admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-03-01T00:55:31.389657+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-03-01 00:55:35 +00:00
parent c667bdf403
commit a58bcfcfea
24 changed files with 1077 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
CVE-2021/CVE-2021-469xx/CVE-2021-46959.json Normal file
View File

@ -0,0 +1,52 @@
{
"id": "CVE-2021-46959",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.230",
"lastModified": "2024-02-29T23:15:07.230",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: Fix use-after-free with devm_spi_alloc_*\n\nWe can't rely on the contents of the devres list during\nspi_unregister_controller(), as the list is already torn down at the\ntime we perform devres_find() for devm_spi_release_controller. This\ncauses devices registered with devm_spi_alloc_{master,slave}() to be\nmistakenly identified as legacy, non-devm managed devices and have their\nreference counters decremented below 0.\n\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 660 at lib/refcount.c:28 refcount_warn_saturate+0x108/0x174\n[<b0396f04>] (refcount_warn_saturate) from [<b03c56a4>] (kobject_put+0x90/0x98)\n[<b03c5614>] (kobject_put) from [<b0447b4c>] (put_device+0x20/0x24)\n r4:b6700140\n[<b0447b2c>] (put_device) from [<b07515e8>] (devm_spi_release_controller+0x3c/0x40)\n[<b07515ac>] (devm_spi_release_controller) from [<b045343c>] (release_nodes+0x84/0xc4)\n r5:b6700180 r4:b6700100\n[<b04533b8>] (release_nodes) from [<b0454160>] (devres_release_all+0x5c/0x60)\n r8:b1638c54 r7:b117ad94 r6:b1638c10 r5:b117ad94 r4:b163dc10\n[<b0454104>] (devres_release_all) from [<b044e41c>] (__device_release_driver+0x144/0x1ec)\n r5:b117ad94 r4:b163dc10\n[<b044e2d8>] (__device_release_driver) from [<b044f70c>] (device_driver_detach+0x84/0xa0)\n r9:00000000 r8:00000000 r7:b117ad94 r6:b163dc54 r5:b1638c10 r4:b163dc10\n[<b044f688>] (device_driver_detach) from [<b044d274>] (unbind_store+0xe4/0xf8)\n\nInstead, determine the devm allocation state as a flag on the\ncontroller which is guaranteed to be stable during cleanup."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/001c8e83646ad3b847b18f6ac55a54367d917d74",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/28a5529068c51cdf0295ab1e11a99a3a909a03e4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/62bb2c7f2411a0045c24831f11ecacfc35610815",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/794aaf01444d4e765e2b067cba01cc69c1c68ed9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8735248ebb918d25427965f0db07939ed0473ec6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8bf96425c90f5c1dcf3b7b9df568019a1d4b8a0e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8e029707f50a82c53172359c686b2536ab54e58c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c7fabe372a9031acd00498bc718ce27c253abfd1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cee78aa24578edac8cf00513dca618c0acc17cd7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

36
CVE-2021/CVE-2021-470xx/CVE-2021-47016.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2021-47016",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.307",
"lastModified": "2024-02-29T23:15:07.307",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nm68k: mvme147,mvme16x: Don't wipe PCC timer config bits\n\nDon't clear the timer 1 configuration bits when clearing the interrupt flag\nand counter overflow. As Michael reported, \"This results in no timer\ninterrupts being delivered after the first. Initialization then hangs\nin calibrate_delay as the jiffies counter is not updated.\"\n\nOn mvme16x, enable the timer after requesting the irq, consistent with\nmvme147."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1dfb26df15fc7036a74221d43de7427f74293dae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/43262178c043032e7c42d00de44c818ba05f9967",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5d34225169346cab5145978d153b9ce90e9ace21",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/73fdeb612d25b5e105c219e05434285a45d23576",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f6a90818a32058fca62cda3a2027a6a2364e1878",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

