admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-09-13T16:00:18.095141+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-09-13 16:03:17 +00:00
parent cc89b20cd0
commit b48d01441e
154 changed files with 4906 additions and 490 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
CVE-2022/CVE-2022-24xx/CVE-2022-2446.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2022-2446",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-09-13T15:15:13.577",
"lastModified": "2024-09-13T15:15:13.577",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'current_theme_root' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3151053/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3555702-4427-4569-8fd6-f84113593e9d?source=cve",
"source": "security@wordfence.com"
}
]
}

34
CVE-2023/CVE-2023-294xx/CVE-2023-29486.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29486",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-21T01:15:32.790",
"lastModified": "2023-12-29T02:20:40.423",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-13T15:35:02.180",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-1333"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
}
],
"configurations": [

42
CVE-2023/CVE-2023-34xx/CVE-2023-3408.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3408",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-17T09:15:06.420",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-13T14:37:06.530",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -40,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -51,14 +61,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bricksbuilder:bricks:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.8.2",
"matchCriteriaId": "ADA36434-64C2-416A-B6E9-93CC306E8871"
}
]
}
]
}
],
"references": [
{
"url": "https://bricksbuilder.io/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d58fd503-84d0-4d62-9290-870b1dd32be7?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-34xx/CVE-2023-3409.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3409",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-17T09:15:06.790",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-13T14:34:58.380",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -51,14 +81,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bricksbuilder:bricks:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.8.2",
"matchCriteriaId": "ADA36434-64C2-416A-B6E9-93CC306E8871"
}
]
}
]
}
],
"references": [
{
"url": "https://bricksbuilder.io/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/16800ece-da9c-431b-a015-42bd30b646e2?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

14
CVE-2023/CVE-2023-397xx/CVE-2023-39731.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39731",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-20T00:15:14.300",
"lastModified": "2023-10-26T15:33:42.247",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-13T15:35:03.927",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"configurations": [

68
CVE-2023/CVE-2023-418xx/CVE-2023-41884.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41884",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-12T20:15:07.917",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-13T15:08:19.280",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,18 +81,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.36.34",
"matchCriteriaId": "E534CF78-63E9-4A19-A0E6-C7D2642FBA54"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-2qp3-fwpv-mc96",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

39
CVE-2023/CVE-2023-492xx/CVE-2023-49222.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49222",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-07T20:15:10.577",
"lastModified": "2024-06-10T02:52:08.267",
"lastModified": "2024-09-13T15:35:05.920",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "La consola con pantalla t\u00e1ctil P82 de Precor contiene una clave SSH privada que corresponde a una clave p\u00fablica predeterminada. Un atacante remoto podr\u00eda aprovechar esto para obtener privilegios de root."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://securityintelligence.com/x-force/internet-connected-treadmill-vulnerabilities-discovered/",

39
CVE-2023/CVE-2023-492xx/CVE-2023-49223.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49223",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-07T20:15:10.660",
"lastModified": "2024-06-10T02:52:08.267",
"lastModified": "2024-09-13T15:35:06.750",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Las consolas con pantalla t\u00e1ctil Precor P62, P80 y P82 podr\u00edan permitir que un atacante remoto obtenga informaci\u00f3n confidencial porque la contrase\u00f1a de root est\u00e1 almacenada en /etc/passwd. Un atacante podr\u00eda aprovechar esto para extraer archivos y obtener informaci\u00f3n confidencial."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://securityintelligence.com/x-force/internet-connected-treadmill-vulnerabilities-discovered/",

12
CVE-2023/CVE-2023-492xx/CVE-2023-49224.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49224",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-07T20:15:10.747",
"lastModified": "2024-07-03T01:42:28.180",
"lastModified": "2024-09-13T15:35:07.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -22,8 +22,8 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
@ -31,10 +31,10 @@
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-400"
"value": "CWE-798"
}
]
}

63
CVE-2024/CVE-2024-318xx/CVE-2024-31842.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31842",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-20T20:15:08.090",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-13T14:05:23.367",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,66 @@
"value": "Se descubri\u00f3 un problema en Italtel Embrace 1.6.4. La aplicaci\u00f3n web inserta el token de acceso de un usuario autenticado dentro de las solicitudes GET. La cadena de consulta para la URL podr\u00eda guardarse en el historial del navegador, pasarse a trav\u00e9s de Referers a otros sitios web, almacenarse en registros web o registrarse de otro modo en otras fuentes. Si la cadena de consulta contiene informaci\u00f3n confidencial, como identificadores de sesi\u00f3n, los atacantes pueden usar esta informaci\u00f3n para lanzar m\u00e1s ataques. Debido a que el token de acceso se env\u00eda en solicitudes GET, esta vulnerabilidad podr\u00eda provocar la apropiaci\u00f3n completa de la cuenta."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:italtel:embrace:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3469B5CE-AB48-497A-94DF-820F97DB88B3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.gruppotim.it/it/footer/red-team.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-31xx/CVE-2024-3121.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3121",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-24T00:15:09.680",
"lastModified": "2024-06-24T12:57:36.513",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-13T15:44:28.723",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -41,8 +63,18 @@
},
"weaknesses": [
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +83,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lollms:lollms:5.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B09904C7-405C-45C7-A1CA-768AAF169132"
}
]
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/db57c343-9b80-4c1c-9ab0-9eef92c9b27b",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-341xx/CVE-2024-34121.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-34121",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-09-13T09:15:02.943",
"lastModified": "2024-09-13T09:15:02.943",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 28.6, 27.9.5 y anteriores de Illustrator se ven afectadas por una vulnerabilidad de desbordamiento de enteros o de envoltura que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

134
CVE-2024/CVE-2024-382xx/CVE-2024-38252.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38252",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:30.493",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-13T15:23:18.010",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en el subsistema del n\u00facleo Win32 de Windows"
}
],
"metrics": {
@ -37,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +61,122 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.14393.7336",
"matchCriteriaId": "90027BBC-56AF-4F14-A118-53BBA694A0CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.7336",
"matchCriteriaId": "DFB6CBF4-DA4A-4743-B8A1-3E41FCBEEBEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6293",
"matchCriteriaId": "3A9450F3-BE07-4F9B-9C2B-29208AB91A9C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4894",
"matchCriteriaId": "2C551E1F-A971-4AEE-8784-A6975D8E44D8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.19041.4894",
"matchCriteriaId": "8610D293-28A5-4A3E-AE2D-BD21E7E42FDA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.4894",
"matchCriteriaId": "6A08D353-356F-4BB0-A43F-15EBD6E2FB83"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19045.4894",
"matchCriteriaId": "13DBA791-6F77-4DA1-8BF4-BA7C299C6188"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3197",
"matchCriteriaId": "FF161E1C-AF7E-4F75-86BA-8479D0BA8086"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.4169",
"matchCriteriaId": "10708C4D-4596-4089-8DDB-5479DE084F64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.4169",
"matchCriteriaId": "76AB8812-9BA5-415B-A6B1-C5AD065D3382"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.4169",
"matchCriteriaId": "5EFBBCCD-A83C-4D06-BBF0-1A4E5C9F0283"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.1742",
"matchCriteriaId": "889E645C-92D6-422B-A89B-05D6774B7543"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7336",
"matchCriteriaId": "A6291C92-7D32-4CC2-B601-FAF5B70F3BFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6293",
"matchCriteriaId": "BD2C9E88-C858-4B3D-A8C5-251DD6B69FD6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2700",
"matchCriteriaId": "4399F533-0094-43CF-872E-FC8E4A21A904"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1128",
"matchCriteriaId": "FCB2DB55-B6D1-4D28-802F-D300BE10E9A0"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38252",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

72
CVE-2024/CVE-2024-382xx/CVE-2024-38253.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38253",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:30.813",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-13T15:20:59.970",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en el subsistema del n\u00facleo Win32 de Windows"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3197",
"matchCriteriaId": "FF161E1C-AF7E-4F75-86BA-8479D0BA8086"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.4169",
"matchCriteriaId": "10708C4D-4596-4089-8DDB-5479DE084F64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.4169",
"matchCriteriaId": "76AB8812-9BA5-415B-A6B1-C5AD065D3382"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.4169",
"matchCriteriaId": "5EFBBCCD-A83C-4D06-BBF0-1A4E5C9F0283"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.1742",
"matchCriteriaId": "889E645C-92D6-422B-A89B-05D6774B7543"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1128",
"matchCriteriaId": "FCB2DB55-B6D1-4D28-802F-D300BE10E9A0"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38253",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

162
CVE-2024/CVE-2024-382xx/CVE-2024-38254.json
View File

@ -2,20 +2,44 @@
"id": "CVE-2024-38254",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:31.143",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-13T15:16:48.427",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Authentication Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de autenticaci\u00f3n de Windows"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
@ -37,8 +61,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +81,128 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.10240.20766",
"matchCriteriaId": "85DD5735-7C22-4A98-B404-08FEF44A640F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.10240.20766",
"matchCriteriaId": "83550045-529B-4968-A543-C9D298C0F31D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.14393.7336",
"matchCriteriaId": "90027BBC-56AF-4F14-A118-53BBA694A0CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.7336",
"matchCriteriaId": "DFB6CBF4-DA4A-4743-B8A1-3E41FCBEEBEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6293",
"matchCriteriaId": "3A9450F3-BE07-4F9B-9C2B-29208AB91A9C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4894",
"matchCriteriaId": "2C551E1F-A971-4AEE-8784-A6975D8E44D8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.19041.4894",
"matchCriteriaId": "8610D293-28A5-4A3E-AE2D-BD21E7E42FDA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.4894",
"matchCriteriaId": "6A08D353-356F-4BB0-A43F-15EBD6E2FB83"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"versionEndIncluding": "10.0.19045.4894",
"matchCriteriaId": "DB3B2964-5BDD-4478-A13C-D1BF5F6E7E9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3197",
"matchCriteriaId": "FF161E1C-AF7E-4F75-86BA-8479D0BA8086"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.4169",
"matchCriteriaId": "10708C4D-4596-4089-8DDB-5479DE084F64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.4169",
"matchCriteriaId": "3F9E54F7-0561-49F6-AAD1-B78FF99BBA44"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.1742",
"matchCriteriaId": "889E645C-92D6-422B-A89B-05D6774B7543"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7336",
"matchCriteriaId": "A6291C92-7D32-4CC2-B601-FAF5B70F3BFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6293",
"matchCriteriaId": "BD2C9E88-C858-4B3D-A8C5-251DD6B69FD6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2700",
"matchCriteriaId": "4399F533-0094-43CF-872E-FC8E4A21A904"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1128",
"matchCriteriaId": "FCB2DB55-B6D1-4D28-802F-D300BE10E9A0"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38254",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

129
CVE-2024/CVE-2024-382xx/CVE-2024-38256.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38256",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:31.360",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-13T15:05:30.070",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel-Mode Driver Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n del controlador en modo kernel de Windows"
}
],
"metrics": {
@ -37,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +61,117 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.10240.20766",
"matchCriteriaId": "85DD5735-7C22-4A98-B404-08FEF44A640F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.10240.20766",
"matchCriteriaId": "83550045-529B-4968-A543-C9D298C0F31D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.14393.7336",
"matchCriteriaId": "90027BBC-56AF-4F14-A118-53BBA694A0CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.7336",
"matchCriteriaId": "DFB6CBF4-DA4A-4743-B8A1-3E41FCBEEBEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6293",
"matchCriteriaId": "3A9450F3-BE07-4F9B-9C2B-29208AB91A9C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4894",
"matchCriteriaId": "2C551E1F-A971-4AEE-8784-A6975D8E44D8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.19041.4894",
"matchCriteriaId": "8610D293-28A5-4A3E-AE2D-BD21E7E42FDA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.4894",
"matchCriteriaId": "6A08D353-356F-4BB0-A43F-15EBD6E2FB83"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19045.4894",
"matchCriteriaId": "13DBA791-6F77-4DA1-8BF4-BA7C299C6188"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7336",
"matchCriteriaId": "A6291C92-7D32-4CC2-B601-FAF5B70F3BFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6293",
"matchCriteriaId": "BD2C9E88-C858-4B3D-A8C5-251DD6B69FD6"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38256",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

122
CVE-2024/CVE-2024-382xx/CVE-2024-38257.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38257",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:31.567",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-13T15:03:00.917",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft AllJoyn API Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de la API AllJoyn de Microsoft"
}
],
"metrics": {
@ -37,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +61,110 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.14393.7336",
"matchCriteriaId": "90027BBC-56AF-4F14-A118-53BBA694A0CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.7336",
"matchCriteriaId": "DFB6CBF4-DA4A-4743-B8A1-3E41FCBEEBEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6293",
"matchCriteriaId": "3A9450F3-BE07-4F9B-9C2B-29208AB91A9C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4894",
"matchCriteriaId": "2C551E1F-A971-4AEE-8784-A6975D8E44D8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.19041.4894",
"matchCriteriaId": "8610D293-28A5-4A3E-AE2D-BD21E7E42FDA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.4894",
"matchCriteriaId": "6A08D353-356F-4BB0-A43F-15EBD6E2FB83"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19045.4894",
"matchCriteriaId": "13DBA791-6F77-4DA1-8BF4-BA7C299C6188"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3197",
"matchCriteriaId": "FF161E1C-AF7E-4F75-86BA-8479D0BA8086"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.4169",
"matchCriteriaId": "10708C4D-4596-4089-8DDB-5479DE084F64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.4169",
"matchCriteriaId": "C582B2CD-0EFD-461E-9D3F-F74256E4526B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7336",
"matchCriteriaId": "A6291C92-7D32-4CC2-B601-FAF5B70F3BFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6293",
"matchCriteriaId": "BD2C9E88-C858-4B3D-A8C5-251DD6B69FD6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2700",
"matchCriteriaId": "4399F533-0094-43CF-872E-FC8E4A21A904"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1128",
"matchCriteriaId": "FCB2DB55-B6D1-4D28-802F-D300BE10E9A0"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38257",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

109
CVE-2024/CVE-2024-382xx/CVE-2024-38258.json
View File

@ -2,20 +2,44 @@
"id": "CVE-2024-38258",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:31.770",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-13T15:00:54.153",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Remote Desktop Licensing Service Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n del servicio de licencias de escritorio remoto de Windows"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
@ -37,8 +61,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +81,75 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7336",
"matchCriteriaId": "A6291C92-7D32-4CC2-B601-FAF5B70F3BFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6293",
"matchCriteriaId": "BD2C9E88-C858-4B3D-A8C5-251DD6B69FD6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2700",
"matchCriteriaId": "4399F533-0094-43CF-872E-FC8E4A21A904"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1128",
"matchCriteriaId": "FCB2DB55-B6D1-4D28-802F-D300BE10E9A0"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38258",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

