admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-07-23T16:00:16.909196+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-07-23 16:03:13 +00:00
parent 4fe1405861
commit 9d95491fd1
33 changed files with 2062 additions and 140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
CVE-2022/CVE-2022-488xx/CVE-2022-48852.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48852",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T13:15:12.320",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-23T15:53:16.620",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,88 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/vc4: hdmi: Anular el registro del dispositivo c\u00f3dec al desvincular. Al vincular, registraremos el dispositivo c\u00f3dec HDMI pero no lo cancelaremos al desvincular, lo que provoca una fuga del dispositivo. Dar de baja nuestro dispositivo en unbind."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.29",
"matchCriteriaId": "19FA1597-045C-49EE-96B7-3CEF5B43002F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.15",
"matchCriteriaId": "83FDEDF2-0E19-4879-91FD-171E66D1B335"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1ed68d776246f167aee9cd79f63f089c40a5e2a3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e40945ab7c7f966d0c37b7bd7b0596497dfe228d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ee22082c3e2f230028afa0e22aa8773b1de3c919",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

70
CVE-2022/CVE-2022-488xx/CVE-2022-48854.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48854",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T13:15:12.457",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-23T15:26:31.407",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,75 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: arc_emac: corrige el use after free en arc_mdio_probe() Si bus->state es igual a MDIOBUS_ALLOCATED, mdiobus_free(bus) liberar\u00e1 el \"bus\". Pero bus->name todav\u00eda se usa en la siguiente l\u00ednea, lo que conducir\u00e1 a un uso posterior a free. Podemos solucionarlo poniendo el nombre en una variable local y haciendo que bus->nombre apunte a la secci\u00f3n \"nombre\" de rodata, luego use el nombre en el mensaje de error sin hacer referencia al bus para evitar el uaf."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.15",
"matchCriteriaId": "83FDEDF2-0E19-4879-91FD-171E66D1B335"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/84c831803785c2c3bec5c28c0e8a0b72f6b41d4d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bc0e610a6eb0d46e4123fafdbe5e6141d9fff3be",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

142
CVE-2022/CVE-2022-488xx/CVE-2022-48855.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48855",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T13:15:12.550",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-23T15:23:59.303",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,159 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sctp: corrige la fuga de informaci\u00f3n del kernel para sockets SCTP syzbot inform\u00f3 una fuga de informaci\u00f3n del kernel [1] de 4 bytes. Despu\u00e9s del an\u00e1lisis, result\u00f3 que r->idiag_expires no se inicializa si inet_sctp_diag_fill() llama a inet_diag_msg_common_fill(). Aseg\u00farese de borrar idiag_timer/idiag_retrans/idiag_expires y deje que inet_diag_msg_sctpasoc_fill() los complete nuevamente si es necesario. [1] ERROR: KMSAN: kernel-infoleak en instrument_copy_to_user include/linux/instrumented.h:121 [en l\u00ednea] ERROR: KMSAN: kernel-infoleak en copia lib/iov_iter.c:154 [en l\u00ednea] ERROR: KMSAN: kernel-infoleak en _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668 instrument_copy_to_user include/linux/instrumented.h:121 [en l\u00ednea] copia lib/iov_iter.c:154 [en l\u00ednea] _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668 copy_to_iter include/linux/uio.h:162 [en l\u00ednea] simple_copy_to_iter+0xf3/0x140 net/core/datagram.c:519 __skb_datagram_iter+0x2d5/0x11b0 net/core/datagram.c:425 skb_copy_datagram_iter+0xdc/0x270 net/core/datagram .c:533 skb_copy_datagram_msg include/linux/skbuff.h:3696 [en l\u00ednea] netlink_recvmsg+0x669/0x1c80 net/netlink/af_netlink.c:1977 sock_recvmsg_nosec net/socket.c:948 [en l\u00ednea] sock_recvmsg net/socket.c:966 [en l\u00ednea] __sys_recvfrom+0x795/0xa10 net/socket.c:2097 __do_sys_recvfrom net/socket.c:2115 [en l\u00ednea] __se_sys_recvfrom net/socket.c:2111 [en l\u00ednea] __x64_sys_recvfrom+0x19d/0x210 net/socket.c: 2111 hacer_syscall_x64 arch/x86/entry/common.c:51 [en l\u00ednea] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 Entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit se cre\u00f3 en: slab_post_alloc_hook mm/slab.h:737 [en l\u00ednea ] slab_alloc_node mm/slub.c:3247 [en l\u00ednea] __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4975 kmalloc_reserve net/core/skbuff.c:354 [en l\u00ednea] __alloc_skb+0x545/0xf90 net/core/skbuff.c: 426 alloc_skb include/linux/skbuff.h:1158 [en l\u00ednea] netlink_dump+0x3e5/0x16c0 net/netlink/af_netlink.c:2248 __netlink_dump_start+0xcf8/0xe90 net/netlink/af_netlink.c:2373 netlink_dump_start include/linux/netlink.h :254 [en l\u00ednea] inet_diag_handler_cmd+0x2e7/0x400 net/ipv4/inet_diag.c:1341 sock_diag_rcv_msg+0x24a/0x620 netlink_rcv_skb+0x40c/0x7e0 net/netlink/af_netlink.c:2494 sock_diag_rcv+0x63/ 0x80 net/core/sock_diag.c : 277 netlink_unicast_kernel net/netlink/af_netlink.c: 1317 [en l\u00ednea] netlink_unicast+0x1093/0x1360 netlink/af_netlink.c: 1343 netlink_sendmsg+0x14d9/0x1720 net/netlink/socks OCKE.C: 705 [en l\u00ednea] sock_sendmsg net/socket.c:725 [en l\u00ednea] sock_write_iter+0x594/0x690 net/socket.c:1061 do_iter_readv_writev+0xa7f/0xc70 do_iter_write+0x52c/0x1500 fs/read_write.c:851 vfs_writev fs/read_ escribir.c :924 [en l\u00ednea] do_writev+0x645/0xe00 fs/read_write.c:967 __do_sys_writev fs/read_write.c:1040 [en l\u00ednea] __se_sys_writev fs/read_write.c:1037 [en l\u00ednea] __x64_sys_writev+0xe5/0x120 fs/read_write.c: 1037 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 Entry_SYSCALL_64_after_hwframe+0x44/0xae Los bytes 68-71 de 2508 no est\u00e1n inicializados Acceso a memoria de tama\u00f1o 2508 comienza en ffff888114f9b000 Datos copiados a la direcci\u00f3n de usuario 00007f7fe09ff2e0 CPU: 1 PID: 3478 Comm: syz-executor306 Not tainted 5.17.0-rc4-syzkaller #0 Nombre de hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.7",
"versionEndExcluding": "4.9.307",
"matchCriteriaId": "67BCFB82-DA50-41CF-8E7E-3853D6A41F6D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.272",
"matchCriteriaId": "7F0FA2C5-4E50-48A6-9D72-7C133B60EF05"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.235",
"matchCriteriaId": "F8671D74-E8CD-4E41-A93F-3E3E88125D16"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.185",
"matchCriteriaId": "B374BFBF-C879-4A72-921F-C850CF7DFB99"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.106",
"matchCriteriaId": "6A4F38AC-99A2-48DF-B132-C9F785B309B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.29",
"matchCriteriaId": "15DC6588-B28F-4637-9A1E-3753B34A40CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.15",
"matchCriteriaId": "83FDEDF2-0E19-4879-91FD-171E66D1B335"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1502f15b9f29c41883a6139f2923523873282a83",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2d8fa3fdf4542a2174a72d92018f488d65d848c5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3fc0fd724d199e061432b66a8d85b7d48fe485f7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/41a2864cf719c17294f417726edd411643462ab8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/633593a808980f82d251d0ca89730d8bb8b0220c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b7e4d9ba2ddb78801488b4c623875b81fb46b545",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bbf59d7ae558940cfa2b36a287fd1e88d83f89f8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d828b0fe6631f3ae8709ac9a10c77c5836c76a08",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

118
CVE-2022/CVE-2022-488xx/CVE-2022-48856.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48856",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T13:15:12.647",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-23T15:11:32.597",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,131 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: gianfar: ethtool: corrige la fuga de refcount en gfar_get_ts_info La funci\u00f3n of_find_compatible_node() devuelve un puntero de nodo con refcount incrementado. Deber\u00edamos usar of_node_put() en ella cuando haya terminado. Agregue el of_node_put() que falta para liberar el recuento."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.18",
"versionEndExcluding": "4.19.235",
"matchCriteriaId": "A24D1DBA-4FF4-4E53-B2E0-9E08200CF408"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.185",
"matchCriteriaId": "B374BFBF-C879-4A72-921F-C850CF7DFB99"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.106",
"matchCriteriaId": "6A4F38AC-99A2-48DF-B132-C9F785B309B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.29",
"matchCriteriaId": "15DC6588-B28F-4637-9A1E-3753B34A40CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.15",
"matchCriteriaId": "83FDEDF2-0E19-4879-91FD-171E66D1B335"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0e1b9a2078e07fb1e6e91bf8badfd89ecab1e848",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/21044e679ed535345042d2023f7df0ca8e897e2a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2ac5b58e645c66932438bb021cb5b52097ce70b0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6263f2eb93a85ad7df504daf0c341a7fb6bbe8a6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f49f646f9ec296fc0afe7ae92c2bb47f23e3846c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f7b3b520349193f8a82cca74daf366199e06add9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