40
CVE-2021/CVE-2021-470xx/CVE-2021-47020.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2021-47020",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.357",
"lastModified": "2024-02-29T23:15:07.357",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoundwire: stream: fix memory leak in stream config error path\n\nWhen stream config is failed, master runtime will release all\nslave runtime in the slave_rt_list, but slave runtime is not\nadded to the list at this time. This patch frees slave runtime\nin the config error path to fix the memory leak."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2f17ac005b320c85d686088cfd4c2e7017912b88",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/342260fe821047c3d515e3d28085d73fbdce3e80",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/48f17f96a81763c7c8bf5500460a359b9939359f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7c468deae306d0cbbd539408c26cfec04c66159a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/870533403ffa28ff63e173045fc5369365642002",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/effd2bd62b416f6629e18e3ce077c60de14cfdea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2021/CVE-2021-470xx/CVE-2021-47054.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2021-47054",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.413",
"lastModified": "2024-02-29T23:15:07.413",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: qcom: Put child node before return\n\nPut child node before return to fix potential reference count leak.\nGenerally, the reference count of child is incremented and decremented\nautomatically in the macro for_each_available_child_of_node() and should\nbe decremented manually if the loop is broken in loop body."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/00f6abd3509b1d70d0ab0fbe65ce5685cebed8be",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3a76ec28824c01b57aa1f0927841d75e4f167cb8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6b68c03dfc79cd95a58dfd03f91f6e82829a1b0c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/94810fc52925eb122a922df7f9966cf3f4ba7391",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a399dd80e697a02cfb23e2fc09b87849994043d9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a6191e91c10e50bd51db65a00e03d02b6b0cf8c4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ac6ad7c2a862d682bb584a4bc904d89fa7721af8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c6f8e0dc8da1cd78d640dee392071cc2326ec1b2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

52
CVE-2021/CVE-2021-470xx/CVE-2021-47055.json Normal file
View File

@ -0,0 +1,52 @@
{
"id": "CVE-2021-47055",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.473",
"lastModified": "2024-02-29T23:15:07.473",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: require write permissions for locking and badblock ioctls\n\nMEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require\nwrite permission. Depending on the hardware MEMLOCK might even be\nwrite-once, e.g. for SPI-NOR flashes with their WP# tied to GND. OTPLOCK\nis always write-once.\n\nMEMSETBADBLOCK modifies the bad block table."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/077259f5e777c3c8821f6b41dee709fcda27306b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1e97743fd180981bef5f01402342bb54bf1c6366",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5880afefe0cb9b2d5e801816acd58bfe91a96981",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/75ed985bd6c8ac1d4e673e93ea9d96c9908c1d37",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7b6552719c0ccbbea29dde4be141da54fdb5877e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9625b00cac6630479c0ff4b9fafa88bee636e1f0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a08799d3e8c8088640956237c183f83463c39668",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f4d28d8b9b0e7c4ae04214b8d7e0b0466ec6bcaf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f73b29819c6314c0ba8b7d5892dfb03487424bee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2021/CVE-2021-470xx/CVE-2021-47056.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2021-47056",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.530",
"lastModified": "2024-02-29T23:15:07.530",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init\n\nADF_STATUS_PF_RUNNING is (only) used and checked by adf_vf2pf_shutdown()\nbefore calling adf_iov_putmsg()->mutex_lock(vf2pf_lock), however the\nvf2pf_lock is initialized in adf_dev_init(), which can fail and when it\nfail, the vf2pf_lock is either not initialized or destroyed, a subsequent\nuse of vf2pf_lock will cause issue.\nTo fix this issue, only set this flag if adf_dev_init() returns 0.\n\n[ 7.178404] BUG: KASAN: user-memory-access in __mutex_lock.isra.0+0x1ac/0x7c0\n[ 7.180345] Call Trace:\n[ 7.182576] mutex_lock+0xc9/0xd0\n[ 7.183257] adf_iov_putmsg+0x118/0x1a0 [intel_qat]\n[ 7.183541] adf_vf2pf_shutdown+0x4d/0x7b [intel_qat]\n[ 7.183834] adf_dev_shutdown+0x172/0x2b0 [intel_qat]\n[ 7.184127] adf_probe+0x5e9/0x600 [qat_dh895xccvf]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/05ec8192ee4bfdf2a8894a68350dac9f1a155fa6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/09d16cee6285d37cc76311c29add6d97a7e4acda",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1ea500ce6f7c9106e4a561d28e69215f3d451818",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1f50392650ae794a1aea41c213c6a3e1c824413c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/20fd40fc6f2c2b41dc6f637f88d494b14e9c21f1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/446045cf682af12d9294765f6c46084b374b5654",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8609f5cfdc872fc3a462efa6a3eca5cb1e2f6446",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f4c4e07140687f42bfa40e091bb4a55d7960ce4d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2021/CVE-2021-470xx/CVE-2021-47057.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2021-47057",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.590",
"lastModified": "2024-02-29T23:15:07.590",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: sun8i-ss - Fix memory leak of object d when dma_iv fails to map\n\nIn the case where the dma_iv mapping fails, the return error path leaks\nthe memory allocated to object d. Fix this by adding a new error return\nlabel and jumping to this to ensure d is free'd before the return.\n\nAddresses-Coverity: (\"Resource leak\")"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/617ec35ed51f731a593ae7274228ef2cfc9cb781",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6516cb852d704ff8d615de1f93cd443a99736c3d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/98b5ef3e97b16eaeeedb936f8bda3594ff84a70e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e1f2d739849c3239df1ea3f97d40bade4b808410",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

