admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-27T15:01:01.661893+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-27 15:01:05 +00:00
parent e15b9cc23d
commit 8ddfb7d979
87 changed files with 937 additions and 175 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2021/CVE-2021-469xx/CVE-2021-46907.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46907",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T07:15:06.543",
"lastModified": "2024-02-27T07:15:06.543",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: VMX: Don't use vcpu->run->internal.ndata as an array index\n\n__vmx_handle_exit() uses vcpu->run->internal.ndata as an index for\nan array access. Since vcpu->run is (can be) mapped to a user address\nspace with a writer permission, the 'ndata' could be updated by the\nuser process at anytime (the user process can set it to outside the\nbounds of the array).\nSo, it is not safe that __vmx_handle_exit() uses the 'ndata' that way."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: VMX: No use vcpu->run->internal.ndata como \u00edndice de matriz __vmx_handle_exit() usa vcpu->run->internal.ndata como \u00edndice para un acceso a la matriz. Dado que vcpu->run est\u00e1 (puede) asignarse a un espacio de direcciones de usuario con permiso de escritor, el proceso de usuario podr\u00eda actualizar el 'ndata' en cualquier momento (el proceso de usuario puede configurarlo fuera de los l\u00edmites de la matriz). Por lo tanto, no es seguro que __vmx_handle_exit() use 'ndata' de esa manera."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46908.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46908",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T07:15:06.977",
"lastModified": "2024-02-27T07:15:06.977",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Use correct permission flag for mixed signed bounds arithmetic\n\nWe forbid adding unknown scalars with mixed signed bounds due to the\nspectre v1 masking mitigation. Hence this also needs bypass_spec_v1\nflag instead of allow_ptr_leaks."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: bpf: use el indicador de permiso correcto para aritm\u00e9tica de los l\u00edmites con signo mixto Prohibimos agregar escalares desconocidos con l\u00edmites con signo mixto debido a la mitigaci\u00f3n de enmascaramiento de Spectre v1. Por lo tanto, esto tambi\u00e9n necesita el indicador bypass_spec_v1 en lugar de enable_ptr_leaks."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46909.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46909",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T07:15:07.130",
"lastModified": "2024-02-27T07:15:07.130",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: footbridge: fix PCI interrupt mapping\n\nSince commit 30fdfb929e82 (\"PCI: Add a call to pci_assign_irq() in\npci_device_probe()\"), the PCI code will call the IRQ mapping function\nwhenever a PCI driver is probed. If these are marked as __init, this\ncauses an oops if a PCI driver is loaded or bound after the kernel has\ninitialised."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ARM: footbridge: corrige el mapeo de interrupciones PCI Desde el commit 30fdfb929e82 (\"PCI: agregue una llamada a pci_assign_irq() en pci_device_probe()\"), el c\u00f3digo PCI llamar\u00e1 a la funci\u00f3n de mapeo IRQ cada vez que se prueba un controlador PCI. Si est\u00e1n marcados como __init, esto provoca un error si se carga o enlaza un controlador PCI despu\u00e9s de que el kernel se haya inicializado."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46910.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46910",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T07:15:07.307",
"lastModified": "2024-02-27T07:15:07.307",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: 9063/1: mm: reduce maximum number of CPUs if DEBUG_KMAP_LOCAL is enabled\n\nThe debugging code for kmap_local() doubles the number of per-CPU fixmap\nslots allocated for kmap_local(), in order to use half of them as guard\nregions. This causes the fixmap region to grow downwards beyond the start\nof its reserved window if the supported number of CPUs is large, and collide\nwith the newly added virtual DT mapping right below it, which is obviously\nnot good.\n\nOne manifestation of this is EFI boot on a kernel built with NR_CPUS=32\nand CONFIG_DEBUG_KMAP_LOCAL=y, which may pass the FDT in highmem, resulting\nin block entries below the fixmap region that the fixmap code misidentifies\nas fixmap table entries, and subsequently tries to dereference using a\nphys-to-virt translation that is only valid for lowmem. This results in a\ncryptic splat such as the one below.\n\n ftrace: allocating 45548 entries in 89 pages\n 8<--- cut here ---\n Unable to handle kernel paging request at virtual address fc6006f0\n pgd = (ptrval)\n [fc6006f0] *pgd=80000040207003, *pmd=00000000\n Internal error: Oops: a06 [#1] SMP ARM\n Modules linked in:\n CPU: 0 PID: 0 Comm: swapper Not tainted 5.11.0+ #382\n Hardware name: Generic DT based system\n PC is at cpu_ca15_set_pte_ext+0x24/0x30\n LR is at __set_fixmap+0xe4/0x118\n pc : [<c041ac9c>] lr : [<c04189d8>] psr: 400000d3\n sp : c1601ed8 ip : 00400000 fp : 00800000\n r10: 0000071f r9 : 00421000 r8 : 00c00000\n r7 : 00c00000 r6 : 0000071f r5 : ffade000 r4 : 4040171f\n r3 : 00c00000 r2 : 4040171f r1 : c041ac78 r0 : fc6006f0\n Flags: nZcv IRQs off FIQs off Mode SVC_32 ISA ARM Segment none\n Control: 30c5387d Table: 40203000 DAC: 00000001\n Process swapper (pid: 0, stack limit = 0x(ptrval))\n\nSo let's limit CONFIG_NR_CPUS to 16 when CONFIG_DEBUG_KMAP_LOCAL=y. Also,\nfix the BUILD_BUG_ON() check that was supposed to catch this, by checking\nwhether the region grows below the start address rather than above the end\naddress."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ARM: 9063/1: mm: reduce el n\u00famero m\u00e1ximo de CPU si DEBUG_KMAP_LOCAL est\u00e1 habilitado El c\u00f3digo de depuraci\u00f3n para kmap_local() duplica el n\u00famero de ranuras de mapas de reparaci\u00f3n por CPU asignadas para kmap_local() , para utilizar la mitad de ellos como regiones de guardia. Esto hace que la regi\u00f3n del mapa de arreglos crezca hacia abajo m\u00e1s all\u00e1 del inicio de su ventana reservada si la cantidad de CPU admitidas es grande, y colisiona con el mapeo de DT virtual reci\u00e9n agregado justo debajo, lo cual obviamente no es bueno. Una manifestaci\u00f3n de esto es el arranque EFI en un kernel creado con NR_CPUS=32 y CONFIG_DEBUG_KMAP_LOCAL=y, que puede pasar la FDT en highmem, lo que genera entradas de bloque debajo de la regi\u00f3n de fixmap que el c\u00f3digo de fixmap identifica err\u00f3neamente como entradas de la tabla de fixmap y, posteriormente, intenta desreferencia usando una traducci\u00f3n de phys a virt que solo es v\u00e1lida para lowmem. Esto da como resultado un s\u00edmbolo cr\u00edptico como el que se muestra a continuaci\u00f3n. ftrace: asignando 45548 entradas en 89 p\u00e1ginas 8&lt;--- cortar aqu\u00ed --- No se puede manejar la solicitud de paginaci\u00f3n del kernel en la direcci\u00f3n virtual fc6006f0 pgd = (ptrval) [fc6006f0] *pgd=80000040207003, *pmd=00000000 Error interno: Ups: a06 [#1] M\u00f3dulos SMP ARM vinculados en: CPU: 0 PID: 0 Comm: swapper Not tainted 5.11.0+ #382 Nombre del hardware: Sistema gen\u00e9rico basado en DT La PC est\u00e1 en cpu_ca15_set_pte_ext+0x24/0x30 LR est\u00e1 en __set_fixmap+0xe4/ 0x118 pc: [] lr: [] psr: 400000d3 sp: c1601ed8 ip: 00400000 fp: 00800000 r10: 0000071f r9: 00421000 r8: 00c00000 r7: 00c00000 r6: 0000071f r5: ffade000 r4: 4040171f r3: 00c00000 r2: 4040171f r1: c041ac78 r0: fc6006f0 Banderas: nZcv IRQ desactivadas FIQ desactivadas Modo SVC_32 ISA ARM Segmento ninguno Control: 30c5387d Tabla: 40203000 DAC: 00000001 Intercambiador de procesos (pid: 0, l\u00edmite de pila = 0x(ptr) val)) As\u00ed que limitemos CONFIG_NR_CPUS a 16 cuando CONFIG_DEBUG_KMAP_LOCAL=y. Adem\u00e1s, corrija la verificaci\u00f3n BUILD_BUG_ON() que se supon\u00eda detectar\u00eda esto, verificando si la regi\u00f3n crece por debajo de la direcci\u00f3n inicial en lugar de por encima de la direcci\u00f3n final."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46911.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46911",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T07:15:07.480",
"lastModified": "2024-02-27T07:15:07.480",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nch_ktls: Fix kernel panic\n\nTaking page refcount is not ideal and causes kernel panic\nsometimes. It's better to take tx_ctx lock for the complete\nskb transmit, to avoid page cleanup if ACK received in middle."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ch_ktls: soluciona el p\u00e1nico del kernel. Realizar un recuento de p\u00e1ginas no es ideal y a veces provoca p\u00e1nico en el kernel. Es mejor utilizar el bloqueo tx_ctx para la transmisi\u00f3n skb completa, para evitar la limpieza de la p\u00e1gina si se recibe ACK en el medio."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46912.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46912",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T07:15:07.613",
"lastModified": "2024-02-27T07:15:07.613",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Make tcp_allowed_congestion_control readonly in non-init netns\n\nCurrently, tcp_allowed_congestion_control is global and writable;\nwriting to it in any net namespace will leak into all other net\nnamespaces.\n\ntcp_available_congestion_control and tcp_allowed_congestion_control are\nthe only sysctls in ipv4_net_table (the per-netns sysctl table) with a\nNULL data pointer; their handlers (proc_tcp_available_congestion_control\nand proc_allowed_congestion_control) have no other way of referencing a\nstruct net. Thus, they operate globally.\n\nBecause ipv4_net_table does not use designated initializers, there is no\neasy way to fix up this one \"bad\" table entry. However, the data pointer\nupdating logic shouldn't be applied to NULL pointers anyway, so we\ninstead force these entries to be read-only.\n\nThese sysctls used to exist in ipv4_table (init-net only), but they were\nmoved to the per-net ipv4_net_table, presumably without realizing that\ntcp_allowed_congestion_control was writable and thus introduced a leak.\n\nBecause the intent of that commit was only to know (i.e. read) \"which\ncongestion algorithms are available or allowed\", this read-only solution\nshould be sufficient.\n\nThe logic added in recent commit\n31c4d2f160eb: (\"net: Ensure net namespace isolation of sysctls\")\ndoes not and cannot check for NULL data pointers, because\nother table entries (e.g. /proc/sys/net/netfilter/nf_log/) have\n.data=NULL but use other methods (.extra2) to access the struct net."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: hacer que tcp_allowed_congestion_control sea de solo lectura en redes no init. Actualmente, tcp_allowed_congestion_control es global y se puede escribir; escribir en \u00e9l en cualquier espacio de nombres de red se filtrar\u00e1 a todos los dem\u00e1s espacios de nombres de red. tcp_available_congestion_control y tcp_allowed_congestion_control son los \u00fanicos sysctls en ipv4_net_table (la tabla sysctl por red) con un puntero de datos NULL; sus controladores (proc_tcp_available_congestion_control y proc_allowed_congestion_control) no tienen otra forma de hacer referencia a una estructura neta. Por lo tanto, operan globalmente. Debido a que ipv4_net_table no utiliza inicializadores designados, no existe una manera f\u00e1cil de corregir esta entrada \"mala\" de la tabla. Sin embargo, la l\u00f3gica de actualizaci\u00f3n del puntero de datos no deber\u00eda aplicarse a los punteros NULL de todos modos, por lo que forzamos que estas entradas sean de solo lectura. Estos sysctls sol\u00edan existir en ipv4_table (solo init-net), pero se movieron a ipv4_net_table por red, presumiblemente sin darse cuenta de que tcp_allowed_congestion_control se pod\u00eda escribir y, por lo tanto, introdujeron una fuga. Debido a que la intenci\u00f3n de esa confirmaci\u00f3n era s\u00f3lo saber (es decir, leer) \"qu\u00e9 algoritmos de congesti\u00f3n est\u00e1n disponibles o permitidos\", esta soluci\u00f3n de solo lectura deber\u00eda ser suficiente. La l\u00f3gica agregada en la reciente confirmaci\u00f3n 31c4d2f160eb: (\"net: Garantizar el aislamiento del espacio de nombres de red de sysctls\") no verifica ni puede verificar los punteros de datos NULL, porque otras entradas de la tabla (por ejemplo, /proc/sys/net/netfilter/nf_log/) tienen .data=NULL pero usa otros m\u00e9todos (.extra2) para acceder a la estructura neta."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46913.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46913",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T07:15:07.770",
"lastModified": "2024-02-27T07:15:07.770",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nftables: clone set element expression template\n\nmemcpy() breaks when using connlimit in set elements. Use\nnft_expr_clone() to initialize the connlimit expression list, otherwise\nconnlimit garbage collector crashes when walking on the list head copy.\n\n[ 493.064656] Workqueue: events_power_efficient nft_rhash_gc [nf_tables]\n[ 493.064685] RIP: 0010:find_or_evict+0x5a/0x90 [nf_conncount]\n[ 493.064694] Code: 2b 43 40 83 f8 01 77 0d 48 c7 c0 f5 ff ff ff 44 39 63 3c 75 df 83 6d 18 01 48 8b 43 08 48 89 de 48 8b 13 48 8b 3d ee 2f 00 00 <48> 89 42 08 48 89 10 48 b8 00 01 00 00 00 00 ad de 48 89 03 48 83\n[ 493.064699] RSP: 0018:ffffc90000417dc0 EFLAGS: 00010297\n[ 493.064704] RAX: 0000000000000000 RBX: ffff888134f38410 RCX: 0000000000000000\n[ 493.064708] RDX: 0000000000000000 RSI: ffff888134f38410 RDI: ffff888100060cc0\n[ 493.064711] RBP: ffff88812ce594a8 R08: ffff888134f38438 R09: 00000000ebb9025c\n[ 493.064714] R10: ffffffff8219f838 R11: 0000000000000017 R12: 0000000000000001\n[ 493.064718] R13: ffffffff82146740 R14: ffff888134f38410 R15: 0000000000000000\n[ 493.064721] FS: 0000000000000000(0000) GS:ffff88840e440000(0000) knlGS:0000000000000000\n[ 493.064725] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 493.064729] CR2: 0000000000000008 CR3: 00000001330aa002 CR4: 00000000001706e0\n[ 493.064733] Call Trace:\n[ 493.064737] nf_conncount_gc_list+0x8f/0x150 [nf_conncount]\n[ 493.064746] nft_rhash_gc+0x106/0x390 [nf_tables]"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nftables: clonar la plantilla de expresi\u00f3n de elementos establecidos memcpy() se rompe cuando se usa connlimit en elementos establecidos. Utilice nft_expr_clone() para inicializar la lista de expresiones connlimit; de lo contrario, el recolector de basura connlimit se bloquea al caminar sobre la copia del encabezado de la lista. [ 493.064656] Cola de trabajo: events_power_ficient nft_rhash_gc [nf_tables] [ 493.064685] RIP: 0010:find_or_evict+0x5a/0x90 [nf_conncount] [ 493.064694] C\u00f3digo: 2b 43 40 83 f8 01 77 0d 48 c7 c0 f5 ff ff ff 44 39 63 3c 75 df 83 6d 18 01 48 8b 43 08 48 89 de 48 8b 13 48 8b 3d ee 2f 00 00 &lt;48&gt; 89 42 08 48 89 10 48 b8 00 01 00 00 00 00 ad de 48 89 03 48 83 [ 493.064699] RSP : 0018:ffffc90000417dc0 EFLAGS: 00010297 [ 493.064704] RAX: 0000000000000000 RBX: ffff888134f38410 RCX: 00000000000000000 [ 493.064708] RDX: 0000000000000000 RSI: ffff888134f38410 RDI: ffff888100060cc0 [ 493.064711] RBP: ffff88812ce594a8 R08: ffff888134f38438 R09: 00000000ebb9025c [ 49 3.064714] R10: ffffffff8219f838 R11 : 0000000000000017 R12: 0000000000000001 [ 493.064718] R13: ffffffff82146740 R14: ffff888134f38410 R15: 0000000000000000 [ 493.064721] FS : 0000000000000000(0000) GS:ffff88840e440000(0000) knlGS:0000000000000000 [ 493.064725] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 493.064729] CR2: 0000000000000008 CR3: 00000001330aa002 CR4: 00000000001706e0 [ 493.064733] Seguimiento de llamadas: [ 493.064737] nf_conncount_gc_list+0x8f/0x15 0 [nf_conncount] [493.064746] nft_rhash_gc+0x106/0x390 [nf_tables]"
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46914.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46914",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T07:15:07.920",
"lastModified": "2024-02-27T07:15:07.920",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbe: fix unbalanced device enable/disable in suspend/resume\n\npci_disable_device() called in __ixgbe_shutdown() decreases\ndev->enable_cnt by 1. pci_enable_device_mem() which increases\ndev->enable_cnt by 1, was removed from ixgbe_resume() in commit\n6f82b2558735 (\"ixgbe: use generic power management\"). This caused\nunbalanced increase/decrease. So add pci_enable_device_mem() back.\n\nFix the following call trace.\n\n ixgbe 0000:17:00.1: disabling already-disabled device\n Call Trace:\n __ixgbe_shutdown+0x10a/0x1e0 [ixgbe]\n ixgbe_suspend+0x32/0x70 [ixgbe]\n pci_pm_suspend+0x87/0x160\n ? pci_pm_freeze+0xd0/0xd0\n dpm_run_callback+0x42/0x170\n __device_suspend+0x114/0x460\n async_suspend+0x1f/0xa0\n async_run_entry_fn+0x3c/0xf0\n process_one_work+0x1dd/0x410\n worker_thread+0x34/0x3f0\n ? cancel_delayed_work+0x90/0x90\n kthread+0x14c/0x170\n ? kthread_park+0x90/0x90\n ret_from_fork+0x1f/0x30"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ixgbe: arreglar dispositivo desequilibrado habilitar/deshabilitar en suspensi\u00f3n/reanudaci\u00f3n pci_disable_device() llamado en __ixgbe_shutdown() disminuye dev-&gt;enable_cnt en 1. pci_enable_device_mem() que aumenta dev-&gt;enable_cnt en 1 1, se elimin\u00f3 de ixgbe_resume() en el commit 6f82b2558735 (\"ixgbe: usar administraci\u00f3n de energ\u00eda gen\u00e9rica\"). Esto provoc\u00f3 un aumento/disminuci\u00f3n desequilibrado. As\u00ed que vuelva a agregar pci_enable_device_mem(). Corrija el siguiente rastreo de llamadas. ixgbe 0000:17:00.1: deshabilitar el seguimiento de llamadas del dispositivo ya deshabilitado: __ixgbe_shutdown+0x10a/0x1e0 [ixgbe] ixgbe_suspend+0x32/0x70 [ixgbe] pci_pm_suspend+0x87/0x160 ? pci_pm_freeze+0xd0/0xd0 dpm_run_callback+0x42/0x170 __device_suspend+0x114/0x460 async_suspend+0x1f/0xa0 async_run_entry_fn+0x3c/0xf0 Process_one_work+0x1dd/0x410 Workers_thread+0x34/0x3f0 ? cancel_delayed_work+0x90/0x90 kthread+0x14c/0x170 ? kthread_park+0x90/0x90 ret_from_fork+0x1f/0x30"
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46915.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46915",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T07:15:08.083",
"lastModified": "2024-02-27T07:15:08.083",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_limit: avoid possible divide error in nft_limit_init\n\ndiv_u64() divides u64 by u32.\n\nnft_limit_init() wants to divide u64 by u64, use the appropriate\nmath function (div64_u64)\n\ndivide error: 0000 [#1] PREEMPT SMP KASAN\nCPU: 1 PID: 8390 Comm: syz-executor188 Not tainted 5.12.0-rc4-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nRIP: 0010:div_u64_rem include/linux/math64.h:28 [inline]\nRIP: 0010:div_u64 include/linux/math64.h:127 [inline]\nRIP: 0010:nft_limit_init+0x2a2/0x5e0 net/netfilter/nft_limit.c:85\nCode: ef 4c 01 eb 41 0f 92 c7 48 89 de e8 38 a5 22 fa 4d 85 ff 0f 85 97 02 00 00 e8 ea 9e 22 fa 4c 0f af f3 45 89 ed 31 d2 4c 89 f0 <49> f7 f5 49 89 c6 e8 d3 9e 22 fa 48 8d 7d 48 48 b8 00 00 00 00 00\nRSP: 0018:ffffc90009447198 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000200000000000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffffffff875152e6 RDI: 0000000000000003\nRBP: ffff888020f80908 R08: 0000200000000000 R09: 0000000000000000\nR10: ffffffff875152d8 R11: 0000000000000000 R12: ffffc90009447270\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 000000000097a300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000200001c4 CR3: 0000000026a52000 CR4: 00000000001506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n nf_tables_newexpr net/netfilter/nf_tables_api.c:2675 [inline]\n nft_expr_init+0x145/0x2d0 net/netfilter/nf_tables_api.c:2713\n nft_set_elem_expr_alloc+0x27/0x280 net/netfilter/nf_tables_api.c:5160\n nf_tables_newset+0x1997/0x3150 net/netfilter/nf_tables_api.c:4321\n nfnetlink_rcv_batch+0x85a/0x21b0 net/netfilter/nfnetlink.c:456\n nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:580 [inline]\n nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:598\n netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]\n netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338\n netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927\n sock_sendmsg_nosec net/socket.c:654 [inline]\n sock_sendmsg+0xcf/0x120 net/socket.c:674\n ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350\n ___sys_sendmsg+0xf3/0x170 net/socket.c:2404\n __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433\n do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x44/0xae"
},
{
"lang": "es",
"value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: netfilter: nft_limit: evita posible error de divisi\u00f3n en nft_limit_init div_u64() divide u64 entre u32. nft_limit_init() quiere dividir u64 entre u64, use la funci\u00f3n matem\u00e1tica apropiada (div64_u64) error de divisi\u00f3n: 0000 [#1] CPU PREEMPT SMP KASAN: 1 PID: 8390 Comm: syz-executor188 Not tainted 5.12.0-rc4-syzkaller # 0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:div_u64_rem include/linux/math64.h:28 [en l\u00ednea] RIP: 0010:div_u64 include/linux/math64.h: 127 [en l\u00ednea] RIP: 0010:nft_limit_init+0x2a2/0x5e0 net/netfilter/nft_limit.c:85 C\u00f3digo: ef 4c 01 eb 41 0f 92 c7 48 89 de e8 38 a5 22 fa 4d 85 ff 0f 85 97 02 00 00 e8 ea 9e 22 fa 4c 0f af f3 45 89 ed 31 d2 4c 89 f0 &lt;49&gt; f7 f5 49 89 c6 e8 d3 9e 22 fa 48 8d 7d 48 48 b8 00 00 00 00 00 RSP: 0018:ffffc90009447198 EF LAGS: 00010246 RAX: 0000000000000000 RBX: 0000200000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff875152e6 RDI: 0000000000000003 RBP: ffff888 020f80908 R08: 0000200000000000 R09: 0000000000000000 R10: ffffffff875152d8 R11: 0000000000000000 R12: ffffc90009447270 R13: 000000000000 0000 R14: 0000000000000000 R15: 0000000000000000 FS: 000000000097a300(0000) GS :ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000200001c4 CR3: 0000000026a52000 CR 4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 00000000000000000 DR6: 00000000ffe0ff0 DR7: 00000 00000000400 Rastreo de llamadas: nf_tables_newexpr net/netfilter/nf_tables_api.c:2675 [en l\u00ednea] nft_expr_init+0x145/0x2d0 net/netfilter/nf_tables_api.c:2713 nft_set_elem_expr_alloc+0x27/0x280 net/netfilter/nf_tables_api.c:5160 nf_tables_newset+0x1997/0x3150 net/netfilter/ nf_tables_api.c:4321 nfnetlink_rcv_batch+0x85a/0x21b0 net/netfilter/nfnetlink.c:456 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:580 [en l\u00ednea] nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:59 8 netlink_unicast_kernel red/netlink /af_netlink.c:1312 [en l\u00ednea] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927 sock_sendmsg_nosec net/socket.c:654 [en l\u00ednea] sock_sendmsg+ 0xcf/0x120 net/socket.c:674 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350 ___sys_sendmsg+0xf3/0x170 net/socket.c:2404 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433 do_sys llamada_64+0x2d/ 0x70 arch/x86/entry/common.c:46 entrada_SYSCALL_64_after_hwframe+0x44/0xae"
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46916.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46916",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T07:15:08.250",
"lastModified": "2024-02-27T07:15:08.250",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbe: Fix NULL pointer dereference in ethtool loopback test\n\nThe ixgbe driver currently generates a NULL pointer dereference when\nperforming the ethtool loopback test. This is due to the fact that there\nisn't a q_vector associated with the test ring when it is setup as\ninterrupts are not normally added to the test rings.\n\nTo address this I have added code that will check for a q_vector before\nreturning a napi_id value. If a q_vector is not present it will return a\nvalue of 0."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ixgbe: corrige la desreferencia de puntero NULL en la prueba de bucle invertido de ethtool. El controlador ixgbe actualmente genera una desreferencia de puntero NULL cuando se realiza la prueba de bucle invertido de ethtool. Esto se debe al hecho de que no hay un q_vector asociado con el anillo de prueba cuando se configura, ya que normalmente no se agregan interrupciones a los anillos de prueba. Para solucionar esto, agregu\u00e9 un c\u00f3digo que verificar\u00e1 si hay un q_vector antes de devolver un valor de napi_id. Si un q_vector no est\u00e1 presente, devolver\u00e1 un valor de 0."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46917.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46917",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T07:15:08.383",
"lastModified": "2024-02-27T07:15:08.383",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: fix wq cleanup of WQCFG registers\n\nA pre-release silicon erratum workaround where wq reset does not clear\nWQCFG registers was leaked into upstream code. Use wq reset command\ninstead of blasting the MMIO region. This also address an issue where\nwe clobber registers in future devices."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: dmaengine: idxd: corrige la limpieza de wq de los registros WQCFG. Se filtr\u00f3 en el c\u00f3digo ascendente un workaround de errata de silicio de prelanzamiento en la que el restablecimiento de wq no borra los registros WQCFG. Utilice el comando wq reset en lugar de destruir la regi\u00f3n MMIO. Esto tambi\u00e9n soluciona un problema por el cual golpeamos los registros en dispositivos futuros."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46918.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46918",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T07:15:08.540",
