diff --git a/CVE-2018/CVE-2018-113xx/CVE-2018-11307.json b/CVE-2018/CVE-2018-113xx/CVE-2018-11307.json index 68f8482c1c1..abc9253af21 100644 --- a/CVE-2018/CVE-2018-113xx/CVE-2018-11307.json +++ b/CVE-2018/CVE-2018-113xx/CVE-2018-11307.json @@ -2,8 +2,8 @@ "id": "CVE-2018-11307", "sourceIdentifier": "cve@mitre.org", "published": "2019-07-09T16:15:12.807", - "lastModified": "2023-11-07T02:51:39.833", - "vulnStatus": "Modified", + "lastModified": "2024-04-03T17:40:34.980", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -107,8 +107,8 @@ "vulnerable": true, "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.9.0", - "versionEndExcluding": "2.9.5", - "matchCriteriaId": "C8E95FD1-112C-4BBA-B1C5-BBE204B59C62" + "versionEndExcluding": "2.9.6", + "matchCriteriaId": "429C17F2-AB58-4BC0-8EB0-AF3322DDD528" } ] } @@ -287,23 +287,42 @@ }, { "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d%40%3Cissues.lucene.apache.org%3E", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525", diff --git a/CVE-2023/CVE-2023-202xx/CVE-2023-20269.json b/CVE-2023/CVE-2023-202xx/CVE-2023-20269.json index e3eb49e64b2..3b20c6fbb21 100644 --- a/CVE-2023/CVE-2023-202xx/CVE-2023-20269.json +++ b/CVE-2023/CVE-2023-202xx/CVE-2023-20269.json @@ -2,8 +2,8 @@ "id": "CVE-2023-20269", "sourceIdentifier": "ykramarz@cisco.com", "published": "2023-09-06T18:15:08.303", - "lastModified": "2024-01-25T17:15:42.883", - "vulnStatus": "Modified", + "lastModified": "2024-04-03T16:12:23.737", + "vulnStatus": "Analyzed", "cisaExploitAdd": "2023-09-13", "cisaActionDue": "2023-10-04", "cisaRequiredAction": "Apply mitigations per vendor instructions for group-lock and vpn-simultaneous-logins or discontinue use of the product for unsupported devices.", @@ -711,6 +711,11 @@ "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.48:*:*:*:*:*:*:*", "matchCriteriaId": "D6FEF0DA-741E-4361-8143-068EB47D6520" }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.10.1:*:*:*:*:*:*:*", + "matchCriteriaId": "69289C72-01B5-4280-A382-665C1224C850" + }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.1:*:*:*:*:*:*:*", diff --git a/CVE-2023/CVE-2023-256xx/CVE-2023-25699.json b/CVE-2023/CVE-2023-256xx/CVE-2023-25699.json index c8ad081ada1..9bb091c09e8 100644 --- a/CVE-2023/CVE-2023-256xx/CVE-2023-25699.json +++ b/CVE-2023/CVE-2023-256xx/CVE-2023-25699.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25699", "sourceIdentifier": "audit@patchstack.com", "published": "2024-04-03T13:15:59.923", - "lastModified": "2024-04-03T13:15:59.923", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-358xx/CVE-2023-35812.json b/CVE-2023/CVE-2023-358xx/CVE-2023-35812.json new file mode 100644 index 00000000000..91b538c36a5 --- /dev/null +++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35812.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35812", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-04-03T17:15:47.020", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in the Amazon Linux packages of OpenSSH 7.4 for Amazon Linux 1 and 2, because of an incomplete fix for CVE-2019-6111 within these specific packages. The fix had only covered cases where an absolute path is passed to scp. When a relative path is used, there is no verification that the name of a file received by the client matches the file requested. Fixed packages are available with numbers 7.4p1-22.78.amzn1 and 7.4p1-22.amzn2.0.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://alas.aws.amazon.com/cve/html/CVE-2023-35812.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38729.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38729.json index 0041b3ca9e4..051e0239ce1 100644 --- a/CVE-2023/CVE-2023-387xx/CVE-2023-38729.json +++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38729.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38729", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-04-03T13:16:00.150", - "lastModified": "2024-04-03T13:16:00.150", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-440xx/CVE-2023-44038.json b/CVE-2023/CVE-2023-440xx/CVE-2023-44038.json new file mode 100644 index 00000000000..b9848c8cecb --- /dev/null +++ b/CVE-2023/CVE-2023-440xx/CVE-2023-44038.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-44038", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-04-03T17:15:47.213", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In VeridiumID before 3.5.0, the identity provider page allows an unauthenticated attacker to discover information about registered users via an LDAP injection attack." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://docs.veridiumid.com/docs/v3.5/security-advisory#id-%28v3.52%29SecurityAdvisory-Acknowledgement", + "source": "cve@mitre.org" + }, + { + "url": "https://veridiumid.com/veridium-id-authentication-platform/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-440xx/CVE-2023-44039.json b/CVE-2023/CVE-2023-440xx/CVE-2023-44039.json new file mode 100644 index 00000000000..95616f482bd --- /dev/null +++ b/CVE-2023/CVE-2023-440xx/CVE-2023-44039.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-44039", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-04-03T16:15:07.093", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker (who can pass enrollment verifications and is allowed to enroll a FIDO key) to register their FIDO authenticator to a victim\u2019s account and consequently take over the account." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://docs.veridiumid.com/docs/v3.5/security-advisory#id-%28v3.52%29SecurityAdvisory-Acknowledgement", + "source": "cve@mitre.org" + }, + { + "url": "https://veridiumid.com/veridium-id-authentication-platform/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-440xx/CVE-2023-44040.json b/CVE-2023/CVE-2023-440xx/CVE-2023-44040.json new file mode 100644 index 00000000000..715b1928c23 --- /dev/null +++ b/CVE-2023/CVE-2023-440xx/CVE-2023-44040.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-44040", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-04-03T17:15:47.273", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting (XSS) vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://docs.veridiumid.com/docs/v3.5/security-advisory#id-%28v3.52%29SecurityAdvisory-Acknowledgement", + "source": "cve@mitre.org" + }, + { + "url": "https://veridiumid.com/veridium-id-authentication-platform/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-455xx/CVE-2023-45552.json b/CVE-2023/CVE-2023-455xx/CVE-2023-45552.json new file mode 100644 index 00000000000..6a4bc51d946 --- /dev/null +++ b/CVE-2023/CVE-2023-455xx/CVE-2023-45552.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-45552", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-04-03T17:15:47.330", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In VeridiumID before 3.5.0, a stored cross-site scripting (XSS) vulnerability has been discovered in the admin portal that allows an authenticated attacker to take over all accounts by sending malicious input via the self-service portal." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://docs.veridiumid.com/docs/v3.5/security-advisory#id-%28v3.52%29SecurityAdvisory-Acknowledgement", + "source": "cve@mitre.org" + }, + { + "url": "https://veridiumid.com/veridium-id-authentication-platform/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52296.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52296.json index b2eeea2f271..e12e72ff0ff 100644 --- a/CVE-2023/CVE-2023-522xx/CVE-2023-52296.json +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52296.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52296", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-04-03T13:16:00.360", - "lastModified": "2024-04-03T13:16:00.360", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-526xx/CVE-2023-52637.json b/CVE-2023/CVE-2023-526xx/CVE-2023-52637.json index 9af5cce4bdb..aca948d0796 100644 --- a/CVE-2023/CVE-2023-526xx/CVE-2023-52637.json +++ b/CVE-2023/CVE-2023-526xx/CVE-2023-52637.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52637", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:51.347", - "lastModified": "2024-04-03T15:15:51.347", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-526xx/CVE-2023-52638.json b/CVE-2023/CVE-2023-526xx/CVE-2023-52638.json index 6f6e32d05dc..d2ce3018aa0 100644 --- a/CVE-2023/CVE-2023-526xx/CVE-2023-52638.json +++ b/CVE-2023/CVE-2023-526xx/CVE-2023-52638.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52638", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:51.417", - "lastModified": "2024-04-03T15:15:51.417", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-526xx/CVE-2023-52639.json b/CVE-2023/CVE-2023-526xx/CVE-2023-52639.json index 0c3a16da0a4..306dcf9a8d5 100644 --- a/CVE-2023/CVE-2023-526xx/CVE-2023-52639.json +++ b/CVE-2023/CVE-2023-526xx/CVE-2023-52639.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52639", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:51.467", - "lastModified": "2024-04-03T15:15:51.467", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-526xx/CVE-2023-52640.json b/CVE-2023/CVE-2023-526xx/CVE-2023-52640.json new file mode 100644 index 00000000000..1df7b9af917 --- /dev/null +++ b/CVE-2023/CVE-2023-526xx/CVE-2023-52640.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-52640", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:47.410", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fix oob in ntfs_listxattr\n\nThe length of name cannot exceed the space occupied by ea." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0830c5cf19bdec50d0ede4755ddc463663deb21c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/52fff5799e3d1b5803ecd2f5f19c13c65f4f7b23", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6ed6cdbe88334ca3430c5aee7754dc4597498dfb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/731ab1f9828800df871c5a7ab9ffe965317d3f15", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a585faf0591548fe0920641950ebfa8a6eefe1cd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-526xx/CVE-2023-52641.json b/CVE-2023/CVE-2023-526xx/CVE-2023-52641.json new file mode 100644 index 00000000000..c89f6ee7ebe --- /dev/null +++ b/CVE-2023/CVE-2023-526xx/CVE-2023-52641.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-52641", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:47.470", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame()\n\nIt is preferable to exit through the out: label because\ninternal debugging functions are located there." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/50545eb6cd5f7ff852a01fa29b7372524ef948cc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/847b68f58c212f0439c5a8101b3841f32caffccd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/947c3f3d31ea185ddc8e7f198873f17d36deb24c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/aaab47f204aaf47838241d57bf8662c8840de60a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ee8db6475cb15c8122855f72ad4cfa5375af6a7b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0394.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0394.json index c6ee3dde350..2eedf252911 100644 --- a/CVE-2024/CVE-2024-03xx/CVE-2024-0394.json +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0394.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0394", "sourceIdentifier": "cve@rapid7.com", "published": "2024-04-03T14:15:13.170", - "lastModified": "2024-04-03T14:15:13.170", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1180.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1180.json new file mode 100644 index 00000000000..b743743d299 --- /dev/null +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1180.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1180", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-03T17:15:47.530", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605. Authentication is required to exploit this vulnerability.\n\nThe specific issue exists within the handling of the name field in the access control user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22227." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-086/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-202xx/CVE-2024-20281.json b/CVE-2024/CVE-2024-202xx/CVE-2024-20281.json new file mode 100644 index 00000000000..08487ba1400 --- /dev/null +++ b/CVE-2024/CVE-2024-202xx/CVE-2024-20281.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20281", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-04-03T17:15:47.740", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.\r\n\r This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts.\r\n\r Note: There are internal security mechanisms in place that limit the scope of this exploit, reducing the Security Impact Rating of this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfccsrf-TEmZEfJ9", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-202xx/CVE-2024-20282.json b/CVE-2024/CVE-2024-202xx/CVE-2024-20282.json new file mode 100644 index 00000000000..cb1f251c788 --- /dev/null +++ b/CVE-2024/CVE-2024-202xx/CVE-2024-20282.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20282", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-04-03T17:15:47.950", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device.\r\n\r This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this vulnerability by using this token to access resources within the device infrastructure. A successful exploit could allow an attacker to gain root access to the filesystem or hosted containers on an affected device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndru-pesc-kZ2PQLZH", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-202xx/CVE-2024-20283.json b/CVE-2024/CVE-2024-202xx/CVE-2024-20283.json new file mode 100644 index 00000000000..54dbfc3062f --- /dev/null +++ b/CVE-2024/CVE-2024-202xx/CVE-2024-20283.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20283", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-04-03T17:15:48.140", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device.\r\n\r This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerability by sending queries to the API endpoint. A successful exploit could allow an attacker to access metrics and information about devices in the Nexus Dashboard cluster." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndidv-LmXdvAf2", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20302.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20302.json new file mode 100644 index 00000000000..b4763c8493b --- /dev/null +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20302.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20302", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-04-03T17:15:48.323", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the tenant security implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an authenticated, remote attacker to modify or delete tenant templates on an affected system. \r\n \r\nThis vulnerability is due to improper access controls within tenant security. An attacker who is using a valid user account with write privileges and either a Site Manager or Tenant Manager role could exploit this vulnerability. A successful exploit could allow the attacker to modify or delete tenant templates under non-associated tenants, which could disrupt network traffic." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndo-upav-YRqsCcSP", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20310.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20310.json new file mode 100644 index 00000000000..440ebd1008e --- /dev/null +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20310.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20310", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-04-03T17:15:48.513", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-23" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20332.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20332.json new file mode 100644 index 00000000000..1dcc5efd5dc --- /dev/null +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20332.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20332", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-04-03T17:15:48.713", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device.\r\n\r This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device. To successfully exploit this vulnerability, the attacker would need valid Super Admin credentials." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-ssrf-FtSTh5Oz", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20334.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20334.json new file mode 100644 index 00000000000..4d50b89d2d6 --- /dev/null +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20334.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20334", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-04-03T17:15:48.907", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow a low-privileged, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tms-xss-kGw4DX9Y", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20347.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20347.json new file mode 100644 index 00000000000..8ef71d98a4e --- /dev/null +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20347.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20347", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-04-03T17:15:49.107", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user, such as deleting users from the device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cem-csrf-suCmNjFr", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20348.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20348.json new file mode 100644 index 00000000000..162637cae99 --- /dev/null +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20348.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20348", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-04-03T17:15:49.310", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to read arbitrary files.\r\n\r This vulnerability is due to an unauthenticated provisioning web server. An attacker could exploit this vulnerability through direct web requests to the provisioning server. A successful exploit could allow the attacker to read sensitive files in the PnP container that could facilitate further attacks on the PnP infrastructure." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-27" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-dir-trav-SSn3AYDw", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20352.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20352.json new file mode 100644 index 00000000000..27e73a91eaa --- /dev/null +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20352.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20352", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-04-03T17:15:49.510", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a directory traversal attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An attacker could exploit this vulnerability by sending crafted requests to the web UI. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user, such as accessing password or log files or uploading and deleting existing files from the system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-23" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cem-csrf-suCmNjFr", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20362.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20362.json new file mode 100644 index 00000000000..a1a42dfdee8 --- /dev/null +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20362.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20362", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-04-03T17:15:49.707", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-80" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbiz-rv-xss-OQeRTup", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20367.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20367.json new file mode 100644 index 00000000000..02f70c12f69 --- /dev/null +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20367.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20367", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-04-03T17:15:49.907", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-xss-CSQxgxfM", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20368.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20368.json new file mode 100644 index 00000000000..b2cf9830f73 --- /dev/null +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20368.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20368", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-04-03T17:15:50.107", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.\r\n\r This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-csrf-NfAKXrp5", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-20xx/CVE-2024-2005.json b/CVE-2024/CVE-2024-20xx/CVE-2024-2005.json index 0955a48dd1b..5a562786950 100644 --- a/CVE-2024/CVE-2024-20xx/CVE-2024-2005.json +++ b/CVE-2024/CVE-2024-20xx/CVE-2024-2005.json @@ -2,12 +2,16 @@ "id": "CVE-2024-2005", "sourceIdentifier": "7bd90cf1-1651-495e-9ae8-9415fb3c9feb", "published": "2024-03-06T12:15:45.827", - "lastModified": "2024-03-06T15:18:08.093", + "lastModified": "2024-04-03T17:15:55.773", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "\n\n\nIn Blue Planet\u00ae products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected.\n\nBlue Planet\u00ae has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.\n\n\n\n\n\n\n\n\n\n\n\n\n\n" + "value": "\nIn Blue Planet\u00ae products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected.\n\nBlue Planet\u00ae has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.\n\n" + }, + { + "lang": "es", + "value": "En los productos Blue Planet\u00ae hasta la versi\u00f3n 22.12, una mala configuraci\u00f3n en la implementaci\u00f3n de SAML permite la escalada de privilegios. S\u00f3lo se ven afectados los productos que utilizan autenticaci\u00f3n SAML. Blue Planet\u00ae ha lanzado actualizaciones de software que abordan esta vulnerabilidad para los productos afectados. Se recomienda a los clientes que actualicen sus productos Blue Planet a la \u00faltima versi\u00f3n del software lo antes posible. Las actualizaciones de software se pueden descargar desde el Portal de soporte de Ciena." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-218xx/CVE-2024-21870.json b/CVE-2024/CVE-2024-218xx/CVE-2024-21870.json index cb9160d4973..8f92894bcca 100644 --- a/CVE-2024/CVE-2024-218xx/CVE-2024-21870.json +++ b/CVE-2024/CVE-2024-218xx/CVE-2024-21870.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21870", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-04-03T14:15:13.917", - "lastModified": "2024-04-03T15:15:51.953", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", @@ -50,10 +50,6 @@ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1950", "source": "talos-cna@cisco.com" - }, - { - "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1950", - "source": "talos-cna@cisco.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22178.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22178.json index 1fd9ac45482..aab694f26c1 100644 --- a/CVE-2024/CVE-2024-221xx/CVE-2024-22178.json +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22178.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22178", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-04-03T14:15:14.543", - "lastModified": "2024-04-03T15:15:52.040", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", @@ -50,10 +50,6 @@ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1951", "source": "talos-cna@cisco.com" - }, - { - "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1951", - "source": "talos-cna@cisco.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22360.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22360.json index c4a11558a2c..2b40e84641a 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22360.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22360.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22360", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-04-03T13:16:01.183", - "lastModified": "2024-04-03T13:16:01.183", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-235xx/CVE-2024-23540.json b/CVE-2024/CVE-2024-235xx/CVE-2024-23540.json new file mode 100644 index 00000000000..3fd49aeded3 --- /dev/null +++ b/CVE-2024/CVE-2024-235xx/CVE-2024-23540.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-23540", + "sourceIdentifier": "psirt@hcl.com", + "published": "2024-04-03T17:15:50.450", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The HCL BigFix Inventory server is vulnerable to path traversal which enables an attacker to read internal application files from the Inventory server. The BigFix Inventory server does not properly restrict the served static file.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@hcl.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112015", + "source": "psirt@hcl.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24707.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24707.json index f078ca93ada..58a1d5c7a44 100644 --- a/CVE-2024/CVE-2024-247xx/CVE-2024-24707.json +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24707.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24707", "sourceIdentifier": "audit@patchstack.com", "published": "2024-04-03T13:16:01.383", - "lastModified": "2024-04-03T13:16:01.383", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-249xx/CVE-2024-24976.json b/CVE-2024/CVE-2024-249xx/CVE-2024-24976.json index 53e94d491a8..b7ac8bdf364 100644 --- a/CVE-2024/CVE-2024-249xx/CVE-2024-24976.json +++ b/CVE-2024/CVE-2024-249xx/CVE-2024-24976.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24976", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-04-03T14:15:15.073", - "lastModified": "2024-04-03T15:15:52.127", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", @@ -50,10 +50,6 @@ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1948", "source": "talos-cna@cisco.com" - }, - { - "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1948", - "source": "talos-cna@cisco.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-250xx/CVE-2024-25030.json b/CVE-2024/CVE-2024-250xx/CVE-2024-25030.json index 19ac99daa56..01459cf37c0 100644 --- a/CVE-2024/CVE-2024-250xx/CVE-2024-25030.json +++ b/CVE-2024/CVE-2024-250xx/CVE-2024-25030.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25030", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-04-03T13:16:01.590", - "lastModified": "2024-04-03T13:16:01.590", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-250xx/CVE-2024-25046.json b/CVE-2024/CVE-2024-250xx/CVE-2024-25046.json index ae81baa01de..8cafd39d13a 100644 --- a/CVE-2024/CVE-2024-250xx/CVE-2024-25046.json +++ b/CVE-2024/CVE-2024-250xx/CVE-2024-25046.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25046", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-04-03T13:16:01.790", - "lastModified": "2024-04-03T13:16:01.790", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-250xx/CVE-2024-25096.json b/CVE-2024/CVE-2024-250xx/CVE-2024-25096.json index 3bd3fcc4fa5..8fc999f9949 100644 --- a/CVE-2024/CVE-2024-250xx/CVE-2024-25096.json +++ b/CVE-2024/CVE-2024-250xx/CVE-2024-25096.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25096", "sourceIdentifier": "audit@patchstack.com", "published": "2024-04-03T13:16:02.017", - "lastModified": "2024-04-03T13:16:02.017", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-266xx/CVE-2024-26685.json b/CVE-2024/CVE-2024-266xx/CVE-2024-26685.json index ea5235c9f94..fe55e2a98ca 100644 --- a/CVE-2024/CVE-2024-266xx/CVE-2024-26685.json +++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26685.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26685", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:52.210", - "lastModified": "2024-04-03T15:15:52.210", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-266xx/CVE-2024-26686.json b/CVE-2024/CVE-2024-266xx/CVE-2024-26686.json index 64e1da65440..5a0f36dc286 100644 --- a/CVE-2024/CVE-2024-266xx/CVE-2024-26686.json +++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26686.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26686", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:52.263", - "lastModified": "2024-04-03T15:15:52.263", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-266xx/CVE-2024-26687.json b/CVE-2024/CVE-2024-266xx/CVE-2024-26687.json index 9fe5e7c10fd..2bca80669ef 100644 --- a/CVE-2024/CVE-2024-266xx/CVE-2024-26687.json +++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26687.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26687", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:52.313", - "lastModified": "2024-04-03T15:15:52.313", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-266xx/CVE-2024-26688.json b/CVE-2024/CVE-2024-266xx/CVE-2024-26688.json index 73f2ef334d8..95eb036f7d5 100644 --- a/CVE-2024/CVE-2024-266xx/CVE-2024-26688.json +++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26688.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26688", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:52.370", - "lastModified": "2024-04-03T15:15:52.370", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-266xx/CVE-2024-26689.json b/CVE-2024/CVE-2024-266xx/CVE-2024-26689.json index b3ae8d27129..6f0892e3f25 100644 --- a/CVE-2024/CVE-2024-266xx/CVE-2024-26689.json +++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26689.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26689", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:52.427", - "lastModified": "2024-04-03T15:15:52.427", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-266xx/CVE-2024-26690.json b/CVE-2024/CVE-2024-266xx/CVE-2024-26690.json index b6f3d162e31..dd4cef89de9 100644 --- a/CVE-2024/CVE-2024-266xx/CVE-2024-26690.json +++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26690.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26690", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:52.487", - "lastModified": "2024-04-03T15:15:52.487", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-266xx/CVE-2024-26691.json b/CVE-2024/CVE-2024-266xx/CVE-2024-26691.json index 79eff0b87d9..116b384f996 100644 --- a/CVE-2024/CVE-2024-266xx/CVE-2024-26691.json +++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26691.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26691", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:52.550", - "lastModified": "2024-04-03T15:15:52.550", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-266xx/CVE-2024-26692.json b/CVE-2024/CVE-2024-266xx/CVE-2024-26692.json index a73eeaf9dff..88dfb74e91c 100644 --- a/CVE-2024/CVE-2024-266xx/CVE-2024-26692.json +++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26692.