142
CVE-2022/CVE-2022-488xx/CVE-2022-48857.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48857",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T13:15:12.733",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-23T15:08:36.157",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,159 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: NFC: puerto100: corrige use-after-free en port100_send_complete Syzbot inform\u00f3 UAF en port100_send_complete(). El caso ra\u00edz es que faltan llamadas usb_kill_urb() en la ruta de manejo de errores de ->funci\u00f3n de sonda. port100_send_complete() accede a la memoria asignada por el desarrollador que se liberar\u00e1 en caso de falla de la sonda. Deber\u00edamos eliminar estas urbs antes de devolver un error de la funci\u00f3n de sonda para evitar el registro de errores de use-after-free: ERROR: KASAN: use-after-free en port100_send_complete+0x16e/0x1a0 drivers/nfc/port100.c:935 Lectura de tama\u00f1o 1 en addr ffff88801bb59540 por tarea ksoftirqd/2/26... Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description.constprop.0.cold +0x8d/0x303 mm/kasan/report.c:255 __kasan_report mm/kasan/report.c:442 [en l\u00ednea] kasan_report.cold+0x83/0xdf mm/kasan/report.c:459 port100_send_complete+0x16e/0x1a0 controladores/nfc /port100.c:935 __usb_hcd_giveback_urb+0x2b0/0x5c0 drivers/usb/core/hcd.c:1670 ... Asignado por tarea 1255: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38 kasan_set_track mm/kasan/common .c:45 [en l\u00ednea] set_alloc_info mm/kasan/common.c:436 [en l\u00ednea] ____kasan_kmalloc mm/kasan/common.c:515 [en l\u00ednea] ____kasan_kmalloc mm/kasan/common.c:474 [en l\u00ednea] __kasan_kmalloc+0xa6/ 0xd0 mm/kasan/common.c:524 alloc_dr drivers/base/devres.c:116 [en l\u00ednea] devm_kmalloc+0x96/0x1d0 drivers/base/devres.c:823 devm_kzalloc include/linux/device.h:209 [en l\u00ednea] port100_probe+0x8a/0x1320 drivers/nfc/port100.c:1502 Liberado por la tarea 1255: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38 kasan_set_track+0x21/0x30 mm/kasan/common.c:45 kasan_set_free_info+0x20 /0x30 mm/kasan/generic.c:370 ____kasan_slab_free mm/kasan/common.c:366 [en l\u00ednea] ____kasan_slab_free+0xff/0x140 mm/kasan/common.c:328 kasan_slab_free include/linux/kasan.h:236 [en l\u00ednea ] __cache_free mm/slab.c:3437 [en l\u00ednea] kfree+0xf8/0x2b0 mm/slab.c:3794 release_nodes+0x112/0x1a0 drivers/base/devres.c:501 devres_release_all+0x114/0x190 drivers/base/devres.c :530 realmente_probe+0x626/0xcc0 controladores/base/dd.c:670"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.13",
"versionEndExcluding": "4.9.307",
"matchCriteriaId": "418A5C9A-0A91-423F-839C-BF3DAF6C0403"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.272",
"matchCriteriaId": "7F0FA2C5-4E50-48A6-9D72-7C133B60EF05"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.235",
"matchCriteriaId": "F8671D74-E8CD-4E41-A93F-3E3E88125D16"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.185",
"matchCriteriaId": "B374BFBF-C879-4A72-921F-C850CF7DFB99"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.106",
"matchCriteriaId": "6A4F38AC-99A2-48DF-B132-C9F785B309B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.29",
"matchCriteriaId": "15DC6588-B28F-4637-9A1E-3753B34A40CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.15",
"matchCriteriaId": "83FDEDF2-0E19-4879-91FD-171E66D1B335"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0e721b8f2ee5e11376dd55363f9ccb539d754b8a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/205c4ec78e71cbf561794e6043da80e7bae6790f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2b1c85f56512d49e43bc53741fce2f508cd90029",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/32e866ae5a7af590597ef4bcff8451bf96d5f980",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7194737e1be8fdc89d2a9382bd2f371f7ee2eda8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b1db33d4e54bc35d8db96ce143ea0ef92e23d58e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cd2a5c0da0d1ddf11d1f84e9c9b1949f50f6e161",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f80cfe2f26581f188429c12bd937eb905ad3ac7b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

109
CVE-2022/CVE-2022-488xx/CVE-2022-48858.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48858",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T13:15:12.803",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-23T15:07:49.103",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,27 +15,120 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: Corregir una ejecuci\u00f3n en el flujo de descarga de comandos. Corregir una advertencia de refcount use after free debido a una ejecuci\u00f3n en la entrada de comandos. Dicha ejecuci\u00f3n ocurre cuando uno de los comandos libera su \u00faltimo recuento y libera su \u00edndice y entrada, mientras que otro proceso que ejecuta el flujo de descarga de comandos toma el recuento de esta entrada de comando. El proceso que maneja los comandos de vaciado puede considerar que este comando es necesario para vaciarlo si el otro proceso public\u00f3 su recuento pero a\u00fan no public\u00f3 el \u00edndice. Solucionarlo agregando el bloqueo de giro necesario. Corrige el siguiente seguimiento de advertencia: refcount_t: adici\u00f3n en 0; use-after-free. ADVERTENCIA: CPU: 11 PID: 540311 en lib/refcount.c:25 refcount_warn_saturate+0x80/0xe0... RIP: 0010:refcount_warn_saturate+0x80/0xe0... Seguimiento de llamadas: mlx5_cmd_trigger_completions+0x293/0x340 [mlx5_core] mlx5_cmd_flush+0x3a/0xf0 [mlx5_core] enter_error_state+0x44/0x80 [mlx5_core] mlx5_fw_fatal_reporter_err_work+0x37/0xe0 [mlx5_core] Process_one_work+0x1be/0x390 trabajador_thread+0x4d/0x3d0 ? hilo_rescate+0x350/0x350 khilo+0x141/0x160 ? set_kthread_struct+0x40/0x40 ret_from_fork+0x1f/0x30 "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
},
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.185",
"matchCriteriaId": "2C4CE243-C23D-4DE9-8559-E3AE265120F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.106",
"matchCriteriaId": "6A4F38AC-99A2-48DF-B132-C9F785B309B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.29",
"matchCriteriaId": "15DC6588-B28F-4637-9A1E-3753B34A40CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.15",
"matchCriteriaId": "83FDEDF2-0E19-4879-91FD-171E66D1B335"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0401bfb27a91d7bdd74b1635c1aae57cbb128da6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/063bd355595428750803d8736a9bb7c8db67d42d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1a4017926eeea56c7540cc41b42106746ee8a0ee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7c519f769f555ff7d9d4ccba3497bbb589df360a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f3331bc17449f15832c31823f27573f4c0e13e5f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

82
CVE-2022/CVE-2022-488xx/CVE-2022-48859.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48859",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T13:15:12.873",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-23T15:02:52.540",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,89 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: marvell: prestera: Agregar falta of_node_put() en prestera_switch_set_base_mac_addr Este puntero de nodo lo devuelve of_find_compatible_node() con refcount incrementado. Llamar a of_node_put() para evitar la fuga de recuento."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndExcluding": "5.15.29",
"matchCriteriaId": "88937CAB-8166-494A-8CFE-8970F9B81F69"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.15",
"matchCriteriaId": "83FDEDF2-0E19-4879-91FD-171E66D1B335"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/4cc66bf17220ff9631f9fa99b02a872e0ad5a08b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b7c2fd1d126329340639adfb8dd2938fe4b65df7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c9ffa3e2bc451816ce0295e40063514fabf2bd36",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

142
CVE-2022/CVE-2022-488xx/CVE-2022-48860.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48860",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T13:15:12.940",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-23T15:02:09.747",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,159 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ethernet: corrige el manejo de errores en xemaclite_of_probe Este puntero de nodo lo devuelve of_parse_phandle() con refcount incrementado en esta funci\u00f3n. Llamar a of_node_put() para evitar la fuga de recuento. Como lo hace la funci\u00f3n de eliminaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.34",
"versionEndExcluding": "4.9.307",
"matchCriteriaId": "9190F71C-97BD-4F5F-95BB-D49D4E6B31E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.272",
"matchCriteriaId": "7F0FA2C5-4E50-48A6-9D72-7C133B60EF05"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.235",
"matchCriteriaId": "F8671D74-E8CD-4E41-A93F-3E3E88125D16"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.185",
"matchCriteriaId": "B374BFBF-C879-4A72-921F-C850CF7DFB99"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.106",
"matchCriteriaId": "6A4F38AC-99A2-48DF-B132-C9F785B309B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.29",
"matchCriteriaId": "15DC6588-B28F-4637-9A1E-3753B34A40CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.15",
"matchCriteriaId": "83FDEDF2-0E19-4879-91FD-171E66D1B335"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1852854ee349881efb78ccdbbb237838975902e4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5e7c402892e189a7bc152b125e72261154aa585d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/669172ce976608b25a2f76f3c65d47f042d125c9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8609e29611befc4bfbe7a91bb50fc65ae72ff549",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8ee065a7a9b6a3976c16340503677efc4d8351f6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/979b418b96e35f07136f77962ccfaa54cf3e30e1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b19ab4b38b06aae12442b2de95ccf58b5dc53584",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b7220f8e9d6c6b9594ddfb3125dad938cd478b1f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

