admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-23T11:01:07.133481+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-23 11:01:10 +00:00
parent fd50d39ac5
commit 9c6b1ab491
15 changed files with 295 additions and 118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CVE-2023/CVE-2023-48xx/CVE-2023-4826.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-4826",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-23T10:15:07.680",
"lastModified": "2024-02-23T10:15:07.680",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The SocialDriver WordPress theme before version 2024 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties resulting in a cross-site scripting (XSS) attack."
}
],
"metrics": {},
"references": [
{
"url": "http://socialdriver.com",
"source": "contact@wpscan.com"
},
{
"url": "https://wpscan.com/vulnerability/99ec0add-8f4d-4d68-91aa-80b1631a53bf/",
"source": "contact@wpscan.com"
}
]
}

101
CVE-2023/CVE-2023-520xx/CVE-2023-52071.json
View File

@ -2,105 +2,14 @@
"id": "CVE-2023-52071",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T07:15:07.787",
"lastModified": "2024-02-08T01:51:42.120",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-23T09:15:21.867",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "tiny-curl-8_4_0 , curl-8_4_0 and curl-8_5_0 were discovered to contain an off-by-one out-of-bounds array index via the component tool_cb_wrt."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que tiny-curl-8_4_0, curl-8_4_0 y curl-8_5_0 conten\u00edan un \u00edndice de matriz fuera de los l\u00edmites a trav\u00e9s del componente tool_cb_wrt."
"value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-129"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:curl:curl:8.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "712B947B-1C6C-4415-B716-54D85E8AEF18"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:curl:curl:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28593237-DB10-40FD-BD7C-D92D93108A91"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:curl:tiny_curl:8.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF29BFC-F54C-47DB-A7CA-BFBB70647068"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/curl/curl/commit/73980f9ace6c7577e7fcab8008bbde8a0a231692",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/curl/curl/commit/af3f4e41#r127212213",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
"metrics": {},
"references": []
}