"lastModified": "2024-02-27T07:15:08.540",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: clear MSIX permission entry on shutdown\n\nAdd disabling/clearing of MSIX permission entries on device shutdown to\nmirror the enabling of the MSIX entries on probe. Current code left the\nMSIX enabled and the pasid entries still programmed at device shutdown."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: dmaengine: idxd: borrar entrada de permiso MSIX al apagar Agregue la desactivaci\u00f3n/borrado de entradas de permiso MSIX al apagar el dispositivo para reflejar la habilitaci\u00f3n de las entradas MSIX en la sonda. El c\u00f3digo actual dej\u00f3 el MSIX habilitado y las entradas pasivas a\u00fan programadas al apagar el dispositivo."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46919.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46919",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T07:15:08.787",
"lastModified": "2024-02-27T07:15:08.787",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: fix wq size store permission state\n\nWQ size can only be changed when the device is disabled. Current code\nallows change when device is enabled but wq is disabled. Change the check\nto detect device state."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: idxd: corregir el tama\u00f1o de wq estado del permiso de almacenamiento El tama\u00f1o de WQ solo se puede cambiar cuando el dispositivo est\u00e1 deshabilitado. El c\u00f3digo actual permite cambios cuando el dispositivo est\u00e1 habilitado pero wq est\u00e1 deshabilitado. Cambie la verificaci\u00f3n para detectar el estado del dispositivo."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46920.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46920",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T07:15:08.987",
"lastModified": "2024-02-27T07:15:08.987",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback\n\nCurrent code blindly writes over the SWERR and the OVERFLOW bits. Write\nback the bits actually read instead so the driver avoids clobbering the\nOVERFLOW bit that comes after the register is read."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: idxd: corrige el problema del bit de desbordamiento SWERR en la reescritura El c\u00f3digo actual escribe ciegamente sobre los bits SWERR y OVERFLOW. En su lugar, vuelva a escribir los bits realmente le\u00eddos para que el controlador evite da\u00f1ar el bit OVERFLOW que viene despu\u00e9s de leer el registro."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46921.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46921",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T10:15:06.990",
"lastModified": "2024-02-27T10:15:06.990",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlocking/qrwlock: Fix ordering in queued_write_lock_slowpath()\n\nWhile this code is executed with the wait_lock held, a reader can\nacquire the lock without holding wait_lock. The writer side loops\nchecking the value with the atomic_cond_read_acquire(), but only truly\nacquires the lock when the compare-and-exchange is completed\nsuccessfully which isn\u2019t ordered. This exposes the window between the\nacquire and the cmpxchg to an A-B-A problem which allows reads\nfollowing the lock acquisition to observe values speculatively before\nthe write lock is truly acquired.\n\nWe've seen a problem in epoll where the reader does a xchg while\nholding the read lock, but the writer can see a value change out from\nunder it.\n\n Writer | Reader\n --------------------------------------------------------------------------------\n ep_scan_ready_list() |\n |- write_lock_irq() |\n |- queued_write_lock_slowpath() |\n\t|- atomic_cond_read_acquire() |\n\t\t\t\t | read_lock_irqsave(&ep->lock, flags);\n --> (observes value before unlock) | chain_epi_lockless()\n | | epi->next = xchg(&ep->ovflist, epi);\n | | read_unlock_irqrestore(&ep->lock, flags);\n | |\n | atomic_cmpxchg_relaxed() |\n |-- READ_ONCE(ep->ovflist); |\n\nA core can order the read of the ovflist ahead of the\natomic_cmpxchg_relaxed(). Switching the cmpxchg to use acquire\nsemantics addresses this issue at which point the atomic_cond_read can\nbe switched to use relaxed semantics.\n\n[peterz: use try_cmpxchg()]"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: lock/qrwlock: corrige el orden en queued_write_lock_slowpath() Mientras este c\u00f3digo se ejecuta con wait_lock retenido, un lector puede adquirir el bloqueo sin mantener wait_lock. El lado del escritor realiza un bucle para verificar el valor con atomic_cond_read_acquire(), pero solo adquiere realmente el bloqueo cuando la comparaci\u00f3n e intercambio se completa con \u00e9xito, lo cual no est\u00e1 ordenado. Esto expone la ventana entre la adquisici\u00f3n y el cmpxchg a un problema ABA que permite que las lecturas posteriores a la adquisici\u00f3n del bloqueo observen los valores de forma especulativa antes de que se adquiera realmente el bloqueo de escritura. Hemos visto un problema en epoll donde el lector realiza un xchg mientras mantiene el bloqueo de lectura, pero el escritor puede ver un cambio de valor debajo de \u00e9l. Escritor | Lector ------------------------------------------------- ------------------------------- ep_scan_ready_list() | |- write_lock_irq() | |- queued_write_lock_slowpath() | |- atomic_cond_read_acquire() | | read_lock_irqsave(&amp;ep-&gt;bloquear, banderas); --&gt; (observa el valor antes de desbloquear) | cadena_epi_lockless() | | epi-&gt;siguiente = xchg(&amp;ep-&gt;ovflist, epi); | | read_unlock_irqrestore(&amp;ep-&gt;bloquear, banderas); | | | atomic_cmpxchg_relaxed() | |-- READ_ONCE(ep-&gt;ovflist); | Un n\u00facleo puede ordenar la lectura de ovflist antes de atomic_cmpxchg_relaxed(). Cambiar cmpxchg para usar la sem\u00e1ntica de adquisici\u00f3n soluciona este problema, momento en el que atomic_cond_read se puede cambiar para usar una sem\u00e1ntica relajada. [peterz: utilice try_cmpxchg()]"
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46922.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46922",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T10:15:07.053",
"lastModified": "2024-02-27T10:15:07.053",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKEYS: trusted: Fix TPM reservation for seal/unseal\n\nThe original patch 8c657a0590de (\"KEYS: trusted: Reserve TPM for seal\nand unseal operations\") was correct on the mailing list:\n\nhttps://lore.kernel.org/linux-integrity/20210128235621.127925-4-jarkko@kernel.org/\n\nBut somehow got rebased so that the tpm_try_get_ops() in\ntpm2_seal_trusted() got lost. This causes an imbalanced put of the\nTPM ops and causes oopses on TIS based hardware.\n\nThis fix puts back the lost tpm_try_get_ops()"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KEYS: de confianza: corrige la reserva de TPM para sellar/dessellar El parche original 8c657a0590de (\"KEYS: de confianza: reservar TPM para operaciones de sellar y dessellar\") era correcto en la lista de correo: https ://lore.kernel.org/linux-integrity/20210128235621.127925-4-jarkko@kernel.org/ Pero de alguna manera se modific\u00f3 la base para que tpm_try_get_ops() en tpm2_seal_trusted() se perdiera. Esto provoca un desequilibrio en las operaciones de TPM y provoca fallos en el hardware basado en TIS. Esta soluci\u00f3n devuelve el tpm_try_get_ops() perdido"
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46923.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46923",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T10:15:07.100",
"lastModified": "2024-02-27T10:15:07.100",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/mount_setattr: always cleanup mount_kattr\n\nMake sure that finish_mount_kattr() is called after mount_kattr was\nsuccesfully built in both the success and failure case to prevent\nleaking any references we took when we built it. We returned early if\npath lookup failed thereby risking to leak an additional reference we\ntook when building mount_kattr when an idmapped mount was requested."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/mount_setattr: limpiar siempre mount_kattr. Aseg\u00farese de que se llame a finish_mount_kattr() despu\u00e9s de que mount_kattr se haya compilado con \u00e9xito tanto en el caso de \u00e9xito como en el de fracaso para evitar que se filtren las referencias que tomamos cuando lo compilamos. Regresamos temprano si falla la b\u00fasqueda de ruta, por lo que corremos el riesgo de filtrar una referencia adicional que tomamos al compilar mount_kattr cuando se solicit\u00f3 un montaje con idmapped."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46924.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46924",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T10:15:07.150",
"lastModified": "2024-02-27T10:15:07.150",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: st21nfca: Fix memory leak in device probe and remove\n\n'phy->pending_skb' is alloced when device probe, but forgot to free\nin the error handling path and remove path, this cause memory leak\nas follows:\n\nunreferenced object 0xffff88800bc06800 (size 512):\n comm \"8\", pid 11775, jiffies 4295159829 (age 9.032s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<00000000d66c09ce>] __kmalloc_node_track_caller+0x1ed/0x450\n [<00000000c93382b3>] kmalloc_reserve+0x37/0xd0\n [<000000005fea522c>] __alloc_skb+0x124/0x380\n [<0000000019f29f9a>] st21nfca_hci_i2c_probe+0x170/0x8f2\n\nFix it by freeing 'pending_skb' in error and remove."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: NFC: st21nfca: corrige la p\u00e9rdida de memoria en la sonda del dispositivo y elimina 'phy-&gt;pending_skb' cuando se asigna la sonda del dispositivo, pero olvid\u00f3 liberarla en la ruta de manejo de errores y eliminar la ruta, esto causa p\u00e9rdida de memoria de la siguiente manera: objeto sin referencia 0xffff88800bc06800 (tama\u00f1o 512): comunicaci\u00f3n \"8\", pid 11775, santiago 4295159829 (edad 9.032 s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................. backtrace: [&lt;00000000d66c09ce&gt;] __kmalloc_node_track_caller+0x1ed/0x450 [&lt;00000000c93382b3&gt;] kmalloc_reserve+0x37/0xd0 [&lt;000000005fea522c&gt;] __alloc_skb+0x124/0x380 [ &lt;0000000019f29f9a&gt;] st21nfca_hci_i2c_probe+0x170/0x8f2 Solucionarlo liberando 'pending_skb' por error y elim\u00ednelo."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46925.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46925",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T10:15:07.237",
"lastModified": "2024-02-27T10:15:07.237",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix kernel panic caused by race of smc_sock\n\nA crash occurs when smc_cdc_tx_handler() tries to access smc_sock\nbut smc_release() has already freed it.\n\n[ 4570.695099] BUG: unable to handle page fault for address: 000000002eae9e88\n[ 4570.696048] #PF: supervisor write access in kernel mode\n[ 4570.696728] #PF: error_code(0x0002) - not-present page\n[ 4570.697401] PGD 0 P4D 0\n[ 4570.697716] Oops: 0002 [#1] PREEMPT SMP NOPTI\n[ 4570.698228] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.16.0-rc4+ #111\n[ 4570.699013] Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 8c24b4c 04/0\n[ 4570.699933] RIP: 0010:_raw_spin_lock+0x1a/0x30\n<...>\n[ 4570.711446] Call Trace:\n[ 4570.711746] <IRQ>\n[ 4570.711992] smc_cdc_tx_handler+0x41/0xc0\n[ 4570.712470] smc_wr_tx_tasklet_fn+0x213/0x560\n[ 4570.712981] ? smc_cdc_tx_dismisser+0x10/0x10\n[ 4570.713489] tasklet_action_common.isra.17+0x66/0x140\n[ 4570.714083] __do_softirq+0x123/0x2f4\n[ 4570.714521] irq_exit_rcu+0xc4/0xf0\n[ 4570.714934] common_interrupt+0xba/0xe0\n\nThough smc_cdc_tx_handler() checked the existence of smc connection,\nsmc_release() may have already dismissed and released the smc socket\nbefore smc_cdc_tx_handler() further visits it.\n\nsmc_cdc_tx_handler() |smc_release()\nif (!conn) |\n |\n |smc_cdc_tx_dismiss_slots()\n | smc_cdc_tx_dismisser()\n |\n |sock_put(&smc->sk) <- last sock_put,\n | smc_sock freed\nbh_lock_sock(&smc->sk) (panic) |\n\nTo make sure we won't receive any CDC messages after we free the\nsmc_sock, add a refcount on the smc_connection for inflight CDC\nmessage(posted to the QP but haven't received related CQE), and\ndon't release the smc_connection until all the inflight CDC messages\nhaven been done, for both success or failed ones.\n\nUsing refcount on CDC messages brings another problem: when the link\nis going to be destroyed, smcr_link_clear() will reset the QP, which\nthen remove all the pending CQEs related to the QP in the CQ. To make\nsure all the CQEs will always come back so the refcount on the\nsmc_connection can always reach 0, smc_ib_modify_qp_reset() was replaced\nby smc_ib_modify_qp_error().\nAnd remove the timeout in smc_wr_tx_wait_no_pending_sends() since we\nneed to wait for all pending WQEs done, or we may encounter use-after-\nfree when handling CQEs.\n\nFor IB device removal routine, we need to wait for all the QPs on that\ndevice been destroyed before we can destroy CQs on the device, or\nthe refcount on smc_connection won't reach 0 and smc_sock cannot be\nreleased."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/smc: soluciona el p\u00e1nico del kernel causado por la carrera de smc_sock. Se produce un bloqueo cuando smc_cdc_tx_handler() intenta acceder a smc_sock pero smc_release() ya lo ha liberado. [ 4570.695099] ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: 000000002eae9e88 [ 4570.696048] #PF: acceso de escritura del supervisor en modo kernel [ 4570.696728] #PF: error_code(0x0002) - p\u00e1gina no presente [ 4570.697401] PGD 0 P4D 0 [ 4 570.697716 ] Ups: 0002 [#1] PREEMPT SMP NOPTI [ 4570.698228] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.16.0-rc4+ #111 [ 4570.699013] Nombre de hardware: Alibaba Cloud Alibaba Cloud ECS, BIOS 8c24b4c 04/ 0 [ 4570.699933] RIP: 0010:_raw_spin_lock+0x1a/0x30 &lt;...&gt; [ 4570.711446] Seguimiento de llamadas: [ 4570.711746] [ 4570.711992] smc_cdc_tx_handler+0x41/0xc0 [ 4570.7 12470] smc_wr_tx_tasklet_fn+0x213/0x560 [ 4570.712981] ? smc_cdc_tx_dismisser+0x10/0x10 [ 4570.713489] tasklet_action_common.isra.17+0x66/0x140 [ 4570.714083] __do_softirq+0x123/0x2f4 [ 4570.714521] irq_exit_rcu+0xc4/0x f0 [4570.714934] common_interrupt+0xba/0xe0 Aunque smc_cdc_tx_handler() comprob\u00f3 la existencia de smc conexi\u00f3n, es posible que smc_release() ya haya descartado y liberado el socket smc antes de que smc_cdc_tx_handler() lo visite m\u00e1s. smc_cdc_tx_handler() |smc_release() si (!conn) | | |smc_cdc_tx_dismiss_slots() | smc_cdc_tx_dismisser() | |sock_put(&amp;smc-&gt;sk) &lt;- \u00faltimo sock_put, | smc_sock liber\u00f3 bh_lock_sock(&amp;smc-&gt;sk) (p\u00e1nico) | Para asegurarnos de que no recibiremos ning\u00fan mensaje CDC despu\u00e9s de liberar el smc_sock, agregue un recuento en smc_connection para el mensaje CDC en vuelo (publicado en el QP pero no haya recibido el CQE relacionado) y no libere el smc_connection hasta que todo Los mensajes CDC a bordo se han realizado, tanto para los exitosos como para los fallidos. El uso de refcount en mensajes CDC trae otro problema: cuando el enlace se va a destruir, smcr_link_clear() restablecer\u00e1 el QP, lo que luego eliminar\u00e1 todos los CQE pendientes relacionados con el QP en el CQ. Para asegurarse de que todos los CQE siempre regresen para que el recuento en smc_connection siempre pueda llegar a 0, smc_ib_modify_qp_reset() fue reemplazado por smc_ib_modify_qp_error(). Y elimine el tiempo de espera en smc_wr_tx_wait_no_pending_sends() ya que debemos esperar a que se completen todos los WQE pendientes, o podemos encontrarnos con use-after- free al manejar CQE. Para la rutina de eliminaci\u00f3n del dispositivo IB, debemos esperar a que se destruyan todos los QP de ese dispositivo antes de poder destruir los CQ del dispositivo, o el recuento de referencia en smc_connection no llegar\u00e1 a 0 y smc_sock no podr\u00e1 liberarse."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46926.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46926",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T10:15:07.320",
"lastModified": "2024-02-27T10:15:07.320",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: intel-sdw-acpi: harden detection of controller\n\nThe existing code currently sets a pointer to an ACPI handle before\nchecking that it's actually a SoundWire controller. This can lead to\nissues where the graph walk continues and eventually fails, but the\npointer was set already.\n\nThis patch changes the logic so that the information provided to\nthe caller is set when a controller is found."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: hda: intel-sdw-acpi: reforzar la detecci\u00f3n del controlador El c\u00f3digo existente actualmente establece un puntero a un identificador ACPI antes de verificar que en realidad es un controlador SoundWire. Esto puede provocar problemas en los que el recorrido del gr\u00e1fico contin\u00faa y finalmente falla, pero el puntero ya estaba configurado. Este parche cambia la l\u00f3gica para que la informaci\u00f3n proporcionada a la persona que llama se establezca cuando se encuentra un controlador."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46927.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46927",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T10:15:07.410",
"lastModified": "2024-02-27T10:15:07.410",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert\n\nAfter commit 5b78ed24e8ec (\"mm/pagemap: add mmap_assert_locked()\nannotations to find_vma*()\"), the call to get_user_pages() will trigger\nthe mmap assert.\n\nstatic inline void mmap_assert_locked(struct mm_struct *mm)\n{\n\tlockdep_assert_held(&mm->mmap_lock);\n\tVM_BUG_ON_MM(!rwsem_is_locked(&mm->mmap_lock), mm);\n}\n\n[ 62.521410] kernel BUG at include/linux/mmap_lock.h:156!\n...........................................................\n[ 62.538938] RIP: 0010:find_vma+0x32/0x80\n...........................................................\n[ 62.605889] Call Trace:\n[ 62.608502] <TASK>\n[ 62.610956] ? lock_timer_base+0x61/0x80\n[ 62.614106] find_extend_vma+0x19/0x80\n[ 62.617195] __get_user_pages+0x9b/0x6a0\n[ 62.620356] __gup_longterm_locked+0x42d/0x450\n[ 62.623721] ? finish_wait+0x41/0x80\n[ 62.626748] ? __kmalloc+0x178/0x2f0\n[ 62.629768] ne_set_user_memory_region_ioctl.isra.0+0x225/0x6a0 [nitro_enclaves]\n[ 62.635776] ne_enclave_ioctl+0x1cf/0x6d7 [nitro_enclaves]\n[ 62.639541] __x64_sys_ioctl+0x82/0xb0\n[ 62.642620] do_syscall_64+0x3b/0x90\n[ 62.645642] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nUse get_user_pages_unlocked() when setting the enclave memory regions.\nThat's a similar pattern as mmap_read_lock() used together with\nget_user_pages()."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nitro_enclaves: use la llamada get_user_pages_unlocked() para manejar mmap afirmar. Despu\u00e9s del commit 5b78ed24e8ec (\"mm/pagemap: agregue anotaciones mmap_assert_locked() a find_vma*()\"), la llamada a get_user_pages( ) activar\u00e1 la afirmaci\u00f3n mmap. est\u00e1tico en l\u00ednea void mmap_assert_locked(struct mm_struct *mm) { lockdep_assert_held(&amp;mm-&gt;mmap_lock); VM_BUG_ON_MM(!rwsem_is_locked(&amp;mm-&gt;mmap_lock), mm); } [62.521410] \u00a1ERROR del kernel en include/linux/mmap_lock.h:156! ................................................. ......... [ 62.538938] RIP: 0010:find_vma+0x32/0x80 ................................. ................................. [ 62.605889] Seguimiento de llamadas: [ 62.608502] [ 62.610956] ? LOCK_TIMER_BASE+0x61/0x80 [62.614106] find_extend_vma+0x19/0x80 [62.617195] __get_user_pages+0x9b/0x6a0 [62.6203356] __guup_longter_locked+0x42d/0x450 [62.620356] terminar_esperar+0x41/0x80 [62.626748]? __kmalloc+0x178/0x2f0 [ 62.629768] ne_set_user_memory_region_ioctl.isra.0+0x225/0x6a0 [nitro_enclaves] [ 62.635776] ne_enclave_ioctl+0x1cf/0x6d7 [nitro_enclaves] [ 62.639541] __x64 _sys_ioctl+0x82/0xb0 [ 62.642620] do_syscall_64+0x3b/0x90 [ 62.645642] Entry_SYSCALL_64_after_hwframe+0x44/0xae Utilice get_user_pages_unlocked() al configurar las regiones de memoria del enclave. Es un patr\u00f3n similar al mmap_read_lock() usado junto con get_user_pages()."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46928.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46928",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T10:15:07.517",
"lastModified": "2024-02-27T10:15:07.517",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: Clear stale IIR value on instruction access rights trap\n\nWhen a trap 7 (Instruction access rights) occurs, this means the CPU\ncouldn't execute an instruction due to missing execute permissions on\nthe memory region. In this case it seems the CPU didn't even fetched\nthe instruction from memory and thus did not store it in the cr19 (IIR)\nregister before calling the trap handler. So, the trap handler will find\nsome random old stale value in cr19.\n\nThis patch simply overwrites the stale IIR value with a constant magic\n\"bad food\" value (0xbaadf00d), in the hope people don't start to try to\nunderstand the various random IIR values in trap 7 dumps."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: parisc: borra el valor IIR obsoleto en la trampa de derechos de acceso a instrucciones Cuando ocurre una trampa 7 (derechos de acceso a instrucciones), esto significa que la CPU no pudo ejecutar una instrucci\u00f3n debido a que faltan permisos de ejecuci\u00f3n en la regi\u00f3n de la memoria. En este caso, parece que la CPU ni siquiera obtuvo la instrucci\u00f3n de la memoria y, por lo tanto, no la almacen\u00f3 en el registro cr19 (IIR) antes de llamar al controlador de trampas. Entonces, el manejador de trampas encontrar\u00e1 alg\u00fan valor obsoleto aleatorio en cr19. Este parche simplemente sobrescribe el valor IIR obsoleto con un valor m\u00e1gico constante de \"mala comida\" (0xbaadf00d), con la esperanza de que la gente no empiece a intentar comprender los diversos valores IIR aleatorios en los volcados de la trampa 7."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46929.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46929",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T10:15:07.573",
"lastModified": "2024-02-27T10:15:07.573",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: use call_rcu to free endpoint\n\nThis patch is to delay the endpoint free by calling call_rcu() to fix\nanother use-after-free issue in sctp_sock_dump():\n\n BUG: KASAN: use-after-free in __lock_acquire+0x36d9/0x4c20\n Call Trace:\n __lock_acquire+0x36d9/0x4c20 kernel/locking/lockdep.c:3218\n lock_acquire+0x1ed/0x520 kernel/locking/lockdep.c:3844\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]\n _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168\n spin_lock_bh include/linux/spinlock.h:334 [inline]\n __lock_sock+0x203/0x350 net/core/sock.c:2253\n lock_sock_nested+0xfe/0x120 net/core/sock.c:2774\n lock_sock include/net/sock.h:1492 [inline]\n sctp_sock_dump+0x122/0xb20 net/sctp/diag.c:324\n sctp_for_each_transport+0x2b5/0x370 net/sctp/socket.c:5091\n sctp_diag_dump+0x3ac/0x660 net/sctp/diag.c:527\n __inet_diag_dump+0xa8/0x140 net/ipv4/inet_diag.c:1049\n inet_diag_dump+0x9b/0x110 net/ipv4/inet_diag.c:1065\n netlink_dump+0x606/0x1080 net/netlink/af_netlink.c:2244\n __netlink_dump_start+0x59a/0x7c0 net/netlink/af_netlink.c:2352\n netlink_dump_start include/linux/netlink.h:216 [inline]\n inet_diag_handler_cmd+0x2ce/0x3f0 net/ipv4/inet_diag.c:1170\n __sock_diag_cmd net/core/sock_diag.c:232 [inline]\n sock_diag_rcv_msg+0x31d/0x410 net/core/sock_diag.c:263\n netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2477\n sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:274\n\nThis issue occurs when asoc is peeled off and the old sk is freed after\ngetting it by asoc->base.sk and before calling lock_sock(sk).\n\nTo prevent the sk free, as a holder of the sk, ep should be alive when\ncalling lock_sock(). This patch uses call_rcu() and moves sock_put and\nep free into sctp_endpoint_destroy_rcu(), so that it's safe to try to\nhold the ep under rcu_read_lock in sctp_transport_traverse_process().\n\nIf sctp_endpoint_hold() returns true, it means this ep is still alive\nand we have held it and can continue to dump it; If it returns false,\nit means this ep is dead and can be freed after rcu_read_unlock, and\nwe should skip it.\n\nIn sctp_sock_dump(), after locking the sk, if this ep is different from\ntsp->asoc->ep, it means during this dumping, this asoc was peeled off\nbefore calling lock_sock(), and the sk should be skipped; If this ep is\nthe same with tsp->asoc->ep, it means no peeloff happens on this asoc,\nand due to lock_sock, no peeloff will happen either until release_sock.\n\nNote that delaying endpoint free won't delay the port release, as the\nport release happens in sctp_endpoint_destroy() before calling call_rcu().\nAlso, freeing endpoint by call_rcu() makes it safe to access the sk by\nasoc->base.sk in sctp_assocs_seq_show() and sctp_rcv().\n\nThanks Jones to bring this issue up.\n\nv1->v2:\n - improve the changelog.\n - add kfree(ep) into sctp_endpoint_destroy_rcu(), as Jakub noticed."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: sctp: use call_rcu para liberar el endpoint. Este parche tiene como objetivo retrasar la liberaci\u00f3n del endpoint llamando a call_rcu() para solucionar otro problema de use-after-free en sctp_sock_dump(): ERROR: KASAN: use-after-free en __lock_acquire+0x36d9/0x4c20 Rastreo de llamadas: __lock_acquire+0x36d9/0x4c20 kernel/locking/lockdep.c:3218 lock_acquire+0x1ed/0x520 kernel/locking/lockdep.c:3844 __raw_spin_lock_bh include/linux/spinlock_api_smp.h :135 [en l\u00ednea] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:334 [en l\u00ednea] __lock_sock+0x203/0x350 net/core/sock.c:2253 lock_sock_nested+0xfe/ 0x120 net/core/sock.c:2774 lock_sock include/net/sock.h:1492 [en l\u00ednea] sctp_sock_dump+0x122/0xb20 net/sctp/diag.c:324 sctp_for_each_transport+0x2b5/0x370 net/sctp/socket.c: 5091 sctp_diag_dump+0x3ac/0x660 net/sctp/diag.c:527 __inet_diag_dump+0xa8/0x140 net/ipv4/inet_diag.c:1049 inet_diag_dump+0x9b/0x110 net/ipv4/inet_diag.c:1065 netlink_dump+0x6 06/0x1080 neto/ netlink/af_netlink.c:2244 __netlink_dump_start+0x59a/0x7c0 net/netlink/af_netlink.c:2352 netlink_dump_start include/linux/netlink.h:216 [en l\u00ednea] inet_diag_handler_cmd+0x2ce/0x3f0 net/ipv4/inet_diag.c:1170 __sock_diag_cm re neto /core/sock_diag.c:232 [en l\u00ednea] sock_diag_rcv_msg+0x31d/0x410 net/core/sock_diag.c:263 netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2477 sock_diag_rcv+0x2a/0x40 net/core/sock_diag. c:274 Este problema ocurre cuando se quita asoc y se libera el sk antiguo despu\u00e9s de obtenerlo mediante asoc-&gt;base.sk y antes de llamar a lock_sock(sk). Para evitar que sk se libere, como titular de sk, ep debe estar activo al llamar a lock_sock(). Este parche usa call_rcu() y mueve sock_put y ep free a sctp_endpoint_destroy_rcu(), por lo que es seguro intentar mantener el ep bajo rcu_read_lock en sctp_transport_traverse_process(). Si sctp_endpoint_hold() devuelve verdadero, significa que este ep todav\u00eda est\u00e1 vivo, lo hemos retenido y podemos continuar descart\u00e1ndolo; Si devuelve falso, significa que este ep est\u00e1 muerto y puede liberarse despu\u00e9s de rcu_read_unlock, y debemos omitirlo. En sctp_sock_dump(), despu\u00e9s de bloquear el sk, si este ep es diferente de tsp-&gt;asoc-&gt;ep, significa que durante este volcado, este asoc se elimin\u00f3 antes de llamar a lock_sock(), y el sk debe omitirse; Si este ep es el mismo con tsp-&gt;asoc-&gt;ep, significa que no se produce ning\u00fan despegue en este asoc y, debido a lock_sock, tampoco se producir\u00e1 ning\u00fan despegue hasta que se libere_sock. Tenga en cuenta que retrasar la liberaci\u00f3n del endpoint no retrasar\u00e1 la liberaci\u00f3n del puerto, ya que la liberaci\u00f3n del puerto ocurre en sctp_endpoint_destroy() antes de llamar a call_rcu(). Adem\u00e1s, liberar el endpoint mediante call_rcu() hace que sea seguro acceder a sk mediante asoc-&gt;base.sk en sctp_assocs_seq_show() y sctp_rcv(). Gracias Jones por plantear este problema. v1-&gt;v2: - mejorar el registro de cambios. - agregue kfree(ep) a sctp_endpoint_destroy_rcu(), como not\u00f3 Jakub."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46930.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46930",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T10:15:07.637",