40
CVE-2021/CVE-2021-470xx/CVE-2021-47058.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2021-47058",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.640",
"lastModified": "2024-02-29T23:15:07.640",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: set debugfs_name to NULL after it is freed\n\nThere is a upstream commit cffa4b2122f5(\"regmap:debugfs:\nFix a memory leak when calling regmap_attach_dev\") that\nadds a if condition when create name for debugfs_name.\nWith below function invoking logical, debugfs_name is\nfreed in regmap_debugfs_exit(), but it is not created again\nbecause of the if condition introduced by above commit.\nregmap_reinit_cache()\n\tregmap_debugfs_exit()\n\t...\n\tregmap_debugfs_init()\nSo, set debugfs_name to NULL after it is freed."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2dc1554d5f0fdaf47cc5bea442b84b9226fea867",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b9e569ae1da3a113b3acee8703c94777fd20938a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c764e375ae647832de1ee73d43a4bb3ef8a8f43d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d8897f7b2283a500666c85ef06e820df38ed7b52",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e41a962f82e7afb5b1ee644f48ad0b3aee656268",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/eb949f891226c012138ffd9df90d1e509f428ae6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2021/CVE-2021-470xx/CVE-2021-47059.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2021-47059",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.690",
"lastModified": "2024-02-29T23:15:07.690",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: sun8i-ss - fix result memory leak on error path\n\nThis patch fixes a memory leak on an error path."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1dbc6a1e25be8575d6c4114d1d2b841a796507f7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1f12aaf07f61122cf5074d29714ee26f8d44b0e7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/50e7b39b808430ad49a637dc6fb72ca93b451b13",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ca065a93699f8cf3f42c60eefed73086007e928e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