10
CVE-2023/CVE-2023-524xx/CVE-2023-52434.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52434",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-20T18:15:50.790",
"lastModified": "2024-02-20T19:50:53.960",
"lastModified": "2024-02-23T09:15:22.130",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential OOBs in smb2_parse_contexts()\n\nValidate offsets and lengths before dereferencing create contexts in\nsmb2_parse_contexts().\n\nThis fixes following oops when accessing invalid create contexts from\nserver:\n\n BUG: unable to handle page fault for address: ffff8881178d8cc3\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 4a01067 P4D 4a01067 PUD 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS\n rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n RIP: 0010:smb2_parse_contexts+0xa0/0x3a0 [cifs]\n Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00\n 00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 <0f> b7\n 7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00\n RSP: 0018:ffffc900007939e0 EFLAGS: 00010216\n RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: ffffc90000793c90\n RDX: ffffc90000793cc0 RSI: ffff8880178d8cc0 RDI: ffff8880180cc000\n RBP: ffff8881178d8cbf R08: ffffc90000793c22 R09: 0000000000000000\n R10: ffff8880180cc000 R11: 0000000000000024 R12: 0000000000000000\n R13: 0000000000000020 R14: 0000000000000000 R15: ffffc90000793c22\n FS: 00007f873753cbc0(0000) GS:ffff88806bc00000(0000)\n knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffff8881178d8cc3 CR3: 00000000181ca000 CR4: 0000000000750ef0\n PKRU: 55555554\n Call Trace:\n <TASK>\n ? __die+0x23/0x70\n ? page_fault_oops+0x181/0x480\n ? search_module_extables+0x19/0x60\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? exc_page_fault+0x1b6/0x1c0\n ? asm_exc_page_fault+0x26/0x30\n ? smb2_parse_contexts+0xa0/0x3a0 [cifs]\n SMB2_open+0x38d/0x5f0 [cifs]\n ? smb2_is_path_accessible+0x138/0x260 [cifs]\n smb2_is_path_accessible+0x138/0x260 [cifs]\n cifs_is_path_remote+0x8d/0x230 [cifs]\n cifs_mount+0x7e/0x350 [cifs]\n cifs_smb3_do_mount+0x128/0x780 [cifs]\n smb3_get_tree+0xd9/0x290 [cifs]\n vfs_get_tree+0x2c/0x100\n ? capable+0x37/0x70\n path_mount+0x2d7/0xb80\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? _raw_spin_unlock_irqrestore+0x44/0x60\n __x64_sys_mount+0x11a/0x150\n do_syscall_64+0x47/0xf0\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n RIP: 0033:0x7f8737657b1e"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: smb: cliente: corrige OOB potenciales en smb2_parse_contexts() Valida compensaciones y longitudes antes de desreferenciar crea contextos en smb2_parse_contexts(). Esto corrige los siguientes errores al acceder a contextos de creaci\u00f3n no v\u00e1lidos desde el servidor: ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: ffff8881178d8cc3 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente PGD 4a01067 P4D 4a01067 PUD 0 Ups: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 1736 Comm: mount.cifs No est\u00e1 contaminado 6.7.0-rc4 #1 Nombre de hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2 -3-gd478f380-rebuilt.opensuse.org 04/04/2014 RIP: 0010: SMB2_PARSE_CONTEXTS+0XA0/0X3A0 [CIFS] C\u00f3digo: F8 10 75 13 48 B8 93 AD 25 50 9C B4 11 E7 49 39 06 0f 84 D2 00 00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 &lt;0f&gt; b7 7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00 RSP: 0018:ffffc900007939e0 EFLAGS: 00010216 RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: ffffc90000793c90 RDX: ffffc90000793cc0 RSI: ffff8880178d8cc0 RDI: ffff8880180cc000 RBP: ffff8881178d8cbf R08: ffffc90000793c22 R09: 0000000000000000 R10: ffff8880180cc000 R11: 00000000000000024 R12: 0000000000000000 R13: 0000000 000000020 R14: 00000000000000000 R15: ffffc90000793c22 FS: 00007f873753cbc0(0000) GS:ffff88806bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff8881178d8cc3 CR3 : 00000000181ca000 CR4: 0000000000750ef0 PKRU: 55555554 Seguimiento de llamadas: ? __morir+0x23/0x70 ? page_fault_oops+0x181/0x480? search_module_extables+0x19/0x60? srso_alias_return_thunk+0x5/0xfbef5? exc_page_fault+0x1b6/0x1c0? asm_exc_page_fault+0x26/0x30? smb2_parse_contexts+0xa0/0x3a0 [cifs] SMB2_open+0x38d/0x5f0 [cifs] ? smb2_is_path_accessible+0x138/0x260 [cifs] smb2_is_path_accessible+0x138/0x260 [cifs] cifs_is_path_remote+0x8d/0x230 [cifs] cifs_mount+0x7e/0x350 [cifs] cifs_smb3_do_mount+0x128/0x7 80 [cifs] smb3_get_tree+0xd9/0x290 [cifs] vfs_get_tree+ 0x2c/0x100? capaz+0x37/0x70 path_mount+0x2d7/0xb80? srso_alias_return_thunk+0x5/0xfbef5? _raw_spin_unlock_irqrestore+0x44/0x60 __x64_sys_mount+0x11a/0x150 do_syscall_64+0x47/0xf0 Entry_SYSCALL_64_after_hwframe+0x6f/0x77 RIP: 0033:0x7f8737657b1e"
}
],
"metrics": {},
@ -16,6 +20,10 @@
"url": "https://git.kernel.org/stable/c/17a0f64cc02d4972e21c733d9f21d1c512963afa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1ae3c59355dc9882e09c020afe8ffbd895ad0f29",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/af1689a9b7701d9907dfc84d2a4b57c4bc907144",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