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26692", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:52.610", - "lastModified": "2024-04-03T15:15:52.610", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-266xx/CVE-2024-26693.json b/CVE-2024/CVE-2024-266xx/CVE-2024-26693.json index 29dd6d825a0..03832533396 100644 --- a/CVE-2024/CVE-2024-266xx/CVE-2024-26693.json +++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26693.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26693", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:52.667", - "lastModified": "2024-04-03T15:15:52.667", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-266xx/CVE-2024-26694.json b/CVE-2024/CVE-2024-266xx/CVE-2024-26694.json index 58e5958b30a..e2d3b7fa081 100644 --- a/CVE-2024/CVE-2024-266xx/CVE-2024-26694.json +++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26694.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26694", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:52.717", - "lastModified": "2024-04-03T15:15:52.717", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-266xx/CVE-2024-26695.json b/CVE-2024/CVE-2024-266xx/CVE-2024-26695.json index df10f886873..b50315eb607 100644 --- a/CVE-2024/CVE-2024-266xx/CVE-2024-26695.json +++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26695.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26695", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:52.770", - "lastModified": "2024-04-03T15:15:52.770", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-266xx/CVE-2024-26696.json b/CVE-2024/CVE-2024-266xx/CVE-2024-26696.json index 5bfa8b7bb1d..cdd27908193 100644 --- a/CVE-2024/CVE-2024-266xx/CVE-2024-26696.json +++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26696.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26696", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:52.830", - "lastModified": "2024-04-03T15:15:52.830", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-266xx/CVE-2024-26697.json b/CVE-2024/CVE-2024-266xx/CVE-2024-26697.json index dc835fc9a23..c2371d21573 100644 --- a/CVE-2024/CVE-2024-266xx/CVE-2024-26697.json +++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26697.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26697", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:52.880", - "lastModified": "2024-04-03T15:15:52.880", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-266xx/CVE-2024-26698.json b/CVE-2024/CVE-2024-266xx/CVE-2024-26698.json index 005054e48f1..e56689dd492 100644 --- a/CVE-2024/CVE-2024-266xx/CVE-2024-26698.json +++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26698.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26698", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:52.933", - "lastModified": "2024-04-03T15:15:52.933", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-266xx/CVE-2024-26699.json b/CVE-2024/CVE-2024-266xx/CVE-2024-26699.json index 4665bb79e40..47614232c8a 100644 --- a/CVE-2024/CVE-2024-266xx/CVE-2024-26699.json +++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26699.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26699", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:52.980", - "lastModified": "2024-04-03T15:15:52.980", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26700.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26700.json index e936fc6846f..bb1a1f40000 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26700.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26700.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26700", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:53.030", - "lastModified": "2024-04-03T15:15:53.030", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26701.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26701.json new file mode 100644 index 00000000000..76f21cc2483 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26701.json @@ -0,0 +1,15 @@ +{ + "id": "CVE-2024-26701", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:50.720", + "lastModified": "2024-04-03T17:15:50.720", + "vulnStatus": "Rejected", + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26702.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26702.json index 196b52507aa..314289bd336 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26702.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26702.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26702", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:53.087", - "lastModified": "2024-04-03T15:15:53.087", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26703.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26703.json index 43f6d89a5b1..9a9fb274e23 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26703.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26703.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26703", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:53.140", - "lastModified": "2024-04-03T15:15:53.140", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26704.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26704.json index 67e61dfb8d6..764a6789e1d 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26704.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26704.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26704", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:53.193", - "lastModified": "2024-04-03T15:15:53.193", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26705.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26705.json index 50e2ee7e238..fb89c93b786 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26705.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26705.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26705", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:53.243", - "lastModified": "2024-04-03T15:15:53.243", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26706.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26706.json index 27421b844e8..221569f8f35 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26706.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26706.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26706", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:53.293", - "lastModified": "2024-04-03T15:15:53.293", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26707.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26707.json index 2a611e58c90..6cd5c60f0f3 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26707.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26707.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26707", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:53.340", - "lastModified": "2024-04-03T15:15:53.340", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26708.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26708.json index edebd57dce3..049c3b66184 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26708.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26708.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26708", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:53.390", - "lastModified": "2024-04-03T15:15:53.390", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26709.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26709.json index aea30aaaa6f..e21634b790b 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26709.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26709.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26709", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:53.440", - "lastModified": "2024-04-03T15:15:53.440", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26710.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26710.json index ba66cf4e662..489b4a908db 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26710.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26710.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26710", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:53.487", - "lastModified": "2024-04-03T15:15:53.487", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26711.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26711.json index b7bad1621c4..b410daa79c9 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26711.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26711.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26711", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:53.540", - "lastModified": "2024-04-03T15:15:53.540", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26712.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26712.json index 96ff6d0b998..f350115392a 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26712.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26712.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26712", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:53.590", - "lastModified": "2024-04-03T15:15:53.590", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26713.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26713.json index 47312f062e1..f3f131d8b72 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26713.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26713.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26713", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:53.647", - "lastModified": "2024-04-03T15:15:53.647", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26714.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26714.json index 28b7b890296..17a6bd6aa70 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26714.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26714.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26714", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:53.700", - "lastModified": "2024-04-03T15:15:53.700", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26715.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26715.json index 4b0262139ce..6e25c229c38 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26715.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26715.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26715", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:53.750", - "lastModified": "2024-04-03T15:15:53.750", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26716.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26716.json index 58b26c7409d..fc0661d842b 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26716.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26716.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26716", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:53.800", - "lastModified": "2024-04-03T15:15:53.800", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26717.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26717.json index 2e580e62346..8d09fae81ce 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26717.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26717.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26717", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:53.850", - "lastModified": "2024-04-03T15:15:53.850", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26718.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26718.json index 0d4e7cc488b..3f2b530bb8e 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26718.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26718.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26718", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:53.897", - "lastModified": "2024-04-03T15:15:53.897", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26719.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26719.json index e879a87ad0a..ba84ba3f6c8 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26719.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26719.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26719", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:53.947", - "lastModified": "2024-04-03T15:15:53.947", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26720.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26720.json index 0f179211895..58e3f6849ad 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26720.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26720.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26720", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:53.993", - "lastModified": "2024-04-03T15:15:53.993", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26721.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26721.json index 79a2818c453..40202e836c8 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26721.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26721.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26721", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:54.043", - "lastModified": "2024-04-03T15:15:54.043", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26722.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26722.json index dbc5ca422fb..5bdaa254dae 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26722.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26722.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26722", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:54.090", - "lastModified": "2024-04-03T15:15:54.090", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26723.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26723.json index 597b096a3ca..7f096fb3a94 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26723.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26723.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26723", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:54.143", - "lastModified": "2024-04-03T15:15:54.143", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26724.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26724.json index 0b967d9fa0d..b61fa98c5eb 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26724.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26724.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26724", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:54.203", - "lastModified": "2024-04-03T15:15:54.203", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26725.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26725.json index 58ecdf36728..03fd33fc4b7 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26725.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26725.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26725", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:54.257", - "lastModified": "2024-04-03T15:15:54.257", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26726.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26726.json index ccc987c6793..3ebf74106ba 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26726.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26726.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26726", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:54.313", - "lastModified": "2024-04-03T15:15:54.313", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26727.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26727.json index 65ec08d37a8..50a397fff4c 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26727.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26727.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26727", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:54.367", - "lastModified": "2024-04-03T15:15:54.367", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26728.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26728.json new file mode 100644 index 00000000000..129f578623e --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26728.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-26728", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:50.763", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix null-pointer dereference on edid reading\n\nUse i2c adapter when there isn't aux_mode in dc_link to fix a\nnull-pointer derefence that happens when running\nigt@kms_force_connector_basic in a system with DCN2.1 and HDMI connector\ndetected as below:\n\n[ +0.178146] BUG: kernel NULL pointer dereference, address: 00000000000004c0\n[ +0.000010] #PF: supervisor read access in kernel mode\n[ +0.000005] #PF: error_code(0x0000) - not-present page\n[ +0.000004] PGD 0 P4D 0\n[ +0.000006] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ +0.000006] CPU: 15 PID: 2368 Comm: kms_force_conne Not tainted 6.5.0-asdn+ #152\n[ +0.000005] Hardware name: HP HP ENVY x360 Convertible 13-ay1xxx/8929, BIOS F.01 07/14/2021\n[ +0.000004] RIP: 0010:i2c_transfer+0xd/0x100\n[ +0.000011] Code: ea fc ff ff 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 55 53 <48> 8b 47 10 48 89 fb 48 83 38 00 0f 84 b3 00 00 00 83 3d 2f 80 16\n[ +0.000004] RSP: 0018:ffff9c4f89c0fad0 EFLAGS: 00010246\n[ +0.000005] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000080\n[ +0.000003] RDX: 0000000000000002 RSI: ffff9c4f89c0fb20 RDI: 00000000000004b0\n[ +0.000003] RBP: ffff9c4f89c0fb80 R08: 0000000000000080 R09: ffff8d8e0b15b980\n[ +0.000003] R10: 00000000000380e0 R11: 0000000000000000 R12: 0000000000000080\n[ +0.000002] R13: 0000000000000002 R14: ffff9c4f89c0fb0e R15: ffff9c4f89c0fb0f\n[ +0.000004] FS: 00007f9ad2176c40(0000) GS:ffff8d90fe9c0000(0000) knlGS:0000000000000000\n[ +0.000003] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ +0.000004] CR2: 00000000000004c0 CR3: 0000000121bc4000 CR4: 0000000000750ee0\n[ +0.000003] PKRU: 55555554\n[ +0.000003] Call Trace:\n[ +0.000006] \n[ +0.000006] ? __die+0x23/0x70\n[ +0.000011] ? page_fault_oops+0x17d/0x4c0\n[ +0.000008] ? preempt_count_add+0x6e/0xa0\n[ +0.000008] ? srso_alias_return_thunk+0x5/0x7f\n[ +0.000011] ? exc_page_fault+0x7f/0x180\n[ +0.000009] ? asm_exc_page_fault+0x26/0x30\n[ +0.000013] ? i2c_transfer+0xd/0x100\n[ +0.000010] drm_do_probe_ddc_edid+0xc2/0x140 [drm]\n[ +0.000067] ? srso_alias_return_thunk+0x5/0x7f\n[ +0.000006] ? _drm_do_get_edid+0x97/0x3c0 [drm]\n[ +0.000043] ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm]\n[ +0.000042] edid_block_read+0x3b/0xd0 [drm]\n[ +0.000043] _drm_do_get_edid+0xb6/0x3c0 [drm]\n[ +0.000041] ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm]\n[ +0.000043] drm_edid_read_custom+0x37/0xd0 [drm]\n[ +0.000044] amdgpu_dm_connector_mode_valid+0x129/0x1d0 [amdgpu]\n[ +0.000153] drm_connector_mode_valid+0x3b/0x60 [drm_kms_helper]\n[ +0.000000] __drm_helper_update_and_validate+0xfe/0x3c0 [drm_kms_helper]\n[ +0.000000] ? amdgpu_dm_connector_get_modes+0xb6/0x520 [amdgpu]\n[ +0.000000] ? srso_alias_return_thunk+0x5/0x7f\n[ +0.000000] drm_helper_probe_single_connector_modes+0x2ab/0x540 [drm_kms_helper]\n[ +0.000000] status_store+0xb2/0x1f0 [drm]\n[ +0.000000] kernfs_fop_write_iter+0x136/0x1d0\n[ +0.000000] vfs_write+0x24d/0x440\n[ +0.000000] ksys_write+0x6f/0xf0\n[ +0.000000] do_syscall_64+0x60/0xc0\n[ +0.000000] ? srso_alias_return_thunk+0x5/0x7f\n[ +0.000000] ? syscall_exit_to_user_mode+0x2b/0x40\n[ +0.000000] ? srso_alias_return_thunk+0x5/0x7f\n[ +0.000000] ? do_syscall_64+0x6c/0xc0\n[ +0.000000] ? do_syscall_64+0x6c/0xc0\n[ +0.000000] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ +0.000000] RIP: 0033:0x7f9ad46b4b00\n[ +0.000000] Code: 40 00 48 8b 15 19 b3 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d e1 3a 0e 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89\n[ +0.000000] RSP: 002b:00007ffcbd3bd6d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\n[ +0.000000] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9ad46b4b00\n[ +0.000000] RDX: 0000000000000002 RSI: 00007f9ad48a7417 RDI: 0000000000000009\n[ +0.000000] RBP: 0000000000000002 R08\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2d392f7268a1a9bfbd98c831f0f4c964e59aa145", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9671761792156f2339627918bafcd713a8a6f777", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26729.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26729.json new file mode 100644 index 00000000000..3f0bf85dfc6 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26729.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-26729", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:50.820", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix potential null pointer dereference in dc_dmub_srv\n\nFixes potential null pointer dereference warnings in the\ndc_dmub_srv_cmd_list_queue_execute() and dc_dmub_srv_is_hw_pwr_up()\nfunctions.\n\nIn both functions, the 'dc_dmub_srv' variable was being dereferenced\nbefore it was checked for null. This could lead to a null pointer\ndereference if 'dc_dmub_srv' is null. The fix is to check if\n'dc_dmub_srv' is null before dereferencing it.\n\nThus moving the null checks for 'dc_dmub_srv' to the beginning of the\nfunctions to ensure that 'dc_dmub_srv' is not null when it is\ndereferenced.\n\nFound by smatch & thus fixing the below:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dc_dmub_srv.c:133 dc_dmub_srv_cmd_list_queue_execute() warn: variable dereferenced before check 'dc_dmub_srv' (see line 128)\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dc_dmub_srv.c:1167 dc_dmub_srv_is_hw_pwr_up() warn: variable dereferenced before check 'dc_dmub_srv' (see line 1164)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/351080ba3414c96afff0f1338b4aeb2983195b80", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d2b48f340d9e4a8fbeb1cdc84cd8da6ad143a907", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26730.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26730.json new file mode 100644 index 00000000000..145e999045c --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26730.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2024-26730", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:50.873", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (nct6775) Fix access to temperature configuration registers\n\nThe number of temperature configuration registers does\nnot always match the total number of temperature registers.\nThis can result in access errors reported if KASAN is enabled.\n\nBUG: KASAN: global-out-of-bounds in nct6775_probe+0x5654/0x6fe9 nct6775_core" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/c196387820c9214c5ceaff56d77303c82514b8b1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d56e460e19ea8382f813eb489730248ec8d7eb73", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f006c45a3ea424f8f6c8e4b9283bc245ce2a4d0f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26731.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26731.json new file mode 100644 index 00000000000..40efe436104 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26731.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-26731", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:50.927", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready()\n\nsyzbot reported the following NULL pointer dereference issue [1]:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n [...]\n RIP: 0010:0x0\n [...]\n Call Trace:\n \n sk_psock_verdict_data_ready+0x232/0x340 net/core/skmsg.c:1230\n unix_stream_sendmsg+0x9b4/0x1230 net/unix/af_unix.c:2293\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:745\n ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584\n ___sys_sendmsg net/socket.c:2638 [inline]\n __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n\nIf sk_psock_verdict_data_ready() and sk_psock_stop_verdict() are called\nconcurrently, psock->saved_data_ready can be NULL, causing the above issue.\n\nThis patch fixes this issue by calling the appropriate data ready function\nusing the sk_psock_data_ready() helper and protecting it from concurrency\nwith sk->sk_callback_lock." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4588b13abcbd561ec67f5b3c1cb2eff690990a54", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4cd12c6065dfcdeba10f49949bffcf383b3952d8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9b099ed46dcaf1403c531ff02c3d7400fa37fa26", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d61608a4e394f23e0dca099df9eb8e555453d949", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26732.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26732.json new file mode 100644 index 00000000000..563bfc1d9eb --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26732.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-26732", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:50.977", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: implement lockless setsockopt(SO_PEEK_OFF)\n\nsyzbot reported a lockdep violation [1] involving af_unix\nsupport of SO_PEEK_OFF.\n\nSince SO_PEEK_OFF is inherently not thread safe (it uses a per-socket\nsk_peek_off field), there is really no point to enforce a pointless\nthread safety in the kernel.\n\nAfter this patch :\n\n- setsockopt(SO_PEEK_OFF) no longer acquires the socket lock.\n\n- skb_consume_udp() no longer has to acquire the socket lock.\n\n- af_unix no longer needs a special version of sk_set_peek_off(),\n because it does not lock u->iolock anymore.\n\nAs a followup, we could replace prot->set_peek_off to be a boolean\nand avoid an indirect call, since we always use sk_set_peek_off().\n\n[1]\n\nWARNING: possible circular locking dependency detected\n6.8.0-rc4-syzkaller-00267-g0f1dd5e91e2b #0 Not tainted\n\nsyz-executor.2/30025 is trying to acquire lock:\n ffff8880765e7d80 (&u->iolock){+.+.}-{3:3}, at: unix_set_peek_off+0x26/0xa0 net/unix/af_unix.c:789\n\nbut task is already holding lock:\n ffff8880765e7930 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1691 [inline]\n ffff8880765e7930 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: sockopt_lock_sock net/core/sock.c:1060 [inline]\n ffff8880765e7930 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: sk_setsockopt+0xe52/0x3360 net/core/sock.c:1193\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #1 (sk_lock-AF_UNIX){+.+.}-{0:0}:\n lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754\n lock_sock_nested+0x48/0x100 net/core/sock.c:3524\n lock_sock include/net/sock.h:1691 [inline]\n __unix_dgram_recvmsg+0x1275/0x12c0 net/unix/af_unix.c:2415\n sock_recvmsg_nosec+0x18e/0x1d0 net/socket.c:1046\n ____sys_recvmsg+0x3c0/0x470 net/socket.c:2801\n ___sys_recvmsg net/socket.c:2845 [inline]\n do_recvmmsg+0x474/0xae0 net/socket.c:2939\n __sys_recvmmsg net/socket.c:3018 [inline]\n __do_sys_recvmmsg net/socket.c:3041 [inline]\n __se_sys_recvmmsg net/socket.c:3034 [inline]\n __x64_sys_recvmmsg+0x199/0x250 net/socket.c:3034\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n\n-> #0 (&u->iolock){+.+.}-{3:3}:\n check_prev_add kernel/locking/lockdep.c:3134 [inline]\n check_prevs_add kernel/locking/lockdep.c:3253 [inline]\n validate_chain+0x18ca/0x58e0 kernel/locking/lockdep.c:3869\n __lock_acquire+0x1345/0x1fd0 kernel/locking/lockdep.c:5137\n lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754\n __mutex_lock_common kernel/locking/mutex.c:608 [inline]\n __mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752\n unix_set_peek_off+0x26/0xa0 net/unix/af_unix.c:789\n sk_setsockopt+0x207e/0x3360\n do_sock_setsockopt+0x2fb/0x720 net/socket.c:2307\n __sys_setsockopt+0x1ad/0x250 net/socket.c:2334\n __do_sys_setsockopt net/socket.c:2343 [inline]\n __se_sys_setsockopt net/socket.c:2340 [inline]\n __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(sk_lock-AF_UNIX);\n lock(&u->iolock);\n lock(sk_lock-AF_UNIX);\n lock(&u->iolock);\n\n *** DEADLOCK ***\n\n1 lock held by syz-executor.2/30025:\n #0: ffff8880765e7930 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1691 [inline]\n #0: ffff8880765e7930 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: sockopt_lock_sock net/core/sock.c:1060 [inline]\n #0: ffff8880765e7930 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: sk_setsockopt+0xe52/0x3360 net/core/sock.c:1193\n\nstack backtrace:\nCPU: 0 PID: 30025 Comm: syz-executor.2 Not tainted 6.8.0-rc4-syzkaller-00267-g0f1dd5e91e2b #0\nHardware name: Google Google C\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/56667da7399eb19af857e30f41bea89aa6fa812c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/897f75e2cde8a5f9f7529b55249af1fa4248c83b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26733.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26733.json new file mode 100644 index 00000000000..6a64923aa16 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26733.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2024-26733", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:51.040", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narp: Prevent overflow in arp_req_get().\n\nsyzkaller reported an overflown write in arp_req_get(). [0]\n\nWhen ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour\nentry and copies neigh->ha to struct arpreq.arp_ha.sa_data.\n\nThe arp_ha here is struct sockaddr, not struct sockaddr_storage, so\nthe sa_data buffer is just 14 bytes.\n\nIn the splat below, 2 bytes are overflown to the next int field,\narp_flags. We initialise the field just after the memcpy(), so it's\nnot a problem.\n\nHowever, when dev->addr_len is greater than 22 (e.g. MAX_ADDR_LEN),\narp_netmask is overwritten, which could be set as htonl(0xFFFFFFFFUL)\nin arp_ioctl() before calling arp_req_get().\n\nTo avoid the overflow, let's limit the max length of memcpy().\n\nNote that commit b5f0de6df6dc (\"net: dev: Convert sa_data to flexible\narray in struct sockaddr\") just silenced syzkaller.\n\n[0]:\nmemcpy: detected field-spanning write (size 16) of single field \"r->arp_ha.sa_data\" at net/ipv4/arp.c:1128 (size 14)\nWARNING: CPU: 0 PID: 144638 at net/ipv4/arp.c:1128 arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128\nModules linked in:\nCPU: 0 PID: 144638 Comm: syz-executor.4 Not tainted 6.1.74 #31\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014\nRIP: 0010:arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128\nCode: fd ff ff e8 41 42 de fb b9 0e 00 00 00 4c 89 fe 48 c7 c2 20 6d ab 87 48 c7 c7 80 6d ab 87 c6 05 25 af 72 04 01 e8 5f 8d ad fb <0f> 0b e9 6c fd ff ff e8 13 42 de fb be 03 00 00 00 4c 89 e7 e8 a6\nRSP: 0018:ffffc900050b7998 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff88803a815000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffffffff8641a44a RDI: 0000000000000001\nRBP: ffffc900050b7a98 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 203a7970636d656d R12: ffff888039c54000\nR13: 1ffff92000a16f37 R14: ffff88803a815084 R15: 0000000000000010\nFS: 00007f172bf306c0(0000) GS:ffff88805aa00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f172b3569f0 CR3: 0000000057f12005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \n arp_ioctl+0x33f/0x4b0 net/ipv4/arp.c:1261\n inet_ioctl+0x314/0x3a0 net/ipv4/af_inet.c:981\n sock_do_ioctl+0xdf/0x260 net/socket.c:1204\n sock_ioctl+0x3ef/0x650 net/socket.c:1321\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x18e/0x220 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x37/0x90 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x64/0xce\nRIP: 0033:0x7f172b262b8d\nCode: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f172bf300b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007f172b3abf80 RCX: 00007f172b262b8d\nRDX: 0000000020000000 RSI: 0000000000008954 RDI: 0000000000000003\nRBP: 00007f172b2d3493 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000000b R14: 00007f172b3abf80 R15: 00007f172bf10000\n " + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26734.