82
CVE-2022/CVE-2022-488xx/CVE-2022-48861.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48861",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T13:15:13.030",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-23T14:51:36.307",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,89 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vdpa: corrige el use-after-free en vp_vdpa_remove Cuando el controlador vp_vdpa se desvincula, se libera vp_vdpa en vdpa_unregister_device y luego se elimina la referencia a vp_vdpa->mdev.pci_dev en vp_modern_remove, lo que activa el use-after-free. Rastreo de llamadas de controlador de desvinculaci\u00f3n gratuito vp_vdpa: do_syscall_64 vfs_write kernfs_fop_write_iter device_release_driver_internal pci_device_remove vp_vdpa_remove vdpa_unregister_device kobject_release device_release kfree Rastreo de llamadas de desreferencia vp_vdpa->mdev.pci_dev: vp_modern_remove p ci_release_selected_regions pci_release_region pci_resource_len pci_resource_end (dev)->resource[(bar)].end"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.13",
"versionEndExcluding": "5.15.29",
"matchCriteriaId": "062C5263-014B-4069-BEBB-ADFE8EA1AF10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.15",
"matchCriteriaId": "83FDEDF2-0E19-4879-91FD-171E66D1B335"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/4b1743bc715a3691a63ac21b349079b07bf1b19e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/dc54ba9932aeaaa1a21fe214af1f446593a78274",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/eb057b44dbe35ae14527830236a92f51de8f9184",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

82
CVE-2022/CVE-2022-488xx/CVE-2022-48862.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48862",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T13:15:13.100",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-23T14:49:56.077",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,89 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: vhost: corrige el hilo colgado debido a entradas err\u00f3neas de iotlb En vhost_iotlb_add_range_ctx(), el tama\u00f1o del rango puede desbordarse a 0 cuando el inicio es 0 y el \u00faltimo es ULONG_MAX. Un caso en el que puede suceder es cuando el espacio de usuario env\u00eda un mensaje IOTLB con iova=size=uaddr=0 (vhost_process_iotlb_msg). Entonces, una entrada con tama\u00f1o = 0, inicio = 0, \u00faltimo = ULONG_MAX termina en iotlb. La pr\u00f3xima vez que se env\u00ede un paquete, iotlb_access_ok() se repite indefinidamente debido a esa entrada err\u00f3nea. Seguimiento de llamadas: iotlb_access_ok+0x21b/0x3e0 drivers/vhost/vhost.c:1340 vq_meta_prefetch+0xbc/0x280 drivers/vhost/vhost.c:1366 vhost_transport_do_send_pkt+0xe0/0xfd0 drivers/vhost/vsock.c:104 vhost_worker+ 0x23d/0x3d0 drivers/vhost/vhost.c:372 kthread+0x2e9/0x3a0 kernel/kthread.c:377 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Reportado por syzbot en: https ://syzkaller.appspot.com/bug?extid=0abd373e2e50d704db87 Para solucionar este problema, haga dos cosas: 1. Devuelva -EINVAL en vhost_chr_write_iter() cuando el espacio de usuario solicite asignar un rango con tama\u00f1o 0. 2. Corrija vhost_iotlb_add_range_ctx() para manejar el rango [0, ULONG_MAX] dividi\u00e9ndolo en dos entradas."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.7",
"versionEndExcluding": "5.15.29",
"matchCriteriaId": "B80F87D6-F850-48DD-B0B2-389F249E87C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.15",
"matchCriteriaId": "83FDEDF2-0E19-4879-91FD-171E66D1B335"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/d9a747e6b6561280bf1791bb24c5e9e082193dad",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e2ae38cf3d91837a493cb2093c87700ff3cbe667",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f8d88e86e90ea1002226d7ac2430152bfea003d1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

94
CVE-2022/CVE-2022-488xx/CVE-2022-48863.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48863",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T13:15:13.163",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-23T14:47:41.200",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,103 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mISDN: corrige la p\u00e9rdida de memoria en dsp_pipeline_build() dsp_pipeline_build() asigna el puntero dup mediante kstrdup(cfg), pero luego actualiza la variable dup mediante strsep(&dup, \"|\"). Como resultado, cuando llama a kfree(dup), la variable dup contiene NULL. Encontrado por el proyecto de verificaci\u00f3n de controladores de Linux (linuxtesting.org) con SVACE."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.27",
"versionEndExcluding": "5.10.106",
"matchCriteriaId": "FC547F57-10F3-40A4-A3E5-8FBABD92BB10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.29",
"matchCriteriaId": "15DC6588-B28F-4637-9A1E-3753B34A40CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.15",
"matchCriteriaId": "83FDEDF2-0E19-4879-91FD-171E66D1B335"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/640445d6fc059d4514ffea79eb4196299e0e2d0f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7777b1f795af1bb43867375d8a776080111aae1b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a3d5fcc6cf2ecbba5a269631092570aa285a24cb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c6a502c2299941c8326d029cfc8a3bc8a4607ad5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

82
CVE-2022/CVE-2022-488xx/CVE-2022-48864.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48864",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T13:15:13.233",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-23T14:44:00.093",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,89 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vdpa/mlx5: agregar validaci\u00f3n para el comando VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET Cuando control vq recibe una solicitud de comando VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET del controlador, actualmente no hay validaci\u00f3n contra el n\u00famero de pares de colas para configurar, o incluso si La multicola se hab\u00eda negociado o no no est\u00e1 verificada. Esto puede provocar p\u00e1nico en el kernel debido a recursos no inicializados para las colas si hubo alguna solicitud falsa enviada por un controlador que no es de confianza. Ata los cabos sueltos all\u00ed."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15",
"versionEndExcluding": "5.15.29",
"matchCriteriaId": "16671FB9-DA97-4162-A46E-218CDB4770CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.15",
"matchCriteriaId": "83FDEDF2-0E19-4879-91FD-171E66D1B335"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/9f6effca75626c7a7c7620dabcb1a254ca530230",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e7e118416465f2ba8b55007e5b789823e101421e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ed0f849fc3a63ed2ddf5e72cdb1de3bdbbb0f8eb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

94
CVE-2022/CVE-2022-488xx/CVE-2022-48865.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48865",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T13:15:13.300",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-23T14:42:20.300",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,103 @@
"value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: tipc: corrige el p\u00e1nico del kernel al habilitar el portador Al habilitar un portador en un nodo, se observa un p\u00e1nico del kernel: [4.498085] RIP: 0010:tipc_mon_prep+0x4e/0x130 [tipc]. .. [ 4.520030] Seguimiento de llamadas: [ 4.520689] [ 4.521236] tipc_link_build_proto_msg+0x375/0x750 [tipc] [ 4.522654] tipc_link_build_state_msg+0x48/0xc0 [tipc] [ 4.524034] c_node_link_up+0xd7/0x290 [tipc] [4.525292] tipc_rcv+0x5da/0x730 [tipc] [4.526346]? __netif_receive_skb_core+0xb7/0xfc0 [ 4.527601] tipc_l2_rcv_msg+0x5e/0x90 [tipc] [ 4.528737] __netif_receive_skb_list_core+0x20b/0x260 [ 4.530068] externo+0x1bf/0x2e0 [ 4.531450] ? dev_gro_receive+0x4c2/0x680 [ 4.532512] napi_complete_done+0x6f/0x180 [ 4.533570] virtnet_poll+0x29c/0x42e [virtio_net] ... El nodo en cuesti\u00f3n est\u00e1 recibiendo mensajes de activaci\u00f3n en otro hilo despu\u00e9s de cambiar el estado del portador para permitir el env\u00edo/recepci\u00f3n de mensajes en el actual hilo: hilo 1 | hilo 2 -------- | -------- | tipc_enable_bearer() | test_and_set_bit_lock() | tipc_bearer_xmit_skb() | | tipc_l2_rcv_msg() | tipc_rcv() | __tipc_node_link_up() | tipc_link_build_state_msg() | tipc_link_build_proto_msg() | tipc_mon_prep() | { | ... | // desreferencia del puntero nulo | u16 gen = mon->dom_gen; | ... | } // A\u00fan no se est\u00e1 ejecutando | tipc_mon_create() | { | ... | // asignar | lunes = kzalloc(); | ... | } | Se elimina la referencia al puntero de monitoreo en el subproceso 2 antes de que los datos de monitoreo se asignen en el subproceso 1. Esto provoca p\u00e1nico en el kernel. Esta confirmaci\u00f3n lo soluciona asignando los datos de monitoreo antes de permitir que el portador reciba mensajes."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.8",
"versionEndExcluding": "5.10.106",
"matchCriteriaId": "C7A6C6FB-2FA7-4B00-A0BF-8F39B0227EFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.29",
"matchCriteriaId": "15DC6588-B28F-4637-9A1E-3753B34A40CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.15",
"matchCriteriaId": "83FDEDF2-0E19-4879-91FD-171E66D1B335"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/2de76d37d4a6dca9b96ea51da24d4290e6cfa1a5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/be4977b847f5d5cedb64d50eaaf2218c3a55a3a3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f4f59fdbc748805b08c13dae14c01f0518c77c94",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f96dc3adb9a97b8f3dfdb88796483491a3006b71",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

