admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-04-03T18:00:35.443524+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-04-03 18:03:25 +00:00
parent 400f06b848
commit a36365f3b2
178 changed files with 4808 additions and 301 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
CVE-2018/CVE-2018-113xx/CVE-2018-11307.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-11307",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-07-09T16:15:12.807",
"lastModified": "2023-11-07T02:51:39.833",
"vulnStatus": "Modified",
"lastModified": "2024-04-03T17:40:34.980",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -107,8 +107,8 @@
"vulnerable": true,
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.9.0",
"versionEndExcluding": "2.9.5",
"matchCriteriaId": "C8E95FD1-112C-4BBA-B1C5-BBE204B59C62"
"versionEndExcluding": "2.9.6",
"matchCriteriaId": "429C17F2-AB58-4BC0-8EB0-AF3322DDD528"
}
]
}
@ -287,23 +287,42 @@
},
{
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d%40%3Cissues.lucene.apache.org%3E",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525",

9
CVE-2023/CVE-2023-202xx/CVE-2023-20269.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20269",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-09-06T18:15:08.303",
"lastModified": "2024-01-25T17:15:42.883",
"vulnStatus": "Modified",
"lastModified": "2024-04-03T16:12:23.737",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2023-09-13",
"cisaActionDue": "2023-10-04",
"cisaRequiredAction": "Apply mitigations per vendor instructions for group-lock and vpn-simultaneous-logins or discontinue use of the product for unsupported devices.",
@ -711,6 +711,11 @@
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.48:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FEF0DA-741E-4361-8143-068EB47D6520"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69289C72-01B5-4280-A382-665C1224C850"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.1:*:*:*:*:*:*:*",

4
CVE-2023/CVE-2023-256xx/CVE-2023-25699.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25699",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-03T13:15:59.923",
"lastModified": "2024-04-03T13:15:59.923",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

43
CVE-2023/CVE-2023-358xx/CVE-2023-35812.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35812",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T17:15:47.020",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Amazon Linux packages of OpenSSH 7.4 for Amazon Linux 1 and 2, because of an incomplete fix for CVE-2019-6111 within these specific packages. The fix had only covered cases where an absolute path is passed to scp. When a relative path is used, there is no verification that the name of a file received by the client matches the file requested. Fixed packages are available with numbers 7.4p1-22.78.amzn1 and 7.4p1-22.amzn2.0.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://alas.aws.amazon.com/cve/html/CVE-2023-35812.html",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-387xx/CVE-2023-38729.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38729",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-04-03T13:16:00.150",
"lastModified": "2024-04-03T13:16:00.150",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

24
CVE-2023/CVE-2023-440xx/CVE-2023-44038.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-44038",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T17:15:47.213",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In VeridiumID before 3.5.0, the identity provider page allows an unauthenticated attacker to discover information about registered users via an LDAP injection attack."
}
],
"metrics": {},
"references": [
{
"url": "https://docs.veridiumid.com/docs/v3.5/security-advisory#id-%28v3.52%29SecurityAdvisory-Acknowledgement",
"source": "cve@mitre.org"
},
{
"url": "https://veridiumid.com/veridium-id-authentication-platform/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-440xx/CVE-2023-44039.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-44039",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T16:15:07.093",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker (who can pass enrollment verifications and is allowed to enroll a FIDO key) to register their FIDO authenticator to a victim\u2019s account and consequently take over the account."
}
],
"metrics": {},
"references": [
{
"url": "https://docs.veridiumid.com/docs/v3.5/security-advisory#id-%28v3.52%29SecurityAdvisory-Acknowledgement",
"source": "cve@mitre.org"
},
{
"url": "https://veridiumid.com/veridium-id-authentication-platform/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-440xx/CVE-2023-44040.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-44040",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T17:15:47.273",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting (XSS) vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate."
}
],
"metrics": {},
"references": [
{
"url": "https://docs.veridiumid.com/docs/v3.5/security-advisory#id-%28v3.52%29SecurityAdvisory-Acknowledgement",
"source": "cve@mitre.org"
},
{
"url": "https://veridiumid.com/veridium-id-authentication-platform/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-455xx/CVE-2023-45552.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-45552",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T17:15:47.330",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In VeridiumID before 3.5.0, a stored cross-site scripting (XSS) vulnerability has been discovered in the admin portal that allows an authenticated attacker to take over all accounts by sending malicious input via the self-service portal."
}
],
"metrics": {},
"references": [
{
"url": "https://docs.veridiumid.com/docs/v3.5/security-advisory#id-%28v3.52%29SecurityAdvisory-Acknowledgement",
"source": "cve@mitre.org"
},
{
"url": "https://veridiumid.com/veridium-id-authentication-platform/",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-522xx/CVE-2023-52296.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52296",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-04-03T13:16:00.360",
"lastModified": "2024-04-03T13:16:00.360",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-526xx/CVE-2023-52637.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52637",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:51.347",
"lastModified": "2024-04-03T15:15:51.347",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-526xx/CVE-2023-52638.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52638",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:51.417",
"lastModified": "2024-04-03T15:15:51.417",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-526xx/CVE-2023-52639.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52639",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:51.467",
"lastModified": "2024-04-03T15:15:51.467",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

36
CVE-2023/CVE-2023-526xx/CVE-2023-52640.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-52640",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T17:15:47.410",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fix oob in ntfs_listxattr\n\nThe length of name cannot exceed the space occupied by ea."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0830c5cf19bdec50d0ede4755ddc463663deb21c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/52fff5799e3d1b5803ecd2f5f19c13c65f4f7b23",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6ed6cdbe88334ca3430c5aee7754dc4597498dfb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/731ab1f9828800df871c5a7ab9ffe965317d3f15",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a585faf0591548fe0920641950ebfa8a6eefe1cd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

36
CVE-2023/CVE-2023-526xx/CVE-2023-52641.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-52641",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T17:15:47.470",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame()\n\nIt is preferable to exit through the out: label because\ninternal debugging functions are located there."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/50545eb6cd5f7ff852a01fa29b7372524ef948cc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/847b68f58c212f0439c5a8101b3841f32caffccd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/947c3f3d31ea185ddc8e7f198873f17d36deb24c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/aaab47f204aaf47838241d57bf8662c8840de60a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ee8db6475cb15c8122855f72ad4cfa5375af6a7b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

4
CVE-2024/CVE-2024-03xx/CVE-2024-0394.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0394",
"sourceIdentifier": "cve@rapid7.com",
"published": "2024-04-03T14:15:13.170",
"lastModified": "2024-04-03T14:15:13.170",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2024/CVE-2024-11xx/CVE-2024-1180.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-1180",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-03T17:15:47.530",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605. Authentication is required to exploit this vulnerability.\n\nThe specific issue exists within the handling of the name field in the access control user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22227."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-086/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-202xx/CVE-2024-20281.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20281",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-04-03T17:15:47.740",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.\r\n\r This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts.\r\n\r Note: There are internal security mechanisms in place that limit the scope of this exploit, reducing the Security Impact Rating of this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfccsrf-TEmZEfJ9",
"source": "ykramarz@cisco.com"
}
]
}

55
CVE-2024/CVE-2024-202xx/CVE-2024-20282.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20282",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-04-03T17:15:47.950",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device.\r\n\r This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this vulnerability by using this token to access resources within the device infrastructure. A successful exploit could allow an attacker to gain root access to the filesystem or hosted containers on an affected device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndru-pesc-kZ2PQLZH",
"source": "ykramarz@cisco.com"
}
]
}