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26734.json new file mode 100644 index 00000000000..6f7e0e696ce --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26734.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2024-26734", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:51.100", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndevlink: fix possible use-after-free and memory leaks in devlink_init()\n\nThe pernet operations structure for the subsystem must be registered\nbefore registering the generic netlink family.\n\nMake an unregister in case of unsuccessful registration." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/919092bd5482b7070ae66d1daef73b600738f3a2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/def689fc26b9a9622d2e2cb0c4933dd3b1c8071c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e91d3561e28d7665f4f837880501dc8755f635a9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26735.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26735.json new file mode 100644 index 00000000000..6716e50d7e3 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26735.json @@ -0,0 +1,48 @@ +{ + "id": "CVE-2024-26735", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:51.147", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: fix possible use-after-free and null-ptr-deref\n\nThe pernet operations structure for the subsystem must be registered\nbefore registering the generic netlink family." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/02b08db594e8218cfbc0e4680d4331b457968a9b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5559cea2d5aa3018a5f00dd2aca3427ba09b386b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/65c38f23d10ff79feea1e5d50b76dc7af383c1e6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/82831e3ff76ef09fb184eb93b79a3eb3fb284f1d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8391b9b651cfdf80ab0f1dc4a489f9d67386e197", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/91b020aaa1e59bfb669d34c968e3db3d5416bcee", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/953f42934533c151f440cd32390044d2396b87aa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9e02973dbc6a91e40aa4f5d87b8c47446fbfce44", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26736.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26736.json new file mode 100644 index 00000000000..18b2a6dc0ff --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26736.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2024-26736", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:51.197", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Increase buffer size in afs_update_volume_status()\n\nThe max length of volume->vid value is 20 characters.\nSo increase idbuf[] size up to 24 to avoid overflow.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[DH: Actually, it's 20 + NUL, so increase it to 24 and use snprintf()]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6e6065dd25b661420fac19c34282b6c626fcd35e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d34a5e57632bb5ff825196ddd9a48ca403626dfa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d9b5e2b7a8196850383c70d099bfd39e81ab6637", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e56662160fc24d28cb75ac095cc6415ae1bda43e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e8530b170e464017203e3b8c6c49af6e916aece1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26737.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26737.json new file mode 100644 index 00000000000..5aead72299b --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26737.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2024-26737", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:51.243", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel\n\nThe following race is possible between bpf_timer_cancel_and_free\nand bpf_timer_cancel. It will lead a UAF on the timer->timer.\n\nbpf_timer_cancel();\n\tspin_lock();\n\tt = timer->time;\n\tspin_unlock();\n\n\t\t\t\t\tbpf_timer_cancel_and_free();\n\t\t\t\t\t\tspin_lock();\n\t\t\t\t\t\tt = timer->timer;\n\t\t\t\t\t\ttimer->timer = NULL;\n\t\t\t\t\t\tspin_unlock();\n\t\t\t\t\t\thrtimer_cancel(&t->timer);\n\t\t\t\t\t\tkfree(t);\n\n\t/* UAF on t */\n\thrtimer_cancel(&t->timer);\n\nIn bpf_timer_cancel_and_free, this patch frees the timer->timer\nafter a rcu grace period. This requires a rcu_head addition\nto the \"struct bpf_hrtimer\". Another kfree(t) happens in bpf_timer_init,\nthis does not need a kfree_rcu because it is still under the\nspin_lock and timer->timer has not been visible by others yet.\n\nIn bpf_timer_cancel, rcu_read_lock() is added because this helper\ncan be used in a non rcu critical section context (e.g. from\na sleepable bpf prog). Other timer->timer usages in helpers.c\nhave been audited, bpf_timer_cancel() is the only place where\ntimer->timer is used outside of the spin_lock.\n\nAnother solution considered is to mark a t->flag in bpf_timer_cancel\nand clear it after hrtimer_cancel() is done. In bpf_timer_cancel_and_free,\nit busy waits for the flag to be cleared before kfree(t). This patch\ngoes with a straight forward solution and frees timer->timer after\na rcu grace period." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0281b919e175bb9c3128bd3872ac2903e9436e3f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5268bb02107b9eedfdcd51db75b407d10043368c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7d80a9e745fa5b47da3bca001f186c02485c7c33", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8327ed12e8ebc5436bfaa1786c49988894f9c8a6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/addf5e297e6cbf5341f9c07720693ca9ba0057b5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26738.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26738.json new file mode 100644 index 00000000000..2e3f41f86be --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26738.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2024-26738", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:51.303", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller\n\nWhen a PCI device is dynamically added, the kernel oopses with a NULL\npointer dereference:\n\n BUG: Kernel NULL pointer dereference on read at 0x00000030\n Faulting instruction address: 0xc0000000006bbe5c\n Oops: Kernel access of bad area, sig: 11 [#1]\n LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n Modules linked in: rpadlpar_io rpaphp rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs xsk_diag bonding nft_compat nf_tables nfnetlink rfkill binfmt_misc dm_multipath rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi ib_ipoib rdma_cm iw_cm ib_cm mlx5_ib ib_uverbs ib_core pseries_rng drm drm_panel_orientation_quirks xfs libcrc32c mlx5_core mlxfw sd_mod t10_pi sg tls ibmvscsi ibmveth scsi_transport_srp vmx_crypto pseries_wdt psample dm_mirror dm_region_hash dm_log dm_mod fuse\n CPU: 17 PID: 2685 Comm: drmgr Not tainted 6.7.0-203405+ #66\n Hardware name: IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_008) hv:phyp pSeries\n NIP: c0000000006bbe5c LR: c000000000a13e68 CTR: c0000000000579f8\n REGS: c00000009924f240 TRAP: 0300 Not tainted (6.7.0-203405+)\n MSR: 8000000000009033 CR: 24002220 XER: 20040006\n CFAR: c000000000a13e64 DAR: 0000000000000030 DSISR: 40000000 IRQMASK: 0\n ...\n NIP sysfs_add_link_to_group+0x34/0x94\n LR iommu_device_link+0x5c/0x118\n Call Trace:\n iommu_init_device+0x26c/0x318 (unreliable)\n iommu_device_link+0x5c/0x118\n iommu_init_device+0xa8/0x318\n iommu_probe_device+0xc0/0x134\n iommu_bus_notifier+0x44/0x104\n notifier_call_chain+0xb8/0x19c\n blocking_notifier_call_chain+0x64/0x98\n bus_notify+0x50/0x7c\n device_add+0x640/0x918\n pci_device_add+0x23c/0x298\n of_create_pci_dev+0x400/0x884\n of_scan_pci_dev+0x124/0x1b0\n __of_scan_bus+0x78/0x18c\n pcibios_scan_phb+0x2a4/0x3b0\n init_phb_dynamic+0xb8/0x110\n dlpar_add_slot+0x170/0x3b8 [rpadlpar_io]\n add_slot_store.part.0+0xb4/0x130 [rpadlpar_io]\n kobj_attr_store+0x2c/0x48\n sysfs_kf_write+0x64/0x78\n kernfs_fop_write_iter+0x1b0/0x290\n vfs_write+0x350/0x4a0\n ksys_write+0x84/0x140\n system_call_exception+0x124/0x330\n system_call_vectored_common+0x15c/0x2ec\n\nCommit a940904443e4 (\"powerpc/iommu: Add iommu_ops to report capabilities\nand allow blocking domains\") broke DLPAR add of PCI devices.\n\nThe above added iommu_device structure to pci_controller. During\nsystem boot, PCI devices are discovered and this newly added iommu_device\nstructure is initialized by a call to iommu_device_register().\n\nDuring DLPAR add of a PCI device, a new pci_controller structure is\nallocated but there are no calls made to iommu_device_register()\ninterface.\n\nFix is to register the iommu device during DLPAR add as well." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/46e36ebd5e00a148b67ed77c1d31675996f77c25", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a5c57fd2e9bd1c8ea8613a8f94fd0be5eccbf321", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b8315b2e25b4e68e42fcb74630f824b9a5067765", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26739.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26739.json new file mode 100644 index 00000000000..9ae07851932 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26739.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2024-26739", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:51.367", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_mirred: don't override retval if we already lost the skb\n\nIf we're redirecting the skb, and haven't called tcf_mirred_forward(),\nyet, we need to tell the core to drop the skb by setting the retcode\nto SHOT. If we have called tcf_mirred_forward(), however, the skb\nis out of our hands and returning SHOT will lead to UaF.\n\nMove the retval override to the error path which actually need it." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/166c2c8a6a4dc2e4ceba9e10cfe81c3e469e3210", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/28cdbbd38a4413b8eff53399b3f872fd4e80db9d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f4e294bbdca8ac8757db436fc82214f3882fc7e7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26740.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26740.json new file mode 100644 index 00000000000..958a35a81ab --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26740.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2024-26740", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:51.410", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_mirred: use the backlog for mirred ingress\n\nThe test Davide added in commit ca22da2fbd69 (\"act_mirred: use the backlog\nfor nested calls to mirred ingress\") hangs our testing VMs every 10 or so\nruns, with the familiar tcp_v4_rcv -> tcp_v4_rcv deadlock reported by\nlockdep.\n\nThe problem as previously described by Davide (see Link) is that\nif we reverse flow of traffic with the redirect (egress -> ingress)\nwe may reach the same socket which generated the packet. And we may\nstill be holding its socket lock. The common solution to such deadlocks\nis to put the packet in the Rx backlog, rather than run the Rx path\ninline. Do that for all egress -> ingress reversals, not just once\nwe started to nest mirred calls.\n\nIn the past there was a concern that the backlog indirection will\nlead to loss of error reporting / less accurate stats. But the current\nworkaround does not seem to address the issue." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/52f671db18823089a02f07efc04efdb2272ddc17", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/60ddea1600bc476e0f5e02bce0e29a460ccbf0be", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7c787888d164689da8b1b115f3ef562c1e843af4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26741.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26741.json new file mode 100644 index 00000000000..0d213c8c797 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26741.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-26741", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:51.457", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished().\n\nsyzkaller reported a warning [0] in inet_csk_destroy_sock() with no\nrepro.\n\n WARN_ON(inet_sk(sk)->inet_num && !inet_csk(sk)->icsk_bind_hash);\n\nHowever, the syzkaller's log hinted that connect() failed just before\nthe warning due to FAULT_INJECTION. [1]\n\nWhen connect() is called for an unbound socket, we search for an\navailable ephemeral port. If a bhash bucket exists for the port, we\ncall __inet_check_established() or __inet6_check_established() to check\nif the bucket is reusable.\n\nIf reusable, we add the socket into ehash and set inet_sk(sk)->inet_num.\n\nLater, we look up the corresponding bhash2 bucket and try to allocate\nit if it does not exist.\n\nAlthough it rarely occurs in real use, if the allocation fails, we must\nrevert the changes by check_established(). Otherwise, an unconnected\nsocket could illegally occupy an ehash entry.\n\nNote that we do not put tw back into ehash because sk might have\nalready responded to a packet for tw and it would be better to free\ntw earlier under such memory presure.\n\n[0]:\nWARNING: CPU: 0 PID: 350830 at net/ipv4/inet_connection_sock.c:1193 inet_csk_destroy_sock (net/ipv4/inet_connection_sock.c:1193)\nModules linked in:\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:inet_csk_destroy_sock (net/ipv4/inet_connection_sock.c:1193)\nCode: 41 5c 41 5d 41 5e e9 2d 4a 3d fd e8 28 4a 3d fd 48 89 ef e8 f0 cd 7d ff 5b 5d 41 5c 41 5d 41 5e e9 13 4a 3d fd e8 0e 4a 3d fd <0f> 0b e9 61 fe ff ff e8 02 4a 3d fd 4c 89 e7 be 03 00 00 00 e8 05\nRSP: 0018:ffffc9000b21fd38 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000000009e78 RCX: ffffffff840bae40\nRDX: ffff88806e46c600 RSI: ffffffff840bb012 RDI: ffff88811755cca8\nRBP: ffff88811755c880 R08: 0000000000000003 R09: 0000000000000000\nR10: 0000000000009e78 R11: 0000000000000000 R12: ffff88811755c8e0\nR13: ffff88811755c892 R14: ffff88811755c918 R15: 0000000000000000\nFS: 00007f03e5243800(0000) GS:ffff88811ae00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b32f21000 CR3: 0000000112ffe001 CR4: 0000000000770ef0\nPKRU: 55555554\nCall Trace:\n \n ? inet_csk_destroy_sock (net/ipv4/inet_connection_sock.c:1193)\n dccp_close (net/dccp/proto.c:1078)\n inet_release (net/ipv4/af_inet.c:434)\n __sock_release (net/socket.c:660)\n sock_close (net/socket.c:1423)\n __fput (fs/file_table.c:377)\n __fput_sync (fs/file_table.c:462)\n __x64_sys_close (fs/open.c:1557 fs/open.c:1539 fs/open.c:1539)\n do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129)\nRIP: 0033:0x7f03e53852bb\nCode: 03 00 00 00 0f 05 48 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 43 c9 f5 ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 c9 f5 ff 8b 44\nRSP: 002b:00000000005dfba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003\nRAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f03e53852bb\nRDX: 0000000000000002 RSI: 0000000000000002 RDI: 0000000000000003\nRBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000167c\nR10: 0000000008a79680 R11: 0000000000000293 R12: 00007f03e4e43000\nR13: 00007f03e4e43170 R14: 00007f03e4e43178 R15: 00007f03e4e43170\n \n\n[1]:\nFAULT_INJECTION: forcing a failure.\nname failslab, interval 1, probability 0, space 0, times 0\nCPU: 0 PID: 350833 Comm: syz-executor.1 Not tainted 6.7.0-12272-g2121c43f88f5 #9\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \n dump_stack_lvl (lib/dump_stack.c:107 (discriminator 1))\n should_fail_ex (lib/fault-inject.c:52 lib/fault-inject.c:153)\n should_failslab (mm/slub.c:3748)\n kmem_cache_alloc (mm/slub.c:3763 mm/slub.c:3842 mm/slub.c:3867)\n inet_bind2_bucket_create \n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/334a8348b2df26526f3298848ad6864285592caf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/66b60b0c8c4a163b022a9f0ad6769b0fd3dc662f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/729bc77af438a6e67914c97f6f3d3af8f72c0131", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f8c4a6b850882bc47aaa864b720c7a2ee3102f39", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26742.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26742.json new file mode 100644 index 00000000000..9708fbd7c97 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26742.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-26742", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:51.517", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: smartpqi: Fix disable_managed_interrupts\n\nCorrect blk-mq registration issue with module parameter\ndisable_managed_interrupts enabled.\n\nWhen we turn off the default PCI_IRQ_AFFINITY flag, the driver needs to\nregister with blk-mq using blk_mq_map_queues(). The driver is currently\ncalling blk_mq_pci_map_queues() which results in a stack trace and possibly\nundefined behavior.\n\nStack Trace:\n[ 7.860089] scsi host2: smartpqi\n[ 7.871934] WARNING: CPU: 0 PID: 238 at block/blk-mq-pci.c:52 blk_mq_pci_map_queues+0xca/0xd0\n[ 7.889231] Modules linked in: sd_mod t10_pi sg uas smartpqi(+) crc32c_intel scsi_transport_sas usb_storage dm_mirror dm_region_hash dm_log dm_mod ipmi_devintf ipmi_msghandler fuse\n[ 7.924755] CPU: 0 PID: 238 Comm: kworker/0:3 Not tainted 4.18.0-372.88.1.el8_6_smartpqi_test.x86_64 #1\n[ 7.944336] Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 03/08/2022\n[ 7.963026] Workqueue: events work_for_cpu_fn\n[ 7.978275] RIP: 0010:blk_mq_pci_map_queues+0xca/0xd0\n[ 7.978278] Code: 48 89 de 89 c7 e8 f6 0f 4f 00 3b 05 c4 b7 8e 01 72 e1 5b 31 c0 5d 41 5c 41 5d 41 5e 41 5f e9 7d df 73 00 31 c0 e9 76 df 73 00 <0f> 0b eb bc 90 90 0f 1f 44 00 00 41 57 49 89 ff 41 56 41 55 41 54\n[ 7.978280] RSP: 0018:ffffa95fc3707d50 EFLAGS: 00010216\n[ 7.978283] RAX: 00000000ffffffff RBX: 0000000000000000 RCX: 0000000000000010\n[ 7.978284] RDX: 0000000000000004 RSI: 0000000000000000 RDI: ffff9190c32d4310\n[ 7.978286] RBP: 0000000000000000 R08: ffffa95fc3707d38 R09: ffff91929b81ac00\n[ 7.978287] R10: 0000000000000001 R11: ffffa95fc3707ac0 R12: 0000000000000000\n[ 7.978288] R13: ffff9190c32d4000 R14: 00000000ffffffff R15: ffff9190c4c950a8\n[ 7.978290] FS: 0000000000000000(0000) GS:ffff9193efc00000(0000) knlGS:0000000000000000\n[ 7.978292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 8.172814] CR2: 000055d11166c000 CR3: 00000002dae10002 CR4: 00000000007706f0\n[ 8.172816] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 8.172817] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 8.172818] PKRU: 55555554\n[ 8.172819] Call Trace:\n[ 8.172823] blk_mq_alloc_tag_set+0x12e/0x310\n[ 8.264339] scsi_add_host_with_dma.cold.9+0x30/0x245\n[ 8.279302] pqi_ctrl_init+0xacf/0xc8e [smartpqi]\n[ 8.294085] ? pqi_pci_probe+0x480/0x4c8 [smartpqi]\n[ 8.309015] pqi_pci_probe+0x480/0x4c8 [smartpqi]\n[ 8.323286] local_pci_probe+0x42/0x80\n[ 8.337855] work_for_cpu_fn+0x16/0x20\n[ 8.351193] process_one_work+0x1a7/0x360\n[ 8.364462] ? create_worker+0x1a0/0x1a0\n[ 8.379252] worker_thread+0x1ce/0x390\n[ 8.392623] ? create_worker+0x1a0/0x1a0\n[ 8.406295] kthread+0x10a/0x120\n[ 8.418428] ? set_kthread_struct+0x50/0x50\n[ 8.431532] ret_from_fork+0x1f/0x40\n[ 8.444137] ---[ end trace 1bf0173d39354506 ]---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3c31b18a8dd8b7bf36af1cd723d455853b8f94fe", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4f5b15c15e6016efb3e14582d02cc4ddf57227df", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5761eb9761d2d5fe8248a9b719efc4d8baf1f24a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b9433b25cb06c415c9cb24782599649a406c8d6d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26743.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26743.json new file mode 100644 index 00000000000..09b66050f81 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26743.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2024-26743", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:51.577", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/qedr: Fix qedr_create_user_qp error flow\n\nAvoid the following warning by making sure to free the allocated\nresources in case that qedr_init_user_queue() fail.\n\n-----------[ cut here ]-----------\nWARNING: CPU: 0 PID: 143192 at drivers/infiniband/core/rdma_core.c:874 uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\nModules linked in: tls target_core_user uio target_core_pscsi target_core_file target_core_iblock ib_srpt ib_srp scsi_transport_srp nfsd nfs_acl rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs 8021q garp mrp stp llc ext4 mbcache jbd2 opa_vnic ib_umad ib_ipoib sunrpc rdma_ucm ib_isert iscsi_target_mod target_core_mod ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm hfi1 intel_rapl_msr intel_rapl_common mgag200 qedr sb_edac drm_shmem_helper rdmavt x86_pkg_temp_thermal drm_kms_helper intel_powerclamp ib_uverbs coretemp i2c_algo_bit kvm_intel dell_wmi_descriptor ipmi_ssif sparse_keymap kvm ib_core rfkill syscopyarea sysfillrect video sysimgblt irqbypass ipmi_si ipmi_devintf fb_sys_fops rapl iTCO_wdt mxm_wmi iTCO_vendor_support intel_cstate pcspkr dcdbas intel_uncore ipmi_msghandler lpc_ich acpi_power_meter mei_me mei fuse drm xfs libcrc32c qede sd_mod ahci libahci t10_pi sg crct10dif_pclmul crc32_pclmul crc32c_intel qed libata tg3\nghash_clmulni_intel megaraid_sas crc8 wmi [last unloaded: ib_srpt]\nCPU: 0 PID: 143192 Comm: fi_rdm_tagged_p Kdump: loaded Not tainted 5.14.0-408.el9.x86_64 #1\nHardware name: Dell Inc. PowerEdge R430/03XKDV, BIOS 2.14.0 01/25/2022\nRIP: 0010:uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\nCode: 5d 41 5c 41 5d 41 5e e9 0f 26 1b dd 48 89 df e8 67 6a ff ff 49 8b 86 10 01 00 00 48 85 c0 74 9c 4c 89 e7 e8 83 c0 cb dd eb 92 <0f> 0b eb be 0f 0b be 04 00 00 00 48 89 df e8 8e f5 ff ff e9 6d ff\nRSP: 0018:ffffb7c6cadfbc60 EFLAGS: 00010286\nRAX: ffff8f0889ee3f60 RBX: ffff8f088c1a5200 RCX: 00000000802a0016\nRDX: 00000000802a0017 RSI: 0000000000000001 RDI: ffff8f0880042600\nRBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000\nR10: ffff8f11fffd5000 R11: 0000000000039000 R12: ffff8f0d5b36cd80\nR13: ffff8f088c1a5250 R14: ffff8f1206d91000 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffff8f11d7c00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000147069200e20 CR3: 00000001c7210002 CR4: 00000000001706f0\nCall Trace:\n\n? show_trace_log_lvl+0x1c4/0x2df\n? show_trace_log_lvl+0x1c4/0x2df\n? ib_uverbs_close+0x1f/0xb0 [ib_uverbs]\n? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\n? __warn+0x81/0x110\n? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\n? report_bug+0x10a/0x140\n? handle_bug+0x3c/0x70\n? exc_invalid_op+0x14/0x70\n? asm_exc_invalid_op+0x16/0x20\n? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\nib_uverbs_close+0x1f/0xb0 [ib_uverbs]\n__fput+0x94/0x250\ntask_work_run+0x5c/0x90\ndo_exit+0x270/0x4a0\ndo_group_exit+0x2d/0x90\nget_signal+0x87c/0x8c0\narch_do_signal_or_restart+0x25/0x100\n? ib_uverbs_ioctl+0xc2/0x110 [ib_uverbs]\nexit_to_user_mode_loop+0x9c/0x130\nexit_to_user_mode_prepare+0xb6/0x100\nsyscall_exit_to_user_mode+0x12/0x40\ndo_syscall_64+0x69/0x90\n? syscall_exit_work+0x103/0x130\n? syscall_exit_to_user_mode+0x22/0x40\n? do_syscall_64+0x69/0x90\n? syscall_exit_work+0x103/0x130\n? syscall_exit_to_user_mode+0x22/0x40\n? do_syscall_64+0x69/0x90\n? do_syscall_64+0x69/0x90\n? common_interrupt+0x43/0xa0\nentry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x1470abe3ec6b\nCode: Unable to access opcode bytes at RIP 0x1470abe3ec41.\nRSP: 002b:00007fff13ce9108 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: fffffffffffffffc RBX: 00007fff13ce9218 RCX: 00001470abe3ec6b\nRDX: 00007fff13ce9200 RSI: 00000000c0181b01 RDI: 0000000000000004\nRBP: 00007fff13ce91e0 R08: 0000558d9655da10 R09: 0000558d9655dd00\nR10: 00007fff13ce95c0 R11: 0000000000000246 R12: 00007fff13ce9358\nR13: 0000000000000013 R14: 0000558d9655db50 R15: 00007fff13ce9470\n\n--[ end trace 888a9b92e04c5c97 ]--" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/135e5465fefa463c5ec93c4eede48b9fedac894a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5639414a52a29336ffa1ede80a67c6d927acbc5a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5ba4e6d5863c53e937f49932dee0ecb004c65928", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7f31a244c753aacf40b71d01f03ca6742f81bbbc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/95175dda017cd4982cd47960536fa1de003d3298", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bab8875c06ebda5e01c5c4cab30022aed85c14e6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26744.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26744.json new file mode 100644 index 00000000000..2f4f29938cd --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26744.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2024-26744", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:51.627", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/srpt: Support specifying the srpt_service_guid parameter\n\nMake loading ib_srpt with this parameter set work. The current behavior is\nthat setting that parameter while loading the ib_srpt kernel module\ntriggers the following kernel crash:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nCall Trace:\n \n parse_one+0x18c/0x1d0\n parse_args+0xe1/0x230\n load_module+0x8de/0xa60\n init_module_from_file+0x8b/0xd0\n idempotent_init_module+0x181/0x240\n __x64_sys_finit_module+0x5a/0xb0\n do_syscall_64+0x5f/0xe0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5a5c039dac1b1b7ba3e91c791f4421052bf79b82", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/84f1dac960cfa210a3b7a7522e6c2320ae91932b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/989af2f29342a9a7c7515523d879b698ac8465f4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/aee4dcfe17219fe60f2821923adea98549060af8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c99a827d3cff9f84e1cb997b7cc6386d107aa74d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fdfa083549de5d50ebf7f6811f33757781e838c0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fe2a73d57319feab4b3b175945671ce43492172f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26747.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26747.json new file mode 100644 index 00000000000..5a043e13a24 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26747.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2024-26747", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:51.680", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: roles: fix NULL pointer issue when put module's reference\n\nIn current design, usb role class driver will get usb_role_switch parent's\nmodule reference after the user get usb_role_switch device and put the\nreference after the user put the usb_role_switch device. However, the\nparent device of usb_role_switch may be removed before the user put the\nusb_role_switch. If so, then, NULL pointer issue will be met when the user\nput the parent module's reference.\n\nThis will save the module pointer in structure of usb_role_switch. Then,\nwe don't need to find module by iterating long relations." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0158216805ca7e498d07de38840d2732166ae5fa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/01f82de440f2ab07c259b7573371e1c42e5565db", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1c9be13846c0b2abc2480602f8ef421360e1ad9e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4b45829440b1b208948b39cc71f77a37a2536734", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e279bf8e51893e1fe160b3d8126ef2dd00f661e1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ef982fc41055fcebb361a92288d3225783d12913", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26748.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26748.json new file mode 100644 index 00000000000..51d46af48a2 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26748.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2024-26748", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:51.727", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: fix memory double free when handle zero packet\n\n829 if (request->complete) {\n830 spin_unlock(&priv_dev->lock);\n831 usb_gadget_giveback_request(&priv_ep->endpoint,\n832 request);\n833 spin_lock(&priv_dev->lock);\n834 }\n835\n836 if (request->buf == priv_dev->zlp_buf)\n837 cdns3_gadget_ep_free_request(&priv_ep->endpoint, request);\n\nDriver append an additional zero packet request when queue a packet, which\nlength mod max packet size is 0. When transfer complete, run to line 831,\nusb_gadget_giveback_request() will free this requestion. 836 condition is\ntrue, so cdns3_gadget_ep_free_request() free this request again.\n\nLog:\n\n[ 1920.140696][ T150] BUG: KFENCE: use-after-free read in cdns3_gadget_giveback+0x134/0x2c0 [cdns3]\n[ 1920.140696][ T150]\n[ 1920.151837][ T150] Use-after-free read at 0x000000003d1cd10b (in kfence-#36):\n[ 1920.159082][ T150] cdns3_gadget_giveback+0x134/0x2c0 [cdns3]\n[ 1920.164988][ T150] cdns3_transfer_completed+0x438/0x5f8 [cdns3]\n\nAdd check at line 829, skip call usb_gadget_giveback_request() if it is\nadditional zero length packet request. Needn't call\nusb_gadget_giveback_request() because it is allocated in this driver." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1e204a8e9eb514e22a6567fb340ebb47df3f3a48", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3a2a909942b5335b7ea66366d84261b3ed5f89c8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5fd9e45f1ebcd57181358af28506e8a661a260b3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/70e8038813f9d3e72df966748ebbc40efe466019", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/92d20406a3d4ff3e8be667c79209dc9ed31df5b3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9a52b694b066f299d8b9800854a8503457a8b64c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/aad6132ae6e4809e375431f8defd1521985e44e7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26749.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26749.json new file mode 100644 index 00000000000..ce06d0b230f --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26749.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2024-26749", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:51.780", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()\n\n ...