36
CVE-2021/CVE-2021-470xx/CVE-2021-47060.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2021-47060",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.740",
"lastModified": "2024-02-29T23:15:07.740",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Stop looking for coalesced MMIO zones if the bus is destroyed\n\nAbort the walk of coalesced MMIO zones if kvm_io_bus_unregister_dev()\nfails to allocate memory for the new instance of the bus. If it can't\ninstantiate a new bus, unregister_dev() destroys all devices _except_ the\ntarget device. But, it doesn't tell the caller that it obliterated the\nbus and invoked the destructor for all devices that were on the bus. In\nthe coalesced MMIO case, this can result in a deleted list entry\ndereference due to attempting to continue iterating on coalesced_zones\nafter future entries (in the walk) have been deleted.\n\nOpportunistically add curly braces to the for-loop, which encompasses\nmany lines but sneaks by without braces due to the guts being a single\nif statement."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/168e82f640ed1891a700bdb43e37da354b2ab63c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2a20592baff59c5351c5200ec667e1a2aa22af85",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/50cbad42bfea8c052b7ca590bd4126cdc898713c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5d3c4c79384af06e3c8e25b7770b6247496b4417",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7d1bc32d6477ff96a32695ea4be8144e4513ab2d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2021/CVE-2021-470xx/CVE-2021-47061.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2021-47061",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.793",
"lastModified": "2024-02-29T23:15:07.793",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Destroy I/O bus devices on unregister failure _after_ sync'ing SRCU\n\nIf allocating a new instance of an I/O bus fails when unregistering a\ndevice, wait to destroy the device until after all readers are guaranteed\nto see the new null bus. Destroying devices before the bus is nullified\ncould lead to use-after-free since readers expect the devices on their\nreference of the bus to remain valid."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/03c6cccedd3913006744faa252a4da5145299343",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2ee3757424be7c1cd1d0bbfa6db29a7edd82a250",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/30f46c6993731efb2a690c9197c0fd9ed425da2d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4e899ca848636b37e9ac124bc1723862a7d7d927",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2021/CVE-2021-470xx/CVE-2021-47062.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2021-47062",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.843",
"lastModified": "2024-02-29T23:15:07.843",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Use online_vcpus, not created_vcpus, to iterate over vCPUs\n\nUse the kvm_for_each_vcpu() helper to iterate over vCPUs when encrypting\nVMSAs for SEV, which effectively switches to use online_vcpus instead of\ncreated_vcpus. This fixes a possible null-pointer dereference as\ncreated_vcpus does not guarantee a vCPU exists, since it is updated at\nthe very beginning of KVM_CREATE_VCPU. created_vcpus exists to allow the\nbulk of vCPU creation to run in parallel, while still correctly\nrestricting the max number of max vCPUs."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/ba7bf5d6336aa9c0d977b161bfa420c56d46ee40",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bd0cced2ae93195668f983d443f7f17e8efd24d2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c36b16d29f3af5f32fc1b2a3401bf48f71cabee1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2021/CVE-2021-470xx/CVE-2021-47063.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2021-47063",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.893",
"lastModified": "2024-02-29T23:15:07.893",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge/panel: Cleanup connector on bridge detach\n\nIf we don't call drm_connector_cleanup() manually in\npanel_bridge_detach(), the connector will be cleaned up with the other\nDRM objects in the call to drm_mode_config_cleanup(). However, since our\ndrm_connector is devm-allocated, by the time drm_mode_config_cleanup()\nwill be called, our connector will be long gone. Therefore, the\nconnector must be cleaned up when the bridge is detached to avoid\nuse-after-free conditions.\n\nv2: Cleanup connector only if it was created\n\nv3: Add FIXME\n\nv4: (Use connector->dev) directly in if() block"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/18149b420c9bd93c443e8d1f48a063d71d9f6aa1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4d906839d321c2efbf3fed4bc31ffd9ff55b75c0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/98d7d76a74e48ec3ddf2e23950adff7edcab9327",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ce450934a00cf896e648fde08d0bd1426653d7a2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2021/CVE-2021-470xx/CVE-2021-47064.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2021-47064",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.947",
"lastModified": "2024-02-29T23:15:07.947",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: fix potential DMA mapping leak\n\nWith buf uninitialized in mt76_dma_tx_queue_skb_raw, its field skip_unmap\ncould potentially inherit a non-zero value from stack garbage.\nIf this happens, it will cause DMA mappings for MCU command frames to not be\nunmapped after completion"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/91b9548d413fda488ea853cd1b9f59b572db3a0c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9b68ce2856dadc0e1cb6fd21fbeb850da49efd08",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9fa26701cd1fc4d932d431971efc5746325bdfce",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b4403cee6400c5f679e9c4a82b91d61aa961eccf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