98
CVE-2024/CVE-2024-382xx/CVE-2024-38259.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38259",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:31.990",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-13T14:56:28.637",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Management Console Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Management Console"
}
],
"metrics": {
@ -37,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +61,86 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22000.3197",
"matchCriteriaId": "27B86605-6710-4BC8-99A4-73462A011192"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22000.3197",
"matchCriteriaId": "24ABE040-A076-4A03-9847-B4D0C2CA5E97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.4169",
"matchCriteriaId": "1943A041-87C3-404D-B09C-8E25E46A6E90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22621.4169",
"matchCriteriaId": "4AC8FE5E-7E85-4520-BD68-3A9776948A5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.4169",
"matchCriteriaId": "76AB8812-9BA5-415B-A6B1-C5AD065D3382"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.4169",
"matchCriteriaId": "5EFBBCCD-A83C-4D06-BBF0-1A4E5C9F0283"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"versionEndIncluding": "10.0.26100.1742",
"matchCriteriaId": "0E7D2B19-7F37-48FE-8727-A7CB75EDE6CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.26100.1742",
"matchCriteriaId": "82EA7851-0235-4ACA-8BDB-89243CF2BDA7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2700",
"matchCriteriaId": "4399F533-0094-43CF-872E-FC8E4A21A904"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1128",
"matchCriteriaId": "FCB2DB55-B6D1-4D28-802F-D300BE10E9A0"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38259",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

77
CVE-2024/CVE-2024-382xx/CVE-2024-38260.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38260",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:32.183",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-13T14:53:26.410",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el servicio de licencias de escritorio remoto de Windows"
}
],
"metrics": {
@ -37,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +61,65 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7336",
"matchCriteriaId": "A6291C92-7D32-4CC2-B601-FAF5B70F3BFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6293",
"matchCriteriaId": "BD2C9E88-C858-4B3D-A8C5-251DD6B69FD6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2700",
"matchCriteriaId": "4399F533-0094-43CF-872E-FC8E4A21A904"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1128",
"matchCriteriaId": "FCB2DB55-B6D1-4D28-802F-D300BE10E9A0"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38260",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

87
CVE-2024/CVE-2024-382xx/CVE-2024-38263.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38263",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:32.383",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-13T14:55:01.400",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el servicio de licencias de escritorio remoto de Windows"
}
],
"metrics": {
@ -37,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +61,75 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7336",
"matchCriteriaId": "A6291C92-7D32-4CC2-B601-FAF5B70F3BFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6293",
"matchCriteriaId": "BD2C9E88-C858-4B3D-A8C5-251DD6B69FD6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2700",
"matchCriteriaId": "4399F533-0094-43CF-872E-FC8E4A21A904"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1128",
"matchCriteriaId": "FCB2DB55-B6D1-4D28-802F-D300BE10E9A0"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38263",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-388xx/CVE-2024-38816.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38816",
"sourceIdentifier": "security@vmware.com",
"published": "2024-09-13T06:15:11.190",
"lastModified": "2024-09-13T06:15:11.190",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.\n\nSpecifically, an application is vulnerable when both of the following are true:\n\n * the web application uses RouterFunctions\u00a0to serve static resources\n * resource handling is explicitly configured with a FileSystemResource\u00a0location\n\n\nHowever, malicious requests are blocked and rejected when any of the following is true:\n\n * the Spring Security HTTP Firewall https://docs.spring.io/spring-security/reference/servlet/exploits/firewall.html \u00a0is in use\n * the application runs on Tomcat or Jetty"
},
{
"lang": "es",
"value": "Las aplicaciones que brindan recursos est\u00e1ticos a trav\u00e9s de los marcos web funcionales WebMvc.fn o WebFlux.fn son vulnerables a ataques de path traversal. Un atacante puede crear solicitudes HTTP maliciosas y obtener cualquier archivo en el sistema de archivos que tambi\u00e9n sea accesible para el proceso en el que se ejecuta la aplicaci\u00f3n Spring. Espec\u00edficamente, una aplicaci\u00f3n es vulnerable cuando se cumplen las dos condiciones siguientes: * la aplicaci\u00f3n web usa RouterFunctions para brindar recursos est\u00e1ticos * el manejo de recursos est\u00e1 configurado expl\u00edcitamente con una ubicaci\u00f3n FileSystemResource Sin embargo, las solicitudes maliciosas se bloquean y rechazan cuando se cumple alguna de las siguientes condiciones: * el firewall HTTP de Spring Security https://docs.spring.io/spring-security/reference/servlet/exploits/firewall.html est\u00e1 en uso * la aplicaci\u00f3n se ejecuta en Tomcat o Jetty"
}
],
"metrics": {

8
CVE-2024/CVE-2024-393xx/CVE-2024-39377.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39377",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-09-13T07:15:02.390",
"lastModified": "2024-09-13T07:15:02.390",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 24.5, 23.6.8 y anteriores de Media Encoder se ven afectadas por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2024/CVE-2024-393xx/CVE-2024-39380.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39380",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-09-13T09:15:03.917",
"lastModified": "2024-09-13T09:15:03.917",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "After Effects versions 23.6.6, 24.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 23.6.6, 24.5 y anteriores de After Effects se ven afectadas por una vulnerabilidad de desbordamiento de b\u00fafer basado en mont\u00f3n que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2024/CVE-2024-393xx/CVE-2024-39381.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39381",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-09-13T09:15:04.900",
"lastModified": "2024-09-13T09:15:04.900",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 23.6.6, 24.5 y anteriores de After Effects se ven afectadas por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2024/CVE-2024-393xx/CVE-2024-39382.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39382",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-09-13T09:15:05.770",
"lastModified": "2024-09-13T09:15:05.770",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 23.6.6, 24.5 y anteriores de After Effects se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2024/CVE-2024-393xx/CVE-2024-39384.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39384",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-09-13T09:15:06.620",
"lastModified": "2024-09-13T09:15:06.620",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Premiere Pro versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 24.5, 23.6.8 y anteriores de Premiere Pro se ven afectadas por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2024/CVE-2024-393xx/CVE-2024-39385.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39385",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-09-13T09:15:07.470",
"lastModified": "2024-09-13T09:15:07.470",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Premiere Pro versions 24.5, 23.6.8 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 24.5, 23.6.8 y anteriores de Premiere Pro se ven afectadas por una vulnerabilidad de Use After Free que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

145
CVE-2024/CVE-2024-39xx/CVE-2024-3913.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3913",
"sourceIdentifier": "info@cert.vde.com",
"published": "2024-08-13T13:15:12.750",
"lastModified": "2024-08-13T17:11:53.553",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-13T15:58:13.780",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
},
{
"source": "info@cert.vde.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
@ -51,10 +71,127 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:phoenixcontact:charx_sec-3150_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.6.3",
"matchCriteriaId": "5319EC7A-BBCA-4651-AC0E-992474DC436E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:phoenixcontact:charx_sec-3150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32916BED-0241-4787-960C-7A4E8E1DDED7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:phoenixcontact:charx_sec-3100_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.6.3",
"matchCriteriaId": "2B92922A-12E9-47D8-AAF9-78BE6280B0A5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:phoenixcontact:charx_sec-3100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F498BFB3-3C39-4F0B-9775-0B4F891D866C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:phoenixcontact:charx_sec-3050_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.6.3",
"matchCriteriaId": "B67A366B-8D9D-4F56-940D-815100FADBF9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:phoenixcontact:charx_sec-3050:-:*:*:*:*:*:*:*",
"matchCriteriaId": "775BA5ED-968B-4759-BA39-50F9EAB29169"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:phoenixcontact:charx_sec-3000_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.6.3",
"matchCriteriaId": "EC363C54-329E-4E96-A181-6CD72B9AC2C3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:phoenixcontact:charx_sec-3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1095269-9D5A-4557-BA9D-33B49AAA339F"
}
]
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-022",
"source": "info@cert.vde.com"
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-418xx/CVE-2024-41857.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41857",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-09-13T09:15:09.350",
"lastModified": "2024-09-13T09:15:09.350",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 28.6, 27.9.5 y anteriores de Illustrator se ven afectadas por una vulnerabilidad de desbordamiento de enteros (Wrap o Wraparound) que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2024/CVE-2024-418xx/CVE-2024-41859.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41859",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-09-13T09:15:10.057",
"lastModified": "2024-09-13T09:15:10.057",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 23.6.6, 24.5 y anteriores de After Effects se ven afectadas por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2024/CVE-2024-418xx/CVE-2024-41867.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41867",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-09-13T09:15:10.620",
"lastModified": "2024-09-13T09:15:10.620",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "After Effects versions 23.6.6, 24.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could lead to arbitrary file system write operations. An attacker could leverage this vulnerability to modify or corrupt files, potentially leading to a compromise of system integrity. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 23.6.6, 24.5 y anteriores de After Effects se ven afectadas por una vulnerabilidad de desbordamiento de b\u00fafer basada en pila que podr\u00eda provocar operaciones de escritura arbitrarias en el sistema de archivos. Un atacante podr\u00eda aprovechar esta vulnerabilidad para modificar o da\u00f1ar archivos, lo que podr\u00eda poner en riesgo la integridad del sistema. Para aprovechar este problema, es necesario que el usuario abra un archivo malicioso."
}
],
"metrics": {

8
CVE-2024/CVE-2024-418xx/CVE-2024-41869.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41869",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-09-13T09:15:11.257",
"lastModified": "2024-09-13T09:15:11.257",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 y anteriores de Acrobat Reader se ven afectadas por una vulnerabilidad de tipo Use After Free que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2024/CVE-2024-418xx/CVE-2024-41870.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41870",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-09-13T07:15:03.750",
"lastModified": "2024-09-13T07:15:03.750",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 24.5, 23.6.8 y anteriores de Media Encoder se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2024/CVE-2024-418xx/CVE-2024-41871.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41871",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-09-13T07:15:04.097",
"lastModified": "2024-09-13T07:15:04.097",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 24.5, 23.6.8 y anteriores de Media Encoder se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites al analizar un archivo creado, lo que podr\u00eda provocar una lectura m\u00e1s all\u00e1 del final de una estructura de memoria asignada. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2024/CVE-2024-418xx/CVE-2024-41872.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41872",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-09-13T07:15:04.440",
"lastModified": "2024-09-13T07:15:04.440",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 24.5, 23.6.8 y anteriores de Media Encoder se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2024/CVE-2024-418xx/CVE-2024-41873.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41873",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-09-13T07:15:04.790",
"lastModified": "2024-09-13T07:15:04.790",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 24.5, 23.6.8 y anteriores de Media Encoder se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2024/CVE-2024-418xx/CVE-2024-41874.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41874",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-09-13T10:15:12.447",
"lastModified": "2024-09-13T10:15:12.447",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability by providing crafted input to the application, which when deserialized, leads to execution of malicious code. Exploitation of this issue does not require user interaction."
},
{
"lang": "es",
"value": "Las versiones 2023.9, 2021.15 y anteriores de ColdFusion se ven afectadas por una vulnerabilidad de deserializaci\u00f3n de datos no confiables que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Un atacante podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada manipulada a la aplicaci\u00f3n que, cuando se deserialice, provoque la ejecuci\u00f3n de c\u00f3digo malicioso. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
}
],
"metrics": {

8
CVE-2024/CVE-2024-431xx/CVE-2024-43180.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43180",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-09-13T02:15:01.887",
"lastModified": "2024-09-13T02:15:01.887",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic."
},
{
"lang": "es",
"value": "IBM Concert 1.0 no establece el atributo seguro en tokens de autorizaci\u00f3n o cookies de sesi\u00f3n. Los atacantes pueden obtener los valores de las cookies enviando un enlace http:// a un usuario o colocando este enlace en un sitio al que accede el usuario. La cookie se enviar\u00e1 al enlace inseguro y el atacante puede obtener el valor de la cookie espiando el tr\u00e1fico."
}
],
"metrics": {

57
CVE-2024/CVE-2024-433xx/CVE-2024-43335.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43335",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-18T14:15:07.800",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-13T14:25:12.027",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cyberchimps:responsive_blocks:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.8.9",
"matchCriteriaId": "B83E0DDD-BA89-4E36-A7A1-008F31AA65FE"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/responsive-block-editor-addons/wordpress-responsive-blocks-wordpress-gutenberg-blocks-plugin-1-8-8-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-433xx/CVE-2024-43342.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43342",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-18T14:15:07.993",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-13T14:11:31.850",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bdthemes:ultimate_store_kit:*:*:*:*:free:wordpress:*:*",
"versionEndIncluding": "1.6.4",
"matchCriteriaId": "E368FC25-C48D-47D5-B742-6CF2C402B1CB"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ultimate-store-kit/wordpress-ultimate-store-kit-elementor-addons-woocommerce-builder-edd-builder-elementor-store-builder-product-grid-product-table-woocommerce-slider-plugin-1-6-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

92
CVE-2024/CVE-2024-434xx/CVE-2024-43454.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43454",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:32.583",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-13T14:52:28.570",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el servicio de licencias de escritorio remoto de Windows"
}
],
"metrics": {
@ -37,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +61,80 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x64:*",
"matchCriteriaId": "C0DC57FA-88F8-4D5C-94BD-3A8B1FB8C047"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7336",
"matchCriteriaId": "A6291C92-7D32-4CC2-B601-FAF5B70F3BFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6293",
"matchCriteriaId": "BD2C9E88-C858-4B3D-A8C5-251DD6B69FD6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2700",
"matchCriteriaId": "4399F533-0094-43CF-872E-FC8E4A21A904"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1128",
"matchCriteriaId": "FCB2DB55-B6D1-4D28-802F-D300BE10E9A0"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43454",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

112
CVE-2024/CVE-2024-434xx/CVE-2024-43455.json
View File

@ -2,20 +2,44 @@
"id": "CVE-2024-43455",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:32.807",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-13T14:50:02.390",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Remote Desktop Licensing Service Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de suplantaci\u00f3n de identidad del servicio de licencias de escritorio remoto de Windows"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +81,80 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "F73D1308-DB13-4B6C-A66F-5542FDCA749C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:x64:*",
"matchCriteriaId": "8968BAC8-A1DB-4F88-89F8-4BE47919C247"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF6437F9-6631-49D3-A6C2-62329E278E31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7336",
"matchCriteriaId": "A6291C92-7D32-4CC2-B601-FAF5B70F3BFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6293",
"matchCriteriaId": "BD2C9E88-C858-4B3D-A8C5-251DD6B69FD6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2700",
"matchCriteriaId": "4399F533-0094-43CF-872E-FC8E4A21A904"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1128",
"matchCriteriaId": "FCB2DB55-B6D1-4D28-802F-D300BE10E9A0"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43455",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

53
CVE-2024/CVE-2024-434xx/CVE-2024-43464.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43464",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:33.813",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-13T14:48:05.247",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft SharePoint Server Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft SharePoint Server"
}
],
"metrics": {
@ -37,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +61,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*",
"matchCriteriaId": "AC8BB33F-44C4-41FE-8B17-68E3C4B38142"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "F815EF1D-7B60-47BE-9AC2-2548F99F10E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43464",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