82
CVE-2022/CVE-2022-488xx/CVE-2022-48866.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48866",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T13:15:13.377",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-23T14:36:54.493",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,89 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: HID: hid-thrustmaster: corrige la lectura OOB en Thrustmaster_interrupts Syzbot inform\u00f3 un error de lectura fuera de los l\u00edmites en Thrustmaster_probe(). El caso ra\u00edz es la falta de verificaci\u00f3n de validaci\u00f3n del n\u00famero real de endpoints. El c\u00f3digo no debe acceder ciegamente a usb_host_interface::endpoint array, ya que puede contener menos endpoints de los que espera el c\u00f3digo. Solucionelo agregando una verificaci\u00f3n de validaci\u00f3n faltante e imprima un error si el n\u00famero de endpoints no coincide con el n\u00famero esperado"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.13",
"versionEndExcluding": "5.15.29",
"matchCriteriaId": "062C5263-014B-4069-BEBB-ADFE8EA1AF10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.15",
"matchCriteriaId": "83FDEDF2-0E19-4879-91FD-171E66D1B335"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/3ffbe85cda7f523dad896bae08cecd8db8b555ab",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/56185434e1e50acecee56d8f5850135009b87947",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fc3ef2e3297b3c0e2006b5d7b3d66965e3392036",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

2
CVE-2023/CVE-2023-295xx/CVE-2023-29581.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-29581",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-12T16:15:19.603",
"lastModified": "2024-05-17T02:22:27.250",
"lastModified": "2024-07-23T15:15:03.180",
"vulnStatus": "Modified",
"cveTags": [
{

44
CVE-2024/CVE-2024-07xx/CVE-2024-0760.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-0760",
"sourceIdentifier": "security-officer@isc.org",
"published": "2024-07-23T15:15:03.520",
"lastModified": "2024-07-23T15:15:03.520",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. \nThis issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-officer@isc.org",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://kb.isc.org/docs/cve-2024-0760",
"source": "security-officer@isc.org"
}
]
}

48
CVE-2024/CVE-2024-17xx/CVE-2024-1737.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2024-1737",
"sourceIdentifier": "security-officer@isc.org",
"published": "2024-07-23T15:15:03.740",
"lastModified": "2024-07-23T15:15:03.740",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name.\nThis issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-officer@isc.org",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://kb.isc.org/docs/cve-2024-1737",
"source": "security-officer@isc.org"
},
{
"url": "https://kb.isc.org/docs/rrset-limits-in-zones",
"source": "security-officer@isc.org"
}
]
}

44
CVE-2024/CVE-2024-19xx/CVE-2024-1975.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-1975",
"sourceIdentifier": "security-officer@isc.org",
"published": "2024-07-23T15:15:03.943",
"lastModified": "2024-07-23T15:15:03.943",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "If a server hosts a zone containing a \"KEY\" Resource Record, or a resolver DNSSEC-validates a \"KEY\" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests.\nThis issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-officer@isc.org",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://kb.isc.org/docs/cve-2024-1975",
"source": "security-officer@isc.org"
}
]
}

21
CVE-2024/CVE-2024-400xx/CVE-2024-40060.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-40060",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-23T15:15:04.810",
"lastModified": "2024-07-23T15:15:04.810",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "go-chart v2.1.1 was discovered to contain an infinite loop via the drawCanvas() function."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/F3iG0n9/4d0d7c863eea6874eeeb26a3073aa5f8",
"source": "cve@mitre.org"
}
]
}

44
CVE-2024/CVE-2024-40xx/CVE-2024-4076.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-4076",
"sourceIdentifier": "security-officer@isc.org",
"published": "2024-07-23T15:15:05.500",
"lastModified": "2024-07-23T15:15:05.500",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure.\nThis issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-officer@isc.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://kb.isc.org/docs/cve-2024-4076",
"source": "security-officer@isc.org"
}
]
}

56
CVE-2024/CVE-2024-40xx/CVE-2024-4079.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-4079",
"sourceIdentifier": "security@ni.com",
"published": "2024-07-23T14:15:14.353",
"lastModified": "2024-07-23T14:15:14.353",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An out of bounds read due to a missing bounds check in LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@ni.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@ni.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-due-to-missing-bounds-check-in-labview.html",
"source": "security@ni.com"
}
]
}

100
CVE-2024/CVE-2024-40xx/CVE-2024-4080.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-4080",
"sourceIdentifier": "security@ni.com",
"published": "2024-07-23T14:15:14.590",
"lastModified": "2024-07-23T14:15:14.590",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption issue due to an improper length check in LabVIEW tdcore.dll may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@ni.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "ACTIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.4,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "security@ni.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@ni.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-issues-due-to-improper-length-checks-in-labview.html",
"source": "security@ni.com"
}
]
}

100
CVE-2024/CVE-2024-40xx/CVE-2024-4081.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-4081",
"sourceIdentifier": "security@ni.com",
"published": "2024-07-23T14:15:14.837",
"lastModified": "2024-07-23T14:15:14.837",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption issue due to an improper length check in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects NI LabVIEW 2024 Q1 and prior versions."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@ni.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "ACTIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.4,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "security@ni.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@ni.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-issues-due-to-improper-length-checks-in-labview.html",
"source": "security@ni.com"
}
]
}

10
CVE-2024/CVE-2024-413xx/CVE-2024-41318.json
View File

@ -2,17 +2,25 @@
"id": "CVE-2024-41318",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-22T14:15:06.880",
"lastModified": "2024-07-22T14:15:06.880",
"lastModified": "2024-07-23T15:15:04.973",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que TOTOLINK A6000R V1.0.1-B20201211.2000 contiene una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s del par\u00e1metro ifname en la funci\u00f3n apcli_wps_gen_pincode."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/yanggao017/dc88fb2e29291503addf1e7aa3775578",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/yanggao017/vuln/blob/main/TOTOLINK/A6000R/CI_5_apcli_wps_gen_pincode/README.md",
"source": "cve@mitre.org"

25
CVE-2024/CVE-2024-413xx/CVE-2024-41319.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-41319",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-23T15:15:05.050",
"lastModified": "2024-07-23T15:15:05.050",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/yanggao017/40efb889800ae2691c38086ebf80c037",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/yanggao017/vuln/blob/main/TOTOLINK/A6000R/CI_7_webcmd/README.md",
"source": "cve@mitre.org"
}
]
}

10
CVE-2024/CVE-2024-413xx/CVE-2024-41320.json
View File

@ -2,17 +2,25 @@
"id": "CVE-2024-41320",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-22T14:15:06.940",
"lastModified": "2024-07-22T14:15:06.940",
"lastModified": "2024-07-23T15:15:05.133",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function."
},
{
"lang": "es",
"value": " Se descubri\u00f3 que TOTOLINK A6000R V1.0.1-B20201211.2000 contiene una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s del par\u00e1metro ifname en la funci\u00f3n get_apcli_conn_info."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/yanggao017/081d8638c117e708a4d36783b9230ce5",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/yanggao017/vuln/blob/main/TOTOLINK/A6000R/CI_6_get_apcli_conn_info/README.md",
"source": "cve@mitre.org"

68
CVE-2024/CVE-2024-416xx/CVE-2024-41655.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2024-41655",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-23T15:15:05.207",
"lastModified": "2024-07-23T15:15:05.207",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TF2 Item Format helps users format TF2 items to the community standards. Versions of `tf2-item-format` since at least `4.2.6` and prior to `5.9.14` are vulnerable to a Regular Expression Denial of Service (ReDoS) attack when parsing crafted user input. This vulnerability can be exploited by an attacker to perform DoS attacks on any service that uses any `tf2-item-format` to parse user input. Version `5.9.14` contains a fix for the issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
},
{
"lang": "en",
"value": "CWE-624"
}
]
}
],
"references": [
{
"url": "https://github.com/danocmx/node-tf2-item-format/commit/5cffcc16a9261d6a937bda72bfe6830e02e31eec",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/danocmx/node-tf2-item-format/releases/tag/v5.9.14",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/danocmx/node-tf2-item-format/security/advisories/GHSA-8h55-q5qq-p685",
"source": "security-advisories@github.com"
}
]
}

10
CVE-2024/CVE-2024-44xx/CVE-2024-4467.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-4467",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-07-02T16:15:05.423",
"lastModified": "2024-07-09T17:15:48.647",
"lastModified": "2024-07-23T15:15:05.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -80,6 +80,14 @@
"url": "https://access.redhat.com/errata/RHSA-2024:4420",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:4724",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:4727",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-4467",
"source": "secalert@redhat.com"