55
CVE-2024/CVE-2024-202xx/CVE-2024-20283.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20283",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-04-03T17:15:48.140",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device.\r\n\r This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerability by sending queries to the API endpoint. A successful exploit could allow an attacker to access metrics and information about devices in the Nexus Dashboard cluster."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndidv-LmXdvAf2",
"source": "ykramarz@cisco.com"
}
]
}

55
CVE-2024/CVE-2024-203xx/CVE-2024-20302.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20302",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-04-03T17:15:48.323",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the tenant security implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an authenticated, remote attacker to modify or delete tenant templates on an affected system. \r\n \r\nThis vulnerability is due to improper access controls within tenant security. An attacker who is using a valid user account with write privileges and either a Site Manager or Tenant Manager role could exploit this vulnerability. A successful exploit could allow the attacker to modify or delete tenant templates under non-associated tenants, which could disrupt network traffic."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndo-upav-YRqsCcSP",
"source": "ykramarz@cisco.com"
}
]
}

55
CVE-2024/CVE-2024-203xx/CVE-2024-20310.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20310",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-04-03T17:15:48.513",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-23"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF",
"source": "ykramarz@cisco.com"
}
]
}

55
CVE-2024/CVE-2024-203xx/CVE-2024-20332.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20332",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-04-03T17:15:48.713",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device.\r\n\r This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device. To successfully exploit this vulnerability, the attacker would need valid Super Admin credentials."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-ssrf-FtSTh5Oz",
"source": "ykramarz@cisco.com"
}
]
}

55
CVE-2024/CVE-2024-203xx/CVE-2024-20334.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20334",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-04-03T17:15:48.907",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow a low-privileged, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tms-xss-kGw4DX9Y",
"source": "ykramarz@cisco.com"
}
]
}

55
CVE-2024/CVE-2024-203xx/CVE-2024-20347.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20347",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-04-03T17:15:49.107",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user, such as deleting users from the device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cem-csrf-suCmNjFr",
"source": "ykramarz@cisco.com"
}
]
}

55
CVE-2024/CVE-2024-203xx/CVE-2024-20348.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20348",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-04-03T17:15:49.310",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to read arbitrary files.\r\n\r This vulnerability is due to an unauthenticated provisioning web server. An attacker could exploit this vulnerability through direct web requests to the provisioning server. A successful exploit could allow the attacker to read sensitive files in the PnP container that could facilitate further attacks on the PnP infrastructure."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-27"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-dir-trav-SSn3AYDw",
"source": "ykramarz@cisco.com"
}
]
}

55
CVE-2024/CVE-2024-203xx/CVE-2024-20352.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20352",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-04-03T17:15:49.510",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a directory traversal attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An attacker could exploit this vulnerability by sending crafted requests to the web UI. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user, such as accessing password or log files or uploading and deleting existing files from the system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-23"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cem-csrf-suCmNjFr",
"source": "ykramarz@cisco.com"
}
]
}

55
CVE-2024/CVE-2024-203xx/CVE-2024-20362.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20362",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-04-03T17:15:49.707",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-80"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbiz-rv-xss-OQeRTup",
"source": "ykramarz@cisco.com"
}
]
}

55
CVE-2024/CVE-2024-203xx/CVE-2024-20367.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20367",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-04-03T17:15:49.907",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-xss-CSQxgxfM",
"source": "ykramarz@cisco.com"
}
]
}

55
CVE-2024/CVE-2024-203xx/CVE-2024-20368.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20368",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-04-03T17:15:50.107",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.\r\n\r This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-csrf-NfAKXrp5",
"source": "ykramarz@cisco.com"
}
]
}

8
CVE-2024/CVE-2024-20xx/CVE-2024-2005.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2005",
"sourceIdentifier": "7bd90cf1-1651-495e-9ae8-9415fb3c9feb",
"published": "2024-03-06T12:15:45.827",
"lastModified": "2024-03-06T15:18:08.093",
"lastModified": "2024-04-03T17:15:55.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nIn Blue Planet\u00ae products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected.\n\nBlue Planet\u00ae has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
"value": "\nIn Blue Planet\u00ae products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected.\n\nBlue Planet\u00ae has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.\n\n"
},
{
"lang": "es",
"value": "En los productos Blue Planet\u00ae hasta la versi\u00f3n 22.12, una mala configuraci\u00f3n en la implementaci\u00f3n de SAML permite la escalada de privilegios. S\u00f3lo se ven afectados los productos que utilizan autenticaci\u00f3n SAML. Blue Planet\u00ae ha lanzado actualizaciones de software que abordan esta vulnerabilidad para los productos afectados. Se recomienda a los clientes que actualicen sus productos Blue Planet a la \u00faltima versi\u00f3n del software lo antes posible. Las actualizaciones de software se pueden descargar desde el Portal de soporte de Ciena."
}
],
"metrics": {

8
CVE-2024/CVE-2024-218xx/CVE-2024-21870.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21870",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-04-03T14:15:13.917",
"lastModified": "2024-04-03T15:15:51.953",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,6 @@
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1950",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1950",
"source": "talos-cna@cisco.com"
}
]
}

8
CVE-2024/CVE-2024-221xx/CVE-2024-22178.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22178",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-04-03T14:15:14.543",
"lastModified": "2024-04-03T15:15:52.040",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,6 @@
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1951",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1951",
"source": "talos-cna@cisco.com"
}
]
}

4
CVE-2024/CVE-2024-223xx/CVE-2024-22360.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22360",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-04-03T13:16:01.183",
"lastModified": "2024-04-03T13:16:01.183",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

43
CVE-2024/CVE-2024-235xx/CVE-2024-23540.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-23540",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-04-03T17:15:50.450",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The HCL BigFix Inventory server is vulnerable to path traversal which enables an attacker to read internal application files from the Inventory server. The BigFix Inventory server does not properly restrict the served static file.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112015",
"source": "psirt@hcl.com"
}
]
}

4
CVE-2024/CVE-2024-247xx/CVE-2024-24707.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24707",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-03T13:16:01.383",
"lastModified": "2024-04-03T13:16:01.383",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-249xx/CVE-2024-24976.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24976",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-04-03T14:15:15.073",
"lastModified": "2024-04-03T15:15:52.127",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,6 @@
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1948",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1948",
"source": "talos-cna@cisco.com"
}
]
}

4
CVE-2024/CVE-2024-250xx/CVE-2024-25030.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25030",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-04-03T13:16:01.590",
"lastModified": "2024-04-03T13:16:01.590",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-250xx/CVE-2024-25046.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25046",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-04-03T13:16:01.790",
"lastModified": "2024-04-03T13:16:01.790",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-250xx/CVE-2024-25096.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25096",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-03T13:16:02.017",
"lastModified": "2024-04-03T13:16:02.017",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-266xx/CVE-2024-26685.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26685",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:52.210",
"lastModified": "2024-04-03T15:15:52.210",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-266xx/CVE-2024-26686.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26686",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:52.263",
"lastModified": "2024-04-03T15:15:52.263",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-266xx/CVE-2024-26687.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26687",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:52.313",
"lastModified": "2024-04-03T15:15:52.313",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-266xx/CVE-2024-26688.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26688",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:52.370",
"lastModified": "2024-04-03T15:15:52.370",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-266xx/CVE-2024-26689.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26689",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:52.427",
"lastModified": "2024-04-03T15:15:52.427",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-266xx/CVE-2024-26690.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26690",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:52.487",
"lastModified": "2024-04-03T15:15:52.487",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-266xx/CVE-2024-26691.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26691",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:52.550",
"lastModified": "2024-04-03T15:15:52.550",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-266xx/CVE-2024-26692.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26692",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:52.610",
"lastModified": "2024-04-03T15:15:52.610",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-266xx/CVE-2024-26693.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26693",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:52.667",
"lastModified": "2024-04-03T15:15:52.667",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-266xx/CVE-2024-26694.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26694",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:52.717",
"lastModified": "2024-04-03T15:15:52.717",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-266xx/CVE-2024-26695.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26695",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:52.770",
"lastModified": "2024-04-03T15:15:52.770",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-266xx/CVE-2024-26696.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26696",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:52.830",
"lastModified": "2024-04-03T15:15:52.830",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-266xx/CVE-2024-26697.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26697",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:52.880",
"lastModified": "2024-04-03T15:15:52.880",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-266xx/CVE-2024-26698.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26698",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:52.933",
"lastModified": "2024-04-03T15:15:52.933",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-266xx/CVE-2024-26699.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26699",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:52.980",
"lastModified": "2024-04-03T15:15:52.980",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-267xx/CVE-2024-26700.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26700",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:53.030",
"lastModified": "2024-04-03T15:15:53.030",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