"lastModified": "2024-02-27T10:15:07.637",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: mtu3: fix list_head check warning\n\nThis is caused by uninitialization of list_head.\n\nBUG: KASAN: use-after-free in __list_del_entry_valid+0x34/0xe4\n\nCall trace:\ndump_backtrace+0x0/0x298\nshow_stack+0x24/0x34\ndump_stack+0x130/0x1a8\nprint_address_description+0x88/0x56c\n__kasan_report+0x1b8/0x2a0\nkasan_report+0x14/0x20\n__asan_load8+0x9c/0xa0\n__list_del_entry_valid+0x34/0xe4\nmtu3_req_complete+0x4c/0x300 [mtu3]\nmtu3_gadget_stop+0x168/0x448 [mtu3]\nusb_gadget_unregister_driver+0x204/0x3a0\nunregister_gadget_item+0x44/0xa4"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: mtu3: correcci\u00f3n de advertencia de verificaci\u00f3n de list_head Esto se debe a la desinicializaci\u00f3n de list_head. ERROR: KASAN: uso despu\u00e9s de la liberaci\u00f3n en __list_del_entry_valid+0x34/0xe4 Rastreo de llamadas: dump_backtrace+0x0/0x298 show_stack+0x24/0x34 dump_stack+0x130/0x1a8 print_address_description+0x88/0x56c __kasan_report+0x1b8/0x2a0 kasan_report +0x14/0x20 __asan_load8+ 0x9c/0xa0 __list_del_entry_valid+0x34/0xe4 mtu3_req_complete+0x4c/0x300 [mtu3] mtu3_gadget_stop+0x168/0x448 [mtu3] usb_gadget_unregister_driver+0x204/0x3a0 unregister_gadget_item+0x44/0xa4"
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46931.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46931",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T10:15:07.690",
"lastModified": "2024-02-27T10:15:07.690",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Wrap the tx reporter dump callback to extract the sq\n\nFunction mlx5e_tx_reporter_dump_sq() casts its void * argument to struct\nmlx5e_txqsq *, but in TX-timeout-recovery flow the argument is actually\nof type struct mlx5e_tx_timeout_ctx *.\n\n mlx5_core 0000:08:00.1 enp8s0f1: TX timeout detected\n mlx5_core 0000:08:00.1 enp8s0f1: TX timeout on queue: 1, SQ: 0x11ec, CQ: 0x146d, SQ Cons: 0x0 SQ Prod: 0x1, usecs since last trans: 21565000\n BUG: stack guard page was hit at 0000000093f1a2de (stack is 00000000b66ea0dc..000000004d932dae)\n kernel stack overflow (page fault): 0000 [#1] SMP NOPTI\n CPU: 5 PID: 95 Comm: kworker/u20:1 Tainted: G W OE 5.13.0_mlnx #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: mlx5e mlx5e_tx_timeout_work [mlx5_core]\n RIP: 0010:mlx5e_tx_reporter_dump_sq+0xd3/0x180\n [mlx5_core]\n Call Trace:\n mlx5e_tx_reporter_dump+0x43/0x1c0 [mlx5_core]\n devlink_health_do_dump.part.91+0x71/0xd0\n devlink_health_report+0x157/0x1b0\n mlx5e_reporter_tx_timeout+0xb9/0xf0 [mlx5_core]\n ? mlx5e_tx_reporter_err_cqe_recover+0x1d0/0x1d0\n [mlx5_core]\n ? mlx5e_health_queue_dump+0xd0/0xd0 [mlx5_core]\n ? update_load_avg+0x19b/0x550\n ? set_next_entity+0x72/0x80\n ? pick_next_task_fair+0x227/0x340\n ? finish_task_switch+0xa2/0x280\n mlx5e_tx_timeout_work+0x83/0xb0 [mlx5_core]\n process_one_work+0x1de/0x3a0\n worker_thread+0x2d/0x3c0\n ? process_one_work+0x3a0/0x3a0\n kthread+0x115/0x130\n ? kthread_park+0x90/0x90\n ret_from_fork+0x1f/0x30\n --[ end trace 51ccabea504edaff ]---\n RIP: 0010:mlx5e_tx_reporter_dump_sq+0xd3/0x180\n PKRU: 55555554\n Kernel panic - not syncing: Fatal exception\n Kernel Offset: disabled\n end Kernel panic - not syncing: Fatal exception\n\nTo fix this bug add a wrapper for mlx5e_tx_reporter_dump_sq() which\nextracts the sq from struct mlx5e_tx_timeout_ctx and set it as the\nTX-timeout-recovery flow dump callback."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5e: envuelve la devoluci\u00f3n de llamada del volcado de tx reporter para extraer el sq. La funci\u00f3n mlx5e_tx_reporter_dump_sq() lanza su argumento void * a la estructura mlx5e_txqsq *, pero en el flujo TX-timeout-recovery el argumento en realidad es de tipo struct mlx5e_tx_timeout_ctx *. mlx5_core 0000: 08: 00.1 enp8s0f1: tx timeout detectado mlx5_core 0000: 08: 00.1 enp8s0f1: tx timeout en cola: 1, sq: 0x11ec, cq: 0x146d, sq consecuencia: 0x0 sq prod: 0x1, usecs desde el \u00faltimo trans: 21565000 : la p\u00e1gina de protecci\u00f3n de pila fue visitada en 0000000093f1a2de (la pila es 00000000b66ea0dc..000000004d932dae) Desbordamiento de pila del kernel (fallo de p\u00e1gina): 0000 [#1] SMP NOPTI CPU: 5 PID: 95 Comm: kworker/u20:1 Contaminado: GW OE 5.13. 0_mlnx #1 Nombre del hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 01/04/2014 Cola de trabajo: mlx5e mlx5e_tx_timeout_work [mlx5_core] RIP: 0010:mlx5e_tx_reporter_ volcado_sq +0xd3/0x180 [mlx5_core] Seguimiento de llamadas: mlx5e_tx_reporter_dump+0x43/0x1c0 [mlx5_core] devlink_health_do_dump.part.91+0x71/0xd0 devlink_health_report+0x157/0x1b0 mlx5e_reporter_tx_timeout+0xb9/0xf0 [ml x5_core] ? mlx5e_tx_reporter_err_cqe_recover+0x1d0/0x1d0 [mlx5_core] ? mlx5e_health_queue_dump+0xd0/0xd0 [mlx5_core] ? update_load_avg+0x19b/0x550? set_next_entity+0x72/0x80? pick_next_task_fair+0x227/0x340? Finish_task_switch+0xa2/0x280 mlx5e_tx_timeout_work+0x83/0xb0 [mlx5_core] Process_one_work+0x1de/0x3a0 trabajador_thread+0x2d/0x3c0? proceso_one_work+0x3a0/0x3a0 kthread+0x115/0x130 ? kthread_park+0x90/0x90 ret_from_fork+0x1f/0x30 --[ end trace 51ccabea504edaff ]--- RIP: 0010:mlx5e_tx_reporter_dump_sq+0xd3/0x180 PKRU: 55555554 P\u00e1nico del kernel - no sincronizado: excepci\u00f3n fatal Compensaci\u00f3n del kernel: final deshabilitado P\u00e1nico del kernel - no sincronizar : Excepci\u00f3n fatal Para corregir este error, agregue un contenedor para mlx5e_tx_reporter_dump_sq() que extrae el sq de la estructura mlx5e_tx_timeout_ctx y lo configura como devoluci\u00f3n de llamada de volcado de flujo de recuperaci\u00f3n de tiempo de espera de TX."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46932.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46932",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T10:15:07.753",
"lastModified": "2024-02-27T10:15:07.753",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: appletouch - initialize work before device registration\n\nSyzbot has reported warning in __flush_work(). This warning is caused by\nwork->func == NULL, which means missing work initialization.\n\nThis may happen, since input_dev->close() calls\ncancel_work_sync(&dev->work), but dev->work initalization happens _after_\ninput_register_device() call.\n\nSo this patch moves dev->work initialization before registering input\ndevice"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: Entrada: appletouch: inicializa el trabajo antes del registro del dispositivo Syzbot ha informado una advertencia en __flush_work(). Esta advertencia es causada por work-&gt;func == NULL, lo que significa que falta la inicializaci\u00f3n del trabajo. Esto puede suceder, ya que input_dev-&gt;close() llama a cancel_work_sync(&amp;dev-&gt;work), pero la inicializaci\u00f3n dev-&gt;work ocurre _despu\u00e9s_ de la llamada input_register_device(). Entonces este parche mueve la inicializaci\u00f3n dev-&gt;work antes de registrar el dispositivo de entrada"
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46933.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46933",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T10:15:07.807",
"lastModified": "2024-02-27T10:15:07.807",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.\n\nffs_data_clear is indirectly called from both ffs_fs_kill_sb and\nffs_ep0_release, so it ends up being called twice when userland closes ep0\nand then unmounts f_fs.\nIf userland provided an eventfd along with function's USB descriptors, it\nends up calling eventfd_ctx_put as many times, causing a refcount\nunderflow.\nNULL-ify ffs_eventfd to prevent these extraneous eventfd_ctx_put calls.\n\nAlso, set epfiles to NULL right after de-allocating it, for readability.\n\nFor completeness, ffs_data_clear actually ends up being called thrice, the\nlast call being before the whole ffs structure gets freed, so when this\nspecific sequence happens there is a second underflow happening (but not\nbeing reported):\n\n/sys/kernel/debug/tracing# modprobe usb_f_fs\n/sys/kernel/debug/tracing# echo ffs_data_clear > set_ftrace_filter\n/sys/kernel/debug/tracing# echo function > current_tracer\n/sys/kernel/debug/tracing# echo 1 > tracing_on\n(setup gadget, run and kill function userland process, teardown gadget)\n/sys/kernel/debug/tracing# echo 0 > tracing_on\n/sys/kernel/debug/tracing# cat trace\n smartcard-openp-436 [000] ..... 1946.208786: ffs_data_clear <-ffs_data_closed\n smartcard-openp-431 [000] ..... 1946.279147: ffs_data_clear <-ffs_data_closed\n smartcard-openp-431 [000] .n... 1946.905512: ffs_data_clear <-ffs_data_put\n\nWarning output corresponding to above trace:\n[ 1946.284139] WARNING: CPU: 0 PID: 431 at lib/refcount.c:28 refcount_warn_saturate+0x110/0x15c\n[ 1946.293094] refcount_t: underflow; use-after-free.\n[ 1946.298164] Modules linked in: usb_f_ncm(E) u_ether(E) usb_f_fs(E) hci_uart(E) btqca(E) btrtl(E) btbcm(E) btintel(E) bluetooth(E) nls_ascii(E) nls_cp437(E) vfat(E) fat(E) bcm2835_v4l2(CE) bcm2835_mmal_vchiq(CE) videobuf2_vmalloc(E) videobuf2_memops(E) sha512_generic(E) videobuf2_v4l2(E) sha512_arm(E) videobuf2_common(E) videodev(E) cpufreq_dt(E) snd_bcm2835(CE) brcmfmac(E) mc(E) vc4(E) ctr(E) brcmutil(E) snd_soc_core(E) snd_pcm_dmaengine(E) drbg(E) snd_pcm(E) snd_timer(E) snd(E) soundcore(E) drm_kms_helper(E) cec(E) ansi_cprng(E) rc_core(E) syscopyarea(E) raspberrypi_cpufreq(E) sysfillrect(E) sysimgblt(E) cfg80211(E) max17040_battery(OE) raspberrypi_hwmon(E) fb_sys_fops(E) regmap_i2c(E) ecdh_generic(E) rfkill(E) ecc(E) bcm2835_rng(E) rng_core(E) vchiq(CE) leds_gpio(E) libcomposite(E) fuse(E) configfs(E) ip_tables(E) x_tables(E) autofs4(E) ext4(E) crc16(E) mbcache(E) jbd2(E) crc32c_generic(E) sdhci_iproc(E) sdhci_pltfm(E) sdhci(E)\n[ 1946.399633] CPU: 0 PID: 431 Comm: smartcard-openp Tainted: G C OE 5.15.0-1-rpi #1 Debian 5.15.3-1\n[ 1946.417950] Hardware name: BCM2835\n[ 1946.425442] Backtrace:\n[ 1946.432048] [<c08d60a0>] (dump_backtrace) from [<c08d62ec>] (show_stack+0x20/0x24)\n[ 1946.448226] r7:00000009 r6:0000001c r5:c04a948c r4:c0a64e2c\n[ 1946.458412] [<c08d62cc>] (show_stack) from [<c08d9ae0>] (dump_stack+0x28/0x30)\n[ 1946.470380] [<c08d9ab8>] (dump_stack) from [<c0123500>] (__warn+0xe8/0x154)\n[ 1946.482067] r5:c04a948c r4:c0a71dc8\n[ 1946.490184] [<c0123418>] (__warn) from [<c08d6948>] (warn_slowpath_fmt+0xa0/0xe4)\n[ 1946.506758] r7:00000009 r6:0000001c r5:c0a71dc8 r4:c0a71e04\n[ 1946.517070] [<c08d68ac>] (warn_slowpath_fmt) from [<c04a948c>] (refcount_warn_saturate+0x110/0x15c)\n[ 1946.535309] r8:c0100224 r7:c0dfcb84 r6:ffffffff r5:c3b84c00 r4:c24a17c0\n[ 1946.546708] [<c04a937c>] (refcount_warn_saturate) from [<c0380134>] (eventfd_ctx_put+0x48/0x74)\n[ 1946.564476] [<c03800ec>] (eventfd_ctx_put) from [<bf5464e8>] (ffs_data_clear+0xd0/0x118 [usb_f_fs])\n[ 1946.582664] r5:c3b84c00 r4:c2695b00\n[ 1946.590668] [<bf546418>] (ffs_data_clear [usb_f_fs]) from [<bf547cc0>] (ffs_data_closed+0x9c/0x150 [usb_f_fs])\n[ 1946.609608] r5:bf54d014 r4:c2695b00\n[ 1946.617522] [<bf547c24>] (ffs_data_closed [usb_f_fs]) from [<bf547da0>] (ffs_fs_kill_sb+0x2c/0x30 [usb_f_fs])\n[ 1946.636217] r7:c0dfcb\n---truncated---"
},
{
"lang": "es",
"value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: usb: gadget: f_fs: Borrar ffs_eventfd en ffs_data_clear. ffs_data_clear se llama indirectamente desde ffs_fs_kill_sb y ffs_ep0_release, por lo que termina siendo llamado dos veces cuando el \u00e1rea de usuario cierra ep0 y luego desmonta f_fs. Si Userland proporcion\u00f3 un eventfd junto con los descriptores USB de la funci\u00f3n, termina llamando a eventfd_ctx_put tantas veces, provocando un desbordamiento insuficiente de recuento. NULL-ify ffs_eventfd para evitar estas llamadas extra\u00f1as eventfd_ctx_put. Adem\u00e1s, establezca epfiles en NULL justo despu\u00e9s de desasignarlo, para facilitar la lectura. Para completar, ffs_data_clear en realidad termina siendo llamado tres veces, la \u00faltima llamada es antes de que se libere toda la estructura de ffs, por lo que cuando ocurre esta secuencia espec\u00edfica, se produce un segundo desbordamiento insuficiente (pero no se informa): /sys/kernel/debug/tracing # modprobe usb_f_fs /sys/kernel/debug/tracing# echo ffs_data_clear &gt; set_ftrace_filter /sys/kernel/debug/tracing# echo function &gt; current_tracer /sys/kernel/debug/tracing# echo 1 &gt; tracing_on (dispositivo de configuraci\u00f3n, funci\u00f3n ejecutar y finalizar proceso de usuario, dispositivo de desmontaje) /sys/kernel/debug/tracing# echo 0 &gt; tracing_on /sys/kernel/debug/tracing# cat trace smartcard-openp-436 [000] ..... 1946.208786: ffs_data_clear &lt;-ffs_data_closed tarjeta inteligente -openp-431 [000] ..... 1946.279147: ffs_data_clear &lt;-ffs_data_closed smartcard-openp-431 [000] .n... 1946.905512: ffs_data_clear &lt;-ffs_data_put Salida de advertencia correspondiente al seguimiento anterior: [ 1946.284139] ADVERTENCIA: CPU : 0 PID: 431 en lib/refcount.c:28 refcount_warn_saturate+0x110/0x15c [ 1946.293094] refcount_t: desbordamiento insuficiente; use-after-free. [1946.298164] M\u00f3dulos vinculados en: usb_f_ncm(E) u_ether(E) usb_f_fs(E) hci_uart(E) btqca(E) btrtl(E) btbcm(E) btintel(E) bluetooth(E) nls_ascii(E) nls_cp437(E ) vfat(E) fat(E) bcm2835_v4l2(CE) bcm2835_mmal_vchiq(CE) videobuf2_vmalloc(E) videobuf2_memops(E) sha512_generic(E) videobuf2_v4l2(E) sha512_arm(E) videobuf2_common(E) videodev(E) cpufreq_dt(E) snd_b cm2835 (CE) brcmfmac(E) mc(E) vc4(E) ctr(E) brcmutil(E) snd_soc_core(E) snd_pcm_dmaengine(E) drbg(E) snd_pcm(E) snd_timer(E) snd(E) soundcore(E ) drm_kms_helper(E) cec(E) ansi_cprng(E) rc_core(E) syscopyarea(E) raspberrypi_cpufreq(E) sysfillrect(E) sysimgblt(E) cfg80211(E) max17040_battery(OE) raspberrypi_hwmon(E) fb_sys_fops(E) regmap_i2c (E) ecdh_generic(E) rfkill(E) ecc(E) bcm2835_rng(E) rng_core(E) vchiq(CE) leds_gpio(E) libcomposite(E) fuse(E) configfs(E) ip_tables(E) x_tables(E ) autofs4(E) ext4(E) crc16(E) mbcache(E) jbd2(E) crc32c_generic(E) sdhci_iproc(E) sdhci_pltfm(E) sdhci(E) [ 1946.399633] CPU: 0 PID: 431 Comm: tarjeta inteligente- openp Contaminado: GC OE 5.15.0-1-rpi #1 Debian 5.15.3-1 [ 1946.417950] Nombre de hardware: BCM2835 [ 1946.425442] Seguimiento inverso: [ 1946.432048] [] (dump_backtrace) de [] ( show_stack+0x20/0x24) [ 1946.448226] r7:00000009 r6:0000001c r5:c04a948c r4:c0a64e2c [ 1946.458412] [] (show_stack) de [] (dump_ pila+0x28/0x30) [ 1946.470380] [&lt; c08d9ab8&gt;] (dump_stack) de [] (__warn+0xe8/0x154) [ 1946.482067] r5:c04a948c r4:c0a71dc8 [ 1946.490184] [] (__warn) de [] (warn_slowpath_fmt+0xa0/ 0xe4) [ 1946.506758] r7:00000009 r6:0000001c r5:c0a71dc8 r4:c0a71e04 [ 1946.517070] [] (warn_slowpath_fmt) de [] (refcount_war n_saturado+0x110/0x15c) [ 1946.535309] r8:c0100224 r7:c0dfcb84 r6:ffffffff r5:c3b84c00 r4:c24a17c0 [ 1946.546708] [] (refcount_warn_saturate) de [] (eventfd_ctx_put+0x48/0x74) [ 1946.564476] [] (eventfd_ctx_put) de [] (ffs_data_clear+0xd0/0x118 [usb_f_fs]) [ 1946.582664] r5:c3b84c00 r4:c2695b00 [ 1946.590668] [] (ffs_data_clear [usb_f_fs]) de [] ( ffs_data_closed+0x9c/0x150 [usb_f_fs]) [ 1946.609608] r5:bf54d014 r4:c2695b00 [ 1946.617522] [] (ffs_data_closed [usb_f_fs"
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46934.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46934",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T10:15:07.877",
"lastModified": "2024-02-27T10:15:07.877",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: validate user data in compat ioctl\n\nWrong user data may cause warning in i2c_transfer(), ex: zero msgs.\nUserspace should not be able to trigger warnings, so this patch adds\nvalidation checks for user data in compact ioctl to prevent reported\nwarnings"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i2c: validar datos de usuario en compat ioctl Los datos de usuario incorrectos pueden causar advertencia en i2c_transfer(), ej: cero mensajes. El espacio de usuario no deber\u00eda poder activar advertencias, por lo que este parche agrega comprobaciones de validaci\u00f3n para los datos del usuario en ioctl compacto para evitar advertencias reportadas."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46935.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46935",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T10:15:07.957",
"lastModified": "2024-02-27T10:15:07.957",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix async_free_space accounting for empty parcels\n\nIn 4.13, commit 74310e06be4d (\"android: binder: Move buffer out of area shared with user space\")\nfixed a kernel structure visibility issue. As part of that patch,\nsizeof(void *) was used as the buffer size for 0-length data payloads so\nthe driver could detect abusive clients sending 0-length asynchronous\ntransactions to a server by enforcing limits on async_free_size.\n\nUnfortunately, on the \"free\" side, the accounting of async_free_space\ndid not add the sizeof(void *) back. The result was that up to 8-bytes of\nasync_free_space were leaked on every async transaction of 8-bytes or\nless. These small transactions are uncommon, so this accounting issue\nhas gone undetected for several years.\n\nThe fix is to use \"buffer_size\" (the allocated buffer size) instead of\n\"size\" (the logical buffer size) when updating the async_free_space\nduring the free operation. These are the same except for this\ncorner case of asynchronous transactions with payloads < 8 bytes."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: binder: corrige la contabilidad async_free_space para paquetes vac\u00edos En 4.13, el commit 74310e06be4d (\"android: binder: mover el b\u00fafer fuera del \u00e1rea compartida con el espacio del usuario\") solucion\u00f3 un problema de visibilidad de la estructura del kernel. Como parte de ese parche, se us\u00f3 sizeof(void *) como tama\u00f1o de b\u00fafer para cargas de datos de longitud 0, de modo que el controlador pudiera detectar clientes abusivos que enviaran transacciones asincr\u00f3nicas de longitud 0 a un servidor imponiendo l\u00edmites en async_free_size. Desafortunadamente, en el lado \"libre\", la contabilidad de async_free_space no volvi\u00f3 a agregar el tama\u00f1o de (void *). El resultado fue que se filtraron hasta 8 bytes de async_free_space en cada transacci\u00f3n as\u00edncrona de 8 bytes o menos. Estas peque\u00f1as transacciones son poco comunes, por lo que este problema contable ha pasado desapercibido durante varios a\u00f1os. La soluci\u00f3n es utilizar \"buffer_size\" (el tama\u00f1o del b\u00fafer asignado) en lugar de \"size\" (el tama\u00f1o del b\u00fafer l\u00f3gico) al actualizar async_free_space durante la operaci\u00f3n libre. Son iguales excepto por este caso de esquina de transacciones asincr\u00f3nicas con payloads &lt;8 bytes."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46936.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46936",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T10:15:08.017",
"lastModified": "2024-02-27T10:15:08.017",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:19:41.650",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix use-after-free in tw_timer_handler\n\nA real world panic issue was found as follow in Linux 5.4.\n\n BUG: unable to handle page fault for address: ffffde49a863de28\n PGD 7e6fe62067 P4D 7e6fe62067 PUD 7e6fe63067 PMD f51e064067 PTE 0\n RIP: 0010:tw_timer_handler+0x20/0x40\n Call Trace:\n <IRQ>\n call_timer_fn+0x2b/0x120\n run_timer_softirq+0x1ef/0x450\n __do_softirq+0x10d/0x2b8\n irq_exit+0xc7/0xd0\n smp_apic_timer_interrupt+0x68/0x120\n apic_timer_interrupt+0xf/0x20\n\nThis issue was also reported since 2017 in the thread [1],\nunfortunately, the issue was still can be reproduced after fixing\nDCCP.\n\nThe ipv4_mib_exit_net is called before tcp_sk_exit_batch when a net\nnamespace is destroyed since tcp_sk_ops is registered befrore\nipv4_mib_ops, which means tcp_sk_ops is in the front of ipv4_mib_ops\nin the list of pernet_list. There will be a use-after-free on\nnet->mib.net_statistics in tw_timer_handler after ipv4_mib_exit_net\nif there are some inflight time-wait timers.\n\nThis bug is not introduced by commit f2bf415cfed7 (\"mib: add net to\nNET_ADD_STATS_BH\") since the net_statistics is a global variable\ninstead of dynamic allocation and freeing. Actually, commit\n61a7e26028b9 (\"mib: put net statistics on struct net\") introduces\nthe bug since it put net statistics on struct net and free it when\nnet namespace is destroyed.\n\nMoving init_ipv4_mibs() to the front of tcp_init() to fix this bug\nand replace pr_crit() with panic() since continuing is meaningless\nwhen init_ipv4_mibs() fails.\n\n[1] https://groups.google.com/g/syzkaller/c/p1tn-_Kc6l4/m/smuL_FMAAgAJ?pli=1"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: corrige use-after-free en tw_timer_handler Se encontr\u00f3 un problema de p\u00e1nico en el mundo real como se muestra a continuaci\u00f3n en Linux 5.4. ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: ffffde49a863de28 PGD 7e6fe62067 P4D 7e6fe62067 PUD 7e6fe63067 PMD f51e064067 PTE 0 RIP: 0010:tw_timer_handler+0x20/0x40 Seguimiento de llamadas: call_timer_fn+0x2b/ 0x120 run_timer_softirq+0x1ef/0x450 __do_softirq+0x10d/ 0x2b8 irq_exit+0xc7/0xd0 smp_apic_timer_interrupt+0x68/0x120 apic_timer_interrupt+0xf/0x20 Este problema tambi\u00e9n se inform\u00f3 desde 2017 en el hilo [1], desafortunadamente, el problema a\u00fan se puede reproducir despu\u00e9s de corregir DCCP. ipv4_mib_exit_net se llama antes de tcp_sk_exit_batch cuando se destruye un espacio de nombres de red, ya que tcp_sk_ops est\u00e1 registrado antes de ipv4_mib_ops, lo que significa que tcp_sk_ops est\u00e1 al frente de ipv4_mib_ops en la lista de pernet_list. Habr\u00e1 un use-after-free en net-&gt;mib.net_statistics en tw_timer_handler despu\u00e9s de ipv4_mib_exit_net si hay algunos temporizadores de espera a bordo. Este error no se introduce mediante la confirmaci\u00f3n f2bf415cfed7 (\"mib: add net to NET_ADD_STATS_BH\") ya que net_statistics es una variable global en lugar de una asignaci\u00f3n y liberaci\u00f3n din\u00e1micas. En realidad, la confirmaci\u00f3n 61a7e26028b9 (\"mib: poner estad\u00edsticas de red en struct net\") introduce el error ya que coloca estad\u00edsticas de red en struct net y las libera cuando se destruye el espacio de nombres de red. Mover init_ipv4_mibs() al frente de tcp_init() para corregir este error y reemplazar pr_crit() con p\u00e1nico() ya que continuar no tiene sentido cuando init_ipv4_mibs() falla. [1] https://groups.google.com/g/syzkaller/c/p1tn-_Kc6l4/m/smuL_FMAAgAJ?pli=1"
}
],
"metrics": {},