22
CVE-2023/CVE-2023-524xx/CVE-2023-52435.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52435",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-20T20:15:08.063",
"lastModified": "2024-02-20T21:52:55.187",
"lastModified": "2024-02-23T09:15:22.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: prevent mss overflow in skb_segment()\n\nOnce again syzbot is able to crash the kernel in skb_segment() [1]\n\nGSO_BY_FRAGS is a forbidden value, but unfortunately the following\ncomputation in skb_segment() can reach it quite easily :\n\n\tmss = mss * partial_segs;\n\n65535 = 3 * 5 * 17 * 257, so many initial values of mss can lead to\na bad final result.\n\nMake sure to limit segmentation so that the new mss value is smaller\nthan GSO_BY_FRAGS.\n\n[1]\n\ngeneral protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]\nCPU: 1 PID: 5079 Comm: syz-executor993 Not tainted 6.7.0-rc4-syzkaller-00141-g1ae4cd3cbdd0 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023\nRIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551\nCode: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00\nRSP: 0018:ffffc900043473d0 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597\nRDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070\nRBP: ffffc90004347578 R08: 0000000000000005 R09: 000000000000ffff\nR10: 000000000000ffff R11: 0000000000000002 R12: ffff888063202ac0\nR13: 0000000000010000 R14: 000000000000ffff R15: 0000000000000046\nFS: 0000555556e7e380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020010000 CR3: 0000000027ee2000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n<TASK>\nudp6_ufo_fragment+0xa0e/0xd00 net/ipv6/udp_offload.c:109\nipv6_gso_segment+0x534/0x17e0 net/ipv6/ip6_offload.c:120\nskb_mac_gso_segment+0x290/0x610 net/core/gso.c:53\n__skb_gso_segment+0x339/0x710 net/core/gso.c:124\nskb_gso_segment include/net/gso.h:83 [inline]\nvalidate_xmit_skb+0x36c/0xeb0 net/core/dev.c:3626\n__dev_queue_xmit+0x6f3/0x3d60 net/core/dev.c:4338\ndev_queue_xmit include/linux/netdevice.h:3134 [inline]\npacket_xmit+0x257/0x380 net/packet/af_packet.c:276\npacket_snd net/packet/af_packet.c:3087 [inline]\npacket_sendmsg+0x24c6/0x5220 net/packet/af_packet.c:3119\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg+0xd5/0x180 net/socket.c:745\n__sys_sendto+0x255/0x340 net/socket.c:2190\n__do_sys_sendto net/socket.c:2202 [inline]\n__se_sys_sendto net/socket.c:2198 [inline]\n__x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0x40/0x110 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x63/0x6b\nRIP: 0033:0x7f8692032aa9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff8d685418 EFLAGS: 00000246 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f8692032aa9\nRDX: 0000000000010048 RSI: 00000000200000c0 RDI: 0000000000000003\nRBP: 00000000000f4240 R08: 0000000020000540 R09: 0000000000000014\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fff8d685480\nR13: 0000000000000001 R14: 00007fff8d685480 R15: 0000000000000003\n</TASK>\nModules linked in:\n---[ end trace 0000000000000000 ]---\nRIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551\nCode: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00\nRSP: 0018:ffffc900043473d0 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597\nRDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070\nRBP: ffffc90004347578 R0\n---truncated---"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: previene el desbordamiento de mss en skb_segment() Una vez m\u00e1s, syzbot puede bloquear el kernel en skb_segment() [1] GSO_BY_FRAGS es un valor prohibido, pero desafortunadamente el siguiente c\u00e1lculo en skb_segment () puede alcanzarlo con bastante facilidad: mss = mss * part_segs; 65535 = 3 * 5 * 17 * 257, por lo que muchos valores iniciales de mss pueden llevar a un mal resultado final. Aseg\u00farese de limitar la segmentaci\u00f3n para que el nuevo valor de mss sea menor que GSO_BY_FRAGS. [1] falla de protecci\u00f3n general, probablemente para direcci\u00f3n no can\u00f3nica 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref en rango [0x0000000000000070-0x0000000000000077] CPU: 1 PID: 5079 Comm: syz-executor993 Not tainted 6.7.0-rc4-syzkaller-00141-g1ae4cd3cbdd0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 RIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551 Code: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 &lt;0f&gt; b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00 RSP: 0018:ffffc900043473d0 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597 RDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070 RBP: ffffc90004347578 R08: 0000000000000005 R09: 000000000000ffff R10: 000000000000ffff R11: 0000000000000002 R12: ffff888063202ac0 R13: 0000000000010000 R14: 000000000000ffff R15: 0000000000000046 FS: 0000555556e7e380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020010000 CR3: 0000000027ee2000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: udp6_ufo_fragment+0xa0e/0xd00 net/ipv6/udp_offload.c:109 ipv6_gso_segment+0x534/0x17e0 net/ipv6/ip6_offload.c:120 skb_mac_gso_segment+0x290/0x610 net/core/gso.c:53 __skb_gso_segment+0x339/0x710 net/core/gso.c:124 skb_gso_segment include/net/gso.h:83 [inline] validate_xmit_skb+0x36c/0xeb0 net/core/dev.c:3626 __dev_queue_xmit+0x6f3/0x3d60 net/core/dev.c:4338 dev_queue_xmit include/linux/netdevice.h:3134 [inline] packet_xmit+0x257/0x380 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3087 [inline] packet_sendmsg+0x24c6/0x5220 net/packet/af_packet.c:3119 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0xd5/0x180 net/socket.c:745 __sys_sendto+0x255/0x340 net/socket.c:2190 __do_sys_sendto net/socket.c:2202 [inline] __se_sys_sendto net/socket.c:2198 [inline] __x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b RIP: 0033:0x7f8692032aa9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 &lt;48&gt; 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fff8d685418 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f8692032aa9 RDX: 0000000000010048 RSI: 00000000200000c0 RDI: 0000000000000003 RBP: 00000000000f4240 R08: 0000000020000540 R09: 0000000000000014 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff8d685480 R13: 0000000000000001 R14: 00007fff8d685480 R15: 0000000000000003 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551 Code: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 &lt;0f&gt; b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00 RSP: 0018:ffffc900043473d0 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597 RDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070 RBP: ffffc90004347578 R0 ---truncated--- "
}
],
"metrics": {},
@ -16,9 +20,25 @@
"url": "https://git.kernel.org/stable/c/23d05d563b7e7b0314e65c8e882bc27eac2da8e7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6c53e8547687d9c767c139cd4b50af566f58c29a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8f8f185643747fbb448de6aab0efa51c679909a3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/95b3904a261a9f810205da560e802cc326f50d77",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/989b0ff35fe5fc9652ee5bafbe8483db6f27b137",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cd1022eaf87be8e6151435bd4df4c242c347e083",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