15
CVE-2024/CVE-2024-267xx/CVE-2024-26701.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2024-26701",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T17:15:50.720",
"lastModified": "2024-04-03T17:15:50.720",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {},
"references": []
}

4
CVE-2024/CVE-2024-267xx/CVE-2024-26702.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26702",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:53.087",
"lastModified": "2024-04-03T15:15:53.087",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-267xx/CVE-2024-26703.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26703",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:53.140",
"lastModified": "2024-04-03T15:15:53.140",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-267xx/CVE-2024-26704.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26704",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:53.193",
"lastModified": "2024-04-03T15:15:53.193",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-267xx/CVE-2024-26705.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26705",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:53.243",
"lastModified": "2024-04-03T15:15:53.243",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-267xx/CVE-2024-26706.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26706",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:53.293",
"lastModified": "2024-04-03T15:15:53.293",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-267xx/CVE-2024-26707.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26707",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:53.340",
"lastModified": "2024-04-03T15:15:53.340",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-267xx/CVE-2024-26708.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26708",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:53.390",
"lastModified": "2024-04-03T15:15:53.390",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-267xx/CVE-2024-26709.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26709",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:53.440",
"lastModified": "2024-04-03T15:15:53.440",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-267xx/CVE-2024-26710.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26710",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:53.487",
"lastModified": "2024-04-03T15:15:53.487",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-267xx/CVE-2024-26711.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26711",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:53.540",
"lastModified": "2024-04-03T15:15:53.540",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-267xx/CVE-2024-26712.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26712",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:53.590",
"lastModified": "2024-04-03T15:15:53.590",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-267xx/CVE-2024-26713.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26713",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:53.647",
"lastModified": "2024-04-03T15:15:53.647",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-267xx/CVE-2024-26714.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26714",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:53.700",
"lastModified": "2024-04-03T15:15:53.700",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-267xx/CVE-2024-26715.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26715",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:53.750",
"lastModified": "2024-04-03T15:15:53.750",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-267xx/CVE-2024-26716.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26716",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:53.800",
"lastModified": "2024-04-03T15:15:53.800",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-267xx/CVE-2024-26717.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26717",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:53.850",
"lastModified": "2024-04-03T15:15:53.850",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-267xx/CVE-2024-26718.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26718",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:53.897",
"lastModified": "2024-04-03T15:15:53.897",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-267xx/CVE-2024-26719.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26719",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:53.947",
"lastModified": "2024-04-03T15:15:53.947",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-267xx/CVE-2024-26720.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26720",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:53.993",
"lastModified": "2024-04-03T15:15:53.993",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-267xx/CVE-2024-26721.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26721",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:54.043",
"lastModified": "2024-04-03T15:15:54.043",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-267xx/CVE-2024-26722.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26722",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:54.090",
"lastModified": "2024-04-03T15:15:54.090",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-267xx/CVE-2024-26723.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26723",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:54.143",
"lastModified": "2024-04-03T15:15:54.143",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-267xx/CVE-2024-26724.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26724",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:54.203",
"lastModified": "2024-04-03T15:15:54.203",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-267xx/CVE-2024-26725.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26725",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:54.257",
"lastModified": "2024-04-03T15:15:54.257",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-267xx/CVE-2024-26726.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26726",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:54.313",
"lastModified": "2024-04-03T15:15:54.313",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-267xx/CVE-2024-26727.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26727",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T15:15:54.367",
"lastModified": "2024-04-03T15:15:54.367",
"vulnStatus": "Received",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

24
CVE-2024/CVE-2024-267xx/CVE-2024-26728.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-26728",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T17:15:50.763",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix null-pointer dereference on edid reading\n\nUse i2c adapter when there isn't aux_mode in dc_link to fix a\nnull-pointer derefence that happens when running\nigt@kms_force_connector_basic in a system with DCN2.1 and HDMI connector\ndetected as below:\n\n[ +0.178146] BUG: kernel NULL pointer dereference, address: 00000000000004c0\n[ +0.000010] #PF: supervisor read access in kernel mode\n[ +0.000005] #PF: error_code(0x0000) - not-present page\n[ +0.000004] PGD 0 P4D 0\n[ +0.000006] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ +0.000006] CPU: 15 PID: 2368 Comm: kms_force_conne Not tainted 6.5.0-asdn+ #152\n[ +0.000005] Hardware name: HP HP ENVY x360 Convertible 13-ay1xxx/8929, BIOS F.01 07/14/2021\n[ +0.000004] RIP: 0010:i2c_transfer+0xd/0x100\n[ +0.000011] Code: ea fc ff ff 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 55 53 <48> 8b 47 10 48 89 fb 48 83 38 00 0f 84 b3 00 00 00 83 3d 2f 80 16\n[ +0.000004] RSP: 0018:ffff9c4f89c0fad0 EFLAGS: 00010246\n[ +0.000005] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000080\n[ +0.000003] RDX: 0000000000000002 RSI: ffff9c4f89c0fb20 RDI: 00000000000004b0\n[ +0.000003] RBP: ffff9c4f89c0fb80 R08: 0000000000000080 R09: ffff8d8e0b15b980\n[ +0.000003] R10: 00000000000380e0 R11: 0000000000000000 R12: 0000000000000080\n[ +0.000002] R13: 0000000000000002 R14: ffff9c4f89c0fb0e R15: ffff9c4f89c0fb0f\n[ +0.000004] FS: 00007f9ad2176c40(0000) GS:ffff8d90fe9c0000(0000) knlGS:0000000000000000\n[ +0.000003] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ +0.000004] CR2: 00000000000004c0 CR3: 0000000121bc4000 CR4: 0000000000750ee0\n[ +0.000003] PKRU: 55555554\n[ +0.000003] Call Trace:\n[ +0.000006] <TASK>\n[ +0.000006] ? __die+0x23/0x70\n[ +0.000011] ? page_fault_oops+0x17d/0x4c0\n[ +0.000008] ? preempt_count_add+0x6e/0xa0\n[ +0.000008] ? srso_alias_return_thunk+0x5/0x7f\n[ +0.000011] ? exc_page_fault+0x7f/0x180\n[ +0.000009] ? asm_exc_page_fault+0x26/0x30\n[ +0.000013] ? i2c_transfer+0xd/0x100\n[ +0.000010] drm_do_probe_ddc_edid+0xc2/0x140 [drm]\n[ +0.000067] ? srso_alias_return_thunk+0x5/0x7f\n[ +0.000006] ? _drm_do_get_edid+0x97/0x3c0 [drm]\n[ +0.000043] ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm]\n[ +0.000042] edid_block_read+0x3b/0xd0 [drm]\n[ +0.000043] _drm_do_get_edid+0xb6/0x3c0 [drm]\n[ +0.000041] ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm]\n[ +0.000043] drm_edid_read_custom+0x37/0xd0 [drm]\n[ +0.000044] amdgpu_dm_connector_mode_valid+0x129/0x1d0 [amdgpu]\n[ +0.000153] drm_connector_mode_valid+0x3b/0x60 [drm_kms_helper]\n[ +0.000000] __drm_helper_update_and_validate+0xfe/0x3c0 [drm_kms_helper]\n[ +0.000000] ? amdgpu_dm_connector_get_modes+0xb6/0x520 [amdgpu]\n[ +0.000000] ? srso_alias_return_thunk+0x5/0x7f\n[ +0.000000] drm_helper_probe_single_connector_modes+0x2ab/0x540 [drm_kms_helper]\n[ +0.000000] status_store+0xb2/0x1f0 [drm]\n[ +0.000000] kernfs_fop_write_iter+0x136/0x1d0\n[ +0.000000] vfs_write+0x24d/0x440\n[ +0.000000] ksys_write+0x6f/0xf0\n[ +0.000000] do_syscall_64+0x60/0xc0\n[ +0.000000] ? srso_alias_return_thunk+0x5/0x7f\n[ +0.000000] ? syscall_exit_to_user_mode+0x2b/0x40\n[ +0.000000] ? srso_alias_return_thunk+0x5/0x7f\n[ +0.000000] ? do_syscall_64+0x6c/0xc0\n[ +0.000000] ? do_syscall_64+0x6c/0xc0\n[ +0.000000] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ +0.000000] RIP: 0033:0x7f9ad46b4b00\n[ +0.000000] Code: 40 00 48 8b 15 19 b3 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d e1 3a 0e 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89\n[ +0.000000] RSP: 002b:00007ffcbd3bd6d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\n[ +0.000000] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9ad46b4b00\n[ +0.000000] RDX: 0000000000000002 RSI: 00007f9ad48a7417 RDI: 0000000000000009\n[ +0.000000] RBP: 0000000000000002 R08\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2d392f7268a1a9bfbd98c831f0f4c964e59aa145",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9671761792156f2339627918bafcd713a8a6f777",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