89
CVE-2024/CVE-2024-434xx/CVE-2024-43465.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43465",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:34.017",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-13T14:46:33.210",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Microsoft Excel"
}
],
"metrics": {
@ -37,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +61,77 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*",
"matchCriteriaId": "3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*",
"matchCriteriaId": "CD25F492-9272-4836-832C-8439EBE64CCF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD88F667-6773-4DB7-B6C3-9C7B769C0808"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*",
"matchCriteriaId": "B342EF98-B414-44D0-BAFB-FCA24294EECE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:x64:*",
"matchCriteriaId": "68F37A38-9BC3-43FD-8E71-4EED079156D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:x86:*",
"matchCriteriaId": "AFFA09D5-9992-462F-B52E-A1DDE2462064"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*",
"matchCriteriaId": "75F7306B-D1DA-48C2-AF87-4480E161D794"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*",
"matchCriteriaId": "BA9BCD55-F71E-4920-B906-A1386843776A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*",
"matchCriteriaId": "BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.10414.20000",
"matchCriteriaId": "CCCFD5A7-2B03-464D-B83C-87EB2E687F8E"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43465",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

75
CVE-2024/CVE-2024-434xx/CVE-2024-43466.json
View File

@ -2,20 +2,44 @@
"id": "CVE-2024-43466",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:34.207",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-13T14:44:16.013",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft SharePoint Server Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio en Microsoft SharePoint Server"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
@ -37,8 +61,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +81,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*",
"matchCriteriaId": "AC8BB33F-44C4-41FE-8B17-68E3C4B38142"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "F815EF1D-7B60-47BE-9AC2-2548F99F10E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43466",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

48
CVE-2024/CVE-2024-434xx/CVE-2024-43475.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43475",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:35.407",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-13T14:42:52.533",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Windows Admin Center Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en el centro de administraci\u00f3n de Microsoft Windows"
}
],
"metrics": {
@ -37,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +61,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43475",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

66
CVE-2024/CVE-2024-434xx/CVE-2024-43476.json
View File

@ -2,20 +2,44 @@
"id": "CVE-2024-43476",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:35.623",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-13T14:39:20.693",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting en Microsoft Dynamics 365 (local)"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
@ -37,7 +61,7 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -45,12 +69,44 @@
"value": "CWE-79"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:dynamics_365:*:*:*:*:on-premises:*:*:*",
"versionEndExcluding": "9.1.32",
"matchCriteriaId": "C7B72370-01F4-44CE-AEBF-D7DF6ECB14A0"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43476",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

87
CVE-2024/CVE-2024-434xx/CVE-2024-43479.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43479",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:35.830",
"lastModified": "2024-09-10T17:43:14.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-13T14:38:13.873",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Power Automate Desktop Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Power Automate Desktop"
}
],
"metrics": {
@ -37,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +61,75 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:power_automate:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "2.41",
"versionEndExcluding": "2.41.178.24249",
"matchCriteriaId": "322F9991-B8B9-4663-A85F-5707690F7EC2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:power_automate:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "2.42",
"versionEndExcluding": "2.42.331.24249",
"matchCriteriaId": "474BAB62-900B-4E53-8806-6CF0A00A42C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:power_automate:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "2.43",
"versionEndExcluding": "2.43.249.24249",
"matchCriteriaId": "5149B144-1E46-48C4-A0E4-D52A6FCBCF06"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:power_automate:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "2.44",
"versionEndExcluding": "2.44.55.24249",
"matchCriteriaId": "E6EB212A-F877-4295-812A-3107CE292ED0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:power_automate:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "2.45",
"versionEndExcluding": "2.45.404.24249",
"matchCriteriaId": "1B0733C1-CA8E-444F-ABD8-C3764642E276"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:power_automate:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "2.46",
"versionEndExcluding": "2.46.181.24249",
"matchCriteriaId": "9FEBB153-D701-4BE4-9711-51CFDE92AA74"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:power_automate:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "2.47",
"versionEndExcluding": "2.47.119.24249",
"matchCriteriaId": "4F353C0E-6892-4A4A-AEA7-59A778ADC380"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43479",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-437xx/CVE-2024-43756.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43756",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-09-13T10:15:14.680",
"lastModified": "2024-09-13T10:15:14.680",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 24.7.4, 25.11 y anteriores de Photoshop Desktop se ven afectadas por una vulnerabilidad de desbordamiento de b\u00fafer basado en mont\u00f3n que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2024/CVE-2024-437xx/CVE-2024-43758.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43758",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-09-13T09:15:11.970",
"lastModified": "2024-09-13T09:15:11.970",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Illustrator versions 28.6, 27.9.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 28.6, 27.9.5 y anteriores de Illustrator se ven afectadas por una vulnerabilidad de tipo Use After Free que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2024/CVE-2024-437xx/CVE-2024-43759.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43759",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-09-13T09:15:12.457",
"lastModified": "2024-09-13T09:15:12.457",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Illustrator versions 28.6, 27.9.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a DoS condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 28.6, 27.9.5 y anteriores de Illustrator se ven afectadas por una vulnerabilidad de desreferencia de puntero nulo que podr\u00eda provocar una denegaci\u00f3n de servicio (DoS) de la aplicaci\u00f3n. Un atacante podr\u00eda aprovechar esta vulnerabilidad para bloquear la aplicaci\u00f3n, lo que provocar\u00eda una condici\u00f3n de denegaci\u00f3n de servicio. Para aprovechar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2024/CVE-2024-437xx/CVE-2024-43760.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43760",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-09-13T10:15:15.230",
"lastModified": "2024-09-13T10:15:15.230",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 24.7.4, 25.11 y anteriores de Photoshop Desktop se ven afectadas por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

66
CVE-2024/CVE-2024-448xx/CVE-2024-44871.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-44871",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-10T17:15:37.433",
"lastModified": "2024-09-10T20:35:12.513",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-13T15:28:21.260",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de carga de archivos arbitrarios en el componente /admin/index.php de moziloCMS v3.0 permite a los atacantes ejecutar c\u00f3digo arbitrario mediante la carga de un archivo manipulado espec\u00edficamente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -47,14 +81,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilo:mozilocms:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAA5588-EC65-43BB-9EE8-ED6D51C8CC72"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/moziloDasEinsteigerCMS/mozilo3.0",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/sec-fortress/Exploits/tree/main/CVE-2024-44871",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

66
CVE-2024/CVE-2024-448xx/CVE-2024-44872.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-44872",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-10T17:15:37.517",
"lastModified": "2024-09-10T20:35:13.703",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-13T15:26:12.067",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site scripting (XSS) reflejado en moziloCMS v3.0 permite a los atacantes ejecutar c\u00f3digo arbitrario en el contexto del navegador de un usuario mediante la inyecci\u00f3n de un payload especialmente manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -47,14 +81,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilo:mozilocms:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAA5588-EC65-43BB-9EE8-ED6D51C8CC72"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/moziloDasEinsteigerCMS/mozilo3.0",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/sec-fortress/Exploits/tree/main/CVE-2024-44872",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-451xx/CVE-2024-45108.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45108",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-09-13T10:15:15.747",
"lastModified": "2024-09-13T10:15:15.747",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 24.7.4, 25.11 y anteriores de Photoshop Desktop se ven afectadas por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2024/CVE-2024-451xx/CVE-2024-45109.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45109",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-09-13T10:15:16.243",
"lastModified": "2024-09-13T10:15:16.243",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 24.7.4, 25.11 y anteriores de Photoshop Desktop se ven afectadas por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2024/CVE-2024-451xx/CVE-2024-45111.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45111",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-09-13T09:15:13.263",
"lastModified": "2024-09-13T09:15:13.263",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Illustrator versions 28.6, 27.9.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 28.6, 27.9.5 y anteriores de Illustrator se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2024/CVE-2024-451xx/CVE-2024-45112.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45112",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-09-13T09:15:13.947",
"lastModified": "2024-09-13T09:15:13.947",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Type Confusion vulnerability that could result in arbitrary code execution in the context of the current user. This issue occurs when a resource is accessed using a type that is not compatible with the actual object type, leading to a logic error that an attacker could exploit. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 y anteriores de Acrobat Reader se ven afectadas por una vulnerabilidad de confusi\u00f3n de tipos que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Este problema se produce cuando se accede a un recurso utilizando un tipo que no es compatible con el tipo de objeto real, lo que genera un error l\u00f3gico que un atacante podr\u00eda aprovechar. Para aprovechar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2024/CVE-2024-451xx/CVE-2024-45113.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45113",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-09-13T10:15:16.737",
"lastModified": "2024-09-13T10:15:16.737",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access and affect the integrity of the application. Exploitation of this issue does not require user interaction."
},
{
"lang": "es",
"value": "Las versiones 2023.6, 2021.12 y anteriores de ColdFusion se ven afectadas por una vulnerabilidad de autenticaci\u00f3n incorrecta que podr\u00eda provocar una escalada de privilegios. Un atacante podr\u00eda aprovechar esta vulnerabilidad para obtener acceso no autorizado y afectar la integridad de la aplicaci\u00f3n. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
}
],
"metrics": {

70
CVE-2024/CVE-2024-454xx/CVE-2024-45406.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-45406",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-09T17:15:13.180",
"lastModified": "2024-09-09T18:30:12.050",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-13T15:30:45.380",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input."
},
{
"lang": "es",
"value": "Craft es un sistema de gesti\u00f3n de contenido (CMS). El XSS almacenado en Craft CMS 5 se puede activar mediante la lista de navegaci\u00f3n y los campos de t\u00edtulo con la entrada del usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -37,8 +61,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,14 +85,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.1.2",
"matchCriteriaId": "8A5B58B2-8A16-4860-AD9C-0B6D7425D4C8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/craftcms/cms/commit/b7348942f8131b3868ec6f46d615baae50151bb8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/craftcms/cms/security/advisories/GHSA-28h4-788g-rh42",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-460xx/CVE-2024-46044.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-46044",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-13T14:15:13.980",
"lastModified": "2024-09-13T14:35:04.770",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/BenJpopo/V/blob/main/Tenda/CH22/fromqossetting.md",
"source": "cve@mitre.org"
}
]
}

56
CVE-2024/CVE-2024-460xx/CVE-2024-46045.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-46045",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-13T14:15:14.103",
"lastModified": "2024-09-13T15:35:11.233",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/BenJpopo/V/blob/main/Tenda/CH22/frmL7PlotForm.md",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-460xx/CVE-2024-46046.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-46046",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-13T14:15:14.190",
"lastModified": "2024-09-13T14:15:14.190",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda FH451 v1.0.0.9 has a stack overflow vulnerability located in the RouteStatic function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/BenJpopo/V/blob/main/Tenda/FH451/RouteStatic.md",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-460xx/CVE-2024-46047.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-46047",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-13T14:15:14.280",
"lastModified": "2024-09-13T14:15:14.280",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda FH451 v1.0.0.9 has a stack overflow vulnerability in the fromDhcpListClient function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/BenJpopo/V/blob/main/Tenda/FH451/DhcpListClient.md",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-460xx/CVE-2024-46048.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-46048",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-13T14:15:14.397",
"lastModified": "2024-09-13T14:15:14.397",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i"
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/BenJpopo/V/blob/main/Tenda/FH451/formexeCommand.md",
"source": "cve@mitre.org"
}
]
}

56
CVE-2024/CVE-2024-460xx/CVE-2024-46049.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-46049",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-13T14:15:14.477",
"lastModified": "2024-09-13T14:35:06.040",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the formexeCommand function."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/BenJpopo/V/blob/main/Tenda/O6/formexeCommand.md",
"source": "cve@mitre.org"
}
]
}