36
CVE-2021/CVE-2021-470xx/CVE-2021-47065.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2021-47065",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:08.000",
"lastModified": "2024-02-29T23:15:08.000",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtw88: Fix array overrun in rtw_get_tx_power_params()\n\nUsing a kernel with the Undefined Behaviour Sanity Checker (UBSAN) enabled, the\nfollowing array overrun is logged:\n\n================================================================================\nUBSAN: array-index-out-of-bounds in /home/finger/wireless-drivers-next/drivers/net/wireless/realtek/rtw88/phy.c:1789:34\nindex 5 is out of range for type 'u8 [5]'\nCPU: 2 PID: 84 Comm: kworker/u16:3 Tainted: G O 5.12.0-rc5-00086-gd88bba47038e-dirty #651\nHardware name: TOSHIBA TECRA A50-A/TECRA A50-A, BIOS Version 4.50 09/29/2014\nWorkqueue: phy0 ieee80211_scan_work [mac80211]\nCall Trace:\n dump_stack+0x64/0x7c\n ubsan_epilogue+0x5/0x40\n __ubsan_handle_out_of_bounds.cold+0x43/0x48\n rtw_get_tx_power_params+0x83a/drivers/net/wireless/realtek/rtw88/0xad0 [rtw_core]\n ? rtw_pci_read16+0x20/0x20 [rtw_pci]\n ? check_hw_ready+0x50/0x90 [rtw_core]\n rtw_phy_get_tx_power_index+0x4d/0xd0 [rtw_core]\n rtw_phy_set_tx_power_level+0xee/0x1b0 [rtw_core]\n rtw_set_channel+0xab/0x110 [rtw_core]\n rtw_ops_config+0x87/0xc0 [rtw_core]\n ieee80211_hw_config+0x9d/0x130 [mac80211]\n ieee80211_scan_state_set_channel+0x81/0x170 [mac80211]\n ieee80211_scan_work+0x19f/0x2a0 [mac80211]\n process_one_work+0x1dd/0x3a0\n worker_thread+0x49/0x330\n ? rescuer_thread+0x3a0/0x3a0\n kthread+0x134/0x150\n ? kthread_create_worker_on_cpu+0x70/0x70\n ret_from_fork+0x22/0x30\n================================================================================\n\nThe statement where an array is being overrun is shown in the following snippet:\n\n\tif (rate <= DESC_RATE11M)\n\t\ttx_power = pwr_idx_2g->cck_base[group];\n\telse\n====>\t\ttx_power = pwr_idx_2g->bw40_base[group];\n\nThe associated arrays are defined in main.h as follows:\n\nstruct rtw_2g_txpwr_idx {\n\tu8 cck_base[6];\n\tu8 bw40_base[5];\n\tstruct rtw_2g_1s_pwr_idx_diff ht_1s_diff;\n\tstruct rtw_2g_ns_pwr_idx_diff ht_2s_diff;\n\tstruct rtw_2g_ns_pwr_idx_diff ht_3s_diff;\n\tstruct rtw_2g_ns_pwr_idx_diff ht_4s_diff;\n};\n\nThe problem arises because the value of group is 5 for channel 14. The trivial\nincrease in the dimension of bw40_base fails as this struct must match the layout of\nefuse. The fix is to add the rate as an argument to rtw_get_channel_group() and set\nthe group for channel 14 to 4 if rate <= DESC_RATE11M.\n\nThis patch fixes commit fa6dfe6bff24 (\"rtw88: resolve order of tx power setting routines\")"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2ff25985ea9ccc6c9af2c77b0b49045adcc62e0e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5f3dbced8eaa5c9ed7d6943f3fea99f235a6516a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6b5aa0cf321c25f41e09a61c83ee4dc7ab9549cb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/95fb153c6027924cda3422120169d1890737f3a0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9cd09722e18a08b6a3d68b8bccfac39ddc22434c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2021/CVE-2021-470xx/CVE-2021-47066.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2021-47066",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:08.057",
"lastModified": "2024-02-29T23:15:08.057",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nasync_xor: increase src_offs when dropping destination page\n\nNow we support sharing one page if PAGE_SIZE is not equal stripe size. To\nsupport this, it needs to support calculating xor value with different\noffsets for each r5dev. One offset array is used to record those offsets.\n\nIn RMW mode, parity page is used as a source page. It sets\nASYNC_TX_XOR_DROP_DST before calculating xor value in ops_run_prexor5.\nSo it needs to add src_list and src_offs at the same time. Now it only\nneeds src_list. So the xor value which is calculated is wrong. It can\ncause data corruption problem.\n\nI can reproduce this problem 100% on a POWER8 machine. The steps are:\n\n mdadm -CR /dev/md0 -l5 -n3 /dev/sdb1 /dev/sdc1 /dev/sdd1 --size=3G\n mkfs.xfs /dev/md0\n mount /dev/md0 /mnt/test\n mount: /mnt/test: mount(2) system call failed: Structure needs cleaning."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/29ffa50f33de824b5491f8239c88c4a0efdd03af",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/53f8208e11abd6dde9480dfcb97fecdb1bc2ac18",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cab2e8e5997b592fdb7d02cf2387b4b8e3057174",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ceaf2966ab082bbc4d26516f97b3ca8a676e2af8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2021/CVE-2021-470xx/CVE-2021-47067.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2021-47067",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:08.117",
"lastModified": "2024-02-29T23:15:08.117",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc/tegra: regulators: Fix locking up when voltage-spread is out of range\n\nFix voltage coupler lockup which happens when voltage-spread is out\nof range due to a bug in the code. The max-spread requirement shall be\naccounted when CPU regulator doesn't have consumers. This problem is\nobserved on Tegra30 Ouya game console once system-wide DVFS is enabled\nin a device-tree."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/a1ad124c836816fac8bd5e461d36eaf33cee4e24",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dc4452867200fa94589b382740952b58aa1c3e6c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ef85bb582c41524e9e68dfdbde48e519dac4ab3d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ff39adf5d31c72025bba799aec69c5c86d81d549",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