24
CVE-2024/CVE-2024-267xx/CVE-2024-26729.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-26729",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T17:15:50.820",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix potential null pointer dereference in dc_dmub_srv\n\nFixes potential null pointer dereference warnings in the\ndc_dmub_srv_cmd_list_queue_execute() and dc_dmub_srv_is_hw_pwr_up()\nfunctions.\n\nIn both functions, the 'dc_dmub_srv' variable was being dereferenced\nbefore it was checked for null. This could lead to a null pointer\ndereference if 'dc_dmub_srv' is null. The fix is to check if\n'dc_dmub_srv' is null before dereferencing it.\n\nThus moving the null checks for 'dc_dmub_srv' to the beginning of the\nfunctions to ensure that 'dc_dmub_srv' is not null when it is\ndereferenced.\n\nFound by smatch & thus fixing the below:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dc_dmub_srv.c:133 dc_dmub_srv_cmd_list_queue_execute() warn: variable dereferenced before check 'dc_dmub_srv' (see line 128)\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dc_dmub_srv.c:1167 dc_dmub_srv_is_hw_pwr_up() warn: variable dereferenced before check 'dc_dmub_srv' (see line 1164)"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/351080ba3414c96afff0f1338b4aeb2983195b80",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d2b48f340d9e4a8fbeb1cdc84cd8da6ad143a907",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2024/CVE-2024-267xx/CVE-2024-26730.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-26730",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T17:15:50.873",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (nct6775) Fix access to temperature configuration registers\n\nThe number of temperature configuration registers does\nnot always match the total number of temperature registers.\nThis can result in access errors reported if KASAN is enabled.\n\nBUG: KASAN: global-out-of-bounds in nct6775_probe+0x5654/0x6fe9 nct6775_core"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/c196387820c9214c5ceaff56d77303c82514b8b1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d56e460e19ea8382f813eb489730248ec8d7eb73",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f006c45a3ea424f8f6c8e4b9283bc245ce2a4d0f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2024/CVE-2024-267xx/CVE-2024-26731.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-26731",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T17:15:50.927",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready()\n\nsyzbot reported the following NULL pointer dereference issue [1]:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n [...]\n RIP: 0010:0x0\n [...]\n Call Trace:\n <TASK>\n sk_psock_verdict_data_ready+0x232/0x340 net/core/skmsg.c:1230\n unix_stream_sendmsg+0x9b4/0x1230 net/unix/af_unix.c:2293\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:745\n ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584\n ___sys_sendmsg net/socket.c:2638 [inline]\n __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n\nIf sk_psock_verdict_data_ready() and sk_psock_stop_verdict() are called\nconcurrently, psock->saved_data_ready can be NULL, causing the above issue.\n\nThis patch fixes this issue by calling the appropriate data ready function\nusing the sk_psock_data_ready() helper and protecting it from concurrency\nwith sk->sk_callback_lock."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4588b13abcbd561ec67f5b3c1cb2eff690990a54",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4cd12c6065dfcdeba10f49949bffcf383b3952d8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9b099ed46dcaf1403c531ff02c3d7400fa37fa26",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d61608a4e394f23e0dca099df9eb8e555453d949",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

24
CVE-2024/CVE-2024-267xx/CVE-2024-26732.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-26732",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T17:15:50.977",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: implement lockless setsockopt(SO_PEEK_OFF)\n\nsyzbot reported a lockdep violation [1] involving af_unix\nsupport of SO_PEEK_OFF.\n\nSince SO_PEEK_OFF is inherently not thread safe (it uses a per-socket\nsk_peek_off field), there is really no point to enforce a pointless\nthread safety in the kernel.\n\nAfter this patch :\n\n- setsockopt(SO_PEEK_OFF) no longer acquires the socket lock.\n\n- skb_consume_udp() no longer has to acquire the socket lock.\n\n- af_unix no longer needs a special version of sk_set_peek_off(),\n because it does not lock u->iolock anymore.\n\nAs a followup, we could replace prot->set_peek_off to be a boolean\nand avoid an indirect call, since we always use sk_set_peek_off().\n\n[1]\n\nWARNING: possible circular locking dependency detected\n6.8.0-rc4-syzkaller-00267-g0f1dd5e91e2b #0 Not tainted\n\nsyz-executor.2/30025 is trying to acquire lock:\n ffff8880765e7d80 (&u->iolock){+.+.}-{3:3}, at: unix_set_peek_off+0x26/0xa0 net/unix/af_unix.c:789\n\nbut task is already holding lock:\n ffff8880765e7930 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1691 [inline]\n ffff8880765e7930 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: sockopt_lock_sock net/core/sock.c:1060 [inline]\n ffff8880765e7930 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: sk_setsockopt+0xe52/0x3360 net/core/sock.c:1193\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #1 (sk_lock-AF_UNIX){+.+.}-{0:0}:\n lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754\n lock_sock_nested+0x48/0x100 net/core/sock.c:3524\n lock_sock include/net/sock.h:1691 [inline]\n __unix_dgram_recvmsg+0x1275/0x12c0 net/unix/af_unix.c:2415\n sock_recvmsg_nosec+0x18e/0x1d0 net/socket.c:1046\n ____sys_recvmsg+0x3c0/0x470 net/socket.c:2801\n ___sys_recvmsg net/socket.c:2845 [inline]\n do_recvmmsg+0x474/0xae0 net/socket.c:2939\n __sys_recvmmsg net/socket.c:3018 [inline]\n __do_sys_recvmmsg net/socket.c:3041 [inline]\n __se_sys_recvmmsg net/socket.c:3034 [inline]\n __x64_sys_recvmmsg+0x199/0x250 net/socket.c:3034\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n\n-> #0 (&u->iolock){+.+.}-{3:3}:\n check_prev_add kernel/locking/lockdep.c:3134 [inline]\n check_prevs_add kernel/locking/lockdep.c:3253 [inline]\n validate_chain+0x18ca/0x58e0 kernel/locking/lockdep.c:3869\n __lock_acquire+0x1345/0x1fd0 kernel/locking/lockdep.c:5137\n lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754\n __mutex_lock_common kernel/locking/mutex.c:608 [inline]\n __mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752\n unix_set_peek_off+0x26/0xa0 net/unix/af_unix.c:789\n sk_setsockopt+0x207e/0x3360\n do_sock_setsockopt+0x2fb/0x720 net/socket.c:2307\n __sys_setsockopt+0x1ad/0x250 net/socket.c:2334\n __do_sys_setsockopt net/socket.c:2343 [inline]\n __se_sys_setsockopt net/socket.c:2340 [inline]\n __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(sk_lock-AF_UNIX);\n lock(&u->iolock);\n lock(sk_lock-AF_UNIX);\n lock(&u->iolock);\n\n *** DEADLOCK ***\n\n1 lock held by syz-executor.2/30025:\n #0: ffff8880765e7930 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1691 [inline]\n #0: ffff8880765e7930 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: sockopt_lock_sock net/core/sock.c:1060 [inline]\n #0: ffff8880765e7930 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: sk_setsockopt+0xe52/0x3360 net/core/sock.c:1193\n\nstack backtrace:\nCPU: 0 PID: 30025 Comm: syz-executor.2 Not tainted 6.8.0-rc4-syzkaller-00267-g0f1dd5e91e2b #0\nHardware name: Google Google C\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/56667da7399eb19af857e30f41bea89aa6fa812c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/897f75e2cde8a5f9f7529b55249af1fa4248c83b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

