-11-21T09:03:15.370000 CVE-2024-2687,0,0,f3005cbf6cb1868a431d78446860642964c1a1aa641da1c01d62b7f2a08b7274,2024-11-21T09:10:17.693000 CVE-2024-26870,0,0,2bd6a183ad1975d0b6c0de2939cb199738c8340cd55c7843614845b5df49e754,2024-11-21T09:03:15.490000 -CVE-2024-26871,0,0,64b5d5a81109d5902e56c2f78cef2a8344b94c0325e98bc7087e8715476a105f,2024-11-21T09:03:15.620000 +CVE-2024-26871,0,1,869aa89d9c16dccb1fc19ae6f3deafd10c976839580428434667c5b886257213,2025-01-14T14:46:37.293000 CVE-2024-26872,0,0,773bd0049df3a502bc881bea139866eb1ac745c3ead80bada6bc450bdf539b7a,2024-11-21T09:03:15.740000 CVE-2024-26873,0,0,65d9833100a12a05ec6dd2cea519a8e619a52464806ebff7909cd8d25bbed206,2025-01-10T18:28:25.100000 CVE-2024-26874,0,0,b0997e2574bc5dea0efb25a69db38ec2a1c52a8e5820fc2c5eef17510669d092,2024-11-21T09:03:16.010000 CVE-2024-26875,0,0,94239f41f42b905c954bc6edc97b0cf15f6dec0d8fdfb2fd1b19e8e24e9c863c,2024-11-21T09:03:16.137000 CVE-2024-26876,0,0,cae97524862d4115e788a327d03cf0da2acf0edba8249dc998aedc8a21a3f2d4,2024-11-21T09:03:16.380000 CVE-2024-26877,0,0,54721b8ba6c7b4d0a18ed9c595e6136296498a569bd20bfeb4ea6cc3920631ea,2024-11-21T09:03:16.520000 -CVE-2024-26878,0,0,11ab35a3fb8ca18e8c636a1de49a408c1da401e7928031e6cc0f6285ff8b6bf7,2024-11-21T09:03:16.660000 +CVE-2024-26878,0,1,2c398350514fb54f2342aa6342ce493830beeb75951d27f14bae83050dc81b26,2025-01-14T14:49:44.283000 CVE-2024-26879,0,0,9704d8839b75b0e854eec4c51359697b6a4476f2d785619c7296d3dff7e0f239,2024-11-21T09:03:16.793000 CVE-2024-2688,0,0,93325ede5335c7cfe6caa2a8077a03a339fd6598ac72c158a197fc34644bc992,2025-01-07T17:17:38.673000 CVE-2024-26880,0,0,b775bc30b873c71ce0741bd89eb501a0811ff9c595ceddd964535015994b3d7e,2024-11-21T09:03:16.923000 @@ -251836,10 +251848,10 @@ CVE-2024-26889,0,0,0a87ef24881e5a1013b327bce78ea618038475fe9f273fcf03f83972360f5 CVE-2024-2689,0,0,efd9c698169d4dc6b507d633d5c5bca5635fd88f4fbab04c5f54592266ffc962,2024-11-21T09:10:17.947000 CVE-2024-26890,0,0,d28148780134fe9d4fd26b89472d475a8cd9fd94507e1d0beb5192c2d01a8c30,2024-11-21T09:03:18.677000 CVE-2024-26891,0,0,18ef1231e3dab94fd46bd51769a57b4742af39b60702f0ac393cf1e3791be7b3,2024-11-21T09:03:18.877000 -CVE-2024-26892,0,0,18746dd475c481f144c90b8e68299886bc74ab8ea3983a4031def8377fe6186d,2024-11-21T09:03:19.010000 +CVE-2024-26892,0,1,dff3724f39f4f7d27824ec776eef6bd6154cf578f200db90d4aaf7ae8dcb96a7,2025-01-14T14:34:50.407000 CVE-2024-26893,0,0,d7693c4e9fe752b465cf2d288069a1e2bf4fb0527edf72a830b5a88405414f0a,2024-11-21T09:03:19.143000 CVE-2024-26894,0,0,a0a3505846084c5b38d2ae3c10f78c77094fefe62fef76a336ba2b60789b1f16,2024-11-21T09:03:19.273000 -CVE-2024-26895,0,0,862c3c7e2fb467307ac5e9f6bee5fe1363e7b613c415b8df9d329e026c699616,2024-11-21T09:03:19.490000 +CVE-2024-26895,0,1,c7dae02178f516d4283340a4f7cce896c92a3602b8fb81a9ffba367ad09ef0ce,2025-01-14T14:33:40.417000 CVE-2024-26896,0,0,c6e43fd686585240ffa18e62a933c3ad899a2ecd05bffcaba7c10cff96b5c484,2024-11-21T09:03:19.633000 CVE-2024-26897,0,0,99a4a65c4d2cf2952c1beef32b5c14c24ca683dfde6ce0996f5012d6d08130fd,2024-11-21T09:03:19.780000 CVE-2024-26898,0,0,59064cab5402bdde52c986a7bd49e55f19dd21c4edcf6601694e90d218d8ee73,2024-11-21T09:03:19.907000 @@ -251890,10 +251902,10 @@ CVE-2024-26938,0,0,0c70fb2feb140bdbececb331d09112c041df234a19fd4b8b218a2ac066b95 CVE-2024-26939,0,0,c3fb2db696e04ae1904b668515e0031ce50a5de2baf1f29a140797ebf4ff5018,2024-11-21T09:03:26.017000 CVE-2024-2694,0,0,4d728e1d04ebd874b9753d4251373dca1c8d4686a42dcbe990217886910977cf,2024-09-03T15:10:54.557000 CVE-2024-26940,0,0,d30d92f81d3759151961c208b8359740afa7da7c58e7ddc1f671b87559059ac7,2024-11-21T09:03:26.170000 -CVE-2024-26941,0,0,cadeff2a3df91773dcc45aea1b6f150892f0797adf8c2ee27d0d75f1e01c5223,2024-11-21T09:03:26.373000 +CVE-2024-26941,0,1,e5ae6d1a3983ec93dbc1ebb0a1587dda9da5ac8274be6169e8d6e3064e41052a,2025-01-14T14:37:37.710000 CVE-2024-26942,0,0,39f881a4e4cb31695225028db7c03542160cc9b05d12914f25d1ff64ba466f9e,2024-11-21T09:03:26.500000 CVE-2024-26943,0,0,16dd90efed42e45678ccacbd406baa89e1f909d5f0edf94ce4fd707ce6158956,2024-11-21T09:03:26.737000 -CVE-2024-26944,0,0,4e6fdbbe0d24c6263dd198ce6f2bbfb3a16d01dd7d2b8da581c1cc336233dbb5,2024-11-21T09:03:26.850000 +CVE-2024-26944,0,1,5173c263c20ff41500d77cd506c0a135055112f78a2020af9be2ee11c60b3759,2025-01-14T14:29:21.517000 CVE-2024-26945,0,0,ae6f96764324a673726732b05b955bd355f5976653ec8b043463e0baff11019d,2024-11-21T09:03:26.990000 CVE-2024-26946,0,0,42cd5cabd74c9173279dd3289adfb70a8262c89e7ffe80862a160dea1859eae9,2024-11-21T09:03:27.650000 CVE-2024-26947,0,0,bf0732699f635e430480999388946ed3c52fc60cc1e2e21486bd1b152f39863a,2024-11-21T09:03:27.780000 @@ -252017,7 +252029,7 @@ CVE-2024-27055,0,0,567532cde91599899067f455d5c7b87fb6bd7d422556d36a861d5078f328e CVE-2024-27056,0,0,0c46f13676f36e598862e1367000c5f83b6f006bf4cfa76fa723d92a467f92b1,2024-11-21T09:03:45.980000 CVE-2024-27057,0,0,59020acf3ab82c0eef52cab6667be5665e673c02ff7c385265b72e8eb5c4ebf2,2024-11-21T09:03:46.097000 CVE-2024-27058,0,0,e8e18c8efb56c2ad87995b6dc7ebbe8c01bb5c8a51c8ae719afbfa612893fc4d,2024-11-21T09:03:46.217000 -CVE-2024-27059,0,0,12162d50eed4060c0ec19988202d1d5d7cefce6ae46d436b40a3dec4c213dafb,2024-11-21T09:03:46.410000 +CVE-2024-27059,0,1,b8d358dc987b94bc06e49be13c99ba48022e2070d952b9bca9d47418a24f172e,2025-01-14T14:36:42.747000 CVE-2024-2706,0,0,ec4b783f22cb2952cae8bff1153eed6be7a282f6f994a45b7c4840589cd8711c,2024-12-12T17:27:56.637000 CVE-2024-27060,0,0,22bda1115b48ba58b7256e3896819cc9078fb8284ee48e35606dd5d9241e5131,2024-12-23T14:22:29.173000 CVE-2024-27061,0,0,36106eed528d548d97b156ede779488bb9a7ed8362c8cd75e4e522528c004492,2024-11-21T09:03:46.663000 @@ -252345,7 +252357,7 @@ CVE-2024-27383,0,0,72e70359f0f73aeb1e6b8c0368d83827211bcfc295c5402bfd5cfdee6cfd7 CVE-2024-27385,0,0,e1a41ce9dd72dcc7e74fb02b5b7a34d75ee1fd10edb45ea10c35a3afe68bad13,2024-11-21T09:04:30.110000 CVE-2024-27386,0,0,1b64d665730a7687a332bebc6b1e44f0548d458eb827204a2ee1cc939a731c55,2024-11-21T09:04:30.280000 CVE-2024-27387,0,0,74d76ecfd4c7d0eda3830292dd6b42737cfbe9975269ec377e98fccc5293c5ca,2024-09-11T15:23:58.743000 -CVE-2024-27388,0,0,30e5824152c56cda9e5c7845ecfcf456d2790a858698fc40939a829169d3e9f9,2024-11-21T09:04:30.540000 +CVE-2024-27388,0,1,98453ba7ddab0d75275ebcbe2cf9adcd01c61d4c18396a578a59da147f49ad6d,2025-01-14T14:56:08.617000 CVE-2024-27389,0,0,c217d6184563415f226e9a80f037b8d7514915a86c3207640b24918bb7cb55bd,2024-11-21T09:04:30.670000 CVE-2024-2739,0,0,f4d65d5336ee215a214a5da90ed0322790b7be3ef272f9615bf61860991305e8,2024-11-21T09:10:24.570000 CVE-2024-27390,0,0,7780428a286bfe2ad84944e0e3c56b2f0984a92e2b031a42317e22e477ac14fc,2024-11-21T09:04:30.793000 @@ -252353,8 +252365,8 @@ CVE-2024-27391,0,0,74e7ba782a652174d6e44269cc22f7e3eae02e2f8b1404503a1469482e17c CVE-2024-27392,0,0,51788877a716c0011203ead65a89d91afe3ce071b5d9cd963e34730d678899ad,2024-12-26T20:32:43.923000 CVE-2024-27393,0,0,7acb0ea1cd19fda4e5e2f41152272208ba891fcce16f238ba8adfdf815157c77,2024-11-21T09:04:31.160000 CVE-2024-27394,0,0,b26d808a796a57c43a2737a6a589c18d606c49ce4d9b02ac0d6935ec64645293,2024-11-21T09:04:31.353000 -CVE-2024-27395,0,0,6842fb42e53d51c3654f6b6ebd209a39716d73e38e54d6de2b29fab32ebd174b,2024-11-21T09:04:31.553000 -CVE-2024-27396,0,0,5eeae45667d4aab8e300e0bd0600148308ee4abb6b0f330c9d893b5a5d2ec620,2024-11-21T09:04:31.693000 +CVE-2024-27395,0,1,574d9fe9b6861b86a67985da6f3829a04cbab7adac1a4f8c46394c30d29e001f,2025-01-14T14:27:22.167000 +CVE-2024-27396,0,1,619052d7edfa2606a0df6550296e33629a00872a87588e2fdde8447ec8bbd43c,2025-01-14T14:26:09.117000 CVE-2024-27397,0,0,aa595a4f1af133353403fbda30ee2eba1c22c43a6d923ec09fbe34a915bc914a,2024-11-21T09:04:31.830000 CVE-2024-27398,0,0,5d668964db5f8581f993f825ac2b92d8b5b4a6d169822c73d205cf76d493b5f2,2024-11-30T08:15:05.417000 CVE-2024-27399,0,0,2441bead541c7f566e35edcc3bc5bc55c9b6f47a2e4593c9316c027e34d9505e,2024-11-21T09:04:32.110000 @@ -252569,6 +252581,7 @@ CVE-2024-27773,0,0,9937f907ae86df124158e0d3d02b2f6a356bd36428cea000a9bdb98a6113f CVE-2024-27774,0,0,307f48a7716a730e60d75be64dea775aaf45a608fbb3ab8fba2c3652139b9ebe,2024-11-21T09:05:02.147000 CVE-2024-27775,0,0,468f4bdeb691bac934a90af6b47335beff0a01310cc0f12046ca31ea2abc0fb4,2024-11-21T09:05:02.297000 CVE-2024-27776,0,0,ef49ef17c1210e0ed2c1ff489a27f0662db66dc8a6e90113cd624459aa34be3a,2024-11-21T09:05:02.433000 +CVE-2024-27778,1,1,cc407cb1cc3a17c1f81a5a000d90559c967fc40caad20daa7846eed43a5ad2f6,2025-01-14T14:15:29.053000 CVE-2024-2778,0,0,da9799ba1a896260f3966e85cd8ba6bdf1155e8b3eb8fb7ffe9ea6d0361cc9d7,2024-11-21T09:10:29.870000 CVE-2024-27782,0,0,b01afce97382f5347b598b12017d99ef6ba8abe65ad6d5215e9994d037f58038,2024-11-21T09:05:02.573000 CVE-2024-27783,0,0,f4ab6f1bc78e2b58465d6941ea5ba1a40edd430586869d7f6403e5f08823a681,2024-11-21T09:05:02.727000 @@ -255786,6 +255799,7 @@ CVE-2024-32111,0,0,121bcf9e03eb2023e507e49bca0f378abedab19bac9b9cac33fc8d7c3f599 CVE-2024-32112,0,0,3cc0cdd2e390858089e1a98f8ecf0a04851da7cfb00b76da57093ec0ffbb5739,2024-11-21T09:14:29.720000 CVE-2024-32113,0,0,b0416d14f21fbcfcb8bd0e4b14fa8754bf0dc777f677edb1f6cc939227329fa6,2024-12-20T16:51:57.577000 CVE-2024-32114,0,0,ec761db7a5ad46df257b60e3bffba3183bd48091e424b77fbddb80d44570b8c2,2024-11-21T09:14:30.127000 +CVE-2024-32115,1,1,f24fbdd2966345220e2a31c6012b76bacd32faeb1bd2ec756e7f886ac602f960,2025-01-14T14:15:29.200000 CVE-2024-32116,0,0,f10f3c24dc00a2826d06434dd27b29c41c2c38d776ae02f6706b238c0f312734,2024-11-13T17:01:16.850000 CVE-2024-32117,0,0,6ced7b5df85b7cf270709040a6c78ad7915ac1694cdc1063e73cbc492ca11ee8,2024-11-13T17:01:16.850000 CVE-2024-32118,0,0,cbf2b7d4af864cda3454132db2a4b769a7af322c2b5759ac474995880a9c36b6,2024-11-13T17:01:16.850000 @@ -256783,6 +256797,8 @@ CVE-2024-33498,0,0,50fe8de8bce7e48e620f0f169dde903b59c1e6db4dd10e5d366514fd61692 CVE-2024-33499,0,0,803dea18a502c032d7f43bfabb140fa02ca861ad18c39b77e542bf705c52768c,2024-11-21T09:17:02.293000 CVE-2024-3350,0,0,d4069f70c85c5408080c42132a37ca996283e73747386676dca3be3d2af545e9,2024-11-21T09:29:26.097000 CVE-2024-33500,0,0,746323f4fb4b9901ec2db4b5c0fb0d198abd8dc5a220cdbb454eaf0948907ee7,2024-11-21T09:17:02.433000 +CVE-2024-33502,1,1,d0674e8636083af5f3a783257cf74bc32f732f29257bf89f109ce4ef4feaa7fd,2025-01-14T14:15:29.360000 +CVE-2024-33503,1,1,4ef2e20a85c689ebcd4a284c2f4342090764795d94a628b568a80e00b4a93cd7,2025-01-14T14:15:29.517000 CVE-2024-33505,0,0,1225fe0735434c0168b96035a87d6bbc53cb961ca66ce6e44cbf0ac8c7a1fdd0,2024-11-13T17:01:16.850000 CVE-2024-33506,0,0,ebc73da9186542bc574ff2ffa1bd0018ebfe9872b5e96093b78710739d042a79,2024-10-10T12:56:30.817000 CVE-2024-33508,0,0,3b76b0d03aba3d39a9333effe55dda5557e5f1c6adb532df7c6b80bfe8c854e4,2024-09-20T19:48:06.197000 @@ -256978,7 +256994,7 @@ CVE-2024-33694,0,0,554cda33f2ad13bcadbc01849cf469ac8ff064b4e1bee4e0466ecd3f969a7 CVE-2024-33695,0,0,7c0d52f6fed184c071349de7a110b2489ccfa063e9c908af4c30ab33960e9006,2024-11-21T09:17:25.403000 CVE-2024-33696,0,0,bdeaca3b241fa5fb17935c438f79c2a6f73150b89aaaa02b7434d83372bcbc5e,2024-11-21T09:17:25.527000 CVE-2024-33697,0,0,ac9288454572e0a0ceafea8bbe01c8243777a17b68b31358e3f9c1206fc342a7,2024-11-21T09:17:25.647000 -CVE-2024-33698,0,1,4ea57f0cc8a312f87370897367d94743d3e8e2246a2e22a1152a2d834ffce2ef,2025-01-14T11:15:15.373000 +CVE-2024-33698,0,0,4ea57f0cc8a312f87370897367d94743d3e8e2246a2e22a1152a2d834ffce2ef,2025-01-14T11:15:15.373000 CVE-2024-33699,0,0,458e7a7b3d1333ee5c45aaa1189ebfd93e764aed965cf8534dfc556b9d953918,2024-11-21T09:17:25.897000 CVE-2024-3370,0,0,4977c8af342ca5e43bc003b305e8d121bc66eb96b01495a3eae5208891dcba00,2024-11-18T17:11:17.393000 CVE-2024-33700,0,0,407022dfdd24550f293ac6fd28c96f8309930375ca8392caa396c0d28c47198e,2024-11-21T09:17:26.020000 @@ -258133,7 +258149,12 @@ CVE-2024-35267,0,0,9ddea27617f038237b3128d4e75fc5102d056540871869cdbf937fd02f76a CVE-2024-35270,0,0,54fc0aef882c68b0af36e2a2e87ea567a3f0433770da6d3701c29cb540de6659,2024-11-21T09:20:03.357000 CVE-2024-35271,0,0,53435ea3e84efa467a9bdfc22250170e3299e5610ce3c91fa1af50680f120201,2024-11-21T09:20:03.527000 CVE-2024-35272,0,0,7c25fd9425a5925ce7b680ae430dc4c99441fca7143b7504eaba903c26bfba9b,2024-11-21T09:20:03.667000 +CVE-2024-35273,1,1,9ab858ebb346d630e6bbf8da2157e41f0d8e42e4a4c1d3d1d26beda7fb4bf411,2025-01-14T14:15:29.663000 CVE-2024-35274,0,0,9a6beae4bfe35b0b8aee9a3d653759bf728b408106a661c475615a0bb6353472,2024-11-13T17:01:16.850000 +CVE-2024-35275,1,1,db920a4838b9e37c71b9bc6fd6d2d69f628712cc99e5de16479c022646ccb044,2025-01-14T14:15:29.817000 +CVE-2024-35276,1,1,4c959b5ba1a33576ed209445d5bbc58fbac65866e46c0631f77c80bdc2461b2f,2025-01-14T14:15:29.973000 +CVE-2024-35277,1,1,1f41c5934d010de66ad104c6e38cd26c146e0cb4b1b59e8e833cdfbc61bc9a2c,2025-01-14T14:15:30.130000 +CVE-2024-35278,1,1,dba5ee459729d0618f30372e7418d89fc2322b58b80fc5a2eaca09ea6cc469e1,2025-01-14T14:15:30.280000 CVE-2024-3528,0,0,73792362235e828bd56025419c83c67ec901a0e2b04dfa37d11c551a857b0238,2024-11-21T09:29:47.207000 CVE-2024-35282,0,0,174e154b42e127fa67b7958222015b753e479a85266f575b2e2ca4b3057942d7,2024-09-20T19:44:17.557000 CVE-2024-35283,0,0,fdb32a776c5efc323466eaba6c259cf3489c6c6ec5c750c58fec77f2eb007c63,2024-11-21T09:20:03.977000 @@ -258489,7 +258510,7 @@ CVE-2024-35779,0,0,379e9188bf2eee0b63db1fbadf6625000842ff69691760967061fa8a6d4b9 CVE-2024-35780,0,0,6a6c86cac11c9e09ba89d794c1fb76158133fcd262b30e8dcf502eb12e81a2ac,2024-11-21T09:20:52.707000 CVE-2024-35781,0,0,420125c8934b01502d080ad6557e568191eb4f2ddc9a33532aeabff8c5179b91,2024-11-21T09:20:52.843000 CVE-2024-35782,0,0,6c483e8bc7721efa75f8db2f2d6f64613ae5c450037f618081a280a553a2c572,2024-11-21T09:20:53.013000 -CVE-2024-35783,0,1,c048d37bf779a04696cbb12b5fbe4472a5cfa72c0d5da7c3687932cecb797cd6,2025-01-14T11:15:15.557000 +CVE-2024-35783,0,0,c048d37bf779a04696cbb12b5fbe4472a5cfa72c0d5da7c3687932cecb797cd6,2025-01-14T11:15:15.557000 