From e4f66fd6e728f5c4d6d311f8940a22ce3e3a674b Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 21 Oct 2024 22:03:30 +0000 Subject: [PATCH] Auto-Update: 2024-10-21T22:00:29.106281+00:00 --- CVE-2019/CVE-2019-251xx/CVE-2019-25154.json | 69 ++- CVE-2022/CVE-2022-489xx/CVE-2022-48946.json | 53 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48947.json | 49 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48948.json | 53 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48949.json | 49 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48950.json | 29 + CVE-2022/CVE-2022-489xx/CVE-2022-48951.json | 49 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48952.json | 33 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48953.json | 33 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48954.json | 29 + CVE-2022/CVE-2022-489xx/CVE-2022-48955.json | 29 + CVE-2022/CVE-2022-489xx/CVE-2022-48956.json | 45 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48957.json | 29 + CVE-2022/CVE-2022-489xx/CVE-2022-48958.json | 49 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48959.json | 33 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48960.json | 49 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48961.json | 29 + CVE-2022/CVE-2022-489xx/CVE-2022-48962.json | 49 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48963.json | 25 + CVE-2022/CVE-2022-489xx/CVE-2022-48964.json | 25 + CVE-2022/CVE-2022-489xx/CVE-2022-48965.json | 29 + CVE-2022/CVE-2022-489xx/CVE-2022-48966.json | 49 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48967.json | 49 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48968.json | 29 + CVE-2022/CVE-2022-489xx/CVE-2022-48969.json | 41 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48970.json | 37 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48971.json | 41 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48972.json | 49 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48973.json | 49 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48974.json | 25 + CVE-2022/CVE-2022-489xx/CVE-2022-48975.json | 29 + CVE-2022/CVE-2022-489xx/CVE-2022-48976.json | 25 + CVE-2022/CVE-2022-489xx/CVE-2022-48977.json | 37 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48978.json | 49 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48979.json | 25 + CVE-2022/CVE-2022-489xx/CVE-2022-48980.json | 29 + CVE-2022/CVE-2022-489xx/CVE-2022-48981.json | 37 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48982.json | 33 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48983.json | 29 + CVE-2022/CVE-2022-489xx/CVE-2022-48984.json | 25 + CVE-2022/CVE-2022-489xx/CVE-2022-48985.json | 29 + CVE-2022/CVE-2022-489xx/CVE-2022-48986.json | 37 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48987.json | 49 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48988.json | 45 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48989.json | 25 + CVE-2022/CVE-2022-489xx/CVE-2022-48990.json | 25 + CVE-2022/CVE-2022-489xx/CVE-2022-48991.json | 49 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48992.json | 49 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48993.json | 41 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48994.json | 49 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48995.json | 33 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48996.json | 25 + CVE-2022/CVE-2022-489xx/CVE-2022-48997.json | 37 ++ CVE-2022/CVE-2022-489xx/CVE-2022-48998.json | 25 + CVE-2022/CVE-2022-489xx/CVE-2022-48999.json | 37 ++ CVE-2022/CVE-2022-490xx/CVE-2022-49000.json | 33 ++ CVE-2022/CVE-2022-490xx/CVE-2022-49001.json | 29 + CVE-2022/CVE-2022-490xx/CVE-2022-49002.json | 49 ++ CVE-2022/CVE-2022-490xx/CVE-2022-49003.json | 29 + CVE-2022/CVE-2022-490xx/CVE-2022-49004.json | 29 + CVE-2022/CVE-2022-490xx/CVE-2022-49005.json | 49 ++ CVE-2022/CVE-2022-490xx/CVE-2022-49006.json | 37 ++ CVE-2022/CVE-2022-490xx/CVE-2022-49007.json | 49 ++ CVE-2022/CVE-2022-490xx/CVE-2022-49008.json | 25 + CVE-2022/CVE-2022-490xx/CVE-2022-49009.json | 25 + CVE-2022/CVE-2022-490xx/CVE-2022-49010.json | 49 ++ CVE-2022/CVE-2022-490xx/CVE-2022-49011.json | 49 ++ CVE-2022/CVE-2022-490xx/CVE-2022-49012.json | 25 + CVE-2022/CVE-2022-490xx/CVE-2022-49013.json | 37 ++ CVE-2022/CVE-2022-490xx/CVE-2022-49014.json | 41 ++ CVE-2022/CVE-2022-490xx/CVE-2022-49015.json | 49 ++ CVE-2022/CVE-2022-490xx/CVE-2022-49016.json | 29 + CVE-2022/CVE-2022-490xx/CVE-2022-49017.json | 33 ++ CVE-2022/CVE-2022-490xx/CVE-2022-49018.json | 25 + CVE-2022/CVE-2022-490xx/CVE-2022-49019.json | 37 ++ CVE-2022/CVE-2022-490xx/CVE-2022-49020.json | 49 ++ CVE-2022/CVE-2022-490xx/CVE-2022-49021.json | 49 ++ CVE-2022/CVE-2022-490xx/CVE-2022-49022.json | 33 ++ CVE-2022/CVE-2022-490xx/CVE-2022-49023.json | 37 ++ CVE-2022/CVE-2022-490xx/CVE-2022-49024.json | 29 + CVE-2022/CVE-2022-490xx/CVE-2022-49025.json | 37 ++ CVE-2022/CVE-2022-490xx/CVE-2022-49026.json | 33 ++ CVE-2022/CVE-2022-490xx/CVE-2022-49027.json | 33 ++ CVE-2022/CVE-2022-490xx/CVE-2022-49028.json | 33 ++ CVE-2022/CVE-2022-490xx/CVE-2022-49029.json | 49 ++ CVE-2022/CVE-2022-490xx/CVE-2022-49030.json | 33 ++ CVE-2022/CVE-2022-490xx/CVE-2022-49031.json | 49 ++ CVE-2022/CVE-2022-490xx/CVE-2022-49032.json | 49 ++ CVE-2022/CVE-2022-490xx/CVE-2022-49033.json | 49 ++ CVE-2023/CVE-2023-265xx/CVE-2023-26562.json | 403 ++++++++++++- CVE-2023/CVE-2023-359xx/CVE-2023-35991.json | 24 +- CVE-2023/CVE-2023-423xx/CVE-2023-42374.json | 67 ++- CVE-2023/CVE-2023-44xx/CVE-2023-4408.json | 194 ++++++- CVE-2023/CVE-2023-524xx/CVE-2023-52431.json | 62 +- CVE-2024/CVE-2024-100xx/CVE-2024-10057.json | 60 +- CVE-2024/CVE-2024-100xx/CVE-2024-10099.json | 49 +- CVE-2024/CVE-2024-101xx/CVE-2024-10161.json | 67 ++- CVE-2024/CVE-2024-101xx/CVE-2024-10162.json | 67 ++- CVE-2024/CVE-2024-101xx/CVE-2024-10165.json | 66 ++- CVE-2024/CVE-2024-101xx/CVE-2024-10166.json | 62 +- CVE-2024/CVE-2024-101xx/CVE-2024-10167.json | 62 +- CVE-2024/CVE-2024-101xx/CVE-2024-10170.json | 66 ++- CVE-2024/CVE-2024-101xx/CVE-2024-10171.json | 67 ++- CVE-2024/CVE-2024-14xx/CVE-2024-1485.json | 90 ++- CVE-2024/CVE-2024-248xx/CVE-2024-24814.json | 96 +++- CVE-2024/CVE-2024-251xx/CVE-2024-25125.json | 64 ++- CVE-2024/CVE-2024-257xx/CVE-2024-25718.json | 82 ++- CVE-2024/CVE-2024-301xx/CVE-2024-30157.json | 21 + CVE-2024/CVE-2024-301xx/CVE-2024-30158.json | 21 + CVE-2024/CVE-2024-301xx/CVE-2024-30159.json | 21 + CVE-2024/CVE-2024-301xx/CVE-2024-30160.json | 21 + CVE-2024/CVE-2024-310xx/CVE-2024-31007.json | 68 +++ CVE-2024/CVE-2024-338xx/CVE-2024-33898.json | 4 +- CVE-2024/CVE-2024-352xx/CVE-2024-35285.json | 21 + CVE-2024/CVE-2024-352xx/CVE-2024-35286.json | 21 + CVE-2024/CVE-2024-352xx/CVE-2024-35287.json | 21 + CVE-2024/CVE-2024-353xx/CVE-2024-35314.json | 21 + CVE-2024/CVE-2024-353xx/CVE-2024-35315.json | 21 + CVE-2024/CVE-2024-400xx/CVE-2024-40083.json | 25 + CVE-2024/CVE-2024-400xx/CVE-2024-40084.json | 25 + CVE-2024/CVE-2024-400xx/CVE-2024-40085.json | 25 + CVE-2024/CVE-2024-400xx/CVE-2024-40086.json | 25 + CVE-2024/CVE-2024-400xx/CVE-2024-40087.json | 25 + CVE-2024/CVE-2024-400xx/CVE-2024-40088.json | 25 + CVE-2024/CVE-2024-400xx/CVE-2024-40089.json | 25 + CVE-2024/CVE-2024-400xx/CVE-2024-40090.json | 25 + CVE-2024/CVE-2024-400xx/CVE-2024-40091.json | 25 + CVE-2024/CVE-2024-417xx/CVE-2024-41712.json | 21 + CVE-2024/CVE-2024-417xx/CVE-2024-41713.json | 21 + CVE-2024/CVE-2024-417xx/CVE-2024-41714.json | 21 + CVE-2024/CVE-2024-434xx/CVE-2024-43456.json | 95 ++- CVE-2024/CVE-2024-434xx/CVE-2024-43488.json | 61 +- CVE-2024/CVE-2024-435xx/CVE-2024-43504.json | 84 ++- CVE-2024/CVE-2024-436xx/CVE-2024-43612.json | 62 +- CVE-2024/CVE-2024-436xx/CVE-2024-43614.json | 62 +- CVE-2024/CVE-2024-436xx/CVE-2024-43615.json | 94 ++- CVE-2024/CVE-2024-436xx/CVE-2024-43616.json | 54 +- CVE-2024/CVE-2024-462xx/CVE-2024-46238.json | 39 +- CVE-2024/CVE-2024-462xx/CVE-2024-46239.json | 39 +- CVE-2024/CVE-2024-463xx/CVE-2024-46326.json | 29 + CVE-2024/CVE-2024-471xx/CVE-2024-47189.json | 21 + CVE-2024/CVE-2024-472xx/CVE-2024-47223.json | 21 + CVE-2024/CVE-2024-472xx/CVE-2024-47224.json | 21 + CVE-2024/CVE-2024-477xx/CVE-2024-47793.json | 80 ++- CVE-2024/CVE-2024-479xx/CVE-2024-47912.json | 21 + CVE-2024/CVE-2024-485xx/CVE-2024-48509.json | 56 ++ CVE-2024/CVE-2024-485xx/CVE-2024-48597.json | 56 ++ CVE-2024/CVE-2024-486xx/CVE-2024-48645.json | 64 +++ CVE-2024/CVE-2024-486xx/CVE-2024-48659.json | 21 + CVE-2024/CVE-2024-500xx/CVE-2024-50019.json | 37 ++ CVE-2024/CVE-2024-500xx/CVE-2024-50020.json | 25 + CVE-2024/CVE-2024-500xx/CVE-2024-50021.json | 25 + CVE-2024/CVE-2024-500xx/CVE-2024-50022.json | 33 ++ CVE-2024/CVE-2024-500xx/CVE-2024-50023.json | 29 + CVE-2024/CVE-2024-500xx/CVE-2024-50024.json | 41 ++ CVE-2024/CVE-2024-500xx/CVE-2024-50025.json | 25 + CVE-2024/CVE-2024-500xx/CVE-2024-50026.json | 33 ++ CVE-2024/CVE-2024-500xx/CVE-2024-50027.json | 25 + CVE-2024/CVE-2024-500xx/CVE-2024-50028.json | 25 + CVE-2024/CVE-2024-500xx/CVE-2024-50029.json | 29 + CVE-2024/CVE-2024-500xx/CVE-2024-50030.json | 25 + CVE-2024/CVE-2024-500xx/CVE-2024-50031.json | 37 ++ CVE-2024/CVE-2024-500xx/CVE-2024-50032.json | 29 + CVE-2024/CVE-2024-500xx/CVE-2024-50033.json | 41 ++ CVE-2024/CVE-2024-500xx/CVE-2024-50034.json | 25 + CVE-2024/CVE-2024-500xx/CVE-2024-50035.json | 41 ++ CVE-2024/CVE-2024-500xx/CVE-2024-50036.json | 29 + CVE-2024/CVE-2024-500xx/CVE-2024-50037.json | 25 + CVE-2024/CVE-2024-500xx/CVE-2024-50038.json | 37 ++ CVE-2024/CVE-2024-500xx/CVE-2024-50039.json | 41 ++ CVE-2024/CVE-2024-500xx/CVE-2024-50040.json | 41 ++ CVE-2024/CVE-2024-500xx/CVE-2024-50041.json | 37 ++ CVE-2024/CVE-2024-500xx/CVE-2024-50042.json | 25 + CVE-2024/CVE-2024-500xx/CVE-2024-50043.json | 25 + CVE-2024/CVE-2024-500xx/CVE-2024-50044.json | 41 ++ CVE-2024/CVE-2024-500xx/CVE-2024-50045.json | 41 ++ CVE-2024/CVE-2024-500xx/CVE-2024-50046.json | 41 ++ CVE-2024/CVE-2024-500xx/CVE-2024-50047.json | 29 + CVE-2024/CVE-2024-500xx/CVE-2024-50048.json | 33 ++ CVE-2024/CVE-2024-500xx/CVE-2024-50049.json | 41 ++ CVE-2024/CVE-2024-500xx/CVE-2024-50055.json | 29 + CVE-2024/CVE-2024-500xx/CVE-2024-50056.json | 25 + CVE-2024/CVE-2024-500xx/CVE-2024-50057.json | 29 + CVE-2024/CVE-2024-500xx/CVE-2024-50058.json | 29 + CVE-2024/CVE-2024-500xx/CVE-2024-50059.json | 41 ++ CVE-2024/CVE-2024-500xx/CVE-2024-50060.json | 33 ++ CVE-2024/CVE-2024-500xx/CVE-2024-50061.json | 29 + CVE-2024/CVE-2024-500xx/CVE-2024-50062.json | 37 ++ CVE-2024/CVE-2024-500xx/CVE-2024-50063.json | 29 + CVE-2024/CVE-2024-500xx/CVE-2024-50064.json | 29 + CVE-2024/CVE-2024-500xx/CVE-2024-50065.json | 29 + CVE-2024/CVE-2024-86xx/CVE-2024-8625.json | 27 +- README.md | 110 ++-- _state.csv | 607 +++++++++++++------- 194 files changed, 8204 insertions(+), 436 deletions(-) create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48946.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48947.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48948.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48949.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48950.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48951.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48952.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48953.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48954.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48955.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48956.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48957.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48958.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48959.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48960.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48961.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48962.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48963.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48964.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48965.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48966.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48967.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48968.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48969.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48970.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48971.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48972.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48973.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48974.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48975.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48976.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48977.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48978.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48979.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48980.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48981.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48982.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48983.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48984.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48985.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48986.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48987.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48988.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48989.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48990.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48991.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48992.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48993.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48994.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48995.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48996.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48997.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48998.json create mode 100644 CVE-2022/CVE-2022-489xx/CVE-2022-48999.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49000.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49001.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49002.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49003.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49004.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49005.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49006.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49007.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49008.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49009.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49010.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49011.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49012.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49013.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49014.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49015.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49016.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49017.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49018.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49019.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49020.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49021.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49022.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49023.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49024.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49025.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49026.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49027.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49028.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49029.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49030.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49031.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49032.json create mode 100644 CVE-2022/CVE-2022-490xx/CVE-2022-49033.json create mode 100644 CVE-2024/CVE-2024-301xx/CVE-2024-30157.json create mode 100644 CVE-2024/CVE-2024-301xx/CVE-2024-30158.json create mode 100644 CVE-2024/CVE-2024-301xx/CVE-2024-30159.json create mode 100644 CVE-2024/CVE-2024-301xx/CVE-2024-30160.json create mode 100644 CVE-2024/CVE-2024-310xx/CVE-2024-31007.json create mode 100644 CVE-2024/CVE-2024-352xx/CVE-2024-35285.json create mode 100644 CVE-2024/CVE-2024-352xx/CVE-2024-35286.json create mode 100644 CVE-2024/CVE-2024-352xx/CVE-2024-35287.json create mode 100644 CVE-2024/CVE-2024-353xx/CVE-2024-35314.json create mode 100644 CVE-2024/CVE-2024-353xx/CVE-2024-35315.json create mode 100644 CVE-2024/CVE-2024-400xx/CVE-2024-40083.json create mode 100644 CVE-2024/CVE-2024-400xx/CVE-2024-40084.json create mode 100644 CVE-2024/CVE-2024-400xx/CVE-2024-40085.json create mode 100644 CVE-2024/CVE-2024-400xx/CVE-2024-40086.json create mode 100644 CVE-2024/CVE-2024-400xx/CVE-2024-40087.json create mode 100644 CVE-2024/CVE-2024-400xx/CVE-2024-40088.json create mode 100644 CVE-2024/CVE-2024-400xx/CVE-2024-40089.json create mode 100644 CVE-2024/CVE-2024-400xx/CVE-2024-40090.json create mode 100644 CVE-2024/CVE-2024-400xx/CVE-2024-40091.json create mode 100644 CVE-2024/CVE-2024-417xx/CVE-2024-41712.json create mode 100644 CVE-2024/CVE-2024-417xx/CVE-2024-41713.json create mode 100644 CVE-2024/CVE-2024-417xx/CVE-2024-41714.json create mode 100644 CVE-2024/CVE-2024-463xx/CVE-2024-46326.json create mode 100644 CVE-2024/CVE-2024-471xx/CVE-2024-47189.json create mode 100644 CVE-2024/CVE-2024-472xx/CVE-2024-47223.json create mode 100644 CVE-2024/CVE-2024-472xx/CVE-2024-47224.json create mode 100644 CVE-2024/CVE-2024-479xx/CVE-2024-47912.json create mode 100644 CVE-2024/CVE-2024-485xx/CVE-2024-48509.json create mode 100644 CVE-2024/CVE-2024-485xx/CVE-2024-48597.json create mode 100644 CVE-2024/CVE-2024-486xx/CVE-2024-48645.json create mode 100644 CVE-2024/CVE-2024-486xx/CVE-2024-48659.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50019.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50020.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50021.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50022.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50023.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50024.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50025.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50026.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50027.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50028.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50029.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50030.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50031.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50032.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50033.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50034.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50035.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50036.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50037.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50038.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50039.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50040.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50041.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50042.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50043.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50044.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50045.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50046.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50047.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50048.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50049.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50055.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50056.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50057.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50058.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50059.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50060.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50061.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50062.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50063.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50064.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50065.json diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25154.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25154.json index 3af11bf128c..9e724fefa1a 100644 --- a/CVE-2019/CVE-2019-251xx/CVE-2019-25154.json +++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25154.json @@ -2,8 +2,8 @@ "id": "CVE-2019-25154", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-07-16T23:15:10.407", - "lastModified": "2024-07-17T13:34:20.520", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-21T21:16:21.877", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,15 +15,74 @@ "value": "La implementaci\u00f3n inadecuada en iframe en Google Chrome anterior a 77.0.3865.75 permit\u00eda a un atacante remoto realizar potencialmente un escape de la sandbox a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chromium: media)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "77.0.3865.75", + "matchCriteriaId": "35E0B140-F006-4C6D-86AB-D822C9827E15" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://issues.chromium.org/issues/40094752", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48946.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48946.json new file mode 100644 index 00000000000..0f5f800df36 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48946.json @@ -0,0 +1,53 @@ +{ + "id": "CVE-2022-48946", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:06.020", + "lastModified": "2024-10-21T20:15:06.020", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix preallocation discarding at indirect extent boundary\n\nWhen preallocation extent is the first one in the extent block, the\ncode would corrupt extent tree header instead. Fix the problem and use\nudf_delete_aext() for deleting extent to avoid some code duplication." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/12a88f572d6d94b5c0b72e2d1782cc2e96ac06cf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1a075f4a549481ce6e8518d8379f193ccec6b746", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4d835efd561dfb9bf5409f11f4ecd428d5d29226", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/63dbbd8f1499b0a161e701a04aa50148d60bd1f7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/72f651c96c8aadf087fd782d551bf7db648a8c2e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7665857f88557c372da35534165721156756f77f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ae56d9a017724f130cf1a263dd82a78d2a6e3852", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c8b6fa4511a7900db9fb0353b630d4d2ed1ba99c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cfe4c1b25dd6d2f056afc00b7c98bcb3dd0b1fc3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48947.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48947.json new file mode 100644 index 00000000000..d85eef2592b --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48947.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-48947", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:06.150", + "lastModified": "2024-10-21T20:15:06.150", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix u8 overflow\n\nBy keep sending L2CAP_CONF_REQ packets, chan->num_conf_rsp increases\nmultiple times and eventually it will wrap around the maximum number\n(i.e., 255).\nThis patch prevents this by adding a boundary check with\nL2CAP_MAX_CONF_RSP\n\nBtmon log:\nBluetooth monitor ver 5.64\n= Note: Linux version 6.1.0-rc2 (x86_64) 0.264594\n= Note: Bluetooth subsystem version 2.22 0.264636\n@ MGMT Open: btmon (privileged) version 1.22 {0x0001} 0.272191\n= New Index: 00:00:00:00:00:00 (Primary,Virtual,hci0) [hci0] 13.877604\n@ RAW Open: 9496 (privileged) version 2.22 {0x0002} 13.890741\n= Open Index: 00:00:00:00:00:00 [hci0] 13.900426\n(...)\n> ACL Data RX: Handle 200 flags 0x00 dlen 1033 #32 [hci0] 14.273106\n invalid packet size (12 != 1033)\n 08 00 01 00 02 01 04 00 01 10 ff ff ............\n> ACL Data RX: Handle 200 flags 0x00 dlen 1547 #33 [hci0] 14.273561\n invalid packet size (14 != 1547)\n 0a 00 01 00 04 01 06 00 40 00 00 00 00 00 ........@.....\n> ACL Data RX: Handle 200 flags 0x00 dlen 2061 #34 [hci0] 14.274390\n invalid packet size (16 != 2061)\n 0c 00 01 00 04 01 08 00 40 00 00 00 00 00 00 04 ........@.......\n> ACL Data RX: Handle 200 flags 0x00 dlen 2061 #35 [hci0] 14.274932\n invalid packet size (16 != 2061)\n 0c 00 01 00 04 01 08 00 40 00 00 00 07 00 03 00 ........@.......\n= bluetoothd: Bluetooth daemon 5.43 14.401828\n> ACL Data RX: Handle 200 flags 0x00 dlen 1033 #36 [hci0] 14.275753\n invalid packet size (12 != 1033)\n 08 00 01 00 04 01 04 00 40 00 00 00 ........@..." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/19a78143961a197de8502f4f29c453b913dc3c29", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/49d5867819ab7c744852b45509e8469839c07e0e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5550bbf709c323194881737fd290c4bada9e6ead", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/95f1847a361c7b4bf7d74c06ecb6968455082c1a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9fdc79b571434af7bc742da40a3405f038b637a7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ad528fde0702903208d0a79d88d5a42ae3fc235b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bcd70260ef56e0aee8a4fc6cd214a419900b0765", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f3fe6817156a2ad4b06f01afab04638a34d7c9a6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48948.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48948.json new file mode 100644 index 00000000000..059ab0a9b72 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48948.json @@ -0,0 +1,53 @@ +{ + "id": "CVE-2022-48948", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:06.230", + "lastModified": "2024-10-21T20:15:06.230", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: uvc: Prevent buffer overflow in setup handler\n\nSetup function uvc_function_setup permits control transfer\nrequests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE),\ndata stage handler for OUT transfer uses memcpy to copy req->actual\nbytes to uvc_event->data.data array of size 60. This may result\nin an overflow of 4 bytes." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/06fd17ee92c8f1704c7e54ec0fd50ae0542a49a5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4972e3528b968665b596b5434764ff8fd9446d35", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4c92670b16727365699fe4b19ed32013bab2c107", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6b41a35b41f77821db24f2d8f66794b390a585c5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7b1f773277a72f9756d47a41b94e43506cce1954", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b8fb1cba934ea122b50f13a4f9d6fc4fdc43d2be", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bc8380fe5768c564f921f7b4eaba932e330b9e4b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c79538f32df12887f110dcd6b9c825b482905f24", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d1a92bb8d697f170d93fe922da763d7d156b8841", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48949.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48949.json new file mode 100644 index 00000000000..c7204b65e21 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48949.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-48949", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:06.337", + "lastModified": "2024-10-21T20:15:06.337", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Initialize mailbox message for VF reset\n\nWhen a MAC address is not assigned to the VF, that portion of the message\nsent to the VF is not set. The memory, however, is allocated from the\nstack meaning that information may be leaked to the VM. Initialize the\nmessage buffer to 0 so that no information is passed to the VM in this\ncase." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/367e1e3399dbc56fc669740c4ab60e35da632b0e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/51fd5ede7ed42f272682a0c33d6f0767b3484a3d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a6629659af3f5c6a91e3914ea62554c975ab77f4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c383c7c35c7bc15e07a04eefa060a8a80cbeae29", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c581439a977545d61849a72e8ed631cfc8a2a3c1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/de5dc44370fbd6b46bd7f1a1e00369be54a041c8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ef1d739dd1f362aec081278ff92f943c31eb177a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f2479c3daaabccbac6c343a737615d0c595c6dc4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48950.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48950.json new file mode 100644 index 00000000000..9ffbbe69d7c --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48950.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-48950", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:06.440", + "lastModified": "2024-10-21T20:15:06.440", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix perf_pending_task() UaF\n\nPer syzbot it is possible for perf_pending_task() to run after the\nevent is free()'d. There are two related but distinct cases:\n\n - the task_work was already queued before destroying the event;\n - destroying the event itself queues the task_work.\n\nThe first cannot be solved using task_work_cancel() since\nperf_release() itself might be called from a task_work (____fput),\nwhich means the current->task_works list is already empty and\ntask_work_cancel() won't be able to find the perf_pending_task()\nentry.\n\nThe simplest alternative is extending the perf_event lifetime to cover\nthe task_work.