40
CVE-2024/CVE-2024-267xx/CVE-2024-26733.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2024-26733",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T17:15:51.040",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\narp: Prevent overflow in arp_req_get().\n\nsyzkaller reported an overflown write in arp_req_get(). [0]\n\nWhen ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour\nentry and copies neigh->ha to struct arpreq.arp_ha.sa_data.\n\nThe arp_ha here is struct sockaddr, not struct sockaddr_storage, so\nthe sa_data buffer is just 14 bytes.\n\nIn the splat below, 2 bytes are overflown to the next int field,\narp_flags. We initialise the field just after the memcpy(), so it's\nnot a problem.\n\nHowever, when dev->addr_len is greater than 22 (e.g. MAX_ADDR_LEN),\narp_netmask is overwritten, which could be set as htonl(0xFFFFFFFFUL)\nin arp_ioctl() before calling arp_req_get().\n\nTo avoid the overflow, let's limit the max length of memcpy().\n\nNote that commit b5f0de6df6dc (\"net: dev: Convert sa_data to flexible\narray in struct sockaddr\") just silenced syzkaller.\n\n[0]:\nmemcpy: detected field-spanning write (size 16) of single field \"r->arp_ha.sa_data\" at net/ipv4/arp.c:1128 (size 14)\nWARNING: CPU: 0 PID: 144638 at net/ipv4/arp.c:1128 arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128\nModules linked in:\nCPU: 0 PID: 144638 Comm: syz-executor.4 Not tainted 6.1.74 #31\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014\nRIP: 0010:arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128\nCode: fd ff ff e8 41 42 de fb b9 0e 00 00 00 4c 89 fe 48 c7 c2 20 6d ab 87 48 c7 c7 80 6d ab 87 c6 05 25 af 72 04 01 e8 5f 8d ad fb <0f> 0b e9 6c fd ff ff e8 13 42 de fb be 03 00 00 00 4c 89 e7 e8 a6\nRSP: 0018:ffffc900050b7998 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff88803a815000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffffffff8641a44a RDI: 0000000000000001\nRBP: ffffc900050b7a98 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 203a7970636d656d R12: ffff888039c54000\nR13: 1ffff92000a16f37 R14: ffff88803a815084 R15: 0000000000000010\nFS: 00007f172bf306c0(0000) GS:ffff88805aa00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f172b3569f0 CR3: 0000000057f12005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <TASK>\n arp_ioctl+0x33f/0x4b0 net/ipv4/arp.c:1261\n inet_ioctl+0x314/0x3a0 net/ipv4/af_inet.c:981\n sock_do_ioctl+0xdf/0x260 net/socket.c:1204\n sock_ioctl+0x3ef/0x650 net/socket.c:1321\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x18e/0x220 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x37/0x90 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x64/0xce\nRIP: 0033:0x7f172b262b8d\nCode: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f172bf300b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007f172b3abf80 RCX: 00007f172b262b8d\nRDX: 0000000020000000 RSI: 0000000000008954 RDI: 0000000000000003\nRBP: 00007f172b2d3493 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000000b R14: 00007f172b3abf80 R15: 00007f172bf10000\n </TASK>"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2024/CVE-2024-267xx/CVE-2024-26734.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-26734",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T17:15:51.100",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndevlink: fix possible use-after-free and memory leaks in devlink_init()\n\nThe pernet operations structure for the subsystem must be registered\nbefore registering the generic netlink family.\n\nMake an unregister in case of unsuccessful registration."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/919092bd5482b7070ae66d1daef73b600738f3a2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/def689fc26b9a9622d2e2cb0c4933dd3b1c8071c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e91d3561e28d7665f4f837880501dc8755f635a9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2024/CVE-2024-267xx/CVE-2024-26735.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2024-26735",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T17:15:51.147",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: fix possible use-after-free and null-ptr-deref\n\nThe pernet operations structure for the subsystem must be registered\nbefore registering the generic netlink family."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/02b08db594e8218cfbc0e4680d4331b457968a9b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5559cea2d5aa3018a5f00dd2aca3427ba09b386b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/65c38f23d10ff79feea1e5d50b76dc7af383c1e6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/82831e3ff76ef09fb184eb93b79a3eb3fb284f1d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8391b9b651cfdf80ab0f1dc4a489f9d67386e197",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/91b020aaa1e59bfb669d34c968e3db3d5416bcee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/953f42934533c151f440cd32390044d2396b87aa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9e02973dbc6a91e40aa4f5d87b8c47446fbfce44",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

44
CVE-2024/CVE-2024-267xx/CVE-2024-26736.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-26736",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T17:15:51.197",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Increase buffer size in afs_update_volume_status()\n\nThe max length of volume->vid value is 20 characters.\nSo increase idbuf[] size up to 24 to avoid overflow.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[DH: Actually, it's 20 + NUL, so increase it to 24 and use snprintf()]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6e6065dd25b661420fac19c34282b6c626fcd35e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d34a5e57632bb5ff825196ddd9a48ca403626dfa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d9b5e2b7a8196850383c70d099bfd39e81ab6637",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e56662160fc24d28cb75ac095cc6415ae1bda43e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e8530b170e464017203e3b8c6c49af6e916aece1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