8
CVE-2024/CVE-2024-466xx/CVE-2024-46673.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46673",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:11.917",
"lastModified": "2024-09-13T06:15:11.917",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: aacraid: Fix double-free on probe failure\n\naac_probe_one() calls hardware-specific init functions through the\naac_driver_ident::init pointer, all of which eventually call down to\naac_init_adapter().\n\nIf aac_init_adapter() fails after allocating memory for aac_dev::queues,\nit frees the memory but does not clear that member.\n\nAfter the hardware-specific init function returns an error,\naac_probe_one() goes down an error path that frees the memory pointed to\nby aac_dev::queues, resulting.in a double-free."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: aacraid: Fix double-free on probe failure aac_probe_one() llama a funciones init espec\u00edficas del hardware a trav\u00e9s del puntero aac_driver_ident::init, todas las cuales eventualmente invocan a aac_init_adapter(). Si aac_init_adapter() falla despu\u00e9s de asignar memoria para aac_dev::queues, libera la memoria pero no borra ese miembro. Despu\u00e9s de que la funci\u00f3n init espec\u00edfica del hardware devuelve un error, aac_probe_one() recorre una ruta de error que libera la memoria a la que apunta aac_dev::queues, lo que da como resultado una doble liberaci\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-466xx/CVE-2024-46674.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46674",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:12.017",
"lastModified": "2024-09-13T06:15:12.017",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: st: fix probed platform device ref count on probe error path\n\nThe probe function never performs any paltform device allocation, thus\nerror path \"undo_platform_dev_alloc\" is entirely bogus. It drops the\nreference count from the platform device being probed. If error path is\ntriggered, this will lead to unbalanced device reference counts and\npremature release of device resources, thus possible use-after-free when\nreleasing remaining devm-managed resources."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: dwc3: st: fix probed platform device ref count on probe error path La funci\u00f3n de sonda nunca realiza ninguna asignaci\u00f3n de dispositivo de plataforma, por lo que la ruta de error \"undo_platform_dev_alloc\" es completamente falsa. Elimina el recuento de referencia del dispositivo de plataforma que se est\u00e1 sondeando. Si se activa la ruta de error, esto provocar\u00e1 recuentos de referencia de dispositivo desequilibrados y una liberaci\u00f3n prematura de los recursos del dispositivo, por lo que es posible que se produzca un use-after-free al liberar los recursos restantes administrados por devm."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-466xx/CVE-2024-46675.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46675",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:12.117",
"lastModified": "2024-09-13T06:15:12.117",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: core: Prevent USB core invalid event buffer address access\n\nThis commit addresses an issue where the USB core could access an\ninvalid event buffer address during runtime suspend, potentially causing\nSMMU faults and other memory issues in Exynos platforms. The problem\narises from the following sequence.\n 1. In dwc3_gadget_suspend, there is a chance of a timeout when\n moving the USB core to the halt state after clearing the\n run/stop bit by software.\n 2. In dwc3_core_exit, the event buffer is cleared regardless of\n the USB core's status, which may lead to an SMMU faults and\n other memory issues. if the USB core tries to access the event\n buffer address.\n\nTo prevent this hardware quirk on Exynos platforms, this commit ensures\nthat the event buffer address is not cleared by software when the USB\ncore is active during runtime suspend by checking its status before\nclearing the buffer address."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: dwc3: core: Impedir el acceso a una direcci\u00f3n de b\u00fafer de eventos no v\u00e1lida del n\u00facleo USB Esta confirmaci\u00f3n soluciona un problema en el que el n\u00facleo USB podr\u00eda acceder a una direcci\u00f3n de b\u00fafer de eventos no v\u00e1lida durante la suspensi\u00f3n en tiempo de ejecuci\u00f3n, lo que podr\u00eda provocar fallos de SMMU y otros problemas de memoria en las plataformas Exynos. El problema surge de la siguiente secuencia. 1. En dwc3_gadget_suspend, existe la posibilidad de que se agote el tiempo de espera al mover el n\u00facleo USB al estado de detenci\u00f3n despu\u00e9s de borrar el bit de ejecuci\u00f3n/detenci\u00f3n por software. 2. En dwc3_core_exit, el b\u00fafer de eventos se borra independientemente del estado del n\u00facleo USB, lo que puede provocar fallos de SMMU y otros problemas de memoria si el n\u00facleo USB intenta acceder a la direcci\u00f3n del b\u00fafer de eventos. Para evitar esta peculiaridad del hardware en las plataformas Exynos, esta confirmaci\u00f3n garantiza que el software no borre la direcci\u00f3n del b\u00fafer de eventos cuando el n\u00facleo USB est\u00e9 activo durante la suspensi\u00f3n en tiempo de ejecuci\u00f3n comprobando su estado antes de borrar la direcci\u00f3n del b\u00fafer."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-466xx/CVE-2024-46676.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46676",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:12.223",
"lastModified": "2024-09-13T06:15:12.223",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: Add poll mod list filling check\n\nIn case of im_protocols value is 1 and tm_protocols value is 0 this\ncombination successfully passes the check\n'if (!im_protocols && !tm_protocols)' in the nfc_start_poll().\nBut then after pn533_poll_create_mod_list() call in pn533_start_poll()\npoll mod list will remain empty and dev->poll_mod_count will remain 0\nwhich lead to division by zero.\n\nNormally no im protocol has value 1 in the mask, so this combination is\nnot expected by driver. But these protocol values actually come from\nuserspace via Netlink interface (NFC_CMD_START_POLL operation). So a\nbroken or malicious program may pass a message containing a \"bad\"\ncombination of protocol parameter values so that dev->poll_mod_count\nis not incremented inside pn533_poll_create_mod_list(), thus leading\nto division by zero.\nCall trace looks like:\nnfc_genl_start_poll()\n nfc_start_poll()\n ->start_poll()\n pn533_start_poll()\n\nAdd poll mod list filling check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfc: pn533: A\u00f1adir comprobaci\u00f3n de llenado de lista de mod de sondeo En caso de que el valor de im_protocols sea 1 y el valor de tm_protocols sea 0, esta combinaci\u00f3n pasa con \u00e9xito la comprobaci\u00f3n 'if (!im_protocols && !tm_protocols)' en nfc_start_poll(). Pero luego, despu\u00e9s de la llamada a pn533_poll_create_mod_list() en pn533_start_poll(), la lista de mod de sondeo permanecer\u00e1 vac\u00eda y dev->poll_mod_count permanecer\u00e1 en 0, lo que conduce a la divisi\u00f3n por cero. Normalmente, ning\u00fan protocolo im tiene el valor 1 en la m\u00e1scara, por lo que el controlador no espera esta combinaci\u00f3n. Pero estos valores de protocolo en realidad provienen del espacio de usuario a trav\u00e9s de la interfaz Netlink (operaci\u00f3n NFC_CMD_START_POLL). Por lo tanto, un programa da\u00f1ado o malicioso puede enviar un mensaje que contenga una combinaci\u00f3n \"mala\" de valores de par\u00e1metros de protocolo, de modo que dev->poll_mod_count no se incremente dentro de pn533_poll_create_mod_list(), lo que lleva a una divisi\u00f3n por cero. El seguimiento de la llamada se ve as\u00ed: nfc_genl_start_poll() nfc_start_poll() ->start_poll() pn533_start_poll() Agregar comprobaci\u00f3n de llenado de la lista de mods de sondeo. Encontrado por Linux Verification Center (linuxtesting.org) con SVACE."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-466xx/CVE-2024-46677.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46677",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:12.360",
"lastModified": "2024-09-13T06:15:12.360",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: fix a potential NULL pointer dereference\n\nWhen sockfd_lookup() fails, gtp_encap_enable_socket() returns a\nNULL pointer, but its callers only check for error pointers thus miss\nthe NULL pointer case.\n\nFix it by returning an error pointer with the error code carried from\nsockfd_lookup().\n\n(I found this bug during code inspection.)"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gtp: se corrige una posible desreferencia de puntero NULL Cuando sockfd_lookup() falla, gtp_encap_enable_socket() devuelve un puntero NULL, pero sus invocadores solo comprueban los punteros de error, por lo que pasan por alto el caso del puntero NULL. Arr\u00e9glelo devolviendo un puntero de error con el c\u00f3digo de error que lleva sockfd_lookup(). (Encontr\u00e9 este error durante la inspecci\u00f3n del c\u00f3digo)."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-466xx/CVE-2024-46678.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46678",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:12.450",
"lastModified": "2024-09-13T06:15:12.450",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: change ipsec_lock from spin lock to mutex\n\nIn the cited commit, bond->ipsec_lock is added to protect ipsec_list,\nhence xdo_dev_state_add and xdo_dev_state_delete are called inside\nthis lock. As ipsec_lock is a spin lock and such xfrmdev ops may sleep,\n\"scheduling while atomic\" will be triggered when changing bond's\nactive slave.\n\n[ 101.055189] BUG: scheduling while atomic: bash/902/0x00000200\n[ 101.055726] Modules linked in:\n[ 101.058211] CPU: 3 PID: 902 Comm: bash Not tainted 6.9.0-rc4+ #1\n[ 101.058760] Hardware name:\n[ 101.059434] Call Trace:\n[ 101.059436] <TASK>\n[ 101.060873] dump_stack_lvl+0x51/0x60\n[ 101.061275] __schedule_bug+0x4e/0x60\n[ 101.061682] __schedule+0x612/0x7c0\n[ 101.062078] ? __mod_timer+0x25c/0x370\n[ 101.062486] schedule+0x25/0xd0\n[ 101.062845] schedule_timeout+0x77/0xf0\n[ 101.063265] ? asm_common_interrupt+0x22/0x40\n[ 101.063724] ? __bpf_trace_itimer_state+0x10/0x10\n[ 101.064215] __wait_for_common+0x87/0x190\n[ 101.064648] ? usleep_range_state+0x90/0x90\n[ 101.065091] cmd_exec+0x437/0xb20 [mlx5_core]\n[ 101.065569] mlx5_cmd_do+0x1e/0x40 [mlx5_core]\n[ 101.066051] mlx5_cmd_exec+0x18/0x30 [mlx5_core]\n[ 101.066552] mlx5_crypto_create_dek_key+0xea/0x120 [mlx5_core]\n[ 101.067163] ? bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[ 101.067738] ? kmalloc_trace+0x4d/0x350\n[ 101.068156] mlx5_ipsec_create_sa_ctx+0x33/0x100 [mlx5_core]\n[ 101.068747] mlx5e_xfrm_add_state+0x47b/0xaa0 [mlx5_core]\n[ 101.069312] bond_change_active_slave+0x392/0x900 [bonding]\n[ 101.069868] bond_option_active_slave_set+0x1c2/0x240 [bonding]\n[ 101.070454] __bond_opt_set+0xa6/0x430 [bonding]\n[ 101.070935] __bond_opt_set_notify+0x2f/0x90 [bonding]\n[ 101.071453] bond_opt_tryset_rtnl+0x72/0xb0 [bonding]\n[ 101.071965] bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[ 101.072567] kernfs_fop_write_iter+0x10c/0x1a0\n[ 101.073033] vfs_write+0x2d8/0x400\n[ 101.073416] ? alloc_fd+0x48/0x180\n[ 101.073798] ksys_write+0x5f/0xe0\n[ 101.074175] do_syscall_64+0x52/0x110\n[ 101.074576] entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nAs bond_ipsec_add_sa_all and bond_ipsec_del_sa_all are only called\nfrom bond_change_active_slave, which requires holding the RTNL lock.\nAnd bond_ipsec_add_sa and bond_ipsec_del_sa are xfrm state\nxdo_dev_state_add and xdo_dev_state_delete APIs, which are in user\ncontext. So ipsec_lock doesn't have to be spin lock, change it to\nmutex, and thus the above issue can be resolved."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bonding: cambiar ipsec_lock de spin lock a mutex en el commit citado, se agrega bond-&gt;ipsec_lock para proteger ipsec_list, por lo tanto, se llaman xdo_dev_state_add y xdo_dev_state_delete dentro de este bloqueo. Como ipsec_lock es un spin lock y tales operaciones xfrmdev pueden dormir, se activar\u00e1 \"programaci\u00f3n mientras es at\u00f3mica\" al cambiar el esclavo activo de bond. [ 101.055189] ERROR: programaci\u00f3n mientras es at\u00f3mica: bash/902/0x00000200 [ 101.055726] M\u00f3dulos vinculados en: [ 101.058211] CPU: 3 PID: 902 Comm: bash No contaminado 6.9.0-rc4+ #1 [ 101.058760] Nombre del hardware: [ 101.059434] Seguimiento de llamadas: [ 101.059436] [ 101.060873] dump_stack_lvl+0x51/0x60 [ 101.061275] __schedule_bug+0x4e/0x60 [ 101.061682] __schedule+0x612/0x7c0 [ 101.062078] ? __mod_timer+0x25c/0x370 [ 101.062486] schedule+0x25/0xd0 [ 101.062845] schedule_timeout+0x77/0xf0 [ 101.063265] ? asm_common_interrupt+0x22/0x40 [ 101.063724] ? __bpf_trace_itimer_state+0x10/0x10 [ 101.064215] __wait_for_common+0x87/0x190 [ 101.064648] ? opci\u00f3n_almacenamiento_sysfs_bonding+0x4d/0x80 [bonding] [ 101.067738] ? kmalloc_trace+0x4d/0x350 [ 101.068156] mlx5_ipsec_create_sa_ctx+0x33/0x100 [mlx5_core] [ 101.068747] mlx5e_xfrm_add_state+0x47b/0xaa0 [mlx5_core] [ 101.069312] cambio_enlace_esclavo_activo+0x392/0x900 [enlace] [ 101.069868] opci\u00f3n_enlace_esclavo_activo_conjunto+0x1c2/0x240 [enlace] [ 101.070454] __opci\u00f3n_enlace_conjunto+0xa6/0x430 [enlace] [ 101.070935] __bond_opt_set_notify+0x2f/0x90 [vinculaci\u00f3n] [ 101.071453] bond_opt_tryset_rtnl+0x72/0xb0 [vinculaci\u00f3n] [ 101.071965] bonding_sysfs_store_option+0x4d/0x80 [vinculaci\u00f3n] [ 101.072567] kernfs_fop_write_iter+0x10c/0x1a0 [ 101.073033] vfs_write+0x2d8/0x400 [ 101.073416] ? alloc_fd+0x48/0x180 [ 101.073798] ksys_write+0x5f/0xe0 [ 101.074175] do_syscall_64+0x52/0x110 [ 101.074576] entry_SYSCALL_64_after_hwframe+0x4b/0x53 Como bond_ipsec_add_sa_all y bond_ipsec_del_sa_all solo se llaman desde bond_change_active_slave, que requiere mantener el bloqueo RTNL. Y bond_ipsec_add_sa y bond_ipsec_del_sa son API xdo_dev_state_add y xdo_dev_state_delete de estado xfrm, que est\u00e1n en el contexto del usuario. Por lo tanto, ipsec_lock no tiene que ser un bloqueo de giro; c\u00e1mbielo a mutex y, por lo tanto, se puede resolver el problema anterior."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-466xx/CVE-2024-46679.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46679",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:12.530",