55
CVE-2024/CVE-2024-05xx/CVE-2024-0563.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-0563",
"sourceIdentifier": "security@m-files.com",
"published": "2024-02-23T09:15:22.263",
"lastModified": "2024-02-23T09:15:22.263",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Denial of service condition in M-Files Server in\u00a0versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@m-files.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@m-files.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2024-0563/",
"source": "security@m-files.com"
}
]
}

47
CVE-2024/CVE-2024-15xx/CVE-2024-1590.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2024-1590",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-23T10:15:07.757",
"lastModified": "2024-02-23T10:15:07.757",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3039750%40pagelayer&new=3039750%40pagelayer&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e635dfb3-002d-4197-b14a-0136a1990a75?source=cve",
"source": "security@wordfence.com"
}
]
}

18
CVE-2024/CVE-2024-265xx/CVE-2024-26581.json
View File

@ -2,20 +2,36 @@
"id": "CVE-2024-26581",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-20T13:15:09.020",
"lastModified": "2024-02-20T19:50:53.960",
"lastModified": "2024-02-23T09:15:22.563",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_rbtree: skip end interval element from gc\n\nrbtree lazy gc on insert might collect an end interval element that has\nbeen just added in this transactions, skip end interval elements that\nare not yet active."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nft_set_rbtree: omitir elemento de intervalo final de gc rbtree lazy gc al insertar puede recopilar un elemento de intervalo final que se acaba de agregar en estas transacciones, omitir elementos de intervalo final que a\u00fan no est\u00e1n activo."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/10e9cb39313627f2eae4cd70c4b742074e998fd8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1296c110c5a0b45a8fcf58e7d18bc5da61a565cb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2bab493a5624444ec6e648ad0d55a362bcb4c003",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4cee42fcf54fec46b344681e7cc4f234bb22f85a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/60c0c230c6f046da536d3df8b39a20b9a9fd6af0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