36
CVE-2024/CVE-2024-267xx/CVE-2024-26737.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2024-26737",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T17:15:51.243",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel\n\nThe following race is possible between bpf_timer_cancel_and_free\nand bpf_timer_cancel. It will lead a UAF on the timer->timer.\n\nbpf_timer_cancel();\n\tspin_lock();\n\tt = timer->time;\n\tspin_unlock();\n\n\t\t\t\t\tbpf_timer_cancel_and_free();\n\t\t\t\t\t\tspin_lock();\n\t\t\t\t\t\tt = timer->timer;\n\t\t\t\t\t\ttimer->timer = NULL;\n\t\t\t\t\t\tspin_unlock();\n\t\t\t\t\t\thrtimer_cancel(&t->timer);\n\t\t\t\t\t\tkfree(t);\n\n\t/* UAF on t */\n\thrtimer_cancel(&t->timer);\n\nIn bpf_timer_cancel_and_free, this patch frees the timer->timer\nafter a rcu grace period. This requires a rcu_head addition\nto the \"struct bpf_hrtimer\". Another kfree(t) happens in bpf_timer_init,\nthis does not need a kfree_rcu because it is still under the\nspin_lock and timer->timer has not been visible by others yet.\n\nIn bpf_timer_cancel, rcu_read_lock() is added because this helper\ncan be used in a non rcu critical section context (e.g. from\na sleepable bpf prog). Other timer->timer usages in helpers.c\nhave been audited, bpf_timer_cancel() is the only place where\ntimer->timer is used outside of the spin_lock.\n\nAnother solution considered is to mark a t->flag in bpf_timer_cancel\nand clear it after hrtimer_cancel() is done. In bpf_timer_cancel_and_free,\nit busy waits for the flag to be cleared before kfree(t). This patch\ngoes with a straight forward solution and frees timer->timer after\na rcu grace period."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0281b919e175bb9c3128bd3872ac2903e9436e3f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5268bb02107b9eedfdcd51db75b407d10043368c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7d80a9e745fa5b47da3bca001f186c02485c7c33",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8327ed12e8ebc5436bfaa1786c49988894f9c8a6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/addf5e297e6cbf5341f9c07720693ca9ba0057b5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2024/CVE-2024-267xx/CVE-2024-26738.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-26738",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T17:15:51.303",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller\n\nWhen a PCI device is dynamically added, the kernel oopses with a NULL\npointer dereference:\n\n BUG: Kernel NULL pointer dereference on read at 0x00000030\n Faulting instruction address: 0xc0000000006bbe5c\n Oops: Kernel access of bad area, sig: 11 [#1]\n LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n Modules linked in: rpadlpar_io rpaphp rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs xsk_diag bonding nft_compat nf_tables nfnetlink rfkill binfmt_misc dm_multipath rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi ib_ipoib rdma_cm iw_cm ib_cm mlx5_ib ib_uverbs ib_core pseries_rng drm drm_panel_orientation_quirks xfs libcrc32c mlx5_core mlxfw sd_mod t10_pi sg tls ibmvscsi ibmveth scsi_transport_srp vmx_crypto pseries_wdt psample dm_mirror dm_region_hash dm_log dm_mod fuse\n CPU: 17 PID: 2685 Comm: drmgr Not tainted 6.7.0-203405+ #66\n Hardware name: IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_008) hv:phyp pSeries\n NIP: c0000000006bbe5c LR: c000000000a13e68 CTR: c0000000000579f8\n REGS: c00000009924f240 TRAP: 0300 Not tainted (6.7.0-203405+)\n MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE> CR: 24002220 XER: 20040006\n CFAR: c000000000a13e64 DAR: 0000000000000030 DSISR: 40000000 IRQMASK: 0\n ...\n NIP sysfs_add_link_to_group+0x34/0x94\n LR iommu_device_link+0x5c/0x118\n Call Trace:\n iommu_init_device+0x26c/0x318 (unreliable)\n iommu_device_link+0x5c/0x118\n iommu_init_device+0xa8/0x318\n iommu_probe_device+0xc0/0x134\n iommu_bus_notifier+0x44/0x104\n notifier_call_chain+0xb8/0x19c\n blocking_notifier_call_chain+0x64/0x98\n bus_notify+0x50/0x7c\n device_add+0x640/0x918\n pci_device_add+0x23c/0x298\n of_create_pci_dev+0x400/0x884\n of_scan_pci_dev+0x124/0x1b0\n __of_scan_bus+0x78/0x18c\n pcibios_scan_phb+0x2a4/0x3b0\n init_phb_dynamic+0xb8/0x110\n dlpar_add_slot+0x170/0x3b8 [rpadlpar_io]\n add_slot_store.part.0+0xb4/0x130 [rpadlpar_io]\n kobj_attr_store+0x2c/0x48\n sysfs_kf_write+0x64/0x78\n kernfs_fop_write_iter+0x1b0/0x290\n vfs_write+0x350/0x4a0\n ksys_write+0x84/0x140\n system_call_exception+0x124/0x330\n system_call_vectored_common+0x15c/0x2ec\n\nCommit a940904443e4 (\"powerpc/iommu: Add iommu_ops to report capabilities\nand allow blocking domains\") broke DLPAR add of PCI devices.\n\nThe above added iommu_device structure to pci_controller. During\nsystem boot, PCI devices are discovered and this newly added iommu_device\nstructure is initialized by a call to iommu_device_register().\n\nDuring DLPAR add of a PCI device, a new pci_controller structure is\nallocated but there are no calls made to iommu_device_register()\ninterface.\n\nFix is to register the iommu device during DLPAR add as well."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/46e36ebd5e00a148b67ed77c1d31675996f77c25",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a5c57fd2e9bd1c8ea8613a8f94fd0be5eccbf321",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b8315b2e25b4e68e42fcb74630f824b9a5067765",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2024/CVE-2024-267xx/CVE-2024-26739.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-26739",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T17:15:51.367",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_mirred: don't override retval if we already lost the skb\n\nIf we're redirecting the skb, and haven't called tcf_mirred_forward(),\nyet, we need to tell the core to drop the skb by setting the retcode\nto SHOT. If we have called tcf_mirred_forward(), however, the skb\nis out of our hands and returning SHOT will lead to UaF.\n\nMove the retval override to the error path which actually need it."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/166c2c8a6a4dc2e4ceba9e10cfe81c3e469e3210",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/28cdbbd38a4413b8eff53399b3f872fd4e80db9d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f4e294bbdca8ac8757db436fc82214f3882fc7e7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2024/CVE-2024-267xx/CVE-2024-26740.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-26740",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T17:15:51.410",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_mirred: use the backlog for mirred ingress\n\nThe test Davide added in commit ca22da2fbd69 (\"act_mirred: use the backlog\nfor nested calls to mirred ingress\") hangs our testing VMs every 10 or so\nruns, with the familiar tcp_v4_rcv -> tcp_v4_rcv deadlock reported by\nlockdep.\n\nThe problem as previously described by Davide (see Link) is that\nif we reverse flow of traffic with the redirect (egress -> ingress)\nwe may reach the same socket which generated the packet. And we may\nstill be holding its socket lock. The common solution to such deadlocks\nis to put the packet in the Rx backlog, rather than run the Rx path\ninline. Do that for all egress -> ingress reversals, not just once\nwe started to nest mirred calls.\n\nIn the past there was a concern that the backlog indirection will\nlead to loss of error reporting / less accurate stats. But the current\nworkaround does not seem to address the issue."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/52f671db18823089a02f07efc04efdb2272ddc17",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/60ddea1600bc476e0f5e02bce0e29a460ccbf0be",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7c787888d164689da8b1b115f3ef562c1e843af4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2024/CVE-2024-267xx/CVE-2024-26741.