CVE-2024-35784,0,0,6a36ecbf216ecaf3512a6c5b2ee3703a250b459b4a7ecfacf4fe0e8fda312a85,2025-01-10T18:09:46.203000 CVE-2024-35785,0,0,77c21670bce798ec6fb6e30378d55b3c958574746063148d56c3b95ce96a48ea,2024-11-21T09:20:53.437000 CVE-2024-35786,0,0,77f89bb040cf765f6d9234d420731b7c23c63247ead02a0f8c0b8e4af33e99a9,2025-01-10T18:10:34.873000 @@ -258520,7 +258541,7 @@ CVE-2024-35808,0,0,8cd0348e85e84afc85516e9508e28b368a1738ec259235e1ee14afd348ff6 CVE-2024-35809,0,0,47f3bd95a8279da81b1989e0d15fc58339b73402682851154c2828a34e185e75,2024-11-21T09:20:56.760000 CVE-2024-3581,0,0,93a459cabeb85870643801d1bff717bb88967edd8693d080ac01eb4c99cae97c,2024-11-21T09:29:55.307000 CVE-2024-35810,0,0,958005a5f063c06af5e802039d86259896a68546043fceb83b344e24e9933223,2024-11-21T09:20:56.973000 -CVE-2024-35811,0,0,ac3030b7c23805ed73df3674fc0746d1a11c0db7e84d07534653d2b5c5116776,2024-11-21T09:20:57.097000 +CVE-2024-35811,0,1,07bf29f6246072321203660edece51241e3f9dc6207fed7396aa997df3c1c0a5,2025-01-14T14:23:38.660000 CVE-2024-35812,0,0,88ab3c5388076701bc302df8ff295570e098a0e08ef335144c7c2c608124795d,2024-06-04T13:15:52.390000 CVE-2024-35813,0,0,d55ed165ea93f7a284698fda3dab49c6a62251de40b377ecee6122bd5051e8ff,2024-11-21T09:20:57.250000 CVE-2024-35814,0,0,ecfff0df086e37e64b9e59cc4d1488e80f1e052fe64ccbf325c70a844c28d260,2024-11-21T09:20:57.387000 @@ -258538,7 +258559,7 @@ CVE-2024-35824,0,0,a403e4a74f7832cc37435f918cd1ca6ecfed4d6cf6bfefb710d0ad19aa9a4 CVE-2024-35825,0,0,27c9b17e71f5caab539149aa00cd74443946d243daa5adb95171a79fc4d7e861,2024-11-21T09:20:59.060000 CVE-2024-35826,0,0,ec8cbcfd63c65f59c0850cabf706bced87ffb9d4008267a7d11b9c8e318094a5,2024-11-21T09:20:59.207000 CVE-2024-35827,0,0,3fa793524e24dee4e9d6e935b987f9463c923c8accc7a3a52a7a4fee3204f5d0,2024-11-21T09:20:59.340000 -CVE-2024-35828,0,0,de3f75129066fb9aea9e0e602df7010dd2929ac6b9ffb4fc7c9077264ef5e04a,2024-11-21T09:20:59.467000 +CVE-2024-35828,0,1,c3ceb3a1c08559806a526755e1b45e46ac8c079d2fe6a16981b1b82f06abc41a,2025-01-14T14:54:31.167000 CVE-2024-35829,0,0,d8e26c284e6e13bbb526b60219f325c3261131a38492220166de44d7656d0f6b,2024-11-21T09:20:59.607000 CVE-2024-3583,0,0,d5bdb2e5af815aabe4f44a08098e593028e67339d15233bcfcda89371ddc7214,2024-11-21T09:29:55.547000 CVE-2024-35830,0,0,131b055f389f68373142dbdd992127723644363f1ce6f81502183d72e63e9fc0,2024-11-21T09:20:59.803000 @@ -258690,7 +258711,7 @@ CVE-2024-35964,0,0,953ba8d598cdb2dd14f3e166e43811c72fca10a34dcbaed1f10ff61dddddf CVE-2024-35965,0,0,cb355b9530201a0044356deee31fbe40daec64a92cd3106a492602304c2e825a,2024-11-21T09:21:18.773000 CVE-2024-35966,0,0,f33b546ca6fdfe8b921e8d93271b5fecf0ee3a484f643b806aa94ca117dd1c08,2024-11-21T09:21:18.900000 CVE-2024-35967,0,0,fdcaf1e3f97f3de5a1f0700c84f409c13f5b9f22d245fe13b8859ebfd436a328,2024-11-21T09:21:19.020000 -CVE-2024-35968,0,0,92d98da324370e6fdb54f550dae2cb91f4215a3ad40bee1d7ec1828a0a7a26c0,2024-11-21T09:21:19.147000 +CVE-2024-35968,0,1,e78a949ee38e30bb945ea2f4ffb3a9d4de43a584980b899a912693da08777de5,2025-01-14T14:41:00.457000 CVE-2024-35969,0,0,57851844c3f9780d2c31b6b11a5445e3dbe88253ceef2f2aad7c8e0876c485ee,2024-11-21T09:21:19.273000 CVE-2024-3597,0,0,a7dc7cebce835d8c3ee68919fe17093c31b17b7ea549be292a4206aaf18b81c1,2024-11-21T09:29:57.300000 CVE-2024-35970,0,0,651df0a6cd6aab33f31b2420b0aa32337fa146329a73038046318f9bcd49ec05,2024-11-21T09:21:19.513000 @@ -259143,11 +259164,15 @@ CVE-2024-36500,0,0,3749986292cf3f04be3ecd79c3eae7049cd48de8e666dbec442c9f3a4ab4e CVE-2024-36501,0,0,9c0f9c29b1ea578ebce558d7100251055f7ba2e7147d4ca51f7dd8451082c4ab,2024-11-21T09:22:17.977000 CVE-2024-36502,0,0,fffafe10f0702323c26baccbe897485dd35ab633d4b0d89efe45f6d8d1e5c5e1,2024-11-21T09:22:18.110000 CVE-2024-36503,0,0,54ada8b9d8eed2c037238cccde3657d3a80dd1f98e801f7a69d977747c8040d6,2024-11-21T09:22:18.260000 +CVE-2024-36504,1,1,e3e9292ee263333e72044609b9b47904abcd7e197e4a1bb7df09c7b82f9cd415,2025-01-14T14:15:30.433000 CVE-2024-36505,0,0,fb291dd94dce4e50449c9e877ac2ca2ff61e5da72ca7ade21bdb425debb63d84,2024-08-22T14:36:31.643000 +CVE-2024-36506,1,1,9307fef39a0d7679f16b257ecae474a6c80b67726aa819bba669245d29657ec3,2025-01-14T14:15:30.590000 CVE-2024-36507,0,0,04a24cb7eb80c7ce5b0cd930e917054d877c6b282e7beecab850e0815de29b70,2024-11-14T20:31:45.367000 CVE-2024-36509,0,0,51a3ce39b65e0ccad621c0235a19da7b333d1a36b9c66eded9ef595731c58b4a,2024-11-14T20:33:44.727000 CVE-2024-3651,0,0,ccda00a280c38637cc17b638d5c91961891d001821e1052b9fc773bf82e39d71,2024-11-21T09:30:05.170000 +CVE-2024-36510,1,1,a41b277a39087e0104fb0be8446732f86015fc66d966e8e2ecf87de1b3a9368e,2025-01-14T14:15:30.737000 CVE-2024-36511,0,0,c0da5dd4b7ff65370d60d13062a323a1aaf424bbb9ae24c4ffc8a28beb2751bb,2024-09-20T19:43:25.023000 +CVE-2024-36512,1,1,3099e29a697b87ff75365698c76c26f315d2ce105ba904d851745cbc3c4fc648,2025-01-14T14:15:30.880000 CVE-2024-36513,0,0,ee921d2ae73d79a0555cae5621e49e24e34fdc6c7e4a1ff34a39def65fd8a7b7,2024-11-14T20:35:26.093000 CVE-2024-36514,0,0,dc8ca9154af7beb05da22020118383c29164d6220eeec3886ce7403901a1e1de,2024-08-27T13:28:33.090000 CVE-2024-36515,0,0,ae9f00a24ab36e0dd18f037c094f8dd91bd1052645f659af43e5a534764ff4c8,2024-08-27T13:28:09.360000 @@ -262055,6 +262080,7 @@ CVE-2024-40579,0,0,da11a1c0f7825d9658796f4408f8973703e2e8887ee02d7fb06e9fa156da1 CVE-2024-4058,0,0,41bd13730a967fba6dfa98e0a473274805b3a9521fbf9427b1f8ca715400dc8e,2024-11-21T09:42:06.270000 CVE-2024-40582,0,0,dd0f2a6d540adec2bb9dbc707f94fc9dff9972da1e4d33c84f17f86b02c0ca18,2024-12-11T16:15:10.873000 CVE-2024-40583,0,0,060f59166f99bc729cca84acecd51bc3d35affc7058999b403ee573e24158633,2024-12-11T16:15:11.080000 +CVE-2024-40587,1,1,38c5312a4c9238882bcb91fb2b3d2734ca1ffc9bc5b9ceca84014ea68da47d0d,2025-01-14T14:15:31.027000 CVE-2024-4059,0,0,a7395c4133ca68cf195a746536b2a10391759a1b7af0981398c03fdffb32f8d2,2024-12-19T18:56:45.140000 CVE-2024-40592,0,0,70d588c7e0dd63c3f30c565c48cdd17864cf3988f3b717bd753beb73e71e83a3,2024-11-14T20:37:06.040000 CVE-2024-40594,0,0,bf65899143a2f4c0e93f528c3b9a7873123db8d586300b13b7dc1af3be463ad0,2024-11-21T09:31:20.467000 @@ -265624,6 +265650,7 @@ CVE-2024-45319,0,0,f54a68d148467026440ad15f341a6bfb542cacddb35ec8506cc4659fa4aa3 CVE-2024-4532,0,0,014dcf5f2708015805e201ab211b9cd9fe192f81599e256bd8dd0d34d23e73ac,2024-11-21T09:43:02.993000 CVE-2024-45321,0,0,7c76da4e7fbb2242661f83a4480b440b53d8e0cb0dfda635981d7f5cbb74ebaf,2024-12-05T18:47:30.633000 CVE-2024-45323,0,0,0b7a355a77d8731838f1cae0db38407098fd6b4582cf218a996117fa53bb1c18,2024-09-20T16:23:51.397000 +CVE-2024-45326,1,1,86ebce8f30d55c1b2581cd9f16d3a4529cb04f091a99a26c0b2f7f2fa73b1005,2025-01-14T14:15:31.183000 CVE-2024-45327,0,0,42ce17a56d26e9f93c0428bdd57edccc07f542ef58a06cef469cef22c8286e63,2024-09-11T16:26:11.920000 CVE-2024-4533,0,0,565c4992f22cce399c7ec79b1c1f5241de1ceb51c7019357739f36b97aa0a0ff,2024-11-21T09:43:03.177000 CVE-2024-45330,0,0,e9c0a42cafd75c39cc2fb6322b0e3eb6100b15258e5462b4bef0ad15a3b44297,2024-10-19T00:41:09.717000 @@ -265652,7 +265679,7 @@ CVE-2024-4538,0,0,5bd1ad90e973f76dc331cc98dd5010eac6153f7bd5c3f59bc15316bd99e49f CVE-2024-45382,0,0,cd17bb10b42a7a52154b8f180f6a96138cbe671bc16e0955e6b9f0951bb6f705,2024-10-16T17:43:43.917000 CVE-2024-45383,0,0,18b2a12c0247f6bd404573e4f3025c14dad6c1dfae1f9cf4c31db12712f62634,2024-11-21T09:37:42.043000 CVE-2024-45384,0,0,cbfb50bafa8517a7944bff5db1df53c710c3eadab72436ecb1123d86217adad5,2024-11-21T09:37:42.190000 -CVE-2024-45385,1,1,0ff36faa4890e68eda1f2926aab7ef6bfdfdd26ff04558ffd7c599d744ddd711,2025-01-14T11:15:15.750000 +CVE-2024-45385,0,0,0ff36faa4890e68eda1f2926aab7ef6bfdfdd26ff04558ffd7c599d744ddd711,2025-01-14T11:15:15.750000 CVE-2024-45387,0,0,da4b0586d68c4f918b7336c262bd810eaac6fb06288260c72c637886e434ed76,2024-12-23T18:15:07.043000 CVE-2024-45388,0,0,5e8b5ccfdf2c3da6b5d7948eeb7403963fce2832acccafbcb71f9440d5a08c72,2024-09-19T15:18:32.007000 CVE-2024-45389,0,0,7edb5866be2f947d92ed825c273c577f4ddbd466128d69408c1eab72a19e26af,2024-09-12T20:17:31.767000 @@ -266304,7 +266331,14 @@ CVE-2024-46655,0,0,619756e28facd4dcca44a3c94ed931cf61b4408f1c51eeb5eca49c9e1ace2 CVE-2024-46657,0,0,a5ced2fc9af0ce563815dae98d1fb612587af65b11df31ab1959075bb6481834,2024-12-11T16:15:11.770000 CVE-2024-46658,0,0,8759efef114d9b796a08c43f5fa85fe56a819964b257a73be81a7a6eec47c6d5,2024-10-07T19:37:30.467000 CVE-2024-4666,0,0,b7505f51131c566a65a04c854bf3da56137a32df8f67317652113aca5c7be8be,2024-11-21T09:43:20.073000 +CVE-2024-46664,1,1,e5218d6b2c148dbf578051c94ba6f67a57c7c795fa44a41d0934f6272f8ab248,2025-01-14T14:15:31.330000 +CVE-2024-46665,1,1,51bd9d8a8d10de7cb9b13827256a3212419a2fcd5cd656a056f5afa8f0b477d3,2025-01-14T14:15:31.490000 +CVE-2024-46666,1,1,a91168f7bdb2c66289f2d18f1a857f5d82553dc0bcf1da79fcd73565750f87dc,2025-01-14T14:15:31.647000 +CVE-2024-46667,1,1,720eb21744d167d36a40147a328aabebc6b9b3cd3d50995e14a58c6fa9720f82,2025-01-14T14:15:31.797000 +CVE-2024-46668,1,1,67b0123ef714dcf5e7fcef0ddb8932a4d3a92d3294bec6da1ae3760a03a61dac,2025-01-14T14:15:31.950000 +CVE-2024-46669,1,1,bdef86248ec7b557b3ba17ecc147870f48f5ccc58ebb3826e082c5281bc175d9,2025-01-14T14:15:32.100000 CVE-2024-4667,0,0,0ba4feb9061227f326b9f44983ec481dee587f64e4899bf77e538f69f9f74063,2024-11-21T09:43:20.190000 +CVE-2024-46670,1,1,4504416ea77713541266a837baa7d90c2bfbc1e25606035675b447f096e61748,2025-01-14T14:15:32.243000 