8
CVE-2021/CVE-2021-469xx/CVE-2021-46937.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46937",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T10:15:08.067",
"lastModified": "2024-02-27T10:15:08.067",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:19:41.650",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfs_target_ids_write()'\n\nDAMON debugfs interface increases the reference counts of 'struct pid's\nfor targets from the 'target_ids' file write callback\n('dbgfs_target_ids_write()'), but decreases the counts only in DAMON\nmonitoring termination callback ('dbgfs_before_terminate()').\n\nTherefore, when 'target_ids' file is repeatedly written without DAMON\nmonitoring start/termination, the reference count is not decreased and\ntherefore memory for the 'struct pid' cannot be freed. This commit\nfixes this issue by decreasing the reference counts when 'target_ids' is\nwritten."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/damon/dbgfs: corrige las fugas de 'struct pid' en 'dbgfs_target_ids_write()' La interfaz DAMON debugfs aumenta los recuentos de referencias de 'struct pid' para los objetivos de la escritura del archivo 'target_ids' devoluci\u00f3n de llamada ('dbgfs_target_ids_write()'), pero disminuye los recuentos solo en la devoluci\u00f3n de llamada de terminaci\u00f3n de monitoreo de DAMON ('dbgfs_before_terminate()'). Por lo tanto, cuando el archivo 'target_ids' se escribe repetidamente sin que DAMON supervise el inicio/terminaci\u00f3n, el recuento de referencias no disminuye y, por lo tanto, no se puede liberar memoria para 'struct pid'. Este commit soluciona este problema al disminuir el recuento de referencias cuando se escribe 'target_ids'."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-362xx/CVE-2023-36237.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36237",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-26T22:15:06.933",
"lastModified": "2024-02-26T22:15:06.933",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 allows an attacker to execute arbitrary code via a crafted HTML script."
},
{
"lang": "es",
"value": "La vulnerabilidad de Cross Site Request Forgery en Bagisto anterior a v.1.5.1 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script HTML manipulado."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-415xx/CVE-2023-41506.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41506",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-27T02:15:06.267",
"lastModified": "2024-02-27T02:15:06.267",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in the Update/Edit Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de carga de archivos arbitrarios en la funci\u00f3n Actualizar/Editar imagen de perfil del estudiante de Student Enrollment In PHP v1.0 permite a los atacantes ejecutar c\u00f3digo arbitrario cargando un archivo PHP manipulado."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-503xx/CVE-2023-50379.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50379",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-27T09:15:36.827",
"lastModified": "2024-02-27T09:15:36.827",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Malicious code injection in Apache Ambari in prior to 2.7.8.\u00a0Users are recommended to upgrade to version 2.7.8, which fixes this issue.\n\nImpact:\nA Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host.\n\n"
},
{
"lang": "es",
"value": "Inyecci\u00f3n de c\u00f3digo malicioso en Apache Ambari en versiones anteriores a 2.7.8. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.7.8, que soluciona este problema. Impacto: un operador de cl\u00faster puede manipular la solicitud agregando una inyecci\u00f3n de c\u00f3digo malicioso y obteniendo una ra\u00edz sobre el host principal del cl\u00faster."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-515xx/CVE-2023-51518.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51518",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-27T09:15:36.983",
"lastModified": "2024-02-27T09:15:36.983",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data.\nGiven a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation.\nNote that by default JMX endpoint is only bound locally.\n\nWe recommend users to:\n\u00a0- Upgrade to a non-vulnerable Apache James version\n\n\u00a0- Run Apache James isolated from other processes (docker - dedicated virtual machine)\n\u00a0- If possible turn off JMX\n\n"
},
{
"lang": "es",
"value": "Apache James anterior a las versiones 3.7.5 y 3.8.0 expone un endpoint JMX en localhost sujeto a deserializaci\u00f3n previa a la autenticaci\u00f3n de datos que no son de confianza. Dado un dispositivo de deserializaci\u00f3n, esto podr\u00eda aprovecharse como parte de una cadena de explotaci\u00f3n que podr\u00eda resultar en una escalada de privilegios. Tenga en cuenta que, de forma predeterminada, el endpoint JMX solo est\u00e1 vinculado localmente. Recomendamos a los usuarios: - Actualizar a una versi\u00f3n de Apache James no vulnerable - Ejecutar Apache James aislado de otros procesos (docker - m\u00e1quina virtual dedicada) - Si es posible, desactive JMX"
}
],
"metrics": {},