\n\nThe second is just silly, queueing a task_work while you know the\nevent is going away makes no sense and is easily avoided by\nre-arranging how the event is marked STATE_DEAD and ensuring it goes\nthrough STATE_OFF on the way down." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/517e6a301f34613bff24a8e35b5455884f2d83d8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/78e1317a174edbfd1182599bf76c092a2877672c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8bffa95ac19ff27c8261904f89d36c7fcf215d59", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48951.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48951.json new file mode 100644 index 00000000000..02e6cae4295 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48951.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-48951", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:06.530", + "lastModified": "2024-10-21T20:15:06.530", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()\n\nThe bounds checks in snd_soc_put_volsw_sx() are only being applied to the\nfirst channel, meaning it is possible to write out of bounds values to the\nsecond channel in stereo controls. Add appropriate checks." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1798b62d642e7b3d4ea3403914c3caf4e438465d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/18a168d85eadcfd45f015b5ecd2a97801b959e43", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/50b5f6d4d9d2d69a7498c44fd8b26e13d73d3d98", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/56288987843c3cb343e81e5fa51549cbaf541bd0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9796d07c753164b7e6b0d7ef23fb4482840a9ef8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/97eea946b93961fffd29448dcda7398d0d51c4b2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cf1c225f1927891ae388562b78ced7840c3723b9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cf611d786796ec33da09d8c83d7d7f4e557b27de", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48952.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48952.json new file mode 100644 index 00000000000..686e3a421ce --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48952.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-48952", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:06.617", + "lastModified": "2024-10-21T20:15:06.617", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: mt7621: Add sentinel to quirks table\n\nCurrent driver is missing a sentinel in the struct soc_device_attribute\narray, which causes an oops when assessed by the\nsoc_device_match(mt7621_pcie_quirks_match) call.\n\nThis was only exposed once the CONFIG_SOC_MT7621 mt7621 soc_dev_attr\nwas fixed to register the SOC as a device, in:\n\ncommit 7c18b64bba3b (\"mips: ralink: mt7621: do not use kzalloc too early\")\n\nFix it by adding the required sentinel." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/19098934f910b4d47cb30251dd39ffa57bef9523", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3e9c395ef2d52975b2c2894d2da09d6db2958bc6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a4997bae1b5b012c8a6e2643e26578a7bc2cae36", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cb7323ece786f243f6d6ccf2e5b2b27b736bdc04", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48953.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48953.json new file mode 100644 index 00000000000..cbede9b9014 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48953.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-48953", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:06.700", + "lastModified": "2024-10-21T20:15:06.700", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: cmos: Fix event handler registration ordering issue\n\nBecause acpi_install_fixed_event_handler() enables the event\nautomatically on success, it is incorrect to call it before the\nhandler routine passed to it is ready to handle events.\n\nUnfortunately, the rtc-cmos driver does exactly the incorrect thing\nby calling cmos_wake_setup(), which passes rtc_handler() to\nacpi_install_fixed_event_handler(), before cmos_do_probe(), because\nrtc_handler() uses dev_get_drvdata() to get to the cmos object\npointer and the driver data pointer is only populated in\ncmos_do_probe().\n\nThis leads to a NULL pointer dereference in rtc_handler() on boot\nif the RTC fixed event happens to be active at the init time.\n\nTo address this issue, change the initialization ordering of the\ndriver so that cmos_wake_setup() is always called after a successful\ncmos_do_probe() call.\n\nWhile at it, change cmos_pnp_probe() to call cmos_do_probe() after\nthe initial if () statement used for computing the IRQ argument to\nbe passed to cmos_do_probe() which is cleaner than calling it in\neach branch of that if () (local variable \"irq\" can be of type int,\nbecause it is passed to that function as an argument of type int).\n\nNote that commit 6492fed7d8c9 (\"rtc: rtc-cmos: Do not check\nACPI_FADT_LOW_POWER_S0\") caused this issue to affect a larger number\nof systems, because previously it only affected systems with\nACPI_FADT_LOW_POWER_S0 set, but it is present regardless of that\ncommit." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0bcfccb48696aba475f046c2021f0733659ce0ef", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1ba745fce13d19775100eece30b0bfb8b8b10ea6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4919d3eb2ec0ee364f7e3cf2d99646c1b224fae8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/60c6e563a843032cf6ff84b2fb732cd8754fc10d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48954.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48954.json new file mode 100644 index 00000000000..d5efcf83083 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48954.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-48954", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:06.783", + "lastModified": "2024-10-21T20:15:06.783", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/qeth: fix use-after-free in hsci\n\nKASAN found that addr was dereferenced after br2dev_event_work was freed.\n\n==================================================================\nBUG: KASAN: use-after-free in qeth_l2_br2dev_worker+0x5ba/0x6b0\nRead of size 1 at addr 00000000fdcea440 by task kworker/u760:4/540\nCPU: 17 PID: 540 Comm: kworker/u760:4 Tainted: G E 6.1.0-20221128.rc7.git1.5aa3bed4ce83.300.fc36.s390x+kasan #1\nHardware name: IBM 8561 T01 703 (LPAR)\nWorkqueue: 0.0.8000_event qeth_l2_br2dev_worker\nCall Trace:\n [<000000016944d4ce>] dump_stack_lvl+0xc6/0xf8\n [<000000016942cd9c>] print_address_description.constprop.0+0x34/0x2a0\n [<000000016942d118>] print_report+0x110/0x1f8\n [<0000000167a7bd04>] kasan_report+0xfc/0x128\n [<000000016938d79a>] qeth_l2_br2dev_worker+0x5ba/0x6b0\n [<00000001673edd1e>] process_one_work+0x76e/0x1128\n [<00000001673ee85c>] worker_thread+0x184/0x1098\n [<000000016740718a>] kthread+0x26a/0x310\n [<00000001672c606a>] __ret_from_fork+0x8a/0xe8\n [<00000001694711da>] ret_from_fork+0xa/0x40\nAllocated by task 108338:\n kasan_save_stack+0x40/0x68\n kasan_set_track+0x36/0x48\n __kasan_kmalloc+0xa0/0xc0\n qeth_l2_switchdev_event+0x25a/0x738\n atomic_notifier_call_chain+0x9c/0xf8\n br_switchdev_fdb_notify+0xf4/0x110\n fdb_notify+0x122/0x180\n fdb_add_entry.constprop.0.isra.0+0x312/0x558\n br_fdb_add+0x59e/0x858\n rtnl_fdb_add+0x58a/0x928\n rtnetlink_rcv_msg+0x5f8/0x8d8\n netlink_rcv_skb+0x1f2/0x408\n netlink_unicast+0x570/0x790\n netlink_sendmsg+0x752/0xbe0\n sock_sendmsg+0xca/0x110\n ____sys_sendmsg+0x510/0x6a8\n ___sys_sendmsg+0x12a/0x180\n __sys_sendmsg+0xe6/0x168\n __do_sys_socketcall+0x3c8/0x468\n do_syscall+0x22c/0x328\n __do_syscall+0x94/0xf0\n system_call+0x82/0xb0\nFreed by task 540:\n kasan_save_stack+0x40/0x68\n kasan_set_track+0x36/0x48\n kasan_save_free_info+0x4c/0x68\n ____kasan_slab_free+0x14e/0x1a8\n __kasan_slab_free+0x24/0x30\n __kmem_cache_free+0x168/0x338\n qeth_l2_br2dev_worker+0x154/0x6b0\n process_one_work+0x76e/0x1128\n worker_thread+0x184/0x1098\n kthread+0x26a/0x310\n __ret_from_fork+0x8a/0xe8\n ret_from_fork+0xa/0x40\nLast potentially related work creation:\n kasan_save_stack+0x40/0x68\n __kasan_record_aux_stack+0xbe/0xd0\n insert_work+0x56/0x2e8\n __queue_work+0x4ce/0xd10\n queue_work_on+0xf4/0x100\n qeth_l2_switchdev_event+0x520/0x738\n atomic_notifier_call_chain+0x9c/0xf8\n br_switchdev_fdb_notify+0xf4/0x110\n fdb_notify+0x122/0x180\n fdb_add_entry.constprop.0.isra.0+0x312/0x558\n br_fdb_add+0x59e/0x858\n rtnl_fdb_add+0x58a/0x928\n rtnetlink_rcv_msg+0x5f8/0x8d8\n netlink_rcv_skb+0x1f2/0x408\n netlink_unicast+0x570/0x790\n netlink_sendmsg+0x752/0xbe0\n sock_sendmsg+0xca/0x110\n ____sys_sendmsg+0x510/0x6a8\n ___sys_sendmsg+0x12a/0x180\n __sys_sendmsg+0xe6/0x168\n __do_sys_socketcall+0x3c8/0x468\n do_syscall+0x22c/0x328\n __do_syscall+0x94/0xf0\n system_call+0x82/0xb0\nSecond to last potentially related work creation:\n kasan_save_stack+0x40/0x68\n __kasan_record_aux_stack+0xbe/0xd0\n kvfree_call_rcu+0xb2/0x760\n kernfs_unlink_open_file+0x348/0x430\n kernfs_fop_release+0xc2/0x320\n __fput+0x1ae/0x768\n task_work_run+0x1bc/0x298\n exit_to_user_mode_prepare+0x1a0/0x1a8\n __do_syscall+0x94/0xf0\n system_call+0x82/0xb0\nThe buggy address belongs to the object at 00000000fdcea400\n which belongs to the cache kmalloc-96 of size 96\nThe buggy address is located 64 bytes inside of\n 96-byte region [00000000fdcea400, 00000000fdcea460)\nThe buggy address belongs to the physical page:\npage:000000005a9c26e8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xfdcea\nflags: 0x3ffff00000000200(slab|node=0|zone=1|lastcpupid=0x1ffff)\nraw: 3ffff00000000200 0000000000000000 0000000100000122 000000008008cc00\nraw: 0000000000000000 0020004100000000 ffffffff00000001 0000000000000000\npage dumped because: kasan: bad access detected\nMemory state around the buggy address:\n 00000000fdcea300: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n 00000000fdcea380: fb fb fb fb fb fb f\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/bde0dfc7c4569406a6ddeec363d04a1df7b3073f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/db6343a5b0d9661f2dd76f653c6d274d38234d2b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ebaaadc332cd21e9df4dcf9ce12552d9354bbbe4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48955.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48955.json new file mode 100644 index 00000000000..0f96c5bad23 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48955.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-48955", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:06.870", + "lastModified": "2024-10-21T20:15:06.870", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: thunderbolt: fix memory leak in tbnet_open()\n\nWhen tb_ring_alloc_rx() failed in tbnet_open(), ida that allocated in\ntb_xdomain_alloc_out_hopid() is not released. Add\ntb_xdomain_release_out_hopid() to the error path to release ida." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/b9274dbe399952a8175db2e1ee148b7c9ba2b538", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ed14e5903638f6eb868e3e2b4e610985e6a6c876", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ed6e955f3b7e0e622c080f4bcb5427a5e1af4c2a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48956.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48956.json new file mode 100644 index 00000000000..461a16337d6 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48956.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2022-48956", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:06.973", + "lastModified": "2024-10-21T20:15:06.973", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: avoid use-after-free in ip6_fragment()\n\nBlamed commit claimed rcu_read_lock() was held by ip6_fragment() callers.\n\nIt seems to not be always true, at least for UDP stack.\n\nsyzbot reported:\n\nBUG: KASAN: use-after-free in ip6_dst_idev include/net/ip6_fib.h:245 [inline]\nBUG: KASAN: use-after-free in ip6_fragment+0x2724/0x2770 net/ipv6/ip6_output.c:951\nRead of size 8 at addr ffff88801d403e80 by task syz-executor.3/7618\n\nCPU: 1 PID: 7618 Comm: syz-executor.3 Not tainted 6.1.0-rc6-syzkaller-00012-g4312098baf37 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x15e/0x45d mm/kasan/report.c:395\n kasan_report+0xbf/0x1f0 mm/kasan/report.c:495\n ip6_dst_idev include/net/ip6_fib.h:245 [inline]\n ip6_fragment+0x2724/0x2770 net/ipv6/ip6_output.c:951\n __ip6_finish_output net/ipv6/ip6_output.c:193 [inline]\n ip6_finish_output+0x9a3/0x1170 net/ipv6/ip6_output.c:206\n NF_HOOK_COND include/linux/netfilter.h:291 [inline]\n ip6_output+0x1f1/0x540 net/ipv6/ip6_output.c:227\n dst_output include/net/dst.h:445 [inline]\n ip6_local_out+0xb3/0x1a0 net/ipv6/output_core.c:161\n ip6_send_skb+0xbb/0x340 net/ipv6/ip6_output.c:1966\n udp_v6_send_skb+0x82a/0x18a0 net/ipv6/udp.c:1286\n udp_v6_push_pending_frames+0x140/0x200 net/ipv6/udp.c:1313\n udpv6_sendmsg+0x18da/0x2c80 net/ipv6/udp.c:1606\n inet6_sendmsg+0x9d/0xe0 net/ipv6/af_inet6.c:665\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg+0xd3/0x120 net/socket.c:734\n sock_write_iter+0x295/0x3d0 net/socket.c:1108\n call_write_iter include/linux/fs.h:2191 [inline]\n new_sync_write fs/read_write.c:491 [inline]\n vfs_write+0x9ed/0xdd0 fs/read_write.c:584\n ksys_write+0x1ec/0x250 fs/read_write.c:637\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fde3588c0d9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fde365b6168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00007fde359ac050 RCX: 00007fde3588c0d9\nRDX: 000000000000ffdc RSI: 00000000200000c0 RDI: 000000000000000a\nRBP: 00007fde358e7ae9 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fde35acfb1f R14: 00007fde365b6300 R15: 0000000000022000\n \n\nAllocated by task 7618:\n kasan_save_stack+0x22/0x40 mm/kasan/common.c:45\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\n __kasan_slab_alloc+0x82/0x90 mm/kasan/common.c:325\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slab.h:737 [inline]\n slab_alloc_node mm/slub.c:3398 [inline]\n slab_alloc mm/slub.c:3406 [inline]\n __kmem_cache_alloc_lru mm/slub.c:3413 [inline]\n kmem_cache_alloc+0x2b4/0x3d0 mm/slub.c:3422\n dst_alloc+0x14a/0x1f0 net/core/dst.c:92\n ip6_dst_alloc+0x32/0xa0 net/ipv6/route.c:344\n ip6_rt_pcpu_alloc net/ipv6/route.c:1369 [inline]\n rt6_make_pcpu_route net/ipv6/route.c:1417 [inline]\n ip6_pol_route+0x901/0x1190 net/ipv6/route.c:2254\n pol_lookup_func include/net/ip6_fib.h:582 [inline]\n fib6_rule_lookup+0x52e/0x6f0 net/ipv6/fib6_rules.c:121\n ip6_route_output_flags_noref+0x2e6/0x380 net/ipv6/route.c:2625\n ip6_route_output_flags+0x76/0x320 net/ipv6/route.c:2638\n ip6_route_output include/net/ip6_route.h:98 [inline]\n ip6_dst_lookup_tail+0x5ab/0x1620 net/ipv6/ip6_output.c:1092\n ip6_dst_lookup_flow+0x90/0x1d0 net/ipv6/ip6_output.c:1222\n ip6_sk_dst_lookup_flow+0x553/0x980 net/ipv6/ip6_output.c:1260\n udpv6_sendmsg+0x151d/0x2c80 net/ipv6/udp.c:1554\n inet6_sendmsg+0x9d/0xe0 net/ipv6/af_inet6.c:665\n sock_sendmsg_nosec n\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/6b6d3be3661bff2746cab26147bd629aa034e094", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7390c70bd431cbfa6951477e2c80a301643e284b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7e0dcd5f3ade221a6126278aca60c8ab4cc3bce9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/803e84867de59a1e5d126666d25eb4860cfd2ebe", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8208d7e56b1e579320b9ff3712739ad2e63e1f86", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9b1a468a455d8319041528778d0e684a4c062792", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b3d7ff8c04a83279fb7641fc4d5aa82a602df7c0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48957.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48957.json new file mode 100644 index 00000000000..78ddd9cbf27 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48957.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-48957", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:07.090", + "lastModified": "2024-10-21T20:15:07.090", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove()\n\nThe cmd_buff needs to be freed when error happened in\ndpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4fad22a1281c500f15b172c9d261eff347ca634b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/54d830e24247fa8361b016dd2069362866f45cb6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/785ee7a82297e1512d9061aae91699212ed65796", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48958.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48958.json new file mode 100644 index 00000000000..47941e0b694 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48958.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-48958", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:07.270", + "lastModified": "2024-10-21T20:15:07.270", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nethernet: aeroflex: fix potential skb leak in greth_init_rings()\n\nThe greth_init_rings() function won't free the newly allocated skb when\ndma_mapping_error() returns error, so add dev_kfree_skb() to fix it.\n\nCompile tested only." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/063a932b64db3317ec020c94466fe52923a15f60", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/223654e2e2c8d05347cd8e300f8d1ec6023103dd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/87277bdf2c370ab2d07cfe77dfa9b37f82bbe1e5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/99669d94ce145389f1d6f197e6e18ed50d43fb76", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bfaa8f6c5b84b295dd73b0138b57c5555ca12b1c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c7adcbd0fd3fde1b19150c3e955fb4a30c5bd9b7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cb1e293f858e5e1152b8791047ed4bdaaf392189", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dd62867a6383f78f75f07039394aac25924a3307", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48959.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48959.json new file mode 100644 index 00000000000..28d2fe32b8d --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48959.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-48959", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:07.460", + "lastModified": "2024-10-21T20:15:07.460", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions()\n\nWhen dsa_devlink_region_create failed in sja1105_setup_devlink_regions(),\npriv->regions is not released." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4be43e46c3f945fc7dd9e23c73a7a66927a3b814", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/78a9ea43fc1a7c06a420b132d2d47cbf4344a5df", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e5e59629654b8826f0167dae480d0e3fa0f8f038", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f3b5dda26cd0535aac09ed09c5d83f19b979ec9f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48960.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48960.json new file mode 100644 index 00000000000..056080142cd --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48960.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-48960", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:07.663", + "lastModified": "2024-10-21T20:15:07.663", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hisilicon: Fix potential use-after-free in hix5hd2_rx()\n\nThe skb is delivered to napi_gro_receive() which may free it, after\ncalling this, dereferencing skb may trigger use-after-free." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/179499e7a240b2ef590f05eb379c810c26bbc8a4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1b6360a093ab8969c91a30bb58b753282e2ced4c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3a4eddd1cb023a71df4152fcc76092953e6fe95a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/433c07a13f59856e4585e89e86b7d4cc59348fab", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8067cd244cea2c332f8326842fd10158fa2cb64f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/93aaa4bb72e388f6a4887541fd3d18b84f1b5ddc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b6307f7a2fc1c5407b6176f2af34a95214a8c262", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b8ce0e6f9f88a6bb49d291498377e61ea27a5387", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48961.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48961.json new file mode 100644 index 00000000000..43220a9883a --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48961.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-48961", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:07.887", + "lastModified": "2024-10-21T20:15:07.887", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mdio: fix unbalanced fwnode reference count in mdio_device_release()\n\nThere is warning report about of_node refcount leak\nwhile probing mdio device:\n\nOF: ERROR: memory leak, expected refcount 1 instead of 2,\nof_node_get()/of_node_put() unbalanced - destroy cset entry:\nattach overlay node /spi/soc@0/mdio@710700c0/ethernet@4\n\nIn of_mdiobus_register_device(), we increase fwnode refcount\nby fwnode_handle_get() before associating the of_node with\nmdio device, but it has never been decreased in normal path.\nSince that, in mdio_device_release(), it needs to call\nfwnode_handle_put() in addition instead of calling kfree()\ndirectly.\n\nAfter above, just calling mdio_device_free() in the error handle\npath of of_mdiobus_register_device() is enough to keep the\nrefcount balanced." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/16854177745a5648f8ec322353b432e18460f43a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a5c6de1a6656b8cc6bce7cb3d9874dd7df4968c3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cb37617687f2bfa5b675df7779f869147c9002bd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48962.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48962.json new file mode 100644 index 00000000000..18ccf9777d2 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48962.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-48962", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:08.117", + "lastModified": "2024-10-21T20:15:08.117", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hisilicon: Fix potential use-after-free in hisi_femac_rx()\n\nThe skb is delivered to napi_gro_receive() which may free it, after\ncalling this, dereferencing skb may trigger use-after-free." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/196e12671cb629d9f3b77b4d8bec854fc445533a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/296a50aa8b2982117520713edc1375777a9f8506", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3501da8eb6d0f5f114a09ec953c54423f6f35885", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4640177049549de1a43e9bc49265f0cdfce08cfd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6f4798ac9c9e98f41553c4f5e6c832c8860a6942", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8595a2db8eb0ffcbb466eb9f4a7507a5ba06ebb9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/aceec8ab752428d8e151321479e82cc1a40fee2e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e71a46cc8c9ad75f3bb0e4b361e81f79c0214cca", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48963.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48963.json new file mode 100644 index 00000000000..2fdb0b17fd0 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48963.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-48963", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:08.273", + "lastModified": "2024-10-21T20:15:08.273", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: iosm: fix memory leak in ipc_mux_init()\n\nWhen failed to alloc ipc_mux->ul_adb.pp_qlt in ipc_mux_init(), ipc_mux\nis not released." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/23353efc26e98b61b925274ecbb8f0610f69a8aa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e21478d0054f63eec7ce833296cf9788764a0ec7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48964.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48964.json new file mode 100644 index 00000000000..26bd23e399b --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48964.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-48964", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:08.377", + "lastModified": "2024-10-21T20:15:08.377", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nravb: Fix potential use-after-free in ravb_rx_gbeth()\n\nThe skb is delivered to napi_gro_receive() which may free it, after calling this,\ndereferencing skb may trigger use-after-free." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5a5a3e564de6a8db987410c5c2f4748d50ea82b8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e63c681494dcc0527c625a0a4f59bf10259f5ee0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48965.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48965.json new file mode 100644 index 00000000000..88cbe4cfdcd --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48965.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-48965", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:08.470", + "lastModified": "2024-10-21T20:15:08.470", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio/rockchip: fix refcount leak in rockchip_gpiolib_register()\n\nThe node returned by of_get_parent() with refcount incremented,\nof_node_put() needs be called when finish using it. So add it in the\nend of of_pinctrl_get()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/033c79b7ee8a7bf1c1a13ac3addc91184425cbae", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5cb8f1a784fd6115be58282fe15105572319d8be", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/63ff545af73f759d1bd04198af8ed8577fb739fc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48966.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48966.json new file mode 100644 index 00000000000..abebcbfb43f --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48966.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-48966", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:08.573", + "lastModified": "2024-10-21T20:15:08.573", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvneta: Prevent out of bounds read in mvneta_config_rss()\n\nThe pp->indir[0] value comes from the user. It is passed to:\n\n\tif (cpu_online(pp->rxq_def))\n\ninside the mvneta_percpu_elect() function. It needs bounds checkeding\nto ensure that it is not beyond the end of the cpu bitmap." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/146ebee8fcdb349d7ec0e49915e6cdafb92544ae", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3ceffb8f410b93553fb16fe7e84aa0d35b3ba79b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/47a1a2f6cd5ec3a4f8a2d9bfa1e0605347cdb92c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5a142486a0db6b0b85031f22d69acd0cdcf8f72b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6ca0a506dddc3e1d636935eef339576b263bf3d8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a6b30598fec84f8809f5417cde73071ca43e8471", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e8b4fc13900b8e8be48debffd0dfd391772501f7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eec1fc21edc2bb99c9e66cf66f0b5d4d643fbb50", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48967.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48967.json new file mode 100644 index 00000000000..ea44181e6a4 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48967.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-48967", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:08.757", + "lastModified": "2024-10-21T20:15:08.757", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: Bounds check struct nfc_target arrays\n\nWhile running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported:\n\n memcpy: detected field-spanning write (size 129) of single field \"target->sensf_res\" at net/nfc/nci/ntf.c:260 (size 18)\n\nThis appears to be a legitimate lack of bounds checking in\nnci_add_new_protocol(). Add the missing checks." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/27eb2d7a1b9987b6d0429b7716b1ff3b82c4ffc9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6778434706940b8fad7ef35f410d2b9929f256d2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6b37f0dc0638d13a006f2f24d2f6ca61e83bc714", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/908b2da426fe9c3ce74cf541ba40e7a4251db191", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cff35329070b96b4484d23f9f48a5ca2c947e750", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dbdcfb9f6748218a149f62468d6297ce3f014e9c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e329e71013c9b5a4535b099208493c7826ee4a64", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f41547546db9af99da2c34e3368664d7a79cefae", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48968.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48968.json new file mode 100644 index 00000000000..ea9ab2af414 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48968.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-48968", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:08.897", + "lastModified": "2024-10-21T20:15:08.897", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix potential memory leak in otx2_init_tc()\n\nIn otx2_init_tc(), if rhashtable_init() failed, it does not free\ntc->tc_entries_bitmap which is allocated in otx2_tc_alloc_ent_bitmap()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/db5ec358cf4ef0ab382ee733d05f018e8bef9462", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eefd8953a74822cb72006632b9ee9dd95f92c146", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fbf33f5ac76f2cdb47ad9763f620026d5cfa57ce", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48969.