"lastModified": "2024-09-13T06:15:12.530",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: check device is present when getting link settings\n\nA sysfs reader can race with a device reset or removal, attempting to\nread device state when the device is not actually present. eg:\n\n [exception RIP: qed_get_current_link+17]\n #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede]\n #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3\n #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4\n #11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300\n #12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c\n #13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b\n #14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3\n #15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1\n #16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f\n #17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb\n\n crash> struct net_device.state ffff9a9d21336000\n state = 5,\n\nstate 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100).\nThe device is not present, note lack of __LINK_STATE_PRESENT (0b10).\n\nThis is the same sort of panic as observed in commit 4224cfd7fb65\n(\"net-sysfs: add check for netdevice being present to speed_show\").\n\nThere are many other callers of __ethtool_get_link_ksettings() which\ndon't have a device presence check.\n\nMove this check into ethtool to protect all callers."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ethtool: comprobar la presencia del dispositivo al obtener la configuraci\u00f3n del enlace Un lector sysfs puede competir con un reinicio o eliminaci\u00f3n del dispositivo, intentando leer el estado del dispositivo cuando este no est\u00e1 realmente presente. p. ej.: [excepci\u00f3n RIP: qed_get_current_link+17] #8 [ffffb9e4f2907c48] qede_get_link_ksettings en ffffffffc07a994a [qede] #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings en ffffffff992b01a3 #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings en ffffffff992b04e4 #11 [ffffb9e4f2907d90] duplex_show en ffffffff99260300 #12 [ffffb9e4f2907e38] dev_attr_show en ffffffff9905a01c #13 [ffffb9e4f2907e50] sysfs_kf_seq_show en ffffffff98e0145b #14 [ffffb9e4f2907e68] seq_read en ffffffff98d902e3 #15 [ffffb9e4f2907ec8] vfs_read en ffffffff98d657d1 #16 [ffffb9e4f2907f00] ksys_read en ffffffff98d65c3f #17 [ffffb9e4f2907f38] do_syscall_64 en ffffffff98a052fb bloqueo&gt; estructura net_device.state ffff9a9d21336000 estado = 5, el estado 5 es __LINK_STATE_START (0b1) y __LINK_STATE_NOCARRIER (0b100). El dispositivo no est\u00e1 presente, note la falta de __LINK_STATE_PRESENT (0b10). Este es el mismo tipo de p\u00e1nico que se observa en el commit 4224cfd7fb65 (\"net-sysfs: agregar verificaci\u00f3n de presencia de netdevice a speed_show\"). Hay muchos otros invocadores de __ethtool_get_link_ksettings() que no tienen una verificaci\u00f3n de presencia de dispositivo. Mueva esta verificaci\u00f3n a ethtool para proteger a todos los invocadores."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-466xx/CVE-2024-46680.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46680",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:12.617",
"lastModified": "2024-09-13T06:15:12.617",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix random crash seen while removing driver\n\nThis fixes the random kernel crash seen while removing the driver, when\nrunning the load/unload test over multiple iterations.\n\n1) modprobe btnxpuart\n2) hciconfig hci0 reset\n3) hciconfig (check hci0 interface up with valid BD address)\n4) modprobe -r btnxpuart\nRepeat steps 1 to 4\n\nThe ps_wakeup() call in btnxpuart_close() schedules the psdata->work(),\nwhich gets scheduled after module is removed, causing a kernel crash.\n\nThis hidden issue got highlighted after enabling Power Save by default\nin 4183a7be7700 (Bluetooth: btnxpuart: Enable Power Save feature on\nstartup)\n\nThe new ps_cleanup() deasserts UART break immediately while closing\nserdev device, cancels any scheduled ps_work and destroys the ps_lock\nmutex.\n\n[ 85.884604] Unable to handle kernel paging request at virtual address ffffd4a61638f258\n[ 85.884624] Mem abort info:\n[ 85.884625] ESR = 0x0000000086000007\n[ 85.884628] EC = 0x21: IABT (current EL), IL = 32 bits\n[ 85.884633] SET = 0, FnV = 0\n[ 85.884636] EA = 0, S1PTW = 0\n[ 85.884638] FSC = 0x07: level 3 translation fault\n[ 85.884642] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000041dd0000\n[ 85.884646] [ffffd4a61638f258] pgd=1000000095fff003, p4d=1000000095fff003, pud=100000004823d003, pmd=100000004823e003, pte=0000000000000000\n[ 85.884662] Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n[ 85.890932] Modules linked in: algif_hash algif_skcipher af_alg overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_spdif snd_soc_fsl_micfil snd_soc_fsl_sai snd_soc_fsl_utils gpio_ir_recv rc_core fuse [last unloaded: btnxpuart(O)]\n[ 85.927297] CPU: 1 PID: 67 Comm: kworker/1:3 Tainted: G O 6.1.36+g937b1be4345a #1\n[ 85.936176] Hardware name: FSL i.MX8MM EVK board (DT)\n[ 85.936182] Workqueue: events 0xffffd4a61638f380\n[ 85.936198] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 85.952817] pc : 0xffffd4a61638f258\n[ 85.952823] lr : 0xffffd4a61638f258\n[ 85.952827] sp : ffff8000084fbd70\n[ 85.952829] x29: ffff8000084fbd70 x28: 0000000000000000 x27: 0000000000000000\n[ 85.963112] x26: ffffd4a69133f000 x25: ffff4bf1c8540990 x24: ffff4bf215b87305\n[ 85.963119] x23: ffff4bf215b87300 x22: ffff4bf1c85409d0 x21: ffff4bf1c8540970\n[ 85.977382] x20: 0000000000000000 x19: ffff4bf1c8540880 x18: 0000000000000000\n[ 85.977391] x17: 0000000000000000 x16: 0000000000000133 x15: 0000ffffe2217090\n[ 85.977399] x14: 0000000000000001 x13: 0000000000000133 x12: 0000000000000139\n[ 85.977407] x11: 0000000000000001 x10: 0000000000000a60 x9 : ffff8000084fbc50\n[ 85.977417] x8 : ffff4bf215b7d000 x7 : ffff4bf215b83b40 x6 : 00000000000003e8\n[ 85.977424] x5 : 00000000410fd030 x4 : 0000000000000000 x3 : 0000000000000000\n[ 85.977432] x2 : 0000000000000000 x1 : ffff4bf1c4265880 x0 : 0000000000000000\n[ 85.977443] Call trace:\n[ 85.977446] 0xffffd4a61638f258\n[ 85.977451] 0xffffd4a61638f3e8\n[ 85.977455] process_one_work+0x1d4/0x330\n[ 85.977464] worker_thread+0x6c/0x430\n[ 85.977471] kthread+0x108/0x10c\n[ 85.977476] ret_from_fork+0x10/0x20\n[ 85.977488] Code: bad PC value\n[ 85.977491] ---[ end trace 0000000000000000 ]---\n\nPreset since v6.9.11"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: btnxpuart: corrige un bloqueo aleatorio observado al eliminar el controlador Esto corrige el bloqueo aleatorio del kernel observado al eliminar el controlador, al ejecutar la prueba de carga/descarga en m\u00faltiples iteraciones. 1) modprobe btnxpuart 2) hciconfig hci0 reset 3) hciconfig (verifique que la interfaz hci0 est\u00e9 activa con una direcci\u00f3n BD v\u00e1lida) 4) modprobe -r btnxpuart Repita los pasos 1 a 4 La llamada ps_wakeup() en btnxpuart_close() programa psdata-&gt;work(), que se programa despu\u00e9s de que se elimina el m\u00f3dulo, lo que provoca un bloqueo del kernel. Este problema oculto se destac\u00f3 despu\u00e9s de habilitar el Ahorro de energ\u00eda de forma predeterminada en 4183a7be7700 (Bluetooth: btnxpuart: Habilitar la funci\u00f3n Ahorro de energ\u00eda al inicio). El nuevo ps_cleanup() anula la interrupci\u00f3n de UART inmediatamente al cerrar el dispositivo serdev, cancela cualquier ps_work programado y destruye el mutex ps_lock. [ 85.884604] No se puede manejar la solicitud de paginaci\u00f3n del n\u00facleo en la direcci\u00f3n virtual ffffd4a61638f258 [ 85.884624] Informaci\u00f3n de aborto de memoria: [ 85.884625] ESR = 0x0000000086000007 [ 85.884628] EC = 0x21: IABT (EL actual), IL = 32 bits [ 85.884633] SET = 0, FnV = 0 [ 85.884636] EA = 0, S1PTW = 0 [ 85.884638] FSC = 0x07: error de traducci\u00f3n de nivel 3 [ 85.884642] tabla de p\u00e1ginas del intercambiador: 4k p\u00e1ginas, VA de 48 bits, pgdp=0000000041dd0000 [ 85.884646] [ffffd4a61638f258] pgd=1000000095fff003, p4d=1000000095fff003, pud=100000004823d003, pmd=100000004823e003, pte=0000000000000000 [ 85.884662] Error interno: Oops: 0000000086000007 [#1] PREEMPT SMP [ 85.890932] M\u00f3dulos vinculados en: algif_hash algif_skcipher af_alg superposici\u00f3n fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 error de seguridad de caam snd_soc_fsl_spdif snd_soc_fsl_micfil snd_soc_fsl_sai snd_soc_fsl_utils gpio_ir_recv fusible rc_core [\u00faltima descarga: btnxpuart(O)] [ 85.927297] CPU: 1 PID: 67 Comm: kworker/1:3 Contaminado: GO 6.1.36+g937b1be4345a #1 [ 85.936176] Nombre del hardware: Placa EVK FSL i.MX8MM (DT) [ 85.936182] Cola de trabajo: eventos 0xffffd4a61638f380 [ 85.936198] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 85.952817] pc : 0xffffd4a61638f258 [ 85.952823] lr : 0xffffd4a61638f258 [ 85.952827] sp : ffff8000084fbd70 [ 85.952829] x29: ffff8000084fbd70 x28: 0000000000000000 x27: 0000000000000000 [ 85.963112] x26: ffffd4a69133f000 x25: ffff4bf1c8540990 x24: ffff4bf215b87305 [ 85.963119] ffff4bf215b87300 x22: ffff4bf1c85409d0 x21: ffff4bf1c8540970 [ 85.977382] x20: 00000000000000000 x19: ffff4bf1c8540880 x18: 00000000000000 00 [ 85.977391] x17: 0000000000000000 x16: 00000000000000133 x15: 0000ffffe2217090 [ 85.977399] x14: 0000000000000001 x13: 0000000000000133 x12: 0000000000000139 [ 85.977407] x11: 000000000000001 x10: 0000000000000a60 x9: ffff8000084fbc50 [ 85.977417] x8: ffff4bf215b7d000 x7 : ffff4bf215b83b40 x6 : 00000000000003e8 [ 85.977424] x5 : 00000000410fd030 x4 : 0000000000000000 x3 : 0000000000000000 [ 85.977432] x2 : 0000000000000000 x1 : ffff4bf1c4265880 x0 : 0000000000000000 [ 85.977443] Rastreo de llamadas: [ 85.977446] 0xffffd4a61638f258 [ 85.977451] 0xffffd4a61638f3e8 [ 85.977455] process_one_work+0x1d4/0x330 [ 85.977464] worker_thread+0x6c/0x430 [ 85.977471] kthread+0x108/0x10c [ 85.977476] ret_from_fork+0x10/0x20 [ 85.977488] C\u00f3digo: valor de PC incorrecto [ 85.977491] ---[ fin de seguimiento 0000000000000000 ]--- Preestablecido desde v6.9.11"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-466xx/CVE-2024-46681.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46681",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:12.710",
"lastModified": "2024-09-13T06:15:12.710",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: use cpus_read_lock() in pg_net_init()\n\nI have seen the WARN_ON(smp_processor_id() != cpu) firing\nin pktgen_thread_worker() during tests.\n\nWe must use cpus_read_lock()/cpus_read_unlock()\naround the for_each_online_cpu(cpu) loop.\n\nWhile we are at it use WARN_ON_ONCE() to avoid a possible syslog flood."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pktgen: uso de cpus_read_lock() en pg_net_init() He visto que WARN_ON(smp_processor_id() != cpu) se activa en pktgen_thread_worker() durante las pruebas. Debemos usar cpus_read_lock()/cpus_read_unlock() alrededor del bucle for_each_online_cpu(cpu). Mientras estamos en ello, use WARN_ON_ONCE() para evitar una posible inundaci\u00f3n de syslog."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-466xx/CVE-2024-46682.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46682",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:12.793",
"lastModified": "2024-09-13T06:15:12.793",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: prevent panic for nfsv4.0 closed files in nfs4_show_open\n\nPrior to commit 3f29cc82a84c (\"nfsd: split sc_status out of\nsc_type\") states_show() relied on sc_type field to be of valid\ntype before calling into a subfunction to show content of a\nparticular stateid. From that commit, we split the validity of\nthe stateid into sc_status and no longer changed sc_type to 0\nwhile unhashing the stateid. This resulted in kernel oopsing\nfor nfsv4.0 opens that stay around and in nfs4_show_open()\nwould derefence sc_file which was NULL.\n\nInstead, for closed open stateids forgo displaying information\nthat relies of having a valid sc_file.\n\nTo reproduce: mount the server with 4.0, read and close\na file and then on the server cat /proc/fs/nfsd/clients/2/states\n\n[ 513.590804] Call trace:\n[ 513.590925] _raw_spin_lock+0xcc/0x160\n[ 513.591119] nfs4_show_open+0x78/0x2c0 [nfsd]\n[ 513.591412] states_show+0x44c/0x488 [nfsd]\n[ 513.591681] seq_read_iter+0x5d8/0x760\n[ 513.591896] seq_read+0x188/0x208\n[ 513.592075] vfs_read+0x148/0x470\n[ 513.592241] ksys_read+0xcc/0x178"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: evitar p\u00e1nico para archivos cerrados nfsv4.0 en nfs4_show_open Antes del commit 3f29cc82a84c (\"nfsd: separar sc_status de sc_type\") states_show() depend\u00eda de que el campo sc_type fuera de un tipo v\u00e1lido antes de llamar a una subfunci\u00f3n para mostrar el contenido de un stateid en particular. A partir de esa confirmaci\u00f3n, dividimos la validez del stateid en sc_status y ya no cambiamos sc_type a 0 mientras deshacemos el hash del stateid. Esto result\u00f3 en un error del kernel para las aperturas nfsv4.0 que permanecen y en nfs4_show_open() se desreferenciaba sc_file que era NULL. En cambio, para los stateids abiertos y cerrados, renunciamos a mostrar informaci\u00f3n que depende de tener un sc_file v\u00e1lido. Para reproducir: monte el servidor con 4.0, lea y cierre un archivo y luego en el servidor cat /proc/fs/nfsd/clients/2/states [ 513.590804] Rastreo de llamadas: [ 513.590925] _raw_spin_lock+0xcc/0x160 [ 513.591119] nfs4_show_open+0x78/0x2c0 [nfsd] [ 513.591412] states_show+0x44c/0x488 [nfsd] [ 513.591681] seq_read_iter+0x5d8/0x760 [ 513.591896] seq_read+0x188/0x208 [ 513.592075] vfs_read+0x148/0x470 [513.592241] ksys_read+0xcc/0x178"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-466xx/CVE-2024-46683.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46683",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:12.993",
"lastModified": "2024-09-13T06:15:12.993",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: prevent UAF around preempt fence\n\nThe fence lock is part of the queue, therefore in the current design\nanything locking the fence should then also hold a ref to the queue to\nprevent the queue from being freed.\n\nHowever, currently it looks like we signal the fence and then drop the\nqueue ref, but if something is waiting on the fence, the waiter is\nkicked to wake up at some later point, where upon waking up it first\ngrabs the lock before checking the fence state. But if we have already\ndropped the queue ref, then the lock might already be freed as part of\nthe queue, leading to uaf.\n\nTo prevent this, move the fence lock into the fence itself so we don't\nrun into lifetime issues. Alternative might be to have device level\nlock, or only release the queue in the fence release callback, however\nthat might require pushing to another worker to avoid locking issues.\n\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2454\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2342\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2020\n(cherry picked from commit 7116c35aacedc38be6d15bd21b2fc936eed0008b)"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe: evitar UAF alrededor de la cerca de preempci\u00f3n El bloqueo de la cerca es parte de la cola, por lo tanto, en el dise\u00f1o actual, cualquier cosa que bloquee la cerca tambi\u00e9n debe contener una referencia a la cola para evitar que la cola se libere. Sin embargo, actualmente parece que le enviamos una se\u00f1al a la cerca y luego descartamos la referencia de la cola, pero si algo est\u00e1 esperando en la cerca, el que espera es expulsado para que se despierte en alg\u00fan momento posterior, donde al despertarse primero toma el bloqueo antes de verificar el estado de la cerca. Pero si ya descartamos la referencia de la cola, entonces el bloqueo ya podr\u00eda estar liberado como parte de la cola, lo que lleva a uaf. Para evitar esto, mueva el bloqueo de la cerca a la cerca misma para que no nos encontremos con problemas de duraci\u00f3n de vida. La alternativa podr\u00eda ser tener un bloqueo a nivel de dispositivo, o solo liberar la cola en la devoluci\u00f3n de llamada de liberaci\u00f3n de la cerca, sin embargo, eso podr\u00eda requerir enviar a otro trabajador para evitar problemas de bloqueo. Referencias: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2454 Referencias: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2342 Referencias: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2020 (seleccionada del commit 7116c35aacedc38be6d15bd21b2fc936eed0008b)"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-466xx/CVE-2024-46684.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46684",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:13.103",