14
CVE-2024/CVE-2024-265xx/CVE-2024-26582.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26582",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-21T15:15:09.327",
"lastModified": "2024-02-22T19:07:27.197",
"lastModified": "2024-02-23T09:15:22.617",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -16,9 +16,21 @@
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/20b4ed034872b4d024b26e2bc1092c3f80e5db96",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/32b55c5ff9103b8508c1e04bfa5a08c64e7a925f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/754c9bab77a1b895b97bd99d754403c505bc79df",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d684763534b969cca1022e2a28645c7cc91f7fa5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

14
CVE-2024/CVE-2024-265xx/CVE-2024-26583.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26583",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-21T15:15:09.373",
"lastModified": "2024-02-22T19:07:27.197",
"lastModified": "2024-02-23T09:15:22.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -16,6 +16,18 @@
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/6209319b2efdd8524691187ee99c40637558fa33",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7a3ca06d04d589deec81f56229a9a9d62352ce01",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/86dc27ee36f558fe223dbdfbfcb6856247356f4a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/aec7961916f3f9e88766e2688992da6980f11b8d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

10
CVE-2024/CVE-2024-265xx/CVE-2024-26584.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26584",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-21T15:15:09.420",
"lastModified": "2024-02-22T19:07:27.197",
"lastModified": "2024-02-23T09:15:22.720",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -16,9 +16,17 @@
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/13eca403876bbea3716e82cdfe6f1e6febb38754",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8590541473188741055d27b955db0777569438e3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ab6397f072e5097f267abf5cb08a8004e6b17694",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

10
CVE-2024/CVE-2024-265xx/CVE-2024-26585.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26585",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-21T15:15:09.467",
"lastModified": "2024-02-22T19:07:27.197",
"lastModified": "2024-02-23T09:15:22.770",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -16,9 +16,17 @@
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/6db22d6c7a6dc914b12c0469b94eb639b6a8a146",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e327ed60bff4a991cd7a709c47c4f0c5b4a4fd57",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

6
CVE-2024/CVE-2024-265xx/CVE-2024-26586.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26586",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.890",
"lastModified": "2024-02-22T19:07:27.197",
"lastModified": "2024-02-23T09:15:22.820",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -28,6 +28,10 @@
"url": "https://git.kernel.org/stable/c/56750ea5d15426b5f307554e7699e8b5f76c3182",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6fd24675188d354b1cad47462969afa2ab09d819",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a361c2c1da5dbb13ca67601cf961ab3ad68af383",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

6
CVE-2024/CVE-2024-265xx/CVE-2024-26592.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26592",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:09.217",
"lastModified": "2024-02-22T19:07:27.197",
"lastModified": "2024-02-23T09:15:22.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -27,6 +27,10 @@
{
"url": "https://git.kernel.org/stable/c/69d54650b751532d1e1613a4fb433e591aeef126",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/999daf367b924fdf14e9d83e034ee0f86bc17ec6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