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48969.json new file mode 100644 index 00000000000..fa18b68365c --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48969.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-48969", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:09.037", + "lastModified": "2024-10-21T20:15:09.037", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen-netfront: Fix NULL sring after live migration\n\nA NAPI is setup for each network sring to poll data to kernel\nThe sring with source host is destroyed before live migration and\nnew sring with target host is setup after live migration.\nThe NAPI for the old sring is not deleted until setup new sring\nwith target host after migration. With busy_poll/busy_read enabled,\nthe NAPI can be polled before got deleted when resume VM.\n\nBUG: unable to handle kernel NULL pointer dereference at\n0000000000000008\nIP: xennet_poll+0xae/0xd20\nPGD 0 P4D 0\nOops: 0000 [#1] SMP PTI\nCall Trace:\n finish_task_switch+0x71/0x230\n timerqueue_del+0x1d/0x40\n hrtimer_try_to_cancel+0xb5/0x110\n xennet_alloc_rx_buffers+0x2a0/0x2a0\n napi_busy_loop+0xdb/0x270\n sock_poll+0x87/0x90\n do_sys_poll+0x26f/0x580\n tracing_map_insert+0x1d4/0x2f0\n event_hist_trigger+0x14a/0x260\n\n finish_task_switch+0x71/0x230\n __schedule+0x256/0x890\n recalc_sigpending+0x1b/0x50\n xen_sched_clock+0x15/0x20\n __rb_reserve_next+0x12d/0x140\n ring_buffer_lock_reserve+0x123/0x3d0\n event_triggers_call+0x87/0xb0\n trace_event_buffer_commit+0x1c4/0x210\n xen_clocksource_get_cycles+0x15/0x20\n ktime_get_ts64+0x51/0xf0\n SyS_ppoll+0x160/0x1a0\n SyS_ppoll+0x160/0x1a0\n do_syscall_64+0x73/0x130\n entry_SYSCALL_64_after_hwframe+0x41/0xa6\n...\nRIP: xennet_poll+0xae/0xd20 RSP: ffffb4f041933900\nCR2: 0000000000000008\n---[ end trace f8601785b354351c ]---\n\nxen frontend should remove the NAPIs for the old srings before live\nmigration as the bond srings are destroyed\n\nThere is a tiny window between the srings are set to NULL and\nthe NAPIs are disabled, It is safe as the NAPI threads are still\nfrozen at that time" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/99859947517e446058ad7243ee81d2f9801fa3dd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d50b7914fae04d840ce36491d22133070b18cca9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e6860c889f4ad50b6ab696f5ea154295d72cf27a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e6e897d4fe2f89c0bd94600a40bedf5e6e75e050", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ed773dd798bf720756d20021b8d8a4a3d7184bda", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f2dd60fd3fe98bd36a91b0c6e10bfe9d66258f84", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48970.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48970.json new file mode 100644 index 00000000000..58fa955ae6b --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48970.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-48970", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:09.177", + "lastModified": "2024-10-21T20:15:09.177", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Get user_ns from in_skb in unix_diag_get_exact().\n\nWei Chen reported a NULL deref in sk_user_ns() [0][1], and Paolo diagnosed\nthe root cause: in unix_diag_get_exact(), the newly allocated skb does not\nhave sk. [2]\n\nWe must get the user_ns from the NETLINK_CB(in_skb).sk and pass it to\nsk_diag_fill().\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000270\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 12bbce067 P4D 12bbce067 PUD 12bc40067 PMD 0\nOops: 0000 [#1] PREEMPT SMP\nCPU: 0 PID: 27942 Comm: syz-executor.0 Not tainted 6.1.0-rc5-next-20221118 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.13.0-48-gd9c812dda519-prebuilt.qemu.org 04/01/2014\nRIP: 0010:sk_user_ns include/net/sock.h:920 [inline]\nRIP: 0010:sk_diag_dump_uid net/unix/diag.c:119 [inline]\nRIP: 0010:sk_diag_fill+0x77d/0x890 net/unix/diag.c:170\nCode: 89 ef e8 66 d4 2d fd c7 44 24 40 00 00 00 00 49 8d 7c 24 18 e8\n54 d7 2d fd 49 8b 5c 24 18 48 8d bb 70 02 00 00 e8 43 d7 2d fd <48> 8b\n9b 70 02 00 00 48 8d 7b 10 e8 33 d7 2d fd 48 8b 5b 10 48 8d\nRSP: 0018:ffffc90000d67968 EFLAGS: 00010246\nRAX: ffff88812badaa48 RBX: 0000000000000000 RCX: ffffffff840d481d\nRDX: 0000000000000465 RSI: 0000000000000000 RDI: 0000000000000270\nRBP: ffffc90000d679a8 R08: 0000000000000277 R09: 0000000000000000\nR10: 0001ffffffffffff R11: 0001c90000d679a8 R12: ffff88812ac03800\nR13: ffff88812c87c400 R14: ffff88812ae42210 R15: ffff888103026940\nFS: 00007f08b4e6f700(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000270 CR3: 000000012c58b000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n unix_diag_get_exact net/unix/diag.c:285 [inline]\n unix_diag_handler_dump+0x3f9/0x500 net/unix/diag.c:317\n __sock_diag_cmd net/core/sock_diag.c:235 [inline]\n sock_diag_rcv_msg+0x237/0x250 net/core/sock_diag.c:266\n netlink_rcv_skb+0x13e/0x250 net/netlink/af_netlink.c:2564\n sock_diag_rcv+0x24/0x40 net/core/sock_diag.c:277\n netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]\n netlink_unicast+0x5e9/0x6b0 net/netlink/af_netlink.c:1356\n netlink_sendmsg+0x739/0x860 net/netlink/af_netlink.c:1932\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg net/socket.c:734 [inline]\n ____sys_sendmsg+0x38f/0x500 net/socket.c:2476\n ___sys_sendmsg net/socket.c:2530 [inline]\n __sys_sendmsg+0x197/0x230 net/socket.c:2559\n __do_sys_sendmsg net/socket.c:2568 [inline]\n __se_sys_sendmsg net/socket.c:2566 [inline]\n __x64_sys_sendmsg+0x42/0x50 net/socket.c:2566\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x4697f9\nCode: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d\n01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f08b4e6ec48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 000000000077bf80 RCX: 00000000004697f9\nRDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003\nRBP: 00000000004d29e9 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 000000000077bf80\nR13: 0000000000000000 R14: 000000000077bf80 R15: 00007ffdb36bc6c0\n \nModules linked in:\nCR2: 0000000000000270\n\n[1]: https://lore.kernel.org/netdev/CAO4mrfdvyjFpokhNsiwZiP-wpdSD0AStcJwfKcKQdAALQ9_2Qw@mail.gmail.com/\n[2]: https://lore.kernel.org/netdev/e04315e7c90d9a75613f3993c2baf2d344eef7eb.camel@redhat.com/" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/575a6266f63dbb3b8eb1da03671451f0d81b8034", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5c014eb0ed6c8c57f483e94cc6e90f34ce426d91", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9c1d6f79a2c7b8221dcec27defc6dc461052ead4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b3abe42e94900bdd045c472f9c9be620ba5ce553", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c66d78aee55dab72c92020ebfbebc464d4f5dd2a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48971.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48971.json new file mode 100644 index 00000000000..28d5894b231 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48971.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-48971", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:09.260", + "lastModified": "2024-10-21T20:15:09.260", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix not cleanup led when bt_init fails\n\nbt_init() calls bt_leds_init() to register led, but if it fails later,\nbt_leds_cleanup() is not called to unregister it.\n\nThis can cause panic if the argument \"bluetooth-power\" in text is freed\nand then another led_trigger_register() tries to access it:\n\nBUG: unable to handle page fault for address: ffffffffc06d3bc0\nRIP: 0010:strcmp+0xc/0x30\n Call Trace:\n \n led_trigger_register+0x10d/0x4f0\n led_trigger_register_simple+0x7d/0x100\n bt_init+0x39/0xf7 [bluetooth]\n do_one_initcall+0xd0/0x4e0" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2c6cf0afc3856359e620e96edd952457d258e16c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2f3957c7eb4e07df944169a3e50a4d6790e1c744", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5ecf7cd6fde5e72c87122084cf00d63e35d8dd9f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8a66c3a94285552f6a8e45d73b34ebbad11d388b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e7b950458156d410509a08c41930b75e72985938", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/edf7284a98296369dd0891a0457eec37df244873", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48972.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48972.json new file mode 100644 index 00000000000..33edfa2c882 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48972.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-48972", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:09.343", + "lastModified": "2024-10-21T20:15:09.343", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()\n\nKernel fault injection test reports null-ptr-deref as follows:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\nRIP: 0010:cfg802154_netdev_notifier_call+0x120/0x310 include/linux/list.h:114\nCall Trace:\n \n raw_notifier_call_chain+0x6d/0xa0 kernel/notifier.c:87\n call_netdevice_notifiers_info+0x6e/0xc0 net/core/dev.c:1944\n unregister_netdevice_many_notify+0x60d/0xcb0 net/core/dev.c:1982\n unregister_netdevice_queue+0x154/0x1a0 net/core/dev.c:10879\n register_netdevice+0x9a8/0xb90 net/core/dev.c:10083\n ieee802154_if_add+0x6ed/0x7e0 net/mac802154/iface.c:659\n ieee802154_register_hw+0x29c/0x330 net/mac802154/main.c:229\n mcr20a_probe+0xaaa/0xcb1 drivers/net/ieee802154/mcr20a.c:1316\n\nieee802154_if_add() allocates wpan_dev as netdev's private data, but not\ninit the list in struct wpan_dev. cfg802154_netdev_notifier_call() manage\nthe list when device register/unregister, and may lead to null-ptr-deref.\n\nUse INIT_LIST_HEAD() on it to initialize it correctly." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1831d4540406708e48239cf38fd9c3b7ea98e08f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/42c319635c0cf7eb36eccac6cda76532f47b61a3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/623918f40fa68e3bb21312a3fafb90f491bf5358", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7410f4d1221bb182510b7778ab6eefa8b9b7102d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9980a3ea20de40c83817877106c909cb032692d2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a110287ef4a423980309490df632e1c1e73b3dc9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b3d72d3135d2ef68296c1ee174436efd65386f04", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f00c84fb1635c27ba24ec5df65d5bd7d7dc00008", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48973.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48973.json new file mode 100644 index 00000000000..31eabb6fae4 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48973.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-48973", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:09.430", + "lastModified": "2024-10-21T20:15:09.430", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: amd8111: Fix PCI device reference count leak\n\nfor_each_pci_dev() is implemented by pci_get_device(). The comment of\npci_get_device() says that it will increase the reference count for the\nreturned pci_dev and also decrease the reference count for the input\npci_dev @from if it is not NULL.\n\nIf we break for_each_pci_dev() loop with pdev not NULL, we need to call\npci_dev_put() to decrease the reference count. Add the missing\npci_dev_put() after the 'out' label. Since pci_dev_put() can handle NULL\ninput parameter, there is no problem for the 'Device not found' branch.\nFor the normal path, add pci_dev_put() in amd_gpio_exit()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4271515f189bd5fe2ec86b4089dab7cb804625d2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/45fecdb9f658d9c82960c98240bc0770ade19aca", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4749c5cc147c9860b96db1e71cc36d1de1bd3f59", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/48bd5d3801f6b67cc144449d434abbd5043a6d37", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5ee6413d3dd972930af787b2c0c7aaeb379fa521", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/71d591ef873f9ebb86cd8d053b3caee785b2de6a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b2bc053ebbba57a06fa655db5ea796de2edce445", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e364ce04d8f840478b09eee57b614de7cf1e743e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48974.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48974.json new file mode 100644 index 00000000000..94c02584ca9 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48974.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-48974", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:09.517", + "lastModified": "2024-10-21T20:15:09.517", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: fix using __this_cpu_add in preemptible\n\nCurrently in nf_conntrack_hash_check_insert(), when it fails in\nnf_ct_ext_valid_pre/post(), NF_CT_STAT_INC() will be called in the\npreemptible context, a call trace can be triggered:\n\n BUG: using __this_cpu_add() in preemptible [00000000] code: conntrack/1636\n caller is nf_conntrack_hash_check_insert+0x45/0x430 [nf_conntrack]\n Call Trace:\n \n dump_stack_lvl+0x33/0x46\n check_preemption_disabled+0xc3/0xf0\n nf_conntrack_hash_check_insert+0x45/0x430 [nf_conntrack]\n ctnetlink_create_conntrack+0x3cd/0x4e0 [nf_conntrack_netlink]\n ctnetlink_new_conntrack+0x1c0/0x450 [nf_conntrack_netlink]\n nfnetlink_rcv_msg+0x277/0x2f0 [nfnetlink]\n netlink_rcv_skb+0x50/0x100\n nfnetlink_rcv+0x65/0x144 [nfnetlink]\n netlink_unicast+0x1ae/0x290\n netlink_sendmsg+0x257/0x4f0\n sock_sendmsg+0x5f/0x70\n\nThis patch is to fix it by changing to use NF_CT_STAT_INC_ATOMIC() for\nnf_ct_ext_valid_pre/post() check in nf_conntrack_hash_check_insert(),\nas well as nf_ct_ext_valid_post() in __nf_conntrack_confirm().\n\nNote that nf_ct_ext_valid_pre() check in __nf_conntrack_confirm() is\nsafe to use NF_CT_STAT_INC(), as it's under local_bh_disable()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/9464d0b68f11a9bc768370c3260ec02b3550447b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d9bf1138a5db419db13bd9fcd3a7178d6bb20f7c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48975.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48975.json new file mode 100644 index 00000000000..0d09546a2e4 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48975.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-48975", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:09.597", + "lastModified": "2024-10-21T20:15:09.597", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: fix memory leak in gpiochip_setup_dev()\n\nHere is a backtrace report about memory leak detected in\ngpiochip_setup_dev():\n\nunreferenced object 0xffff88810b406400 (size 512):\n comm \"python3\", pid 1682, jiffies 4295346908 (age 24.090s)\n backtrace:\n kmalloc_trace\n device_add\t\tdevice_private_init at drivers/base/core.c:3361\n\t\t\t(inlined by) device_add at drivers/base/core.c:3411\n cdev_device_add\n gpiolib_cdev_register\n gpiochip_setup_dev\n gpiochip_add_data_with_key\n\ngcdev_register() & gcdev_unregister() would call device_add() &\ndevice_del() (no matter CONFIG_GPIO_CDEV is enabled or not) to\nregister/unregister device.\n\nHowever, if device_add() succeeds, some resource (like\nstruct device_private allocated by device_private_init())\nis not released by device_del().\n\nTherefore, after device_add() succeeds by gcdev_register(), it\nneeds to call put_device() to release resource in the error handle\npath.\n\nHere we move forward the register of release function, and let it\nrelease every piece of resource by put_device() instead of kfree().\n\nWhile at it, fix another subtle issue, i.e. when gc->ngpio is equal\nto 0, we still call kcalloc() and, in case of further error, kfree()\non the ZERO_PTR pointer, which is not NULL. It's not a bug per se,\nbut rather waste of the resources and potentially wrong expectation\nabout contents of the gdev->descs variable." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/371363716398ed718e389bea8c5e9843a79dde4e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6daaa84b621485fe28c401be18debf92ae8ef04a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ec851b23084b3a0af8bf0f5e51d33a8d678bdc49", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48976.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48976.json new file mode 100644 index 00000000000..54f09206773 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48976.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-48976", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:09.680", + "lastModified": "2024-10-21T20:15:09.680", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable_offload: fix using __this_cpu_add in preemptible\n\nflow_offload_queue_work() can be called in workqueue without\nbh disabled, like the call trace showed in my act_ct testing,\ncalling NF_FLOW_TABLE_STAT_INC() there would cause a call\ntrace:\n\n BUG: using __this_cpu_add() in preemptible [00000000] code: kworker/u4:0/138560\n caller is flow_offload_queue_work+0xec/0x1b0 [nf_flow_table]\n Workqueue: act_ct_workqueue tcf_ct_flow_table_cleanup_work [act_ct]\n Call Trace:\n \n dump_stack_lvl+0x33/0x46\n check_preemption_disabled+0xc3/0xf0\n flow_offload_queue_work+0xec/0x1b0 [nf_flow_table]\n nf_flow_table_iterate+0x138/0x170 [nf_flow_table]\n nf_flow_table_free+0x140/0x1a0 [nf_flow_table]\n tcf_ct_flow_table_cleanup_work+0x2f/0x2b0 [act_ct]\n process_one_work+0x6a3/0x1030\n worker_thread+0x8a/0xdf0\n\nThis patch fixes it by using NF_FLOW_TABLE_STAT_INC_ATOMIC()\ninstead in flow_offload_queue_work().\n\nNote that for FLOW_CLS_REPLACE branch in flow_offload_queue_work(),\nit may not be called in preemptible path, but it's good to use\nNF_FLOW_TABLE_STAT_INC_ATOMIC() for all cases in\nflow_offload_queue_work()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/a220a11fda012fba506b35929672374c2723ae6d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a81047154e7ce4eb8769d5d21adcbc9693542a79", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48977.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48977.json new file mode 100644 index 00000000000..9af76360416 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48977.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-48977", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:09.763", + "lastModified": "2024-10-21T20:15:09.763", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: af_can: fix NULL pointer dereference in can_rcv_filter\n\nAnalogue to commit 8aa59e355949 (\"can: af_can: fix NULL pointer\ndereference in can_rx_register()\") we need to check for a missing\ninitialization of ml_priv in the receive path of CAN frames.\n\nSince commit 4e096a18867a (\"net: introduce CAN specific pointer in the\nstruct net_device\") the check for dev->type to be ARPHRD_CAN is not\nsufficient anymore since bonding or tun netdevices claim to be CAN\ndevices but do not initialize ml_priv accordingly." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0acc442309a0a1b01bcdaa135e56e6398a49439c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3982652957e8d79ac32efcb725450580650a8644", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c142cba37de29f740a3852f01f59876af8ae462a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c42221efb1159d6a3c89e96685ee38acdce86b6f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fcc63f2f7ee3038d53216edd0d8291e57c752557", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48978.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48978.json new file mode 100644 index 00000000000..18ece4fe136 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48978.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-48978", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:09.850", + "lastModified": "2024-10-21T20:15:09.850", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: fix shift-out-of-bounds in hid_report_raw_event\n\nSyzbot reported shift-out-of-bounds in hid_report_raw_event.\n\nmicrosoft 0003:045E:07DA.0001: hid_field_extract() called with n (128) >\n32! (swapper/0)\n======================================================================\nUBSAN: shift-out-of-bounds in drivers/hid/hid-core.c:1323:20\nshift exponent 127 is too large for 32-bit type 'int'\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted\n6.1.0-rc4-syzkaller-00159-g4bbf3422df78 #0\nHardware name: Google Compute Engine/Google Compute Engine, BIOS\nGoogle 10/26/2022\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:151 [inline]\n __ubsan_handle_shift_out_of_bounds+0x3a6/0x420 lib/ubsan.c:322\n snto32 drivers/hid/hid-core.c:1323 [inline]\n hid_input_fetch_field drivers/hid/hid-core.c:1572 [inline]\n hid_process_report drivers/hid/hid-core.c:1665 [inline]\n hid_report_raw_event+0xd56/0x18b0 drivers/hid/hid-core.c:1998\n hid_input_report+0x408/0x4f0 drivers/hid/hid-core.c:2066\n hid_irq_in+0x459/0x690 drivers/hid/usbhid/hid-core.c:284\n __usb_hcd_giveback_urb+0x369/0x530 drivers/usb/core/hcd.c:1671\n dummy_timer+0x86b/0x3110 drivers/usb/gadget/udc/dummy_hcd.c:1988\n call_timer_fn+0xf5/0x210 kernel/time/timer.c:1474\n expire_timers kernel/time/timer.c:1519 [inline]\n __run_timers+0x76a/0x980 kernel/time/timer.c:1790\n run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1803\n __do_softirq+0x277/0x75b kernel/softirq.c:571\n __irq_exit_rcu+0xec/0x170 kernel/softirq.c:650\n irq_exit_rcu+0x5/0x20 kernel/softirq.c:662\n sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1107\n======================================================================\n\nIf the size of the integer (unsigned n) is bigger than 32 in snto32(),\nshift exponent will be too large for 32-bit type 'int', resulting in a\nshift-out-of-bounds bug.\nFix this by adding a check on the size of the integer (unsigned n) in\nsnto32(). To add support for n greater than 32 bits, set n to 32, if n\nis greater than 32." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/151493fe5a6ed1a88decc929a7368a3f2a246914", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2b3b4d7aadaa1b6b58d0f34823bf86cfe8a31b4d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/809783f8b4b600c7fb3bccb10fefef822601ea3b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8e14f20e12224ee2429f75a5c9418a700e26a8d3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bc03f809da78fc79e4aee132d4e5c6a2b3aeec73", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/db1ed1b3fb4ec0d19080a102956255769bc45c79", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ec61b41918587be530398b0d1c9a0d16619397e5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f755d11c55b29049b77da5cd9ab2faae96eb33c3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48979.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48979.json new file mode 100644 index 00000000000..a6f070c99d8 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48979.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-48979", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:09.947", + "lastModified": "2024-10-21T20:15:09.947", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix array index out of bound error in DCN32 DML\n\n[Why&How]\nLinkCapacitySupport array is indexed with the number of voltage states and\nnot the number of max DPPs. Fix the error by changing the array\ndeclaration to use the correct (larger) array size of total number of\nvoltage states." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3d8a298b2e83b98042e6ec726e934f535b23e6aa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/aeffc8fb2174f017a10df114bc312f899904dc68", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48980.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48980.json new file mode 100644 index 00000000000..844feaf5ef7 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48980.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-48980", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:10.037", + "lastModified": "2024-10-21T20:15:10.037", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: sja1105: avoid out of bounds access in sja1105_init_l2_policing()\n\nThe SJA1105 family has 45 L2 policing table entries\n(SJA1105_MAX_L2_POLICING_COUNT) and SJA1110 has 110\n(SJA1110_MAX_L2_POLICING_COUNT). Keeping the table structure but\naccounting for the difference in port count (5 in SJA1105 vs 10 in\nSJA1110) does not fully explain the difference. Rather, the SJA1110 also\nhas L2 ingress policers for multicast traffic. If a packet is classified\nas multicast, it will be processed by the policer index 99 + SRCPORT.\n\nThe sja1105_init_l2_policing() function initializes all L2 policers such\nthat they don't interfere with normal packet reception by default. To have\na common code between SJA1105 and SJA1110, the index of the multicast\npolicer for the port is calculated because it's an index that is out of\nbounds for SJA1105 but in bounds for SJA1110, and a bounds check is\nperformed.\n\nThe code fails to do the proper thing when determining what to do with the\nmulticast policer of port 0 on SJA1105 (ds->num_ports = 5). The \"mcast\"\nindex will be equal to 45, which is also equal to\ntable->ops->max_entry_count (SJA1105_MAX_L2_POLICING_COUNT). So it passes\nthrough the check. But at the same time, SJA1105 doesn't have multicast\npolicers. So the code programs the SHARINDX field of an out-of-bounds\nelement in the L2 Policing table of the static config.\n\nThe comparison between index 45 and 45 entries should have determined the\ncode to not access this policer index on SJA1105, since its memory wasn't\neven allocated.\n\nWith enough bad luck, the out-of-bounds write could even overwrite other\nvalid kernel data, but in this case, the issue was detected using KASAN.\n\nKernel log:\n\nsja1105 spi5.0: Probed switch chip: SJA1105Q\n==================================================================\nBUG: KASAN: slab-out-of-bounds in sja1105_setup+0x1cbc/0x2340\nWrite of size 8 at addr ffffff880bd57708 by task kworker/u8:0/8\n...\nWorkqueue: events_unbound deferred_probe_work_func\nCall trace:\n...\nsja1105_setup+0x1cbc/0x2340\ndsa_register_switch+0x1284/0x18d0\nsja1105_probe+0x748/0x840\n...\nAllocated by task 8:\n...\nsja1105_setup+0x1bcc/0x2340\ndsa_register_switch+0x1284/0x18d0\nsja1105_probe+0x748/0x840\n..." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/147f3e3d84054117ae6b9bf317ec4fda9f991192", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5e88c6f4aaa70c542e59e5a9d2244bcc99cd245d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f8bac7f9fdb0017b32157957ffffd490f95faa07", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48981.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48981.json new file mode 100644 index 00000000000..9547df6957e --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48981.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-48981", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:10.130", + "lastModified": "2024-10-21T20:15:10.130", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/shmem-helper: Remove errant put in error path\n\ndrm_gem_shmem_mmap() doesn't own this reference, resulting in the GEM\nobject getting prematurely freed leading to a later use-after-free." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/24013314be6ee4ee456114a671e9fa3461323de8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/585a07b820059462e0c93b76c7de2cd946b26b40", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/586847b98e20ab02212ca5c1fc46680384e68a28", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6a4da05acd062ae7774b6b19cef2b7d922902d36", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/83e3da8bb92fcfa7a1d232cf55f9e6c49bb84942", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48982.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48982.json new file mode 100644 index 00000000000..798d7dcac27 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48982.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-48982", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:10.210", + "lastModified": "2024-10-21T20:15:10.210", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix crash when replugging CSR fake controllers\n\nIt seems fake CSR 5.0 clones can cause the suspend notifier to be\nregistered twice causing the following kernel panic:\n\n[ 71.986122] Call Trace:\n[ 71.986124] \n[ 71.986125] blocking_notifier_chain_register+0x33/0x60\n[ 71.986130] hci_register_dev+0x316/0x3d0 [bluetooth 99b5497ea3d09708fa1366c1dc03288bf3cca8da]\n[ 71.986154] btusb_probe+0x979/0xd85 [btusb e1e0605a4f4c01984a4b9c8ac58c3666ae287477]\n[ 71.986159] ? __pm_runtime_set_status+0x1a9/0x300\n[ 71.986162] ? ktime_get_mono_fast_ns+0x3e/0x90\n[ 71.986167] usb_probe_interface+0xe3/0x2b0\n[ 71.986171] really_probe+0xdb/0x380\n[ 71.986174] ? pm_runtime_barrier+0x54/0x90\n[ 71.986177] __driver_probe_device+0x78/0x170\n[ 71.986180] driver_probe_device+0x1f/0x90\n[ 71.986183] __device_attach_driver+0x89/0x110\n[ 71.986186] ? driver_allows_async_probing+0x70/0x70\n[ 71.986189] bus_for_each_drv+0x8c/0xe0\n[ 71.986192] __device_attach+0xb2/0x1e0\n[ 71.986195] bus_probe_device+0x92/0xb0\n[ 71.986198] device_add+0x422/0x9a0\n[ 71.986201] ? sysfs_merge_group+0xd4/0x110\n[ 71.986205] usb_set_configuration+0x57a/0x820\n[ 71.986208] usb_generic_driver_probe+0x4f/0x70\n[ 71.986211] usb_probe_device+0x3a/0x110\n[ 71.986213] really_probe+0xdb/0x380\n[ 71.986216] ? pm_runtime_barrier+0x54/0x90\n[ 71.986219] __driver_probe_device+0x78/0x170\n[ 71.986221] driver_probe_device+0x1f/0x90\n[ 71.986224] __device_attach_driver+0x89/0x110\n[ 71.986227] ? driver_allows_async_probing+0x70/0x70\n[ 71.986230] bus_for_each_drv+0x8c/0xe0\n[ 71.986232] __device_attach+0xb2/0x1e0\n[ 71.986235] bus_probe_device+0x92/0xb0\n[ 71.986237] device_add+0x422/0x9a0\n[ 71.986239] ? _dev_info+0x7d/0x98\n[ 71.986242] ? blake2s_update+0x4c/0xc0\n[ 71.986246] usb_new_device.cold+0x148/0x36d\n[ 71.986250] hub_event+0xa8a/0x1910\n[ 71.986255] process_one_work+0x1c4/0x380\n[ 71.986259] worker_thread+0x51/0x390\n[ 71.986262] ? rescuer_thread+0x3b0/0x3b0\n[ 71.986264] kthread+0xdb/0x110\n[ 71.986266] ? kthread_complete_and_exit+0x20/0x20\n[ 71.986268] ret_from_fork+0x1f/0x30\n[ 71.986273] \n[ 71.986274] ---[ end trace 0000000000000000 ]---\n[ 71.986284] btusb: probe of 2-1.6:1.0 failed with error -17" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/549b46f8130effccf168293270bb3b1d5da529cc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a49894a5ac3656f1a4f0f6b110460060e8026bf8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b5ca338751ad4783ec8d37b5d99c3e37b7813e59", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dc8fa6570deadb70c3fb74d7cd8ce38849feaed0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48983.