"lastModified": "2024-09-13T06:15:13.103",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined\n\ncreate_elf_fdpic_tables() does not correctly account the space for the\nAUX vector when an architecture has ELF_HWCAP2 defined. Prior to the\ncommit 10e29251be0e (\"binfmt_elf_fdpic: fix /proc/<pid>/auxv\") it\nresulted in the last entry of the AUX vector being set to zero, but with\nthat change it results in a kernel BUG.\n\nFix that by adding one to the number of AUXV entries (nitems) when\nELF_HWCAP2 is defined."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: binfmt_elf_fdpic: se corrige el c\u00e1lculo del tama\u00f1o de AUXV cuando se define ELF_HWCAP2 create_elf_fdpic_tables() no tiene en cuenta correctamente el espacio para el vector AUX cuando una arquitectura tiene definido ELF_HWCAP2. Antes del commit 10e29251be0e (\"binfmt_elf_fdpic: fix /proc//auxv\"), esto provocaba que la \u00faltima entrada del vector AUX se estableciera en cero, pero con ese cambio se produce un ERROR del kernel. Corrija esto a\u00f1adiendo uno al n\u00famero de entradas AUXV (nitems) cuando se define ELF_HWCAP2."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-466xx/CVE-2024-46685.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46685",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:13.200",
"lastModified": "2024-09-13T06:15:13.200",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: single: fix potential NULL dereference in pcs_get_function()\n\npinmux_generic_get_function() can return NULL and the pointer 'function'\nwas dereferenced without checking against NULL. Add checking of pointer\n'function' in pcs_get_function().\n\nFound by code review."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pinctrl: single: se corrige una posible desreferenciaci\u00f3n de NULL en pcs_get_function(). pinmux_generic_get_function() puede devolver NULL y el puntero 'funci\u00f3n' se desreferenciaba sin comprobar si era NULL. Se ha a\u00f1adido la comprobaci\u00f3n del puntero 'funci\u00f3n' en pcs_get_function(). Se ha encontrado mediante una revisi\u00f3n de c\u00f3digo."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-466xx/CVE-2024-46686.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46686",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:13.280",
"lastModified": "2024-09-13T06:15:13.280",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()\n\nThis happens when called from SMB2_read() while using rdma\nand reaching the rdma_readwrite_threshold."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb/client: evitar desreferenciar rdata=NULL en smb2_new_read_req() Esto sucede cuando se llama desde SMB2_read() mientras se usa rdma y se alcanza rdma_readwrite_threshold."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-466xx/CVE-2024-46687.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46687",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:13.377",
"lastModified": "2024-09-13T06:15:13.377",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()\n\n[BUG]\nThere is an internal report that KASAN is reporting use-after-free, with\nthe following backtrace:\n\n BUG: KASAN: slab-use-after-free in btrfs_check_read_bio+0xa68/0xb70 [btrfs]\n Read of size 4 at addr ffff8881117cec28 by task kworker/u16:2/45\n CPU: 1 UID: 0 PID: 45 Comm: kworker/u16:2 Not tainted 6.11.0-rc2-next-20240805-default+ #76\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n Workqueue: btrfs-endio btrfs_end_bio_work [btrfs]\n Call Trace:\n dump_stack_lvl+0x61/0x80\n print_address_description.constprop.0+0x5e/0x2f0\n print_report+0x118/0x216\n kasan_report+0x11d/0x1f0\n btrfs_check_read_bio+0xa68/0xb70 [btrfs]\n process_one_work+0xce0/0x12a0\n worker_thread+0x717/0x1250\n kthread+0x2e3/0x3c0\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x11/0x20\n\n Allocated by task 20917:\n kasan_save_stack+0x37/0x60\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x7d/0x80\n kmem_cache_alloc_noprof+0x16e/0x3e0\n mempool_alloc_noprof+0x12e/0x310\n bio_alloc_bioset+0x3f0/0x7a0\n btrfs_bio_alloc+0x2e/0x50 [btrfs]\n submit_extent_page+0x4d1/0xdb0 [btrfs]\n btrfs_do_readpage+0x8b4/0x12a0 [btrfs]\n btrfs_readahead+0x29a/0x430 [btrfs]\n read_pages+0x1a7/0xc60\n page_cache_ra_unbounded+0x2ad/0x560\n filemap_get_pages+0x629/0xa20\n filemap_read+0x335/0xbf0\n vfs_read+0x790/0xcb0\n ksys_read+0xfd/0x1d0\n do_syscall_64+0x6d/0x140\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n Freed by task 20917:\n kasan_save_stack+0x37/0x60\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x50\n __kasan_slab_free+0x4b/0x60\n kmem_cache_free+0x214/0x5d0\n bio_free+0xed/0x180\n end_bbio_data_read+0x1cc/0x580 [btrfs]\n btrfs_submit_chunk+0x98d/0x1880 [btrfs]\n btrfs_submit_bio+0x33/0x70 [btrfs]\n submit_one_bio+0xd4/0x130 [btrfs]\n submit_extent_page+0x3ea/0xdb0 [btrfs]\n btrfs_do_readpage+0x8b4/0x12a0 [btrfs]\n btrfs_readahead+0x29a/0x430 [btrfs]\n read_pages+0x1a7/0xc60\n page_cache_ra_unbounded+0x2ad/0x560\n filemap_get_pages+0x629/0xa20\n filemap_read+0x335/0xbf0\n vfs_read+0x790/0xcb0\n ksys_read+0xfd/0x1d0\n do_syscall_64+0x6d/0x140\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[CAUSE]\nAlthough I cannot reproduce the error, the report itself is good enough\nto pin down the cause.\n\nThe call trace is the regular endio workqueue context, but the\nfree-by-task trace is showing that during btrfs_submit_chunk() we\nalready hit a critical error, and is calling btrfs_bio_end_io() to error\nout. And the original endio function called bio_put() to free the whole\nbio.\n\nThis means a double freeing thus causing use-after-free, e.g.:\n\n1. Enter btrfs_submit_bio() with a read bio\n The read bio length is 128K, crossing two 64K stripes.\n\n2. The first run of btrfs_submit_chunk()\n\n2.1 Call btrfs_map_block(), which returns 64K\n2.2 Call btrfs_split_bio()\n Now there are two bios, one referring to the first 64K, the other\n referring to the second 64K.\n2.3 The first half is submitted.\n\n3. The second run of btrfs_submit_chunk()\n\n3.1 Call btrfs_map_block(), which by somehow failed\n Now we call btrfs_bio_end_io() to handle the error\n\n3.2 btrfs_bio_end_io() calls the original endio function\n Which is end_bbio_data_read(), and it calls bio_put() for the\n original bio.\n\n Now the original bio is freed.\n\n4. The submitted first 64K bio finished\n Now we call into btrfs_check_read_bio() and tries to advance the bio\n iter.\n But since the original bio (thus its iter) is already freed, we\n trigger the above use-after free.\n\n And even if the memory is not poisoned/corrupted, we will later call\n the original endio function, causing a double freeing.\n\n[FIX]\nInstead of calling btrfs_bio_end_io(), call btrfs_orig_bbio_end_io(),\nwhich has the extra check on split bios and do the pr\n---truncated---"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: se corrige un Use After Free al encontrar errores dentro de btrfs_submit_chunk() [BUG] Hay un informe interno de que KASAN informa un Use After Free, con el siguiente backtrace: BUG: KASAN: slab-use-after-free en btrfs_check_read_bio+0xa68/0xb70 [btrfs] Lectura de tama\u00f1o 4 en la direcci\u00f3n ffff8881117cec28 por la tarea kworker/u16:2/45 CPU: 1 UID: 0 PID: 45 Comm: kworker/u16:2 No contaminado 6.11.0-rc2-next-20240805-default+ #76 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 01/04/2014 Cola de trabajo: btrfs-endio btrfs_end_bio_work [btrfs] Seguimiento de llamadas: dump_stack_lvl+0x61/0x80 print_address_description.constprop.0+0x5e/0x2f0 print_report+0x118/0x216 kasan_report+0x11d/0x1f0 btrfs_check_read_bio+0xa68/0xb70 [btrfs] process_one_work+0xce0/0x12a0 worker_thread+0x717/0x1250 kthread+0x2e3/0x3c0 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x11/0x20 Asignado por la tarea 20917: kasan_save_stack+0x37/0x60 kasan_save_track+0x10/0x30 __kasan_slab_alloc+0x7d/0x80 kmem_cache_alloc_noprof+0x16e/0x3e0 mempool_alloc_noprof+0x12e/0x310 bio_alloc_bioset+0x3f0/0x7a0 btrfs_bio_alloc+0x2e/0x50 [btrfs] enviar_extensi\u00f3n_p\u00e1gina+0x4d1/0xdb0 [btrfs] btrfs_do_readpage+0x8b4/0x12a0 [btrfs] btrfs_readahead+0x29a/0x430 [btrfs] lectura_p\u00e1ginas+0x1a7/0xc60 cach\u00e9_p\u00e1gina_sin_l\u00edmites+0x2ad/0x560 mapa_archivo_obtener_p\u00e1ginas+0x629/0xa20 mapa_archivo_leer+0x335/0xbf0 lectura_vfs+0x790/0xcb0 lectura_ksys+0xfd/0x1d0 llamada_al_sistema_64+0x6d/0x140 entrada_SYSCALL_64_despu\u00e9s_hwframe+0x4b/0x53 Liberado por la tarea 20917: pila_guardado_kasan+0x37/0x60 pista_guardado_kasan+0x10/0x30 informaci\u00f3n_libre_guardado_kasan+0x37/0x50 __kasan_slab_free+0x4b/0x60 kmem_cache_free+0x214/0x5d0 bio_free+0xed/0x180 end_bbio_data_read+0x1cc/0x580 [btrfs] btrfs_submit_chunk+0x98d/0x1880 [btrfs_submit_bio+0x33/0x7 0 [btrfs] submit_one_bio+0xd4/0x130 [btrfs] submit_extent_page+0x3ea/0xdb0 [btrfs] btrfs_do_readpage+0x8b4/0x12a0 [btrfs] btrfs_readahead+0x29a/0x430 [btrfs] read_pages+0x1a7/0xc60 page_cache_ra_unbounded+0x2ad/0x560 filemap_get_pages+0x629/0xa20 filemap_read+0x335/0xbf0 vfs_read+0x790/0xcb0 ksys_read+0xfd/0x1d0 do_syscall_64+0x6d/0x140 entry_SYSCALL_64_after_hwframe+0x4b/0x53 [CAUSA] Aunque no puedo reproducir el error, el informe en s\u00ed es lo suficientemente bueno como para determinar la causa. El seguimiento de llamadas es el contexto de la cola de trabajo de endio normal, pero el seguimiento de liberaci\u00f3n por tarea muestra que durante btrfs_submit_chunk() ya encontramos un error cr\u00edtico y est\u00e1 llamando a btrfs_bio_end_io() para que se solucione el error. Y la funci\u00f3n endio original llam\u00f3 a bio_put() para liberar todo el bio. Esto significa una doble liberaci\u00f3n, lo que provoca un Use After Free, por ejemplo: 1. Ingrese a btrfs_submit_bio() con una biograf\u00eda le\u00edda La longitud de la biograf\u00eda le\u00edda es de 128K, cruzando dos franjas de 64K. 2. La primera ejecuci\u00f3n de btrfs_submit_chunk() 2.1 Llame a btrfs_map_block(), que devuelve 64K 2.2 Llame a btrfs_split_bio() Ahora hay dos biograf\u00edas, una que hace referencia a los primeros 64K, la otra que hace referencia a los segundos 64K. 2.3 Se env\u00eda la primera mitad. 3. La segunda ejecuci\u00f3n de btrfs_submit_chunk() 3.1 Llamar a btrfs_map_block(), que de alguna manera fall\u00f3 Ahora llamamos a btrfs_bio_end_io() para manejar el error 3.2 btrfs_bio_end_io() llama a la funci\u00f3n endio original que es end_bbio_data_read(), y llama a bio_put() para el bio original. Ahora el bio original est\u00e1 liberado. 4. El primer bio de 64K enviado termin\u00f3 Ahora llamamos a btrfs_check_read_bio() e intentamos avanzar el iter del bio. Pero como el bio original (y por lo tanto su iter) ya est\u00e1 liberado, activamos el use-after free anterior. E incluso si la memoria no est\u00e1 envenenada/corrompida, luego llamaremos a la funci\u00f3n endio original, causando una doble liberaci\u00f3n. [SOLUCI\u00d3N] En lugar de llamar a btrfs_bio_end_io(), --truncada---"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-466xx/CVE-2024-46688.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46688",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:13.547",
"lastModified": "2024-09-13T06:15:13.547",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix out-of-bound access when z_erofs_gbuf_growsize() partially fails\n\nIf z_erofs_gbuf_growsize() partially fails on a global buffer due to\nmemory allocation failure or fault injection (as reported by syzbot [1]),\nnew pages need to be freed by comparing to the existing pages to avoid\nmemory leaks.\n\nHowever, the old gbuf->pages[] array may not be large enough, which can\nlead to null-ptr-deref or out-of-bound access.\n\nFix this by checking against gbuf->nrpages in advance.\n\n[1] https://lore.kernel.org/r/000000000000f7b96e062018c6e3@google.com"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: erofs: se corrige el acceso fuera de los l\u00edmites cuando z_erofs_gbuf_growsize() falla parcialmente Si z_erofs_gbuf_growsize() falla parcialmente en un b\u00fafer global debido a un error en la asignaci\u00f3n de memoria o inyecci\u00f3n de fallas (como lo inform\u00f3 syzbot [1]), se deben liberar nuevas p\u00e1ginas compar\u00e1ndolas con las p\u00e1ginas existentes para evitar fugas de memoria. Sin embargo, la matriz gbuf-&gt;pages[] anterior puede no ser lo suficientemente grande, lo que puede provocar un acceso fuera de los l\u00edmites o una desreferencia de ptr nula. Corrija esto verificando con gbuf-&gt;nrpages de antemano. [1] https://lore.kernel.org/r/000000000000f7b96e062018c6e3@google.com"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-466xx/CVE-2024-46689.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46689",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:13.653",
"lastModified": "2024-09-13T06:15:13.653",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: cmd-db: Map shared memory as WC, not WB\n\nLinux does not write into cmd-db region. This region of memory is write\nprotected by XPU. XPU may sometime falsely detect clean cache eviction\nas \"write\" into the write protected region leading to secure interrupt\nwhich causes an endless loop somewhere in Trust Zone.\n\nThe only reason it is working right now is because Qualcomm Hypervisor\nmaps the same region as Non-Cacheable memory in Stage 2 translation\ntables. The issue manifests if we want to use another hypervisor (like\nXen or KVM), which does not know anything about those specific mappings.\n\nChanging the mapping of cmd-db memory from MEMREMAP_WB to MEMREMAP_WT/WC\nremoves dependency on correct mappings in Stage 2 tables. This patch\nfixes the issue by updating the mapping to MEMREMAP_WC.\n\nI tested this on SA8155P with Xen."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: soc: qcom: cmd-db: Asignar memoria compartida como WC, no como WB Linux no escribe en la regi\u00f3n cmd-db. Esta regi\u00f3n de memoria est\u00e1 protegida contra escritura por XPU. En ocasiones, XPU puede detectar err\u00f3neamente la expulsi\u00f3n de cach\u00e9 limpia como \"escritura\" en la regi\u00f3n protegida contra escritura, lo que genera una interrupci\u00f3n segura que provoca un bucle sin fin en alg\u00fan lugar de la Zona de confianza. La \u00fanica raz\u00f3n por la que funciona en este momento es porque Qualcomm Hypervisor asigna la misma regi\u00f3n que la memoria no almacenable en cach\u00e9 en las tablas de traducci\u00f3n de la Etapa 2. El problema se manifiesta si queremos usar otro hipervisor (como Xen o KVM), que no sabe nada sobre esas asignaciones espec\u00edficas. Cambiar la asignaci\u00f3n de memoria cmd-db de MEMREMAP_WB a MEMREMAP_WT/WC elimina la dependencia de las asignaciones correctas en las tablas de la Etapa 2. Este parche corrige el problema actualizando la asignaci\u00f3n a MEMREMAP_WC. Prob\u00e9 esto en SA8155P con Xen."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-466xx/CVE-2024-46690.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46690",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:13.753",