\n cdns3_gadget_ep_free_request(&priv_ep->endpoint, &priv_req->request);\n list_del_init(&priv_req->list);\n ...\n\n'priv_req' actually free at cdns3_gadget_ep_free_request(). But\nlist_del_init() use priv_req->list after it.\n\n[ 1542.642868][ T534] BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xd4\n[ 1542.642868][ T534]\n[ 1542.653162][ T534] Use-after-free read at 0x000000009ed0ba99 (in kfence-#3):\n[ 1542.660311][ T534] __list_del_entry_valid+0x10/0xd4\n[ 1542.665375][ T534] cdns3_gadget_ep_disable+0x1f8/0x388 [cdns3]\n[ 1542.671571][ T534] usb_ep_disable+0x44/0xe4\n[ 1542.675948][ T534] ffs_func_eps_disable+0x64/0xc8\n[ 1542.680839][ T534] ffs_func_set_alt+0x74/0x368\n[ 1542.685478][ T534] ffs_func_disable+0x18/0x28\n\nMove list_del_init() before cdns3_gadget_ep_free_request() to resolve this\nproblem." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2134e9906e17b1e5284300fab547869ebacfd7d9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/29e42e1578a10c611b3f1a38f3229b2d664b5d16", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4e5c73b15d95452c1ba9c771dd013a3fbe052ff3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9a07244f614bc417de527b799da779dcae780b5d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b40328eea93c75a5645891408010141a0159f643", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cd45f99034b0c8c9cb346dd0d6407a95ca3d36f6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cfa9abb5570c489dabf6f7fb3a066cc576fc8824", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26751.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26751.json new file mode 100644 index 00000000000..3c67c1bdbbf --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26751.json @@ -0,0 +1,48 @@ +{ + "id": "CVE-2024-26751", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:51.840", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: ep93xx: Add terminator to gpiod_lookup_table\n\nWithout the terminator, if a con_id is passed to gpio_find() that\ndoes not exist in the lookup table the function will not stop looping\ncorrectly, and eventually cause an oops." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/6abe0895b63c20de06685c8544b908c7e413efa8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/70d92abbe29692a3de8697ae082c60f2d21ab482", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/786f089086b505372fb3f4f008d57e7845fff0d8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/97ba7c1f9c0a2401e644760d857b2386aa895997", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/999a8bb70da2946336327b4480824d1691cae1fa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9e200a06ae2abb321939693008290af32b33dd6e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eec6cbbfa1e8d685cc245cfd5626d0715a127a48", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fdf87a0dc26d0550c60edc911cda42f9afec3557", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26752.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26752.json new file mode 100644 index 00000000000..f9180b6e304 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26752.json @@ -0,0 +1,48 @@ +{ + "id": "CVE-2024-26752", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:51.910", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: pass correct message length to ip6_append_data\n\nl2tp_ip6_sendmsg needs to avoid accounting for the transport header\ntwice when splicing more data into an already partially-occupied skbuff.\n\nTo manage this, we check whether the skbuff contains data using\nskb_queue_empty when deciding how much data to append using\nip6_append_data.\n\nHowever, the code which performed the calculation was incorrect:\n\n ulen = len + skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0;\n\n...due to C operator precedence, this ends up setting ulen to\ntranshdrlen for messages with a non-zero length, which results in\ncorrupted packets on the wire.\n\nAdd parentheses to correct the calculation in line with the original\nintent." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0da15a70395182ee8cb75716baf00dddc0bea38d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/13cd1daeea848614e585b2c6ecc11ca9c8ab2500", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4c3ce64bc9d36ca9164dd6c77ff144c121011aae", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/804bd8650a3a2bf3432375f8c97d5049d845ce56", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/83340c66b498e49353530e41542500fc8a4782d6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c1d3a84a67db910ce28a871273c992c3d7f9efb5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dcb4d14268595065c85dc5528056713928e17243", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26753.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26753.json new file mode 100644 index 00000000000..9229541013d --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26753.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2024-26753", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:51.990", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: virtio/akcipher - Fix stack overflow on memcpy\n\nsizeof(struct virtio_crypto_akcipher_session_para) is less than\nsizeof(struct virtio_crypto_op_ctrl_req::u), copying more bytes from\nstack variable leads stack overflow. Clang reports this issue by\ncommands:\nmake -j CC=clang-14 mrproper >/dev/null 2>&1\nmake -j O=/tmp/crypto-build CC=clang-14 allmodconfig >/dev/null 2>&1\nmake -j O=/tmp/crypto-build W=1 CC=clang-14 drivers/crypto/virtio/\n virtio_crypto_akcipher_algs.o" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/37077ed16c7793e21b005979d33f8a61565b7e86", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/62f361bfea60c6afc3df09c1ad4152e6507f6f47", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b0365460e945e1117b47cf7329d86de752daff63", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c0ec2a712daf133d9996a8a1b7ee2d4996080363", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ef1e47d50324e232d2da484fe55a54274eeb9bc1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26754.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26754.json new file mode 100644 index 00000000000..a6c593db595 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26754.json @@ -0,0 +1,48 @@ +{ + "id": "CVE-2024-26754", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:52.050", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()\n\nThe gtp_net_ops pernet operations structure for the subsystem must be\nregistered before registering the generic netlink family.\n\nSyzkaller hit 'general protection fault in gtp_genl_dump_pdp' bug:\n\ngeneral protection fault, probably for non-canonical address\n0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\nCPU: 1 PID: 5826 Comm: gtp Not tainted 6.8.0-rc3-std-def-alt1 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014\nRIP: 0010:gtp_genl_dump_pdp+0x1be/0x800 [gtp]\nCode: c6 89 c6 e8 64 e9 86 df 58 45 85 f6 0f 85 4e 04 00 00 e8 c5 ee 86\n df 48 8b 54 24 18 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80>\n 3c 02 00 0f 85 de 05 00 00 48 8b 44 24 18 4c 8b 30 4c 39 f0 74\nRSP: 0018:ffff888014107220 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000\nRDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000\nR13: ffff88800fcda588 R14: 0000000000000001 R15: 0000000000000000\nFS: 00007f1be4eb05c0(0000) GS:ffff88806ce80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1be4e766cf CR3: 000000000c33e000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \n ? show_regs+0x90/0xa0\n ? die_addr+0x50/0xd0\n ? exc_general_protection+0x148/0x220\n ? asm_exc_general_protection+0x22/0x30\n ? gtp_genl_dump_pdp+0x1be/0x800 [gtp]\n ? __alloc_skb+0x1dd/0x350\n ? __pfx___alloc_skb+0x10/0x10\n genl_dumpit+0x11d/0x230\n netlink_dump+0x5b9/0xce0\n ? lockdep_hardirqs_on_prepare+0x253/0x430\n ? __pfx_netlink_dump+0x10/0x10\n ? kasan_save_track+0x10/0x40\n ? __kasan_kmalloc+0x9b/0xa0\n ? genl_start+0x675/0x970\n __netlink_dump_start+0x6fc/0x9f0\n genl_family_rcv_msg_dumpit+0x1bb/0x2d0\n ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10\n ? genl_op_from_small+0x2a/0x440\n ? cap_capable+0x1d0/0x240\n ? __pfx_genl_start+0x10/0x10\n ? __pfx_genl_dumpit+0x10/0x10\n ? __pfx_genl_done+0x10/0x10\n ? security_capable+0x9d/0xe0" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/136cfaca22567a03bbb3bf53a43d8cb5748b80ec", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2e534fd15e5c2ca15821c897352cf0e8a3e30dca", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3963f16cc7643b461271989b712329520374ad2a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5013bd54d283eda5262c9ae3bcc966d01daf8576", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a576308800be28f2eaa099e7caad093b97d66e77", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ba6b8b02a3314e62571a540efa96560888c5f03e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f0ecdfa679189d26aedfe24212d4e69e42c2c861", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f8cbd1791900b5d96466eede8e9439a5b9ca4de7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26755.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26755.json new file mode 100644 index 00000000000..b594b7a8811 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26755.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-26755", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:52.103", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don't suspend the array for interrupted reshape\n\nmd_start_sync() will suspend the array if there are spares that can be\nadded or removed from conf, however, if reshape is still in progress,\nthis won't happen at all or data will be corrupted(remove_and_add_spares\nwon't be called from md_choose_sync_action for reshape), hence there is\nno need to suspend the array if reshape is not done yet.\n\nMeanwhile, there is a potential deadlock for raid456:\n\n1) reshape is interrupted;\n\n2) set one of the disk WantReplacement, and add a new disk to the array,\n however, recovery won't start until the reshape is finished;\n\n3) then issue an IO across reshpae position, this IO will wait for\n reshape to make progress;\n\n4) continue to reshape, then md_start_sync() found there is a spare disk\n that can be added to conf, mddev_suspend() is called;\n\nStep 4 and step 3 is waiting for each other, deadlock triggered. Noted\nthis problem is found by code review, and it's not reporduced yet.\n\nFix this porblem by don't suspend the array for interrupted reshape,\nthis is safe because conf won't be changed until reshape is done." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/60d6130d0ac1d883ed93c2a1e10aadb60967fd48", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9e46c70e829bddc24e04f963471e9983a11598b7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26756.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26756.json new file mode 100644 index 00000000000..8ad4755e4e5 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26756.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-26756", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:52.150", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don't register sync_thread for reshape directly\n\nCurrently, if reshape is interrupted, then reassemble the array will\nregister sync_thread directly from pers->run(), in this case\n'MD_RECOVERY_RUNNING' is set directly, however, there is no guarantee\nthat md_do_sync() will be executed, hence stop_sync_thread() will hang\nbecause 'MD_RECOVERY_RUNNING' can't be cleared.\n\nLast patch make sure that md_do_sync() will set MD_RECOVERY_DONE,\nhowever, following hang can still be triggered by dm-raid test\nshell/lvconvert-raid-reshape.sh occasionally:\n\n[root@fedora ~]# cat /proc/1982/stack\n[<0>] stop_sync_thread+0x1ab/0x270 [md_mod]\n[<0>] md_frozen_sync_thread+0x5c/0xa0 [md_mod]\n[<0>] raid_presuspend+0x1e/0x70 [dm_raid]\n[<0>] dm_table_presuspend_targets+0x40/0xb0 [dm_mod]\n[<0>] __dm_destroy+0x2a5/0x310 [dm_mod]\n[<0>] dm_destroy+0x16/0x30 [dm_mod]\n[<0>] dev_remove+0x165/0x290 [dm_mod]\n[<0>] ctl_ioctl+0x4bb/0x7b0 [dm_mod]\n[<0>] dm_ctl_ioctl+0x11/0x20 [dm_mod]\n[<0>] vfs_ioctl+0x21/0x60\n[<0>] __x64_sys_ioctl+0xb9/0xe0\n[<0>] do_syscall_64+0xc6/0x230\n[<0>] entry_SYSCALL_64_after_hwframe+0x6c/0x74\n\nMeanwhile mddev->recovery is:\nMD_RECOVERY_RUNNING |\nMD_RECOVERY_INTR |\nMD_RECOVERY_RESHAPE |\nMD_RECOVERY_FROZEN\n\nFix this problem by remove the code to register sync_thread directly\nfrom raid10 and raid5. And let md_check_recovery() to register\nsync_thread." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/13b520fb62b772e408f9b79c5fe18ad414e90417", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ad39c08186f8a0f221337985036ba86731d6aafe", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26757.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26757.json new file mode 100644 index 00000000000..edfaba59964 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26757.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-26757", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:52.207", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don't ignore read-only array in md_check_recovery()\n\nUsually if the array is not read-write, md_check_recovery() won't\nregister new sync_thread in the first place. And if the array is\nread-write and sync_thread is registered, md_set_readonly() will\nunregister sync_thread before setting the array read-only. md/raid\nfollow this behavior hence there is no problem.\n\nAfter commit f52f5c71f3d4 (\"md: fix stopping sync thread\"), following\nhang can be triggered by test shell/integrity-caching.sh:\n\n1) array is read-only. dm-raid update super block:\nrs_update_sbs\n ro = mddev->ro\n mddev->ro = 0\n -> set array read-write\n md_update_sb\n\n2) register new sync thread concurrently.\n\n3) dm-raid set array back to read-only:\nrs_update_sbs\n mddev->ro = ro\n\n4) stop the array:\nraid_dtr\n md_stop\n stop_sync_thread\n set_bit(MD_RECOVERY_INTR, &mddev->recovery);\n md_wakeup_thread_directly(mddev->sync_thread);\n wait_event(..., !test_bit(MD_RECOVERY_RUNNING, &mddev->recovery))\n\n5) sync thread done:\n md_do_sync\n set_bit(MD_RECOVERY_DONE, &mddev->recovery);\n md_wakeup_thread(mddev->thread);\n\n6) daemon thread can't unregister sync thread:\n md_check_recovery\n if (!md_is_rdwr(mddev) &&\n !test_bit(MD_RECOVERY_NEEDED, &mddev->recovery))\n return;\n -> -> MD_RECOVERY_RUNNING can't be cleared, hence step 4 hang;\n\nThe root cause is that dm-raid manipulate 'mddev->ro' by itself,\nhowever, dm-raid really should stop sync thread before setting the\narray read-only. Unfortunately, I need to read more code before I\ncan refacter the handler of 'mddev->ro' in dm-raid, hence let's fix\nthe problem the easy way for now to prevent dm-raid regression." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2ea169c5a0b1134d573d07fc27a16f327ad0e7d3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/55a48ad2db64737f7ffc0407634218cc6e4c513b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26758.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26758.json new file mode 100644 index 00000000000..41a6296a9d2 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26758.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-26758", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:52.263", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don't ignore suspended array in md_check_recovery()\n\nmddev_suspend() never stop sync_thread, hence it doesn't make sense to\nignore suspended array in md_check_recovery(), which might cause\nsync_thread can't be unregistered.\n\nAfter commit f52f5c71f3d4 (\"md: fix stopping sync thread\"), following\nhang can be triggered by test shell/integrity-caching.sh:\n\n1) suspend the array:\nraid_postsuspend\n mddev_suspend\n\n2) stop the array:\nraid_dtr\n md_stop\n __md_stop_writes\n stop_sync_thread\n set_bit(MD_RECOVERY_INTR, &mddev->recovery);\n md_wakeup_thread_directly(mddev->sync_thread);\n wait_event(..., !test_bit(MD_RECOVERY_RUNNING, &mddev->recovery))\n\n3) sync thread done:\nmd_do_sync\n set_bit(MD_RECOVERY_DONE, &mddev->recovery);\n md_wakeup_thread(mddev->thread);\n\n4) daemon thread can't unregister sync thread:\nmd_check_recovery\n if (mddev->suspended)\n return; -> return directly\n md_read_sync_thread\n clear_bit(MD_RECOVERY_RUNNING, &mddev->recovery);\n -> MD_RECOVERY_RUNNING can't be cleared, hence step 2 hang;\n\nThis problem is not just related to dm-raid, fix it by ignoring\nsuspended array in md_check_recovery(). And follow up patches will\nimprove dm-raid better to frozen sync thread during suspend." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1baae052cccd08daf9a9d64c3f959d8cdb689757", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a55f0d6179a19c6b982e2dc344d58c98647a3be0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26759.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26759.json new file mode 100644 index 00000000000..3af142d109e --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26759.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-26759", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:52.320", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/swap: fix race when skipping swapcache\n\nWhen skipping swapcache for SWP_SYNCHRONOUS_IO, if two or more threads\nswapin the same entry at the same time, they get different pages (A, B). \nBefore one thread (T0) finishes the swapin and installs page (A) to the\nPTE, another thread (T1) could finish swapin of page (B), swap_free the\nentry, then swap out the possibly modified page reusing the same entry. \nIt breaks the pte_same check in (T0) because PTE value is unchanged,\ncausing ABA problem. Thread (T0) will install a stalled page (A) into the\nPTE and cause data corruption.\n\nOne possible callstack is like this:\n\nCPU0 CPU1\n---- ----\ndo_swap_page() do_swap_page() with same entry\n \n \nswap_read_folio() <- read to page A swap_read_folio() <- read to page B\n \n... set_pte_at()\n swap_free() <- entry is free\n \n \npte_same() <- Check pass, PTE seems\n unchanged, but page A\n is stalled!\nswap_free() <- page B content lost!\nset_pte_at() <- staled page A installed!\n\nAnd besides, for ZRAM, swap_free() allows the swap device to discard the\nentry content, so even if page (B) is not modified, if swap_read_folio()\non CPU0 happens later than swap_free() on CPU1, it may also cause data\nloss.\n\nTo fix this, reuse swapcache_prepare which will pin the swap entry using\nthe cache flag, and allow only one thread to swap it in, also prevent any\nparallel code from putting the entry in the cache. Release the pin after\nPT unlocked.\n\nRacers just loop and wait since it's a rare and very short event. A\nschedule_timeout_uninterruptible(1) call is added to avoid repeated page\nfaults wasting too much CPU, causing livelock or adding too much noise to\nperf statistics. A similar livelock issue was described in commit\n029c4628b2eb (\"mm: swap: get rid of livelock in swapin readahead\")\n\nReproducer:\n\nThis race issue can be triggered easily using a well constructed\nreproducer and patched brd (with a delay in read path) [1]:\n\nWith latest 6.8 mainline, race caused data loss can be observed easily:\n$ gcc -g -lpthread test-thread-swap-race.c && ./a.out\n Polulating 32MB of memory region...\n Keep swapping out...\n Starting round 0...\n Spawning 65536 workers...\n 32746 workers spawned, wait for done...\n Round 0: Error on 0x5aa00, expected 32746, got 32743, 3 data loss!\n Round 0: Error on 0x395200, expected 32746, got 32743, 3 data loss!\n Round 0: Error on 0x3fd000, expected 32746, got 32737, 9 data loss!\n Round 0 Failed, 15 data loss!\n\nThis reproducer spawns multiple threads sharing the same memory region\nusing a small swap device. Every two threads updates mapped pages one by\none in opposite direction trying to create a race, with one dedicated\nthread keep swapping out the data out using madvise.\n\nThe reproducer created a reproduce rate of about once every 5 minutes, so\nthe race should be totally possible in production.\n\nAfter this patch, I ran the reproducer for over a few hundred rounds and\nno data loss observed.\n\nPerformance overhead is minimal, microbenchmark swapin 10G from 32G\nzram:\n\nBefore: 10934698 us\nAfter: 11157121 us\nCached: 13155355 us (Dropping SWP_SYNCHRONOUS_IO flag)\n\n[kasong@tencent.com: v4]\n Link: https://lkml.kernel.org/r/20240219082040.7495-1-ryncsn@gmail.com" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/13ddaf26be324a7f951891ecd9ccd04466d27458", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2dedda77d4493f3e92e414b272bfa60f1f51ed95", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/305152314df82b22cf9b181f3dc5fc411002079a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d183a4631acfc7af955c02a02e739cec15f5234d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26760.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26760.json new file mode 100644 index 00000000000..ade2989b659 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26760.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-26760", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:52.367", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: pscsi: Fix bio_put() for error case\n\nAs of commit 066ff571011d (\"block: turn bio_kmalloc into a simple kmalloc\nwrapper\"), a bio allocated by bio_kmalloc() must be freed by bio_uninit()\nand kfree(). That is not done properly for the error case, hitting WARN and\nNULL pointer dereference in bio_free()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1cfe9489fb563e9a0c9cdc5ca68257a44428c2ec", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4ebc079f0c7dcda1270843ab0f38ab4edb8f7921", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/de959094eb2197636f7c803af0943cb9d3b35804", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f49b20fd0134da84a6bd8108f9e73c077b7d6231", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26761.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26761.json new file mode 100644 index 00000000000..37203c99574 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26761.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-26761", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:52.413", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window\n\nThe Linux CXL subsystem is built on the assumption that HPA == SPA.\nThat is, the host physical address (HPA) the HDM decoder registers are\nprogrammed with are system physical addresses (SPA).\n\nDuring HDM decoder setup, the DVSEC CXL range registers (cxl-3.1,\n8.1.3.8) are checked if the memory is enabled and the CXL range is in\na HPA window that is described in a CFMWS structure of the CXL host\nbridge (cxl-3.1, 9.18.1.3).\n\nNow, if the HPA is not an SPA, the CXL range does not match a CFMWS\nwindow and the CXL memory range will be disabled then. The HDM decoder\nstops working which causes system memory being disabled and further a\nsystem hang during HDM decoder initialization, typically when a CXL\nenabled kernel boots.\n\nPrevent a system hang and do not disable the HDM decoder if the\ndecoder's CXL range is not found in a CFMWS window.\n\nNote the change only fixes a hardware hang, but does not implement\nHPA/SPA translation. Support for this can be added in a follow on\npatch series." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/031217128990d7f0ab8c46db1afb3cf1e075fd29", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/0cab687205986491302cd2e440ef1d253031c221", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2cc1a530ab31c65b52daf3cb5d0883c8b614ea69", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3a3181a71935774bda2398451256d7441426420b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26762.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26762.json new file mode 100644 index 00000000000..fe3e3e3e32a --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26762.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-26762", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:52.470", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/pci: Skip to handle RAS errors if CXL.mem device is detached\n\nThe PCI AER model is an awkward fit for CXL error handling. While the\nexpectation is that a PCI device can escalate to link reset to recover\nfrom an AER event, the same reset on CXL amounts to a surprise memory\nhotplug of massive amounts of memory.\n\nAt present, the CXL error handler attempts some optimistic error\nhandling to unbind the device from the cxl_mem driver after reaping some\nRAS register values. This results in a \"hopeful\" attempt to unplug the\nmemory, but there is no guarantee that will succeed.\n\nA subsequent AER notification after the memdev unbind event can no\nlonger assume the registers are mapped. Check for memdev bind before\nreaping status register values to avoid crashes of the form:\n\n BUG: unable to handle page fault for address: ffa00000195e9100\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n [...]\n RIP: 0010:__cxl_handle_ras+0x30/0x110 [cxl_core]\n [...]\n Call Trace:\n \n ? __die+0x24/0x70\n ? page_fault_oops+0x82/0x160\n ? kernelmode_fixup_or_oops+0x84/0x110\n ? exc_page_fault+0x113/0x170\n ? asm_exc_page_fault+0x26/0x30\n ? __pfx_dpc_reset_link+0x10/0x10\n ? __cxl_handle_ras+0x30/0x110 [cxl_core]\n ? find_cxl_port+0x59/0x80 [cxl_core]\n cxl_handle_rp_ras+0xbc/0xd0 [cxl_core]\n cxl_error_detected+0x6c/0xf0 [cxl_core]\n report_error_detected+0xc7/0x1c0\n pci_walk_bus+0x73/0x90\n pcie_do_recovery+0x23f/0x330\n\nLonger term, the unbind and PCI_ERS_RESULT_DISCONNECT behavior might\nneed to be replaced with a new PCI_ERS_RESULT_PANIC." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/21e5e84f3f63fdf44e49642a6e45cd895e921a84", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eef5c7b28dbecd6b141987a96db6c54e49828102", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26763.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26763.json new file mode 100644 index 00000000000..061a4bd5734 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26763.json @@ -0,0 +1,48 @@ +{ + "id": "CVE-2024-26763", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:52.520", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-crypt: don't modify the data when using authenticated encryption\n\nIt was said that authenticated encryption could produce invalid tag when\nthe data that is being encrypted is modified [1]. So, fix this problem by\ncopying the data into the clone bio first and then encrypt them inside the\nclone bio.\n\nThis may reduce performance, but it is needed to prevent the user from\ncorrupting the device by writing data with O_DIRECT and modifying them at\nthe same time.\n\n[1] https://lore.kernel.org/all/20240207004723.GA35324@sol.localdomain/T/" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0dccbb93538fe89a86c6de31d4b1c8c560848eaa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1a4371db68a31076afbe56ecce34fbbe6c80c529", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3c652f6fa1e1f9f02c3fbf359d260ad153ec5f90", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/43a202bd552976497474ae144942e32cc5f34d7e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/50c70240097ce41fe6bce6478b80478281e4d0f7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/64ba01a365980755732972523600a961c4266b75", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d9e3763a505e50ba3bd22846f2a8db99429fb857", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e08c2a8d27e989f0f5b0888792643027d7e691e6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26764.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26764.json new file mode 100644 index 00000000000..374dfb0de0a --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26764.json @@ -0,0 +1,48 @@ +{ + "id": "CVE-2024-26764", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:52.580", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio\n\nIf kiocb_set_cancel_fn() is called for I/O submitted via io_uring, the\nfollowing kernel warning appears:\n\nWARNING: CPU: 3 PID: 368 at fs/aio.c:598 kiocb_set_cancel_fn+0x9c/0xa8\nCall trace:\n kiocb_set_cancel_fn+0x9c/0xa8\n ffs_epfile_read_iter+0x144/0x1d0\n io_read+0x19c/0x498\n io_issue_sqe+0x118/0x27c\n io_submit_sqes+0x25c/0x5fc\n __arm64_sys_io_uring_enter+0x104/0xab0\n invoke_syscall+0x58/0x11c\n el0_svc_common+0xb4/0xf4\n do_el0_svc+0x2c/0xb0\n el0_svc+0x2c/0xa4\n el0t_64_sync_handler+0x68/0xb4\n el0t_64_sync+0x1a4/0x1a8\n\nFix this by setting the IOCB_AIO_RW flag for read and write I/O that is\nsubmitted by libaio." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/18f614369def2a11a52f569fe0f910b199d13487", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1dc7d74fe456944a9b1c57bd776280249f441ac6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/337b543e274fe7a8f47df3c8293cc6686ffa620f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b4eea7a05ee0ab5ab0514421e6ba8c5d249cf942", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b820de741ae48ccf50dd95e297889c286ff4f760", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d7b6fa97ec894edd02f64b83e5e72e1aa352f353", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e7e23fc5d5fe422827c9a43ecb579448f73876c7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ea1cd64d59f22d6d13f367d62ec6e27b9344695f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26765.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26765.json new file mode 100644 index 00000000000..5bb555dc8e5 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26765.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-26765", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:52.633", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Disable IRQ before init_fn() for nonboot CPUs\n\nDisable IRQ before init_fn() for nonboot CPUs when hotplug, in order to\nsilence such warnings (and also avoid potential errors due to unexpected\ninterrupts):\n\nWARNING: CPU: 1 PID: 0 at kernel/rcu/tree.c:4503 rcu_cpu_starting+0x214/0x280\nCPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.6.17+ #1198\npc 90000000048e3334 ra 90000000047bd56c tp 900000010039c000 sp 900000010039fdd0\na0 0000000000000001 a1 0000000000000006 a2 900000000802c040 a3 0000000000000000\na4 0000000000000001 a5 0000000000000004 a6 0000000000000000 a7 90000000048e3f4c\nt0 0000000000000001 t1 9000000005c70968 t2 0000000004000000 t3 000000000005e56e\nt4 00000000000002e4 t5 0000000000001000 t6 ffffffff80000000 t7 0000000000040000\nt8 9000000007931638 u0 0000000000000006 s9 0000000000000004 s0 0000000000000001\ns1 9000000006356ac0 s2 9000000007244000 s3 0000000000000001 s4 0000000000000001\ns5 900000000636f000 s6 7fffffffffffffff s7 9000000002123940 s8 9000000001ca55f8\n ra: 90000000047bd56c tlb_init+0x24c/0x528\n ERA: 90000000048e3334 rcu_cpu_starting+0x214/0x280\n CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)\n PRMD: 00000000 (PPLV0 -PIE -PWE)\n EUEN: 00000000 (-FPE -SXE -ASXE -BTE)\n ECFG: 00071000 (LIE=12 VS=7)\nESTAT: 000c0000 [BRK] (IS= ECode=12 EsubCode=0)\n PRID: 0014c010 (Loongson-64bit, Loongson-3A5000)\nCPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.6.17+ #1198\nStack : 0000000000000000 9000000006375000 9000000005b61878 900000010039c000\n 900000010039fa30 0000000000000000 900000010039fa38 900000000619a140\n 9000000006456888 9000000006456880 900000010039f950 0000000000000001\n 0000000000000001 cb0cb028ec7e52e1 0000000002b90000 9000000100348700\n 0000000000000000 0000000000000001 ffffffff916d12f1 0000000000000003\n 0000000000040000 9000000007930370 0000000002b90000 0000000000000004\n 9000000006366000 900000000619a140 0000000000000000 0000000000000004\n 0000000000000000 0000000000000009 ffffffffffc681f2 9000000002123940\n 9000000001ca55f8 9000000006366000 90000000047a4828 00007ffff057ded8\n 00000000000000b0 0000000000000000 0000000000000000 0000000000071000\n ...