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48983.json new file mode 100644 index 00000000000..0b3c078d62d --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48983.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-48983", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:10.283", + "lastModified": "2024-10-21T20:15:10.283", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: Fix a null-ptr-deref in io_tctx_exit_cb()\n\nSyzkaller reports a NULL deref bug as follows:\n\n BUG: KASAN: null-ptr-deref in io_tctx_exit_cb+0x53/0xd3\n Read of size 4 at addr 0000000000000138 by task file1/1955\n\n CPU: 1 PID: 1955 Comm: file1 Not tainted 6.1.0-rc7-00103-gef4d3ea40565 #75\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014\n Call Trace:\n \n dump_stack_lvl+0xcd/0x134\n ? io_tctx_exit_cb+0x53/0xd3\n kasan_report+0xbb/0x1f0\n ? io_tctx_exit_cb+0x53/0xd3\n kasan_check_range+0x140/0x190\n io_tctx_exit_cb+0x53/0xd3\n task_work_run+0x164/0x250\n ? task_work_cancel+0x30/0x30\n get_signal+0x1c3/0x2440\n ? lock_downgrade+0x6e0/0x6e0\n ? lock_downgrade+0x6e0/0x6e0\n ? exit_signals+0x8b0/0x8b0\n ? do_raw_read_unlock+0x3b/0x70\n ? do_raw_spin_unlock+0x50/0x230\n arch_do_signal_or_restart+0x82/0x2470\n ? kmem_cache_free+0x260/0x4b0\n ? putname+0xfe/0x140\n ? get_sigframe_size+0x10/0x10\n ? do_execveat_common.isra.0+0x226/0x710\n ? lockdep_hardirqs_on+0x79/0x100\n ? putname+0xfe/0x140\n ? do_execveat_common.isra.0+0x238/0x710\n exit_to_user_mode_prepare+0x15f/0x250\n syscall_exit_to_user_mode+0x19/0x50\n do_syscall_64+0x42/0xb0\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n RIP: 0023:0x0\n Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n RSP: 002b:00000000fffb7790 EFLAGS: 00000200 ORIG_RAX: 000000000000000b\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \n Kernel panic - not syncing: panic_on_warn set ...\n\nThis happens because the adding of task_work from io_ring_exit_work()\nisn't synchronized with canceling all work items from eg exec. The\nexecution of the two are ordered in that they are both run by the task\nitself, but if io_tctx_exit_cb() is queued while we're canceling all\nwork items off exec AND gets executed when the task exits to userspace\nrather than in the main loop in io_uring_cancel_generic(), then we can\nfind current->io_uring == NULL and hit the above crash.\n\nIt's safe to add this NULL check here, because the execution of the two\npaths are done by the task itself.\n\n[axboe: add code comment and also put an explanation in the commit msg]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/998b30c3948e4d0b1097e639918c5cff332acac5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d91edca1943453aaaba4f380f6f364346222e5cf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f895511de9d27fff71dad2c234ad53b4afd2b06c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48984.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48984.json new file mode 100644 index 00000000000..5ed2738db16 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48984.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-48984", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:10.360", + "lastModified": "2024-10-21T20:15:10.360", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: slcan: fix freed work crash\n\nThe LTP test pty03 is causing a crash in slcan:\n BUG: kernel NULL pointer dereference, address: 0000000000000008\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 0 PID: 348 Comm: kworker/0:3 Not tainted 6.0.8-1-default #1 openSUSE Tumbleweed 9d20364b934f5aab0a9bdf84e8f45cfdfae39dab\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b-rebuilt.opensuse.org 04/01/2014\n Workqueue: 0x0 (events)\n RIP: 0010:process_one_work (/home/rich/kernel/linux/kernel/workqueue.c:706 /home/rich/kernel/linux/kernel/workqueue.c:2185)\n Code: 49 89 ff 41 56 41 55 41 54 55 53 48 89 f3 48 83 ec 10 48 8b 06 48 8b 6f 48 49 89 c4 45 30 e4 a8 04 b8 00 00 00 00 4c 0f 44 e0 <49> 8b 44 24 08 44 8b a8 00 01 00 00 41 83 e5 20 f6 45 10 04 75 0e\n RSP: 0018:ffffaf7b40f47e98 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: ffff9d644e1b8b48 RCX: ffff9d649e439968\n RDX: 00000000ffff8455 RSI: ffff9d644e1b8b48 RDI: ffff9d64764aa6c0\n RBP: ffff9d649e4335c0 R08: 0000000000000c00 R09: ffff9d64764aa734\n R10: 0000000000000007 R11: 0000000000000001 R12: 0000000000000000\n R13: ffff9d649e4335e8 R14: ffff9d64490da780 R15: ffff9d64764aa6c0\n FS: 0000000000000000(0000) GS:ffff9d649e400000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000008 CR3: 0000000036424000 CR4: 00000000000006f0\n Call Trace:\n \n worker_thread (/home/rich/kernel/linux/kernel/workqueue.c:2436)\n kthread (/home/rich/kernel/linux/kernel/kthread.c:376)\n ret_from_fork (/home/rich/kernel/linux/arch/x86/entry/entry_64.S:312)\n\nApparently, the slcan's tx_work is freed while being scheduled. While\nslcan_netdev_close() (netdev side) calls flush_work(&sl->tx_work),\nslcan_close() (tty side) does not. So when the netdev is never set UP,\nbut the tty is stuffed with bytes and forced to wakeup write, the work\nis scheduled, but never flushed.\n\nSo add an additional flush_work() to slcan_close() to be sure the work\nis flushed under all circumstances.\n\nThe Fixes commit below moved flush_work() from slcan_close() to\nslcan_netdev_close(). What was the rationale behind it? Maybe we can\ndrop the one in slcan_netdev_close()?\n\nI see the same pattern in can327. So it perhaps needs the very same fix." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/9e2709d58a14a10eb00d919acd7dec071c33f8c8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fb855e9f3b6b42c72af3f1eb0b288998fe0d5ebb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48985.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48985.json new file mode 100644 index 00000000000..e562ace2f3c --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48985.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-48985", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:10.463", + "lastModified": "2024-10-21T20:15:10.463", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix race on per-CQ variable napi work_done\n\nAfter calling napi_complete_done(), the NAPIF_STATE_SCHED bit may be\ncleared, and another CPU can start napi thread and access per-CQ variable,\ncq->work_done. If the other thread (for example, from busy_poll) sets\nit to a value >= budget, this thread will continue to run when it should\nstop, and cause memory corruption and panic.\n\nTo fix this issue, save the per-CQ work_done variable in a local variable\nbefore napi_complete_done(), so it won't be corrupted by a possible\nconcurrent thread after napi_complete_done().\n\nAlso, add a flag bit to advertise to the NIC firmware: the NAPI work_done\nvariable race is fixed, so the driver is able to reliably support features\nlike busy_poll." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/18010ff776fa42340efc428b3ea6d19b3e7c7b21", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6740d8572ccd1bca50d8a1ca2bedc333f50ed5f3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fe50a9bbeb1f042e756c5cfa7708112c944368de", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48986.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48986.json new file mode 100644 index 00000000000..2c24d62fd5f --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48986.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-48986", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:10.527", + "lastModified": "2024-10-21T20:15:10.527", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/gup: fix gup_pud_range() for dax\n\nFor dax pud, pud_huge() returns true on x86. So the function works as long\nas hugetlb is configured. However, dax doesn't depend on hugetlb.\nCommit 414fd080d125 (\"mm/gup: fix gup_pmd_range() for dax\") fixed\ndevmap-backed huge PMDs, but missed devmap-backed huge PUDs. Fix this as\nwell.\n\nThis fixes the below kernel panic:\n\ngeneral protection fault, probably for non-canonical address 0x69e7c000cc478: 0000 [#1] SMP\n\t< snip >\nCall Trace:\n\nget_user_pages_fast+0x1f/0x40\niov_iter_get_pages+0xc6/0x3b0\n? mempool_alloc+0x5d/0x170\nbio_iov_iter_get_pages+0x82/0x4e0\n? bvec_alloc+0x91/0xc0\n? bio_alloc_bioset+0x19a/0x2a0\nblkdev_direct_IO+0x282/0x480\n? __io_complete_rw_common+0xc0/0xc0\n? filemap_range_has_page+0x82/0xc0\ngeneric_file_direct_write+0x9d/0x1a0\n? inode_update_time+0x24/0x30\n__generic_file_write_iter+0xbd/0x1e0\nblkdev_write_iter+0xb4/0x150\n? io_import_iovec+0x8d/0x340\nio_write+0xf9/0x300\nio_issue_sqe+0x3c3/0x1d30\n? sysvec_reschedule_ipi+0x6c/0x80\n__io_queue_sqe+0x33/0x240\n? fget+0x76/0xa0\nio_submit_sqes+0xe6a/0x18d0\n? __fget_light+0xd1/0x100\n__x64_sys_io_uring_enter+0x199/0x880\n? __context_tracking_enter+0x1f/0x70\n? irqentry_exit_to_user_mode+0x24/0x30\n? irqentry_exit+0x1d/0x30\n? __context_tracking_exit+0xe/0x70\ndo_syscall_64+0x3b/0x90\nentry_SYSCALL_64_after_hwframe+0x61/0xcb\nRIP: 0033:0x7fc97c11a7be\n\t< snip >\n\n---[ end trace 48b2e0e67debcaeb ]---\nRIP: 0010:internal_get_user_pages_fast+0x340/0x990\n\t< snip >\nKernel panic - not syncing: Fatal exception\nKernel Offset: disabled" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/04edfa3dc06ecfc6133a33bc7271298782dee875", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3ac29732a2ffa64c7de13a072b0f2848b9c11037", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e06d13c36ded750c72521b600293befebb4e56c5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f1cf856123ceb766c49967ec79b841030fa1741f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fcd0ccd836ffad73d98a66f6fea7b16f735ea920", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48987.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48987.json new file mode 100644 index 00000000000..5156b32a7f4 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48987.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-48987", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:10.617", + "lastModified": "2024-10-21T20:15:10.617", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l2-dv-timings.c: fix too strict blanking sanity checks\n\nSanity checks were added to verify the v4l2_bt_timings blanking fields\nin order to avoid integer overflows when userspace passes weird values.\n\nBut that assumed that userspace would correctly fill in the front porch,\nbackporch and sync values, but sometimes all you know is the total\nblanking, which is then assigned to just one of these fields.\n\nAnd that can fail with these checks.\n\nSo instead set a maximum for the total horizontal and vertical\nblanking and check that each field remains below that.\n\nThat is still sufficient to avoid integer overflows, but it also\nallows for more flexibility in how userspace fills in these fields." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0d73b49c4037199472b29574ae21c21aef493971", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2572ab14b73aa45b6ae7e4c089ccf119fed5cf89", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/32f01f0306a98629508f84d7ef0d1d037bc274a2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4afc77068e36cee45b39d4fdc7513de26980f72c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5eef2141776da02772c44ec406d6871a790761ee", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6fb8bc29bfa80707994a63cc97e2f9920e0b0608", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a2b56627c0d13009e02f6f2c0206c0451ed19a0e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d3d14cdf1c7ae2caa3e999bae95ba99e955fb7c3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48988.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48988.json new file mode 100644 index 00000000000..84498ee4979 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48988.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2022-48988", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:10.710", + "lastModified": "2024-10-21T20:15:10.710", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg: fix possible use-after-free in memcg_write_event_control()\n\nmemcg_write_event_control() accesses the dentry->d_name of the specified\ncontrol fd to route the write call. As a cgroup interface file can't be\nrenamed, it's safe to access d_name as long as the specified file is a\nregular cgroup file. Also, as these cgroup interface files can't be\nremoved before the directory, it's safe to access the parent too.\n\nPrior to 347c4a874710 (\"memcg: remove cgroup_event->cft\"), there was a\ncall to __file_cft() which verified that the specified file is a regular\ncgroupfs file before further accesses. The cftype pointer returned from\n__file_cft() was no longer necessary and the commit inadvertently dropped\nthe file type check with it allowing any file to slip through. With the\ninvarients broken, the d_name and parent accesses can now race against\nrenames and removals of arbitrary files and cause use-after-free's.\n\nFix the bug by resurrecting the file type check in __file_cft(). Now that\ncgroupfs is implemented through kernfs, checking the file operations needs\nto go through a layer of indirection. Instead, let's check the superblock\nand dentry type." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0ed074317b835caa6c03bcfa8f133365324673dc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/35963b31821920908e397146502066f6b032c917", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4a7ba45b1a435e7097ca0f79a847d0949d0eb088", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/aad8bbd17a1d586005feb9226c2e9cfce1432e13", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b77600e26fd48727a95ffd50ba1e937efb548125", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e1ae97624ecf400ea56c238bff23e5cd139df0b8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f1f7f36cf682fa59db15e2089039a2eeb58ff2ad", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48989.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48989.json new file mode 100644 index 00000000000..42c6d03463a --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48989.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-48989", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:10.820", + "lastModified": "2024-10-21T20:15:10.820", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfscache: Fix oops due to race with cookie_lru and use_cookie\n\nIf a cookie expires from the LRU and the LRU_DISCARD flag is set, but\nthe state machine has not run yet, it's possible another thread can call\nfscache_use_cookie and begin to use it.\n\nWhen the cookie_worker finally runs, it will see the LRU_DISCARD flag\nset, transition the cookie->state to LRU_DISCARDING, which will then\nwithdraw the cookie. Once the cookie is withdrawn the object is removed\nthe below oops will occur because the object associated with the cookie\nis now NULL.\n\nFix the oops by clearing the LRU_DISCARD bit if another thread uses the\ncookie before the cookie_worker runs.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000008\n ...\n CPU: 31 PID: 44773 Comm: kworker/u130:1 Tainted: G E 6.0.0-5.dneg.x86_64 #1\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022\n Workqueue: events_unbound netfs_rreq_write_to_cache_work [netfs]\n RIP: 0010:cachefiles_prepare_write+0x28/0x90 [cachefiles]\n ...\n Call Trace:\n netfs_rreq_write_to_cache_work+0x11c/0x320 [netfs]\n process_one_work+0x217/0x3e0\n worker_thread+0x4a/0x3b0\n kthread+0xd6/0x100" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/37f0b459c9b67e14fe4dcc3a15d286c4436ed01d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b5b52de3214a29911f949459a79f6640969b5487", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48990.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48990.json new file mode 100644 index 00000000000..f3655e07e47 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48990.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-48990", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:10.910", + "lastModified": "2024-10-21T20:15:10.910", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix use-after-free during gpu recovery\n\n[Why]\n [ 754.862560] refcount_t: underflow; use-after-free.\n [ 754.862898] Call Trace:\n [ 754.862903] \n [ 754.862913] amdgpu_job_free_cb+0xc2/0xe1 [amdgpu]\n [ 754.863543] drm_sched_main.cold+0x34/0x39 [amd_sched]\n\n[How]\n The fw_fence may be not init, check whether dma_fence_init\n is performed before job free" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3cb93f390453cde4d6afda1587aaa00e75e09617", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d2a89cd942edd50c1e652004fd64019be78b0a96", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48991.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48991.json new file mode 100644 index 00000000000..b1337f94cc8 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48991.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-48991", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:11.000", + "lastModified": "2024-10-21T20:15:11.000", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/khugepaged: invoke MMU notifiers in shmem/file collapse paths\n\nAny codepath that zaps page table entries must invoke MMU notifiers to\nensure that secondary MMUs (like KVM) don't keep accessing pages which\naren't mapped anymore. Secondary MMUs don't hold their own references to\npages that are mirrored over, so failing to notify them can lead to page\nuse-after-free.\n\nI'm marking this as addressing an issue introduced in commit f3f0e1d2150b\n(\"khugepaged: add support of collapse for tmpfs/shmem pages\"), but most of\nthe security impact of this only came in commit 27e1f8273113 (\"khugepaged:\nenable collapse pmd for pte-mapped THP\"), which actually omitted flushes\nfor the removal of present PTEs, not just for the removal of empty page\ntables." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1a3f8c6cd29d9078cc81b29d39d0e9ae1d6a03c3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/275c626c131cfe141beeb6c575e31fa53d32da19", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5450535901d89a5dcca5fbbc59a24fe89caeb465", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5ffc2a75534d9d74d49760f983f8eb675fa63d69", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7f445ca2e0e59c7971d0b7b853465e50844ab596", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c23105673228c349739e958fa33955ed8faddcaf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f268f6cf875f3220afc77bdd0bf1bb136eb54db9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ff2a1a6f869650aec99e9d070b5ab625bfbc5bc3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48992.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48992.json new file mode 100644 index 00000000000..9bcff4f5987 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48992.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-48992", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:11.067", + "lastModified": "2024-10-21T20:15:11.067", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: soc-pcm: Add NULL check in BE reparenting\n\nAdd NULL check in dpcm_be_reparent API, to handle\nkernel NULL pointer dereference error.\nThe issue occurred in fuzzing test." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0760acc2e6598ad4f7bd3662db2d907ef0838139", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/34a9796bf0684bfd54e96a142560d560c21c983b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9f74b9aa8d58c18927bb9b65dd5ba70a5fd61615", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d4dd21a79dbb862d2ebcf9ed90e646416009ff0d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/db8f91d424fe0ea6db337aca8bc05908bbce1498", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e7166d6821c15f3516bcac8ae3f155924da1908c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f2ba66d8738584d124aff4e760ed1337f5f6dfb6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f6f45e538328df9ce66aa61bafee1a5717c4b700", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48993.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48993.json new file mode 100644 index 00000000000..7403c803d30 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48993.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-48993", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:11.163", + "lastModified": "2024-10-21T20:15:11.163", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: Use kzalloc() in fbcon_prepare_logo()\n\nA kernel built with syzbot's config file reported that\n\n scr_memcpyw(q, save, array3_size(logo_lines, new_cols, 2))\n\ncauses uninitialized \"save\" to be copied.\n\n ----------\n [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0\n [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1\n Console: switching to colour frame buffer device 128x48\n =====================================================\n BUG: KMSAN: uninit-value in do_update_region+0x4b8/0xba0\n do_update_region+0x4b8/0xba0\n update_region+0x40d/0x840\n fbcon_switch+0x3364/0x35e0\n redraw_screen+0xae3/0x18a0\n do_bind_con_driver+0x1cb3/0x1df0\n do_take_over_console+0x11cb/0x13f0\n fbcon_fb_registered+0xacc/0xfd0\n register_framebuffer+0x1179/0x1320\n __drm_fb_helper_initial_config_and_unlock+0x23ad/0x2b40\n drm_fbdev_client_hotplug+0xbea/0xda0\n drm_fbdev_generic_setup+0x65e/0x9d0\n vkms_init+0x9f3/0xc76\n (...snipped...)\n\n Uninit was stored to memory at:\n fbcon_prepare_logo+0x143b/0x1940\n fbcon_init+0x2c1b/0x31c0\n visual_init+0x3e7/0x820\n do_bind_con_driver+0x14a4/0x1df0\n do_take_over_console+0x11cb/0x13f0\n fbcon_fb_registered+0xacc/0xfd0\n register_framebuffer+0x1179/0x1320\n __drm_fb_helper_initial_config_and_unlock+0x23ad/0x2b40\n drm_fbdev_client_hotplug+0xbea/0xda0\n drm_fbdev_generic_setup+0x65e/0x9d0\n vkms_init+0x9f3/0xc76\n (...snipped...)\n\n Uninit was created at:\n __kmem_cache_alloc_node+0xb69/0x1020\n __kmalloc+0x379/0x680\n fbcon_prepare_logo+0x704/0x1940\n fbcon_init+0x2c1b/0x31c0\n visual_init+0x3e7/0x820\n do_bind_con_driver+0x14a4/0x1df0\n do_take_over_console+0x11cb/0x13f0\n fbcon_fb_registered+0xacc/0xfd0\n register_framebuffer+0x1179/0x1320\n __drm_fb_helper_initial_config_and_unlock+0x23ad/0x2b40\n drm_fbdev_client_hotplug+0xbea/0xda0\n drm_fbdev_generic_setup+0x65e/0x9d0\n vkms_init+0x9f3/0xc76\n (...snipped...)\n\n CPU: 2 PID: 1 Comm: swapper/0 Not tainted 6.1.0-rc4-00356-g8f2975c2bb4c #924\n Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006\n ----------" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/20e78b7d1c1019789d9754ad9246192916f1a3b4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9bbebc6aba72ece39a200c8141f44e68ba883877", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9d5126b574c9177ed9ca925e36f85a1e6ce80bd2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a6a00d7e8ffd78d1cdb7a43f1278f081038c638f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d9b53caf0191cee24afd05ca6c83ed873199b52d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e70a5724400a841c9857ee3d08dae4d6c53ee40d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48994.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48994.json new file mode 100644 index 00000000000..149b66507b1 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48994.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-48994", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:11.257", + "lastModified": "2024-10-21T20:15:11.257", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event\n\nWith clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),\nindirect call targets are validated against the expected function\npointer prototype to make sure the call target is valid to help mitigate\nROP attacks. If they are not identical, there is a failure at run time,\nwhich manifests as either a kernel panic or thread getting killed.\n\nseq_copy_in_user() and seq_copy_in_kernel() did not have prototypes\nmatching snd_seq_dump_func_t. Adjust this and remove the casts. There\nare not resulting binary output differences.\n\nThis was found as a result of Clang's new -Wcast-function-type-strict\nflag, which is more sensitive than the simpler -Wcast-function-type,\nwhich only checks for type width mismatches." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/05530ef7cf7c7d700f6753f058999b1b5099a026", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/13ee8fb5410b740c8dd2867d3557c7662f7dda2d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/15c42ab8d43acb73e2eba361ad05822c0af0ecfa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2f46e95bf344abc4e74f8158901d32a869e0adb6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/63badfed200219ca656968725f1a43df293ac936", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b38486e82ecb9f3046e0184205f6b61408fc40c9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e385360705a0b346bdb57ce938249175d0613b8a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fccd454129f6a0739651f7f58307cdb631fd6e89", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48995.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48995.json new file mode 100644 index 00000000000..055ef112fc1 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48995.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-48995", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:11.343", + "lastModified": "2024-10-21T20:15:11.343", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: raydium_ts_i2c - fix memory leak in raydium_i2c_send()\n\nThere is a kmemleak when test the raydium_i2c_ts with bpf mock device:\n\n unreferenced object 0xffff88812d3675a0 (size 8):\n comm \"python3\", pid 349, jiffies 4294741067 (age 95.695s)\n hex dump (first 8 bytes):\n 11 0e 10 c0 01 00 04 00 ........\n backtrace:\n [<0000000068427125>] __kmalloc+0x46/0x1b0\n [<0000000090180f91>] raydium_i2c_send+0xd4/0x2bf [raydium_i2c_ts]\n [<000000006e631aee>] raydium_i2c_initialize.cold+0xbc/0x3e4 [raydium_i2c_ts]\n [<00000000dc6fcf38>] raydium_i2c_probe+0x3cd/0x6bc [raydium_i2c_ts]\n [<00000000a310de16>] i2c_device_probe+0x651/0x680\n [<00000000f5a96bf3>] really_probe+0x17c/0x3f0\n [<00000000096ba499>] __driver_probe_device+0xe3/0x170\n [<00000000c5acb4d9>] driver_probe_device+0x49/0x120\n [<00000000264fe082>] __device_attach_driver+0xf7/0x150\n [<00000000f919423c>] bus_for_each_drv+0x114/0x180\n [<00000000e067feca>] __device_attach+0x1e5/0x2d0\n [<0000000054301fc2>] bus_probe_device+0x126/0x140\n [<00000000aad93b22>] device_add+0x810/0x1130\n [<00000000c086a53f>] i2c_new_client_device+0x352/0x4e0\n [<000000003c2c248c>] of_i2c_register_device+0xf1/0x110\n [<00000000ffec4177>] of_i2c_notify+0x100/0x160\n unreferenced object 0xffff88812d3675c8 (size 8):\n comm \"python3\", pid 349, jiffies 4294741070 (age 95.692s)\n hex dump (first 8 bytes):\n 22 00 36 2d 81 88 ff ff \".6-....\n backtrace:\n [<0000000068427125>] __kmalloc+0x46/0x1b0\n [<0000000090180f91>] raydium_i2c_send+0xd4/0x2bf [raydium_i2c_ts]\n [<000000001d5c9620>] raydium_i2c_initialize.cold+0x223/0x3e4 [raydium_i2c_ts]\n [<00000000dc6fcf38>] raydium_i2c_probe+0x3cd/0x6bc [raydium_i2c_ts]\n [<00000000a310de16>] i2c_device_probe+0x651/0x680\n [<00000000f5a96bf3>] really_probe+0x17c/0x3f0\n [<00000000096ba499>] __driver_probe_device+0xe3/0x170\n [<00000000c5acb4d9>] driver_probe_device+0x49/0x120\n [<00000000264fe082>] __device_attach_driver+0xf7/0x150\n [<00000000f919423c>] bus_for_each_drv+0x114/0x180\n [<00000000e067feca>] __device_attach+0x1e5/0x2d0\n [<0000000054301fc2>] bus_probe_device+0x126/0x140\n [<00000000aad93b22>] device_add+0x810/0x1130\n [<00000000c086a53f>] i2c_new_client_device+0x352/0x4e0\n [<000000003c2c248c>] of_i2c_register_device+0xf1/0x110\n [<00000000ffec4177>] of_i2c_notify+0x100/0x160\n\nAfter BANK_SWITCH command from i2c BUS, no matter success or error\nhappened, the tx_buf should be freed." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/097c1c7a28e3da8f2811ba532be6e81faab15aab", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/53b9b1201e34ccc895971218559123625c56fbcd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8c9a59939deb4bfafdc451100c03d1e848b4169b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a82869ac52f3d9db4b2cf8fd41edc2dee7a75a61", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48996.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48996.json new file mode 100644 index 00000000000..5e6856aa061 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48996.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-48996", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:11.423", + "lastModified": "2024-10-21T20:15:11.423", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs: fix wrong empty schemes assumption under online tuning in damon_sysfs_set_schemes()\n\nCommit da87878010e5 (\"mm/damon/sysfs: support online inputs update\") made\n'damon_sysfs_set_schemes()' to be called for running DAMON context, which\ncould have schemes. In the case, DAMON sysfs interface is supposed to\nupdate, remove, or add schemes to reflect the sysfs files. However, the\ncode is assuming the DAMON context wouldn't have schemes at all, and\ntherefore creates and adds new schemes. As a result, the code doesn't\nwork as intended for online schemes tuning and could have more than\nexpected memory footprint. The schemes are all in the DAMON context, so\nit doesn't leak the memory, though.