"lastModified": "2024-09-13T06:15:13.753",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease\n\nIt is not safe to dereference fl->c.flc_owner without first confirming\nfl->fl_lmops is the expected manager. nfsd4_deleg_getattr_conflict()\ntests fl_lmops but largely ignores the result and assumes that flc_owner\nis an nfs4_delegation anyway. This is wrong.\n\nWith this patch we restore the \"!= &nfsd_lease_mng_ops\" case to behave\nas it did before the change mentioned below. This is the same as the\ncurrent code, but without any reference to a possible delegation."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: corregir nfsd4_deleg_getattr_conflict en presencia de una concesi\u00f3n de terceros No es seguro desreferenciar fl-&gt;c.flc_owner sin confirmar primero que fl-&gt;fl_lmops es el administrador esperado. nfsd4_deleg_getattr_conflict() prueba fl_lmops pero ignora en gran medida el resultado y asume que flc_owner es una nfs4_delegation de todos modos. Esto es incorrecto. Con este parche restauramos el caso \"!= &amp;nfsd_lease_mng_ops\" para que se comporte como lo hac\u00eda antes del cambio mencionado a continuaci\u00f3n. Esto es lo mismo que el c\u00f3digo actual, pero sin ninguna referencia a una posible delegaci\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-466xx/CVE-2024-46691.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46691",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:13.960",
"lastModified": "2024-09-13T06:15:13.960",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Move unregister out of atomic section\n\nCommit '9329933699b3 (\"soc: qcom: pmic_glink: Make client-lock\nnon-sleeping\")' moved the pmic_glink client list under a spinlock, as it\nis accessed by the rpmsg/glink callback, which in turn is invoked from\nIRQ context.\n\nThis means that ucsi_unregister() is now called from atomic context,\nwhich isn't feasible as it's expecting a sleepable context. An effort is\nunder way to get GLINK to invoke its callbacks in a sleepable context,\nbut until then lets schedule the unregistration.\n\nA side effect of this is that ucsi_unregister() can now happen\nafter the remote processor, and thereby the communication link with it, is\ngone. pmic_glink_send() is amended with a check to avoid the resulting NULL\npointer dereference.\nThis does however result in the user being informed about this error by\nthe following entry in the kernel log:\n\n ucsi_glink.pmic_glink_ucsi pmic_glink.ucsi.0: failed to send UCSI write request: -5"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: typec: ucsi: Move unregister out of atomic section El Commit '9329933699b3 (\"soc: qcom: pmic_glink: Make client-lock non-sleeping\")' movi\u00f3 la lista de clientes pmic_glink bajo un spinlock, ya que es accedida por la devoluci\u00f3n de llamada rpmsg/glink, que a su vez se invoca desde el contexto IRQ. Esto significa que ucsi_unregister() ahora se llama desde el contexto at\u00f3mico, lo que no es factible ya que espera un contexto durmiente. Se est\u00e1 realizando un esfuerzo para lograr que GLINK invoque sus devoluciones de llamada en un contexto durmiente, pero hasta entonces, programemos la anulaci\u00f3n del registro. Un efecto secundario de esto es que ucsi_unregister() ahora puede suceder despu\u00e9s de que el procesador remoto, y por lo tanto el enlace de comunicaci\u00f3n con \u00e9l, se haya ido. pmic_glink_send() se modifica con una verificaci\u00f3n para evitar la desreferencia de puntero NULL resultante. Sin embargo, esto hace que el usuario sea informado sobre este error mediante la siguiente entrada en el registro del n\u00facleo: ucsi_glink.pmic_glink_ucsi pmic_glink.ucsi.0: no se pudo enviar la solicitud de escritura UCSI: -5"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-466xx/CVE-2024-46692.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46692",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:14.047",
"lastModified": "2024-09-13T06:15:14.047",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: scm: Mark get_wq_ctx() as atomic call\n\nCurrently get_wq_ctx() is wrongly configured as a standard call. When two\nSMC calls are in sleep and one SMC wakes up, it calls get_wq_ctx() to\nresume the corresponding sleeping thread. But if get_wq_ctx() is\ninterrupted, goes to sleep and another SMC call is waiting to be allocated\na waitq context, it leads to a deadlock.\n\nTo avoid this get_wq_ctx() must be an atomic call and can't be a standard\nSMC call. Hence mark get_wq_ctx() as a fast call."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware: qcom: scm: Marcar get_wq_ctx() como llamada at\u00f3mica Actualmente get_wq_ctx() est\u00e1 configurado incorrectamente como una llamada est\u00e1ndar. Cuando dos llamadas SMC est\u00e1n en suspensi\u00f3n y una SMC se despierta, llama a get_wq_ctx() para reanudar el hilo dormido correspondiente. Pero si get_wq_ctx() se interrumpe, se pone en suspensi\u00f3n y otra llamada SMC est\u00e1 esperando a que se le asigne un contexto waitq, conduce a un bloqueo. Para evitar esto, get_wq_ctx() debe ser una llamada at\u00f3mica y no puede ser una llamada SMC est\u00e1ndar. Por lo tanto, marque get_wq_ctx() como una llamada r\u00e1pida."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-466xx/CVE-2024-46693.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46693",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:14.140",
"lastModified": "2024-09-13T06:15:14.140",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pmic_glink: Fix race during initialization\n\nAs pointed out by Stephen Boyd it is possible that during initialization\nof the pmic_glink child drivers, the protection-domain notifiers fires,\nand the associated work is scheduled, before the client registration\nreturns and as a result the local \"client\" pointer has been initialized.\n\nThe outcome of this is a NULL pointer dereference as the \"client\"\npointer is blindly dereferenced.\n\nTimeline provided by Stephen:\n CPU0 CPU1\n ---- ----\n ucsi->client = NULL;\n devm_pmic_glink_register_client()\n client->pdr_notify(client->priv, pg->client_state)\n pmic_glink_ucsi_pdr_notify()\n schedule_work(&ucsi->register_work)\n <schedule away>\n pmic_glink_ucsi_register()\n ucsi_register()\n pmic_glink_ucsi_read_version()\n pmic_glink_ucsi_read()\n pmic_glink_ucsi_read()\n pmic_glink_send(ucsi->client)\n <client is NULL BAD>\n ucsi->client = client // Too late!\n\nThis code is identical across the altmode, battery manager and usci\nchild drivers.\n\nResolve this by splitting the allocation of the \"client\" object and the\nregistration thereof into two operations.\n\nThis only happens if the protection domain registry is populated at the\ntime of registration, which by the introduction of commit '1ebcde047c54\n(\"soc: qcom: add pd-mapper implementation\")' became much more likely."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: soc: qcom: pmic_glink: Correcci\u00f3n de la ejecuci\u00f3n durante la inicializaci\u00f3n Como se\u00f1al\u00f3 Stephen Boyd, es posible que durante la inicializaci\u00f3n de los controladores secundarios pmic_glink, se activen los notificadores del dominio de protecci\u00f3n y se programe el trabajo asociado, antes de que vuelva el registro del cliente y, como resultado, se haya inicializado el puntero \"cliente\" local. El resultado de esto es una desreferencia de puntero NULL ya que el puntero \"cliente\" se desreferencia ciegamente. Cronolog\u00eda proporcionada por Stephen: CPU0 CPU1 ---- ---- ucsi-&gt;client = NULL; devm_pmic_glink_register_client() client-&gt;pdr_notify(client-&gt;priv, pg-&gt;client_state) pmic_glink_ucsi_pdr_notify() schedule_work(&amp;ucsi-&gt;register_work) pmic_glink_ucsi_register() ucsi_register() pmic_glink_ucsi_read_version() pmic_glink_ucsi_read() pmic_glink_ucsi_read() pmic_glink_send(ucsi-&gt;client) ucsi-&gt;client = client // \u00a1Demasiado tarde! Este c\u00f3digo es id\u00e9ntico en los controladores secundarios altmode, battery manager y usci. Resuelva esto dividiendo la asignaci\u00f3n del objeto \"cliente\" y su registro en dos operaciones. Esto solo sucede si el registro del dominio de protecci\u00f3n se completa al momento del registro, lo que se volvi\u00f3 mucho m\u00e1s probable con la introducci\u00f3n del commit '1ebcde047c54 (\"soc: qcom: add pd-mapper implementation\")."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-466xx/CVE-2024-46694.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46694",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:14.240",
"lastModified": "2024-09-13T06:15:14.240",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: avoid using null object of framebuffer\n\nInstead of using state->fb->obj[0] directly, get object from framebuffer\nby calling drm_gem_fb_get_obj() and return error code when object is\nnull to avoid using null object of framebuffer.\n\n(cherry picked from commit 73dd0ad9e5dad53766ea3e631303430116f834b3)"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: evitar usar un objeto nulo de framebuffer En lugar de usar state-&gt;fb-&gt;obj[0] directamente, obtener el objeto de framebuffer llamando a drm_gem_fb_get_obj() y devolver un c\u00f3digo de error cuando el objeto es nulo para evitar usar un objeto nulo de framebuffer. (seleccionado del commit 73dd0ad9e5dad53766ea3e631303430116f834b3)"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-466xx/CVE-2024-46695.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46695",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:14.320",
"lastModified": "2024-09-13T06:15:14.320",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux,smack: don't bypass permissions check in inode_setsecctx hook\n\nMarek Gresko reports that the root user on an NFS client is able to\nchange the security labels on files on an NFS filesystem that is\nexported with root squashing enabled.\n\nThe end of the kerneldoc comment for __vfs_setxattr_noperm() states:\n\n * This function requires the caller to lock the inode's i_mutex before it\n * is executed. It also assumes that the caller will make the appropriate\n * permission checks.\n\nnfsd_setattr() does do permissions checking via fh_verify() and\nnfsd_permission(), but those don't do all the same permissions checks\nthat are done by security_inode_setxattr() and its related LSM hooks do.\n\nSince nfsd_setattr() is the only consumer of security_inode_setsecctx(),\nsimplest solution appears to be to replace the call to\n__vfs_setxattr_noperm() with a call to __vfs_setxattr_locked(). This\nfixes the above issue and has the added benefit of causing nfsd to\nrecall conflicting delegations on a file when a client tries to change\nits security label."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: selinux,smack: no omitir la comprobaci\u00f3n de permisos en el gancho inode_setsecctx Marek Gresko informa que el usuario root en un cliente NFS puede cambiar las etiquetas de seguridad en los archivos de un sistema de archivos NFS que se exporta con el squashing de root habilitado. El final del comentario de kerneldoc para __vfs_setxattr_noperm() indica: * Esta funci\u00f3n requiere que el llamador bloquee el i_mutex del inodo antes de * que se ejecute. Tambi\u00e9n supone que el llamador realizar\u00e1 las comprobaciones de permisos * apropiadas. nfsd_setattr() realiza comprobaciones de permisos a trav\u00e9s de fh_verify() y nfsd_permission(), pero estos no realizan todas las mismas comprobaciones de permisos que realizan security_inode_setxattr() y sus ganchos LSM relacionados. Dado que nfsd_setattr() es el \u00fanico consumidor de security_inode_setsecctx(), la soluci\u00f3n m\u00e1s sencilla parece ser reemplazar la llamada a __vfs_setxattr_noperm() con una llamada a __vfs_setxattr_locked(). Esto soluciona el problema anterior y tiene el beneficio adicional de hacer que nfsd recupere las delegaciones conflictivas en un archivo cuando un cliente intenta cambiar su etiqueta de seguridad."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-466xx/CVE-2024-46696.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46696",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:14.423",
"lastModified": "2024-09-13T06:15:14.423",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix potential UAF in nfsd4_cb_getattr_release\n\nOnce we drop the delegation reference, the fields embedded in it are no\nlonger safe to access. Do that last."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: se corrige un posible UAF en nfsd4_cb_getattr_release Una vez que eliminamos la referencia de delegaci\u00f3n, ya no es seguro acceder a los campos integrados en ella. Hagan esto al final."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-466xx/CVE-2024-46697.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46697",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:14.500",
"lastModified": "2024-09-13T06:15:14.500",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: ensure that nfsd4_fattr_args.context is zeroed out\n\nIf nfsd4_encode_fattr4 ends up doing a \"goto out\" before we get to\nchecking for the security label, then args.context will be set to\nuninitialized junk on the stack, which we'll then try to free.\nInitialize it early."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: aseg\u00farese de que nfsd4_fattr_args.context est\u00e9 en cero. Si nfsd4_encode_fattr4 termina haciendo un \"goto out\" antes de que podamos comprobar la etiqueta de seguridad, entonces args.context se establecer\u00e1 en basura no inicializada en la pila, que luego intentaremos liberar. Inicial\u00edcelo antes."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-466xx/CVE-2024-46698.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46698",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:14.563",