40
CVE-2023/CVE-2023-517xx/CVE-2023-51747.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-51747",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-27T14:15:27.030",
"lastModified": "2024-02-27T14:19:41.650",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling.\n\nA lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to bypass SPF checks.\n\nThe patch implies enforcement of CRLF as a line delimiter as part of the DATA transaction.\n\nWe recommend James users to upgrade to non vulnerable versions.\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/rxkwbkh9vgbl9rzx1fkllyk3krhgydko",
"source": "security@apache.org"
},
{
"url": "https://postfix.org/smtp-smuggling.html",
"source": "security@apache.org"
},
{
"url": "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/",
"source": "security@apache.org"
}
]
}

4
CVE-2023/CVE-2023-59xx/CVE-2023-5993.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5993",
"sourceIdentifier": "psirt@thalesgroup.com",
"published": "2024-02-27T11:15:07.343",
"lastModified": "2024-02-27T11:15:07.343",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:19:41.650",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-65xx/CVE-2023-6584.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6584",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-27T09:15:37.087",
"lastModified": "2024-02-27T09:15:37.087",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP JobSearch WordPress plugin before 2.3.4 does not prevent attackers from logging-in as any users with the only knowledge of that user's email address."
},
{
"lang": "es",
"value": "El complemento WP JobSearch de WordPress anterior a 2.3.4 no impide que los atacantes inicien sesi\u00f3n como cualquier usuario con el \u00fanico conocimiento de la direcci\u00f3n de correo electr\u00f3nico de ese usuario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-65xx/CVE-2023-6585.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6585",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-27T09:15:37.147",
"lastModified": "2024-02-27T09:15:37.147",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP JobSearch WordPress plugin before 2.3.4 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server"
},
{
"lang": "es",
"value": "El complemento WP JobSearch de WordPress anterior a 2.3.4 no valida los archivos que se cargar\u00e1n, lo que podr\u00eda permitir a atacantes no autenticados cargar archivos arbitrarios como PHP en el servidor."
}
],
"metrics": {},