\n\nRemove the wrong asssumption (the DAMON context wouldn't have schemes) in\n'damon_sysfs_set_schemes()' to fix the bug." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/95bc35f9bee5220dad4e8567654ab3288a181639", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f98d1f2a36ad7ab48fb4cf73ca14e7b19482fd4d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48997.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48997.json new file mode 100644 index 00000000000..c30f7475c21 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48997.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-48997", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:11.503", + "lastModified": "2024-10-21T20:15:11.503", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: tpm: Protect tpm_pm_suspend with locks\n\nCurrently tpm transactions are executed unconditionally in\ntpm_pm_suspend() function, which may lead to races with other tpm\naccessors in the system.\n\nSpecifically, the hw_random tpm driver makes use of tpm_get_random(),\nand this function is called in a loop from a kthread, which means it's\nnot frozen alongside userspace, and so can race with the work done\nduring system suspend:\n\n tpm tpm0: tpm_transmit: tpm_recv: error -52\n tpm tpm0: invalid TPM_STS.x 0xff, dumping stack for forensics\n CPU: 0 PID: 1 Comm: init Not tainted 6.1.0-rc5+ #135\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014\n Call Trace:\n tpm_tis_status.cold+0x19/0x20\n tpm_transmit+0x13b/0x390\n tpm_transmit_cmd+0x20/0x80\n tpm1_pm_suspend+0xa6/0x110\n tpm_pm_suspend+0x53/0x80\n __pnp_bus_suspend+0x35/0xe0\n __device_suspend+0x10f/0x350\n\nFix this by calling tpm_try_get_ops(), which itself is a wrapper around\ntpm_chip_start(), but takes the appropriate mutex.\n\n[Jason: reworked commit message, added metadata]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/23393c6461422df5bf8084a086ada9a7e17dc2ba", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/25b78bf98b07ff5aceb9b1e24f72ec0236c5c053", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4e0d6c687c925e27fd4bc78a2721d10acf5614d6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/571b6bbbf54d835ea6120f65575cb55cd767e603", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d699373ac5f3545243d3c73a1ccab77fdef8cec6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48998.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48998.json new file mode 100644 index 00000000000..9fcf0162db9 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48998.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-48998", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:11.570", + "lastModified": "2024-10-21T20:15:11.570", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/bpf/32: Fix Oops on tail call tests\n\ntest_bpf tail call tests end up as:\n\n test_bpf: #0 Tail call leaf jited:1 85 PASS\n test_bpf: #1 Tail call 2 jited:1 111 PASS\n test_bpf: #2 Tail call 3 jited:1 145 PASS\n test_bpf: #3 Tail call 4 jited:1 170 PASS\n test_bpf: #4 Tail call load/store leaf jited:1 190 PASS\n test_bpf: #5 Tail call load/store jited:1\n BUG: Unable to handle kernel data access on write at 0xf1b4e000\n Faulting instruction address: 0xbe86b710\n Oops: Kernel access of bad area, sig: 11 [#1]\n BE PAGE_SIZE=4K MMU=Hash PowerMac\n Modules linked in: test_bpf(+)\n CPU: 0 PID: 97 Comm: insmod Not tainted 6.1.0-rc4+ #195\n Hardware name: PowerMac3,1 750CL 0x87210 PowerMac\n NIP: be86b710 LR: be857e88 CTR: be86b704\n REGS: f1b4df20 TRAP: 0300 Not tainted (6.1.0-rc4+)\n MSR: 00009032 CR: 28008242 XER: 00000000\n DAR: f1b4e000 DSISR: 42000000\n GPR00: 00000001 f1b4dfe0 c11d2280 00000000 00000000 00000000 00000002 00000000\n GPR08: f1b4e000 be86b704 f1b4e000 00000000 00000000 100d816a f2440000 fe73baa8\n GPR16: f2458000 00000000 c1941ae4 f1fe2248 00000045 c0de0000 f2458030 00000000\n GPR24: 000003e8 0000000f f2458000 f1b4dc90 3e584b46 00000000 f24466a0 c1941a00\n NIP [be86b710] 0xbe86b710\n LR [be857e88] __run_one+0xec/0x264 [test_bpf]\n Call Trace:\n [f1b4dfe0] [00000002] 0x2 (unreliable)\n Instruction dump:\n XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX\n XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX\n ---[ end trace 0000000000000000 ]---\n\nThis is a tentative to write above the stack. The problem is encoutered\nwith tests added by commit 38608ee7b690 (\"bpf, tests: Add load store\ntest case for tail call\")\n\nThis happens because tail call is done to a BPF prog with a different\nstack_depth. At the time being, the stack is kept as is when the caller\ntail calls its callee. But at exit, the callee restores the stack based\non its own properties. Therefore here, at each run, r1 is erroneously\nincreased by 32 - 16 = 16 bytes.\n\nThis was done that way in order to pass the tail call count from caller\nto callee through the stack. As powerpc32 doesn't have a red zone in\nthe stack, it was necessary the maintain the stack as is for the tail\ncall. But it was not anticipated that the BPF frame size could be\ndifferent.\n\nLet's take a new approach. Use register r4 to carry the tail call count\nduring the tail call, and save it into the stack at function entry if\nrequired. This means the input parameter must be in r3, which is more\ncorrect as it is a 32 bits parameter, then tail call better match with\nnormal BPF function entry, the down side being that we move that input\nparameter back and forth between r3 and r4. That can be optimised later.\n\nDoing that also has the advantage of maximising the common parts between\ntail calls and a normal function exit.\n\nWith the fix, tail call tests are now successfull:\n\n test_bpf: #0 Tail call leaf jited:1 53 PASS\n test_bpf: #1 Tail call 2 jited:1 115 PASS\n test_bpf: #2 Tail call 3 jited:1 154 PASS\n test_bpf: #3 Tail call 4 jited:1 165 PASS\n test_bpf: #4 Tail call load/store leaf jited:1 101 PASS\n test_bpf: #5 Tail call load/store jited:1 141 PASS\n test_bpf: #6 Tail call error path, max count reached jited:1 994 PASS\n test_bpf: #7 Tail call count preserved across function calls jited:1 140975 PASS\n test_bpf: #8 Tail call error path, NULL target jited:1 110 PASS\n test_bpf: #9 Tail call error path, index out of range jited:1 69 PASS\n test_bpf: test_tail_calls: Summary: 10 PASSED, 0 FAILED, [10/10 JIT'ed]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/747a6e547240baaaf41874d27333b87b87cfd24c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/89d21e259a94f7d5582ec675aa445f5a79f347e4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48999.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48999.json new file mode 100644 index 00000000000..781b46dab30 --- /dev/null +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48999.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-48999", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:11.630", + "lastModified": "2024-10-21T20:15:11.630", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: Handle attempt to delete multipath route when fib_info contains an nh reference\n\nGwangun Jung reported a slab-out-of-bounds access in fib_nh_match:\n fib_nh_match+0xf98/0x1130 linux-6.0-rc7/net/ipv4/fib_semantics.c:961\n fib_table_delete+0x5f3/0xa40 linux-6.0-rc7/net/ipv4/fib_trie.c:1753\n inet_rtm_delroute+0x2b3/0x380 linux-6.0-rc7/net/ipv4/fib_frontend.c:874\n\nSeparate nexthop objects are mutually exclusive with the legacy\nmultipath spec. Fix fib_nh_match to return if the config for the\nto be deleted route contains a multipath spec while the fib_info\nis using a nexthop object." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0b5394229ebae09afc07aabccb5ffd705ffd250e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/25174d91e4a32a24204060d283bd5fa6d0ddf133", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/61b91eb33a69c3be11b259c5ea484505cd79f883", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bb20a2ae241be846bc3c11ea4b3a3c69e41d51f2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cc3cd130ecfb8b0ae52e235e487bae3f16a24a32", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49000.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49000.json new file mode 100644 index 00000000000..3fc4103908d --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49000.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-49000", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:11.710", + "lastModified": "2024-10-21T20:15:11.710", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix PCI device refcount leak in has_external_pci()\n\nfor_each_pci_dev() is implemented by pci_get_device(). The comment of\npci_get_device() says that it will increase the reference count for the\nreturned pci_dev and also decrease the reference count for the input\npci_dev @from if it is not NULL.\n\nIf we break for_each_pci_dev() loop with pdev not NULL, we need to call\npci_dev_put() to decrease the reference count. Add the missing\npci_dev_put() before 'return true' to avoid reference count leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/10ed7655a17f6a3eaecd1293830488259ccd5723", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/17f67414718e6aba123335a33b7d15aa594fff34", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/afca9e19cc720bfafc75dc5ce429c185ca93f31d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b6eea8b2e858a20ad58ac62dc2de90fea2413f94", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49001.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49001.json new file mode 100644 index 00000000000..3228c0b3bf4 --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49001.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-49001", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:11.773", + "lastModified": "2024-10-21T20:15:11.773", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: fix race when vmap stack overflow\n\nCurrently, when detecting vmap stack overflow, riscv firstly switches\nto the so called shadow stack, then use this shadow stack to call the\nget_overflow_stack() to get the overflow stack. However, there's\na race here if two or more harts use the same shadow stack at the same\ntime.\n\nTo solve this race, we introduce spin_shadow_stack atomic var, which\nwill be swap between its own address and 0 in atomic way, when the\nvar is set, it means the shadow_stack is being used; when the var\nis cleared, it means the shadow_stack isn't being used.\n\n[Palmer: Add AQ to the swap, and also some comments.]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/7e1864332fbc1b993659eab7974da9fe8bf8c128", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/879fabc5a95401d9bce357e4b1d24ae4a360a81f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ac00301adb19df54f2eae1efc4bad7447c0156ce", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49002.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49002.json new file mode 100644 index 00000000000..0b60354bb45 --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49002.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-49002", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:11.853", + "lastModified": "2024-10-21T20:15:11.853", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()\n\nfor_each_pci_dev() is implemented by pci_get_device(). The comment of\npci_get_device() says that it will increase the reference count for the\nreturned pci_dev and also decrease the reference count for the input\npci_dev @from if it is not NULL.\n\nIf we break for_each_pci_dev() loop with pdev not NULL, we need to call\npci_dev_put() to decrease the reference count. Add the missing\npci_dev_put() for the error path to avoid reference count leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2a8f7b90681472948de172dbbf5a54cd342870aa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4bedbbd782ebbe7287231fea862c158d4f08a9e3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/71c4a621985fc051ab86d3a86c749069a993fcb2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/876d7bfb89273997056220029ff12b1c2cc4691d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a5c65cd56aed027f8a97fda8b691caaeb66d115e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bdb613ef179ad4bb9d56a2533e9b30e434f1dfb7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cbdd83bd2fd67142b03ce9dbdd1eab322ff7321f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d47bc9d7bcdbb9adc9703513d964b514fee5b0bf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49003.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49003.json new file mode 100644 index 00000000000..c6541b1429d --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49003.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-49003", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:11.920", + "lastModified": "2024-10-21T20:15:11.920", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: fix SRCU protection of nvme_ns_head list\n\nWalking the nvme_ns_head siblings list is protected by the head's srcu\nin nvme_ns_head_submit_bio() but not nvme_mpath_revalidate_paths().\nRemoving namespaces from the list also fails to synchronize the srcu.\nConcurrent scan work can therefore cause use-after-frees.\n\nHold the head's srcu lock in nvme_mpath_revalidate_paths() and\nsynchronize with the srcu, not the global RCU, in nvme_ns_remove().\n\nObserved the following panic when making NVMe/RDMA connections\nwith native multipath on the Rocky Linux 8.6 kernel\n(it seems the upstream kernel has the same race condition).\nDisassembly shows the faulting instruction is cmp 0x50(%rdx),%rcx;\ncomputing capacity != get_capacity(ns->disk).\nAddress 0x50 is dereferenced because ns->disk is NULL.\nThe NULL disk appears to be the result of concurrent scan work\nfreeing the namespace (note the log line in the middle of the panic).\n\n[37314.206036] BUG: unable to handle kernel NULL pointer dereference at 0000000000000050\n[37314.206036] nvme0n3: detected capacity change from 0 to 11811160064\n[37314.299753] PGD 0 P4D 0\n[37314.299756] Oops: 0000 [#1] SMP PTI\n[37314.299759] CPU: 29 PID: 322046 Comm: kworker/u98:3 Kdump: loaded Tainted: G W X --------- - - 4.18.0-372.32.1.el8test86.x86_64 #1\n[37314.299762] Hardware name: Dell Inc. PowerEdge R720/0JP31P, BIOS 2.7.0 05/23/2018\n[37314.299763] Workqueue: nvme-wq nvme_scan_work [nvme_core]\n[37314.299783] RIP: 0010:nvme_mpath_revalidate_paths+0x26/0xb0 [nvme_core]\n[37314.299790] Code: 1f 44 00 00 66 66 66 66 90 55 53 48 8b 5f 50 48 8b 83 c8 c9 00 00 48 8b 13 48 8b 48 50 48 39 d3 74 20 48 8d 42 d0 48 8b 50 20 <48> 3b 4a 50 74 05 f0 80 60 70 ef 48 8b 50 30 48 8d 42 d0 48 39 d3\n[37315.058803] RSP: 0018:ffffabe28f913d10 EFLAGS: 00010202\n[37315.121316] RAX: ffff927a077da800 RBX: ffff92991dd70000 RCX: 0000000001600000\n[37315.206704] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff92991b719800\n[37315.292106] RBP: ffff929a6b70c000 R08: 000000010234cd4a R09: c0000000ffff7fff\n[37315.377501] R10: 0000000000000001 R11: ffffabe28f913a30 R12: 0000000000000000\n[37315.462889] R13: ffff92992716600c R14: ffff929964e6e030 R15: ffff92991dd70000\n[37315.548286] FS: 0000000000000000(0000) GS:ffff92b87fb80000(0000) knlGS:0000000000000000\n[37315.645111] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[37315.713871] CR2: 0000000000000050 CR3: 0000002208810006 CR4: 00000000000606e0\n[37315.799267] Call Trace:\n[37315.828515] nvme_update_ns_info+0x1ac/0x250 [nvme_core]\n[37315.892075] nvme_validate_or_alloc_ns+0x2ff/0xa00 [nvme_core]\n[37315.961871] ? __blk_mq_free_request+0x6b/0x90\n[37316.015021] nvme_scan_work+0x151/0x240 [nvme_core]\n[37316.073371] process_one_work+0x1a7/0x360\n[37316.121318] ? create_worker+0x1a0/0x1a0\n[37316.168227] worker_thread+0x30/0x390\n[37316.212024] ? create_worker+0x1a0/0x1a0\n[37316.258939] kthread+0x10a/0x120\n[37316.297557] ? set_kthread_struct+0x50/0x50\n[37316.347590] ret_from_fork+0x35/0x40\n[37316.390360] Modules linked in: nvme_rdma nvme_tcp(X) nvme_fabrics nvme_core netconsole iscsi_tcp libiscsi_tcp dm_queue_length dm_service_time nf_conntrack_netlink br_netfilter bridge stp llc overlay nft_chain_nat ipt_MASQUERADE nf_nat xt_addrtype xt_CT nft_counter xt_state xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_comment xt_multiport nft_compat nf_tables libcrc32c nfnetlink dm_multipath tg3 rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm intel_rapl_msr iTCO_wdt iTCO_vendor_support dcdbas intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel ipmi_ssif kvm irqbypass crct10dif_pclmul crc32_pclmul mlx5_ib ghash_clmulni_intel ib_uverbs rapl intel_cstate intel_uncore ib_core ipmi_si joydev mei_me pcspkr ipmi_devintf mei lpc_ich wmi ipmi_msghandler acpi_power_meter ex\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5b566d09ab1b975566a53f9c5466ee260d087582", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/787d81d4eb150e443e5d1276c6e8f03cfecc2302", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/899d2a05dc14733cfba6224083c6b0dd5a738590", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49004.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49004.json new file mode 100644 index 00000000000..f14fb953314 --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49004.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-49004", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:11.990", + "lastModified": "2024-10-21T20:15:11.990", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Sync efi page table's kernel mappings before switching\n\nThe EFI page table is initially created as a copy of the kernel page table.\nWith VMAP_STACK enabled, kernel stacks are allocated in the vmalloc area:\nif the stack is allocated in a new PGD (one that was not present at the\nmoment of the efi page table creation or not synced in a previous vmalloc\nfault), the kernel will take a trap when switching to the efi page table\nwhen the vmalloc kernel stack is accessed, resulting in a kernel panic.\n\nFix that by updating the efi kernel mappings before switching to the efi\npage table." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3f105a742725a1b78766a55169f1d827732e62b8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/96f479383d92944406d4b3f2bc03c2f640def9f1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fa7a7d185ef380546b4b1fed6f84f31dbae8cec7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49005.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49005.json new file mode 100644 index 00000000000..436ef927fa4 --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49005.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-49005", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:12.040", + "lastModified": "2024-10-21T20:15:12.040", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: ops: Fix bounds check for _sx controls\n\nFor _sx controls the semantics of the max field is not the usual one, max\nis the number of steps rather than the maximum value. This means that our\ncheck in snd_soc_put_volsw_sx() needs to just check against the maximum\nvalue." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/325d94d16e3131b54bdf07356e4cd855e0d853fc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/46bab25cc0230df60d1c02b651cc5640a14b08df", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4a95a49f26308782b4056401989ecd7768fda8fa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/698813ba8c580efb356ace8dbf55f61dac6063a8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/73dce3c1d48c4662bdf3ccbde1492c2cb4bfd8ce", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/98b15c706644bebc19d2e77ccc360cc51444f6d0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b50c9641897274c3faef5f95ac852f54b94be2e8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e46adadf19248d59af3aa6bc52e09115bf479bf7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49006.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49006.json new file mode 100644 index 00000000000..104194936fc --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49006.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-49006", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:12.103", + "lastModified": "2024-10-21T20:15:12.103", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Free buffers when a used dynamic event is removed\n\nAfter 65536 dynamic events have been added and removed, the \"type\" field\nof the event then uses the first type number that is available (not\ncurrently used by other events). A type number is the identifier of the\nbinary blobs in the tracing ring buffer (known as events) to map them to\nlogic that can parse the binary blob.\n\nThe issue is that if a dynamic event (like a kprobe event) is traced and\nis in the ring buffer, and then that event is removed (because it is\ndynamic, which means it can be created and destroyed), if another dynamic\nevent is created that has the same number that new event's logic on\nparsing the binary blob will be used.\n\nTo show how this can be an issue, the following can crash the kernel:\n\n # cd /sys/kernel/tracing\n # for i in `seq 65536`; do\n echo 'p:kprobes/foo do_sys_openat2 $arg1:u32' > kprobe_events\n # done\n\nFor every iteration of the above, the writing to the kprobe_events will\nremove the old event and create a new one (with the same format) and\nincrease the type number to the next available on until the type number\nreaches over 65535 which is the max number for the 16 bit type. After it\nreaches that number, the logic to allocate a new number simply looks for\nthe next available number. When an dynamic event is removed, that number\nis then available to be reused by the next dynamic event created. That is,\nonce the above reaches the max number, the number assigned to the event in\nthat loop will remain the same.\n\nNow that means deleting one dynamic event and created another will reuse\nthe previous events type number. This is where bad things can happen.\nAfter the above loop finishes, the kprobes/foo event which reads the\ndo_sys_openat2 function call's first parameter as an integer.\n\n # echo 1 > kprobes/foo/enable\n # cat /etc/passwd > /dev/null\n # cat trace\n cat-2211 [005] .... 2007.849603: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196\n cat-2211 [005] .... 2007.849620: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196\n cat-2211 [005] .... 2007.849838: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196\n cat-2211 [005] .... 2007.849880: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196\n # echo 0 > kprobes/foo/enable\n\nNow if we delete the kprobe and create a new one that reads a string:\n\n # echo 'p:kprobes/foo do_sys_openat2 +0($arg2):string' > kprobe_events\n\nAnd now we can the trace:\n\n # cat trace\n sendmail-1942 [002] ..... 530.136320: foo: (do_sys_openat2+0x0/0x240) arg1= cat-2046 [004] ..... 530.930817: foo: (do_sys_openat2+0x0/0x240) arg1=\"\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\"\n cat-2046 [004] ..... 530.930961: foo: (do_sys_openat2+0x0/0x240) arg1=\"\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\"\n cat-2046 [004] ..... 530.934278: foo: (do_sys_openat2+0x0/0x240) arg1=\"\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\"\n cat-2046 [004] ..... 530.934563: foo: (do_sys_openat2+0x0/0x240) arg1=\"\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1603feac154ff38514e8354e3079a455eb4801e2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/417d5ea6e735e5d88ffb6c436cf2938f3f476dd1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4313e5a613049dfc1819a6dfb5f94cf2caff9452", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/be111ebd8868d4b7c041cb3c6102e1ae27d6dc1d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c52d0c8c4f38f7580cff61c4dfe1034c580cedfd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49007.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49007.json new file mode 100644 index 00000000000..fb01532b59a --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49007.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-49007", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:12.197", + "lastModified": "2024-10-21T20:15:12.197", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()\n\nSyzbot reported a null-ptr-deref bug:\n\n NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP\n frequency < 30 seconds\n general protection fault, probably for non-canonical address\n 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n CPU: 1 PID: 3603 Comm: segctord Not tainted\n 6.1.0-rc2-syzkaller-00105-gb229b6ca5abb #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google\n 10/11/2022\n RIP: 0010:nilfs_palloc_commit_free_entry+0xe5/0x6b0\n fs/nilfs2/alloc.c:608\n Code: 00 00 00 00 fc ff df 80 3c 02 00 0f 85 cd 05 00 00 48 b8 00 00 00\n 00 00 fc ff df 4c 8b 73 08 49 8d 7e 10 48 89 fa 48 c1 ea 03 <80> 3c 02\n 00 0f 85 26 05 00 00 49 8b 46 10 be a6 00 00 00 48 c7 c7\n RSP: 0018:ffffc90003dff830 EFLAGS: 00010212\n RAX: dffffc0000000000 RBX: ffff88802594e218 RCX: 000000000000000d\n RDX: 0000000000000002 RSI: 0000000000002000 RDI: 0000000000000010\n RBP: ffff888071880222 R08: 0000000000000005 R09: 000000000000003f\n R10: 000000000000000d R11: 0000000000000000 R12: ffff888071880158\n R13: ffff88802594e220 R14: 0000000000000000 R15: 0000000000000004\n FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000)\n knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fb1c08316a8 CR3: 0000000018560000 CR4: 0000000000350ee0\n Call Trace:\n \n nilfs_dat_commit_free fs/nilfs2/dat.c:114 [inline]\n nilfs_dat_commit_end+0x464/0x5f0 fs/nilfs2/dat.c:193\n nilfs_dat_commit_update+0x26/0x40 fs/nilfs2/dat.c:236\n nilfs_btree_commit_update_v+0x87/0x4a0 fs/nilfs2/btree.c:1940\n nilfs_btree_commit_propagate_v fs/nilfs2/btree.c:2016 [inline]\n nilfs_btree_propagate_v fs/nilfs2/btree.c:2046 [inline]\n nilfs_btree_propagate+0xa00/0xd60 fs/nilfs2/btree.c:2088\n nilfs_bmap_propagate+0x73/0x170 fs/nilfs2/bmap.c:337\n nilfs_collect_file_data+0x45/0xd0 fs/nilfs2/segment.c:568\n nilfs_segctor_apply_buffers+0x14a/0x470 fs/nilfs2/segment.c:1018\n nilfs_segctor_scan_file+0x3f4/0x6f0 fs/nilfs2/segment.c:1067\n nilfs_segctor_collect_blocks fs/nilfs2/segment.c:1197 [inline]\n nilfs_segctor_collect fs/nilfs2/segment.c:1503 [inline]\n nilfs_segctor_do_construct+0x12fc/0x6af0 fs/nilfs2/segment.c:2045\n nilfs_segctor_construct+0x8e3/0xb30 fs/nilfs2/segment.c:2379\n nilfs_segctor_thread_construct fs/nilfs2/segment.c:2487 [inline]\n nilfs_segctor_thread+0x3c3/0xf30 fs/nilfs2/segment.c:2570\n kthread+0x2e4/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306\n \n ...\n\nIf DAT metadata file is corrupted on disk, there is a case where\nreq->pr_desc_bh is NULL and blocknr is 0 at nilfs_dat_commit_end() during\na b-tree operation that cascadingly updates ancestor nodes of the b-tree,\nbecause nilfs_dat_commit_alloc() for a lower level block can initialize\nthe blocknr on the same DAT entry between nilfs_dat_prepare_end() and\nnilfs_dat_commit_end().\n\nIf this happens, nilfs_dat_commit_end() calls nilfs_dat_commit_free()\nwithout valid buffer heads in req->pr_desc_bh and req->pr_bitmap_bh, and\ncauses the NULL pointer dereference above in\nnilfs_palloc_commit_free_entry() function, which leads to a crash.\n\nFix this by adding a NULL check on req->pr_desc_bh and req->pr_bitmap_bh\nbefore nilfs_palloc_commit_free_entry() in nilfs_dat_commit_free().\n\nThis also calls nilfs_error() in that case to notify that there is a fatal\nflaw in the filesystem metadata and prevent further operations." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/165c7a3b27a3857ebf57f626b9f38b48b6792e68", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2f2c59506ae39496588ceb8b88bdbdbaed895d63", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/33021419fd81efd3d729a7f19341ba4b98fe66ce", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/381b84f60e549ea98cec4666c6c728b1b3318756", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9a130b72e6bd1fb07fc3cde839dc6fb53da76f07", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bc3fd3293887b4cf84a9109700faeb82de533c89", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e858917ab785afe83c14f5ac141301216ccda847", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f0a0ccda18d6fd826d7c7e7ad48a6ed61c20f8b4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49008.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49008.json new file mode 100644 index 00000000000..619359df74a --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49008.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-49008", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:12.290", + "lastModified": "2024-10-21T20:15:12.290", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: can327: can327_feed_frame_to_netdev(): fix potential skb leak when netdev is down\n\nIn can327_feed_frame_to_netdev(), it did not free the skb when netdev\nis down, and all callers of can327_feed_frame_to_netdev() did not free\nallocated skb too. That would trigger skb leak.\n\nFix it by adding kfree_skb() in can327_feed_frame_to_netdev() when netdev\nis down. Not tested, just compiled." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/797b1d9fc0e1f4351e4ad49b078c1a3cdc0d4a08", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8fa452cfafed521aaf5a18c71003fe24b1ee6141", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49009.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49009.json new file mode 100644 index 00000000000..ac37f8a847b --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49009.