56
CVE-2024/CVE-2024-56xx/CVE-2024-5602.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-5602",
"sourceIdentifier": "security@ni.com",
"published": "2024-07-23T14:15:15.077",
"lastModified": "2024-07-23T14:15:15.077",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted nitrace file.\n\nThe NI I/O Trace tool is installed as part of the NI System Configuration utilities included with many NI software products.\u202f Refer to the NI Security Advisory for identifying the version of NI IO Trace.exe installed. The NI I/O Trace tool was also previously released as NI Spy."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@ni.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@ni.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/stack-based-buffer-overflow-vulnerability-in-ni-io-trace-tool.html",
"source": "security@ni.com"
}
]
}

6
CVE-2024/CVE-2024-64xx/CVE-2024-6409.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6409",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-07-08T18:15:09.487",
"lastModified": "2024-07-13T04:15:14.207",
"lastModified": "2024-07-23T15:15:06.010",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -76,6 +76,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:4457",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:4716",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-6409",
"source": "secalert@redhat.com"

56
CVE-2024/CVE-2024-67xx/CVE-2024-6783.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-6783",
"sourceIdentifier": "36c7be3b-2937-45df-85ea-ca7133ea542c",
"published": "2024-07-23T15:15:06.210",
"lastModified": "2024-07-23T15:15:06.210",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been discovered in Vue, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as `Object.prototype.staticClass` or `Object.prototype.staticStyle` to execute arbitrary JavaScript code."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "36c7be3b-2937-45df-85ea-ca7133ea542c",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "36c7be3b-2937-45df-85ea-ca7133ea542c",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.herodevs.com/vulnerability-directory/cve-2024-6783---vue-client-side-xss",
"source": "36c7be3b-2937-45df-85ea-ca7133ea542c"
}
]
}