6
CVE-2023/CVE-2023-68xx/CVE-2023-6807.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6807",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-05T22:15:56.543",
"lastModified": "2024-02-09T16:43:49.707",
"lastModified": "2024-02-27T14:21:27.377",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -79,9 +79,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:generatepress:generatepress_premium:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:generatepress:generatepress:*:*:*:*:premium:wordpress:*:*",
"versionEndIncluding": "2.3.2",
"matchCriteriaId": "AC8A1C21-771B-492E-A764-5F580A4E05B7"
"matchCriteriaId": "87F5F011-DFDF-40E1-A5DA-50E89F607EE6"
}
]
}

4
CVE-2023/CVE-2023-70xx/CVE-2023-7016.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7016",
"sourceIdentifier": "psirt@thalesgroup.com",
"published": "2024-02-27T11:15:07.933",
"lastModified": "2024-02-27T11:15:07.933",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:19:41.650",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-70xx/CVE-2023-7033.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7033",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2024-02-27T04:15:06.473",
"lastModified": "2024-02-27T04:15:06.473",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN Flood attack."
},
{
"lang": "es",
"value": "Vulnerabilidad de grupo de recursos insuficiente en la funci\u00f3n Ethernet de los m\u00f3dulos de CPU de la serie MELSEC iQ-F de Mitsubishi Electric Corporation permite que un atacante remoto cause una condici\u00f3n de denegaci\u00f3n de servicio temporal durante un cierto per\u00edodo de tiempo en la comunicaci\u00f3n Ethernet de los productos mediante la realizaci\u00f3n de un ataque TCP SYN Flood."
}
],
"metrics": {