44
CVE-2024/CVE-2024-265xx/CVE-2024-26593.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-26593",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-23T10:15:07.943",
"lastModified": "2024-02-23T10:15:07.943",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: i801: Fix block process call transactions\n\nAccording to the Intel datasheets, software must reset the block\nbuffer index twice for block process call transactions: once before\nwriting the outgoing data to the buffer, and once again before\nreading the incoming data from the buffer.\n\nThe driver is currently missing the second reset, causing the wrong\nportion of the block buffer to be read."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1f8d0691c50581ba6043f009ec9e8b9f78f09d5a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/491528935c9c48bf341d8b40eabc6c4fc5df6f2c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/609c7c1cc976e740d0fed4dbeec688b3ecb5dce2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6be99c51829b24c914cef5bff6164877178e84d9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7a14b8a477b88607d157c24aeb23e7389ec3319f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c1c9d0f6f7f1dbf29db996bd8e166242843a5f21",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d074d5ff5ae77b18300e5079c6bda6342a4d44b7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-23T09:00:24.526868+00:00
2024-02-23T11:01:07.133481+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-23T08:15:57.730000+00:00
2024-02-23T10:15:07.943000+00:00
```
### Last Data Feed Release
@ -29,27 +29,33 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
239279
239283
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `4`
* [CVE-2023-37540](CVE-2023/CVE-2023-375xx/CVE-2023-37540.json) (`2024-02-23T07:15:47.700`)
* [CVE-2024-1776](CVE-2024/CVE-2024-17xx/CVE-2024-1776.json) (`2024-02-23T07:15:48.120`)
* [CVE-2024-1777](CVE-2024/CVE-2024-17xx/CVE-2024-1777.json) (`2024-02-23T07:15:48.477`)
* [CVE-2024-1778](CVE-2024/CVE-2024-17xx/CVE-2024-1778.json) (`2024-02-23T07:15:48.793`)
* [CVE-2024-1779](CVE-2024/CVE-2024-17xx/CVE-2024-1779.json) (`2024-02-23T07:15:49.133`)
* [CVE-2023-4826](CVE-2023/CVE-2023-48xx/CVE-2023-4826.json) (`2024-02-23T10:15:07.680`)
* [CVE-2024-0563](CVE-2024/CVE-2024-05xx/CVE-2024-0563.json) (`2024-02-23T09:15:22.263`)
* [CVE-2024-1590](CVE-2024/CVE-2024-15xx/CVE-2024-1590.json) (`2024-02-23T10:15:07.757`)
* [CVE-2024-26593](CVE-2024/CVE-2024-265xx/CVE-2024-26593.json) (`2024-02-23T10:15:07.943`)
### CVEs modified in the last Commit
Recently modified CVEs: `3`
Recently modified CVEs: `10`
* [CVE-2024-24476](CVE-2024/CVE-2024-244xx/CVE-2024-24476.json) (`2024-02-23T08:15:57.533`)
* [CVE-2024-24478](CVE-2024/CVE-2024-244xx/CVE-2024-24478.json) (`2024-02-23T08:15:57.673`)
* [CVE-2024-24479](CVE-2024/CVE-2024-244xx/CVE-2024-24479.json) (`2024-02-23T08:15:57.730`)
* [CVE-2023-52071](CVE-2023/CVE-2023-520xx/CVE-2023-52071.json) (`2024-02-23T09:15:21.867`)
* [CVE-2023-52434](CVE-2023/CVE-2023-524xx/CVE-2023-52434.json) (`2024-02-23T09:15:22.130`)
* [CVE-2023-52435](CVE-2023/CVE-2023-524xx/CVE-2023-52435.json) (`2024-02-23T09:15:22.190`)
* [CVE-2024-26581](CVE-2024/CVE-2024-265xx/CVE-2024-26581.json) (`2024-02-23T09:15:22.563`)
* [CVE-2024-26582](CVE-2024/CVE-2024-265xx/CVE-2024-26582.json) (`2024-02-23T09:15:22.617`)
* [CVE-2024-26583](CVE-2024/CVE-2024-265xx/CVE-2024-26583.json) (`2024-02-23T09:15:22.670`)
* [CVE-2024-26584](CVE-2024/CVE-2024-265xx/CVE-2024-26584.json) (`2024-02-23T09:15:22.720`)
* [CVE-2024-26585](CVE-2024/CVE-2024-265xx/CVE-2024-26585.json) (`2024-02-23T09:15:22.770`)
* [CVE-2024-26586](CVE-2024/CVE-2024-265xx/CVE-2024-26586.json) (`2024-02-23T09:15:22.820`)
* [CVE-2024-26592](CVE-2024/CVE-2024-265xx/CVE-2024-26592.json) (`2024-02-23T09:15:22.877`)
## Download and Usage