\nCall Trace:\n[<90000000047a4828>] show_stack+0x48/0x1a0\n[<9000000005b61874>] dump_stack_lvl+0x84/0xcc\n[<90000000047f60ac>] __warn+0x8c/0x1e0\n[<9000000005b0ab34>] report_bug+0x1b4/0x280\n[<9000000005b63110>] do_bp+0x2d0/0x480\n[<90000000047a2e20>] handle_bp+0x120/0x1c0\n[<90000000048e3334>] rcu_cpu_starting+0x214/0x280\n[<90000000047bd568>] tlb_init+0x248/0x528\n[<90000000047a4c44>] per_cpu_trap_init+0x124/0x160\n[<90000000047a19f4>] cpu_probe+0x494/0xa00\n[<90000000047b551c>] start_secondary+0x3c/0xc0\n[<9000000005b66134>] smpboot_entry+0x50/0x58" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1001db6c42e4012b55e5ee19405490f23e033b5a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8bf2ca8c60712af288b88ba80f8e4df4573d923f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a262b78dd085dbe9b3c75dc1d9c4cd102b110b53", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dffdf7c783ef291eef38a5a0037584fd1a7fa464", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26766.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26766.json new file mode 100644 index 00000000000..fe8630224e8 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26766.json @@ -0,0 +1,48 @@ +{ + "id": "CVE-2024-26766", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:52.683", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix sdma.h tx->num_descs off-by-one error\n\nUnfortunately the commit `fd8958efe877` introduced another error\ncausing the `descs` array to overflow. This reults in further crashes\neasily reproducible by `sendmsg` system call.\n\n[ 1080.836473] general protection fault, probably for non-canonical address 0x400300015528b00a: 0000 [#1] PREEMPT SMP PTI\n[ 1080.869326] RIP: 0010:hfi1_ipoib_build_ib_tx_headers.constprop.0+0xe1/0x2b0 [hfi1]\n--\n[ 1080.974535] Call Trace:\n[ 1080.976990] \n[ 1081.021929] hfi1_ipoib_send_dma_common+0x7a/0x2e0 [hfi1]\n[ 1081.027364] hfi1_ipoib_send_dma_list+0x62/0x270 [hfi1]\n[ 1081.032633] hfi1_ipoib_send+0x112/0x300 [hfi1]\n[ 1081.042001] ipoib_start_xmit+0x2a9/0x2d0 [ib_ipoib]\n[ 1081.046978] dev_hard_start_xmit+0xc4/0x210\n--\n[ 1081.148347] __sys_sendmsg+0x59/0xa0\n\ncrash> ipoib_txreq 0xffff9cfeba229f00\nstruct ipoib_txreq {\n txreq = {\n list = {\n next = 0xffff9cfeba229f00,\n prev = 0xffff9cfeba229f00\n },\n descp = 0xffff9cfeba229f40,\n coalesce_buf = 0x0,\n wait = 0xffff9cfea4e69a48,\n complete = 0xffffffffc0fe0760 ,\n packet_len = 0x46d,\n tlen = 0x0,\n num_desc = 0x0,\n desc_limit = 0x6,\n next_descq_idx = 0x45c,\n coalesce_idx = 0x0,\n flags = 0x0,\n descs = {{\n qw = {0x8024000120dffb00, 0x4} # SDMA_DESC0_FIRST_DESC_FLAG (bit 63)\n }, {\n qw = { 0x3800014231b108, 0x4}\n }, {\n qw = { 0x310000e4ee0fcf0, 0x8}\n }, {\n qw = { 0x3000012e9f8000, 0x8}\n }, {\n qw = { 0x59000dfb9d0000, 0x8}\n }, {\n qw = { 0x78000e02e40000, 0x8}\n }}\n },\n sdma_hdr = 0x400300015528b000, <<< invalid pointer in the tx request structure\n sdma_status = 0x0, SDMA_DESC0_LAST_DESC_FLAG (bit 62)\n complete = 0x0,\n priv = 0x0,\n txq = 0xffff9cfea4e69880,\n skb = 0xffff9d099809f400\n}\n\nIf an SDMA send consists of exactly 6 descriptors and requires dword\npadding (in the 7th descriptor), the sdma_txreq descriptor array is not\nproperly expanded and the packet will overflow into the container\nstructure. This results in a panic when the send completion runs. The\nexact panic varies depending on what elements of the container structure\nget corrupted. The fix is to use the correct expression in\n_pad_sdma_tx_descs() to test the need to expand the descriptor array.\n\nWith this patch the crashes are no longer reproducible and the machine is\nstable." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/115b7f3bc1dce590a6851a2dcf23dc1100c49790", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3f38d22e645e2e994979426ea5a35186102ff3c2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/47ae64df23ed1318e27bd9844e135a5e1c0e6e39", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/52dc9a7a573dbf778625a0efca0fca55489f084b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5833024a9856f454a964a198c63a57e59e07baf5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9034a1bec35e9f725315a3bb6002ef39666114d9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a2fef1d81becf4ff60e1a249477464eae3c3bc2a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e6f57c6881916df39db7d95981a8ad2b9c3458d6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26767.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26767.json new file mode 100644 index 00000000000..adafd3628de --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26767.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2024-26767", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:52.747", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fixed integer types and null check locations\n\n[why]:\nissues fixed:\n- comparison with wider integer type in loop condition which can cause\ninfinite loops\n- pointer dereference before null check" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0484e05d048b66d01d1f3c1d2306010bb57d8738", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/71783d1ff65204d69207fd156d4b2eb1d3882375", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/beea9ab9080cd2ef46296070bb327af066ee09d7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26768.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26768.json new file mode 100644 index 00000000000..3c40ccd1536 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26768.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2024-26768", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:52.800", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC]\n\nWith default config, the value of NR_CPUS is 64. When HW platform has\nmore then 64 cpus, system will crash on these platforms. MAX_CORE_PIC\nis the maximum cpu number in MADT table (max physical number) which can\nexceed the supported maximum cpu number (NR_CPUS, max logical number),\nbut kernel should not crash. Kernel should boot cpus with NR_CPUS, let\nthe remainder cpus stay in BIOS.\n\nThe potential crash reason is that the array acpi_core_pic[NR_CPUS] can\nbe overflowed when parsing MADT table, and it is obvious that CORE_PIC\nshould be corresponding to physical core rather than logical core, so it\nis better to define the array as acpi_core_pic[MAX_CORE_PIC].\n\nWith the patch, system can boot up 64 vcpus with qemu parameter -smp 128,\notherwise system will crash with the following message.\n\n[ 0.000000] CPU 0 Unable to handle kernel paging request at virtual address 0000420000004259, era == 90000000037a5f0c, ra == 90000000037a46ec\n[ 0.000000] Oops[#1]:\n[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.8.0-rc2+ #192\n[ 0.000000] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022\n[ 0.000000] pc 90000000037a5f0c ra 90000000037a46ec tp 9000000003c90000 sp 9000000003c93d60\n[ 0.000000] a0 0000000000000019 a1 9000000003d93bc0 a2 0000000000000000 a3 9000000003c93bd8\n[ 0.000000] a4 9000000003c93a74 a5 9000000083c93a67 a6 9000000003c938f0 a7 0000000000000005\n[ 0.000000] t0 0000420000004201 t1 0000000000000000 t2 0000000000000001 t3 0000000000000001\n[ 0.000000] t4 0000000000000003 t5 0000000000000000 t6 0000000000000030 t7 0000000000000063\n[ 0.000000] t8 0000000000000014 u0 ffffffffffffffff s9 0000000000000000 s0 9000000003caee98\n[ 0.000000] s1 90000000041b0480 s2 9000000003c93da0 s3 9000000003c93d98 s4 9000000003c93d90\n[ 0.000000] s5 9000000003caa000 s6 000000000a7fd000 s7 000000000f556b60 s8 000000000e0a4330\n[ 0.000000] ra: 90000000037a46ec platform_init+0x214/0x250\n[ 0.000000] ERA: 90000000037a5f0c efi_runtime_init+0x30/0x94\n[ 0.000000] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)\n[ 0.000000] PRMD: 00000000 (PPLV0 -PIE -PWE)\n[ 0.000000] EUEN: 00000000 (-FPE -SXE -ASXE -BTE)\n[ 0.000000] ECFG: 00070800 (LIE=11 VS=7)\n[ 0.000000] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0)\n[ 0.000000] BADV: 0000420000004259\n[ 0.000000] PRID: 0014c010 (Loongson-64bit, Loongson-3A5000)\n[ 0.000000] Modules linked in:\n[ 0.000000] Process swapper (pid: 0, threadinfo=(____ptrval____), task=(____ptrval____))\n[ 0.000000] Stack : 9000000003c93a14 9000000003800898 90000000041844f8 90000000037a46ec\n[ 0.000000] 000000000a7fd000 0000000008290000 0000000000000000 0000000000000000\n[ 0.000000] 0000000000000000 0000000000000000 00000000019d8000 000000000f556b60\n[ 0.000000] 000000000a7fd000 000000000f556b08 9000000003ca7700 9000000003800000\n[ 0.000000] 9000000003c93e50 9000000003800898 9000000003800108 90000000037a484c\n[ 0.000000] 000000000e0a4330 000000000f556b60 000000000a7fd000 000000000f556b08\n[ 0.000000] 9000000003ca7700 9000000004184000 0000000000200000 000000000e02b018\n[ 0.000000] 000000000a7fd000 90000000037a0790 9000000003800108 0000000000000000\n[ 0.000000] 0000000000000000 000000000e0a4330 000000000f556b60 000000000a7fd000\n[ 0.000000] 000000000f556b08 000000000eaae298 000000000eaa5040 0000000000200000\n[ 0.000000] ...\n[ 0.000000] Call Trace:\n[ 0.000000] [<90000000037a5f0c>] efi_runtime_init+0x30/0x94\n[ 0.000000] [<90000000037a46ec>] platform_init+0x214/0x250\n[ 0.000000] [<90000000037a484c>] setup_arch+0x124/0x45c\n[ 0.000000] [<90000000037a0790>] start_kernel+0x90/0x670\n[ 0.000000] [<900000000378b0d8>] kernel_entry+0xd8/0xdc" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0f6810e39898af2d2cabd9313e4dbc945fb5dfdd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4551b30525cf3d2f026b92401ffe241eb04dfebe", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/88e189bd16e5889e44a41b3309558ebab78b9280", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26769.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26769.json new file mode 100644 index 00000000000..3904027ec5c --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26769.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2024-26769", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:52.853", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-fc: avoid deadlock on delete association path\n\nWhen deleting an association the shutdown path is deadlocking because we\ntry to flush the nvmet_wq nested. Avoid this by deadlock by deferring\nthe put work into its own work item." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1d86f79287206deec36d63b89c741cf542b6cadd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5e0bc09a52b6169ce90f7ac6e195791adb16cec4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/710c69dbaccdac312e32931abcb8499c1525d397", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9e6987f8937a7bd7516aa52f25cb7e12c0c92ee8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eaf0971fdabf2a93c1429dc6bedf3bbe85dffa30", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26770.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26770.json new file mode 100644 index 00000000000..1c4a71bc309 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26770.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2024-26770", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:52.910", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: nvidia-shield: Add missing null pointer checks to LED initialization\n\ndevm_kasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity.\n\n[jkosina@suse.com: tweak changelog a bit]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/83527a13740f57b45f162e3af4c7db4b88521100", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b6eda11c44dc89a681e1c105f0f4660e69b1e183", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e71cc4a1e584293deafff1a7dea614b0210d0443", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26771.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26771.json new file mode 100644 index 00000000000..589a8b91620 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26771.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2024-26771", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:52.967", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: edma: Add some null pointer checks to the edma_probe\n\ndevm_kasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4fe4e5adc7d29d214c59b59f61db73dec505ca3d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6e2276203ac9ff10fc76917ec9813c660f627369", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7b24760f3a3c7ae1a176d343136b6c25174b7b27", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9d508c897153ae8dd79303f7f035f078139f6b49", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c432094aa7c9970f2fa10d2305d550d3810657ce", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f2a5e30d1e9a629de6179fa23923a318d5feb29e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26772.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26772.json new file mode 100644 index 00000000000..28fd931c8d9 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26772.json @@ -0,0 +1,48 @@ +{ + "id": "CVE-2024-26772", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:53.023", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()\n\nPlaces the logic for checking if the group's block bitmap is corrupt under\nthe protection of the group lock to avoid allocating blocks from the group\nwith a corrupted block bitmap." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/21dbe20589c7f48e9c5d336ce6402bcebfa6d76a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5a6dcc4ad0f7f7fa8e8d127b5526e7c5f2d38a43", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6b92b1bc16d691c95b152c6dbf027ad64315668d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/832698373a25950942c04a512daa652c18a9b513", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8de8305a25bfda607fc13475ebe84b978c96d7ff", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d3bbe77a76bc52e9d4d0a120f1509be36e25c916", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d639102f4cbd4cb65d1225dba3b9265596aab586", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ffeb72a80a82aba59a6774b0611f792e0ed3b0b7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26773.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26773.json new file mode 100644 index 00000000000..ac3b5ff387f --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26773.json @@ -0,0 +1,48 @@ +{ + "id": "CVE-2024-26773", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:53.080", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()\n\nDetermine if the group block bitmap is corrupted before using ac_b_ex in\next4_mb_try_best_found() to avoid allocating blocks from a group with a\ncorrupted block bitmap in the following concurrency and making the\nsituation worse.\n\next4_mb_regular_allocator\n ext4_lock_group(sb, group)\n ext4_mb_good_group\n // check if the group bbitmap is corrupted\n ext4_mb_complex_scan_group\n // Scan group gets ac_b_ex but doesn't use it\n ext4_unlock_group(sb, group)\n ext4_mark_group_bitmap_corrupted(group)\n // The block bitmap was corrupted during\n // the group unlock gap.\n ext4_mb_try_best_found\n ext4_lock_group(ac->ac_sb, group)\n ext4_mb_use_best_found\n mb_mark_used\n // Allocating blocks in block bitmap corrupted group" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0184747b552d6b5a14db3b7fcc3b792ce64dedd1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/21f8cfe79f776287459343e9cfa6055af61328ea", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/260fc96283c0f594de18a1b045faf6d8fb42874d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4530b3660d396a646aad91a787b6ab37cf604b53", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4c21fa60a6f4606f6214a38f50612b17b2f738f5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/927794a02169778c9c2e7b25c768ab3ea8c1dc03", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a2576ae9a35c078e488f2c573e9e6821d651fbbe", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f97e75fa4e12b0aa0224e83fcbda8853ac2adf36", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26774.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26774.json new file mode 100644 index 00000000000..c49feaad83b --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26774.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2024-26774", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:53.130", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt\n\nDetermine if bb_fragments is 0 instead of determining bb_free to eliminate\nthe risk of dividing by zero when the block bitmap is corrupted." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/687061cfaa2ac3095170e136dd9c29a4974f41d4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8b40eb2e716b503f7a4e1090815a17b1341b2150", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8cf9cc602cfb40085967c0d140e32691c8b71cf3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/993bf0f4c393b3667830918f9247438a8f6fdb5b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f32d2a745b02123258026e105a008f474f896d6a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26775.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26775.json new file mode 100644 index 00000000000..fd4cfe929bd --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26775.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-26775", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:53.187", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naoe: avoid potential deadlock at set_capacity\n\nMove set_capacity() outside of the section procected by (&d->lock).\nTo avoid possible interrupt unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n[1] lock(&bdev->bd_size_lock);\n local_irq_disable();\n [2] lock(&d->lock);\n [3] lock(&bdev->bd_size_lock);\n \n[4] lock(&d->lock);\n\n *** DEADLOCK ***\n\nWhere [1](&bdev->bd_size_lock) hold by zram_add()->set_capacity().\n[2]lock(&d->lock) hold by aoeblk_gdalloc(). And aoeblk_gdalloc()\nis trying to acquire [3](&bdev->bd_size_lock) at set_capacity() call.\nIn this situation an attempt to acquire [4]lock(&d->lock) from\naoecmd_cfg_rsp() will lead to deadlock.\n\nSo the simplest solution is breaking lock dependency\n[2](&d->lock) -> [3](&bdev->bd_size_lock) by moving set_capacity()\noutside." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/19a77b27163820f793b4d022979ffdca8f659b77", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2d623c94fbba3554f4446ba6f3c764994e8b0d26", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/673629018ba04906899dcb631beec34d871f709c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e169bd4fb2b36c4b2bee63c35c740c85daeb2e86", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26776.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26776.json new file mode 100644 index 00000000000..7d6974f5e5a --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26776.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2024-26776", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:53.253", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected\n\nReturn IRQ_NONE from the interrupt handler when no interrupt was\ndetected. Because an empty interrupt will cause a null pointer error:\n\n Unable to handle kernel NULL pointer dereference at virtual\n address 0000000000000008\n Call trace:\n complete+0x54/0x100\n hisi_sfc_v3xx_isr+0x2c/0x40 [spi_hisi_sfc_v3xx]\n __handle_irq_event_percpu+0x64/0x1e0\n handle_irq_event+0x7c/0x1cc" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0399d7eba41d9b28f5bdd7757ec21a5b7046858d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d637b5118274701e8448f35953877daf04df18b4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/de8b6e1c231a95abf95ad097b993d34b31458ec9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e4168ac25b4bd378bd7dda322d589482a136c1fd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e94da8aca2e78ef9ecca02eb211869eacd5504e5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f19361d570c67e7e014896fa2dacd7d721bf0aa8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26777.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26777.json new file mode 100644 index 00000000000..22c0799d656 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26777.json @@ -0,0 +1,48 @@ +{ + "id": "CVE-2024-26777", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:53.303", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: sis: Error out if pixclock equals zero\n\nThe userspace program could pass any values to the driver through\nioctl() interface. If the driver doesn't check the value of pixclock,\nit may cause divide-by-zero error.\n\nIn sisfb_check_var(), var->pixclock is used as a divisor to caculate\ndrate before it is checked against zero. Fix this by checking it\nat the beginning.\n\nThis is similar to CVE-2022-3061 in i740fb which was fixed by\ncommit 15cf0b8." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1d11dd3ea5d039c7da089f309f39c4cd363b924b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6db07619d173765bd8622d63809cbfe361f04207", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/84246c35ca34207114055a87552a1c4289c8fd7e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/99f1abc34a6dde248d2219d64aa493c76bbdd9eb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cd36da760bd1f78c63c7078407baf01dd724f313", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/df6e2088c6f4cad539cf67cba2d6764461e798d1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e421946be7d9bf545147bea8419ef8239cb7ca52", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f329523f6a65c3bbce913ad35473d83a319d5d99", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26778.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26778.json new file mode 100644 index 00000000000..382af9c7c74 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26778.json @@ -0,0 +1,48 @@ +{ + "id": "CVE-2024-26778", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:53.370", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: savage: Error out if pixclock equals zero\n\nThe userspace program could pass any values to the driver through\nioctl() interface. If the driver doesn't check the value of pixclock,\nit may cause divide-by-zero error.\n\nAlthough pixclock is checked in savagefb_decode_var(), but it is not\nchecked properly in savagefb_probe(). Fix this by checking whether\npixclock is zero in the function savagefb_check_var() before\ninfo->var.pixclock is used as the divisor.\n\nThis is similar to CVE-2022-3061 in i740fb which was fixed by\ncommit 15cf0b8." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/070398d32c5f3ab0e890374904ad94551c76aec4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/224453de8505aede1890f007be973925a3edf6a1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/512ee6d6041e007ef5bf200c6e388e172a2c5b24", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a9ca4e80d23474f90841251f4ac0d941fa337a01", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bc3c2e58d73b28b9a8789fca84778ee165a72d13", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26779.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26779.json new file mode 100644 index 00000000000..ab33f745530 --- /dev/null +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26779.json @@ -0,0 +1,48 @@ +{ + "id": "CVE-2024-26779", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-04-03T17:15:53.423", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix race condition on enabling fast-xmit\n\nfast-xmit must only be enabled after the sta has been uploaded to the driver,\notherwise it could end up passing the not-yet-uploaded sta via drv_tx calls\nto the driver, leading to potential crashes because of uninitialized drv_priv\ndata.\nAdd a missing sta->uploaded check and re-check fast xmit after inserting a sta." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/281280276b70c822f55ce15b661f6d1d3228aaa9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/54b79d8786964e2f840e8a2ec4a9f9a50f3d4954", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5ffab99e070b9f8ae0cf60c3c3602b84eee818dd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/76fad1174a0cae6fc857b9f88b261a2e4f07d587", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/85720b69aef177318f4a18efbcc4302228a340e5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/88c18fd06608b3adee547102505d715f21075c9d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bcbc84af1183c8cf3d1ca9b78540c2185cd85e7f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eb39bb548bf974acad7bd6780fe11f9e6652d696", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-272xx/CVE-2024-27201.json b/CVE-2024/CVE-2024-272xx/CVE-2024-27201.json index 88a8cbe1af1..fe411aedf9c 100644 --- a/CVE-2024/CVE-2024-272xx/CVE-2024-27201.json +++ b/CVE-2024/CVE-2024-272xx/CVE-2024-27201.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27201", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-04-03T14:15:17.300", - "lastModified": "2024-04-03T15:15:54.413", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", @@ -50,10 +50,6 @@ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1949", "source": "talos-cna@cisco.com" - }, - { - "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1949", - "source": "talos-cna@cisco.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-272xx/CVE-2024-27254.json b/CVE-2024/CVE-2024-272xx/CVE-2024-27254.json index b4f4e8745ab..4c7b4d9bd3b 100644 --- a/CVE-2024/CVE-2024-272xx/CVE-2024-27254.json +++ b/CVE-2024/CVE-2024-272xx/CVE-2024-27254.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27254", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-04-03T13:16:02.220", - "lastModified": "2024-04-03T13:16:02.220", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27335.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27335.json new file mode 100644 index 00000000000..3c941352ebc --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27335.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-27335", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-03T17:15:53.560", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of PNG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22018." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-217/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27336.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27336.json new file mode 100644 index 00000000000..dd5baebcc43 --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27336.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-27336", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-03T17:15:53.733", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PNG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22022." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-218/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27337.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27337.json new file mode 100644 index 00000000000..96dacb9e8a5 --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27337.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-27337", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-03T17:15:53.900", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Kofax Power PDF TIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22033." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-230/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27338.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27338.json new file mode 100644 index 00000000000..edaf971e656 --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27338.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-27338", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-03T17:15:54.073", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Kofax Power PDF app response Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the implementation of the app.response method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22588." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-219/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27339.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27339.json new file mode 100644 index 00000000000..a812ff723c7 --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27339.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-27339", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-03T17:15:54.250", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22925." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-231/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27340.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27340.json new file mode 100644 index 00000000000..731b8a01c13 --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27340.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-27340", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-03T17:15:54.453", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22926." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-220/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27341.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27341.json new file mode 100644 index 00000000000..a0ad6898dc0 --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27341.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-27341", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-03T17:15:54.637", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22927." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-221/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27342.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27342.json new file mode 100644 index 00000000000..d04ad881bf1 --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27342.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-27342", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-03T17:15:54.820", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22928." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-222/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27343.