8
CVE-2023/CVE-2023-71xx/CVE-2023-7115.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7115",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-27T09:15:37.197",
"lastModified": "2024-02-27T09:15:37.197",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Page Builder: Pagelayer WordPress plugin before 1.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
},
{
"lang": "es",
"value": "El complemento Page Builder: Pagelayer de WordPress anterior a 1.8.1 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-71xx/CVE-2023-7165.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7165",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-27T09:15:37.247",
"lastModified": "2024-02-27T09:15:37.247",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The JetBackup WordPress plugin before 2.0.9.9 doesn't use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup files."
},
{
"lang": "es",
"value": "El complemento JetBackup de WordPress anterior a 2.0.9.9 no utiliza archivos de \u00edndice para evitar la lista p\u00fablica de directorios confidenciales en ciertas configuraciones, lo que permite a actores malintencionados filtrar archivos de respaldo."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-71xx/CVE-2023-7167.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7167",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-27T09:15:37.293",
"lastModified": "2024-02-27T09:15:37.293",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Persian Fonts WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
},
{
"lang": "es",
"value": "El complemento Persian Fonts de WordPress hasta la versi\u00f3n 1.6 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-71xx/CVE-2023-7198.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7198",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-27T09:15:37.350",
"lastModified": "2024-02-27T09:15:37.350",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP Dashboard Notes WordPress plugin before 1.0.11 is vulnerable to Insecure Direct Object References (IDOR) in post_id= parameter. Authenticated users are able to delete private notes associated with different user accounts. This poses a significant security risk as it violates the principle of least privilege and compromises the integrity and privacy of user data."
},
{
"lang": "es",
"value": "El complemento WP Dashboard Notes de WordPress anterior a 1.0.11 es vulnerable a referencias de objetos directos inseguros (IDOR) en el par\u00e1metro post_id=. Los usuarios autenticados pueden eliminar notas privadas asociadas con diferentes cuentas de usuario. Esto plantea un riesgo de seguridad importante, ya que viola el principio de privilegio m\u00ednimo y compromete la integridad y privacidad de los datos del usuario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-72xx/CVE-2023-7202.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7202",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-27T09:15:37.397",
"lastModified": "2024-02-27T09:15:37.397",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Fatal Error Notify WordPress plugin before 1.5.3 does not have authorisation and CSRF checks in its test_error AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF"
},
{
"lang": "es",
"value": "El complemento Fatal Error Notify de WordPress anterior a 1.5.3 no tiene autorizaci\u00f3n y CSRF verifica su acci\u00f3n test_error AJAX, lo que permite a cualquier usuario autenticado, como un suscriptor, llamarlo y enviar spam a la direcci\u00f3n de correo electr\u00f3nico del administrador con mensajes de error. El problema tambi\u00e9n se puede explotar a trav\u00e9s de CSRF."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-72xx/CVE-2023-7203.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7203",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-27T09:15:37.450",
"lastModified": "2024-02-27T09:15:37.450",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Smart Forms WordPress plugin before 2.6.87 does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as deleting entries."
},
{
"lang": "es",
"value": "El complemento Smart Forms de WordPress anterior a 2.6.87 no tiene autorizaci\u00f3n en varias acciones AJAX, lo que podr\u00eda permitir a usuarios con un rol tan bajo como suscriptor llamarlos y realizar acciones no autorizadas, como eliminar entradas. El complemento tambi\u00e9n carece de comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los usuarios que han iniciado sesi\u00f3n realicen acciones no deseadas a trav\u00e9s de ataques CSRF, como eliminar entradas."
}
],
"metrics": {},

55
CVE-2024/CVE-2024-01xx/CVE-2024-0197.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-0197",
"sourceIdentifier": "psirt@thalesgroup.com",
"published": "2024-02-27T13:15:45.300",
"lastModified": "2024-02-27T14:19:41.650",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@thalesgroup.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@thalesgroup.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://supportportal.thalesgroup.com",
"source": "psirt@thalesgroup.com"
}
]
}

59
CVE-2024/CVE-2024-05xx/CVE-2024-0551.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-0551",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-02-27T14:15:27.130",
"lastModified": "2024-02-27T14:19:41.650",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack.\n\nIt is worth noting that the deterministic nature of the export name is lower risk as the UI for exporting would start the download at the same time, which once downloaded - deletes the export from the system.\n\nThe endpoint for exporting should simply be patched to a higher privilege level."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/mintplex-labs/anything-llm/commit/7aaa4b38e7112a6cd879c1238310c56b1844c6d8",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/f114c787-ab5f-4f83-afa5-c000435efb78",
"source": "security@huntr.dev"
}
]
}

8
CVE-2024/CVE-2024-07xx/CVE-2024-0759.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0759",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-02-27T06:15:45.493",
"lastModified": "2024-02-27T06:15:45.493",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of other services that are on the same network as AnythingLLM.\n\nThis would require the attacker also be able to guess these internal IPs as `/*` ranging is not possible, but could be brute forced.\n\nThere is a duty of care that other services on the same network would not be fully open and accessible via a simple CuRL with zero authentication as it is not possible to set headers or access via the link collector."
},
{
"lang": "es",
"value": "Si una instancia de AnythingLLM est\u00e1 alojada en una red interna y al atacado se le concede expl\u00edcitamente un nivel de permiso de administrador o administrador, podr\u00edan vincular IP de resoluci\u00f3n interna de otros servicios que est\u00e9n en la misma red que AnythingLLM. Esto requerir\u00eda que el atacante tambi\u00e9n pudiera adivinar estas IP internas, ya que el rango `/*` no es posible, pero podr\u00eda ser forzado de forma bruta. Existe el deber de tener cuidado de que otros servicios en la misma red no est\u00e9n completamente abiertos y accesibles a trav\u00e9s de un CuRL simple sin autenticaci\u00f3n, ya que no es posible configurar encabezados o acceder a trav\u00e9s del recopilador de enlaces."
}
],
"metrics": {

55
CVE-2024/CVE-2024-08xx/CVE-2024-0819.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-0819",
"sourceIdentifier": "psirt@teamviewer.com",
"published": "2024-02-27T14:15:27.310",
"lastModified": "2024-02-27T14:19:41.650",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nImproper initialization of default settings in TeamViewer Remote Client prior version 15.51.5 for Windows, Linux and macOS, allow a low privileged user to elevate privileges by changing the personal password setting and establishing a remote connection to a logged-in admin account.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@teamviewer.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@teamviewer.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://www.teamviewer.com/en/trust-center/security-bulletins/tv-2024-1001/",
"source": "psirt@teamviewer.com"
}
]
}

8
CVE-2024/CVE-2024-08xx/CVE-2024-0855.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0855",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-27T09:15:37.497",
"lastModified": "2024-02-27T09:15:37.497",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the event_author parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+."
},
{
"lang": "es",
"value": "El complemento Spiffy Calendar de WordPress anterior a 4.9.9 no verifica el par\u00e1metro event_author y permite a cualquier usuario modificarlo al crear un evento, lo que lleva a enga\u00f1ar a los usuarios/administradores de que una p\u00e1gina fue creada por un Contributor+."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-11xx/CVE-2024-1106.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1106",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-27T09:15:37.543",
"lastModified": "2024-02-27T09:15:37.543",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Shariff Wrapper WordPress plugin before 4.6.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
},
{
"lang": "es",
"value": "El complemento Shariff Wrapper de WordPress anterior a 4.6.10 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-13xx/CVE-2024-1323.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1323",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-27T05:15:08.193",
"lastModified": "2024-02-27T05:15:08.193",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Type Grid Widget Title in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Orbit Fox de ThemeIsle para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del t\u00edtulo del widget de cuadr\u00edcula de tipo de publicaci\u00f3n del complemento en todas las versiones hasta la 2.10.30 incluida, debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

4
CVE-2024/CVE-2024-16xx/CVE-2024-1649.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1649",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-27T11:15:08.133",
"lastModified": "2024-02-27T11:15:08.133",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:19:41.650",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-16xx/CVE-2024-1650.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1650",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-27T11:15:08.317",
"lastModified": "2024-02-27T11:15:08.317",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:19:41.650",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-16xx/CVE-2024-1652.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1652",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-27T11:15:08.507",
"lastModified": "2024-02-27T11:15:08.507",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:19:41.650",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-16xx/CVE-2024-1653.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1653",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-27T11:15:08.690",
"lastModified": "2024-02-27T11:15:08.690",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:19:41.650",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-16xx/CVE-2024-1686.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1686",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-27T06:15:45.777",
"lastModified": "2024-02-27T06:15:45.777",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Thank You Page Customizer for WooCommerce \u2013 Increase Your Sales plugin for WordPress is vulnerable to missing authorization e in all versions up to, and including, 1.1.2 via the apply_layout function due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve arbitrary order data which may contain PII."
},
{
"lang": "es",
"value": "El complemento Thank You Page Customizer for WooCommerce \u2013 Increase Your Sales para WordPress, es vulnerable a la falta de autorizaci\u00f3n e en todas las versiones hasta la 1.1.2 incluida, a trav\u00e9s de la funci\u00f3n apply_layout debido a una verificaci\u00f3n de capacidad faltante. Esto hace posible que atacantes autenticados, con acceso a nivel de suscriptor y superior, recuperen datos de pedidos arbitrarios que pueden contener PII."
}
],
"metrics": {

8
CVE-2024/CVE-2024-16xx/CVE-2024-1687.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1687",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-27T06:15:45.957",
"lastModified": "2024-02-27T06:15:45.957",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Thank You Page Customizer for WooCommerce \u2013 Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the get_text_editor_content() function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes."
},
{
"lang": "es",
"value": "El complemento Thank You Page Customizer for WooCommerce \u2013 Increase Your Sales para WordPress es vulnerable a la ejecuci\u00f3n no autorizada de c\u00f3digos cortos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n get_text_editor_content() en todas las versiones hasta la 1.1.2 incluida. Esto hace posible que atacantes autenticados, con acceso a nivel de suscriptor y superior, ejecuten c\u00f3digos cortos arbitrarios."
}
],
"metrics": {

8
CVE-2024/CVE-2024-16xx/CVE-2024-1698.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1698",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-27T06:15:46.140",
"lastModified": "2024-02-27T06:15:46.140",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The NotificationX \u2013 Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
},
{
"lang": "es",
"value": "NotificationX: el mejor complemento FOMO, prueba social, ventana emergente de ventas de WooCommerce y barra de notificaciones con el complemento Elementor para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'tipo' en todas las versiones hasta la 2.8.2 incluida, debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que atacantes no autenticados agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer informaci\u00f3n confidencial de la base de datos."
}
],
"metrics": {

4
CVE-2024/CVE-2024-19xx/CVE-2024-1906.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1906",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-27T11:15:08.863",
"lastModified": "2024-02-27T11:15:08.863",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:19:41.650",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-19xx/CVE-2024-1907.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1907",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-27T11:15:09.060",
"lastModified": "2024-02-27T11:15:09.060",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:19:41.650",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-19xx/CVE-2024-1909.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1909",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-27T11:15:09.240",
"lastModified": "2024-02-27T11:15:09.240",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:19:41.650",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-19xx/CVE-2024-1910.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1910",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-27T11:15:09.427",
"lastModified": "2024-02-27T11:15:09.427",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:19:41.650",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-19xx/CVE-2024-1912.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1912",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-27T11:15:09.610",
"lastModified": "2024-02-27T11:15:09.610",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:19:41.650",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

88
CVE-2024/CVE-2024-19xx/CVE-2024-1918.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1918",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-27T13:15:45.470",
"lastModified": "2024-02-27T14:19:41.650",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Beijing Baichuo Smart S42 Management Platform up to 20240219 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /useratte/userattestation.php. The manipulation of the argument hidwel leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254839. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/Echosssy/CVE/blob/main/%E5%85%B3%E4%BA%8ESmart%20S42%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0%E5%AD%98%E5%9C%A8%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E%E7%9A%84%E6%83%85%E5%86%B5%E9%80%9A%E6%8A%A5-userattestation.php.docx",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.254839",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.254839",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-19xx/CVE-2024-1919.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1919",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-27T14:15:27.490",
"lastModified": "2024-02-27T14:19:41.650",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in SourceCodester Online Job Portal 1.0. This vulnerability affects unknown code of the file /Employer/ManageWalkin.php of the component Manage Walkin Page. The manipulation of the argument Job Title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-254854 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://prnt.sc/1W0g0F8vv2mw",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.254854",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.254854",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-19xx/CVE-2024-1920.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1920",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-27T14:15:27.737",
"lastModified": "2024-02-27T14:19:41.650",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2.2. This issue affects the function handle of the file /app/middleware/TokenVerify.php. The manipulation leads to use of hard-coded cryptographic key\r . The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254855."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-321"
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/gKyCbSSdJ5fY",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.254855",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.254855",
"source": "cna@vuldb.com"
}
]
}