52
CVE-2021/CVE-2021-470xx/CVE-2021-47068.json Normal file
View File

@ -0,0 +1,52 @@
{
"id": "CVE-2021-47068",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:08.170",
"lastModified": "2024-02-29T23:15:08.170",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/nfc: fix use-after-free llcp_sock_bind/connect\n\nCommits 8a4cd82d (\"nfc: fix refcount leak in llcp_sock_connect()\")\nand c33b1cc62 (\"nfc: fix refcount leak in llcp_sock_bind()\")\nfixed a refcount leak bug in bind/connect but introduced a\nuse-after-free if the same local is assigned to 2 different sockets.\n\nThis can be triggered by the following simple program:\n int sock1 = socket( AF_NFC, SOCK_STREAM, NFC_SOCKPROTO_LLCP );\n int sock2 = socket( AF_NFC, SOCK_STREAM, NFC_SOCKPROTO_LLCP );\n memset( &addr, 0, sizeof(struct sockaddr_nfc_llcp) );\n addr.sa_family = AF_NFC;\n addr.nfc_protocol = NFC_PROTO_NFC_DEP;\n bind( sock1, (struct sockaddr*) &addr, sizeof(struct sockaddr_nfc_llcp) )\n bind( sock2, (struct sockaddr*) &addr, sizeof(struct sockaddr_nfc_llcp) )\n close(sock1);\n close(sock2);\n\nFix this by assigning NULL to llcp_sock->local after calling\nnfc_llcp_local_put.\n\nThis addresses CVE-2021-23134."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/18175fe17ae043a0b81e5d511f8817825784c299",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/18ae4a192a4496e48a5490b52812645d2413307c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/26157c82ba756767b2bd66d28a71b1bc454447f6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/374cdde4dcc9c909a60713abdbbf96d5e3e09f91",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/48fba458fe54cc2a980a05c13e6c19b8b2cfb610",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6b7021ed36dabf29e56842e3408781cd3b82ef6e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ccddad6dd28530e716448e594c9ca7c76ccd0570",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e32352070bcac22be6ed8ab635debc280bb65b8c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