CVE-2024-46672,0,0,bc507e64d04ea5640093bd9a3ca6fe7f0c7a71643b79e70f9ab8ae27db60ca75,2024-09-13T16:29:17.123000 CVE-2024-46673,0,0,3f51c09e700b38d12ae33fe015bc01f6f75ee9c1181458b7ce2541d901e5897e,2024-09-13T16:51:39.117000 CVE-2024-46674,0,0,658c5615ef5104d2b41abc83d32329287f71abd731b08493051a521ab04d6ebc,2024-09-13T16:51:45.103000 @@ -266704,7 +266738,7 @@ CVE-2024-47093,0,0,254373901b8fc660464b2e2de4e7fbfe56fe2ef0b4d8cc4ab6e7d7491a830 CVE-2024-47094,0,0,d24e1f292f7d19d40d32d967d3e72cc931ea886edc80358cb771de69f5f1ca5a,2024-12-03T20:01:52.610000 CVE-2024-47095,0,0,ab3ae5fb8cc2610821c1dec2e1fa7073f06cbe80c80fa571d8c05d61db95648f,2024-10-10T12:56:30.817000 CVE-2024-4710,0,0,9c507813f9fc80a7b0290c71ebb56c5cafbe3613f57bf93e1120a9c56f52904d,2024-11-21T09:43:25.600000 -CVE-2024-47100,1,1,c07ce74430e20aa3d764f00bdb8922764a353dc3a99b907d7385c250814a1d30,2025-01-14T11:15:16.573000 +CVE-2024-47100,0,0,c07ce74430e20aa3d764f00bdb8922764a353dc3a99b907d7385c250814a1d30,2025-01-14T11:15:16.573000 CVE-2024-47102,0,0,0864a20740f0de5ffc38497db2f0d4f8389b304278d9ae91ba201d1cd5b77740,2024-12-25T15:15:06.583000 CVE-2024-47104,0,0,9f2e725614bb591f1dee85b094aedf7e5ce884d4ec064c7905e6916502af1c82,2024-12-18T11:15:05.763000 CVE-2024-47107,0,0,cbccf574787d61b4f6ca0e02b243f9353763dfcf6f42da1d1ab7d0498a1d160e,2024-12-07T15:15:04.123000 @@ -267088,7 +267122,10 @@ CVE-2024-47561,0,0,f17764695fbbc71bb6294f0150402374289bc95733ccefa47795f57080dc8 CVE-2024-47562,0,0,22d7aac266fa2bcc932f0f43047690776f5dbeae34fea86034497bd09b4b2170,2024-10-11T20:04:35.480000 CVE-2024-47563,0,0,ceef06dc2480b41957bf3bbf91f7572558ef123ada102fed1a77a39f26abdf49,2024-10-11T20:05:05.143000 CVE-2024-47565,0,0,36b5b2774ba0114a0b6b38d7c3f6e740ed1cceb643a386f25a7f0a47c87192f0,2024-10-11T20:05:59.237000 +CVE-2024-47566,1,1,8415f1d3a43aebbe82674cdd93d5aedf8e9b361a4bd069fcba002a37d22f49b3,2025-01-14T14:15:32.400000 CVE-2024-4757,0,0,8725ef836161b110d22ecb4616862fd191a65a364176246ebd41f0c649a57c8e,2024-11-21T09:43:32.290000 +CVE-2024-47571,1,1,f2f2772b43e2a9f9133636bff15d97165e8c9b10c29858f78088dd8510ba00d2,2025-01-14T14:15:32.560000 +CVE-2024-47572,1,1,29de01da91866f177436341f1451b406eeef19eba11dc0c940dcd06d1a33e87c,2025-01-14T14:15:32.717000 CVE-2024-47574,0,0,b053f693b774c7953ae85400600819c5392a7ad8eccc8a3cd4089d5ddc67765d,2024-11-13T17:01:16.850000 CVE-2024-47575,0,0,8a9e09b118d95daf165d3ea923803180c001f61012a5c234044b57c730876d25,2024-11-08T21:16:28.987000 CVE-2024-47576,0,0,88f7e74dc57b5fa3165bca4e8de12361a68dd9037f9a61c6c1b0e979a41fbc7f,2024-12-10T01:15:05.340000 @@ -267852,8 +267889,12 @@ CVE-2024-48878,0,0,61df8c716ea1a9423d8f98d007fe741d86381fb579c3442ef6d827deee3b2 CVE-2024-4888,0,0,133d57bae18b01966145fd4e4ce13e18e7959193dbb6b4323cb9d35593035efb,2024-11-21T09:43:47.830000 CVE-2024-48881,0,0,ebc6f1728ddca45a5c4c77e921d1ab1f076b9c09394d13101391d66674a8d76b,2025-01-11T13:15:23.437000 CVE-2024-48883,0,0,40a7c06416987571c8a8b08bd952b0491dd531f3479f503fba90cb6ed5c81613,2025-01-13T20:15:28.770000 +CVE-2024-48884,1,1,d7531b7cb1135a3712a0535e6ddd9869708afc1b4a4e954957fc71e4dc4da04b,2025-01-14T14:15:32.873000 +CVE-2024-48886,1,1,e66f6047d306aaedc1af3f50921854a8ed3741d3b76c9be2c96afcce2b1dd88b,2025-01-14T14:15:33.027000 CVE-2024-48889,0,0,8e1bac12eb50f3243e5ec10f0474e909f75dc6516eb6b1b6cee870377808ea68,2024-12-18T15:15:11.713000 CVE-2024-4889,0,0,54e41cd985dde0162870a1a62b42a9fd40bf90446677bc64ce2d3dd7fe90e1b1,2024-11-21T09:43:47.970000 +CVE-2024-48890,1,1,4469bd7019e5860ff35434033c96f58dc6df56ea5261eeffe1e90439382296b3,2025-01-14T14:15:33.187000 +CVE-2024-48893,1,1,57bd45a691616c93ba674432be2e4034ddd715b1a09af0f667c42fcf3300c76c,2025-01-14T14:15:33.333000 CVE-2024-48895,0,0,2619cbfc056db229022c601c361879a86e8ef7297a78db8864167658fcd89d44,2024-11-21T13:57:24.187000 CVE-2024-48896,0,0,68f9b7eee2d42fd99555582d831f186b3535e450fad14d101fd4d18eb273b831,2024-11-20T14:47:12.777000 CVE-2024-48897,0,0,f3182141722d6be3bdc9aba61fbb38fd1908803d90d823ef2ab33a0e64cdc49a,2024-11-20T14:48:25.373000 @@ -269030,7 +269071,7 @@ CVE-2024-50307,0,0,effd6ec5b86bf22e86b034cf0d56aa80ef1054d58eddf4f4569fd5216a211 CVE-2024-5031,0,0,c308606af56c2c63972fb5c4124ab9d975213c17c216c9acc47e4e56bb8f8d42,2024-11-21T09:46:48.853000 CVE-2024-50310,0,0,0aa8bf92cb0c2ce72d2591b8a623d6ab248b2abe4cf7e33609877fe3cb7813d1,2024-11-13T23:15:38.657000 CVE-2024-50311,0,0,b0292ba610dd96aa55991ae2b3d8d9a3245ae7b245c406d2ccd4b978c4c63f18,2024-12-04T08:15:06.993000 -CVE-2024-50312,0,0,a7c4b05d3d3f339ecdf585e78123d67608338d22201a07dc1ab4fe90abd45688,2025-01-09T07:15:26.893000 +CVE-2024-50312,0,1,3cc5da6adb55fa8882e7ead9469de956a8282866e867afed1db3d9ff1d8509f9,2025-01-14T13:15:19.733000 CVE-2024-50313,0,0,64114bcba17ddbbd52304f776f5dd6f39dd07ae575272b42861ff4f8f52981bf,2024-11-15T17:12:44.410000 CVE-2024-50315,0,0,4cc2faf3d8c489bc195ea9b1b71e3db71fb7f18259f91c4f6bf82e911f7ad06a,2024-11-06T18:15:06.173000 CVE-2024-50317,0,0,bb18489d7989fbe06416c7902779e422cf61fac95f0d13f7e09c0b8e1bc37193,2024-11-18T15:06:49.627000 @@ -269283,6 +269324,8 @@ CVE-2024-50559,0,0,dfa1c4cb23ceb2f70b4684ba6fc94ad535123e84e14b38239e2546f378ae5 CVE-2024-5056,0,0,8fffdd4127619c786aa0989407007469ff9a6aa73bf668207b4ad19c19de1531,2024-11-21T09:46:52.267000 CVE-2024-50560,0,0,849cbb22dc43c9735ca18b0189950c1e8b5ecac4d47888f5bcbc5715b936ca6b,2024-11-13T19:57:26.073000 CVE-2024-50561,0,0,6a51b1f26d5cf18987d57ec188dc14932c4d4312c95a1bfb0fba3e588b50e618,2024-11-13T19:57:56.313000 +CVE-2024-50564,1,1,e7d7ba23b6b0bd993389dc5aa1693345829839ebf13dced1f3e6b06c0e9b8cb4,2025-01-14T14:15:33.490000 +CVE-2024-50566,1,1,3bfb5a17edce1a8fb08ca6a9da44a890273e947e3c31fd7cc912e28d4fea9f0f,2025-01-14T14:15:33.650000 CVE-2024-5057,0,0,4e84b19a66dd237677e71f8f6b2954676ecae2fca742ad51c75df8e74bfe774e,2024-09-20T19:31:39.437000 CVE-2024-50570,0,0,2d9dc66724750d347def0458b21203e33f8d848938408b5276fa284db7ba2a64,2024-12-18T15:15:12.660000 CVE-2024-50572,0,0,87b1aa24f79c401027b600910fcd433cb81a62e025ef81c863f015edbd3acb6f,2024-11-13T19:59:16.777000 @@ -270720,6 +270763,9 @@ CVE-2024-52951,0,0,88467df47cc32548afc6312c57f27d2a7d0655e1c934e59eb5eeea7c6be50 CVE-2024-52958,0,0,965d541bdaa048d08984be57ec6ff291abae1c702954dddd32ec7b0108549df9,2024-11-27T06:15:18.590000 CVE-2024-52959,0,0,2eb2157890632ca954f7c150a61a989fe40d967f91d0ca40fadb69eac73b6b64,2024-11-27T06:15:19.083000 CVE-2024-5296,0,0,f4668a62dc8d11409bf71e36f1f99bcc5881901b7026ad13be4beab222eb08c7,2024-11-21T09:47:22.827000 +CVE-2024-52963,1,1,4d65ae9a0e936d9582d3eb41b8e0c41c745523171603fd5bdb53ac17d9891400,2025-01-14T14:15:33.807000 +CVE-2024-52967,1,1,6223077f8a0a2ff718c0eb1c7cabde521405743774a581e8c0fdd7de5061fa66,2025-01-14T14:15:33.967000 +CVE-2024-52969,1,1,8d77c8e05c53f2f4fc2a735cd22e03c6d83b18c43f947f3dc1496437db7a937d,2025-01-14T14:15:34.123000 CVE-2024-5297,0,0,4e7f74d9629bbb9b864fb76b28bd5d406dd3be0c174577372182a6d0a600d934,2024-11-21T09:47:22.990000 CVE-2024-5298,0,0,329feabae44ccd7ff86530cac1ce0ba86c416ea44126377af7ea7290b6d65a10,2024-11-21T09:47:23.103000 CVE-2024-52982,0,0,87ddbec0fddbec6a4eb61fd0607c77d31103b1dd9283c5a13ec4d5a36a8ccef0,2024-12-18T18:22:52.637000 @@ -271104,7 +271150,7 @@ CVE-2024-5363,0,0,26d4875386ad8c3215b4c09e1b67dd8ce62939d9e762298e9b8ac4e18d0732 CVE-2024-53635,0,0,69eb99ebd3cc8f0f627f786197a00b6b987c88368caf03b14418ba15ea7b94e4,2024-11-27T18:15:18.130000 CVE-2024-5364,0,0,70608899f95aca150ea63ad11d46a4a5108c90127a7a301ace82188c2357f63e,2024-11-21T09:47:30.357000 CVE-2024-53647,0,0,cfcb346f723938ad054c8fdc72391827a75db16440dc5160efbbab2c409a3044,2024-12-31T16:15:26.437000 -CVE-2024-53649,1,1,c4c6b955106a096e3730b531752c300c6d2c019faf872c25a38e43153658bc98,2025-01-14T11:15:16.820000 +CVE-2024-53649,0,0,c4c6b955106a096e3730b531752c300c6d2c019faf872c25a38e43153658bc98,2025-01-14T11:15:16.820000 CVE-2024-5365,0,0,1cfce3a239d45132ff3721a342529a7c8292cbd269d61639965b045e1105a397,2024-11-21T09:47:30.490000 CVE-2024-5366,0,0,3d4708898dde8c46157274fab31aec2bb1d6d4355897d80e5ba83e77521494aa,2024-11-21T09:47:30.617000 CVE-2024-5367,0,0,a7221799367d103e649a718fec766a2c3243ad87477c7760cdab4ba0815d2580,2024-11-21T09:47:30.747000 @@ -271384,6 +271430,7 @@ CVE-2024-54009,0,0,57a4bb8c66b26b4000e58cbef542e2f0e67be86fc478ee09e8a3296c8cd7f CVE-2024-54010,0,0,55025b40a5b298b8a5e8aa969e96243fb05f1dc7d8c7c838522e5ec07eca40f1,2025-01-08T21:15:12.900000 CVE-2024-54014,0,0,fef0a2723f6d0eb99b08285b0e1281168729dd64327291d1bbdb15f503c04c5e,2024-12-05T03:15:14.530000 CVE-2024-5402,0,0,369141076231aa822f3b7e1a9c4a08753a10cb13fa106f65751574195737991f,2024-11-21T09:47:34.947000 +CVE-2024-54021,1,1,eb34467909589e9ed378241f26b68d9b57aaa270e202ff278b5bef31a7fb90c0,2025-01-14T14:15:34.287000 CVE-2024-5403,0,0,f4e58d907f2a672c85e38960e3074ec1cb3261646ec2ccae3d1a32d0c95159be,2024-11-21T09:47:35.097000 CVE-2024-54030,0,0,07c84f217a6fa368622d2a223843d19c0c7e728e80537c7c260b676bb124b4cd,2025-01-07T08:15:25.760000 CVE-2024-54032,0,0,1ae7bed178388a8becc0b2310728246bc38710e9f7ad794feb179bb616babfd5,2024-12-19T19:03:15.563000 @@ -272057,6 +272104,8 @@ CVE-2024-55582,0,0,8c7e64bb3acec7a473c6e65040db0fdec814405cb32a2dc0c98b336fe36f3 CVE-2024-55586,0,0,925f554fe1c6418481a3cd536be7ee8d09491d59c7f2a3844aeb8009a61c81a3,2024-12-12T02:08:22.247000 