"lastModified": "2024-09-13T06:15:14.563",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo/aperture: optionally match the device in sysfb_disable()\n\nIn aperture_remove_conflicting_pci_devices(), we currently only\ncall sysfb_disable() on vga class devices. This leads to the\nfollowing problem when the pimary device is not VGA compatible:\n\n1. A PCI device with a non-VGA class is the boot display\n2. That device is probed first and it is not a VGA device so\n sysfb_disable() is not called, but the device resources\n are freed by aperture_detach_platform_device()\n3. Non-primary GPU has a VGA class and it ends up calling sysfb_disable()\n4. NULL pointer dereference via sysfb_disable() since the resources\n have already been freed by aperture_detach_platform_device() when\n it was called by the other device.\n\nFix this by passing a device pointer to sysfb_disable() and checking\nthe device to determine if we should execute it or not.\n\nv2: Fix build when CONFIG_SCREEN_INFO is not set\nv3: Move device check into the mutex\n Drop primary variable in aperture_remove_conflicting_pci_devices()\n Drop __init on pci sysfb_pci_dev_is_enabled()"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: video/aperture: opcionalmente hacer coincidir el dispositivo en sysfb_disable() En aperture_remove_conflicting_pci_devices(), actualmente solo llamamos a sysfb_disable() en dispositivos de clase vga. Esto lleva al siguiente problema cuando el dispositivo principal no es compatible con VGA: 1. Un dispositivo PCI con una clase que no es VGA es la pantalla de arranque 2. Ese dispositivo se sondea primero y no es un dispositivo VGA, por lo que no se llama a sysfb_disable(), pero los recursos del dispositivo se liberan mediante aperture_detach_platform_device() 3. La GPU no principal tiene una clase VGA y termina llamando a sysfb_disable() 4. Desreferencia de puntero NULL a trav\u00e9s de sysfb_disable() ya que los recursos ya se han liberado mediante aperture_detach_platform_device() cuando fue llamado por el otro dispositivo. Solucione esto pasando un puntero de dispositivo a sysfb_disable() y verificando el dispositivo para determinar si debemos ejecutarlo o no. v2: Arreglar la compilaci\u00f3n cuando CONFIG_SCREEN_INFO no est\u00e1 configurado v3: Mover la verificaci\u00f3n del dispositivo al mutex Eliminar la variable principal en aperture_remove_conflicting_pci_devices() Eliminar __init en pci sysfb_pci_dev_is_enabled()"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-466xx/CVE-2024-46699.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46699",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:14.643",
"lastModified": "2024-09-13T06:15:14.643",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Disable preemption while updating GPU stats\n\nWe forgot to disable preemption around the write_seqcount_begin/end() pair\nwhile updating GPU stats:\n\n [ ] WARNING: CPU: 2 PID: 12 at include/linux/seqlock.h:221 __seqprop_assert.isra.0+0x128/0x150 [v3d]\n [ ] Workqueue: v3d_bin drm_sched_run_job_work [gpu_sched]\n <...snip...>\n [ ] Call trace:\n [ ] __seqprop_assert.isra.0+0x128/0x150 [v3d]\n [ ] v3d_job_start_stats.isra.0+0x90/0x218 [v3d]\n [ ] v3d_bin_job_run+0x23c/0x388 [v3d]\n [ ] drm_sched_run_job_work+0x520/0x6d0 [gpu_sched]\n [ ] process_one_work+0x62c/0xb48\n [ ] worker_thread+0x468/0x5b0\n [ ] kthread+0x1c4/0x1e0\n [ ] ret_from_fork+0x10/0x20\n\nFix it."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/v3d: Deshabilitar la preempci\u00f3n mientras se actualizan las estad\u00edsticas de la GPU Olvidamos deshabilitar la preempci\u00f3n alrededor del par write_seqcount_begin/end() mientras se actualizan las estad\u00edsticas de la GPU: [ ] ADVERTENCIA: CPU: 2 PID: 12 en include/linux/seqlock.h:221 __seqprop_assert.isra.0+0x128/0x150 [v3d] [ ] Cola de trabajo: v3d_bin drm_sched_run_job_work [gpu_sched] &lt;...snip...&gt; [ ] Rastreo de llamadas: [ ] __seqprop_assert.isra.0+0x128/0x150 [v3d] [ ] v3d_job_start_stats.isra.0+0x90/0x218 [v3d] [ ] Arr\u00e9glalo."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-467xx/CVE-2024-46700.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46700",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T06:15:14.720",
"lastModified": "2024-09-13T06:15:14.720",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/mes: fix mes ring buffer overflow\n\nwait memory room until enough before writing mes packets\nto avoid ring buffer overflow.\n\nv2: squash in sched_hw_submission fix\n\n(cherry picked from commit 34e087e8920e635c62e2ed6a758b0cd27f836d13)"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu/mes: se corrige el desbordamiento del b\u00fafer de anillo de mes; esperar a que haya suficiente espacio en la memoria antes de escribir paquetes mes para evitar el desbordamiento del b\u00fafer de anillo. v2: se corrige el squash en sched_hw_submission (seleccionado del commit 34e087e8920e635c62e2ed6a758b0cd27f836d13)"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-467xx/CVE-2024-46701.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46701",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T07:15:05.127",
"lastModified": "2024-09-13T07:15:05.127",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibfs: fix infinite directory reads for offset dir\n\nAfter we switch tmpfs dir operations from simple_dir_operations to\nsimple_offset_dir_operations, every rename happened will fill new dentry\nto dest dir's maple tree(&SHMEM_I(inode)->dir_offsets->mt) with a free\nkey starting with octx->newx_offset, and then set newx_offset equals to\nfree key + 1. This will lead to infinite readdir combine with rename\nhappened at the same time, which fail generic/736 in xfstests(detail show\nas below).\n\n1. create 5000 files(1 2 3...) under one dir\n2. call readdir(man 3 readdir) once, and get one entry\n3. rename(entry, \"TEMPFILE\"), then rename(\"TEMPFILE\", entry)\n4. loop 2~3, until readdir return nothing or we loop too many\n times(tmpfs break test with the second condition)\n\nWe choose the same logic what commit 9b378f6ad48cf (\"btrfs: fix infinite\ndirectory reads\") to fix it, record the last_index when we open dir, and\ndo not emit the entry which index >= last_index. The file->private_data\nnow used in offset dir can use directly to do this, and we also update\nthe last_index when we llseek the dir file.\n\n[brauner: only update last_index after seek when offset is zero like Jan suggested]"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: libfs: arregla lecturas de directorio infinitas para el directorio offset Despu\u00e9s de cambiar las operaciones de directorio tmpfs de simple_dir_operations a simple_offset_dir_operations, cada cambio de nombre que se produzca llenar\u00e1 new dentry en el \u00e1rbol de maple del directorio de destino (&amp;SHMEM_I(inode)-&gt;dir_offsets-&gt;mt) con una clave libre que comienza con octx-&gt;newx_offset, y luego establece newx_offset igual a la clave libre + 1. Esto provocar\u00e1 una combinaci\u00f3n de lectura de directorio infinita con el cambio de nombre ocurrido al mismo tiempo, lo que falla generic/736 en xfstests (los detalles se muestran a continuaci\u00f3n). 1. crear 5000 archivos (1 2 3...) bajo un directorio 2. llamar a readdir(man 3 readdir) una vez, y obtener una entrada 3. renombrar(entrada, \"TEMPFILE\"), luego renombrar(\"TEMPFILE\", entrada) 4. repetir 2~3 veces, hasta que readdir no devuelva nada o repetimos demasiadas veces (tmpfs interrumpe la prueba con la segunda condici\u00f3n) Elegimos la misma l\u00f3gica que el commit 9b378f6ad48cf (\"btrfs: arregla lecturas infinitas de directorio\") para arreglarlo, registrar el last_index cuando abrimos el directorio, y no emitir la entrada cuyo \u00edndice &gt;= last_index. El file-&gt;private_data que ahora se usa en el directorio de desplazamiento se puede usar directamente para hacer esto, y tambi\u00e9n actualizamos el last_index cuando buscamos el archivo dir. [brauner: solo actualizamos last_index despu\u00e9s de la b\u00fasqueda cuando el desplazamiento es cero como sugiri\u00f3 Jan]"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-467xx/CVE-2024-46702.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46702",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T07:15:05.217",
"lastModified": "2024-09-13T07:15:05.217",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Mark XDomain as unplugged when router is removed\n\nI noticed that when we do discrete host router NVM upgrade and it gets\nhot-removed from the PCIe side as a result of NVM firmware authentication,\nif there is another host connected with enabled paths we hang in tearing\nthem down. This is due to fact that the Thunderbolt networking driver\nalso tries to cleanup the paths and ends up blocking in\ntb_disconnect_xdomain_paths() waiting for the domain lock.\n\nHowever, at this point we already cleaned the paths in tb_stop() so\nthere is really no need for tb_disconnect_xdomain_paths() to do that\nanymore. Furthermore it already checks if the XDomain is unplugged and\nbails out early so take advantage of that and mark the XDomain as\nunplugged when we remove the parent router."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: thunderbolt: marcar XDomain como desconectado cuando se quita el enrutador Not\u00e9 que cuando hacemos una actualizaci\u00f3n NVM del enrutador de host discreto y se elimina en caliente del lado PCIe como resultado de la autenticaci\u00f3n del firmware NVM, si hay otro host conectado con rutas habilitadas, nos quedamos sin desmantelarlos. Esto se debe al hecho de que el controlador de red Thunderbolt tambi\u00e9n intenta limpiar las rutas y termina bloqueando en tb_disconnect_xdomain_paths() esperando el bloqueo del dominio. Sin embargo, en este punto ya limpiamos las rutas en tb_stop(), por lo que realmente no hay necesidad de que tb_disconnect_xdomain_paths() haga eso m\u00e1s. Adem\u00e1s, ya verifica si el XDomain est\u00e1 desconectado y se retira temprano, as\u00ed que aproveche eso y marque el XDomain como desconectado cuando eliminemos el enrutador principal."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-467xx/CVE-2024-46703.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46703",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T07:15:05.317",
"lastModified": "2024-09-13T07:15:05.317",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"serial: 8250_omap: Set the console genpd always on if no console suspend\"\n\nThis reverts commit 68e6939ea9ec3d6579eadeab16060339cdeaf940.\n\nKevin reported that this causes a crash during suspend on platforms that\ndont use PM domains."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Revertir \"serial: 8250_omap: Establecer la consola genpd siempre activada si no hay suspensi\u00f3n de consola\". Esto revierte el commit 68e6939ea9ec3d6579eadeab16060339cdeaf940. Kevin inform\u00f3 que esto provoca un bloqueo durante la suspensi\u00f3n en plataformas que no usan dominios de PM."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-467xx/CVE-2024-46704.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46704",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T07:15:05.397",
"lastModified": "2024-09-13T07:15:05.397",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nworkqueue: Fix spruious data race in __flush_work()\n\nWhen flushing a work item for cancellation, __flush_work() knows that it\nexclusively owns the work item through its PENDING bit. 134874e2eee9\n(\"workqueue: Allow cancel_work_sync() and disable_work() from atomic\ncontexts on BH work items\") added a read of @work->data to determine whether\nto use busy wait for BH work items that are being canceled. While the read\nis safe when @from_cancel, @work->data was read before testing @from_cancel\nto simplify code structure:\n\n\tdata = *work_data_bits(work);\n\tif (from_cancel &&\n\t !WARN_ON_ONCE(data & WORK_STRUCT_PWQ) && (data & WORK_OFFQ_BH)) {\n\nWhile the read data was never used if !@from_cancel, this could trigger\nKCSAN data race detection spuriously:\n\n ==================================================================\n BUG: KCSAN: data-race in __flush_work / __flush_work\n\n write to 0xffff8881223aa3e8 of 8 bytes by task 3998 on cpu 0:\n instrument_write include/linux/instrumented.h:41 [inline]\n ___set_bit include/asm-generic/bitops/instrumented-non-atomic.h:28 [inline]\n insert_wq_barrier kernel/workqueue.c:3790 [inline]\n start_flush_work kernel/workqueue.c:4142 [inline]\n __flush_work+0x30b/0x570 kernel/workqueue.c:4178\n flush_work kernel/workqueue.c:4229 [inline]\n ...\n\n read to 0xffff8881223aa3e8 of 8 bytes by task 50 on cpu 1:\n __flush_work+0x42a/0x570 kernel/workqueue.c:4188\n flush_work kernel/workqueue.c:4229 [inline]\n flush_delayed_work+0x66/0x70 kernel/workqueue.c:4251\n ...\n\n value changed: 0x0000000000400000 -> 0xffff88810006c00d\n\nReorganize the code so that @from_cancel is tested before @work->data is\naccessed. The only problem is triggering KCSAN detection spuriously. This\nshouldn't need READ_ONCE() or other access qualifiers.\n\nNo functional changes."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: workqueue: Fix spruious data race in __flush_work() Al vaciar un elemento de trabajo para su cancelaci\u00f3n, __flush_work() sabe que posee exclusivamente el elemento de trabajo a trav\u00e9s de su bit PENDING. 134874e2eee9 (\"workqueue: Allow cancel_work_sync() and disable_work() from atomic contexts on BH work items\") agreg\u00f3 una lectura de @work-&gt;data para determinar si se debe usar la espera activa para los elementos de trabajo de BH que se est\u00e1n cancelando. Si bien la lectura es segura cuando @from_cancel, @work-&gt;data se ley\u00f3 antes de probar @from_cancel para simplificar la estructura del c\u00f3digo: data = *work_data_bits(work); if (from_cancel &amp;&amp; !WARN_ON_ONCE(data &amp; WORK_STRUCT_PWQ) &amp;&amp; (data &amp; WORK_OFFQ_BH)) { Si bien los datos le\u00eddos nunca se usaron si !@from_cancel, esto podr\u00eda activar la detecci\u00f3n de ejecuci\u00f3n de datos de KCSAN de manera espuria: ====================================================================== ERROR: KCSAN: carrera de datos en __flush_work / __flush_work escribe en 0xffff8881223aa3e8 de 8 bytes por la tarea 3998 en la CPU 0: instrument_write include/linux/instrumented.h:41 [en l\u00ednea] ___set_bit include/asm-generic/bitops/instrumented-non-atomic.h:28 [en l\u00ednea] insert_wq_barrier kernel/workqueue.c:3790 [en l\u00ednea] start_flush_work kernel/workqueue.c:4142 [en l\u00ednea] __flush_work+0x30b/0x570 kernel/workqueue.c:4178 flush_work kernel/workqueue.c:4229 [en l\u00ednea] ... le\u00eddo hasta 0xffff8881223aa3e8 de 8 bytes por la tarea 50 en la CPU 1: __flush_work+0x42a/0x570 kernel/workqueue.c:4188 flush_work kernel/workqueue.c:4229 [en l\u00ednea] flush_delayed_work+0x66/0x70 kernel/workqueue.c:4251 ... valor cambiado: 0x0000000000400000 -&gt; 0xffff88810006c00d Reorganice el c\u00f3digo para que @from_cancel se pruebe antes de acceder a @work-&gt;data. El \u00fanico problema es que se activa la detecci\u00f3n de KCSAN de manera espuria. Esto no deber\u00eda necesitar READ_ONCE() ni otros calificadores de acceso. No hay cambios funcionales."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-467xx/CVE-2024-46705.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46705",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T07:15:05.477",
"lastModified": "2024-09-13T07:15:05.477",
"vulnStatus": "Received",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: reset mmio mappings with devm\n\nSet our various mmio mappings to NULL. This should make it easier to\ncatch something rogue trying to mess with mmio after device removal. For\nexample, we might unmap everything and then start hitting some mmio\naddress which has already been unmamped by us and then remapped by\nsomething else, causing all kinds of carnage."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe: restablecer asignaciones mmio con devm Establezca nuestras diversas asignaciones mmio en NULL. Esto deber\u00eda facilitar la detecci\u00f3n de algo malicioso que intente alterar mmio despu\u00e9s de la eliminaci\u00f3n del dispositivo. Por ejemplo, podr\u00edamos desasignar todo y luego comenzar a acceder a alguna direcci\u00f3n mmio que ya haya sido desasignada por nosotros y luego reasignada por otra cosa, lo que causar\u00eda todo tipo de desastres."
}
],
"metrics": {},

Some files were not shown because too many files have changed in this diff Show More