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-26741",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T17:15:51.457",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished().\n\nsyzkaller reported a warning [0] in inet_csk_destroy_sock() with no\nrepro.\n\n WARN_ON(inet_sk(sk)->inet_num && !inet_csk(sk)->icsk_bind_hash);\n\nHowever, the syzkaller's log hinted that connect() failed just before\nthe warning due to FAULT_INJECTION. [1]\n\nWhen connect() is called for an unbound socket, we search for an\navailable ephemeral port. If a bhash bucket exists for the port, we\ncall __inet_check_established() or __inet6_check_established() to check\nif the bucket is reusable.\n\nIf reusable, we add the socket into ehash and set inet_sk(sk)->inet_num.\n\nLater, we look up the corresponding bhash2 bucket and try to allocate\nit if it does not exist.\n\nAlthough it rarely occurs in real use, if the allocation fails, we must\nrevert the changes by check_established(). Otherwise, an unconnected\nsocket could illegally occupy an ehash entry.\n\nNote that we do not put tw back into ehash because sk might have\nalready responded to a packet for tw and it would be better to free\ntw earlier under such memory presure.\n\n[0]:\nWARNING: CPU: 0 PID: 350830 at net/ipv4/inet_connection_sock.c:1193 inet_csk_destroy_sock (net/ipv4/inet_connection_sock.c:1193)\nModules linked in:\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:inet_csk_destroy_sock (net/ipv4/inet_connection_sock.c:1193)\nCode: 41 5c 41 5d 41 5e e9 2d 4a 3d fd e8 28 4a 3d fd 48 89 ef e8 f0 cd 7d ff 5b 5d 41 5c 41 5d 41 5e e9 13 4a 3d fd e8 0e 4a 3d fd <0f> 0b e9 61 fe ff ff e8 02 4a 3d fd 4c 89 e7 be 03 00 00 00 e8 05\nRSP: 0018:ffffc9000b21fd38 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000000009e78 RCX: ffffffff840bae40\nRDX: ffff88806e46c600 RSI: ffffffff840bb012 RDI: ffff88811755cca8\nRBP: ffff88811755c880 R08: 0000000000000003 R09: 0000000000000000\nR10: 0000000000009e78 R11: 0000000000000000 R12: ffff88811755c8e0\nR13: ffff88811755c892 R14: ffff88811755c918 R15: 0000000000000000\nFS: 00007f03e5243800(0000) GS:ffff88811ae00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b32f21000 CR3: 0000000112ffe001 CR4: 0000000000770ef0\nPKRU: 55555554\nCall Trace:\n <TASK>\n ? inet_csk_destroy_sock (net/ipv4/inet_connection_sock.c:1193)\n dccp_close (net/dccp/proto.c:1078)\n inet_release (net/ipv4/af_inet.c:434)\n __sock_release (net/socket.c:660)\n sock_close (net/socket.c:1423)\n __fput (fs/file_table.c:377)\n __fput_sync (fs/file_table.c:462)\n __x64_sys_close (fs/open.c:1557 fs/open.c:1539 fs/open.c:1539)\n do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129)\nRIP: 0033:0x7f03e53852bb\nCode: 03 00 00 00 0f 05 48 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 43 c9 f5 ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 c9 f5 ff 8b 44\nRSP: 002b:00000000005dfba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003\nRAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f03e53852bb\nRDX: 0000000000000002 RSI: 0000000000000002 RDI: 0000000000000003\nRBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000167c\nR10: 0000000008a79680 R11: 0000000000000293 R12: 00007f03e4e43000\nR13: 00007f03e4e43170 R14: 00007f03e4e43178 R15: 00007f03e4e43170\n </TASK>\n\n[1]:\nFAULT_INJECTION: forcing a failure.\nname failslab, interval 1, probability 0, space 0, times 0\nCPU: 0 PID: 350833 Comm: syz-executor.1 Not tainted 6.7.0-12272-g2121c43f88f5 #9\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nCall Trace:\n <TASK>\n dump_stack_lvl (lib/dump_stack.c:107 (discriminator 1))\n should_fail_ex (lib/fault-inject.c:52 lib/fault-inject.c:153)\n should_failslab (mm/slub.c:3748)\n kmem_cache_alloc (mm/slub.c:3763 mm/slub.c:3842 mm/slub.c:3867)\n inet_bind2_bucket_create \n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/334a8348b2df26526f3298848ad6864285592caf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/66b60b0c8c4a163b022a9f0ad6769b0fd3dc662f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/729bc77af438a6e67914c97f6f3d3af8f72c0131",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f8c4a6b850882bc47aaa864b720c7a2ee3102f39",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2024/CVE-2024-267xx/CVE-2024-26742.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-26742",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T17:15:51.517",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: smartpqi: Fix disable_managed_interrupts\n\nCorrect blk-mq registration issue with module parameter\ndisable_managed_interrupts enabled.\n\nWhen we turn off the default PCI_IRQ_AFFINITY flag, the driver needs to\nregister with blk-mq using blk_mq_map_queues(). The driver is currently\ncalling blk_mq_pci_map_queues() which results in a stack trace and possibly\nundefined behavior.\n\nStack Trace:\n[ 7.860089] scsi host2: smartpqi\n[ 7.871934] WARNING: CPU: 0 PID: 238 at block/blk-mq-pci.c:52 blk_mq_pci_map_queues+0xca/0xd0\n[ 7.889231] Modules linked in: sd_mod t10_pi sg uas smartpqi(+) crc32c_intel scsi_transport_sas usb_storage dm_mirror dm_region_hash dm_log dm_mod ipmi_devintf ipmi_msghandler fuse\n[ 7.924755] CPU: 0 PID: 238 Comm: kworker/0:3 Not tainted 4.18.0-372.88.1.el8_6_smartpqi_test.x86_64 #1\n[ 7.944336] Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 03/08/2022\n[ 7.963026] Workqueue: events work_for_cpu_fn\n[ 7.978275] RIP: 0010:blk_mq_pci_map_queues+0xca/0xd0\n[ 7.978278] Code: 48 89 de 89 c7 e8 f6 0f 4f 00 3b 05 c4 b7 8e 01 72 e1 5b 31 c0 5d 41 5c 41 5d 41 5e 41 5f e9 7d df 73 00 31 c0 e9 76 df 73 00 <0f> 0b eb bc 90 90 0f 1f 44 00 00 41 57 49 89 ff 41 56 41 55 41 54\n[ 7.978280] RSP: 0018:ffffa95fc3707d50 EFLAGS: 00010216\n[ 7.978283] RAX: 00000000ffffffff RBX: 0000000000000000 RCX: 0000000000000010\n[ 7.978284] RDX: 0000000000000004 RSI: 0000000000000000 RDI: ffff9190c32d4310\n[ 7.978286] RBP: 0000000000000000 R08: ffffa95fc3707d38 R09: ffff91929b81ac00\n[ 7.978287] R10: 0000000000000001 R11: ffffa95fc3707ac0 R12: 0000000000000000\n[ 7.978288] R13: ffff9190c32d4000 R14: 00000000ffffffff R15: ffff9190c4c950a8\n[ 7.978290] FS: 0000000000000000(0000) GS:ffff9193efc00000(0000) knlGS:0000000000000000\n[ 7.978292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 8.172814] CR2: 000055d11166c000 CR3: 00000002dae10002 CR4: 00000000007706f0\n[ 8.172816] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 8.172817] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 8.172818] PKRU: 55555554\n[ 8.172819] Call Trace:\n[ 8.172823] blk_mq_alloc_tag_set+0x12e/0x310\n[ 8.264339] scsi_add_host_with_dma.cold.9+0x30/0x245\n[ 8.279302] pqi_ctrl_init+0xacf/0xc8e [smartpqi]\n[ 8.294085] ? pqi_pci_probe+0x480/0x4c8 [smartpqi]\n[ 8.309015] pqi_pci_probe+0x480/0x4c8 [smartpqi]\n[ 8.323286] local_pci_probe+0x42/0x80\n[ 8.337855] work_for_cpu_fn+0x16/0x20\n[ 8.351193] process_one_work+0x1a7/0x360\n[ 8.364462] ? create_worker+0x1a0/0x1a0\n[ 8.379252] worker_thread+0x1ce/0x390\n[ 8.392623] ? create_worker+0x1a0/0x1a0\n[ 8.406295] kthread+0x10a/0x120\n[ 8.418428] ? set_kthread_struct+0x50/0x50\n[ 8.431532] ret_from_fork+0x1f/0x40\n[ 8.444137] ---[ end trace 1bf0173d39354506 ]---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3c31b18a8dd8b7bf36af1cd723d455853b8f94fe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4f5b15c15e6016efb3e14582d02cc4ddf57227df",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5761eb9761d2d5fe8248a9b719efc4d8baf1f24a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b9433b25cb06c415c9cb24782599649a406c8d6d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