CVE-2024-55587,0,0,043360c021c66dd2c5a5e7aa976c02dd7134a3fcd9d370dcc05a2b2b78d778ba,2024-12-12T17:15:11.197000 CVE-2024-5559,0,0,da875044adc3709281edfed6e696b593f02a48923f7270d2350dbdeb9c3f0186,2024-11-21T09:47:55.840000 +CVE-2024-55591,1,1,8a676da64de87fdff554350b8ede260af0b8d141fe727b890230144ba7de5713,2025-01-14T14:15:34.450000 +CVE-2024-55593,1,1,7966b8c0c61f0e982eed66bcaeabb127b9928db85b43c7e5a46fdeafce2a85f4,2025-01-14T14:15:34.610000 CVE-2024-5560,0,0,201a92ce337d2fd4d85cefc5a8b186dd1f339de19f8ea6d91a69fddcd5fd3ef6,2024-11-21T09:47:55.983000 CVE-2024-55601,0,0,3b6016987278f61ded580e0e03402a0550929e4ad53cc1af6a73ada12213c6f3,2024-12-09T22:15:23.100000 CVE-2024-55602,0,0,396d72563ab4a374ac0c8980e8cee78cbdbdadbfbf983b79309109b631e68a0b,2024-12-10T18:15:43.500000 @@ -272502,6 +272551,7 @@ CVE-2024-56456,0,0,ffa3e9a4f19018bcf11c859795308311b14e0895d36772f424432ee894d6d CVE-2024-5646,0,0,c48b41c63e1dae6ddb1f5f69529911450f8300b5322652ac7b1465148b11ea55,2024-11-21T09:48:05.203000 CVE-2024-5648,0,0,bc73cf61a73f7ebbf93011e7f0eec24203116f4c2ab4460b3b361f438af2c397,2024-11-21T09:48:05.320000 CVE-2024-5649,0,0,92f21873e8ee5bd32fcc22cd04303aa3780b31222c125187737acc3fe33a1fe2,2024-11-21T09:48:05.430000 +CVE-2024-56497,1,1,9e1301cea3ad51076f7a891451fc948078d213e3257e4f6d9b488956f6ddfcd1,2025-01-14T14:15:34.760000 CVE-2024-5650,0,0,e326c3216630004af5368334e17751b93c2144fc6e95ba439673319f24c5efbd,2024-11-21T09:48:05.557000 CVE-2024-56507,0,0,2fcd6aea186081b10138c7efdbe4c6828fb4bc2d016266039f2e51dacfa7b54c,2024-12-27T21:15:08.287000 CVE-2024-56508,0,0,62a7f3a0dfedbfdc727f7144b117b7a6dd3c469bd925b864f6c6e3be9baa32e4,2024-12-27T21:15:08.390000 @@ -272816,7 +272866,7 @@ CVE-2024-56829,0,0,fb517ef6b7f51e566ba1e37004f2890737a0fef0bcdec303fd5ff6dcfac6c CVE-2024-5683,0,0,881352e7cddbf9570cae104e43894ad6185c01dcb07cd1be33b2f8fea4b1c33b,2024-11-21T09:48:09.327000 CVE-2024-56830,0,0,79c85b0b070d5536c466f2e90f00cc426f8f9dfa98d4a97719c579eb1ffbed30,2025-01-02T05:15:07.967000 CVE-2024-5684,0,0,89fc556df6ea8323aa11fe4b3357624e27d83b832e2994b2f9ef28181d8fd16e,2024-11-21T09:48:09.440000 -CVE-2024-56841,1,1,00e6b1866469faa47f0316ce82befa0216f19384ec02a27a0ba58da8ce558796,2025-01-14T11:15:17.020000 +CVE-2024-56841,0,0,00e6b1866469faa47f0316ce82befa0216f19384ec02a27a0ba58da8ce558796,2025-01-14T11:15:17.020000 CVE-2024-5685,0,0,0c1a4251459dbb721b4f03df2fa84a864dbca3ca052d26de3db680c230fc2f87,2024-11-21T09:48:09.570000 CVE-2024-5686,0,0,494008cd50a5cb32ba05dd687e88d5cd5348379ce547e26ef1644b29c1645806,2024-11-21T09:48:09.690000 CVE-2024-5687,0,0,9369fec80d103c4a22eb73ec3506b871dd90ca5a0f07d3a11cd2907750f40445,2024-11-21T09:48:09.810000 @@ -274393,6 +274443,7 @@ CVE-2024-7340,0,0,afceb6b3fac1138f8cb83e0f415cec5ebdcab90ac887ac6cc7416d04596c33 CVE-2024-7341,0,0,9879605967e8521e630e3508fca649ab0616466777cf91cc4c4478c8d606e537,2024-10-04T12:48:43.523000 CVE-2024-7342,0,0,bbab372366d62b7492fd885c0fd46da4598051b512f5991327f8cfce46915879,2024-08-15T18:40:22.537000 CVE-2024-7343,0,0,7f2632b50e9d4a4da19cdb31448eaac6640ad60d85ef9c956fde33f5c8956343,2024-08-15T18:40:52.707000 +CVE-2024-7344,1,1,169954b6690d2f6aeef902690aa74d75c4836343156776b1d35bfc6a380de364,2025-01-14T14:15:34.930000 CVE-2024-7345,0,0,7689b50cbee63ee18ebf904fc91903644247462e42f3178c6191ec55402d6f73,2024-09-05T14:11:00.493000 CVE-2024-7346,0,0,25638c7d38cc54d22ba7fca216c7c1e04ae0c03279aa3b42c264161ca8172985,2024-09-05T14:03:24.040000 CVE-2024-7347,0,0,052850221e337731d4f88404cf83263003b44cf188813b50c9e6a1df4baaca23,2024-11-21T09:51:20.560000 @@ -276732,7 +276783,7 @@ CVE-2025-20126,0,0,0fcc9383f8a59c5e0d551ae3c2ee7933f9c74701d79731c282030a0992412 CVE-2025-20166,0,0,188546bff78f1ed6c60c3dafa709981ac0aa7d116e226da5b14281c3f0f04183,2025-01-08T17:15:16.990000 CVE-2025-20167,0,0,ea01454738582257d8f0561c538bde2bc3fca79642eac6232d7fa05917ea3b87,2025-01-08T17:15:17.163000 CVE-2025-20168,0,0,f8a58ad4899086a228f10ada9d537b9205b9094ad2b0c298be3af0260ad230d2,2025-01-08T17:15:17.323000 -CVE-2025-20620,0,1,1e8e0ac38b52cc7a57624834c34b6768518bcb15ec9ff959866d53e2714e094f,2025-01-14T10:15:07.860000 +CVE-2025-20620,0,0,1e8e0ac38b52cc7a57624834c34b6768518bcb15ec9ff959866d53e2714e094f,2025-01-14T10:15:07.860000 CVE-2025-21102,0,0,8153781fb244bf502850065fab180d787cadc10df5675c4bfb3f0250244d97ce,2025-01-08T12:15:22.850000 CVE-2025-21111,0,0,ac99f23afec6fb5ea7aef333a4f2d14bc0359a06e3db388b0b698b212d2c1078,2025-01-08T18:15:20.157000 CVE-2025-21380,0,0,4c50921192674428f12ee9508d0865ca454638893a117ed6c41e0d9bb5aca2bc,2025-01-09T23:15:08.340000