8
CVE-2024/CVE-2024-225xx/CVE-2024-22543.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22543",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-27T01:15:06.980",
"lastModified": "2024-02-27T02:15:06.493",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers to escalate privileges via a crafted GET request to the /goform/* URI or via the ExportSettings function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Linksys Router E1700 1.0.04 (compilaci\u00f3n 3), que permite a atacantes autenticados escalar privilegios a trav\u00e9s de una solicitud GET manipulada al URI /goform/* o mediante la funci\u00f3n ExportSettings."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-225xx/CVE-2024-22544.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22544",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-27T01:15:07.037",
"lastModified": "2024-02-27T01:15:07.037",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Linksys Router E1700 version 1.0.04 (build 3), allows authenticated attackers to execute arbitrary code via the setDateTime function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Linksys Router E1700 versi\u00f3n 1.0.04 (compilaci\u00f3n 3), que permite a atacantes autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n setDateTime."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-229xx/CVE-2024-22917.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22917",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-27T02:15:06.537",
"lastModified": "2024-02-27T02:15:06.537",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Dynamic Lab Management System Project in PHP v.1.0 allows a remote attacker to execute arbitrary code via a crafted script."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el proyecto Dynamic Lab Management System en PHP v.1.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-240xx/CVE-2024-24095.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24095",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-27T02:15:06.587",
"lastModified": "2024-02-27T02:15:06.587",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Code-projects Simple Stock System 1.0 is vulnerable to SQL Injection."
},
{
"lang": "es",
"value": "Code-projects Simple Stock System 1.0 es vulnerable a la inyecci\u00f3n SQL."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-240xx/CVE-2024-24096.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24096",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-27T02:15:06.630",
"lastModified": "2024-02-27T02:15:06.630",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via BookSBIN."
},
{
"lang": "es",
"value": "Code-projects Computer Book Store 1.0 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s de BookSBIN."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-240xx/CVE-2024-24099.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24099",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-27T02:15:06.677",
"lastModified": "2024-02-27T02:15:06.677",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Employment Status Information Update."
},
{
"lang": "es",
"value": "Code-projects Scholars Tracking System 1.0 es vulnerable a la inyecci\u00f3n SQL en la Actualizaci\u00f3n de informaci\u00f3n sobre el estado de empleo."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-241xx/CVE-2024-24100.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24100",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-27T02:15:06.720",
"lastModified": "2024-02-27T02:15:06.720",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via PublisherID."
},
{
"lang": "es",
"value": "Code-projects Computer Book Store 1.0 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s de PublisherID."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-247xx/CVE-2024-24720.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24720",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-27T01:15:07.090",
"lastModified": "2024-02-27T01:15:07.090",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Innovaphone PBX before 14r1 devices. It provides different responses to incoming requests in a way that reveals information to an attacker."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en PBX Innovaphone anteriores a dispositivos 14r1. Proporciona diferentes respuestas a las solicitudes entrantes de una manera que revela informaci\u00f3n a un atacante."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-247xx/CVE-2024-24721.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24721",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-27T00:15:06.953",
"lastModified": "2024-02-27T00:15:06.953",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access the administration panel"
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en PBX Innovaphone anteriores a dispositivos 14r1. El formulario de contrase\u00f1a, utilizado para autenticar, permite un ataque de fuerza bruta a trav\u00e9s del cual un atacante puede acceder al panel de administraci\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-251xx/CVE-2024-25166.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25166",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-27T01:15:07.140",
"lastModified": "2024-02-27T01:15:07.140",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross Site Scripting en 71CMS v.1.0.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro de acci\u00f3n uploadfile en el archivo controller.php."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-252xx/CVE-2024-25247.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25247",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-26T23:15:07.030",
"lastModified": "2024-02-26T23:15:07.030",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in /app/api/controller/Store.php in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via latitude and longitude parameters."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en /app/api/controller/Store.php en Niushop B2B2C V5 permite a atacantes ejecutar comandos SQL arbitrarios a trav\u00e9s de par\u00e1metros de latitud y longitud."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-252xx/CVE-2024-25248.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25248",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-26T22:15:07.003",
"lastModified": "2024-02-26T22:15:07.003",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in the orderGoodsDelivery() function in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via the order_id parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la funci\u00f3n orderGoodsDelivery() en Niushop B2B2C V5 permite a atacantes ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro order_id."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-257xx/CVE-2024-25711.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25711",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-27T02:15:06.763",
"lastModified": "2024-02-27T02:15:06.763",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted."
},
{
"lang": "es",
"value": "diffoscope anterior a 256 permite el directory traversal a trav\u00e9s de un nombre de archivo incrustado en un archivo GPG. El contenido de cualquier archivo, como ../.ssh/id_rsa, puede revelarse a un atacante. Esto ocurre porque el valor de la opci\u00f3n gpg --use-embedded-filenames es confiable."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-257xx/CVE-2024-25751.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25751",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-26T22:15:07.053",
"lastModified": "2024-02-26T22:15:07.053",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetSysTime function."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en Tenda AC9 v.3.0 con versi\u00f3n de firmware v.15.03.06.42_multi permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n fromSetSysTime."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-270xx/CVE-2024-27093.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27093",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-26T22:15:07.113",
"lastModified": "2024-02-26T22:15:07.113",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Minder is a Software Supply Chain Security Platform. In version 0.0.31 and earlier, it is possible for an attacker to register a repository with a invalid or differing upstream ID, which causes Minder to report the repository as registered, but not remediate any future changes which conflict with policy (because the webhooks for the repo do not match any known repository in the database). When attempting to register a repo with a different repo ID, the registered provider must have admin on the named repo, or a 404 error will result. Similarly, if the stored provider token does not have repo access, then the remediations will not apply successfully. Lastly, it appears that reconciliation actions do not execute against repos with this type of mismatch. This appears to primarily be a potential denial-of-service vulnerability. This vulnerability is patched in version 0.20240226.1425+ref.53868a8."
},
{
"lang": "es",
"value": "Minder es una plataforma de seguridad de la cadena de suministro de software. En la versi\u00f3n 0.0.31 y anteriores, es posible que un atacante registre un repositorio con un ID ascendente no v\u00e1lido o diferente, lo que hace que Minder informe el repositorio como registrado, pero no solucione ning\u00fan cambio futuro que entre en conflicto con la pol\u00edtica (porque los webhooks para el repositorio no coinciden con ning\u00fan repositorio conocido en la base de datos). Al intentar registrar un repositorio con un ID de repositorio diferente, el proveedor registrado debe tener un administrador en el repositorio nombrado o se producir\u00e1 un error 404. De manera similar, si el token del proveedor almacenado no tiene acceso al repositorio, las soluciones no se aplicar\u00e1n correctamente. Por \u00faltimo, parece que las acciones de conciliaci\u00f3n no se ejecutan contra repos con este tipo de descalce. Esto parece ser principalmente una posible vulnerabilidad de denegaci\u00f3n de servicio. Esta vulnerabilidad est\u00e1 parcheada en la versi\u00f3n 0.20240226.1425+ref.53868a8."
}
],
"metrics": {

8
CVE-2024/CVE-2024-273xx/CVE-2024-27356.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27356",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-27T01:15:07.197",
"lastModified": "2024-02-27T01:15:07.197",
"vulnStatus": "Received",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, XE300 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-v2 4.3.10, X300B 3.217, S1300 3.216, SF1200 3.216, MV1000 3.216, N300 3.216, B2200 3.216, and X1200 3.203."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en ciertos dispositivos GL-iNet. Los atacantes pueden descargar archivos, como registros, mediante comandos, obteniendo potencialmente informaci\u00f3n cr\u00edtica del usuario. Esto afecta a MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, XE300 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-v2 4.3. 10 , X300B 3.217, S1300 3.216, SF1200 3.216, MV1000 3.216, N300 3.216, B2200 3.216 y X1200 3.203."
}
],
"metrics": {},

53
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-27T13:01:05.944551+00:00
2024-02-27T15:01:01.661893+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-27T11:15:09.610000+00:00
2024-02-27T14:21:27.377000+00:00
```
### Last Data Feed Release
@ -29,30 +29,51 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
239588
239595
```
### CVEs added in the last Commit
Recently added CVEs: `11`
Recently added CVEs: `7`
* [CVE-2023-5993](CVE-2023/CVE-2023-59xx/CVE-2023-5993.json) (`2024-02-27T11:15:07.343`)
* [CVE-2023-7016](CVE-2023/CVE-2023-70xx/CVE-2023-7016.json) (`2024-02-27T11:15:07.933`)
* [CVE-2024-1649](CVE-2024/CVE-2024-16xx/CVE-2024-1649.json) (`2024-02-27T11:15:08.133`)
* [CVE-2024-1650](CVE-2024/CVE-2024-16xx/CVE-2024-1650.json) (`2024-02-27T11:15:08.317`)
* [CVE-2024-1652](CVE-2024/CVE-2024-16xx/CVE-2024-1652.json) (`2024-02-27T11:15:08.507`)
* [CVE-2024-1653](CVE-2024/CVE-2024-16xx/CVE-2024-1653.json) (`2024-02-27T11:15:08.690`)
* [CVE-2024-1906](CVE-2024/CVE-2024-19xx/CVE-2024-1906.json) (`2024-02-27T11:15:08.863`)
* [CVE-2024-1907](CVE-2024/CVE-2024-19xx/CVE-2024-1907.json) (`2024-02-27T11:15:09.060`)
* [CVE-2024-1909](CVE-2024/CVE-2024-19xx/CVE-2024-1909.json) (`2024-02-27T11:15:09.240`)
* [CVE-2024-1910](CVE-2024/CVE-2024-19xx/CVE-2024-1910.json) (`2024-02-27T11:15:09.427`)
* [CVE-2024-1912](CVE-2024/CVE-2024-19xx/CVE-2024-1912.json) (`2024-02-27T11:15:09.610`)
* [CVE-2023-51747](CVE-2023/CVE-2023-517xx/CVE-2023-51747.json) (`2024-02-27T14:15:27.030`)
* [CVE-2024-0197](CVE-2024/CVE-2024-01xx/CVE-2024-0197.json) (`2024-02-27T13:15:45.300`)
* [CVE-2024-1918](CVE-2024/CVE-2024-19xx/CVE-2024-1918.json) (`2024-02-27T13:15:45.470`)
* [CVE-2024-0551](CVE-2024/CVE-2024-05xx/CVE-2024-0551.json) (`2024-02-27T14:15:27.130`)
* [CVE-2024-0819](CVE-2024/CVE-2024-08xx/CVE-2024-0819.json) (`2024-02-27T14:15:27.310`)
* [CVE-2024-1919](CVE-2024/CVE-2024-19xx/CVE-2024-1919.json) (`2024-02-27T14:15:27.490`)
* [CVE-2024-1920](CVE-2024/CVE-2024-19xx/CVE-2024-1920.json) (`2024-02-27T14:15:27.737`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `79`
* [CVE-2024-1910](CVE-2024/CVE-2024-19xx/CVE-2024-1910.json) (`2024-02-27T14:19:41.650`)
* [CVE-2024-1912](CVE-2024/CVE-2024-19xx/CVE-2024-1912.json) (`2024-02-27T14:19:41.650`)
* [CVE-2024-25248](CVE-2024/CVE-2024-252xx/CVE-2024-25248.json) (`2024-02-27T14:20:06.637`)
* [CVE-2024-25751](CVE-2024/CVE-2024-257xx/CVE-2024-25751.json) (`2024-02-27T14:20:06.637`)
* [CVE-2024-27093](CVE-2024/CVE-2024-270xx/CVE-2024-27093.json) (`2024-02-27T14:20:06.637`)
* [CVE-2024-25247](CVE-2024/CVE-2024-252xx/CVE-2024-25247.json) (`2024-02-27T14:20:06.637`)
* [CVE-2024-24721](CVE-2024/CVE-2024-247xx/CVE-2024-24721.json) (`2024-02-27T14:20:06.637`)
* [CVE-2024-22543](CVE-2024/CVE-2024-225xx/CVE-2024-22543.json) (`2024-02-27T14:20:06.637`)
* [CVE-2024-22544](CVE-2024/CVE-2024-225xx/CVE-2024-22544.json) (`2024-02-27T14:20:06.637`)
* [CVE-2024-24720](CVE-2024/CVE-2024-247xx/CVE-2024-24720.json) (`2024-02-27T14:20:06.637`)
* [CVE-2024-25166](CVE-2024/CVE-2024-251xx/CVE-2024-25166.json) (`2024-02-27T14:20:06.637`)
* [CVE-2024-27356](CVE-2024/CVE-2024-273xx/CVE-2024-27356.json) (`2024-02-27T14:20:06.637`)
* [CVE-2024-22917](CVE-2024/CVE-2024-229xx/CVE-2024-22917.json) (`2024-02-27T14:20:06.637`)
* [CVE-2024-24095](CVE-2024/CVE-2024-240xx/CVE-2024-24095.json) (`2024-02-27T14:20:06.637`)
* [CVE-2024-24096](CVE-2024/CVE-2024-240xx/CVE-2024-24096.json) (`2024-02-27T14:20:06.637`)
* [CVE-2024-24099](CVE-2024/CVE-2024-240xx/CVE-2024-24099.json) (`2024-02-27T14:20:06.637`)
* [CVE-2024-24100](CVE-2024/CVE-2024-241xx/CVE-2024-24100.json) (`2024-02-27T14:20:06.637`)
* [CVE-2024-25711](CVE-2024/CVE-2024-257xx/CVE-2024-25711.json) (`2024-02-27T14:20:06.637`)
* [CVE-2024-1323](CVE-2024/CVE-2024-13xx/CVE-2024-1323.json) (`2024-02-27T14:20:06.637`)
* [CVE-2024-0759](CVE-2024/CVE-2024-07xx/CVE-2024-0759.json) (`2024-02-27T14:20:06.637`)
* [CVE-2024-1686](CVE-2024/CVE-2024-16xx/CVE-2024-1686.json) (`2024-02-27T14:20:06.637`)
* [CVE-2024-1687](CVE-2024/CVE-2024-16xx/CVE-2024-1687.json) (`2024-02-27T14:20:06.637`)
* [CVE-2024-1698](CVE-2024/CVE-2024-16xx/CVE-2024-1698.json) (`2024-02-27T14:20:06.637`)
* [CVE-2024-0855](CVE-2024/CVE-2024-08xx/CVE-2024-0855.json) (`2024-02-27T14:20:06.637`)
* [CVE-2024-1106](CVE-2024/CVE-2024-11xx/CVE-2024-1106.json) (`2024-02-27T14:20:06.637`)
## Download and Usage