59
CVE-2024/CVE-2024-04xx/CVE-2024-0403.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-0403",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-03-01T00:15:51.850",
"lastModified": "2024-03-01T00:15:51.850",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Recipes version 1.5.10 allows arbitrary HTTP requests to be made\n\nthrough the server. This is possible because the application is\n\nvulnerable to SSRF.\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/harris/",
"source": "help@fluidattacks.com"
},
{
"url": "https://github.com/TandoorRecipes/recipes/",
"source": "help@fluidattacks.com"
}
]
}

88
CVE-2024/CVE-2024-20xx/CVE-2024-2021.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-2021",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-01T00:15:52.070",
"lastModified": "2024-03-01T00:15:52.070",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. Affected is an unknown function of the file /admin/list_localuser.php. The manipulation of the argument ResId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255300. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/dtxharry/cve/blob/main/cve.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.255300",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.255300",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-20xx/CVE-2024-2022.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-2022",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-01T00:15:52.290",
"lastModified": "2024-03-01T00:15:52.290",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/list_ipAddressPolicy.php. The manipulation of the argument GroupId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255301 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/zouzuo1994321/cve/blob/main/cve.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.255301",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.255301",
"source": "cna@vuldb.com"
}
]
}

59
CVE-2024/CVE-2024-20xx/CVE-2024-2045.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-2045",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-03-01T00:15:52.493",
"lastModified": "2024-03-01T00:15:52.493",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Session version 1.17.5 allows obtaining internal application files and public\n\nfiles from the user's device without the user's consent. This is possible\n\nbecause the application is vulnerable to Local File Read via chat attachments.\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/newman/",
"source": "help@fluidattacks.com"
},
{
"url": "https://github.com/oxen-io/session-android/",
"source": "help@fluidattacks.com"
}
]
}

63
CVE-2024/CVE-2024-272xx/CVE-2024-27294.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-27294",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-29T23:15:08.250",
"lastModified": "2024-02-29T23:15:08.250",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files \u2014 including the compiler binary \u2014 with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive, go1.4-bootstrap-20170518.tar.gz, or go1.4-bootstrap-20170531.tar.gz. The user and group specified in Puppet code were ignored for files within the archive. dp-puppet version 1.2.7 will recreate installations if the owner or group of any file or directory within that installation does not match the requested owner or group"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"references": [
{
"url": "https://github.com/danielparks/puppet-golang/commit/1d0865b24071cb1c00d2fd8cb755d444e6e8f888",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/danielparks/puppet-golang/commit/870724a7fef50208515da7bbfa9dfd5d6950e7f5",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/danielparks/puppet-golang/security/advisories/GHSA-8h8m-h98f-vv84",
"source": "security-advisories@github.com"
}
]
}