40
CVE-2024/CVE-2024-267xx/CVE-2024-26743.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2024-26743",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T17:15:51.577",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/qedr: Fix qedr_create_user_qp error flow\n\nAvoid the following warning by making sure to free the allocated\nresources in case that qedr_init_user_queue() fail.\n\n-----------[ cut here ]-----------\nWARNING: CPU: 0 PID: 143192 at drivers/infiniband/core/rdma_core.c:874 uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\nModules linked in: tls target_core_user uio target_core_pscsi target_core_file target_core_iblock ib_srpt ib_srp scsi_transport_srp nfsd nfs_acl rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs 8021q garp mrp stp llc ext4 mbcache jbd2 opa_vnic ib_umad ib_ipoib sunrpc rdma_ucm ib_isert iscsi_target_mod target_core_mod ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm hfi1 intel_rapl_msr intel_rapl_common mgag200 qedr sb_edac drm_shmem_helper rdmavt x86_pkg_temp_thermal drm_kms_helper intel_powerclamp ib_uverbs coretemp i2c_algo_bit kvm_intel dell_wmi_descriptor ipmi_ssif sparse_keymap kvm ib_core rfkill syscopyarea sysfillrect video sysimgblt irqbypass ipmi_si ipmi_devintf fb_sys_fops rapl iTCO_wdt mxm_wmi iTCO_vendor_support intel_cstate pcspkr dcdbas intel_uncore ipmi_msghandler lpc_ich acpi_power_meter mei_me mei fuse drm xfs libcrc32c qede sd_mod ahci libahci t10_pi sg crct10dif_pclmul crc32_pclmul crc32c_intel qed libata tg3\nghash_clmulni_intel megaraid_sas crc8 wmi [last unloaded: ib_srpt]\nCPU: 0 PID: 143192 Comm: fi_rdm_tagged_p Kdump: loaded Not tainted 5.14.0-408.el9.x86_64 #1\nHardware name: Dell Inc. PowerEdge R430/03XKDV, BIOS 2.14.0 01/25/2022\nRIP: 0010:uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\nCode: 5d 41 5c 41 5d 41 5e e9 0f 26 1b dd 48 89 df e8 67 6a ff ff 49 8b 86 10 01 00 00 48 85 c0 74 9c 4c 89 e7 e8 83 c0 cb dd eb 92 <0f> 0b eb be 0f 0b be 04 00 00 00 48 89 df e8 8e f5 ff ff e9 6d ff\nRSP: 0018:ffffb7c6cadfbc60 EFLAGS: 00010286\nRAX: ffff8f0889ee3f60 RBX: ffff8f088c1a5200 RCX: 00000000802a0016\nRDX: 00000000802a0017 RSI: 0000000000000001 RDI: ffff8f0880042600\nRBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000\nR10: ffff8f11fffd5000 R11: 0000000000039000 R12: ffff8f0d5b36cd80\nR13: ffff8f088c1a5250 R14: ffff8f1206d91000 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffff8f11d7c00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000147069200e20 CR3: 00000001c7210002 CR4: 00000000001706f0\nCall Trace:\n<TASK>\n? show_trace_log_lvl+0x1c4/0x2df\n? show_trace_log_lvl+0x1c4/0x2df\n? ib_uverbs_close+0x1f/0xb0 [ib_uverbs]\n? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\n? __warn+0x81/0x110\n? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\n? report_bug+0x10a/0x140\n? handle_bug+0x3c/0x70\n? exc_invalid_op+0x14/0x70\n? asm_exc_invalid_op+0x16/0x20\n? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\nib_uverbs_close+0x1f/0xb0 [ib_uverbs]\n__fput+0x94/0x250\ntask_work_run+0x5c/0x90\ndo_exit+0x270/0x4a0\ndo_group_exit+0x2d/0x90\nget_signal+0x87c/0x8c0\narch_do_signal_or_restart+0x25/0x100\n? ib_uverbs_ioctl+0xc2/0x110 [ib_uverbs]\nexit_to_user_mode_loop+0x9c/0x130\nexit_to_user_mode_prepare+0xb6/0x100\nsyscall_exit_to_user_mode+0x12/0x40\ndo_syscall_64+0x69/0x90\n? syscall_exit_work+0x103/0x130\n? syscall_exit_to_user_mode+0x22/0x40\n? do_syscall_64+0x69/0x90\n? syscall_exit_work+0x103/0x130\n? syscall_exit_to_user_mode+0x22/0x40\n? do_syscall_64+0x69/0x90\n? do_syscall_64+0x69/0x90\n? common_interrupt+0x43/0xa0\nentry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x1470abe3ec6b\nCode: Unable to access opcode bytes at RIP 0x1470abe3ec41.\nRSP: 002b:00007fff13ce9108 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: fffffffffffffffc RBX: 00007fff13ce9218 RCX: 00001470abe3ec6b\nRDX: 00007fff13ce9200 RSI: 00000000c0181b01 RDI: 0000000000000004\nRBP: 00007fff13ce91e0 R08: 0000558d9655da10 R09: 0000558d9655dd00\nR10: 00007fff13ce95c0 R11: 0000000000000246 R12: 00007fff13ce9358\nR13: 0000000000000013 R14: 0000558d9655db50 R15: 00007fff13ce9470\n</TASK>\n--[ end trace 888a9b92e04c5c97 ]--"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/135e5465fefa463c5ec93c4eede48b9fedac894a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5639414a52a29336ffa1ede80a67c6d927acbc5a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5ba4e6d5863c53e937f49932dee0ecb004c65928",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7f31a244c753aacf40b71d01f03ca6742f81bbbc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/95175dda017cd4982cd47960536fa1de003d3298",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bab8875c06ebda5e01c5c4cab30022aed85c14e6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

44
CVE-2024/CVE-2024-267xx/CVE-2024-26744.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-26744",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T17:15:51.627",
"lastModified": "2024-04-03T17:24:18.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/srpt: Support specifying the srpt_service_guid parameter\n\nMake loading ib_srpt with this parameter set work. The current behavior is\nthat setting that parameter while loading the ib_srpt kernel module\ntriggers the following kernel crash:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nCall Trace:\n <TASK>\n parse_one+0x18c/0x1d0\n parse_args+0xe1/0x230\n load_module+0x8de/0xa60\n init_module_from_file+0x8b/0xd0\n idempotent_init_module+0x181/0x240\n __x64_sys_finit_module+0x5a/0xb0\n do_syscall_64+0x5f/0xe0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/5a5c039dac1b1b7ba3e91c791f4421052bf79b82",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/84f1dac960cfa210a3b7a7522e6c2320ae91932b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/989af2f29342a9a7c7515523d879b698ac8465f4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/aee4dcfe17219fe60f2821923adea98549060af8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c99a827d3cff9f84e1cb997b7cc6386d107aa74d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fdfa083549de5d50ebf7f6811f33757781e838c0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fe2a73d57319feab4b3b175945671ce43492172f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

Some files were not shown because too many files have changed in this diff Show More