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-49009", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:12.373", + "lastModified": "2024-10-21T20:15:12.373", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (asus-ec-sensors) Add checks for devm_kcalloc\n\nAs the devm_kcalloc may return NULL, the return value needs to be checked\nto avoid NULL poineter dereference." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/9bdc112be727cf1ba65be79541147f960c3349d8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a41ec58ac352fd176d5808af847663dc890f6053", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49010.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49010.json new file mode 100644 index 00000000000..e57f0679dc0 --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49010.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-49010", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:12.433", + "lastModified": "2024-10-21T20:15:12.433", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (coretemp) Check for null before removing sysfs attrs\n\nIf coretemp_add_core() gets an error then pdata->core_data[indx]\nis already NULL and has been kfreed. Don't pass that to\nsysfs_remove_group() as that will crash in sysfs_remove_group().\n\n[Shortened for readability]\n[91854.020159] sysfs: cannot create duplicate filename '/devices/platform/coretemp.0/hwmon/hwmon2/temp20_label'\n\n[91855.126115] BUG: kernel NULL pointer dereference, address: 0000000000000188\n[91855.165103] #PF: supervisor read access in kernel mode\n[91855.194506] #PF: error_code(0x0000) - not-present page\n[91855.224445] PGD 0 P4D 0\n[91855.238508] Oops: 0000 [#1] PREEMPT SMP PTI\n...\n[91855.342716] RIP: 0010:sysfs_remove_group+0xc/0x80\n...\n[91855.796571] Call Trace:\n[91855.810524] coretemp_cpu_offline+0x12b/0x1dd [coretemp]\n[91855.841738] ? coretemp_cpu_online+0x180/0x180 [coretemp]\n[91855.871107] cpuhp_invoke_callback+0x105/0x4b0\n[91855.893432] cpuhp_thread_fun+0x8e/0x150\n...\n\nFix this by checking for NULL first." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/070d5ea4a0592a37ad96ce7f7b6b024f90bb009f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/280110db1a7d62ad635b103bafc3ae96e8bef75c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7692700ac818866d138a8de555130a6e70e6ac16", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/89eecabe6a47403237f45aafd7d24f93cb973653", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a89ff5f5cc64b9fe7a992cf56988fd36f56ca82a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ae6c8b6e5d5628df1c475c0a8fca1465e205c95b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f06e0cd01eab954bd5f2190c9faa79bb5357e05b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fb503d077ff7b43913503eaf72995d1239028b99", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49011.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49011.json new file mode 100644 index 00000000000..5091621e056 --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49011.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-49011", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:12.500", + "lastModified": "2024-10-21T20:15:12.500", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()\n\nAs comment of pci_get_domain_bus_and_slot() says, it returns\na pci device with refcount increment, when finish using it,\nthe caller must decrement the reference count by calling\npci_dev_put(). So call it after using to avoid refcount leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0dd1da5a15eeecb2fe4cf131b3216fb455af783c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2f74cffc7c85f770b1b1833dccb03b8cde3be102", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6e035d5a2a6b907cfce9a80c5f442c2e459cd34e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7dec14537c5906b8bf40fd6fd6d9c3850f8df11d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bb75a0d1223d43f97089841aecb28a9b4de687a9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c40db1e5f316792b557d2be37e447c20d9ac4635", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ea5844f946b1ec5c0b7c115cd7684f34fd48021b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f598da27acbeee414679cacd14294db3e273e3d2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49012.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49012.json new file mode 100644 index 00000000000..10c8d8019db --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49012.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-49012", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:12.573", + "lastModified": "2024-10-21T20:15:12.573", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix server->active leak in afs_put_server\n\nThe atomic_read was accidentally replaced with atomic_inc_return,\nwhich prevents the server from getting cleaned up and causes rmmod\nto hang with a warning:\n\n Can't purge s=00000001" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/c5078548c29c735f71b05053659c0cb294e738ad", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ef4d3ea40565a781c25847e9cb96c1bd9f462bc6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49013.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49013.json new file mode 100644 index 00000000000..176497f8781 --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49013.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-49013", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:12.637", + "lastModified": "2024-10-21T20:15:12.637", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: fix memory leak in sctp_stream_outq_migrate()\n\nWhen sctp_stream_outq_migrate() is called to release stream out resources,\nthe memory pointed to by prio_head in stream out is not released.\n\nThe memory leak information is as follows:\n unreferenced object 0xffff88801fe79f80 (size 64):\n comm \"sctp_repo\", pid 7957, jiffies 4294951704 (age 36.480s)\n hex dump (first 32 bytes):\n 80 9f e7 1f 80 88 ff ff 80 9f e7 1f 80 88 ff ff ................\n 90 9f e7 1f 80 88 ff ff 90 9f e7 1f 80 88 ff ff ................\n backtrace:\n [] kmalloc_trace+0x26/0x60\n [] sctp_sched_prio_set+0x4cc/0x770\n [] sctp_stream_init_ext+0xd2/0x1b0\n [] sctp_sendmsg_to_asoc+0x1614/0x1a30\n [] sctp_sendmsg+0xda1/0x1ef0\n [] inet_sendmsg+0x9d/0xe0\n [] sock_sendmsg+0xd3/0x120\n [] __sys_sendto+0x23a/0x340\n [] __x64_sys_sendto+0xe1/0x1b0\n [] do_syscall_64+0x39/0xb0\n [] entry_SYSCALL_64_after_hwframe+0x63/0xcd" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0dfb9a566327182387c90100ea54d8426cee8c67", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/176ee6c673ccd118e9392fd2dbb165423bdb99ca", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9ed7bfc79542119ac0a9e1ce8a2a5285e43433e9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a7555681e50bdebed2c40ff7404ee73c2e932993", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fa20f88271259d42ebe66f0a8c4c20199e888c99", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49014.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49014.json new file mode 100644 index 00000000000..ec5c2d573f7 --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49014.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-49014", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:12.707", + "lastModified": "2024-10-21T20:15:12.707", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tun: Fix use-after-free in tun_detach()\n\nsyzbot reported use-after-free in tun_detach() [1]. This causes call\ntrace like below:\n\n==================================================================\nBUG: KASAN: use-after-free in notifier_call_chain+0x1ee/0x200 kernel/notifier.c:75\nRead of size 8 at addr ffff88807324e2a8 by task syz-executor.0/3673\n\nCPU: 0 PID: 3673 Comm: syz-executor.0 Not tainted 6.1.0-rc5-syzkaller-00044-gcc675d22e422 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x15e/0x461 mm/kasan/report.c:395\n kasan_report+0xbf/0x1f0 mm/kasan/report.c:495\n notifier_call_chain+0x1ee/0x200 kernel/notifier.c:75\n call_netdevice_notifiers_info+0x86/0x130 net/core/dev.c:1942\n call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]\n call_netdevice_notifiers net/core/dev.c:1997 [inline]\n netdev_wait_allrefs_any net/core/dev.c:10237 [inline]\n netdev_run_todo+0xbc6/0x1100 net/core/dev.c:10351\n tun_detach drivers/net/tun.c:704 [inline]\n tun_chr_close+0xe4/0x190 drivers/net/tun.c:3467\n __fput+0x27c/0xa90 fs/file_table.c:320\n task_work_run+0x16f/0x270 kernel/task_work.c:179\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0xb3d/0x2a30 kernel/exit.c:820\n do_group_exit+0xd4/0x2a0 kernel/exit.c:950\n get_signal+0x21b1/0x2440 kernel/signal.c:2858\n arch_do_signal_or_restart+0x86/0x2300 arch/x86/kernel/signal.c:869\n exit_to_user_mode_loop kernel/entry/common.c:168 [inline]\n exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:203\n __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]\n syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296\n do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe cause of the issue is that sock_put() from __tun_detach() drops\nlast reference count for struct net, and then notifier_call_chain()\nfrom netdev_state_change() accesses that struct net.\n\nThis patch fixes the issue by calling sock_put() from tun_detach()\nafter all necessary accesses for the struct net has done." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/04b995e963229501401810dab89dc73e7f12d054", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/16c244bc65d1175775325ec0489a5a5c830e02c7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1f23f1890d91812c35d32eab1b49621b6d32dc7b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4cde8da2d814a3b7b176db81922d4ddaad7c0f0e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5daadc86f27ea4d691e2131c04310d0418c6cd12", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5f442e1d403e0496bacb74a58e2be7f500695e6f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49015.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49015.json new file mode 100644 index 00000000000..c4d924aa02f --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49015.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-49015", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:12.787", + "lastModified": "2024-10-21T20:15:12.787", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hsr: Fix potential use-after-free\n\nThe skb is delivered to netif_rx() which may free it, after calling this,\ndereferencing skb may trigger use-after-free." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4b351609af4fdbc23f79ab2b12748f4403ea9af4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/53a62c5efe91665f7a41fad0f888a96f94dc59eb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7ca81a161e406834a1fdc405fc83a572bd14b8d9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7e177d32442b7ed08a9fa61b61724abc548cb248", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8393ce5040803666bfa26a3a7bf41e44fab0ace9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b35d899854d5d5d58eb7d7e7c0f61afc60d3a9e9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dca370e575d9b6c983f5015e8dc035e23e219ee6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f3add2b8cf620966de3ebfa07679ca12d33ec26f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49016.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49016.json new file mode 100644 index 00000000000..0ef08c9f6fd --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49016.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-49016", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:12.840", + "lastModified": "2024-10-21T20:15:12.840", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mdiobus: fix unbalanced node reference count\n\nI got the following report while doing device(mscc-miim) load test\nwith CONFIG_OF_UNITTEST and CONFIG_OF_DYNAMIC enabled:\n\n OF: ERROR: memory leak, expected refcount 1 instead of 2,\n of_node_get()/of_node_put() unbalanced - destroy cset entry:\n attach overlay node /spi/soc@0/mdio@7107009c/ethernet-phy@0\n\nIf the 'fwnode' is not an acpi node, the refcount is get in\nfwnode_mdiobus_phy_device_register(), but it has never been\nput when the device is freed in the normal path. So call\nfwnode_handle_put() in phy_device_release() to avoid leak.\n\nIf it's an acpi node, it has never been get, but it's put\nin the error path, so call fwnode_handle_get() before\nphy_device_register() to keep get/put operation balanced." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2708b357440427d6a9fee667eb7b8307f4625adc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/543d917f691ab06885ee779c862065899eaa4251", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cdde1560118f82498fc9e9a7c1ef7f0ef7755891", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49017.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49017.json new file mode 100644 index 00000000000..40b25f6f2bd --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49017.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-49017", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:12.910", + "lastModified": "2024-10-21T20:15:12.910", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: re-fetch skb cb after tipc_msg_validate\n\nAs the call trace shows, the original skb was freed in tipc_msg_validate(),\nand dereferencing the old skb cb would cause an use-after-free crash.\n\n BUG: KASAN: use-after-free in tipc_crypto_rcv_complete+0x1835/0x2240 [tipc]\n Call Trace:\n \n tipc_crypto_rcv_complete+0x1835/0x2240 [tipc]\n tipc_crypto_rcv+0xd32/0x1ec0 [tipc]\n tipc_rcv+0x744/0x1150 [tipc]\n ...\n Allocated by task 47078:\n kmem_cache_alloc_node+0x158/0x4d0\n __alloc_skb+0x1c1/0x270\n tipc_buf_acquire+0x1e/0xe0 [tipc]\n tipc_msg_create+0x33/0x1c0 [tipc]\n tipc_link_build_proto_msg+0x38a/0x2100 [tipc]\n tipc_link_timeout+0x8b8/0xef0 [tipc]\n tipc_node_timeout+0x2a1/0x960 [tipc]\n call_timer_fn+0x2d/0x1c0\n ...\n Freed by task 47078:\n tipc_msg_validate+0x7b/0x440 [tipc]\n tipc_crypto_rcv_complete+0x4b5/0x2240 [tipc]\n tipc_crypto_rcv+0xd32/0x1ec0 [tipc]\n tipc_rcv+0x744/0x1150 [tipc]\n\nThis patch fixes it by re-fetching the skb cb from the new allocated skb\nafter calling tipc_msg_validate()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1daec0815655e110c6f206c5e777a4af8168ff58", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3067bc61fcfe3081bf4807ce65560f499e895e77", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a1ba595e35aa3afbe417ff0af353afb9f65559c0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e128190adb2edfd5042105b5d1ed4553f295f5ef", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49018.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49018.json new file mode 100644 index 00000000000..0ea1fdff4dd --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49018.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-49018", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:12.973", + "lastModified": "2024-10-21T20:15:12.973", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix sleep in atomic at close time\n\nMatt reported a splat at msk close time:\n\n BUG: sleeping function called from invalid context at net/mptcp/protocol.c:2877\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 155, name: packetdrill\n preempt_count: 201, expected: 0\n RCU nest depth: 0, expected: 0\n 4 locks held by packetdrill/155:\n #0: ffff888001536990 (&sb->s_type->i_mutex_key#6){+.+.}-{3:3}, at: __sock_release (net/socket.c:650)\n #1: ffff88800b498130 (sk_lock-AF_INET){+.+.}-{0:0}, at: mptcp_close (net/mptcp/protocol.c:2973)\n #2: ffff88800b49a130 (sk_lock-AF_INET/1){+.+.}-{0:0}, at: __mptcp_close_ssk (net/mptcp/protocol.c:2363)\n #3: ffff88800b49a0b0 (slock-AF_INET){+...}-{2:2}, at: __lock_sock_fast (include/net/sock.h:1820)\n Preemption disabled at:\n 0x0\n CPU: 1 PID: 155 Comm: packetdrill Not tainted 6.1.0-rc5 #365\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n Call Trace:\n \n dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4))\n __might_resched.cold (kernel/sched/core.c:9891)\n __mptcp_destroy_sock (include/linux/kernel.h:110)\n __mptcp_close (net/mptcp/protocol.c:2959)\n mptcp_subflow_queue_clean (include/net/sock.h:1777)\n __mptcp_close_ssk (net/mptcp/protocol.c:2363)\n mptcp_destroy_common (net/mptcp/protocol.c:3170)\n mptcp_destroy (include/net/sock.h:1495)\n __mptcp_destroy_sock (net/mptcp/protocol.c:2886)\n __mptcp_close (net/mptcp/protocol.c:2959)\n mptcp_close (net/mptcp/protocol.c:2974)\n inet_release (net/ipv4/af_inet.c:432)\n __sock_release (net/socket.c:651)\n sock_close (net/socket.c:1367)\n __fput (fs/file_table.c:320)\n task_work_run (kernel/task_work.c:181 (discriminator 1))\n exit_to_user_mode_prepare (include/linux/resume_user_mode.h:49)\n syscall_exit_to_user_mode (kernel/entry/common.c:130)\n do_syscall_64 (arch/x86/entry/common.c:87)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)\n\nWe can't call mptcp_close under the 'fast' socket lock variant, replace\nit with a sock_lock_nested() as the relevant code is already under the\nlistening msk socket lock protection." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/b4f166651d03b5484fa179817ba8ad4899a5a6ac", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d8e6c5500dbf0f3e87aace90d4beba6ae928e866", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49019.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49019.json new file mode 100644 index 00000000000..8a5aa48f677 --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49019.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-49019", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:13.040", + "lastModified": "2024-10-21T20:15:13.040", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: nixge: fix NULL dereference\n\nIn function nixge_hw_dma_bd_release() dereference of NULL pointer\npriv->rx_bd_v is possible for the case of its allocation failure in\nnixge_hw_dma_bd_init().\n\nMove for() loop with priv->rx_bd_v dereference under the check for\nits validity.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/45752af0247589e6d3dede577415bfe117b4392c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/80e82f7b440b65cf131dce10f487dc73a7046e6b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/910c0264b64ef2dad8887714a7c56c93e39a0ed3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9256db4e45e8b497b0e993cc3ed4ad08eb2389b6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9c584d6d9cfb935dce8fc81a4c26debac0a3049b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49020.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49020.json new file mode 100644 index 00000000000..53fa7578de0 --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49020.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-49020", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:13.100", + "lastModified": "2024-10-21T20:15:13.100", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/9p: Fix a potential socket leak in p9_socket_open\n\nBoth p9_fd_create_tcp() and p9_fd_create_unix() will call\np9_socket_open(). If the creation of p9_trans_fd fails,\np9_fd_create_tcp() and p9_fd_create_unix() will return an\nerror directly instead of releasing the cscoket, which will\nresult in a socket leak.\n\nThis patch adds sock_release() to fix the leak issue." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0396227f4daf4792a6a8aaa3b7771dc25c4cd443", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2d24d91b9f44620824fc37b766f7cae00ca32748", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8782b32ef867de7981bbe9e86ecb90e92e8780bd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8b14bd0b500aec1458b51cb621c8e5fab3304260", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/aa08323fe18cb7cf95317ffa2d54ca1de8e74ebd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dcc14cfd7debe11b825cb077e75d91d2575b4cb8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ded893965b895b2dccd3d1436d8d3daffa23ea64", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e01c1542379fb395e7da53706df598f38905dfbf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49021.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49021.json new file mode 100644 index 00000000000..aae7a39b2d5 --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49021.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-49021", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:13.163", + "lastModified": "2024-10-21T20:15:13.163", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: fix null-ptr-deref while probe() failed\n\nI got a null-ptr-deref report as following when doing fault injection test:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000058\nOops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 PID: 253 Comm: 507-spi-dm9051 Tainted: G B N 6.1.0-rc3+\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nRIP: 0010:klist_put+0x2d/0xd0\nCall Trace:\n \n klist_remove+0xf1/0x1c0\n device_release_driver_internal+0x23e/0x2d0\n bus_remove_device+0x1bd/0x240\n device_del+0x357/0x770\n phy_device_remove+0x11/0x30\n mdiobus_unregister+0xa5/0x140\n release_nodes+0x6a/0xa0\n devres_release_all+0xf8/0x150\n device_unbind_cleanup+0x19/0xd0\n\n//probe path:\nphy_device_register()\n device_add()\n\nphy_connect\n phy_attach_direct() //set device driver\n probe() //it's failed, driver is not bound\n device_bind_driver() // probe failed, it's not called\n\n//remove path:\nphy_device_remove()\n device_del()\n device_release_driver_internal()\n __device_release_driver() //dev->drv is not NULL\n klist_remove() <- knode_driver is not added yet, cause null-ptr-deref\n\nIn phy_attach_direct(), after setting the 'dev->driver', probe() fails,\ndevice_bind_driver() is not called, so the knode_driver->n_klist is not\nset, then it causes null-ptr-deref in __device_release_driver() while\ndeleting device. Fix this by setting dev->driver to NULL in the error\npath in phy_attach_direct()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0744c7be4de564db03e24527b2e096b7e0e20972", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/369eb2c9f1f72adbe91e0ea8efb130f0a2ba11a6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3e21f85d87c836462bb52ef2078ea561260935c1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/51d7f6b20fae8bae64ad1136f1e30d1fd5ba78f7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7730904f50c7187dd16c76949efb56b5fb55cd57", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8aaafe0f71314f46a066382a047ba8bb3840d273", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eaa5722549ac2604ffa56c2e946acc83226f130c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fe6bc99c27c21348f548966118867ed26a9a372c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49022.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49022.json new file mode 100644 index 00000000000..d7395c293c2 --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49022.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-49022", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:13.233", + "lastModified": "2024-10-21T20:15:13.233", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac8021: fix possible oob access in ieee80211_get_rate_duration\n\nFix possible out-of-bound access in ieee80211_get_rate_duration routine\nas reported by the following UBSAN report:\n\nUBSAN: array-index-out-of-bounds in net/mac80211/airtime.c:455:47\nindex 15 is out of range for type 'u16 [12]'\nCPU: 2 PID: 217 Comm: kworker/u32:10 Not tainted 6.1.0-060100rc3-generic\nHardware name: Acer Aspire TC-281/Aspire TC-281, BIOS R01-A2 07/18/2017\nWorkqueue: mt76 mt76u_tx_status_data [mt76_usb]\nCall Trace:\n \n show_stack+0x4e/0x61\n dump_stack_lvl+0x4a/0x6f\n dump_stack+0x10/0x18\n ubsan_epilogue+0x9/0x43\n __ubsan_handle_out_of_bounds.cold+0x42/0x47\nieee80211_get_rate_duration.constprop.0+0x22f/0x2a0 [mac80211]\n ? ieee80211_tx_status_ext+0x32e/0x640 [mac80211]\n ieee80211_calc_rx_airtime+0xda/0x120 [mac80211]\n ieee80211_calc_tx_airtime+0xb4/0x100 [mac80211]\n mt76x02_send_tx_status+0x266/0x480 [mt76x02_lib]\n mt76x02_tx_status_data+0x52/0x80 [mt76x02_lib]\n mt76u_tx_status_data+0x67/0xd0 [mt76_usb]\n process_one_work+0x225/0x400\n worker_thread+0x50/0x3e0\n ? process_one_work+0x400/0x400\n kthread+0xe9/0x110\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0184ede0ec61b9cd075babfaa45081b1bf322234", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3e8f7abcc3473bc9603323803aeaed4ffcc3a2ab", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/59b54f0563b6546c94bdb6823d3b382c75407019", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f0fcad4c7201ecfaa17357f4ce0c50b4708df22d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49023.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49023.json new file mode 100644 index 00000000000..fe4edaacb30 --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49023.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-49023", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:13.290", + "lastModified": "2024-10-21T20:15:13.290", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: fix buffer overflow in elem comparison\n\nFor vendor elements, the code here assumes that 5 octets\nare present without checking. Since the element itself is\nalready checked to fit, we only need to check the length." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/391cb872553627bdcf236c03ee7d5adb275e37e1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/88a6fe3707888bd1893e9741157a7035c4159ab6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9e6b79a3cd17620d467311b30d56f2648f6880aa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9f16b5c82a025cd4c864737409234ddc44fb166a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f5c2ec288a865dbe3706b09bed12302e9f6d696b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49024.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49024.json new file mode 100644 index 00000000000..5886979fd99 --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49024.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-49024", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:13.367", + "lastModified": "2024-10-21T20:15:13.367", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods\n\nIn m_can_pci_remove() and error handling path of m_can_pci_probe(),\nm_can_class_free_dev() should be called to free resource allocated by\nm_can_class_allocate_dev(), otherwise there will be memleak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0bbb88651ef6b7fbb1bf75ec7ba69add632e834b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1eca1d4cc21b6d0fc5f9a390339804c0afce9439", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ea8dc27bb044e19868155e500ce397007be98656", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49025.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49025.json new file mode 100644 index 00000000000..ea8973a4e10 --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49025.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-49025", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:13.427", + "lastModified": "2024-10-21T20:15:13.427", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix use-after-free when reverting termination table\n\nWhen having multiple dests with termination tables and second one\nor afterwards fails the driver reverts usage of term tables but\ndoesn't reset the assignment in attr->dests[num_vport_dests].termtbl\nwhich case a use-after-free when releasing the rule.\nFix by resetting the assignment of termtbl to null." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0a2d73a77060c3cbdc6e801cd5d979d674cd404b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/0d2f9d95d9fbe993f3c4bafb87d59897b0325aff", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/372eb550faa0757349040fd43f59483cbfdb2c0b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/52c795af04441d76f565c4634f893e5b553df2ae", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e6d2d26a49c3a9cd46b232975e45236304810904", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49026.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49026.json new file mode 100644 index 00000000000..24461de209a --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49026.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-49026", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:13.490", + "lastModified": "2024-10-21T20:15:13.490", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ne100: Fix possible use after free in e100_xmit_prepare\n\nIn e100_xmit_prepare(), if we can't map the skb, then return -ENOMEM, so\ne100_xmit_frame() will return NETDEV_TX_BUSY and the upper layer will\nresend the skb. But the skb is already freed, which will cause UAF bug\nwhen the upper layer resends the skb.\n\nRemove the harmful free." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/45605c75c52c7ae7bfe902214343aabcfe5ba0ff", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9fc27d22cdb9b1fcd754599d216a8992fed280cd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b46f6144ab89d3d757ead940759c505091626a7d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b775f37d943966f6f77dca402f5a9dedce502c25", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49027.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49027.json new file mode 100644 index 00000000000..57860f31515 --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49027.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-49027", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:13.563", + "lastModified": "2024-10-21T20:15:13.563", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix error handling in iavf_init_module()\n\nThe iavf_init_module() won't destroy workqueue when pci_register_driver()\nfailed. Call destroy_workqueue() when pci_register_driver() failed to\nprevent the resource leak.