37
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-29T23:00:24.365312+00:00
2024-03-01T00:55:31.389657+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-29T21:18:28.590000+00:00
2024-03-01T00:15:52.493000+00:00
```
### Last Data Feed Release
@ -29,23 +29,42 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
240135
240158
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `23`
* [CVE-2021-46959](CVE-2021/CVE-2021-469xx/CVE-2021-46959.json) (`2024-02-29T23:15:07.230`)
* [CVE-2021-47016](CVE-2021/CVE-2021-470xx/CVE-2021-47016.json) (`2024-02-29T23:15:07.307`)
* [CVE-2021-47020](CVE-2021/CVE-2021-470xx/CVE-2021-47020.json) (`2024-02-29T23:15:07.357`)
* [CVE-2021-47054](CVE-2021/CVE-2021-470xx/CVE-2021-47054.json) (`2024-02-29T23:15:07.413`)
* [CVE-2021-47055](CVE-2021/CVE-2021-470xx/CVE-2021-47055.json) (`2024-02-29T23:15:07.473`)
* [CVE-2021-47056](CVE-2021/CVE-2021-470xx/CVE-2021-47056.json) (`2024-02-29T23:15:07.530`)
* [CVE-2021-47057](CVE-2021/CVE-2021-470xx/CVE-2021-47057.json) (`2024-02-29T23:15:07.590`)
* [CVE-2021-47058](CVE-2021/CVE-2021-470xx/CVE-2021-47058.json) (`2024-02-29T23:15:07.640`)
* [CVE-2021-47059](CVE-2021/CVE-2021-470xx/CVE-2021-47059.json) (`2024-02-29T23:15:07.690`)
* [CVE-2021-47060](CVE-2021/CVE-2021-470xx/CVE-2021-47060.json) (`2024-02-29T23:15:07.740`)
* [CVE-2021-47061](CVE-2021/CVE-2021-470xx/CVE-2021-47061.json) (`2024-02-29T23:15:07.793`)
* [CVE-2021-47062](CVE-2021/CVE-2021-470xx/CVE-2021-47062.json) (`2024-02-29T23:15:07.843`)
* [CVE-2021-47063](CVE-2021/CVE-2021-470xx/CVE-2021-47063.json) (`2024-02-29T23:15:07.893`)
* [CVE-2021-47064](CVE-2021/CVE-2021-470xx/CVE-2021-47064.json) (`2024-02-29T23:15:07.947`)
* [CVE-2021-47065](CVE-2021/CVE-2021-470xx/CVE-2021-47065.json) (`2024-02-29T23:15:08.000`)
* [CVE-2021-47066](CVE-2021/CVE-2021-470xx/CVE-2021-47066.json) (`2024-02-29T23:15:08.057`)
* [CVE-2021-47067](CVE-2021/CVE-2021-470xx/CVE-2021-47067.json) (`2024-02-29T23:15:08.117`)
* [CVE-2021-47068](CVE-2021/CVE-2021-470xx/CVE-2021-47068.json) (`2024-02-29T23:15:08.170`)
* [CVE-2024-27294](CVE-2024/CVE-2024-272xx/CVE-2024-27294.json) (`2024-02-29T23:15:08.250`)
* [CVE-2024-0403](CVE-2024/CVE-2024-04xx/CVE-2024-0403.json) (`2024-03-01T00:15:51.850`)
* [CVE-2024-2021](CVE-2024/CVE-2024-20xx/CVE-2024-2021.json) (`2024-03-01T00:15:52.070`)
* [CVE-2024-2022](CVE-2024/CVE-2024-20xx/CVE-2024-2022.json) (`2024-03-01T00:15:52.290`)
* [CVE-2024-2045](CVE-2024/CVE-2024-20xx/CVE-2024-2045.json) (`2024-03-01T00:15:52.493`)
### CVEs modified in the last Commit
Recently modified CVEs: `4`
Recently modified CVEs: `0`
* [CVE-2023-33957](CVE-2023/CVE-2023-339xx/CVE-2023-33957.json) (`2024-02-29T21:16:49.777`)
* [CVE-2023-33958](CVE-2023/CVE-2023-339xx/CVE-2023-33958.json) (`2024-02-29T21:16:49.777`)
* [CVE-2023-25656](CVE-2023/CVE-2023-256xx/CVE-2023-25656.json) (`2024-02-29T21:18:28.590`)
* [CVE-2024-23332](CVE-2024/CVE-2024-233xx/CVE-2024-23332.json) (`2024-02-29T21:16:49.777`)
## Download and Usage