44
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-07-23T14:00:17.042468+00:00
2024-07-23T16:00:16.909196+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-07-23T12:15:10.520000+00:00
2024-07-23T15:53:16.620000+00:00
```
### Last Data Feed Release
@ -33,22 +33,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
257829
257841
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `12`
- [CVE-2024-34128](CVE-2024/CVE-2024-341xx/CVE-2024-34128.json) (`2024-07-23T12:15:09.763`)
- [CVE-2024-41836](CVE-2024/CVE-2024-418xx/CVE-2024-41836.json) (`2024-07-23T12:15:10.240`)
- [CVE-2024-41839](CVE-2024/CVE-2024-418xx/CVE-2024-41839.json) (`2024-07-23T12:15:10.520`)
- [CVE-2024-0760](CVE-2024/CVE-2024-07xx/CVE-2024-0760.json) (`2024-07-23T15:15:03.520`)
- [CVE-2024-1737](CVE-2024/CVE-2024-17xx/CVE-2024-1737.json) (`2024-07-23T15:15:03.740`)
- [CVE-2024-1975](CVE-2024/CVE-2024-19xx/CVE-2024-1975.json) (`2024-07-23T15:15:03.943`)
- [CVE-2024-40060](CVE-2024/CVE-2024-400xx/CVE-2024-40060.json) (`2024-07-23T15:15:04.810`)
- [CVE-2024-4076](CVE-2024/CVE-2024-40xx/CVE-2024-4076.json) (`2024-07-23T15:15:05.500`)
- [CVE-2024-4079](CVE-2024/CVE-2024-40xx/CVE-2024-4079.json) (`2024-07-23T14:15:14.353`)
- [CVE-2024-4080](CVE-2024/CVE-2024-40xx/CVE-2024-4080.json) (`2024-07-23T14:15:14.590`)
- [CVE-2024-4081](CVE-2024/CVE-2024-40xx/CVE-2024-4081.json) (`2024-07-23T14:15:14.837`)
- [CVE-2024-41319](CVE-2024/CVE-2024-413xx/CVE-2024-41319.json) (`2024-07-23T15:15:05.050`)
- [CVE-2024-41655](CVE-2024/CVE-2024-416xx/CVE-2024-41655.json) (`2024-07-23T15:15:05.207`)
- [CVE-2024-5602](CVE-2024/CVE-2024-56xx/CVE-2024-5602.json) (`2024-07-23T14:15:15.077`)
- [CVE-2024-6783](CVE-2024/CVE-2024-67xx/CVE-2024-6783.json) (`2024-07-23T15:15:06.210`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `19`
- [CVE-2022-48852](CVE-2022/CVE-2022-488xx/CVE-2022-48852.json) (`2024-07-23T15:53:16.620`)
- [CVE-2022-48854](CVE-2022/CVE-2022-488xx/CVE-2022-48854.json) (`2024-07-23T15:26:31.407`)
- [CVE-2022-48855](CVE-2022/CVE-2022-488xx/CVE-2022-48855.json) (`2024-07-23T15:23:59.303`)
- [CVE-2022-48856](CVE-2022/CVE-2022-488xx/CVE-2022-48856.json) (`2024-07-23T15:11:32.597`)
- [CVE-2022-48857](CVE-2022/CVE-2022-488xx/CVE-2022-48857.json) (`2024-07-23T15:08:36.157`)
- [CVE-2022-48858](CVE-2022/CVE-2022-488xx/CVE-2022-48858.json) (`2024-07-23T15:07:49.103`)
- [CVE-2022-48859](CVE-2022/CVE-2022-488xx/CVE-2022-48859.json) (`2024-07-23T15:02:52.540`)
- [CVE-2022-48860](CVE-2022/CVE-2022-488xx/CVE-2022-48860.json) (`2024-07-23T15:02:09.747`)
- [CVE-2022-48861](CVE-2022/CVE-2022-488xx/CVE-2022-48861.json) (`2024-07-23T14:51:36.307`)
- [CVE-2022-48862](CVE-2022/CVE-2022-488xx/CVE-2022-48862.json) (`2024-07-23T14:49:56.077`)
- [CVE-2022-48863](CVE-2022/CVE-2022-488xx/CVE-2022-48863.json) (`2024-07-23T14:47:41.200`)
- [CVE-2022-48864](CVE-2022/CVE-2022-488xx/CVE-2022-48864.json) (`2024-07-23T14:44:00.093`)
- [CVE-2022-48865](CVE-2022/CVE-2022-488xx/CVE-2022-48865.json) (`2024-07-23T14:42:20.300`)
- [CVE-2022-48866](CVE-2022/CVE-2022-488xx/CVE-2022-48866.json) (`2024-07-23T14:36:54.493`)
- [CVE-2023-29581](CVE-2023/CVE-2023-295xx/CVE-2023-29581.json) (`2024-07-23T15:15:03.180`)
- [CVE-2024-41318](CVE-2024/CVE-2024-413xx/CVE-2024-41318.json) (`2024-07-23T15:15:04.973`)
- [CVE-2024-41320](CVE-2024/CVE-2024-413xx/CVE-2024-41320.json) (`2024-07-23T15:15:05.133`)
- [CVE-2024-4467](CVE-2024/CVE-2024-44xx/CVE-2024-4467.json) (`2024-07-23T15:15:05.720`)
- [CVE-2024-6409](CVE-2024/CVE-2024-64xx/CVE-2024-6409.json) (`2024-07-23T15:15:06.010`)
## Download and Usage

56
_state.csv
View File

@ -212308,22 +212308,22 @@ CVE-2022-48849,0,0,3ab46846ef9692112d2f6a1016acfa952d10d22e2ebd53ba9f4366d9d5f5d
CVE-2022-4885,0,0,6dfd3bcc205acf11a6a336fd859c715f78ad0d5c5de19658ba0e65de5d18469e,2024-05-17T02:17:01.360000
CVE-2022-48850,0,0,805256e0a07edb33d3d0df8007d620a7f657bb4f55179941872a2a5b20243879,2024-07-16T13:43:58.773000
CVE-2022-48851,0,0,88694c829f2b140549d3ab2d55143598fae04692031fc05266bf8333d09f0369,2024-07-16T13:43:58.773000
CVE-2022-48852,0,0,f366dfb6b3e0105653b9ff5291d50abe598e368bd859ee55f1b09ea43f6f29b1,2024-07-16T13:43:58.773000
CVE-2022-48852,0,1,23a898d7c7e573fa2a0620931872937d0b6e5fe3cc9c89934a123678ca7997e4,2024-07-23T15:53:16.620000
CVE-2022-48853,0,0,7fdb9f2d505b9801c358a79b529ed6bde7131f7ad8078d1472d6fbd75a89cc07,2024-07-16T13:43:58.773000
CVE-2022-48854,0,0,c0d6223b8b5006b82c29adf97da3b3fc6f05a48a0b65a4e144c550644e7f77e9,2024-07-16T13:43:58.773000
CVE-2022-48855,0,0,0d4568a0aae4b1021c9bb293ab7c03ce8e0d5a0b8e40ec152cfcc88d320c9d4c,2024-07-16T13:43:58.773000
CVE-2022-48856,0,0,af9db878b8d5698db39513cf30c29367c6a806fd0c0d10d5c6a7aca6d07ac058,2024-07-16T13:43:58.773000
CVE-2022-48857,0,0,ada01a686c1bc64137d9fb33793d798282541bf848c6a39c8435dc6e364a77fb,2024-07-16T13:43:58.773000
CVE-2022-48858,0,0,414a7f14c307c8a578ca775709a560cd14c9c669ffb351ee412f2aaa1d9ce4bf,2024-07-16T13:43:58.773000
CVE-2022-48859,0,0,768b75d95278dd6d49394b550e5bb9a8ec80fe39042a23959af663c8e66c9667,2024-07-16T13:43:58.773000
CVE-2022-48854,0,1,84d72ee43bdc8bc90080f7760c75fc6b54e0c0e9fbbe4f5f7c172dd332053185,2024-07-23T15:26:31.407000
CVE-2022-48855,0,1,8184a2b8e473bb37a6c0bbe6dc654b20d1cf4672d6e709641902a3801007c03f,2024-07-23T15:23:59.303000
CVE-2022-48856,0,1,69627a4291fac482d879733ac9d780fcb3e7bd33912f75e12316ce911f4a7311,2024-07-23T15:11:32.597000
CVE-2022-48857,0,1,34b6164763cd6a68c0a6002e1d3d213cdedcf8437cad8d4ea6b8e657200a6e39,2024-07-23T15:08:36.157000
CVE-2022-48858,0,1,fb6ff58be2ebb22a4508bb7730dba181f9b242e9fd34699133a6cacd8b66d1c0,2024-07-23T15:07:49.103000
CVE-2022-48859,0,1,70d41ff4c5e34ed24bd3832eec99a0fe09edaff6eb8c00d58efe17b5d3511229,2024-07-23T15:02:52.540000
CVE-2022-4886,0,0,e42990ffb743b6c6f14b952ff7ce95d12501834b779ed69d6232e165ff6a1e65,2024-03-07T17:15:09.470000
CVE-2022-48860,0,0,9429b015c8c2ab6d6d6e1601fe721153d7cf2efafd6b51d85930ae3c26489e91,2024-07-16T13:43:58.773000
CVE-2022-48861,0,0,c32d360a438c8a0c9c53e9a1471003a44e87db1688ef39f4021f8128d3ee1b2a,2024-07-16T13:43:58.773000
CVE-2022-48862,0,0,21bf7d2ae28d6fb20e1dcda332a98560025a3f4cf096962de10013079649a2a9,2024-07-16T13:43:58.773000
CVE-2022-48863,0,0,e54d4ecaa2249c6fab1af7ef261f3fcba8f9a4e8dafc409c05a0a74627973335,2024-07-16T13:43:58.773000
CVE-2022-48864,0,0,650943d78179e674a1b1db230b89ce04a710d66129d50d0997da4969a800c321,2024-07-16T13:43:58.773000
CVE-2022-48865,0,0,2445c2f4d9c87ba0cd05fa991db63b36f54c51d03755a8e89d0f9a98722888cb,2024-07-16T13:43:58.773000
CVE-2022-48866,0,0,80feeb46439af24d13e6d501fce64b9fe19d3656d25a21415cfd1fb554fbe050,2024-07-16T13:43:58.773000
CVE-2022-48860,0,1,c5a87242019a95e5f4363a5bd126e2959e21726237d09087289cfb79660fb35c,2024-07-23T15:02:09.747000
CVE-2022-48861,0,1,a2b2770bf1e7c4d07ff53f784185b00aea1b78fe56475ddbecb516a73fee4e4c,2024-07-23T14:51:36.307000
CVE-2022-48862,0,1,0345e9275650d1642626668702535bf44938b1d4b99e150f80c523ab30110656,2024-07-23T14:49:56.077000
CVE-2022-48863,0,1,0b99b60ca586a6da4e957e9e6764f579d04f3de517666b5d23308eb74a0327d4,2024-07-23T14:47:41.200000
CVE-2022-48864,0,1,20a93d8c717514ed3619da6525932e50b688bd0d476c290094d596cb506d7b10,2024-07-23T14:44:00.093000
CVE-2022-48865,0,1,131f2466a64b0e56f3543f09aa08c5ba9a2688ed851b0bd16452f38d0b32c199,2024-07-23T14:42:20.300000