\n\nSimilar to the handling of u132_hcd_init in commit f276e002793c\n(\"usb: u132-hcd: fix resource leak\")" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0d9f5bd54b913018031c5b964fc1f9a31f5f6cb5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/227d8d2f7f2278b8468c5531b0cd0f2a905b4486", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/971c55f0763b480e63ceb7a22beb19be2509e5ed", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bd477b891a4fa084561234eed4afacb3001dd359", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49028.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49028.json new file mode 100644 index 00000000000..d3944cf63d0 --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49028.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-49028", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:13.627", + "lastModified": "2024-10-21T20:15:13.627", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbevf: Fix resource leak in ixgbevf_init_module()\n\nixgbevf_init_module() won't destroy the workqueue created by\ncreate_singlethread_workqueue() when pci_register_driver() failed. Add\ndestroy_workqueue() in fail path to prevent the resource leak.\n\nSimilar to the handling of u132_hcd_init in commit f276e002793c\n(\"usb: u132-hcd: fix resource leak\")" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/7109e941099244cc876a4b3cb7a3ec79f104374a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8cfa238a48f34038464b99d0b4825238c2687181", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c99671d4699dcf90d6939923c8fe8a8918e140b2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f166c62cad798c53300b4b327e44300c73ec492d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49029.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49029.json new file mode 100644 index 00000000000..ee187c46e3a --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49029.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-49029", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:13.690", + "lastModified": "2024-10-21T20:15:13.690", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails\n\nSmatch report warning as follows:\n\ndrivers/hwmon/ibmpex.c:509 ibmpex_register_bmc() warn:\n '&data->list' not removed from list\n\nIf ibmpex_find_sensors() fails in ibmpex_register_bmc(), data will\nbe freed, but data->list will not be removed from driver_data.bmc_data,\nthen list traversal may cause UAF.\n\nFix by removeing it from driver_data.bmc_data before free()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/24b9633f7db7f4809be7053df1d2e117e7c2de10", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/45f6e81863747c0d7bc6a95ec51129900e71467a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/798198273bf86673b970b51acdb35e57f42b3fcb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7b2b67fe1339389e0bf3c37c7a677a004ac0e4e3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/90907cd4d11351ff76c9a447bcb5db0e264c47cd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e2a87785aab0dac190ac89be6a9ba955e2c634f2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e65cfd1f9cd27d9c27ee5cb88128a9f79f25d863", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f2a13196ad41c6c2ab058279dffe6c97292e753a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49030.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49030.json new file mode 100644 index 00000000000..76d7df9d3e5 --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49030.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-49030", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:13.747", + "lastModified": "2024-10-21T20:15:13.747", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibbpf: Handle size overflow for ringbuf mmap\n\nThe maximum size of ringbuf is 2GB on x86-64 host, so 2 * max_entries\nwill overflow u32 when mapping producer page and data pages. Only\ncasting max_entries to size_t is not enough, because for 32-bits\napplication on 64-bits kernel the size of read-only mmap region\nalso could overflow size_t.\n\nSo fixing it by casting the size of read-only mmap region into a __u64\nand checking whether or not there will be overflow during mmap." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0140e079a42064680394fff1199a7b5483688dec", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/535a25ab4f9a45f74ba38ab71de95e97474922ed", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8a549ab6724520aa3c07f47e0eba820293551490", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/927cbb478adf917e0a142b94baa37f06279cc466", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49031.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49031.json new file mode 100644 index 00000000000..304f526225c --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49031.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-49031", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:13.807", + "lastModified": "2024-10-21T20:15:13.807", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: health: afe4403: Fix oob read in afe4403_read_raw\n\nKASAN report out-of-bounds read as follows:\n\nBUG: KASAN: global-out-of-bounds in afe4403_read_raw+0x42e/0x4c0\nRead of size 4 at addr ffffffffc02ac638 by task cat/279\n\nCall Trace:\n afe4403_read_raw\n iio_read_channel_info\n dev_attr_show\n\nThe buggy address belongs to the variable:\n afe4403_channel_leds+0x18/0xffffffffffffe9e0\n\nThis issue can be reproduced by singe command:\n\n $ cat /sys/bus/spi/devices/spi0.0/iio\\:device0/in_intensity6_raw\n\nThe array size of afe4403_channel_leds is less than channels, so access\nwith chan->address cause OOB read in afe4403_read_raw. Fix it by moving\naccess before use it." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/06c6ce21cec77dfa860d57e7a006000a57812efb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2d6a437064ffbe685c67ddb16dfc0946074c6c3f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/58143c1ed5882c138a3cd2251a336fc8755f23d9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/726fa3e4ab97dcff1c745bdc4fb137366cb8d3df", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/98afcb5f3be645d330c74c5194ba0d80e26f95e0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b1756af172fb80a3edc143772d49e166ec691b6c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c9268df36818ee4eaaaeadc80009b442a5ca69c9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e7e76a77aabef8989cbc0a8417af1aa040620867", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49032.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49032.json new file mode 100644 index 00000000000..645536edbf8 --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49032.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-49032", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:13.877", + "lastModified": "2024-10-21T20:15:13.877", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: health: afe4404: Fix oob read in afe4404_[read|write]_raw\n\nKASAN report out-of-bounds read as follows:\n\nBUG: KASAN: global-out-of-bounds in afe4404_read_raw+0x2ce/0x380\nRead of size 4 at addr ffffffffc00e4658 by task cat/278\n\nCall Trace:\n afe4404_read_raw\n iio_read_channel_info\n dev_attr_show\n\nThe buggy address belongs to the variable:\n afe4404_channel_leds+0x18/0xffffffffffffe9c0\n\nThis issue can be reproduce by singe command:\n\n $ cat /sys/bus/i2c/devices/0-0058/iio\\:device0/in_intensity6_raw\n\nThe array size of afe4404_channel_leds and afe4404_channel_offdacs\nare less than channels, so access with chan->address cause OOB read\nin afe4404_[read|write]_raw. Fix it by moving access before use them." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/113c08030a89aaf406f8a1d4549d758a67c2afba", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3f566b626029ca8598d48e5074e56bb37399ca1b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5eb114f55b37dbc0487aa9c1913b81bb7837f1c4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/68de7da092f38395dde523f2e5db26eba6c23e28", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d45d9f45e7b1365fd0d9bf14680d6d5082a590d1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f5575041ec15310bdc50c42b8b22118cc900226e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f7419fc42afc035f6b29ce713e17dcd2000c833f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fc92d9e3de0b2d30a3ccc08048a5fad533e4672b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49033.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49033.json new file mode 100644 index 00000000000..b9cb7a376cf --- /dev/null +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49033.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-49033", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:13.943", + "lastModified": "2024-10-21T20:15:13.943", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()\n\nSyzkaller reported BUG as follows:\n\n BUG: sleeping function called from invalid context at\n include/linux/sched/mm.h:274\n Call Trace:\n \n dump_stack_lvl+0xcd/0x134\n __might_resched.cold+0x222/0x26b\n kmem_cache_alloc+0x2e7/0x3c0\n update_qgroup_limit_item+0xe1/0x390\n btrfs_qgroup_inherit+0x147b/0x1ee0\n create_subvol+0x4eb/0x1710\n btrfs_mksubvol+0xfe5/0x13f0\n __btrfs_ioctl_snap_create+0x2b0/0x430\n btrfs_ioctl_snap_create_v2+0x25a/0x520\n btrfs_ioctl+0x2a1c/0x5ce0\n __x64_sys_ioctl+0x193/0x200\n do_syscall_64+0x35/0x80\n\nFix this by calling qgroup_dirty() on @dstqgroup, and update limit item in\nbtrfs_run_qgroups() later outside of the spinlock context." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/01d7c41eac9129fba80d8aed0060caab4a7dbe09", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/044da1a371a0da579e805e89c96865f62d8f6f69", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3c98e91be6aea4c7acf09da6eb0c107ea9186bb5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/588ae4fdd8b11788a797776b10d6c44ae12bc133", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/89840b12c8fad7200eb6478525c13261512c01be", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8eb912af525042a7365295eb62f6d5270c2a6462", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f4b930a1602b05e77fee31f9616599b25e910a86", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f7e942b5bb35d8e3af54053d19a6bf04143a3955", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26562.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26562.json index 195387b3f18..3b2036574f5 100644 --- a/CVE-2023/CVE-2023-265xx/CVE-2023-26562.json +++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26562.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26562", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-13T16:15:08.187", - "lastModified": "2024-02-13T18:23:02.393", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-21T20:35:24.773", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,410 @@ "value": "En Zimbra Collaboration (ZCS) 8.8.15 y 9.0, una cuenta cerrada (con 2FA y contrase\u00f1as generadas) puede enviar mensajes de correo electr\u00f3nico cuando est\u00e1 configurada para Imap/smtp." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*", + "matchCriteriaId": "1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p1:*:*:*:*:*:*", + "matchCriteriaId": "BA48C450-201C-4398-AB65-EF6F95FB0380" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p10:*:*:*:*:*:*", + "matchCriteriaId": "5F759114-CF2D-48BF-8D09-EBE8D1ED1949" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*", + "matchCriteriaId": "AE8BD950-24A2-4AFF-B7EE-6EE115BD75D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p12:*:*:*:*:*:*", + "matchCriteriaId": "C43634F5-2946-44D2-8A50-B717374A8126" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p13:*:*:*:*:*:*", + "matchCriteriaId": "20315895-5410-4B88-B2D9-E9C5D79A64DF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p14:*:*:*:*:*:*", + "matchCriteriaId": "BF405091-A832-4945-87EC-AA525F37DF91" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p15:*:*:*:*:*:*", + "matchCriteriaId": "C9B6FFA8-CFD2-47C6-9475-79210CB9AA84" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p16:*:*:*:*:*:*", + "matchCriteriaId": "964CA714-937C-4FC0-A1E9-07F846C786BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p17:*:*:*:*:*:*", + "matchCriteriaId": "DAF8F155-1406-46ED-A81F-BCC4CE525F43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p18:*:*:*:*:*:*", + "matchCriteriaId": "56A8F56B-3457-4C19-B213-3B04FEE8D7A5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p19:*:*:*:*:*:*", + "matchCriteriaId": "B4F8D255-3F91-45FF-9133-4023BA688F9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p2:*:*:*:*:*:*", + "matchCriteriaId": "37BC4DF5-D111-4295-94FC-AA8929CDF2A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p20:*:*:*:*:*:*", + "matchCriteriaId": "A9D50108-0404-4791-8057-DB1786D311C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p21:*:*:*:*:*:*", + "matchCriteriaId": "F2A7E53F-8EAC-4DA9-8EAE-117759EFABEF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p22:*:*:*:*:*:*", + "matchCriteriaId": "858727DB-AE6F-435D-B8FD-6C94C3400E40" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p23:*:*:*:*:*:*", + "matchCriteriaId": "3FA6AC95-288C-4ABA-B2A7-47E4134EDC31" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p24:*:*:*:*:*:*", + "matchCriteriaId": "4AA82728-5901-482A-83CF-F883D4B6A8E5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p25:*:*:*:*:*:*", + "matchCriteriaId": "7E762792-542E-43D0-A95A-E7F48F328A28" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*", + "matchCriteriaId": "6DD4641A-EC23-4B1A-8729-9AECD70390AF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p27:*:*:*:*:*:*", + "matchCriteriaId": "E0E3E825-1D1E-4ECD-B306-DD8BDCDD0547" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p28:*:*:*:*:*:*", + "matchCriteriaId": "840F98DC-57F1-4054-A6C1-6E7F0340AC2C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p29:*:*:*:*:*:*", + "matchCriteriaId": "EE2A1305-68B7-4CB7-837F-4EDE2EBED507" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*", + "matchCriteriaId": "21768A61-7578-4EEC-A23B-FEC10CAA9EDF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p30:*:*:*:*:*:*", + "matchCriteriaId": "CA758408-4302-43BC-BDC9-1B70EC5D2FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p31:*:*:*:*:*:*", + "matchCriteriaId": "822CDEBC-0650-4970-B46F-06F505993086" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p32:*:*:*:*:*:*", + "matchCriteriaId": "971B5005-4676-4D93-A7DD-6AFDC8D0BEEB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p33:*:*:*:*:*:*", + "matchCriteriaId": "81BC6A7F-D014-44B3-9361-20DB256D3C8D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p34:*:*:*:*:*:*", + "matchCriteriaId": "6A3DC694-4CCC-4E9F-B6E9-891B1DF115C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p35:*:*:*:*:*:*", + "matchCriteriaId": "3810385E-95E8-491E-8281-394125DB04F4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p36:*:*:*:*:*:*", + "matchCriteriaId": "F546214A-1468-4C7C-8119-1E1727237573" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p4:*:*:*:*:*:*", + "matchCriteriaId": "661403E7-1D65-4710-8413-47D74FF65BE4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*", + "matchCriteriaId": "0695D2E0-45B3-493C-BA6D-471B90C0ACC5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p6:*:*:*:*:*:*", + "matchCriteriaId": "714FAFE6-68AE-4304-B040-48BC46F85A2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p7:*:*:*:*:*:*", + "matchCriteriaId": "73FC2D2D-8BBD-4259-8B35-0D9BFA40567B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p8:*:*:*:*:*:*", + "matchCriteriaId": "AB97E9E6-CC4A-458D-B731-6D51130B942C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p9:*:*:*:*:*:*", + "matchCriteriaId": "BA688C43-846A-4C4A-AEDB-113D967D3D73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*", + "matchCriteriaId": "685D9652-2934-4C13-8B36-40582C79BFC1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*", + "matchCriteriaId": "5E4DF01A-1AA9-47E8-82FD-65A02ECA1376" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:*", + "matchCriteriaId": "BDE59185-B917-4A81-8DE4-C65A079F52FE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:*", + "matchCriteriaId": "BA3ED95F-95F2-4676-8EAF-B4B9EB64B260" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:*", + "matchCriteriaId": "4BB93336-CC3C-4B7F-B194-7DED036ABBAF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:*", + "matchCriteriaId": "876F1675-F65C-4E86-ADBD-36EB8D8A997D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p13:*:*:*:*:*:*", + "matchCriteriaId": "2306F526-9C56-4A57-AA9B-02F2D6058C97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p14:*:*:*:*:*:*", + "matchCriteriaId": "F9EA2A61-67AA-4B7E-BC6E-80EB1363EF85" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p15:*:*:*:*:*:*", + "matchCriteriaId": "C77A35B7-96F6-43A7-A747-C6AEEDE961E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p16:*:*:*:*:*:*", + "matchCriteriaId": "DC35882B-E709-42D8-8800-F1B734CEAFC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*", + "matchCriteriaId": "B7A47276-F241-4A68-9458-E1481EBDC5E6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p2:*:*:*:*:*:*", + "matchCriteriaId": "12D0D469-6C9B-4B66-9581-DC319773238A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p20:*:*:*:*:*:*", + "matchCriteriaId": "40629BEB-DF4B-4FB8-8D3D-7BAC43C90766" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p21:*:*:*:*:*:*", + "matchCriteriaId": "9503131F-CC23-4545-AE9C-9714B287CC25" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*", + "matchCriteriaId": "B4CE2D12-AD31-4FED-AD0F-ADF64E92E1B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p24:*:*:*:*:*:*", + "matchCriteriaId": "8113A4E3-AA96-4382-815D-6FD88BA42EC5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p24.1:*:*:*:*:*:*", + "matchCriteriaId": "DC8C28E0-6C51-41EE-A7B2-DB185D1D8FD0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*", + "matchCriteriaId": "BC19F11D-23D9-429D-A957-D67F23A40A01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*", + "matchCriteriaId": "AAFA2EE7-C965-4F27-8CAE-E607A9F202AD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*", + "matchCriteriaId": "1D09DCF6-1C8F-4CA1-B7D4-AFDD4EB35771" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p28:*:*:*:*:*:*", + "matchCriteriaId": "511B2BB8-6070-44AA-8800-963DBCBAF0EA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p29:*:*:*:*:*:*", + "matchCriteriaId": "49BBB2B4-571D-46B1-8569-12A65D0DF3D2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p3:*:*:*:*:*:*", + "matchCriteriaId": "C52705E6-2C6B-47BC-A0CD-F6AAE0BFC302" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*", + "matchCriteriaId": "33F50D8C-7027-4A8D-8E95-98C224283772" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p5:*:*:*:*:*:*", + "matchCriteriaId": "82000BA4-1781-4312-A7BD-92EC94D137AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p6:*:*:*:*:*:*", + "matchCriteriaId": "4B52D301-2559-457A-8FFB-F0915299355A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*", + "matchCriteriaId": "7215AE2C-8A33-4AB9-88D5-7C8CD11E806C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*", + "matchCriteriaId": "8D859F77-8E39-4D46-BC90-C5C1D805A666" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p8:*:*:*:*:*:*", + "matchCriteriaId": "CDC810C7-45DA-4BDF-9138-2D3B2750243E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p9:*:*:*:*:*:*", + "matchCriteriaId": "E09D95A4-764D-4E0B-8605-1D94FD548AB2" + } + ] + } + ] + } + ], "references": [ { "url": "https://wiki.zimbra.com/wiki/Security_Center", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-359xx/CVE-2023-35991.json b/CVE-2023/CVE-2023-359xx/CVE-2023-35991.json index 60bcc99da47..5d188105211 100644 --- a/CVE-2023/CVE-2023-359xx/CVE-2023-35991.json +++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35991.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35991", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-08-18T10:15:10.267", - "lastModified": "2023-08-29T18:58:15.803", - "vulnStatus": "Analyzed", + "lastModified": "2024-10-21T21:35:01.433", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, diff --git a/CVE-2023/CVE-2023-423xx/CVE-2023-42374.json b/CVE-2023/CVE-2023-423xx/CVE-2023-42374.json index a7cfb29742c..fb400de2090 100644 --- a/CVE-2023/CVE-2023-423xx/CVE-2023-42374.json +++ b/CVE-2023/CVE-2023-423xx/CVE-2023-42374.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42374", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-13T01:15:07.913", - "lastModified": "2024-08-01T18:35:04.073", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-21T20:17:34.267", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,18 +81,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mystenlabs:sui:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.6.3", + "matchCriteriaId": "6A115E42-FA8B-46D3-BDE0-13F231293BF9" + } + ] + } + ] + } + ], "references": [ { "url": "https://beosin.com/resources/%22memory-bomb%22-vulnerability-causes-sui-node-to-crash?lang=en-US", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/MystenLabs/sui/commit/42d4ad103a21d23fecd7c0271453da41604e71e9", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://medium.com/%40Beosin_com/memory-bomb-vulnerability-causes-sui-node-to-crash-7e8e3ef5057c", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4408.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4408.json index e2f47452953..3e0dd39337e 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4408.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4408.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4408", "sourceIdentifier": "security-officer@isc.org", "published": "2024-02-13T14:15:45.253", - "lastModified": "2024-04-26T09:15:08.727", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-21T21:02:42.820", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,34 +39,210 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:ontap:9.14.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B9840E9C-9BF2-45BA-BEAC-1091C6508358" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:ontap:9.15.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D1FA6FF1-FB7D-490A-AD03-646C267D46BA" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", + "versionStartIncluding": "9.0.0", + "versionEndIncluding": "9.16.45", + "matchCriteriaId": "0C8F8FB4-AED3-4FA9-B7C4-E9C22FB96C8E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", + "versionStartIncluding": "9.18.0", + "versionEndIncluding": "9.18.21", + "matchCriteriaId": "A1F6FD2C-94DA-4D48-BC8F-D1B118BC9629" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", + "versionStartIncluding": "9.19.0", + "versionEndIncluding": "9.19.19", + "matchCriteriaId": "6D929353-790C-47DA-BB73-D94D403FA14D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:supported_preview:*:*:*", + "matchCriteriaId": "40EE014B-0CD8-45F3-BEDB-AE6368A78B04" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:isc:bind:9.16.8:s1:*:*:supported_preview:*:*:*", + "matchCriteriaId": "288EAD80-574B-4839-9C2C-81D6D088A733" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:isc:bind:9.16.11:s1:*:*:supported_preview:*:*:*", + "matchCriteriaId": "3595F024-F910-4356-8B5B-D478960FF574" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:isc:bind:9.16.12:s1:*:*:supported_preview:*:*:*", + "matchCriteriaId": "1B20F152-D0C3-4F07-83B3-5EA6B116F005" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:isc:bind:9.16.13:s1:*:*:supported_preview:*:*:*", + "matchCriteriaId": "94661BA2-27F8-4FFE-B844-9404F735579D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:isc:bind:9.16.14:s1:*:*:supported_preview:*:*:*", + "matchCriteriaId": "53593603-E2AF-4925-A6E6-109F097A0FF2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:isc:bind:9.16.21:s1:*:*:supported_preview:*:*:*", + "matchCriteriaId": "751E37C2-8BFD-4306-95C1-8C01CE495FA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:isc:bind:9.16.32:s1:*:*:supported_preview:*:*:*", + "matchCriteriaId": "CC432820-F1A2-4132-A673-2620119553C5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:isc:bind:9.16.36:s1:*:*:supported_preview:*:*:*", + "matchCriteriaId": "F70347F2-6750-4497-B8F4-2036F4F4443A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:isc:bind:9.16.43:s1:*:*:supported_preview:*:*:*", + "matchCriteriaId": "A4B53B73-DB81-4AC1-A4E6-89BB305D6514" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:isc:bind:9.18.0:s1:*:*:supported_preview:*:*:*", + "matchCriteriaId": "22F7108A-73F1-4950-B2C8-AB56C1D4DAC5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:isc:bind:9.18.11:s1:*:*:supported_preview:*:*:*", + "matchCriteriaId": "16A7E0D1-35A1-4899-9FF2-14279C137C14" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:isc:bind:9.18.18:s1:*:*:supported_preview:*:*:*", + "matchCriteriaId": "0233AEF2-9911-48AE-AE97-F217E3337AAF" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/02/13/1", - "source": "security-officer@isc.org" + "source": "security-officer@isc.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://kb.isc.org/docs/cve-2023-4408", - "source": "security-officer@isc.org" + "source": "security-officer@isc.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/", - "source": "security-officer@isc.org" + "source": "security-officer@isc.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/", - "source": "security-officer@isc.org" + "source": "security-officer@isc.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/", - "source": "security-officer@isc.org" + "source": "security-officer@isc.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/", - "source": "security-officer@isc.org" + "source": "security-officer@isc.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20240426-0001/", - "source": "security-officer@isc.org" + "source": "security-officer@isc.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-524xx/CVE-2023-52431.json b/CVE-2023/CVE-2023-524xx/CVE-2023-52431.json index d1ce59fed99..578fd194fe7 100644 --- a/CVE-2023/CVE-2023-524xx/CVE-2023-52431.json +++ b/CVE-2023/CVE-2023-524xx/CVE-2023-52431.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52431", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-13T05:15:08.797", - "lastModified": "2024-08-01T18:35:05.050", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-21T20:19:07.513", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,14 +81,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:plack\\:\\:middleware\\:\\:xsrfblock_project:plack\\:\\:middleware\\:\\:xsrfblock:*:*:*:*:*:perl:*:*", + "versionEndExcluding": "0.0.19", + "matchCriteriaId": "22DACA4A-5302-45A1-883A-F299ED49844D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/briandfoy/cpan-security-advisory/blob/9374f98bef51e1ae887f293234050551c079776f/cpansa/CPANSA-Plack-Middleware-XSRFBlock.yml#L2-L15", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://metacpan.org/release/DAKKAR/Plack-Middleware-XSRFBlock-0.0.19/source/Changes", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10057.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10057.json index 85b07a0fda3..3201b7b0628 100644 --- a/CVE-2024/CVE-2024-100xx/CVE-2024-10057.json +++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10057.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10057", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-18T10:15:03.173", - "lastModified": "2024-10-18T12:52:33.507", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-21T20:53:22.813", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -18,8 +18,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", @@ -51,18 +71,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fahadmahmood:rss_feed_widget:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.0.0", + "matchCriteriaId": "485EBB34-32B8-42F4-B8E1-EB09DAA8243C" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3170773/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://wordpress.org/plugins/rss-feed-widget/#developers", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product", + "Release Notes" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b77ea258-dced-4c36-bd0d-8977a347d1c9?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10099.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10099.json index bc78e4e6618..191e51e62e0 100644 --- a/CVE-2024/CVE-2024-100xx/CVE-2024-10099.json +++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10099.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10099", "sourceIdentifier": "security@huntr.dev", "published": "2024-10-17T19:15:21.337", - "lastModified": "2024-10-18T12:52:33.507", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-21T21:03:53.647", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -16,6 +16,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -51,10 +73,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:comfy:comfyui:0.2.2:*:*:*:*:*:*:*", + "matchCriteriaId": "541F70FD-A46B-442D-A291-B16AD7A06BB9" + } + ] + } + ] + } + ], "references": [ { "url": "https://huntr.com/bounties/14fb8c9a-692a-4d8c-b4b2-24c6f91a383c", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10161.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10161.json index a43ce84eda2..6ac1a3ac1d4 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10161.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10161.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10161", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-20T01:15:01.940", - "lastModified": "2024-10-21T17:09:45.417", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-21T21:35:33.377", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -120,26 +140,59 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpgurukul:boat_booking_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BF2514BC-189E-464F-B389-F7E87A5A5FE5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_change_image_file_upload_rce.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://phpgurukul.com/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://vuldb.com/?ctiid.280947", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.280947", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.425440", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10162.