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27343.json new file mode 100644 index 00000000000..156d22c2e38 --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27343.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-27343", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-03T17:15:54.993", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22929." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-223/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27344.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27344.json new file mode 100644 index 00000000000..012139d0864 --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27344.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-27344", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-03T17:15:55.167", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22931." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-224/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27345.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27345.json new file mode 100644 index 00000000000..3983723a23d --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27345.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-27345", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-03T17:15:55.353", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22932." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-225/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27346.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27346.json new file mode 100644 index 00000000000..2f3c5f09ef7 --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27346.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-27346", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-03T17:15:55.527", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22934." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-226/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-276xx/CVE-2024-27673.json b/CVE-2024/CVE-2024-276xx/CVE-2024-27673.json new file mode 100644 index 00000000000..61915f0f69e --- /dev/null +++ b/CVE-2024/CVE-2024-276xx/CVE-2024-27673.json @@ -0,0 +1,15 @@ +{ + "id": "CVE-2024-27673", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-04-03T16:15:07.173", + "lastModified": "2024-04-03T16:15:07.173", + "vulnStatus": "Rejected", + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-276xx/CVE-2024-27674.json b/CVE-2024/CVE-2024-276xx/CVE-2024-27674.json new file mode 100644 index 00000000000..b7ba012a56f --- /dev/null +++ b/CVE-2024/CVE-2024-276xx/CVE-2024-27674.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-27674", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-04-03T17:15:55.710", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Macro Expert through 4.9.4 allows BUILTIN\\Users:(OI)(CI)(M) access to the \"%PROGRAMFILES(X86)%\\GrassSoft\\Macro Expert\" folder and thus an unprivileged user can escalate to SYSTEM by replacing the MacroService.exe binary." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Alaatk/CVE-2024-27674/tree/main", + "source": "cve@mitre.org" + }, + { + "url": "https://www.macro-expert.com/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-282xx/CVE-2024-28275.json b/CVE-2024/CVE-2024-282xx/CVE-2024-28275.json index 1d3c504cae2..87ffad7a593 100644 --- a/CVE-2024/CVE-2024-282xx/CVE-2024-28275.json +++ b/CVE-2024/CVE-2024-282xx/CVE-2024-28275.json @@ -2,8 +2,8 @@ "id": "CVE-2024-28275", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-03T15:15:54.490", - "lastModified": "2024-04-03T15:15:54.490", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30322.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30322.json new file mode 100644 index 00000000000..08ab3038889 --- /dev/null +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30322.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-30322", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-03T17:15:55.880", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22499." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://www.foxit.com/support/security-bulletins.html", + "source": "zdi-disclosures@trendmicro.com" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-300/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30323.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30323.json new file mode 100644 index 00000000000..9273303575e --- /dev/null +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30323.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-30323", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-03T17:15:56.103", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Foxit PDF Reader template Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of template objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22501." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://www.foxit.com/support/security-bulletins.html", + "source": "zdi-disclosures@trendmicro.com" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-301/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30324.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30324.json new file mode 100644 index 00000000000..8399f48d40c --- /dev/null +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30324.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-30324", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-03T17:15:56.293", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22576." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://www.foxit.com/support/security-bulletins.html", + "source": "zdi-disclosures@trendmicro.com" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-302/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30325.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30325.json new file mode 100644 index 00000000000..1cd3af790b8 --- /dev/null +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30325.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-30325", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-03T17:15:56.480", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22592." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://www.foxit.com/support/security-bulletins.html", + "source": "zdi-disclosures@trendmicro.com" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-314/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30326.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30326.json new file mode 100644 index 00000000000..c6c26dc4771 --- /dev/null +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30326.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-30326", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-03T17:15:56.660", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22593." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://www.foxit.com/support/security-bulletins.html", + "source": "zdi-disclosures@trendmicro.com" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-313/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30327.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30327.json new file mode 100644 index 00000000000..15ba364807f --- /dev/null +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30327.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-30327", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-03T17:15:56.837", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Foxit PDF Reader template Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of template objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22632." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://www.foxit.com/support/security-bulletins.html", + "source": "zdi-disclosures@trendmicro.com" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-311/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30328.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30328.json new file mode 100644 index 00000000000..b6ff4375ebb --- /dev/null +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30328.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-30328", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-03T17:15:57.023", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22633." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://www.foxit.com/support/security-bulletins.html", + "source": "zdi-disclosures@trendmicro.com" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-312/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30329.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30329.json new file mode 100644 index 00000000000..4b8658cd49b --- /dev/null +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30329.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-30329", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-03T17:15:57.260", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22634." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://www.foxit.com/support/security-bulletins.html", + "source": "zdi-disclosures@trendmicro.com" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-310/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30330.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30330.json new file mode 100644 index 00000000000..6b6cc00e55d --- /dev/null +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30330.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-30330", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-03T17:15:57.450", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22636." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://www.foxit.com/support/security-bulletins.html", + "source": "zdi-disclosures@trendmicro.com" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-309/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30331.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30331.json new file mode 100644 index 00000000000..3874e7b25a6 --- /dev/null +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30331.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-30331", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-03T17:15:57.627", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22637." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://www.foxit.com/support/security-bulletins.html", + "source": "zdi-disclosures@trendmicro.com" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-308/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30332.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30332.json new file mode 100644 index 00000000000..ca781149852 --- /dev/null +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30332.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-30332", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-03T17:15:57.803", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22638." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://www.foxit.com/support/security-bulletins.html", + "source": "zdi-disclosures@trendmicro.com" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-305/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30333.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30333.json new file mode 100644 index 00000000000..5544896b709 --- /dev/null +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30333.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-30333", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-03T17:15:57.990", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22639." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://www.foxit.com/support/security-bulletins.html", + "source": "zdi-disclosures@trendmicro.com" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-307/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30334.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30334.json new file mode 100644 index 00000000000..5a6019a5863 --- /dev/null +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30334.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-30334", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-03T17:15:58.190", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22640." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://www.foxit.com/support/security-bulletins.html", + "source": "zdi-disclosures@trendmicro.com" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-306/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30366.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30366.json new file mode 100644 index 00000000000..7ec194f9e29 --- /dev/null +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30366.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-30366", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-03T17:15:58.383", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23002." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://www.foxit.com/support/security-bulletins.html", + "source": "zdi-disclosures@trendmicro.com" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-344/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-305xx/CVE-2024-30568.json b/CVE-2024/CVE-2024-305xx/CVE-2024-30568.json index 2b8b45e4a1d..a065fede453 100644 --- a/CVE-2024/CVE-2024-305xx/CVE-2024-30568.json +++ b/CVE-2024/CVE-2024-305xx/CVE-2024-30568.json @@ -2,8 +2,8 @@ "id": "CVE-2024-30568", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-03T13:16:02.443", - "lastModified": "2024-04-03T13:16:02.443", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-305xx/CVE-2024-30569.json b/CVE-2024/CVE-2024-305xx/CVE-2024-30569.json index 15127361b48..c1ae09eb87a 100644 --- a/CVE-2024/CVE-2024-305xx/CVE-2024-30569.json +++ b/CVE-2024/CVE-2024-305xx/CVE-2024-30569.json @@ -2,8 +2,8 @@ "id": "CVE-2024-30569", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-03T13:16:02.503", - "lastModified": "2024-04-03T13:16:02.503", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-305xx/CVE-2024-30570.json b/CVE-2024/CVE-2024-305xx/CVE-2024-30570.json index aa872d5de7a..56e6eb01754 100644 --- a/CVE-2024/CVE-2024-305xx/CVE-2024-30570.json +++ b/CVE-2024/CVE-2024-305xx/CVE-2024-30570.json @@ -2,8 +2,8 @@ "id": "CVE-2024-30570", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-03T13:16:02.563", - "lastModified": "2024-04-03T13:16:02.563", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-305xx/CVE-2024-30571.json b/CVE-2024/CVE-2024-305xx/CVE-2024-30571.json index 6fe556d6bb4..37116e74c1f 100644 --- a/CVE-2024/CVE-2024-305xx/CVE-2024-30571.json +++ b/CVE-2024/CVE-2024-305xx/CVE-2024-30571.json @@ -2,8 +2,8 @@ "id": "CVE-2024-30571", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-03T13:16:02.620", - "lastModified": "2024-04-03T13:16:02.620", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-305xx/CVE-2024-30572.json b/CVE-2024/CVE-2024-305xx/CVE-2024-30572.json index 251366690e9..c35df513749 100644 --- a/CVE-2024/CVE-2024-305xx/CVE-2024-30572.json +++ b/CVE-2024/CVE-2024-305xx/CVE-2024-30572.json @@ -2,8 +2,8 @@ "id": "CVE-2024-30572", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-03T13:16:02.680", - "lastModified": "2024-04-03T13:16:02.680", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-313xx/CVE-2024-31392.json b/CVE-2024/CVE-2024-313xx/CVE-2024-31392.json new file mode 100644 index 00000000000..09f65d72c8f --- /dev/null +++ b/CVE-2024/CVE-2024-313xx/CVE-2024-31392.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-31392", + "sourceIdentifier": "security@mozilla.org", + "published": "2024-04-03T16:15:07.230", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1875925", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2024-17/", + "source": "security@mozilla.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-313xx/CVE-2024-31393.json b/CVE-2024/CVE-2024-313xx/CVE-2024-31393.json new file mode 100644 index 00000000000..3bd16cce374 --- /dev/null +++ b/CVE-2024/CVE-2024-313xx/CVE-2024-31393.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-31393", + "sourceIdentifier": "security@mozilla.org", + "published": "2024-04-03T16:15:07.293", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS < 124." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1879739", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2024-17/", + "source": "security@mozilla.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-314xx/CVE-2024-31419.json b/CVE-2024/CVE-2024-314xx/CVE-2024-31419.json index 4a365f1ff7c..5cd42376e83 100644 --- a/CVE-2024/CVE-2024-314xx/CVE-2024-31419.json +++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31419.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31419", "sourceIdentifier": "secalert@redhat.com", "published": "2024-04-03T14:15:17.787", - "lastModified": "2024-04-03T14:15:17.787", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-314xx/CVE-2024-31420.json b/CVE-2024/CVE-2024-314xx/CVE-2024-31420.json index 64914f14a79..e508b19b143 100644 --- a/CVE-2024/CVE-2024-314xx/CVE-2024-31420.json +++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31420.json @@ -2,12 +2,12 @@ "id": "CVE-2024-31420", "sourceIdentifier": "secalert@redhat.com", "published": "2024-04-03T14:15:18.310", - "lastModified": "2024-04-03T14:15:18.310", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio." + "value": "A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-32xx/CVE-2024-3256.json b/CVE-2024/CVE-2024-32xx/CVE-2024-3256.json index c72ce1bbd5e..b3efcac2587 100644 --- a/CVE-2024/CVE-2024-32xx/CVE-2024-3256.json +++ b/CVE-2024/CVE-2024-32xx/CVE-2024-3256.json @@ -2,8 +2,8 @@ "id": "CVE-2024-3256", "sourceIdentifier": "cna@vuldb.com", "published": "2024-04-03T13:16:02.740", - "lastModified": "2024-04-03T13:16:02.740", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-32xx/CVE-2024-3257.json b/CVE-2024/CVE-2024-32xx/CVE-2024-3257.json index 19fda2518c9..0eb931f0f4a 100644 --- a/CVE-2024/CVE-2024-32xx/CVE-2024-3257.json +++ b/CVE-2024/CVE-2024-32xx/CVE-2024-3257.json @@ -2,8 +2,8 @@ "id": "CVE-2024-3257", "sourceIdentifier": "cna@vuldb.com", "published": "2024-04-03T13:16:03.020", - "lastModified": "2024-04-03T13:16:03.020", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-32xx/CVE-2024-3258.json b/CVE-2024/CVE-2024-32xx/CVE-2024-3258.json index 2a970d44dfb..f62d453c0e8 100644 --- a/CVE-2024/CVE-2024-32xx/CVE-2024-3258.json +++ b/CVE-2024/CVE-2024-32xx/CVE-2024-3258.json @@ -2,8 +2,8 @@ "id": "CVE-2024-3258", "sourceIdentifier": "cna@vuldb.com", "published": "2024-04-03T13:16:03.310", - "lastModified": "2024-04-03T13:16:03.310", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-32xx/CVE-2024-3259.json b/CVE-2024/CVE-2024-32xx/CVE-2024-3259.json index d9885e684d1..921d4eb23d6 100644 --- a/CVE-2024/CVE-2024-32xx/CVE-2024-3259.json +++ b/CVE-2024/CVE-2024-32xx/CVE-2024-3259.json @@ -2,8 +2,8 @@ "id": "CVE-2024-3259", "sourceIdentifier": "cna@vuldb.com", "published": "2024-04-03T14:15:18.797", - "lastModified": "2024-04-03T14:15:18.797", - "vulnStatus": "Received", + "lastModified": "2024-04-03T17:24:18.150", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index 5efb4720505..5b0eb3586a7 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-04-03T16:00:38.577737+00:00 +2024-04-03T18:00:35.443524+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-04-03T15:15:54.490000+00:00 +2024-04-03T17:40:34.980000+00:00 ``` ### Last Data Feed Release @@ -33,56 +33,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -243904 +244006 ``` ### CVEs added in the last Commit -Recently added CVEs: `55` +Recently added CVEs: `102` -- [CVE-2024-26708](CVE-2024/CVE-2024-267xx/CVE-2024-26708.json) (`2024-04-03T15:15:53.390`) -- [CVE-2024-26709](CVE-2024/CVE-2024-267xx/CVE-2024-26709.json) (`2024-04-03T15:15:53.440`) -- [CVE-2024-26710](CVE-2024/CVE-2024-267xx/CVE-2024-26710.json) (`2024-04-03T15:15:53.487`) -- [CVE-2024-26711](CVE-2024/CVE-2024-267xx/CVE-2024-26711.json) (`2024-04-03T15:15:53.540`) -- [CVE-2024-26712](CVE-2024/CVE-2024-267xx/CVE-2024-26712.json) (`2024-04-03T15:15:53.590`) -- [CVE-2024-26713](CVE-2024/CVE-2024-267xx/CVE-2024-26713.json) (`2024-04-03T15:15:53.647`) -- [CVE-2024-26714](CVE-2024/CVE-2024-267xx/CVE-2024-26714.json) (`2024-04-03T15:15:53.700`) -- [CVE-2024-26715](CVE-2024/CVE-2024-267xx/CVE-2024-26715.json) (`2024-04-03T15:15:53.750`) -- [CVE-2024-26716](CVE-2024/CVE-2024-267xx/CVE-2024-26716.json) (`2024-04-03T15:15:53.800`) -- [CVE-2024-26717](CVE-2024/CVE-2024-267xx/CVE-2024-26717.json) (`2024-04-03T15:15:53.850`) -- [CVE-2024-26718](CVE-2024/CVE-2024-267xx/CVE-2024-26718.json) (`2024-04-03T15:15:53.897`) -- [CVE-2024-26719](CVE-2024/CVE-2024-267xx/CVE-2024-26719.json) (`2024-04-03T15:15:53.947`) -- [CVE-2024-26720](CVE-2024/CVE-2024-267xx/CVE-2024-26720.json) (`2024-04-03T15:15:53.993`) -- [CVE-2024-26721](CVE-2024/CVE-2024-267xx/CVE-2024-26721.json) (`2024-04-03T15:15:54.043`) -- [CVE-2024-26722](CVE-2024/CVE-2024-267xx/CVE-2024-26722.json) (`2024-04-03T15:15:54.090`) -- [CVE-2024-26723](CVE-2024/CVE-2024-267xx/CVE-2024-26723.json) (`2024-04-03T15:15:54.143`) -- [CVE-2024-26724](CVE-2024/CVE-2024-267xx/CVE-2024-26724.json) (`2024-04-03T15:15:54.203`) -- [CVE-2024-26725](CVE-2024/CVE-2024-267xx/CVE-2024-26725.json) (`2024-04-03T15:15:54.257`) -- [CVE-2024-26726](CVE-2024/CVE-2024-267xx/CVE-2024-26726.json) (`2024-04-03T15:15:54.313`) -- [CVE-2024-26727](CVE-2024/CVE-2024-267xx/CVE-2024-26727.json) (`2024-04-03T15:15:54.367`) -- [CVE-2024-27201](CVE-2024/CVE-2024-272xx/CVE-2024-27201.json) (`2024-04-03T14:15:17.300`) -- [CVE-2024-28275](CVE-2024/CVE-2024-282xx/CVE-2024-28275.json) (`2024-04-03T15:15:54.490`) -- [CVE-2024-31419](CVE-2024/CVE-2024-314xx/CVE-2024-31419.json) (`2024-04-03T14:15:17.787`) -- [CVE-2024-31420](CVE-2024/CVE-2024-314xx/CVE-2024-31420.json) (`2024-04-03T14:15:18.310`) -- [CVE-2024-3259](CVE-2024/CVE-2024-32xx/CVE-2024-3259.json) (`2024-04-03T14:15:18.797`) +- [CVE-2024-27340](CVE-2024/CVE-2024-273xx/CVE-2024-27340.json) (`2024-04-03T17:15:54.453`) +- [CVE-2024-27341](CVE-2024/CVE-2024-273xx/CVE-2024-27341.json) (`2024-04-03T17:15:54.637`) +- [CVE-2024-27342](CVE-2024/CVE-2024-273xx/CVE-2024-27342.json) (`2024-04-03T17:15:54.820`) +- [CVE-2024-27343](CVE-2024/CVE-2024-273xx/CVE-2024-27343.json) (`2024-04-03T17:15:54.993`) +- [CVE-2024-27344](CVE-2024/CVE-2024-273xx/CVE-2024-27344.json) (`2024-04-03T17:15:55.167`) +- [CVE-2024-27345](CVE-2024/CVE-2024-273xx/CVE-2024-27345.json) (`2024-04-03T17:15:55.353`) +- [CVE-2024-27346](CVE-2024/CVE-2024-273xx/CVE-2024-27346.json) (`2024-04-03T17:15:55.527`) +- [CVE-2024-27673](CVE-2024/CVE-2024-276xx/CVE-2024-27673.json) (`2024-04-03T16:15:07.173`) +- [CVE-2024-27674](CVE-2024/CVE-2024-276xx/CVE-2024-27674.json) (`2024-04-03T17:15:55.710`) +- [CVE-2024-30322](CVE-2024/CVE-2024-303xx/CVE-2024-30322.json) (`2024-04-03T17:15:55.880`) +- [CVE-2024-30323](CVE-2024/CVE-2024-303xx/CVE-2024-30323.json) (`2024-04-03T17:15:56.103`) +- [CVE-2024-30324](CVE-2024/CVE-2024-303xx/CVE-2024-30324.json) (`2024-04-03T17:15:56.293`) +- [CVE-2024-30325](CVE-2024/CVE-2024-303xx/CVE-2024-30325.json) (`2024-04-03T17:15:56.480`) +- [CVE-2024-30326](CVE-2024/CVE-2024-303xx/CVE-2024-30326.json) (`2024-04-03T17:15:56.660`) +- [CVE-2024-30327](CVE-2024/CVE-2024-303xx/CVE-2024-30327.json) (`2024-04-03T17:15:56.837`) +- [CVE-2024-30328](CVE-2024/CVE-2024-303xx/CVE-2024-30328.json) (`2024-04-03T17:15:57.023`) +- [CVE-2024-30329](CVE-2024/CVE-2024-303xx/CVE-2024-30329.json) (`2024-04-03T17:15:57.260`) +- [CVE-2024-30330](CVE-2024/CVE-2024-303xx/CVE-2024-30330.json) (`2024-04-03T17:15:57.450`) +- [CVE-2024-30331](CVE-2024/CVE-2024-303xx/CVE-2024-30331.json) (`2024-04-03T17:15:57.627`) +- [CVE-2024-30332](CVE-2024/CVE-2024-303xx/CVE-2024-30332.json) (`2024-04-03T17:15:57.803`) +- [CVE-2024-30333](CVE-2024/CVE-2024-303xx/CVE-2024-30333.json) (`2024-04-03T17:15:57.990`) +- [CVE-2024-30334](CVE-2024/CVE-2024-303xx/CVE-2024-30334.json) (`2024-04-03T17:15:58.190`) +- [CVE-2024-30366](CVE-2024/CVE-2024-303xx/CVE-2024-30366.json) (`2024-04-03T17:15:58.383`) +- [CVE-2024-31392](CVE-2024/CVE-2024-313xx/CVE-2024-31392.json) (`2024-04-03T16:15:07.230`) +- [CVE-2024-31393](CVE-2024/CVE-2024-313xx/CVE-2024-31393.json) (`2024-04-03T16:15:07.293`) ### CVEs modified in the last Commit -Recently modified CVEs: `12` +Recently modified CVEs: `74` -- [CVE-2023-5178](CVE-2023/CVE-2023-51xx/CVE-2023-5178.json) (`2024-04-03T14:15:11.910`) -- [CVE-2023-6597](CVE-2023/CVE-2023-65xx/CVE-2023-6597.json) (`2024-04-03T15:15:51.783`) -- [CVE-2024-0450](CVE-2024/CVE-2024-04xx/CVE-2024-0450.json) (`2024-04-03T15:15:51.873`) -- [CVE-2024-26584](CVE-2024/CVE-2024-265xx/CVE-2024-26584.json) (`2024-04-03T14:15:15.613`) -- [CVE-2024-26585](CVE-2024/CVE-2024-265xx/CVE-2024-26585.json) (`2024-04-03T14:15:15.853`) -- [CVE-2024-26642](CVE-2024/CVE-2024-266xx/CVE-2024-26642.json) (`2024-04-03T14:15:16.193`) -- [CVE-2024-26643](CVE-2024/CVE-2024-266xx/CVE-2024-26643.json) (`2024-04-03T14:15:16.370`) -- [CVE-2024-26653](CVE-2024/CVE-2024-266xx/CVE-2024-26653.json) (`2024-04-03T14:15:16.520`) -- [CVE-2024-26654](CVE-2024/CVE-2024-266xx/CVE-2024-26654.json) (`2024-04-03T14:15:16.690`) -- [CVE-2024-26655](CVE-2024/CVE-2024-266xx/CVE-2024-26655.json) (`2024-04-03T14:15:16.860`) -- [CVE-2024-26656](CVE-2024/CVE-2024-266xx/CVE-2024-26656.json) (`2024-04-03T14:15:17.000`) -- [CVE-2024-26657](CVE-2024/CVE-2024-266xx/CVE-2024-26657.json) (`2024-04-03T14:15:17.153`) +- [CVE-2024-26717](CVE-2024/CVE-2024-267xx/CVE-2024-26717.json) (`2024-04-03T17:24:18.150`) +- [CVE-2024-26718](CVE-2024/CVE-2024-267xx/CVE-2024-26718.json) (`2024-04-03T17:24:18.150`) +- [CVE-2024-26719](CVE-2024/CVE-2024-267xx/CVE-2024-26719.json) (`2024-04-03T17:24:18.150`) +- [CVE-2024-26720](CVE-2024/CVE-2024-267xx/CVE-2024-26720.json) (`2024-04-03T17:24:18.150`) +- [CVE-2024-26721](CVE-2024/CVE-2024-267xx/CVE-2024-26721.json) (`2024-04-03T17:24:18.150`) +- [CVE-2024-26722](CVE-2024/CVE-2024-267xx/CVE-2024-26722.json) (`2024-04-03T17:24:18.150`) +- [CVE-2024-26723](CVE-2024/CVE-2024-267xx/CVE-2024-26723.json) (`2024-04-03T17:24:18.150`) +- [CVE-2024-26724](CVE-2024/CVE-2024-267xx/CVE-2024-26724.json) (`2024-04-03T17:24:18.150`) +- [CVE-2024-26725](CVE-2024/CVE-2024-267xx/CVE-2024-26725.json) (`2024-04-03T17:24:18.150`) +- [CVE-2024-26726](CVE-2024/CVE-2024-267xx/CVE-2024-26726.json) (`2024-04-03T17:24:18.150`) +- [CVE-2024-26727](CVE-2024/CVE-2024-267xx/CVE-2024-26727.json) (`2024-04-03T17:24:18.150`) +- [CVE-2024-27201](CVE-2024/CVE-2024-272xx/CVE-2024-27201.json) (`2024-04-03T17:24:18.150`) +- [CVE-2024-27254](CVE-2024/CVE-2024-272xx/CVE-2024-27254.json) (`2024-04-03T17:24:18.150`) +- [CVE-2024-28275](CVE-2024/CVE-2024-282xx/CVE-2024-28275.json) (`2024-04-03T17:24:18.150`) +- [CVE-2024-30568](CVE-2024/CVE-2024-305xx/CVE-2024-30568.json) (`2024-04-03T17:24:18.150`) +- [CVE-2024-30569](CVE-2024/CVE-2024-305xx/CVE-2024-30569.json) (`2024-04-03T17:24:18.150`) +- [CVE-2024-30570](CVE-2024/CVE-2024-305xx/CVE-2024-30570.json) (`2024-04-03T17:24:18.150`) +- [CVE-2024-30571](CVE-2024/CVE-2024-305xx/CVE-2024-30571.json) (`2024-04-03T17:24:18.150`) +- [CVE-2024-30572](CVE-2024/CVE-2024-305xx/CVE-2024-30572.json) (`2024-04-03T17:24:18.150`) +- [CVE-2024-31419](CVE-2024/CVE-2024-314xx/CVE-2024-31419.json) (`2024-04-03T17:24:18.150`) +- [CVE-2024-31420](CVE-2024/CVE-2024-314xx/CVE-2024-31420.json) (`2024-04-03T17:24:18.150`) +- [CVE-2024-3256](CVE-2024/CVE-2024-32xx/CVE-2024-3256.json) (`2024-04-03T17:24:18.150`) +- [CVE-2024-3257](CVE-2024/CVE-2024-32xx/CVE-2024-3257.json) (`2024-04-03T17:24:18.150`) +- [CVE-2024-3258](CVE-2024/CVE-2024-32xx/CVE-2024-3258.json) (`2024-04-03T17:24:18.150`) +- [CVE-2024-3259](CVE-2024/CVE-2024-32xx/CVE-2024-3259.json) (`2024-04-03T17:24:18.150`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 1739eaf5e83..9c12b60e985 100644 --- a/_state.csv +++ b/_state.csv @@ -112321,7 +112321,7 @@ CVE-2018-11303,0,0,70ea9612acb8b65a11f1f9a8ec94a74e38c1e18a45cd382ff638310ade908 CVE-2018-11304,0,0,72c3bab45838e9b2bbee33fc48d6865db0e19062df0eada8be89f11f3b281b2a,2023-11-07T02:51:39.543000 CVE-2018-11305,0,0,fb6e8c0d2450d24f44871d78390ea120681d5c6639f657d1b3d62e960a685ed8,2018-12-11T20:49:28.047000 CVE-2018-11306,0,0,81eb7feedeb6b0fe2bcbf63b8221f4400f95d49764b40f353a7bdb7b88a6d016,2023-11-07T02:51:39.607000 -CVE-2018-11307,0,0,22becd789f2718ec38ed2fcb14b37f71064b5072d5b6f25f137d9499a8f1d54c,2023-11-07T02:51:39.833000 +CVE-2018-11307,0,1,f5815c745bc530ca04661b75959d61efe60bf66b91c0d0ffbb00864989d4b664,2024-04-03T17:40:34.980000 CVE-2018-11309,0,0,677040b032e064292e2e5abf20f816ee5ecd801bf87aead5f6ff46339221244e,2018-06-28T13:29:28.760000 CVE-2018-1131,0,0,e5c647e7001764d5b085652710463d57c226fe09591c8357e75102ed1e1fcbd2,2019-10-09T23:38:10.803000 CVE-2018-11311,0,0,91601330cb5ed22147324351c8c4ef8389af745e8ce07c6784beeacdd70f1745,2018-06-26T17:15:41.513000 @@ -213682,7 +213682,7 @@ CVE-2023-20265,0,0,0c091afd14d5711c439fbcdf3d2f99ced3bb91b74f5385fc78f4f7b91a39d CVE-2023-20266,0,0,3a5eee81d849b6db2d391f77ef7f96ea11f0a856291afb27c32dac2d19deca76,2024-01-25T17:15:42.510000 CVE-2023-20267,0,0,de6add21c09f0a5da7662d7e7b9a0d22241afdd2b680cfb010d518d841693274,2024-01-25T17:15:42.653000 CVE-2023-20268,0,0,ee14446b8f9e475b8033e985a7e85c545d9bea71377f6635b7bf1f66bf09b97f,2024-01-25T17:15:42.763000 -CVE-2023-20269,0,0,10e5864d307845fe4c9a2dbf18691e5454bede3c5100c6b7dc95c013cded231d,2024-01-25T17:15:42.883000 +CVE-2023-20269,0,1,ffd3f24ba8c04dce01b7d80175695e31e999e6b15feb0610852fc47f50dbaafe,2024-04-03T16:12:23.737000 CVE-2023-2027,0,0,15caaef39db2ddcbc804d15258bd2151c6611f16e644517eece22c3865f1a620,2023-11-07T04:11:41.760000 CVE-2023-20270,0,0,d346527346ec8f64c2f181314a56e1c8294a8a278e5f9ab6e2f64f73c5897d76,2024-01-25T17:15:43.070000 CVE-2023-20271,0,0,ead0c0329e15d538f0bf8ffb29c98694cb476e668a1cfbdbfe0554590ea75e47,2024-02-02T16:15:46.420000 @@ -218072,7 +218072,7 @@ CVE-2023-25694,0,0,464fbfa1d242a161fe16a05493e4128187914fbebbfb66670b87d547dab2a CVE-2023-25695,0,0,bb4a715f34797be6d5b5310a52f10934c2ca2def44e00610c3d947967176af16,2023-11-07T04:09:08.003000 CVE-2023-25696,0,0,920703282199f13ec7ff226a4913933d3dda5fbf895421fd74b7e008067b9300,2023-11-07T04:09:08.073000 CVE-2023-25698,0,0,e56b7d935093bd493ce30761a0a46812c945e926647573c5d416569d592987ee,2023-05-25T16:27:29.670000 -CVE-2023-25699,0,0,6a92fe460514b718f9c9159af254d41849707ed5fb7821957e75ef7859ca95dd,2024-04-03T13:15:59.923000 +CVE-2023-25699,0,1,f0805b96ef3c8d36103c697b0963b14096ab5139a0b0c97c9405095269403493,2024-04-03T17:24:18.150000 CVE-2023-2570,0,0,8663252ec671c3b7a42e9d7664ba3c00e3ca93661a5d1c12b4a7aea331483c3b,2023-06-21T21:03:56.260000 CVE-2023-25700,0,0,df71a756eafc8f0c2c1757cb864d1ed6d6c386b8db0d927c9150d80b49761a82,2023-11-13T19:52:51.423000 CVE-2023-25702,0,0,478b32ffdd91425f5ae34d96cea2ce0295b6bdbe4293355e7dd899d7e42b63cb,2023-11-07T04:09:08.173000 @@ -225419,6 +225419,7 @@ CVE-2023-35809,0,0,2af7b6c38ac797eeba6f7eb24315d421f73f7a0b85bd07103131fa769f840 CVE-2023-3581,0,0,bf54b39ce745187f634327d5b7b9b3d5283194bb9afd593c900d8d9df4575fc8,2023-07-27T19:46:40.130000 CVE-2023-35810,0,0,fca763bfc4cf56fc2567c89f8607aced6d515698c271ff553c994999f63f523d,2023-08-23T16:15:08.490000 CVE-2023-35811,0,0,b337dbb57f3cf9600e01e2de4ef4e203d1dd6f11d383181f8cdff459ff3dafde,2023-08-23T16:15:08.927000 +CVE-2023-35812,1,1,745fde9f4d13bbe9dd0ae12779560933ae5b177f4b5ebcdc1859327a762e85b5,2024-04-03T17:24:18.150000 CVE-2023-35813,0,0,c885ffedba7904db4be21a5e27ea627ffbffd93115efb148939e576f98650c3b,2023-06-30T07:38:07.763000 CVE-2023-35818,0,0,d953019435103a8de11c9f1eb382e71b4450752413ceda6415bd56799fd1cb36,2023-07-28T13:54:09.400000 CVE-2023-3582,0,0,26ee31634e694050445262df7094041b5821bda2ea716f4c59e4add7c32db8fc,2023-07-27T19:49:10.477000 @@ -227574,7 +227575,7 @@ CVE-2023-38722,0,0,671011fc37535d006e8bd4f6abb1cbe4df128c90fe5d2c6bd583ead77ce13 CVE-2023-38723,0,0,96134dfa5c8cc6a33ce702e38b1d00898c8a0da2b221bfaeb2380ab217692854,2024-03-13T12:33:51.697000 CVE-2023-38727,0,0,67e3acf0dbfaba760bdb5942f0f234a680ed76f81d4b3e56c5dc500c4ddf8ec4,2024-01-19T16:15:09.123000 CVE-2023-38728,0,0,4ae0aa245bfd2c5b381beb3353a88eb25960c87d2f2b539906ba0ee433f0dd76,2023-12-22T21:08:08.530000 -CVE-2023-38729,0,0,769ca7f206b2bc7917db8691ed03bde492fc120af77b05a0564fc9b315f3d4bf,2024-04-03T13:16:00.150000 +CVE-2023-38729,0,1,92b868b263a832e9ef9457f3243ddea696e8e45e3e3ae7ded1d6df224102eb32,2024-04-03T17:24:18.150000 CVE-2023-3873,0,0,16713e1487e45edefdc32bccb969e56ea62b42866183772c1f2674ba9329c9c9,2024-03-21T02:48:50.017000 CVE-2023-38730,0,0,23521025db1b5ddb82740780a2bfb531bdc7c9195786ef77914f5eb7dafc55fb,2023-08-29T04:41:34.817000 CVE-2023-38732,0,0,ce7babb7441c0f57518f4e9bdc9aab1724e3cc787e5da79116bc283b904f8db6,2023-08-26T02:25:55.780000 @@ -231051,7 +231052,10 @@ CVE-2023-44024,0,0,6108684ec555d34c1235a6393019467a0164add2c26e3fe4f5d3a42cf2c10 CVE-2023-44025,0,0,ce13daf7d087803f98d3ffa4da1317cd5a866777929439f661c68b01a6a335cf,2023-11-09T00:52:05.187000 CVE-2023-44031,0,0,b57b10d58613b699e760525ed3d55ae5cb5e8194eff910d9d2648fc423f5e916,2024-02-13T00:57:11.897000 CVE-2023-44037,0,0,adcea95e6358f36191fe2daa41b3393ccbcc9ce819398d6ce619638a2c2e4db2,2023-10-19T17:41:28.530000 +CVE-2023-44038,1,1,b322f1a0781ed1742b61d16951904d6ff3757add8777d5dadd12be171bbd741b,2024-04-03T17:24:18.150000 +CVE-2023-44039,1,1,ff5c6f2aa1b687e1b6a240b03113a3d93f1fdc498e241cd1027c14289ab7942a,2024-04-03T17:24:18.150000 CVE-2023-4404,0,0,afb94a4c0ed361aa965da8a2c3478cfb322403a502ee0be29e7a03b5bd49ed95,2023-11-07T04:22:31.870000 +CVE-2023-44040,1,1,e136328f7259573d4578e1a59c30a2fa54ccdbc77107939e46b54e26ccd316d1,2024-04-03T17:24:18.150000 CVE-2023-44042,0,0,2ad87feb7796e699cd63533c232dc13b18e61c645a56cef29be0a072bbe5583e,2023-09-28T15:48:44.617000 CVE-2023-44043,0,0,7baae7beffca90c9531811e9fa2a8276e379ed14fc180bb24ae4c45f3b2dc728,2023-10-06T17:57:41.317000 CVE-2023-44044,0,0,ce144774d4f23fcc51310acd38360c5b059cf54c14530ccb3d14c5353ec6f6bd,2023-09-28T15:49:19.117000 @@ -231861,6 +231865,7 @@ CVE-2023-4554,0,0,b89408693b5a426477a9c944769371ea41d78a3b1a20217899f71ba49beec2 CVE-2023-45540,0,0,54f7fdff89d7f6d47ffe07135b7d96c371424799a4b9aeeabfb78156f80c5d2c,2023-10-20T16:39:15.033000 CVE-2023-45542,0,0,9f632f9472eec1375d8a5e9ecdb2d98c901c82133c7218c1f6d6b81a3ff38590,2023-10-19T17:56:38.130000 CVE-2023-4555,0,0,ac2906f039aadc536edce6f23d3bdcfe62bca9495cdae7c2a77aa47372203c13,2024-03-21T02:49:49.417000 +CVE-2023-45552,1,1,5df74cd1684332640189ee2b7f63520cd97291d446f7bdce2a6d8c1fd81d0055,2024-04-03T17:24:18.150000 CVE-2023-45554,0,0,171838c453980d099b881dfe11b8b12a68c09d07db95ac71ba5958edc4a8d8e4,2023-10-27T21:55:06.353000 CVE-2023-45555,0,0,791ac8db7d8c3e27d8491f2ea494d78da53d33f77b43834acc1b1ad4d885123b,2023-10-27T21:56:30.477000 CVE-2023-45556,0,0,ae515eaa8aca0c557ca86f576a7aef9babdbc9bdebc65ed6f4a7044453e4504f,2023-11-14T19:01:46.713000 @@ -235786,7 +235791,7 @@ CVE-2023-51773,0,0,8f846ca150db66d0b80073ac6f518008babc62296a2b97f49439a329f7415 CVE-2023-51774,0,0,fefdc22f78e7e05f25a3f4e35760275c17174e95fd4fc343f6a5c594077f56bb,2024-02-29T13:49:47.277000 CVE-2023-51775,0,0,d19885f765b5b97855c2cc0c3f3642c970a937503b8bc204147850896ff7aeb9,2024-02-29T13:49:47.277000 CVE-2023-51779,0,0,12b82d26e314364b82a1986c3c91216c9a108f09c5dc18b48ab69ac05149b4b3,2024-02-29T13:49:47.277000 -CVE-2023-5178,0,1,f06eb1d20f5d3c1e341a9033b7e72f097988ba079ae215a56b33bd5858bc4b15,2024-04-03T14:15:11.910000 +CVE-2023-5178,0,0,f06eb1d20f5d3c1e341a9033b7e72f097988ba079ae215a56b33bd5858bc4b15,2024-04-03T14:15:11.910000 CVE-2023-51780,0,0,a16a72c66560dfdcb72edd12fb9c9ab59947cff8de82bf627e84355dea3d28bf,2024-02-01T18:51:15.553000 CVE-2023-51781,0,0,943dcd6bc9ca41b409437da8a4375ab31f17544ddbdf352ff447f72ff83a2193,2024-01-18T19:58:50.630000 CVE-2023-51782,0,0,4b4197672003cf4578a2bf0f31c16f034d56fceca2a499cb095add5bbd47b401,2024-01-18T19:31:37.630000 @@ -236068,7 +236073,7 @@ CVE-2023-52286,0,0,e3cc7081d095f3a23032a26323048d6596bbf2b2c2019700127ad6b34c3fb CVE-2023-52288,0,0,fdc8cfb88c9fca7195d89b1b10fd0faa7b6e4fc902824e291d86fba27daafd3b,2024-01-24T18:40:15.637000 CVE-2023-52289,0,0,1f6d262e6726a2c4a9b2e8c08858f47aee9c6687d08ddcc0a1d5481105c4b19c,2024-01-24T18:48:24.283000 CVE-2023-5229,0,0,c63670e2a38b6ea58305de35364e2f771fd3e463d4cd1d029ba69dd11d623a38,2023-11-08T18:35:10.590000 -CVE-2023-52296,0,0,39039284d20c6cbf724e37ac5906f4f948ea866fce0f5bafd5d1ca5e6593d57e,2024-04-03T13:16:00.360000 +CVE-2023-52296,0,1,b255aec8b820869683b83c22e635f47c789253f234036c45836dc75713d30222,2024-04-03T17:24:18.150000 CVE-2023-5230,0,0,438699b5514b4ceefe4d8c1733138842dd2d26f6bfe2c290df4f68a8ce73aa28,2023-11-07T04:23:38.493000 CVE-2023-52302,0,0,7bd3c1af9cb53d17263165b1c3722e7acd53823308aae9fd993854c7c309f0d9,2024-01-05T12:14:39.403000 CVE-2023-52303,0,0,f7ccea07e1dbc34bd9321cb34f071eeb01566af26202e35f5609e4b282b6ea99,2024-01-05T12:14:41.567000 @@ -236351,10 +236356,12 @@ CVE-2023-52633,0,0,994dc33effe20bcda42b3f8baa7344472ba337f1b03cc5040c676373fa32e CVE-2023-52634,0,0,8265695e3c84a59f01020d2f988756cfe1787db1189b60d300b36503abb1b84f,2024-04-02T12:50:42.233000 CVE-2023-52635,0,0,0ffb4f2ced9ab0b9abbae880421a4a1f5e3623384c2d99c43bb1870fba0ce133,2024-04-02T12:50:42.233000 CVE-2023-52636,0,0,21265293ec935716b77d602f9cef546cb5a051b95b1ff71c38e28ccf52038a90,2024-04-02T12:50:42.233000 -CVE-2023-52637,1,1,bad1285b7d951c78a410a6270a24869c6be032b89df35d282c7421d7612db265,2024-04-03T15:15:51.347000 -CVE-2023-52638,1,1,c47430c331fa263bc46b7fb23e2f4306134c70b983a31b6c787987d3c37e6ba8,2024-04-03T15:15:51.417000 -CVE-2023-52639,1,1,05c25170aa6a464ef3e37c6315331328fe93935dbf7800cffca41d55857dd6ee,2024-04-03T15:15:51.467000 +CVE-2023-52637,0,1,47ace759c045a665165f6cc914c0f7b61f1eea6b869fc351a48fba4f39fbe75c,2024-04-03T17:24:18.150000 +CVE-2023-52638,0,1,b38dac86808270c55621163e46a701e8b54f58af1385d15f0376150acf368170,2024-04-03T17:24:18.150000 +CVE-2023-52639,0,1,c97457eab9b6cd20e9122061703fad091605dff037939f584b75a8f084bf6e47,2024-04-03T17:24:18.150000 CVE-2023-5264,0,0,7347eec07eb374fa71498dcb5baa16d40eadd7796ae58c56cb5542f911c08d00,2024-03-21T02:50:12.043000 +CVE-2023-52640,1,1,e62e46f65fcdeff38f22adc2e1c52a9abbbb96b1f5f03dad3907528259eb3dd8,2024-04-03T17:24:18.150000 +CVE-2023-52641,1,1,61a8c466c0d8adc9af091ef19d24077081f33c25be542f836fdf30beff91fcba,2024-04-03T17:24:18.150000 CVE-2023-5265,0,0,a2593868cc8025edeae179a722294beacfae058f7c712cda49462fbdc5096bf5,2024-03-21T02:50:12.123000 CVE-2023-5266,0,0,7e987961d39a4c85b88aa95c8846a47975ab381f916910d8d060a474dfeca830,2024-03-21T02:50:12.200000 CVE-2023-5267,0,0,e91d74ea866737d4d28cc7f578c7dd8b86924e4f56d5504bcd846ef392a4c3f3,2024-03-21T02:50:12.287000 @@ -236790,7 +236797,7 @@ CVE-2023-5750,0,0,7a2bcc7a9a7bc4b47543928d6a5a38b365e029251ba2104cb9d7d686c91745 CVE-2023-5752,0,0,fa92e697d2dbadfc2a7a780d7004aeb19254ac0f8880523350d87d25e11f0a21,2023-11-03T14:55:50.973000 CVE-2023-5753,0,0,2bee06fd8baa26d4b5313a1968f2971be1c00d0f2aa7c0465fc4e689e9f03152,2024-01-12T22:04:24.617000 CVE-2023-5754,0,0,74e3317173de33bfa6ebeb8bf0fa083999eace4e572f6e46483b408f783451af,2023-11-06T19:08:13.417000 -CVE-2023-5755,1,1,2f136a4d73250351f0e7ba05ba8108e34ab226a4c4e95d73d21f83a07a9a9b7f,2024-04-03T15:15:51.520000 +CVE-2023-5755,0,0,2f136a4d73250351f0e7ba05ba8108e34ab226a4c4e95d73d21f83a07a9a9b7f,2024-04-03T15:15:51.520000 CVE-2023-5756,0,0,a7fff500251e217a582f3e55db40cd63ce3b9448747f55a1f0a83d3de11be857,2023-12-12T22:33:17.393000 CVE-2023-5757,0,0,7b398d4aecbd9e3eb61e9f4dfe0540006b4a83f723e473f0069b20a27a26847d,2023-12-13T20:29:04.543000 CVE-2023-5758,0,0,279946a19c7b51557ebe0ce07f4091ba364aefa2d5c680bc6d592adcdbea1b8a,2024-01-07T11:15:14.427000 @@ -237497,7 +237504,7 @@ CVE-2023-6592,0,0,64cc414903b2337cb0bd8a5539f823df2fd800285d9deb31df562c295ab75b CVE-2023-6593,0,0,e3b3e08c9100a5e7cf14c217c401234f02853669dddb630e64650e50aa403cb9,2023-12-15T14:38:03.057000 CVE-2023-6594,0,0,d3868296aafc64b6514f2cb5804c13a0687b79a1bf9d5ede2da8f4a451319021,2024-01-11T23:32:17.207000 CVE-2023-6595,0,0,36c4a8ec5f87bb2afaaafb9bf8ff027d48fb76423d85051bd988412db95a161f,2023-12-19T17:51:54.827000 -CVE-2023-6597,0,1,0ad4260f4e12f5442e67ca98f3e26ae0d54d4cd318021b60e0b78bb11088338f,2024-04-03T15:15:51.783000 +CVE-2023-6597,0,0,0ad4260f4e12f5442e67ca98f3e26ae0d54d4cd318021b60e0b78bb11088338f,2024-04-03T15:15:51.783000 CVE-2023-6598,0,0,8b8f7f87f85d85987c85ed76cf906c53121cfbe34e11294d4d2ee1e26a9f8779,2024-01-17T21:24:33.233000 CVE-2023-6599,0,0,a782437846e35b14cfc1bab743463edcd34abeb3c74717f8ec091163e3cb6d86,2023-12-12T17:22:17.503000 CVE-2023-6600,0,0,5f831a8b56a5e0738a2287ebfb92087ea24b0b41fd445ecae0c2fcd42b5f0965,2024-01-10T01:15:38.327000 @@ -238258,7 +238265,7 @@ CVE-2024-0387,0,0,23bc6e3476c46e45c0f1cab9e646ec38242c781b5838e9b0de1712412e6d88 CVE-2024-0389,0,0,54603acb6d5b07fd510773ee31a014da8fb936acbf60d2c212b5f0e73f4e6544,2024-03-21T02:51:09.250000 CVE-2024-0390,0,0,9f797e4a099c94c2da0407f1b9d4e4b6fb9f46975b208cacd9e42b322aa5198b,2024-02-15T14:28:31.380000 CVE-2024-0393,0,0,da969f8f421acdb215c775785004bc08bc486dde722bd2cf22073edf20e709fb,2024-01-12T06:15:47.157000 -CVE-2024-0394,1,1,a0ecfe77d0a389c38a22c71ada152fd1550a07251894e46d152d7f996ef0e626,2024-04-03T14:15:13.170000 +CVE-2024-0394,0,1,b23cba189b6e1b396045ec82c78a5061be9b5b1e5f43e779ea9c41c520c4e74b,2024-04-03T17:24:18.150000 CVE-2024-0395,0,0,9697a8ac3bbf759d0c2ea19b7ab0aa903676619b1d5a607c85b8d090a4e44ee7,2024-01-10T14:15:44.970000 CVE-2024-0396,0,0,106628bcb832aae2e274e4e91fdb5add809827efe4c459066d3102ffe0249334,2024-01-29T15:22:40.317000 CVE-2024-0400,0,0,18035b4484267a537c15645ebee53285fc55ae5559f980b5f9795ec2795f24dd,2024-03-27T12:29:30.307000 @@ -238302,7 +238309,7 @@ CVE-2024-0446,0,0,177f0f6fa9da6f41d147a83b94c4a1a182c538433bae32bd44fabede9ad39c CVE-2024-0447,0,0,0c6016e0347b145a593fad6fcd7d63ca3384ae4f246f4c3ce15c3efcb70f925f,2024-03-13T18:16:18.563000 CVE-2024-0448,0,0,34d135a6c32b742f6287060adde7fa7a1eec7917b9f747a74526de46b9fe8477,2024-02-13T18:33:30.020000 CVE-2024-0449,0,0,04b2f76b62eb26ddbf7fa5138c96f420527f366e1f0ea44623218005ce795988,2024-03-13T18:16:18.563000 -CVE-2024-0450,0,1,fd3a2d52cbddceda93f3b310b1905a20f03ddaceb2461132be09889719dafd9f,2024-04-03T15:15:51.873000 +CVE-2024-0450,0,0,fd3a2d52cbddceda93f3b310b1905a20f03ddaceb2461132be09889719dafd9f,2024-04-03T15:15:51.873000 CVE-2024-0454,0,0,810f9e73f945a577a0ff7132f31c0f57509a3b365a63653925f66b4427090389,2024-01-22T16:10:47.897000 CVE-2024-0455,0,0,ad0560da6bb8e515170fb5f5abe4324ffa964b23a03e1a8f57d4bad150093bdc,2024-02-26T16:32:25.577000 CVE-2024-0456,0,0,b7149a60bcad100dc614ada7456561f1d7527e1b845005213074d4fe4b957d52,2024-01-31T20:12:00.077000 @@ -238906,6 +238913,7 @@ CVE-2024-1176,0,0,c3e2f9f074256f32c40782bd3540058270027d3dda944431123aad76c42781 CVE-2024-1177,0,0,2975630ef7f8a77b7876a87ad1120fd917ca4ca2d762e9d0ae54267a750cb012,2024-02-13T14:06:04.817000 CVE-2024-1178,0,0,2956184307d83e7ee9b0f4a4e78f3d9e7b6aa234978af8029ac9021a0be5d94e,2024-03-05T13:41:01.900000 CVE-2024-1179,0,0,021c629d3779737b7d82b050f297fa166d2dce17da45eec990d84ef3164da439,2024-04-02T12:50:42.233000 +CVE-2024-1180,1,1,872882b46ecd6b91b1eac476150f11d534ac4102e8f39bae99b10ef15c648d7b,2024-04-03T17:24:18.150000 CVE-2024-1181,0,0,f4a978c4d2452d8950fb92a1a4c64615f2c478c04cd1bf9698d2acd20291fb2d,2024-03-20T13:00:16.367000 CVE-2024-1184,0,0,fbc2a4e18cfbe0c20a9cd841e359940f35b10a3e458b3837398077d481fc2f13,2024-03-21T02:51:36.537000 CVE-2024-1185,0,0,03d14ed2b0953a78fc7f4e6cfc2a091aca94364f60bcb14fb628576a0319372c,2024-03-21T02:51:36.633000 @@ -239488,7 +239496,7 @@ CVE-2024-20046,0,0,2cba072f4cd2db8c9c5cb3840357010610d1247c5e1755c7643a5f7260dfa CVE-2024-20047,0,0,9d6cb7dfa9114ada225af7c749eeb93923cbede21f03ef42e27c532f10e5fc77,2024-04-01T12:49:00.877000 CVE-2024-20048,0,0,0f719486757c5ba540a251acc738c73960495708fcc2be800aaa527c40d50460,2024-04-01T12:49:00.877000 CVE-2024-20049,0,0,cb4fe83676c50be268edace6d1929dbdbc990d365f3bb50c2ed41db827af9dc8,2024-04-01T12:49:00.877000 -CVE-2024-2005,0,0,0a204161c9448048cd66fbf91bafa8438461c235083297fff577722cc214206d,2024-03-06T15:18:08.093000 +CVE-2024-2005,0,1,daea362fffde0fb082d151df2358d46320eb09b5bd7b3280d080d5b1980ab867,2024-04-03T17:15:55.773000 CVE-2024-20050,0,0,df2debcf80a415e7ec9c052606489aaf2ef4fe8590b774a2846ea9c3b998cfe6,2024-04-01T12:49:00.877000 CVE-2024-20051,0,0,9435a36585c286ff573723750fe3df7cd0cfbc32756f66250700bdcddcf842cf,2024-04-01T12:49:00.877000 CVE-2024-20052,0,0,55f5f41d25b73cc9c47d12347c43a564023c2ca5ecfe3c473e5595bf096d1c47,2024-04-01T12:49:00.877000 @@ -239523,6 +239531,9 @@ CVE-2024-20276,0,0,296a5bdd5467948ab48ce59d6adf71ce96a1b7c0465de9d78357fece032b5 CVE-2024-20277,0,0,c44de8c225b0707871143fcb06737e334d929dd5a0acde877fcecec9290acbf6,2024-02-02T16:15:54.787000 CVE-2024-20278,0,0,3422bd62c0dbfc03ee503f488f9025cb4328d1a2c7b9cbaa4588ba28546b6550,2024-03-27T17:48:21.140000 CVE-2024-2028,0,0,5879943042d614ba399bf0758e5dda45ae5ecb9ad367a59e13a5814f1ed688df,2024-03-13T18:15:58.530000 +CVE-2024-20281,1,1,1da4959da1365ea1b5c3353cfdd54785f6f350629c78f91fbd448e94ccd5e67c,2024-04-03T17:24:18.150000 +CVE-2024-20282,1,1,3331bb12ae6069cec97299aed598380353ed834b4bfc559c4b7c3b05b3a32c18,2024-04-03T17:24:18.150000 +CVE-2024-20283,1,1,7c9be3a534e3e57a4f708018c438794f75d26f011176239fba286a2f86b16ba3,2024-04-03T17:24:18.150000 CVE-2024-20287,0,0,73801d80b462793a88b2af436ab77ac49555a7cb9634b8a2ccc26dc598e491a1,2024-02-02T16:15:54.887000 CVE-2024-20290,0,0,057d5dfa7ca9ea45e2cb423f9faaf6e87f8f428206a3f34ecdd5587406e21147,2024-02-15T15:43:27.240000 CVE-2024-20291,0,0,871201adb3aa4676f62b167ece01efc309c4f8e84a1b9ad2c253a83a6590ce0b,2024-02-29T13:49:29.390000 @@ -239530,6 +239541,7 @@ CVE-2024-20292,0,0,bd2670c9582b587cdf9a7328c2351789f5b8997cab8f7bfcaca92954507c5 CVE-2024-20294,0,0,1d3a9a3e9164827aaec419fc6a9a7d933913e3a790dc40da7ac082a33393bbf9,2024-02-29T13:49:29.390000 CVE-2024-2030,0,0,1279e34f262b0c0064508219ec7b722bb72cd0ff45a7c2dd1c4bd367a96f5a52,2024-03-13T18:15:58.530000 CVE-2024-20301,0,0,5731f674f5ae2bcf96420fc328e70e5146901802d1ab3db25461c019cd20961d,2024-03-07T13:52:27.110000 +CVE-2024-20302,1,1,d6aa187dace130519e84a9b875a27070bcb27ea462051b027aefd8b833d04683,2024-04-03T17:24:18.150000 CVE-2024-20303,0,0,e5ac9d50052f4c4c8ef804ccaefc800a16509a09aa16e231d189818adcc2e3c2,2024-03-27T17:48:21.140000 CVE-2024-20305,0,0,ab61a4ab7882e267880cc2c0e6b3ec1ab9c8b4d0dadf3a4832bdf14ae2ae012d,2024-02-15T19:56:38.910000 CVE-2024-20306,0,0,7ce4ce882880d6a48a5bc5e41b86d2467b57bc87bd8f78243b3657e3eec48482,2024-03-27T17:48:21.140000 @@ -239537,6 +239549,7 @@ CVE-2024-20307,0,0,cfac14e2d03f5d2ce0658f69db5b5fd1610287e2ff1d64a236d9cbc4d290f CVE-2024-20308,0,0,af0b2c931d159b241294b59c6f7af8dddd60840a0fc7fa6b1fc4c79e4a4631f3,2024-03-28T02:01:21.693000 CVE-2024-20309,0,0,e1a5a828e0a9998a91a0f24ce922d605b9c5494ea6372c8e56a89d1b0cae6848,2024-03-27T17:48:21.140000 CVE-2024-2031,0,0,8c1bcd6bbcf916842768e08303dd42fc425614624a1e3216d105b6a1ddb5c8c0,2024-03-13T12:33:51.697000 +CVE-2024-20310,1,1,b28888654551c44468d57d6bc0482e4be9f758afe74822fa85c77df17bb5f28b,2024-04-03T17:24:18.150000 CVE-2024-20311,0,0,c693e0e2ebd0ccff4af9c3de016bddd629d8a55f7bab90eb59f830d5f1210bde,2024-03-27T17:48:21.140000 CVE-2024-20312,0,0,c48be856a777b8fad526c083b489e4d8d6e24a6434163b12913e7e6d6bd387df,2024-03-27T17:48:21.140000 CVE-2024-20314,0,0,25da68acd340edea4119f8cd36c690ff3a322aebd5bc20462f4be9eaaddee7e2,2024-03-27T17:48:21.140000 @@ -239551,7 +239564,9 @@ CVE-2024-20324,0,0,4ceb90fa15b34b60a6093578287d94925925781fa75d2c106af71ed06f3f6 CVE-2024-20325,0,0,dfe1f947bf6fc9efa452f1881c4faae47bd9e909bfa416f69baa534db16c5289,2024-02-22T19:07:27.197000 CVE-2024-20327,0,0,99fc6b346e02158b3f4b7079ce29acef1779b3bc5057517cd2f663d4239946c0,2024-03-13T18:15:58.530000 CVE-2024-20328,0,0,f336e809226305b79cd50f26fae203aa1632211d86957dd92abacb2f83d51af6,2024-03-01T22:22:25.913000 +CVE-2024-20332,1,1,c80f3e7914a96d89df686f4ba74c7a2fddff7a55803849179a98a0b523532752,2024-04-03T17:24:18.150000 CVE-2024-20333,0,0,0fc0d9f2bb75be1d1f2fb11cd6f9cf26712193c623a9dcfd720083347398fc6f,2024-03-27T17:48:21.140000 +CVE-2024-20334,1,1,8d38809b94e28ca7ffede1d1de69806017529f0279dd789be5ee8752d561c89c,2024-04-03T17:24:18.150000 CVE-2024-20335,0,0,e7a578f13e250b46805a1e9177b3b5be279d06874d056b5f6fc5ebbcf99e61d7,2024-03-07T13:52:27.110000 CVE-2024-20336,0,0,79e0816d77620de3a577cfb98875db786f37b5ccab0f43d45d78748499d8cbc3,2024-03-07T13:52:27.110000 CVE-2024-20337,0,0,3b1a37d60fcaa85f947811f983b479d3e4900eee9d9299595cf069082e613c78,2024-03-07T13:52:27.110000 @@ -239559,7 +239574,13 @@ CVE-2024-20338,0,0,5566f1b7285f199c07a2500bed0125d8d757cef5cccae1c32214ac0d6cd53 CVE-2024-20344,0,0,5701c086cd49552fb9b4e42b34522b298fb97269a26ec090e5fb132f538cd956,2024-02-29T13:49:29.390000 CVE-2024-20345,0,0,3d1a51edca02a2407f1ed6f3ffcbd5d09253c77ae2ce2b00247da9ce4f441eef,2024-03-07T13:52:27.110000 CVE-2024-20346,0,0,f967daadb6c5a5a55ae179293422d73f8c43ceb443c382f34755b3930e28b331,2024-03-06T21:42:54.697000 +CVE-2024-20347,1,1,386a688a6e26b4724dfade38395aca25de51a6d938098a200cbadeba3c223ad4,2024-04-03T17:24:18.150000 +CVE-2024-20348,1,1,477357dd62b19965ca338372c54652b13dcf294dfb2ecae4286d9caa316e8f9e,2024-04-03T17:24:18.150000 +CVE-2024-20352,1,1,8af34dcc4e49320fd4763b2cc09252fbefbf55db0b4f49fcd3a4070674825c5d,2024-04-03T17:24:18.150000 CVE-2024-20354,0,0,d77b2c2498bd40063174d789072339810259d4fa0e4bc5c8d41a694f11a95e02,2024-03-27T17:48:21.140000 +CVE-2024-20362,1,1,00546d5798ae796c201943431758db863e341f760cce64a1c90b8ec2129f696c,2024-04-03T17:24:18.150000 +CVE-2024-20367,1,1,26f8646b197f45c03b4b1627273c9f00dfbc4d7ab41f12bb8dbf9ee843e0bdc0,2024-04-03T17:24:18.150000 +CVE-2024-20368,1,1,cf9f24e7fbc2699c240f1ae6fdd06e6b273be2207587ff53353eccd6e617395e,2024-04-03T17:24:18.150000 CVE-2024-2042,0,0,f6d54c5204cd94c19a84e1963b44103dc197c946869366cb59a65e7a4114231d,2024-03-17T22:38:29.433000 CVE-2024-2044,0,0,3d73c6b2cc04bd01f48c15467e360d6d6689d47e2b89d6d93430f2c98bfeca1a,2024-03-23T03:15:12.063000 CVE-2024-2045,0,0,72838b74e2668b744754639ee1018477ba3696de5929605fbc709ccd12df2c15,2024-03-01T14:04:26.010000 @@ -240171,7 +240192,7 @@ CVE-2024-21863,0,0,271dac2898e305fa77d04d20ca85b0dae0a5a0857bbfa85084510f677962f CVE-2024-21865,0,0,7a0c150742a363fb7b1bfb201c6089eca71d87169fcff3d08a3aee9d2d9b45ea,2024-03-25T13:47:14.087000 CVE-2024-21866,0,0,e7c03b05e2d3f94b4b523aca377b349190d980e16c741cbf713751bf3c07dcf0,2024-02-07T17:27:52.793000 CVE-2024-21869,0,0,48ec62155fd9a810461dcd57893eff3c63fc7d7992b6dd94f9f3d8f38382a25c,2024-02-07T17:29:50.927000 -CVE-2024-21870,1,1,fca16327584a0f0eba1d68a84f07d4f4041ade4d59764af5cfabd440473c69f4,2024-04-03T15:15:51.953000 +CVE-2024-21870,0,1,16093cd109099ea0d0ff8ee14afc269007d22cbeaf7d1dc221a7172576f4c5df,2024-04-03T17:24:18.150000 CVE-2024-21875,0,0,8d4925e22ef735a1eb9bad6264e6f33c2cafe0b7aaba00ae03cfb62fe8c61764,2024-02-11T22:29:15.837000 CVE-2024-2188,0,0,6b5888357b2de45eab7adf757198d53f35288744f0d7f0ac4c1d06866a31edc5,2024-03-05T13:41:01.900000 CVE-2024-21885,0,0,2ded91db474abcb1cfa7458555f469a31dde320770425e9a420b652d27c566d8,2024-02-28T14:06:45.783000 @@ -240312,7 +240333,7 @@ CVE-2024-22164,0,0,477ce475db07f491f945e658dfba7270a678f1c9f9986653d1cf70ab7be3b CVE-2024-22165,0,0,e5745c0914c304a6a883c5cbbe12f7d3b628ffd9c8f1f4447610dc31781824ee,2024-01-16T18:30:58.893000 CVE-2024-22167,0,0,66eeaa7802a03d7220e8e4d342cc2b136735ca1b12a8df28a329ae7f7fc30d01,2024-03-14T12:52:21.763000 CVE-2024-22177,0,0,1ff2297e612a95969b8693bc6a53ecafa7223eba267b1cfe298d3bc1fedfbe99,2024-04-02T12:50:42.233000 -CVE-2024-22178,1,1,96d2ae141b7f9be25c582d12e69030b95d687daafb6da9161c32e08b403339bb,2024-04-03T15:15:52.040000 +CVE-2024-22178,0,1,0704e65ab7c5164ebd76a87fea885127f6bd30204a3abe8ca923967590841504,2024-04-03T17:24:18.150000 CVE-2024-22180,0,0,19e9318ece70bb0e88968bad696b07798db0b84c54153f426e33acb6b2d89f93,2024-04-02T12:50:42.233000 CVE-2024-22182,0,0,c37429a1e773cd50685496ec9ddb451e2a401ebdf79e9825aae05fc9d7f76705,2024-03-21T02:52:00.913000 CVE-2024-22188,0,0,c925f824384b59eea62dc4af4666ddb75fd12e09a6bf8db8c7f8ccf3dffad485,2024-03-05T13:41:01.900000 @@ -240422,7 +240443,7 @@ CVE-2024-22353,0,0,dcde4e1942667b685d2979f87ac00f95d42a8fc5d16f7dbd8bc9f66a2b78d CVE-2024-22355,0,0,90575169d286b28c7ce02c7d947a264d77a6f25776530138b50b2f2dbc394220,2024-03-04T13:58:23.447000 CVE-2024-22356,0,0,bcc46874c9752933a72230517b74ad7a7a0d54dc67e233e91127533dfceeba1c,2024-03-26T17:09:53.043000 CVE-2024-2236,0,0,17401211af38608097c003c3b08d6e3d90e3570b70699d89a2e396d5b72c602a,2024-03-07T13:52:27.110000 -CVE-2024-22360,0,0,b1577e7bfead8752c54e85cf141f051b4ea451dd86444e439701d0840d08465e,2024-04-03T13:16:01.183000 +CVE-2024-22360,0,1,dde3d7768ad1c8bc414b134384042470a384d3453ec0b0a0aa751c2a96e1b961,2024-04-03T17:24:18.150000 CVE-2024-22361,0,0,2cb34447b61b8680c66e6f142987700b31f9f16d4e9b8d748c59e5b8ad5a9a29,2024-02-16T21:35:31.953000 CVE-2024-22362,0,0,826381d745a7bfa89e56ba8a6fed4317ed24204ea30e248bcffb2a9894398594,2024-03-21T02:52:03.063000 CVE-2024-22365,0,0,b09f0e3dd0fc2bf60706805e33c1f78b209416e9ed2aa43cb1cfb00b1fe90d17,2024-02-14T00:27:40.143000 @@ -240901,6 +240922,7 @@ CVE-2024-23537,0,0,96eef6f76991a1a55f7d229ca8a3b33f581b7319972cd930d631e9319229b CVE-2024-23538,0,0,50b591950cc002b79d242bc9e7f3aaca23cb39c203514c020bf3a7ec254b4e07,2024-04-01T01:12:59.077000 CVE-2024-23539,0,0,bc31cfff0dd88ee7ce5a2af9de32aedb0a572ba45615a6e972feb3c8c46e7ce2,2024-04-01T01:12:59.077000 CVE-2024-2354,0,0,ba98f1b9ce050b5f191557b519ba3636644201765c85e720862fdcfe25babec5,2024-03-21T02:52:33.343000 +CVE-2024-23540,1,1,07aa3c96f33f2f446cdc452d22225ff8aea91bcba1cb17da8c10d1f10c5194ce,2024-04-03T17:24:18.150000 CVE-2024-2355,0,0,d8b3703bf370f20be8edc81d50e6e26273e79d0c0c89555bc99ef07f5529a91e,2024-03-21T02:52:33.423000 CVE-2024-23550,0,0,233aa541fdda788f0e4e95c8a9a0a8f5d7fa7689dcd559af0cf5e5843a531076,2024-02-13T00:57:33.613000 CVE-2024-23553,0,0,51ea2d50cc1ff4dbab518de2a29e9ef6a91bd6b91073c23eb1a7f0cb7c8f1090,2024-02-10T00:59:00.423000 @@ -241397,7 +241419,7 @@ CVE-2024-24701,0,0,c388b86a0d2431583cec02e78e4c710434d60dfd05269a5125b21a1498f26 CVE-2024-24702,0,0,68169c2ba8781d542981a3a82b3dbedd86a42bda996e358152d83922edc27359,2024-02-29T13:49:47.277000 CVE-2024-24705,0,0,ec2ce8236049f46f3eb88b140e7ef49b1684c75c01d49904df6e6b36582e7ddd,2024-02-29T13:49:47.277000 CVE-2024-24706,0,0,4d433b03a4c26ebc6bd4b9712c01509648b3f2cecc7341b14e252b0e38dfa793,2024-02-15T02:09:50.480000 -CVE-2024-24707,0,0,c8b48fefbd27b5dbb2aaacda2e962a85f89e1b6dd91d3262ec79bf92d5158015,2024-04-03T13:16:01.383000 +CVE-2024-24707,0,1,e9eaf11ec6d77d6d63fe4c4f7a4c514f1071c80be95f64729ea7f3c4592d1bf8,2024-04-03T17:24:18.150000 CVE-2024-24708,0,0,0f8e81f3aba5b23c6e778b4d19d5d812998e1b5ce45774f77b59373f3047230f,2024-02-29T13:49:29.390000 CVE-2024-24711,0,0,5c25fab34a5071c77f4fe30781ea1d599a845486544449ee6790bb4d57dacb97,2024-03-26T12:55:05.010000 CVE-2024-24712,0,0,3eb883409ceb5cd8ab7cfb2c23165937e7138a0fdba93206148a8d8c39991d81,2024-02-16T14:48:04.207000 @@ -241588,7 +241610,7 @@ CVE-2024-24964,0,0,3c015ff9319add283b75ba9284dbb0964a9d4ce7edb50d2870b6147733f7e CVE-2024-24966,0,0,b8b1142fa7a04127bebdbfe2d935a3fd815c1f2bb5c99e70bfcbb30576800e5e,2024-02-14T18:04:45.380000 CVE-2024-2497,0,0,26367b992b705e3a1e9a4f207ca2598cfc8985a632173d153ce10f504df7f6b9,2024-03-21T02:52:35.490000 CVE-2024-24975,0,0,c403197a52452c60ee17afdfbf9edd4a6993ed059ba65add25a9b2620ac53eb1,2024-03-15T12:53:06.423000 -CVE-2024-24976,1,1,2f6a6e97b0e4b248f3be6f02ce6f9f27825b26f8122d5ef699e66e2743bb18de,2024-04-03T15:15:52.127000 +CVE-2024-24976,0,1,05e50835253d405344bcce43c792303468cefdb2ef727462820c1e8401a1c574,2024-04-03T17:24:18.150000 CVE-2024-24988,0,0,5be9c22e9d6c42885be25053a8e3f832fee202eb91ce1cb05a36918eae761d1a,2024-02-29T13:49:29.390000 CVE-2024-24989,0,0,39be90963d0952b8475635420a2f64ca0893f9b2941aa846029d2a39bd57b9e9,2024-02-14T18:04:45.380000 CVE-2024-24990,0,0,f549c5a0bfcab6df0ca6e0a5d66e4c65b77814eac3b9adbe63217da37b030524,2024-02-14T18:04:45.380000 @@ -241601,8 +241623,8 @@ CVE-2024-25006,0,0,c414b5ce0a5aca9d12e72e07e5e6c8a1c9166fcb862e4319cd46e89cdea2d CVE-2024-25016,0,0,b2e53a7c89b3634211a0ab97be429b79a4ba549d8d66332fe5eecf2928e6745c,2024-03-04T13:58:23.447000 CVE-2024-25021,0,0,62a0335232b74d01ee7f015949b10a01e944590aa7448fb13b5616593f03b63e,2024-02-22T19:07:27.197000 CVE-2024-25027,0,0,506fa0f038304c2bb065c6aafbb038363984a8c8037945872a1b74013246a31c,2024-04-02T17:57:34.440000 -CVE-2024-25030,0,0,eead58c8d1150b9357f4d1b2c1ab011f2f4e7aec84a318e3a4b62d092653dcd9,2024-04-03T13:16:01.590000 -CVE-2024-25046,0,0,288f480b9aeca380a275cf69703a9a4d7730be8122dc7a2d42deae7074433f6f,2024-04-03T13:16:01.790000 +CVE-2024-25030,0,1,daa9e08398abb362d3ba71da364bf16fe2664280b4843835da68883c290f9abc,2024-04-03T17:24:18.150000 +CVE-2024-25046,0,1,7eb6e85598af1646eea46d091c1c8b7c59644c23e874902a75020609a2d507f4,2024-04-03T17:24:18.150000 CVE-2024-25062,0,0,9596ed5cf07a8bc8469d4afc28fc727a431af7cff3b6b8e84435c301d9955756,2024-02-13T00:40:40.503000 CVE-2024-25063,0,0,8296c4ac18003d6d927b0c45a19a753add4384ce34fc59926d1f36a726ce4dbf,2024-03-04T22:45:02.117000 CVE-2024-25064,0,0,e90e896eb449d7ccff000c59a6c6d8569d7a679ad8db09883eafe6b89f6c07ea,2024-03-04T22:43:15.337000 @@ -241616,7 +241638,7 @@ CVE-2024-25089,0,0,5efabd2c26974f37d1846cb1668b5b36df31dff51c549d5b8d4c512bfb0c7 CVE-2024-25091,0,0,01b357047b564e780ed13b7e87b2fb8ec79ae12ad4e744cc9437e3dc74a94964,2024-03-01T14:04:04.827000 CVE-2024-25093,0,0,c29d732f68144a1dd5d537415c8d51940073ac1e6ff114431aa6a52d78b263f0,2024-02-29T13:49:29.390000 CVE-2024-25094,0,0,6ba9f5c53aa4aac51446efc522144ae35e985d8a070a664685b43e0df39aa007,2024-02-29T13:49:29.390000 -CVE-2024-25096,0,0,a501381610ada5229a45c8d0a176a52dcbb0ce07747d1b41bb94b9415bf24702,2024-04-03T13:16:02.017000 +CVE-2024-25096,0,1,a590619975601371af0338107d6bc5956fc8370eaff3edc032a14da19b962d6f,2024-04-03T17:24:18.150000 CVE-2024-25097,0,0,3611107873761535a1eebacf76ff61b5dea6765240f13429484902af14526286,2024-03-13T18:15:58.530000 CVE-2024-25098,0,0,028b98ef9a2084a8173d1d38eecdc4136ac8af6138dca7ba8312806912dc26e0,2024-02-29T13:49:29.390000 CVE-2024-25099,0,0,02a4d0e182c31d1636be1b8bb70f3b551292fc264bca44262b4c213c2a120e6b,2024-03-13T18:15:58.530000 @@ -242322,8 +242344,8 @@ CVE-2024-26580,0,0,716bfe9e7477c84eaf394c6917d0ce79d82ccdb90bad82d0c89b019a7d1ce CVE-2024-26581,0,0,353f24559890ac7b3597bd26d99362ecbfd523a3ec7e2aa7e9d65e75d894e5ee,2024-02-23T09:15:22.563000 CVE-2024-26582,0,0,3ff5c496d753899c1fc1e8062e53c8f61453498de38167daf1346ce24125ba81,2024-03-15T13:56:41.843000 CVE-2024-26583,0,0,469df0658e18197ed0356dd7a5240250603137d767287de06ec0167d1ae18c2a,2024-03-15T13:05:03.220000 -CVE-2024-26584,0,1,d68a4d58b87753c0e1bb744e1a26295eea21086b2f2685b711c57bb3369e39c5,2024-04-03T14:15:15.613000 -CVE-2024-26585,0,1,f63f838d2bcdd8ae6d99da2fdbc37c9df617bc6a41e88fe22fa920d7915c1497,2024-04-03T14:15:15.853000 +CVE-2024-26584,0,0,d68a4d58b87753c0e1bb744e1a26295eea21086b2f2685b711c57bb3369e39c5,2024-04-03T14:15:15.613000 +CVE-2024-26585,0,0,f63f838d2bcdd8ae6d99da2fdbc37c9df617bc6a41e88fe22fa920d7915c1497,2024-04-03T14:15:15.853000 CVE-2024-26586,0,0,85e4fb034cd8f802fb7949a6edeb44e49e071e6e365162d8c01bd895923b7bfd,2024-03-18T18:12:44.400000 CVE-2024-26587,0,0,9404613a5d22d59f7b9830950f6da0789d954efb37d6d668289d4948436f8def,2024-03-18T18:09:54.027000 CVE-2024-26588,0,0,a12e329faae009d801e11973c8a72020a4a4a89d8da3b097e68d3f4be6ee8827,2024-03-18T18:02:15.647000 @@ -242380,8 +242402,8 @@ CVE-2024-26638,0,0,810693405d991f7ccd7a2a1a0260a34b1a9402f77c9d945d74efd33b7925e CVE-2024-26639,0,0,5ecaa163a6c77c6111bb006a53c43194195b6cfbe8535ad567a79569fc77c2b9,2024-03-18T12:38:25.490000 CVE-2024-26640,0,0,5cc6b5e042a5b441f74784080591c7d359381cd13aba12bdf63d6c89fc714c33,2024-03-18T12:38:25.490000 CVE-2024-26641,0,0,d0ed2cdfb0ff7417cb869a8d4b0f844e96cb33626fa12ef7a8d145f64e7e59f2,2024-03-18T12:38:25.490000 -CVE-2024-26642,0,1,71e4095a03007036b330826bde9436c408f23f15e0193634b741c378a8da394c,2024-04-03T14:15:16.193000 -CVE-2024-26643,0,1,40d5b21fa93f0e45e5fe0fc09804a952bf6a588bf8d8ff5b87a6deddf6f3b5f5,2024-04-03T14:15:16.370000 +CVE-2024-26642,0,0,71e4095a03007036b330826bde9436c408f23f15e0193634b741c378a8da394c,2024-04-03T14:15:16.193000 +CVE-2024-26643,0,0,40d5b21fa93f0e45e5fe0fc09804a952bf6a588bf8d8ff5b87a6deddf6f3b5f5,2024-04-03T14:15:16.370000 CVE-2024-26644,0,0,e5196539d0d7d2426b70f5c3d7b2262aa5f8e671e6361172395eb0ace801b5d7,2024-03-26T17:09:53.043000 CVE-2024-26645,0,0,fe3f1a6f358cce09c9a7d8315812702f5784843255df1b174247cd1e300a4c71,2024-03-26T17:09:53.043000 CVE-2024-26646,0,0,dccd3fb042f624b294392888bd78f3cb643c796b96f3f1a01e194aa7fd56d552,2024-03-27T12:29:41.530000 @@ -242391,11 +242413,11 @@ CVE-2024-26649,0,0,86aeb2fae965a4a5332ed6f99e853d97c707f8eddf2b6cb0afb03f1458efa CVE-2024-26650,0,0,a6462e36b1dd6f69ddd876eed038a048534eb12e06d7671796e4cb5890514076,2024-03-27T12:29:41.530000 CVE-2024-26651,0,0,664bc67b3020a550d402c968ae917bf5e5ca3e46c2b2c739e7380a7f1a9e1448,2024-04-03T04:15:11.563000 CVE-2024-26652,0,0,ccc590b218f45c6bb9fa7fed88041733bb926c9879d519c1ffc1f038a0a8e977,2024-03-27T15:49:41.437000 -CVE-2024-26653,0,1,d049a2565dfb8e2d40a03bd3cfe4e1ae5290c810bf6ab13cfbe1970fbbfbb37e,2024-04-03T14:15:16.520000 -CVE-2024-26654,0,1,742febfe3d710345a87b7b0fca0d3ad06b08437bfd376c32921d3f358d2d767a,2024-04-03T14:15:16.690000 -CVE-2024-26655,0,1,ac0b7c61eb26a3582ca4d638572b761a96d74326d8ddfef7479705aa04b577b6,2024-04-03T14:15:16.860000 -CVE-2024-26656,0,1,5337c8b618800d7ae076a65ae658288f2225d153cd5a33d44f7af43e0758d01a,2024-04-03T14:15:17 -CVE-2024-26657,0,1,5dc4a9c95210d3424ad527963550b1460b63acfba87b6d5e9086dc26cb8bd63d,2024-04-03T14:15:17.153000 +CVE-2024-26653,0,0,d049a2565dfb8e2d40a03bd3cfe4e1ae5290c810bf6ab13cfbe1970fbbfbb37e,2024-04-03T14:15:16.520000 +CVE-2024-26654,0,0,742febfe3d710345a87b7b0fca0d3ad06b08437bfd376c32921d3f358d2d767a,2024-04-03T14:15:16.690000 +CVE-2024-26655,0,0,ac0b7c61eb26a3582ca4d638572b761a96d74326d8ddfef7479705aa04b577b6,2024-04-03T14:15:16.860000 +CVE-2024-26656,0,0,5337c8b618800d7ae076a65ae658288f2225d153cd5a33d44f7af43e0758d01a,2024-04-03T14:15:17 +CVE-2024-26657,0,0,5dc4a9c95210d3424ad527963550b1460b63acfba87b6d5e9086dc26cb8bd63d,2024-04-03T14:15:17.153000 CVE-2024-26658,0,0,1013cf0b269e9d3559a1126cca40b69c8071575276ed3dd1757812dfad4c0199,2024-04-02T12:50:42.233000 CVE-2024-26659,0,0,9da56d86cd36627698f3029a2c5501b296124cd8c7d2b484b46f5f4c8dbd5a07,2024-04-02T12:50:42.233000 CVE-2024-26660,0,0,b1951297ec8036559699923c7fc2f6a4b545d195c3084904d1128a08b214c072,2024-04-02T12:50:42.233000 @@ -242424,57 +242446,107 @@ CVE-2024-26681,0,0,d0888cf223e3ff781851ac3c49fc20b7e9eb990bff5eb716a081ef52bec7a CVE-2024-26682,0,0,815bda0c2dbd75c0be714f55d4f47783146c4072cae1e67684474359c73535d9,2024-04-02T12:50:42.233000 CVE-2024-26683,0,0,6c5f44f4e0a996eee17bab8d16a07d09ac59770d962422611b733c6dc302bcad,2024-04-02T12:50:42.233000 CVE-2024-26684,0,0,8a54aaa18a77dc2662ce76183d24e3ad5d44d55136a6048d03ebfafcb9d4c252,2024-04-02T12:50:42.233000 -CVE-2024-26685,1,1,c36ca36f4136868c7237746c297a3f3b61bc4c0e92f97a2d0521d6063acc3d65,2024-04-03T15:15:52.210000 -CVE-2024-26686,1,1,7c2b9b237dd1f0e1f5e6e6d6fb08a0133f2a4a41f2a8f65f4639fafa13efa938,2024-04-03T15:15:52.263000 -CVE-2024-26687,1,1,0e0684ef721f2024adcc55dcd640663a32e83a1e39c0877300e1b34eaa3fbe04,2024-04-03T15:15:52.313000 -CVE-2024-26688,1,1,2f0cf6e29059d81e2774ed0f6cb464e20aaacb7cddb00c7a6b74bcec7d3ad8ea,2024-04-03T15:15:52.370000 -CVE-2024-26689,1,1,07433352f91be45fce02d917dde8f101a9354558f3e3ce1ffbb1ea844fa581f7,2024-04-03T15:15:52.427000 +CVE-2024-26685,0,1,82e77993f24387a510aaebe6d696d5d559b8e23adc07f52d5817dbafeff6c599,2024-04-03T17:24:18.150000 +CVE-2024-26686,0,1,1a03c8ca59974a02e1aa0d14da3d106cfde0f910774030d3742c3a4fb032e8db,2024-04-03T17:24:18.150000 +CVE-2024-26687,0,1,56d843a457cc8027274d97e12720d0b955dd3873096fb107c5739630c9e73e52,2024-04-03T17:24:18.150000 +CVE-2024-26688,0,1,fcdcd41ed2f593b6e86073d262bdb66bfb1d5c337c8c9c816a712648cffad86e,2024-04-03T17:24:18.150000 +CVE-2024-26689,0,1,da89c14de45ac019093ac94e3f7c7c54cc5a7d1e71cc567af318455021177d05,2024-04-03T17:24:18.150000 CVE-2024-2669,0,0,4f5a2d5969b59448109cf022193bd2b7c88dc7ffa7ca03caa723fb0f374642a3,2024-03-21T02:52:41.157000 -CVE-2024-26690,1,1,3902183eeddbfab170b1d9b27d7f7eee926edec2ef838a462a10dfca26ab6bf8,2024-04-03T15:15:52.487000 -CVE-2024-26691,1,1,29ded2db966f52e899f4761ce9a65ed1c8faf8a174950a78b8cbb85f71d02c9e,2024-04-03T15:15:52.550000 -CVE-2024-26692,1,1,fc9eda2402bfcf4e3c40c64ec2532c2ef6c1424a17694e9bfc4eaa6fbf4cde19,2024-04-03T15:15:52.610000 -CVE-2024-26693,1,1,b5545aae4daec00aee0dde313d51156ffe01a4854509eca385c2a9b9f021d06d,2024-04-03T15:15:52.667000 -CVE-2024-26694,1,1,f893e40654beea2d45e873da178b1d9072b817d5f34a88de4a7db6a11d173ec5,2024-04-03T15:15:52.717000 -CVE-2024-26695,1,1,eea4d36cf0d642e7d3558ac95fa91f00d7953f7ab5ecc618ae8d8fd14cebb118,2024-04-03T15:15:52.770000 -CVE-2024-26696,1,1,ef7de37710ec27d876be50ced9779901d93bbc2541fe7ae23f3ebe2fc75f1d10,2024-04-03T15:15:52.830000 -CVE-2024-26697,1,1,f0006c8fae4ceec91f4555d31bf709fb386760e880f3c74055b8fbb4b747ab4d,2024-04-03T15:15:52.880000 -CVE-2024-26698,1,1,2da742d44a54b48ea1b0eecf87f33111c8c09ac13354c402685352e21f4b74fb,2024-04-03T15:15:52.933000 -CVE-2024-26699,1,1,17ad217094ed845ba9689e541f8ab18ecaea5397236ad908f437e4f654982f06,2024-04-03T15:15:52.980000 +CVE-2024-26690,0,1,20b57eabf4f15e36c334c0ca59480deeaf7d333056a4ea8aad4419a978df5468,2024-04-03T17:24:18.150000 +CVE-2024-26691,0,1,ba6372c916c7ff1622fe33af3ce9c93c9fb1fcf990f92e6bbd299c599e4a5c2e,2024-04-03T17:24:18.150000 +CVE-2024-26692,0,1,80650d5a5e8bfc7e9200de1b3225306e1a676759cb3885a105d4f1b4ad788cd3,2024-04-03T17:24:18.150000 +CVE-2024-26693,0,1,d6e0729d43f8e064b3074c480acceb60a23ceefe2ccb8aeb139dec8cdd2c3cfc,2024-04-03T17:24:18.150000 +CVE-2024-26694,0,1,974d9f7846694df3cb397a9fd213f94564308499c3c746378d059397414846af,2024-04-03T17:24:18.150000 +CVE-2024-26695,0,1,9b74995a1a4ea9c3d234afebf69ecc6b86c63e4227b8685dbc3786b515e4aeb8,2024-04-03T17:24:18.150000 +CVE-2024-26696,0,1,0c56abf75205d35e5432d8275eada9d019725d4be558025e3d48757e3d194645,2024-04-03T17:24:18.150000 +CVE-2024-26697,0,1,b7f90285e569daa26e3899b9502d4aa7ec96892cff1ff3735d6d8bd5b21c90a9,2024-04-03T17:24:18.150000 +CVE-2024-26698,0,1,72c1dc12e7de1fff9847fdd648ae5774946d2a34ca5c9c3e54d625469479efae,2024-04-03T17:24:18.150000 +CVE-2024-26699,0,1,a0d96453808ff1ffe38a6999e4618a84e6eee74dc7d4e75cb761311699a7de61,2024-04-03T17:24:18.150000 CVE-2024-2670,0,0,51102bd696ec0a80433e00190a81242d0892d06afe5affb13dd51bd0c370ce65,2024-03-21T02:52:41.253000 -CVE-2024-26700,1,1,031dec200b70270aca3af9fb0396cb1fb2b30c5456ae1167d00e61781317043d,2024-04-03T15:15:53.030000 -CVE-2024-26702,1,1,0de17e598622fdefe03b3ca5fadbdb1514d6af13581e720613cafa9f777cc8f0,2024-04-03T15:15:53.087000 -CVE-2024-26703,1,1,5993e0b46fc105c34e91040fbcf981f6d4456c8dd0e0ec701cd8f428427d3334,2024-04-03T15:15:53.140000 -CVE-2024-26704,1,1,d3e56a6c2ac5b0abfe06e83302763ac23c16a226284315bcdc2cdc033f9fc987,2024-04-03T15:15:53.193000 -CVE-2024-26705,1,1,f8b2b110fb1162e48aea3328b9c6236d389c32fa862c42fd96c8475c5ee150bf,2024-04-03T15:15:53.243000 -CVE-2024-26706,1,1,f3bc4ca37496d753564a6c027f9518bd50dfd0d4dd386043f640be48b89c75a3,2024-04-03T15:15:53.293000 -CVE-2024-26707,1,1,6226bc0781cb4b63ec7997151098dcb55fae3d0a1724f76d0b2b57c4eb0ca946,2024-04-03T15:15:53.340000 -CVE-2024-26708,1,1,cc6d257f1676441b67ef27ca9d8b2476caa3cf7f96e800cbd0d470d78918c135,2024-04-03T15:15:53.390000 -CVE-2024-26709,1,1,3ec728ab9c7784b681004a0241657f83eddc8c310140faa52786d7b607cea9a6,2024-04-03T15:15:53.440000 +CVE-2024-26700,0,1,22386156bb9a842ab10b6f56c4616a7c3897f14fc90ae6397c760c77676a0446,2024-04-03T17:24:18.150000 +CVE-2024-26701,1,1,54fae0440f48d8146334d9fe143fef326beefc4d419b36d98c541549a8b51c01,2024-04-03T17:15:50.720000 +CVE-2024-26702,0,1,9e716f3c22d5016438232db45f2685fe727dd180dc3f6aecc43220ee36451d57,2024-04-03T17:24:18.150000 +CVE-2024-26703,0,1,cf1a1f46b94a73c5755fc921817415f12b4391359ce838ad58158dfcf4ec8f08,2024-04-03T17:24:18.150000 +CVE-2024-26704,0,1,254b0bbdf1235929ae04ee0afce46e2a9f7e0eacb20bf227384d02efb0670be1,2024-04-03T17:24:18.150000 +CVE-2024-26705,0,1,cb6cb232793603b6f9f8fc81f592f70694f9e8cb1a4f5080faa095e80854e33c,2024-04-03T17:24:18.150000 +CVE-2024-26706,0,1,73e5ed661aa0ef6c291ce964b51842ea6b75aef89721859a68243e48780675c1,2024-04-03T17:24:18.150000 +CVE-2024-26707,0,1,9650b72c12943ac9dda5b50b9465d848bed585b011864ef2d8088b24f0050fb9,2024-04-03T17:24:18.150000 +CVE-2024-26708,0,1,e6af69e1905ef01174c9581974cf02e5b05260f374d30a7cbe6ad215c2d7c91d,2024-04-03T17:24:18.150000 +CVE-2024-26709,0,1,b7dc83267bc8120cae8e4018ae343f60acbb11003406a1af4ffe0a8120d3d5cf,2024-04-03T17:24:18.150000 CVE-2024-2671,0,0,fed12512cf97fa3efd1f758fc5910f8d1b7c528221158e27cc18986800b968a9,2024-03-21T02:52:41.343000 -CVE-2024-26710,1,1,e3e29ff58aaa612ac6ff64b6446260ac4034f637fab5191d3c373f9d9997aea2,2024-04-03T15:15:53.487000 -CVE-2024-26711,1,1,e5eb375ae35c4e0370a656dfc129170fd2c9597beec4805f94b9d42d592c8aae,2024-04-03T15:15:53.540000 -CVE-2024-26712,1,1,ce89bed7437850c6bf635f5d05ca9ca8f8c0cf330bf1d4f771fe33ce84b6a2cf,2024-04-03T15:15:53.590000 -CVE-2024-26713,1,1,51d966d1484a22124487f320fb429a22a37d8cd91244074c2aaeea8e986da421,2024-04-03T15:15:53.647000 -CVE-2024-26714,1,1,6a744c15fdd9884d19026d3a4e779ffa5b7434416d697589f67d50e1457ca736,2024-04-03T15:15:53.700000 -CVE-2024-26715,1,1,779fcc02b8c10543782de604d8378038a8fcb6a9a40a45e3c29c5c3d8163ad65,2024-04-03T15:15:53.750000 -CVE-2024-26716,1,1,877cf334265cf8465014d1b38d674072c93ff00958165094ae4260a967b500cc,2024-04-03T15:15:53.800000 -CVE-2024-26717,1,1,7784373235ae4728da9534069799413c5bb96d91bb3dde094440d3d425d6af69,2024-04-03T15:15:53.850000 -CVE-2024-26718,1,1,63927ab2e6d10d693d6ba12a87b03a14059045acb11a966f59c6547a1b8f7d7c,2024-04-03T15:15:53.897000 -CVE-2024-26719,1,1,43d32e3cb316d4f7d7f7947c300c2f2ac4d4bc87f8a9b68999a5829f79f3e30c,2024-04-03T15:15:53.947000 +CVE-2024-26710,0,1,3e2ded4bb14136cde43f5ecb49656a8616e56f5bd0ddc34d7f05187d40fb5cbc,2024-04-03T17:24:18.150000 +CVE-2024-26711,0,1,fadef7be038b9d563927b4e17bd37038282607e2849ad59e9913848c82c6ae8c,2024-04-03T17:24:18.150000 +CVE-2024-26712,0,1,8416d6b85e454333a83f67f48afa2cc7b24b43f3de985520b66855ac67de80ac,2024-04-03T17:24:18.150000 +CVE-2024-26713,0,1,7135ed0b40058e7c07508aa855b1707b07d272a776a7213b6fd32d8f8a5a4e9e,2024-04-03T17:24:18.150000 +CVE-2024-26714,0,1,c36f496f0d1f4a0052a8ed581e9183251e294e169d1a32ba56954b8ea20a66e7,2024-04-03T17:24:18.150000 +CVE-2024-26715,0,1,af31e484be99be23e7673f9a142691382992d122de4af5ca0d2744b2cddc4f63,2024-04-03T17:24:18.150000 +CVE-2024-26716,0,1,7a7d0b74fd850081eca3b2096e0808d4319c7820476303f9085ad0ca786095b9,2024-04-03T17:24:18.150000 +CVE-2024-26717,0,1,f24e2663cebe4d0e4844b1c5581e453012f14bc26b3648cdd8ebd7e201155d8b,2024-04-03T17:24:18.150000 +CVE-2024-26718,0,1,a4adb72f7403a79ce2c7e175af4cfe25d56783b64ca9d9e61e2aae300c2a93ce,2024-04-03T17:24:18.150000 +CVE-2024-26719,0,1,862185b3acd54c3841b4955a262f4b85b6671822d8c825e73acf74d6f89f3278,2024-04-03T17:24:18.150000 CVE-2024-2672,0,0,2da86fc651bc03f651368581e7694edb9562cdb310c637162da24bed5ec47657,2024-03-21T02:52:41.420000 -CVE-2024-26720,1,1,5d93ba505d1d96624ba4e3f43afa7cf13ad645e5d8f69ee28423d6064c808621,2024-04-03T15:15:53.993000 -CVE-2024-26721,1,1,3acb99caf85d9cd324e71c65cb400de4ad6a542b2f755169bbe0cf1160d643cb,2024-04-03T15:15:54.043000 -CVE-2024-26722,1,1,cec5d522f41d94dc464c549121ecb9e5922534a751541e157acb171202469d2e,2024-04-03T15:15:54.090000 -CVE-2024-26723,1,1,f327301718df5c7141f167d8778fa9e6dbdcb40114ba7adfb144cb5655f3f892,2024-04-03T15:15:54.143000 -CVE-2024-26724,1,1,3d8bbece0c1840306e478c0861d162d4dbd289725ee98cd621260b96fa75fb56,2024-04-03T15:15:54.203000 -CVE-2024-26725,1,1,a1b7424dc37486bc6863ea05cc6fc5641a875a4bafb70947ff4aca4a274cb4f5,2024-04-03T15:15:54.257000 -CVE-2024-26726,1,1,bdb85cb8336360454026b14412a3731a8a84a8f9c8f0d0afecc02e8696301a08,2024-04-03T15:15:54.313000 -CVE-2024-26727,1,1,25bda1e3cf9dd5e39903a0c781d5237a03402bc5f992e435c62aac801b196573,2024-04-03T15:15:54.367000 +CVE-2024-26720,0,1,458d2a29d5d6406c4c8b8cc77b4d29bcb626751251eadad419751f3c05f199ec,2024-04-03T17:24:18.150000 +CVE-2024-26721,0,1,f470f39bdc51fb4c82b82cd9e48d5d1328495efa00c7cf9183b44fde115a0141,2024-04-03T17:24:18.150000 +CVE-2024-26722,0,1,68433161352368f7ee8c7ace4abbfe5eff1c117272df55744f8809ed406989e7,2024-04-03T17:24:18.150000 +CVE-2024-26723,0,1,580b157c95a25cc48fdda58e67cfc7784f3977d540dfcd84500717f6a36fb110,2024-04-03T17:24:18.150000 +CVE-2024-26724,0,1,55907409fc7dc3996c8da36d55cad307c3faa284517afa7d0dd23010e53aacfe,2024-04-03T17:24:18.150000 +CVE-2024-26725,0,1,456e85236b9eea78f8fb239762710fb5fa163bb6e44a2e4cdc832a19bd07ac38,2024-04-03T17:24:18.150000 +CVE-2024-26726,0,1,464682ab66860937105be21612a0d3fc41dc09a9e502d541821115ad4ad28629,2024-04-03T17:24:18.150000 +CVE-2024-26727,0,1,ff5551203a83231ca051e51b68b2cb279cf7104a988250e27e98bf5be79086b6,2024-04-03T17:24:18.150000 +CVE-2024-26728,1,1,7bfc38fe8a7926a6099278238c6cc875cb7f2cfe32fc67ba3853ededb2794463,2024-04-03T17:24:18.150000 +CVE-2024-26729,1,1,1847120d7759cf91885d94b03ea58cb35ef7b94389c7ab4ec87e09db873a463f,2024-04-03T17:24:18.150000 CVE-2024-2673,0,0,02c7815146b5a3acb280ba90466cd71222f5ed95ea4203973a7ebbfdbd52db01,2024-03-21T02:52:41.500000 +CVE-2024-26730,1,1,b498ebd2400ac2f7b278e5150dd7dee160b98fd47ce304c3844354dfed8c2d7d,2024-04-03T17:24:18.150000 +CVE-2024-26731,1,1,c7c35f146ad97a55423279abeee1a42a4ae2ae9318e219b457a8117158ecfa7a,2024-04-03T17:24:18.150000 +CVE-2024-26732,1,1,73664c7fd2498f36bd510492fe6fa3f77d690468b31502b96b7ed50dceebb2a1,2024-04-03T17:24:18.150000 +CVE-2024-26733,1,1,cc2ad6f3be7f243dc7859131874da47b1b3853c9e7ef8daf373d0654588ea659,2024-04-03T17:24:18.150000 +CVE-2024-26734,1,1,b45357eff7346a7905fea46508bd01dc1931dff43f12a3c2713ab04bcd33dbec,2024-04-03T17:24:18.150000 +CVE-2024-26735,1,1,4aef2e2b5b54f1a1b9e3c3184daa6972bc946548a7ee1aa94e07bf044872bcb8,2024-04-03T17:24:18.150000 +CVE-2024-26736,1,1,f62f701806dee7fa258ae5f8641320c8630273573eb9f754581de0647cb0c4a1,2024-04-03T17:24:18.150000 +CVE-2024-26737,1,1,2e14ae0c3f17ac254dd8d56e177bdca087855a59abeb13ea3ef5e637a77adf0b,2024-04-03T17:24:18.150000 +CVE-2024-26738,1,1,366c842b9093eca7751dad0c46ccd3e513a97b4ea81c9b1b436dfd6a0e81dfad,2024-04-03T17:24:18.150000 +CVE-2024-26739,1,1,a4df3f4973ece5b50694330cfe5a72cf814d51aa4fcfe7c2273f88bb9c360f8f,2024-04-03T17:24:18.150000 CVE-2024-2674,0,0,81482ed52b55f09c63e731886ccd00277c35fcbb5fcdc0ea469830544258aabf,2024-03-21T02:52:41.583000 +CVE-2024-26740,1,1,3cd2ba5cd82a24ab215ea3eff5cbdaa5e5a2e7e9bf9aef1dedad40f900cacbdd,2024-04-03T17:24:18.150000 +CVE-2024-26741,1,1,b6846f2eb8e4ec61bc17162372d64c40658f76fe363d22840388a609ac7c2c84,2024-04-03T17:24:18.150000 +CVE-2024-26742,1,1,bb3c058ea4a330b7fd69229d328ad1d98b34cbfa137b51bde4d3d453e12ec68e,2024-04-03T17:24:18.150000 +CVE-2024-26743,1,1,6f9cd5ad76824694c268fc1ca50244aa1527177a938fd2925a9d9e64c07b8784,2024-04-03T17:24:18.150000 +CVE-2024-26744,1,1,973aff0596bde5edb769d9e03a3a3ba6f46c64909ba6a4b793ada4048fe2270a,2024-04-03T17:24:18.150000 +CVE-2024-26747,1,1,40cc0e87cff6d495aa444ab53805bdbecbdd44cbdcc49d92d54952f70cb8cce8,2024-04-03T17:24:18.150000 +CVE-2024-26748,1,1,2a11bbd005fa54586741565a1111d48a767d5de2bf0590723c01b6fff9b96a58,2024-04-03T17:24:18.150000 +CVE-2024-26749,1,1,a203e804e05bc7f795d30252eb7f94ea77c74ec5e8cf9604e0dd5c1e752c9305,2024-04-03T17:24:18.150000 CVE-2024-2675,0,0,141d2f9c3ed998ec5fc7c1be9fb79ee859e57c1fe9eb4586fae21651720e0444,2024-03-21T02:52:41.660000 +CVE-2024-26751,1,1,f4724937a1dd0ad7aae35b0de8bae0430f7e02378589604bad058934b22c5d1f,2024-04-03T17:24:18.150000 +CVE-2024-26752,1,1,db382e8ebf737bd07ce7b04ee460325d3120ac157e4a3bc0fa25db5d02042eee,2024-04-03T17:24:18.150000 +CVE-2024-26753,1,1,5ea269de011ddc747beeb3cc9a66f9e855ce5949843f88698449aa371d418923,2024-04-03T17:24:18.150000 +CVE-2024-26754,1,1,5233818fc60a4ad67417a5ab88dbefec8188f5286b33ab66db2951f488d0fd6c,2024-04-03T17:24:18.150000 +CVE-2024-26755,1,1,f852a434dc9241b15534c2e8a454f6075bf19a1f380f65bf8f1c10f33b541067,2024-04-03T17:24:18.150000 +CVE-2024-26756,1,1,7384d433a2e223c7b158d967d5e8b47bed6066892b65c82b67590039a51d2dd3,2024-04-03T17:24:18.150000 +CVE-2024-26757,1,1,a3076412eeec94c6f84d762117d0fa89f7af9fc04af8a537f27b66f844e8b253,2024-04-03T17:24:18.150000 +CVE-2024-26758,1,1,0fde5d2ebca7a950720630fbf2ca5065e7e82cbb73489782258b8e389c31c4c1,2024-04-03T17:24:18.150000 +CVE-2024-26759,1,1,4a0f3178ad73aae20bcc8c29cf2d64baa6235045aa17e1d4f10bc4810489b9bb,2024-04-03T17:24:18.150000 CVE-2024-2676,0,0,4a6679b164634bd18bb1f160abdbd0229026dfb1d193cb3179756486ad40fb1b,2024-03-21T02:52:41.747000 +CVE-2024-26760,1,1,b10106208cd15761fe5a5556ecb43751d7abce13070ec6a5645a06807ed71a95,2024-04-03T17:24:18.150000 +CVE-2024-26761,1,1,835f6ffc9a5d9f51b60a45f5c04b2ff42406036e8d92e2b36116d38276389ab8,2024-04-03T17:24:18.150000 +CVE-2024-26762,1,1,51bf192e80231897bfdc09ae0b3a1a0ba4523d8f39fd3fbb3ee97fa72ffecb88,2024-04-03T17:24:18.150000 +CVE-2024-26763,1,1,7d6233302565c143652b3852ea74f343314e53e123192e797a7c2f48b6031c04,2024-04-03T17:24:18.150000 +CVE-2024-26764,1,1,37b352ce2544b65883c7e3034dc36150c54301f38c6d4ac96a79a4c3949a1f15,2024-04-03T17:24:18.150000 +CVE-2024-26765,1,1,53aa70880d04b71db17ac9fb6880477d7a11ab9c31388e9dbd7358780bcbc353,2024-04-03T17:24:18.150000 +CVE-2024-26766,1,1,b95640740eb514e6a9cd0a03dad1a5b7a6bad71b95616134017f44ef75fbb30a,2024-04-03T17:24:18.150000 +CVE-2024-26767,1,1,4141bd8888828d7d4e5d32e43942e3f7c36dc3b2d1c93857980293b90286a944,2024-04-03T17:24:18.150000 +CVE-2024-26768,1,1,01b98370293da2e07c50a4f8a4f15718cd03ed5b7202cc009265802076abdb4a,2024-04-03T17:24:18.150000 +CVE-2024-26769,1,1,1e23a4d5132d289c170eb689901a7ac1548c9107c2f25d8188242163a1688cce,2024-04-03T17:24:18.150000 CVE-2024-2677,0,0,51c68891e8830e4ca8b30e804a8e74ffd8413d1f71cea2fbd86e5d1a25867c3a,2024-03-21T02:52:41.820000 +CVE-2024-26770,1,1,249df945abdb3a1bd3c203807f8bc22c837ee97d56169bf7dcb772e711110506,2024-04-03T17:24:18.150000 +CVE-2024-26771,1,1,9bf4021e8ca09ff86f252db66cd87024837b110fcb6913d83745f5beb399cd35,2024-04-03T17:24:18.150000 +CVE-2024-26772,1,1,01e293e6193685ebc3e197f976f69ecd4156e93cf585f9907b95c2d765f2df98,2024-04-03T17:24:18.150000 +CVE-2024-26773,1,1,c75a75f5a8df809bd41822c20b544219d99d3cc19e1b3174ce4eae5a1bcfb5ba,2024-04-03T17:24:18.150000 +CVE-2024-26774,1,1,329b85af012bed98352b62df2dfb99a7e198bda680f10c75724c1d13a0523809,2024-04-03T17:24:18.150000 +CVE-2024-26775,1,1,4fa4c5765e3586a338fe5bb887d53868126af0a75b485eb01b7be898889287de,2024-04-03T17:24:18.150000 +CVE-2024-26776,1,1,07684af8123cc0bd0cc413fe5f7ba4721e62e89a5c4fcb121c542c9ba670d446,2024-04-03T17:24:18.150000 +CVE-2024-26777,1,1,d8cddd0630d712ce0b46dc322f1b63ff24c526bd61a9b25369efd1f0ff4fd61b,2024-04-03T17:24:18.150000 +CVE-2024-26778,1,1,d8db76ee4317a56d21afdb1ee67f1fba21509257b6d8bfce6746c3448ec1343e,2024-04-03T17:24:18.150000 +CVE-2024-26779,1,1,fae79b8e42a9dcd83ce47196c8171aa9f1d4d510f29b7fae8d481beef0c0b918,2024-04-03T17:24:18.150000 CVE-2024-2678,0,0,56d7cd485d9e9f9f8ced8e8fe3f8b0cc520dd041e85210b695648cf25d2b02b9,2024-03-21T02:52:41.900000 CVE-2024-2679,0,0,3b020b0e251b54497ded9cc9b1183b7e2fd7cd1f76e724eda109246dd455e485,2024-03-21T02:52:41.977000 CVE-2024-2680,0,0,5ec6becfc3b2f4328e4c402134070d4396cbeb826bddfaadc3debd1c289358aa,2024-03-21T02:52:42.053000 @@ -242546,7 +242618,7 @@ CVE-2024-27197,0,0,78aca5045460ef7da4ea40b21e3ad45b2151c6d7e43b2c297841492788bc4 CVE-2024-27198,0,0,e4259fe3d4611134ab5dfb0d4f88f5b563c21b8238f30b4253811838ad004753,2024-03-11T15:15:47.483000 CVE-2024-27199,0,0,3dd3bfb58b796a8c7735f0a6f342852f32998fc13795786d35eb3d4375df0417,2024-03-11T15:15:47.663000 CVE-2024-2720,0,0,eb10a25c2acbdf6ea38b15c05249a78381584758b82c10dc686eff70def0e785,2024-03-21T12:58:51.093000 -CVE-2024-27201,1,1,a5ca5af71c8baf146f228355e8c8364d1f0456bb1cfaa6ab50ae388dd144094b,2024-04-03T15:15:54.413000 +CVE-2024-27201,0,1,828a6009bcf3d228113713f97e7bdee329c6ae9b0f5e7cf3a7b5299b7e6b842e,2024-04-03T17:24:18.150000 CVE-2024-27204,0,0,2f9f2ac2078c33addc2c698f165f7aff9339fcf3fa26f2cdd29a6de3328c8c2a,2024-03-12T12:40:13.500000 CVE-2024-27205,0,0,52855ef1396675bf7ce515be434e694f795d99891e26fffa6e36d6a889b1c72f,2024-03-15T20:15:08.703000 CVE-2024-27206,0,0,7a39e0c9f0f47b5a6e43427d7518d5d862cb34ba539b01bd0717056c4e6dcf42,2024-03-15T20:15:08.743000 @@ -242581,7 +242653,7 @@ CVE-2024-27236,0,0,050a1052e26047f2e5d0b58d8351e3e856ec1c52f1b2daf95f02084addfb0 CVE-2024-27237,0,0,952387726c7567ea2371af0e500cab297b027867a108431eaa82a39745a31338,2024-03-12T12:40:13.500000 CVE-2024-2724,0,0,890ae7d14540888ae4d0300e6c3327b78b165387c35f98da98215dff4a44bb25,2024-03-22T15:34:43.663000 CVE-2024-2725,0,0,7cb31ae5832528a9cc7de2e461a09450be9145e26468abe7975abc97f0008d6e,2024-03-22T15:34:43.663000 -CVE-2024-27254,0,0,a0bd76be660e25bb457e2810063b8be0c7f283d959df6e0620ec741a1dd3de4c,2024-04-03T13:16:02.220000 +CVE-2024-27254,0,1,69c8fdc80fa887dbfc9ae678f27ed3150e02181ed69c3b986051eaea50d912a9,2024-04-03T17:24:18.150000 CVE-2024-27255,0,0,07d4523d50b3b6ceec1ed85c31e8859376bfd63a9732f2f4d2cf6e5b4c34b76b,2024-03-04T13:58:23.447000 CVE-2024-2726,0,0,670b2be162ea05000bb5b040a32b1dee9c94eee7d1b48ed8e7d2e78e98ae50a2,2024-03-22T15:34:43.663000 CVE-2024-27265,0,0,caf2cbef481f9d0206d06f75a38ca052c5291ba0582e91875cea8f52e6d86a34,2024-03-19T16:52:02.767000 @@ -242633,6 +242705,18 @@ CVE-2024-27331,0,0,7b171b1822af62ae391382afd558518e8ab2a41c8bbe77bcbbee6e44dcdee CVE-2024-27332,0,0,cc2b240deaa7cd93099f9d5b5a51c78c92a7ba0504231e3c4f9e1406904f7566,2024-04-02T12:50:42.233000 CVE-2024-27333,0,0,96681cdcdff8595ac4117b91316754fb9fb08b74942e3ca21d9d615bedbc2adc,2024-04-02T12:50:42.233000 CVE-2024-27334,0,0,5a1b5bd4ed946669e45da5f12e7bccdfe88aa70ed4baa000bd49431f4a8f8b99,2024-04-02T12:50:42.233000 +CVE-2024-27335,1,1,421b464eb9dd1c2e03fcc20c652461fec5c533df7d3e2ffdf0c7d0a8d6fd0eee,2024-04-03T17:24:18.150000 +CVE-2024-27336,1,1,ee4900e96ac5d637be28b271bbeb180d062387d44041b7886c28fb9a984d8a12,2024-04-03T17:24:18.150000 +CVE-2024-27337,1,1,389a290067863ffd000aae73641f32150f8434f2271f9eed42e60ac5a9d57e17,2024-04-03T17:24:18.150000 +CVE-2024-27338,1,1,a0112158c601ace1ede2b65de92fcc38c3109b84807cab83ea37741f6a48d38d,2024-04-03T17:24:18.150000 +CVE-2024-27339,1,1,5d2f93a921200d9e8745a25c76214b50f1ea006339b09c2ea74cb61cd1fbea88,2024-04-03T17:24:18.150000 +CVE-2024-27340,1,1,2782fdb696ac16cefad7a19ad4f7d32847727f54750a89d0702899e5e8404a34,2024-04-03T17:24:18.150000 +CVE-2024-27341,1,1,2c2a4795b574f3c42e2a0756ce83f4f2ffce2002279cdd34d90ca13a51564f0a,2024-04-03T17:24:18.150000 +CVE-2024-27342,1,1,8fe16d5f2991a7c0c8901d08d8c1635be70f91fdc31294ea3fee0f2f79f00d99,2024-04-03T17:24:18.150000 +CVE-2024-27343,1,1,80936e4b8aeaa5aacc468ca4ecf6c2be2fba3c5afdae3a5a934cb7b7363aac96,2024-04-03T17:24:18.150000 +CVE-2024-27344,1,1,1331d8626168b3495dd0a31e938dd13bdc5431845ff1a2667957130bd3c27ddd,2024-04-03T17:24:18.150000 +CVE-2024-27345,1,1,4d5209363b62581bb5c0b8ccfc01d98bbe95721ff666b4a71f9474dc4bd82948,2024-04-03T17:24:18.150000 +CVE-2024-27346,1,1,bcd6a5a3ce52ea20f74e9dfd89f0bf7105dda041a550554d07264061e3cc7974,2024-04-03T17:24:18.150000 CVE-2024-27350,0,0,dcd7c665f1de1305fedd66ae5b35ce18719811fd40fe202fcd475df4fa80bd9e,2024-02-26T16:32:25.577000 CVE-2024-27351,0,0,9ef8a308959f28d0bb06c89a90ca762d77a1bb29a4b6da70783cd634bdafb7aa,2024-03-17T22:38:29.433000 CVE-2024-27354,0,0,6669ef56de2629d6bd7a6c54cb75c8f6e454c14fc2065829ff46305d945b1196,2024-03-21T02:52:19.927000 @@ -242696,6 +242780,8 @@ CVE-2024-27661,0,0,86da8e187830fd36888e5a846b7303cd63252f868f903b0bf7eaad6fbe1ac CVE-2024-27662,0,0,3251284bf234434361d463758a344d1bc61b65e736c70ed013176b4fc1a3abef,2024-03-01T14:04:26.010000 CVE-2024-27668,0,0,255f8ec9db75a1b2656a5d8885c3aab9aaa34449ee65d35c3a707a7e7b8d15ff,2024-03-04T15:35:25.673000 CVE-2024-2767,0,0,c4f3ef33c6b0b7a202adc2b08ccea44fddb6b9f4eb3379b56c5325411f48ac13,2024-03-22T12:45:36.130000 +CVE-2024-27673,1,1,21c37c3b345d49a8525208ae1b1f076696d069d35649f7159ee135fb7877d68e,2024-04-03T16:15:07.173000 +CVE-2024-27674,1,1,f37db1adc3fbc765efcac4dc73529771ceb0fb930b93609efbb1af993f1105a0,2024-04-03T17:24:18.150000 CVE-2024-2768,0,0,a0d8649edade3cea62cd589aa7d89c8b541c4231222b07201942aa597a0c6f25,2024-03-22T12:45:36.130000 CVE-2024-27680,0,0,96c9e2b516bb3c42b6c5a857a748e4b2bf1f8d01976f5c4ab9824d25b192009b,2024-03-04T15:35:25.673000 CVE-2024-27684,0,0,265733b871b65fcd052263479536d66d42340f95cd723628ecb5857c3bcfe5a9,2024-03-04T15:35:25.673000 @@ -242954,7 +243040,7 @@ CVE-2024-28254,0,0,ba6384e5d24a90ea0036dcbe7f89cd48d629aea12c2d3808708fa9f619d07 CVE-2024-28255,0,0,abc37b2c1df4d41f872020a3754e2ae86c707a3247848b9d32abc1bd5f67bb13,2024-03-17T22:38:29.433000 CVE-2024-2826,0,0,1d93b91609afdc8cde3f5ecc45472a564308e5f462238793e621360ebc7e6e2d,2024-03-25T01:51:01.223000 CVE-2024-2827,0,0,dfdf8cf189fc6f162d882c6851315350232a4ff93bfc1499f4ef207025e889fe,2024-03-25T01:51:01.223000 -CVE-2024-28275,1,1,cdd1da87b72185d93a0288f87634d98e98c9b47a07841e837ddd242464f14236,2024-04-03T15:15:54.490000 +CVE-2024-28275,0,1,69c155cf3fbe4a69b865e19265c4070b3c6a65d61013d6dfc4170dd07ac05180,2024-04-03T17:24:18.150000 CVE-2024-2828,0,0,3207b9b6338469802274c5e9e9fd6ddcd26ec8d2629100ed3caf35752f6b6a3b,2024-03-25T01:51:01.223000 CVE-2024-28283,0,0,39f85b2f17c0fe895d0bdb32702da6d7a9c62274d2c91228b15f8ef37a4f9826,2024-03-20T13:00:16.367000 CVE-2024-28286,0,0,0c649cd6694a1837fe5561b872f74550eafab1ff52e9c04655d5ad406a1d7e85,2024-03-21T12:58:51.093000 @@ -243567,6 +243653,19 @@ CVE-2024-30245,0,0,69f8d0e8e9820bbde2e6705ffa51df6c4056c193c50f3f74b4878ddc0c173 CVE-2024-30246,0,0,491c8e2c4543911d193547ad3a12e1f3a35c8b83c234dd293b662e1fad02533c,2024-04-01T01:12:59.077000 CVE-2024-30247,0,0,17cc965a0b029d9272a0f5015c16eff346ab6d0b38ece20a3e3095775d548462,2024-04-01T01:12:59.077000 CVE-2024-30248,0,0,25c63ea78319bc00f7f00382fd630bb3eaff4535f4e416eeeceadc0cb646cca2,2024-04-02T18:12:16.283000 +CVE-2024-30322,1,1,64e521cd60b942f55f264dd1b34a0063ca35d4db4eef121c1f7bc208aac4f7ab,2024-04-03T17:24:18.150000 +CVE-2024-30323,1,1,e32fdd05c5f30f68cf1412b7e36fda0cb57a7690cef1889aa844a8506beb3ac4,2024-04-03T17:24:18.150000 +CVE-2024-30324,1,1,527c6e011dbcb72aeaa94e91760184a03f584736345d9e33e4037380190847ac,2024-04-03T17:24:18.150000 +CVE-2024-30325,1,1,8a92f68572d17a140e50b04eca3254fa74ffe417eeeb0b2681690e73da7f1a4e,2024-04-03T17:24:18.150000 +CVE-2024-30326,1,1,02c64556257b9b44a988e29795414669dbaac904dba587aa919a00b3e1b3dbe8,2024-04-03T17:24:18.150000 +CVE-2024-30327,1,1,a3629a387769d0976f87ea86bd092b13844a3c2f495d56c4dfb3e1525f3eb030,2024-04-03T17:24:18.150000 +CVE-2024-30328,1,1,03beea2b9c9186c24590aceda3b5a636effed46d061d88f4d45b2160dddf9573,2024-04-03T17:24:18.150000 +CVE-2024-30329,1,1,389c9dd891bced61b3573f1d85ebda3681710d47a349ddae71d416252d5c9d3d,2024-04-03T17:24:18.150000 +CVE-2024-30330,1,1,3e3f1dedd7a260522dccd7b9a2c7d0869d62831576dc7dcf33e36b5076e1dda0,2024-04-03T17:24:18.150000 +CVE-2024-30331,1,1,6adad9e769629da2717665e8475e94ff7f9ab4d2175d70498d6a366ef386f642,2024-04-03T17:24:18.150000 +CVE-2024-30332,1,1,b862a78d8a6d29be4b30107b15a78d5c97007be077f72b5c20fc5f7e3b0dbe3b,2024-04-03T17:24:18.150000 +CVE-2024-30333,1,1,bbdbc2bef493de09c1f09148a1d7f29243c04defb6caf5df4a759c1be9baed54,2024-04-03T17:24:18.150000 +CVE-2024-30334,1,1,60e0e04037b3f1a31bb9c5480e2dae592069d396718e4371c508e85a3cbe250c,2024-04-03T17:24:18.150000 CVE-2024-30335,0,0,17c9269eb233274e9f6c4bb4781e703be788d742916b3dc143044147f825bd70,2024-04-02T20:31:58.463000 CVE-2024-30336,0,0,064af79108201f65bd7be7aea5afb3644572ac2a9d7a72985f75aa8e285e76bb,2024-04-02T20:31:58.463000 CVE-2024-30337,0,0,f872f6b119b92011950ca932a840a3538bca038bcfd6c04da086b6905d76f024,2024-04-02T20:31:58.463000 @@ -243598,6 +243697,7 @@ CVE-2024-30362,0,0,35aafb2836e5f8e5924ff39a2464f965c35f7dc3efb76e15b7b7082bb4cf3 CVE-2024-30363,0,0,486d64804c1de5e8bb428f2000e75f33f32d44204e917e98f16ea5b43bd64847,2024-04-03T12:38:04.840000 CVE-2024-30364,0,0,510899e3ecba71d096b404b02c98b4b3e3d0afcbd2457b7d4336fb6c1da0be73,2024-04-03T12:38:04.840000 CVE-2024-30365,0,0,8d8a5efd96412c7324fe23e0515deeca0b6ea605ee15bf7de07d85db987cca0f,2024-04-03T12:38:04.840000 +CVE-2024-30366,1,1,8bf68888a475f182b7375251eecc34fe58823534b4d871543c35a22d88deb044,2024-04-03T17:24:18.150000 CVE-2024-30367,0,0,a902af43f2971ddd47d7eebd60d52a9673dc37a2dcdcf1f5ecafc349085ea3e6,2024-04-03T12:38:04.840000 CVE-2024-30370,0,0,0b843daff5c28582cf7b13f2850b1d8c607c4ae5b045b88facad224f99e19e5b,2024-04-03T12:38:04.840000 CVE-2024-30371,0,0,b1d655f20dce1a124d87b962baf334d2a249a3ceff7f094651f12c5849e1f6ee,2024-04-03T12:38:04.840000 @@ -243706,11 +243806,11 @@ CVE-2024-30557,0,0,d7ce80b7f514a588122360a1f5c7eb0e9d404422a86a2baf0f50cda830cd3 CVE-2024-30558,0,0,316bd1105795de2fd275943651925f37b5b583b6c7f2661f419ea96f6a9cb3e3,2024-04-01T01:12:59.077000 CVE-2024-30559,0,0,f8ff76c4b16936e5dab4a8e27b62011f38d8de1b5fa8e1b44dbcce666b46665a,2024-04-01T01:12:59.077000 CVE-2024-30561,0,0,60da1cbf317b304915e9076fb22281ec294c91ddc5ed997ca9114e07c21539f0,2024-04-01T01:12:59.077000 -CVE-2024-30568,0,0,c1880c20bb23ec4792d88fbb2a6c8dcc3119a807f46104b657991a2ac713fc33,2024-04-03T13:16:02.443000 -CVE-2024-30569,0,0,23164113b89c0382baa728aaea671f86b34c3d702de9b152235d7ce1dbffe85d,2024-04-03T13:16:02.503000 -CVE-2024-30570,0,0,18b05d8e8572d736cfe250154a2c9d24c0e4ccd3ffc3e110a960d854c0786e6b,2024-04-03T13:16:02.563000 -CVE-2024-30571,0,0,0378dccc43b51f3d231cf4fa0071dd28bc804611f22a89a9e90c27451fa45f5a,2024-04-03T13:16:02.620000 -CVE-2024-30572,0,0,aada8a4ab69718fa1b192e1c189265c054bddcf0b09d64bc75803efbc6a4a095,2024-04-03T13:16:02.680000 +CVE-2024-30568,0,1,f6f1134376f6a833dac65c1f0ffd0c185817f9baecb73cbacf75c77c107df9b4,2024-04-03T17:24:18.150000 +CVE-2024-30569,0,1,965cc263f467ee2477a900a599911bb53bef840a7217e032defc2f4ddec1bc60,2024-04-03T17:24:18.150000 +CVE-2024-30570,0,1,0d3c4f838aefc300e89464d6f5f2b76674f6fb8964d8502ff739be2a3072a1fd,2024-04-03T17:24:18.150000 +CVE-2024-30571,0,1,fb189db7ed910fcbfbf963b18564fa9366c192917bf6c488af5f83b713bca480,2024-04-03T17:24:18.150000 +CVE-2024-30572,0,1,ba62c09e9b810482355627fbdf99beda0002d63d49958c4ad9b64842e16f6197,2024-04-03T17:24:18.150000 CVE-2024-30583,0,0,90e06b2d765278ac0f3bc4028344fdf483d30ea530d1cc273b94886fa84d52bd,2024-03-28T16:07:30.893000 CVE-2024-30584,0,0,35ddda2305ed50d97f06df7df7b733486405aa80385b935162c6180d1fe62320,2024-03-28T16:07:30.893000 CVE-2024-30585,0,0,7e78a86bcf687f746816842e948af254246fdc173fd94674915f1ec2e6a3c749,2024-03-28T16:07:30.893000 @@ -243862,11 +243962,13 @@ CVE-2024-3138,0,0,b2250a42d544b358de2555f1c668a77223939f10414766861d02ac21eac35b CVE-2024-31380,0,0,1a4e1f7b831e38df9b9543e60ce27d39c5119a0884381124bc60265b99a20aa8,2024-04-03T12:38:04.840000 CVE-2024-3139,0,0,ea53ec9a6dc1c2a719d7c48bab67da65c2ac8a1d444e99171b341666ca5377cf,2024-04-02T12:50:42.233000 CVE-2024-31390,0,0,b4e9fc961de919e72175f3311bf8b0d63373bf3d5ee822252b4b654a4846db50,2024-04-03T12:38:04.840000 +CVE-2024-31392,1,1,a1d99cde3f3dea50100e554c8ed3690db7a14123d76699db8f99e17733bd37aa,2024-04-03T17:24:18.150000 +CVE-2024-31393,1,1,9eb7ea902e8d5fc847f3a9447567950b200d6dcb5c89c6f5a916e1957bc7a512,2024-04-03T17:24:18.150000 CVE-2024-3140,0,0,4a4571ebf0c853d6a035886d12ee1aa0de7c52d00b7e897dcd0cf868acaf4ead,2024-04-02T12:50:42.233000 CVE-2024-3141,0,0,ce62be676a9f576284382f942b9c0316c626e7082a6cbe792c5dce19baf816e8,2024-04-03T11:15:45.800000 -CVE-2024-31419,1,1,f07bfeda8a3ff02bc8be2cd1c53c7c05e64c3a23bb565d1d04c597b7e7327f11,2024-04-03T14:15:17.787000 +CVE-2024-31419,0,1,413da81bf7a7a5ebe2e617454f4042d9ba19ad8329104b2870478c02ff00df2d,2024-04-03T17:24:18.150000 CVE-2024-3142,0,0,59bb44b33a795c38abca6f63ff6fcf122a126c2c3f877441166eb833a7bd6786,2024-04-03T11:15:45.993000 -CVE-2024-31420,1,1,178c8130af4c5d71b547f9fd286c33ecb3003581e34aaa04b7473645cdc9cec7,2024-04-03T14:15:18.310000 +CVE-2024-31420,0,1,a9813c76c1646ba01e834a08e54918c852c142483315ef6c532422c0c88f7916,2024-04-03T17:24:18.150000 CVE-2024-3143,0,0,adef6ddf8aed4b85f5b9ec5c41837e0ea05c8056f77fa6600789550fcc865a57,2024-04-02T12:50:42.233000 CVE-2024-3144,0,0,0d76c2330ba298defd0f1b4b8583f5577295a22c7482e9267c8cbbe09aa0eb3a,2024-04-02T12:50:42.233000 CVE-2024-3145,0,0,910eeb7fc8d864d7945418c0e4535b894388c19da07aa9b0f359cad540d76837,2024-04-02T12:50:42.233000 @@ -243899,7 +244001,7 @@ CVE-2024-3252,0,0,aa2e5a3beeb53d70ad7f51b4bbc1915ec41533b4a644198bc020755253bede CVE-2024-3253,0,0,0972236c1835b9f5b2c1ab54b3987e593351bdd4ff986c80c53132587f0059fc,2024-04-03T12:38:04.840000 CVE-2024-3254,0,0,854c687aaabf8bf91229d5dee06e1f8110fe8d98d15afe9f4ad67450b6cecf41,2024-04-03T12:38:04.840000 CVE-2024-3255,0,0,bd5bd4cdd01653b8a07d932f79727f171443054afc527b2297174d92120314df,2024-04-03T12:38:04.840000 -CVE-2024-3256,0,0,2a40af9f430269463bc81be879d77884382b7d476ba20e48ec3fbc010a876fba,2024-04-03T13:16:02.740000 -CVE-2024-3257,0,0,52095fc15c9a0c77a941584a416d4e18c77a59b100cdd84ed585707c3b7496ee,2024-04-03T13:16:03.020000 -CVE-2024-3258,0,0,791178381568249aa1eba11446e049d3d25a22c9cf90906d16a3a21a2f9a6fa4,2024-04-03T13:16:03.310000 -CVE-2024-3259,1,1,171c52825722b785d1fc8dd3b6935bc90d6b8730cc21ec6eee6fde18b9fdda3d,2024-04-03T14:15:18.797000 +CVE-2024-3256,0,1,cdbc8da89f88fff280ac996c84840ad1bfb46f09c88b5b4dd62301b05f0c4106,2024-04-03T17:24:18.150000 +CVE-2024-3257,0,1,b08a6413edbe423942780a6fe023bc538f97dad558ddbc91a724f215cfc85e18,2024-04-03T17:24:18.150000 +CVE-2024-3258,0,1,16d450bc3554c2a319117adc94d8a7dcb1f68b8821fc173e15562a1ba48b306c,2024-04-03T17:24:18.150000 +CVE-2024-3259,0,1,59128ca045cd2f7fbe88d58e11ffcce19ef1d2f5d6abea61087e98d65d4fd821,2024-04-03T17:24:18.150000