CVE-2022-48866,0,1,dd9632abea944a27af10a71970d4f3466ac4d00c77d7597d39b4974e89d54588,2024-07-23T14:36:54.493000
CVE-2022-4888,0,0,b679e23092f1369239dc0dfe1d4aeef981e952b9db5ffb43ed815e206bd3f53d,2023-11-07T03:59:13.600000
CVE-2022-4889,0,0,e28145e6bac3566714c615b828c485e97008b42961c16fdc8c566e13678a4601,2024-05-17T02:17:01.537000
CVE-2022-4890,0,0,6681cfa53e1bf5f370bc8c8bc62693e3d5b22cda3aa6b9f40531dae97a716dfa,2024-05-17T02:17:01.647000
@ -222243,7 +222243,7 @@ CVE-2023-29578,0,0,f58e4cfe2bbcf81a350d059842ea4d6c6b04838d2651111cf3d4585298dbd
CVE-2023-29579,0,0,28468ff69e9a6557c02253ea7ed3570181d5c8845f1afa1cba907ee0ab5a3415,2024-05-17T02:22:27.113000
CVE-2023-2958,0,0,85f829d96608f899deea4dfc15649f90f7aef4944e1dbf6338c275a5e763dd22,2023-07-31T17:46:45.333000
CVE-2023-29580,0,0,6dcf1674dbda7f5e1025e60d0e9fe8e3ba7fec96d7027bf837157aa4720b4ffe,2023-04-21T14:52:34.300000
CVE-2023-29581,0,0,d275110853faf93563a4628bea61edd1b535dc819d744beb18ed6b2a8973c8bf,2024-05-17T02:22:27.250000
CVE-2023-29581,0,1,191da2ffd387fca064afbbd65bcc1e3bfa7f52ee0c8a4afc777f1d480719eb42,2024-07-23T15:15:03.180000
CVE-2023-29582,0,0,3804170943994ec102d49d2f6ce51e0be5c75778178b33a939af6fa77d114ee3,2024-05-17T02:22:27.343000
CVE-2023-29583,0,0,bc016245907014284b4cad7297e49fec4175de71ef513e961e881c519db255d9,2024-07-18T18:15:05.047000
CVE-2023-29584,0,0,831cddac2cd925bf62dea9fe091ac0aeef558699a444ef91f6c61edb2e4d84e8,2023-04-19T19:28:11.347000
@ -241475,6 +241475,7 @@ CVE-2024-0756,0,0,b74435a4e5e1d4f3b3a4ce7f115d91d803212fb6f57df8fa4a2fa8d8698a38
CVE-2024-0757,0,0,82f1d5fe239632b077ccabeaf1b70c316c565ea22ca5e26cba66c98605a2ac8c,2024-06-04T16:57:41.053000
CVE-2024-0758,0,0,fc97ebc5b04803b57ecd71df236ee98d87d4a211b2215bb34049825cdbd967a6,2024-01-26T17:00:10.607000
CVE-2024-0759,0,0,1f29bc7ec90b9be141ba5df168c832467834f0104b9d12619d749a3c91302f63,2024-03-07T20:15:50.480000
CVE-2024-0760,1,1,8db13b8ad7f269d6c10205fd6f4b44d6dac0fa16737bb6c125818141fbebd16e,2024-07-23T15:15:03.520000
CVE-2024-0761,0,0,b79031e86661bd45f67f34e880253c63ee13d5042f1a53406b385d1b1dffaecd,2024-02-13T17:16:46.780000
CVE-2024-0762,0,0,81ad586535781fa8baa3508ec280780590072000f5a50fe32a89e5b366d40ac6,2024-06-21T10:15:10.580000
CVE-2024-0763,0,0,5db758bc3605bfbe323fa32ed26d84a2f001f92484a51218ea35fbdc0710d446,2024-02-28T14:06:45.783000
@ -242368,6 +242369,7 @@ CVE-2024-1732,0,0,834564798b34803457a0ec9cad4eefb5bcc466f88b5c86130580cd8ef81bdf
CVE-2024-1733,0,0,1de98e53179418755768544ec663a550e1c566834940320a34ae086f141e0f3f,2024-03-17T22:38:29.433000
CVE-2024-1735,0,0,3dcff7ae67c98fab6233fc660b83fa45dc36cbd0301a4874decf976f37ddb465,2024-06-12T08:15:50.043000
CVE-2024-1736,0,0,a622ca00070de7a96b73d1a11c2dcf2634e69d5606345f8f86e99a97ccacdaf4,2024-07-18T19:50:31.223000
CVE-2024-1737,1,1,50e1de2fbf8ce4a27262d5446addc001b1cb9798d9bb03b6baf537a2ab0f47d0,2024-07-23T15:15:03.740000
CVE-2024-1738,0,0,65086d20a025a8acdbd054263ca4cd14eb5b5ba61d808610c94ef2eec44edd2f,2024-05-15T16:15:09.807000
CVE-2024-1739,0,0,0f6aa88dfc12de7693a69727eb574af9b67e4c54140ec3c21c30b657e8fcbacf,2024-07-03T01:45:31.133000
CVE-2024-1740,0,0,974b4647e97273950b6a297affa420d08f59acef309aa37814c6598a456898d5,2024-04-10T19:49:51.183000
@ -242588,6 +242590,7 @@ CVE-2024-1971,0,0,0d9cb5107f1036f4f23265da8dd7b2bd2dcf4479650a723be6560fae09ba01
CVE-2024-1972,0,0,2560881ff7431f691f7bc00728ec8a23e2620398774dabc33f53c4508cee2e65,2024-05-17T02:35:43.363000
CVE-2024-1973,0,0,626b2f0735da4862b031577cf6d60a60bb435d6eef085a140fda3327fd09bd68,2024-03-26T12:55:05.010000
CVE-2024-1974,0,0,dc475e5db2810e48258099e8096a48a8d4eea51b1241d562afef1cfd4323c64d,2024-04-10T13:23:38.787000
CVE-2024-1975,1,1,cadbd901de2ace2a148bf8f100f196c984a63646db6a36e7b91cf6667529ce88,2024-07-23T15:15:03.943000
CVE-2024-1976,0,0,c42fde98a9f4f021d37eae05be5cdd6a425eba391cce3b7b3b2e8b240d70bd79,2024-02-29T13:49:29.390000
CVE-2024-1977,0,0,f4c93cb09e0dd632ab410c1ff88e1a572fb17d35be648b109a192a65dc30f9e6,2024-02-29T13:49:29.390000
CVE-2024-1978,0,0,194a996e86c18d7c40d1315b29a524d0f48e8a7d042ccb89cd8a2a6beb64d004,2024-02-29T13:49:29.390000
@ -252083,7 +252086,7 @@ CVE-2024-3412,0,0,e50c7e3ae6f10b261f3da66fd6437a79038925b3952464be81ac0e7b8712c1
CVE-2024-34120,0,0,59b2d9c769f5e7837181f42b948f1f4d6a71599cbcd1b502e5c0f6b22b12ebe5,2024-06-14T20:02:45.567000
CVE-2024-34122,0,0,1f1afdb8bcd7920872d40bc049791e258094ad813a8f738f73973f16e8f185df,2024-07-02T17:44:45.700000
CVE-2024-34123,0,0,60f48b7c1a1214b049b9220d35589296122b7174f3f0274e4f9438886e7fb319,2024-07-11T13:06:13.187000
CVE-2024-34128,1,1,c593ef6aa2409394e2909ac7d50f53c977c58dcc4c7ebddfe344508dd50a7d07,2024-07-23T12:15:09.763000
CVE-2024-34128,0,0,c593ef6aa2409394e2909ac7d50f53c977c58dcc4c7ebddfe344508dd50a7d07,2024-07-23T12:15:09.763000
CVE-2024-34129,0,0,4b371bd2ce78a755ab5bce8486ffc40418a5eef964d8e637f4bd806924a46c43,2024-07-19T17:30:15.177000
CVE-2024-3413,0,0,393490437f33ce616f0a6848540c1c0d3eed8ed2038327f28efd50e305f3828b,2024-05-17T02:39:54.073000
CVE-2024-34130,0,0,39c33a1c2e45222da36d81ad20fcf2f2dae4088c0999d560d63f2526f4c81a40,2024-07-19T17:28:29.150000
@ -255447,6 +255450,7 @@ CVE-2024-40039,0,0,e210b5ff95f4cbe50930111bbfa1727a53319595db825c61fbcbca8d251a4
CVE-2024-4005,0,0,980f25dcabac4666d2a5ebf5d973009bd7c7226dd4f2e01aee26b530adf5da1a,2024-06-17T12:42:04.623000
CVE-2024-40051,0,0,20936052b0bb3980011c19c0052b751939b6bec1e8494d2d1b40959208734703,2024-07-22T18:15:03.700000
CVE-2024-4006,0,0,94faf2d168fb54b3d152844d072ec60ae7893cacd318e45ba2a9ad56b250c9d0,2024-04-25T17:25:05.903000
CVE-2024-40060,1,1,89b016f158367e52ead3b215f86cc8c74da8a245b566cf4ad04fc853d74e6c19,2024-07-23T15:15:04.810000
CVE-2024-4007,0,0,857ffd215040050c5517e94efdf82e72cc62aae4cfd62acb973d56bcff6e13cd,2024-07-01T16:37:39.040000
CVE-2024-40075,0,0,be1f3a1614eb2c73b3ebf7d6cfcc89f676aefcd3dd81c28d14eaccf6ea1048a3,2024-07-22T19:15:02.867000
CVE-2024-4008,0,0,41ba43cb718e067f099fac417cd6110082f457ea9bc7353b1528141e52f4a2d0,2024-06-18T17:00:01.570000
@ -255616,9 +255620,13 @@ CVE-2024-40741,0,0,ddd0ff9476ed1ff47a6c6ea90383139e3fceeb76685fa77b077d9f9786ebe
CVE-2024-40742,0,0,a7b4d8a63cd84bbed8ae36225a2d630607182f2ae3b73228fc1ab3090889f783,2024-07-11T15:06:29.580000
CVE-2024-4075,0,0,29d19ea935c989efa2e770180ba61eb06fe49f0b181d6d812a7498d3145b983a,2024-05-17T02:40:15.170000
CVE-2024-40750,0,0,123c568c4a271c6bb023f9091df0f00fec1f937f3d0585148d7948581d7b9455,2024-07-11T13:06:13.187000
CVE-2024-4076,1,1,ca2ab25a79ea4503d987d7077915c8c87516cd03df00ab1b5497ea0e7b0bf5ae,2024-07-23T15:15:05.500000
CVE-2024-40764,0,0,31190fa168623fbefe72005739844174b20afc4fdab83062110ac517be35c6d0,2024-07-18T12:28:43.707000
CVE-2024-4077,0,0,d4f08c4fa42913c8d00f3fecbe96233f1448e9383bf97ebcbeca4cc0f2c8ae2b,2024-04-25T13:18:02.660000
CVE-2024-4078,0,0,4f6a573d2d42430a81000704c37318a2f1d7afadf71bcba45d97fec5f925233f,2024-05-16T13:03:05.353000
CVE-2024-4079,1,1,99209b6b51eaa8a9d90cd12f677c7e30b866cd2c9ada6d13befa76362cf63168,2024-07-23T14:15:14.353000
CVE-2024-4080,1,1,560bae462fb211eddacf035e8ddd7895f21fc7d0d5fb7308ab290c999a3d58c7,2024-07-23T14:15:14.590000
CVE-2024-4081,1,1,ef414c5873253d066739bf6ceaeff30779bac8cfff998e1da63ebd72617023bb,2024-07-23T14:15:14.837000
CVE-2024-4082,0,0,02264cef46dbd3bc30b90eb0e358643df5f32c233cd928965c67d2a95fa3306a,2024-05-14T16:11:39.510000
CVE-2024-4083,0,0,1cd1c6384007aa9a5a8af9731386deec2b0818df508019e87115186ced7033b5,2024-05-02T18:00:37.360000
CVE-2024-4084,0,0,aed2355093521159d48a9084a5a18f34499717e2daefb72a4c03148c5f7b9d24,2024-06-11T16:44:49.090000
@ -255789,8 +255797,9 @@ CVE-2024-41314,0,0,ccb6c27b3b5599068351780e5c3616b8ca3caa5e52aa798c9a723e6261325
CVE-2024-41315,0,0,0a1a8a1ddbef26bb636be733b82824c88fddc794ce2b817aeca0a1e1ecf0dad2,2024-07-22T14:15:06.693000
CVE-2024-41316,0,0,e98fe5500ad4bad72c068aaa9dc48cd190f9de2669945b609391f78bff36111d,2024-07-22T14:15:06.757000
CVE-2024-41317,0,0,ed4ee8d76c043b4dd89a61007bfc1f34e52dad1d8709852147b21963f35fa454,2024-07-22T14:15:06.817000
CVE-2024-41318,0,0,58952d51dc452dca313091cca4ea86ce9e6f7f9d1d9876bf591dad5eb1c09d8b,2024-07-22T14:15:06.880000
CVE-2024-41320,0,0,b0945ace6dd4310f01db0dff3526b4ce29f1fa3675f2b73191eb454b671ed047,2024-07-22T14:15:06.940000
CVE-2024-41318,0,1,18c108befe2fc6c42d41c2578a07ae72341f45f8778f9f6bb91b2ae7402f1325,2024-07-23T15:15:04.973000
CVE-2024-41319,1,1,94bc49a845d6947968b4f80e3a5d12e86b12266859d7779d4b9fd0058b107ce8,2024-07-23T15:15:05.050000
CVE-2024-41320,0,1,689e2ad8a9ee3d4af7d517e95ae2356f73fe15837a1e2972e05beec9e4f28250,2024-07-23T15:15:05.133000
CVE-2024-4133,0,0,809a3aebbf4e63405fb2f0740c9908f3dfcf1d711b93379e5d465ea9e56d3cba,2024-05-02T18:00:37.360000
CVE-2024-4135,0,0,3adddfced77f8fc8630aec5e175734a40783e3f6b247cb0614a312485a8097a3,2024-05-08T13:15:00.690000
CVE-2024-4138,0,0,0f7c3171dd014e7915cab9bf533b57ef231d5c30c6ae20f761b745c0767014ec,2024-05-14T19:17:55.627000
@ -255827,6 +255836,7 @@ CVE-2024-4162,0,0,1a4f39929c1df6d420ff35b2d8de51a57c5e5378a57b6e7a1a35abc1b5a3dc
CVE-2024-4163,0,0,69022c7df60536fa7bdfb20d2705efebe8d2d6c2c39bf59b2dcb5940921dba2c,2024-07-03T02:07:10.047000
CVE-2024-4164,0,0,5c582c5408e712b207393008a4bc438580820bad61af8c831d6d320440184b2c,2024-05-17T02:40:17.710000
CVE-2024-4165,0,0,1335796556da8c6a778d77814a8f1d84d8c2dc18b70d9de88815783ed1aa0d77,2024-06-04T19:20:31.500000
CVE-2024-41655,1,1,3fe02fa61b0dfb920c71488e9c8b5259c7506f728d57d11b14913ec90a7b67aa,2024-07-23T15:15:05.207000
CVE-2024-4166,0,0,f698286bcd13839c3e713fc944a2d68390d9d1f07ea9696da7a343bdead6335d,2024-05-17T02:40:17.900000
CVE-2024-4167,0,0,a726fa69800dd2a00fe506dc5d29a370681725e72bfe1ac34a8206d50708861e,2024-06-04T19:20:31.593000
CVE-2024-4168,0,0,7f4f833c88738c683a47d814a058bf8a730868170937a9aca799097bc79bf22f,2024-06-04T19:20:31.690000
@ -255852,8 +255862,8 @@ CVE-2024-41827,0,0,715ad3c66183d764c98ea5ee168c80910fd9f5e98abd7aa1b21f8f5380727
CVE-2024-41828,0,0,7731b0e8dac203c149972d38551edb3b0fc0a981392a786a8ef63785a16c7547,2024-07-22T15:15:05.270000
CVE-2024-41829,0,0,93d1466d44910cc9b0281d221e234b59ab0caf3d6a4f1bf584b46869666f39cc,2024-07-22T15:15:05.487000
CVE-2024-4183,0,0,c95eeb02531c25674be296e55025a1bd3e47bb47f078fa8bff79c7eea74c4268,2024-04-26T12:58:17.720000
CVE-2024-41836,1,1,4defdc5dded1371e2feafa5c07aecf68f547f713f2d0eb5ac055614739958dc4,2024-07-23T12:15:10.240000
CVE-2024-41839,1,1,01345eba14dd5354369d36ab32b39bca4ffda5c783f1ab69098d2f65c0a29b22,2024-07-23T12:15:10.520000
CVE-2024-41836,0,0,4defdc5dded1371e2feafa5c07aecf68f547f713f2d0eb5ac055614739958dc4,2024-07-23T12:15:10.240000
CVE-2024-41839,0,0,01345eba14dd5354369d36ab32b39bca4ffda5c783f1ab69098d2f65c0a29b22,2024-07-23T12:15:10.520000
CVE-2024-4185,0,0,2ebb1e96affd30f65338d1aa453a686ffeaefddcc6c26d6c3c25de17e937fc18,2024-04-30T13:11:16.690000
CVE-2024-4186,0,0,c07cd0df6ca0a9d2dc3c3ba29e1f05004c0a2ac49601b699a13f07e112f9c5ca,2024-05-07T13:39:32.710000
CVE-2024-41880,0,0,fc7c36755bde611f98a14eba2d59bf57bb96e394de6b28bc393d5261a53a802d,2024-07-22T19:15:02.990000
@ -256094,7 +256104,7 @@ CVE-2024-4461,0,0,51250da8bcd9ecf720caf9f3a7efd550d6e47af21e57f982fabb8237238dcf
CVE-2024-4462,0,0,7de1c10fc651b37d9659e3e60da12a8c072b437874aeb6819554614b6acb9a58,2024-06-04T16:57:41.053000
CVE-2024-4463,0,0,697d96b65b3f5bb41384b58e0f6586cf3caa8378b8edc45503427d4f5bdd2d8e,2024-05-14T16:11:39.510000
CVE-2024-4466,0,0,b7aa09b25d001fa0ca3c8a92093b33e950eb38bf6c988ff6fde91a26b7231c00,2024-05-03T12:48:41.067000
CVE-2024-4467,0,0,d8044c3e713a1ac6fa030ccfe77596bb1fac317f818e280771821f60ae85da2f,2024-07-09T17:15:48.647000
CVE-2024-4467,0,1,7f76f66c1d0e872eb71b56df71116d9a76874326825b3693b94b452aba004123,2024-07-23T15:15:05.720000
CVE-2024-4468,0,0,b3276ced4484e0a6677a57dac2ac7e9a5b704e2ae059b48a7256dc6a67d6da0e,2024-06-10T02:52:08.267000
CVE-2024-4469,0,0,8f4eafe1629cfec30e07bc480cd9bd60074526e695dc3e7699a9034cc841795d,2024-05-31T13:01:46.727000
CVE-2024-4470,0,0,3c0fcce343f2a1d09f74dfb9be1570b18bd3555368134445c358e736dab037c4,2024-05-21T12:37:59.687000
@ -257051,6 +257061,7 @@ CVE-2024-5598,0,0,dea97cf43130ffc7ec8c1e0439cc4a1d595d430c970e2a6bb452f71273924c
CVE-2024-5599,0,0,e2a52dc8fb81a6d016503d8fbd621cff191add725c15ae779eff77632921d437,2024-06-11T18:24:39.057000
CVE-2024-5600,0,0,cbb44154b53a9ff19bb9b8607051bff7897a220aae51af46369a9f79546fe419,2024-07-09T18:19:14.047000
CVE-2024-5601,0,0,e22064ef868b7763ab6a035a66dc94fbf47f776f059b7b471d5873c49e582f7a,2024-06-28T13:25:40.677000
CVE-2024-5602,1,1,4041257a741ba4edb015af2613f552f2da5cbcb483f9737a6d05c3549139c389,2024-07-23T14:15:15.077000
CVE-2024-5604,0,0,3fc5f4822707c10b93ac858cb809bfd200b008140e07ef20d84f7ed8208c8435,2024-07-19T13:01:44.567000
CVE-2024-5605,0,0,e4ab13f44aee681834db0b09d11c486a794d1d811bed7db97810cd3bad2b3e86,2024-07-17T14:02:16.537000
CVE-2024-5606,0,0,954b2855130670426569975aef75e63a345bb5d86a76ecc86734db71e762262f,2024-07-08T14:19:15.450000
@ -257593,7 +257604,7 @@ CVE-2024-6402,0,0,795485c4534407e246daec51c1daaa33b95f6651688fed743a8fb9054cdaed
CVE-2024-6403,0,0,e44b9cfa8d9ae367e624a8cdf179ef52ea1e98c2115d7a956299d17747a6a56b,2024-07-01T12:37:24.220000
CVE-2024-6405,0,0,fdb62e3d2213e21f6cf3d269e158ee31cc07c01f1a5a460b466ccce5203f82ee,2024-07-01T12:37:24.220000
CVE-2024-6407,0,0,12314028e09ddfd135bb748e0530e9ce4aee25dcaa6c2bae62524650d54b655f,2024-07-12T16:36:34.747000
CVE-2024-6409,0,0,8fa55f802f11c77e2275f285ff83d5eaaae068922e7ae02d6ce55866bda9f452,2024-07-13T04:15:14.207000
CVE-2024-6409,0,1,578c0304a0eb142e0bd60834fe2621b9fbe6dbe565942555cba8093cadf1251b,2024-07-23T15:15:06.010000
CVE-2024-6410,0,0,9db961a9e1824a35ea4ea0ac1b25800d120aafac2e5d4caf32d46e6051ad19d3,2024-07-11T13:05:54.930000
CVE-2024-6411,0,0,47c8df8c850420fccb0a9ac1089e4a10bdc49d8ecc38cd5ac33a449b2082a491,2024-07-11T13:05:54.930000
CVE-2024-6414,0,0,ae0d661be5f3239fdfe6f0d08030fef27c03212dc1e12675bcf532fd90369002,2024-07-01T12:37:24.220000
@ -257756,6 +257767,7 @@ CVE-2024-6777,0,0,1b2f8bc7483fbfc540bfc78d70c330a5b3bd55e3e3b550b722254066c080b4
CVE-2024-6778,0,0,4b9f54a1ab5418724c8d4d40b1c3b12f937747d49588cc60e2bad6855d8270bc,2024-07-17T13:34:20.520000
CVE-2024-6779,0,0,eb8d5debe3ae4525916f27034d3cd0e49a98090896d6ba5d8c5bcdb0d54820b6,2024-07-17T13:34:20.520000
CVE-2024-6780,0,0,54fc3efeb973ca2f40f04f54d5a723685bcfaff31befba604fec0242bd088a83,2024-07-16T13:43:58.773000
CVE-2024-6783,1,1,1e995d50ba4966436ba609fc82d167b4f81781c635bc2a71adba2b8a7ed30f1d,2024-07-23T15:15:06.210000
CVE-2024-6791,0,0,59433f923d9fc7ff46afaa161eb77f91d2573910fe459bf3d739fa4cb3b0f828,2024-07-22T21:15:04.360000
CVE-2024-6793,0,0,1e50d4c72ccf22ca7ffc2eb62910606f5bcc86a8538c175560adaab5c207dbc8,2024-07-22T21:15:04.547000
CVE-2024-6794,0,0,9c548937685e7eadcbd8adef12ff14dde9bbbe9b98aa13e29f5cb0fc83a93b12,2024-07-22T21:15:04.733000

Can't render this file because it is too large.