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10162.json index a0c676b312e..d8f446bc6b0 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10162.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10162.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10162", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-20T01:15:02.213", - "lastModified": "2024-10-21T17:09:45.417", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-21T21:36:10.470", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -120,26 +140,59 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpgurukul:boat_booking_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BF2514BC-189E-464F-B389-F7E87A5A5FE5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_edit_subadmin_sqli.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://phpgurukul.com/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://vuldb.com/?ctiid.280948", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.280948", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.425449", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10165.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10165.json index 4e41234f635..46e74ede4aa 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10165.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10165.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10165", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-20T03:15:02.557", - "lastModified": "2024-10-21T17:09:45.417", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-21T21:35:06.987", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -120,22 +140,56 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codezips:sales_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "AD0D77D5-CEF2-4260-8D44-5D3C173C98A2" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ppp-src/CVE/issues/14", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.280951", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.280951", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.425636", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10166.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10166.json index dd6ffb47882..8eca623a886 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10166.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10166.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10166", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-20T03:15:02.840", - "lastModified": "2024-10-21T17:09:45.417", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-21T21:34:52.430", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -120,22 +140,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codezips:sales_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "AD0D77D5-CEF2-4260-8D44-5D3C173C98A2" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ppp-src/CVE/issues/15", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.280952", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.280952", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.425643", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10167.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10167.json index d3351e7de6a..dc933f45b8a 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10167.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10167.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10167", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-20T03:15:03.090", - "lastModified": "2024-10-21T17:09:45.417", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-21T21:34:25.810", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -120,22 +140,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codezips:sales_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "AD0D77D5-CEF2-4260-8D44-5D3C173C98A2" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ppp-src/CVE/issues/16", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.280953", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.280953", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.425650", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10170.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10170.json index 67c3e2107d2..de93b866299 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10170.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10170.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10170", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-20T04:15:02.920", - "lastModified": "2024-10-21T17:09:45.417", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-21T21:33:49.663", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -120,26 +140,58 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fabianros:hospital_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7FD44159-7FA3-4BA5-AD83-C1D439EEF374" + } + ] + } + ] + } + ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/zer0-1s/cve/issues/1", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.280955", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.280955", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.426440", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10171.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10171.json index 9f5b9f415dd..ea91d1f7af0 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10171.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10171.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10171", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-20T05:15:02.363", - "lastModified": "2024-10-21T17:09:45.417", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-21T21:33:26.937", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -120,26 +140,59 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:blood_bank_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CB3CB4C2-E5C6-4136-B3A8-418484B48FD2" + } + ] + } + ] + } + ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/cdl00/cve/blob/main/sql8-message-book.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.280956", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.280956", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.426282", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-14xx/CVE-2024-1485.json b/CVE-2024/CVE-2024-14xx/CVE-2024-1485.json index 2ddfeef0979..c1ae19215dc 100644 --- a/CVE-2024/CVE-2024-14xx/CVE-2024-1485.json +++ b/CVE-2024/CVE-2024-14xx/CVE-2024-1485.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1485", "sourceIdentifier": "secalert@redhat.com", "published": "2024-02-14T00:15:46.783", - "lastModified": "2024-02-22T01:15:07.980", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-21T20:13:56.083", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.3, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.8 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -41,8 +61,18 @@ }, "weaknesses": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,26 +81,70 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:devfile:registry-support:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.0.0-20240206", + "matchCriteriaId": "8FDBF67C-FADA-4C25-9795-E099C8D0DB56" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "5F7E2F04-474D-4196-9CE8-242642990A16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97321212-0E07-4CC2-A917-7B5F61AB9A5A" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2024-1485", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264106", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://github.com/advisories/GHSA-84xv-jfrm-h4gm", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/devfile/registry-support/commit/0e44b9ca6d03fac4fc3f77d37656d56dc5defe0d", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/devfile/registry-support/pull/197", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24814.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24814.json index fa12fa026ef..64e725ce426 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24814.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24814.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24814", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-13T19:15:11.153", - "lastModified": "2024-03-21T02:52:11.957", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-21T20:02:16.720", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -51,22 +81,76 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openidc:mod_auth_openidc:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.0.0", + "versionEndIncluding": "2.4.15.1", + "matchCriteriaId": "23B5CB95-59F6-4E99-A951-E09242651CDA" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/OpenIDC/mod_auth_openidc/commit/4022c12f314bd89d127d1be008b1a80a08e1203d", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-hxr6-w4gc-7vvv", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00004.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7DKVEVREYAI4F46CQAVOTPL75WLOZOE/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-251xx/CVE-2024-25125.json b/CVE-2024/CVE-2024-251xx/CVE-2024-25125.json index 906a383972a..0d81379159b 100644 --- a/CVE-2024/CVE-2024-251xx/CVE-2024-25125.json +++ b/CVE-2024/CVE-2024-251xx/CVE-2024-25125.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25125", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-14T03:15:15.153", - "lastModified": "2024-02-14T13:59:35.580", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-21T20:09:54.923", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -41,7 +61,7 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -49,16 +69,50 @@ "value": "CWE-22" } ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:treasuredata:digdag:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.10.5.1", + "matchCriteriaId": "5E916349-33EE-4699-9665-63883EE2402E" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/treasure-data/digdag/commit/eae89b0daf6c62f12309d8c7194454dfb18cc5c3", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/treasure-data/digdag/security/advisories/GHSA-5mp4-32rr-v3x5", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-257xx/CVE-2024-25718.json b/CVE-2024/CVE-2024-257xx/CVE-2024-25718.json index 95cd3db0f4e..f2961f9499d 100644 --- a/CVE-2024/CVE-2024-257xx/CVE-2024-25718.json +++ b/CVE-2024/CVE-2024-257xx/CVE-2024-25718.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25718", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-11T05:15:08.463", - "lastModified": "2024-08-01T20:35:25.977", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-21T20:29:00.463", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-613" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,30 +81,66 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dropbox:samly:*:*:*:*:*:elixir:*:*", + "versionEndExcluding": "1.4.0", + "matchCriteriaId": "904E687F-58AC-427C-BC63-97ED377CC266" + } + ] + } + ] + } + ], "references": [ { "url": "https://diff.hex.pm/diff/samly/1.3.0..1.4.0", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/dropbox/samly", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/dropbox/samly/pull/13", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/dropbox/samly/pull/13/commits/812b5c3ad076dc9c9334c1a560c8e6470607d1eb", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/handnot2/samly", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://hex.pm/packages/samly", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-301xx/CVE-2024-30157.json b/CVE-2024/CVE-2024-301xx/CVE-2024-30157.json new file mode 100644 index 00000000000..f700c41965f --- /dev/null +++ b/CVE-2024/CVE-2024-301xx/CVE-2024-30157.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-30157", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T21:15:04.620", + "lastModified": "2024-10-21T21:15:04.620", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary database and management operations." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0004", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-301xx/CVE-2024-30158.json b/CVE-2024/CVE-2024-301xx/CVE-2024-30158.json new file mode 100644 index 00000000000..3f25d05a3a2 --- /dev/null +++ b/CVE-2024/CVE-2024-301xx/CVE-2024-30158.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-30158", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T21:15:04.860", + "lastModified": "2024-10-21T21:15:04.860", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary database and management operations." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0004", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-301xx/CVE-2024-30159.json b/CVE-2024/CVE-2024-301xx/CVE-2024-30159.json new file mode 100644 index 00000000000..9a7f944e554 --- /dev/null +++ b/CVE-2024/CVE-2024-301xx/CVE-2024-30159.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-30159", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T21:15:05.073", + "lastModified": "2024-10-21T21:15:05.073", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0005", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-301xx/CVE-2024-30160.json b/CVE-2024/CVE-2024-301xx/CVE-2024-30160.json new file mode 100644 index 00000000000..6355f04fc7c --- /dev/null +++ b/CVE-2024/CVE-2024-301xx/CVE-2024-30160.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-30160", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T21:15:05.190", + "lastModified": "2024-10-21T21:15:05.190", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0005", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-310xx/CVE-2024-31007.json b/CVE-2024/CVE-2024-310xx/CVE-2024-31007.json new file mode 100644 index 00000000000..c2f52c73e70 --- /dev/null +++ b/CVE-2024/CVE-2024-310xx/CVE-2024-31007.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-31007", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T20:15:14.400", + "lastModified": "2024-10-21T21:35:02.513", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Buffer Overflow vulnerability in IrfanView 32bit v.4.66 allows a local attacker to cause a denial of service via a crafted file. Affected component is IrfanView 32bit 4.66 with plugin formats.dll." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/kirito999/IrfanViewBug", + "source": "cve@mitre.org" + }, + { + "url": "https://mediaside.net/irfanview-italia/2024/04/12/4-67-data-di-rilascio-5-aprile-2024/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.fosshub.com/IrfanView.html?dwl=iview466_plugins.zip", + "source": "cve@mitre.org" + }, + { + "url": "https://www.fosshub.com/IrfanView.html?dwl=iview466_setup.exe", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-338xx/CVE-2024-33898.json b/CVE-2024/CVE-2024-338xx/CVE-2024-33898.json index 76fe069138e..0f2f6f9c483 100644 --- a/CVE-2024/CVE-2024-338xx/CVE-2024-33898.json +++ b/CVE-2024/CVE-2024-338xx/CVE-2024-33898.json @@ -2,13 +2,13 @@ "id": "CVE-2024-33898", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-24T22:15:10.207", - "lastModified": "2024-08-01T13:52:11.823", + "lastModified": "2024-10-21T20:15:14.470", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorrect Access Control. An authorization bypass allows remote attackers to achieve unauthenticated remote code execution." + "value": "Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 is affected by an Incorrect Access Control vulnerability. An authorization bypass allows remote attackers to achieve unauthenticated remote code execution." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-352xx/CVE-2024-35285.json b/CVE-2024/CVE-2024-352xx/CVE-2024-35285.json new file mode 100644 index 00000000000..0f47cfd26fd --- /dev/null +++ b/CVE-2024/CVE-2024-352xx/CVE-2024-35285.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-35285", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T21:15:05.307", + "lastModified": "2024-10-21T21:15:05.307", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0013", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-352xx/CVE-2024-35286.json b/CVE-2024/CVE-2024-352xx/CVE-2024-35286.json new file mode 100644 index 00000000000..55b5774f44e --- /dev/null +++ b/CVE-2024/CVE-2024-352xx/CVE-2024-35286.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-35286", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T21:15:05.367", + "lastModified": "2024-10-21T21:15:05.367", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary database and management operations." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0014", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-352xx/CVE-2024-35287.json b/CVE-2024/CVE-2024-352xx/CVE-2024-35287.json new file mode 100644 index 00000000000..b3e5302439f --- /dev/null +++ b/CVE-2024/CVE-2024-352xx/CVE-2024-35287.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-35287", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T21:15:05.450", + "lastModified": "2024-10-21T21:15:05.450", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the NuPoint Messenger (NPM) component of Mitel MiCollab through version 9.8 SP1 (9.8.1.5) could allow an authenticated attacker with administrative privilege to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0023", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-353xx/CVE-2024-35314.json b/CVE-2024/CVE-2024-353xx/CVE-2024-35314.json new file mode 100644 index 00000000000..4a43cd14c0f --- /dev/null +++ b/CVE-2024/CVE-2024-353xx/CVE-2024-35314.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-35314", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T21:15:05.533", + "lastModified": "2024-10-21T21:15:05.533", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary scripts." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0015", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-353xx/CVE-2024-35315.json b/CVE-2024/CVE-2024-353xx/CVE-2024-35315.json new file mode 100644 index 00000000000..caf12abc705 --- /dev/null +++ b/CVE-2024/CVE-2024-353xx/CVE-2024-35315.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-35315", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T21:15:05.613", + "lastModified": "2024-10-21T21:15:05.613", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. A successful exploit could allow an attacker to run arbitrary code with elevated privileges." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0016", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-400xx/CVE-2024-40083.json b/CVE-2024/CVE-2024-400xx/CVE-2024-40083.json new file mode 100644 index 00000000000..51642cba8bd --- /dev/null +++ b/CVE-2024/CVE-2024-400xx/CVE-2024-40083.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-40083", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T21:15:05.703", + "lastModified": "2024-10-21T21:15:05.703", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Buffer Overflow vulnerabilty in the local_app_set_router_token function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via sscanf reading the token and timezone JSON fields into a fixed-length buffer." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://vilo.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/byu-cybersecurity-research/vilo/blob/main/vulns/CVE-2024-40083.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-400xx/CVE-2024-40084.json b/CVE-2024/CVE-2024-400xx/CVE-2024-40084.json new file mode 100644 index 00000000000..c457108af99 --- /dev/null +++ b/CVE-2024/CVE-2024-400xx/CVE-2024-40084.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-40084", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T21:15:05.770", + "lastModified": "2024-10-21T21:15:05.770", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://vilo.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/byu-cybersecurity-research/vilo/blob/main/vulns/CVE-2024-40084.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-400xx/CVE-2024-40085.json b/CVE-2024/CVE-2024-400xx/CVE-2024-40085.json new file mode 100644 index 00000000000..c4c7c424d5c --- /dev/null +++ b/CVE-2024/CVE-2024-400xx/CVE-2024-40085.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-40085", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T21:15:05.853", + "lastModified": "2024-10-21T21:15:05.853", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Buffer Overflow vulnerability in the local_app_set_router_wan function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via pppoe_username and pppoe_password fields being larger than 128 bytes in length." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://vilo.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/byu-cybersecurity-research/vilo/blob/main/vulns/CVE-2024-40085.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-400xx/CVE-2024-40086.json b/CVE-2024/CVE-2024-400xx/CVE-2024-40086.json new file mode 100644 index 00000000000..2532ce194d7 --- /dev/null +++ b/CVE-2024/CVE-2024-400xx/CVE-2024-40086.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-40086", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T21:15:05.923", + "lastModified": "2024-10-21T21:15:05.923", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Buffer Overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via a password field larger than 64 bytes in length." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://vilo.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/byu-cybersecurity-research/vilo/blob/main/vulns/CVE-2024-40086.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-400xx/CVE-2024-40087.json b/CVE-2024/CVE-2024-400xx/CVE-2024-40087.json new file mode 100644 index 00000000000..ac49e175900 --- /dev/null +++ b/CVE-2024/CVE-2024-400xx/CVE-2024-40087.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-40087", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T21:15:06.003", + "lastModified": "2024-10-21T21:15:06.003", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, unauthenticated attackers to gain administrative access over the router." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://vilo.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/byu-cybersecurity-research/vilo/blob/main/vulns/CVE-2024-40087.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-400xx/CVE-2024-40088.json b/CVE-2024/CVE-2024-400xx/CVE-2024-40088.json new file mode 100644 index 00000000000..256eb0bfe6b --- /dev/null +++ b/CVE-2024/CVE-2024-400xx/CVE-2024-40088.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-40088", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T21:15:06.080", + "lastModified": "2024-10-21T21:15:06.080", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any HTTP request." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://vilo.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/byu-cybersecurity-research/vilo/blob/main/vulns/CVE-2024-40088.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-400xx/CVE-2024-40089.json b/CVE-2024/CVE-2024-400xx/CVE-2024-40089.json new file mode 100644 index 00000000000..f02f6784f5b --- /dev/null +++ b/CVE-2024/CVE-2024-400xx/CVE-2024-40089.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-40089", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T21:15:06.150", + "lastModified": "2024-10-21T21:15:06.150", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://vilo.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/byu-cybersecurity-research/vilo/blob/main/vulns/CVE-2024-40089.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-400xx/CVE-2024-40090.json b/CVE-2024/CVE-2024-400xx/CVE-2024-40090.json new file mode 100644 index 00000000000..1e4755aadbd --- /dev/null +++ b/CVE-2024/CVE-2024-400xx/CVE-2024-40090.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-40090", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T21:15:06.223", + "lastModified": "2024-10-21T21:15:06.223", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Information Disclosure. An information leak in the Boa webserver allows remote, unauthenticated attackers to leak memory addresses of uClibc and the stack via sending a GET request to the index page." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://vilo.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/byu-cybersecurity-research/vilo/blob/main/vulns/CVE-2024-40090.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-400xx/CVE-2024-40091.json b/CVE-2024/CVE-2024-400xx/CVE-2024-40091.json new file mode 100644 index 00000000000..7f15100e6a1 --- /dev/null +++ b/CVE-2024/CVE-2024-400xx/CVE-2024-40091.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-40091", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T21:15:06.313", + "lastModified": "2024-10-21T21:15:06.313", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Vilo 5 Mesh WiFi System <= 5.16.1.33 lacks authentication in the Boa webserver, which allows remote, unauthenticated attackers to retrieve logs with sensitive system." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://vilo.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/byu-cybersecurity-research/vilo/blob/main/vulns/CVE-2024-40091.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-417xx/CVE-2024-41712.json b/CVE-2024/CVE-2024-417xx/CVE-2024-41712.json new file mode 100644 index 00000000000..4a11e2f7af4 --- /dev/null +++ b/CVE-2024/CVE-2024-417xx/CVE-2024-41712.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-41712", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T21:15:06.387", + "lastModified": "2024-10-21T21:15:06.387", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an authenticated attacker to conduct a command injection attack, due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary commands on the system within the context of the user." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0022", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-417xx/CVE-2024-41713.json b/CVE-2024/CVE-2024-417xx/CVE-2024-41713.json new file mode 100644 index 00000000000..fb5f967940b --- /dev/null +++ b/CVE-2024/CVE-2024-417xx/CVE-2024-41713.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-41713", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T21:15:06.470", + "lastModified": "2024-10-21T21:15:06.470", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-417xx/CVE-2024-41714.json b/CVE-2024/CVE-2024-417xx/CVE-2024-41714.json new file mode 100644 index 00000000000..a5f4dd1628d --- /dev/null +++ b/CVE-2024/CVE-2024-417xx/CVE-2024-41714.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-41714", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T21:15:06.547", + "lastModified": "2024-10-21T21:15:06.547", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges within the context of the system." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0021", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43456.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43456.json index 0d496309e18..3471dd3473a 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43456.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43456.json @@ -2,8 +2,8 @@ "id": "CVE-2024-43456", "sourceIdentifier": "secure@microsoft.com", "published": "2024-10-08T18:15:09.283", - "lastModified": "2024-10-10T12:56:30.817", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-21T21:28:15.323", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -18,8 +18,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "secure@microsoft.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.2 + }, + { + "source": "secure@microsoft.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", @@ -41,8 +61,18 @@ }, "weaknesses": [ { - "source": "secure@microsoft.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "secure@microsoft.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,10 +81,65 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.7428", + "matchCriteriaId": "AF65E43A-AD45-43C6-A371-7C29C5CA0BA7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.6414", + "matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.20348.2762", + "matchCriteriaId": "F438CECD-698A-4BDF-8B02-B4FE9E5B86E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.1189", + "matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43456", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43488.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43488.json index 7f3c7a9abe1..5c0705f930e 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43488.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43488.json @@ -2,8 +2,8 @@ "id": "CVE-2024-43488", "sourceIdentifier": "secure@microsoft.com", "published": "2024-10-08T18:15:11.030", - "lastModified": "2024-10-10T12:56:30.817", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-21T21:05:53.340", + "vulnStatus": "Analyzed", "cveTags": [ { "sourceIdentifier": "secure@microsoft.com", @@ -25,8 +25,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "secure@microsoft.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + { + "source": "secure@microsoft.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", @@ -48,8 +68,18 @@ }, "weaknesses": [ { - "source": "secure@microsoft.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "secure@microsoft.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -58,10 +88,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:visual_studio_code:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8FF33086-D7CC-44D1-A347-9F3EB50F74A0" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43488", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43504.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43504.json index f7bc7d0b137..6f77d443e36 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43504.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43504.json @@ -2,8 +2,8 @@ "id": "CVE-2024-43504", "sourceIdentifier": "secure@microsoft.com", "published": "2024-10-08T18:15:12.240", - "lastModified": "2024-10-10T12:56:30.817", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-21T21:26:41.257", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -41,8 +41,18 @@ }, "weaknesses": [ { - "source": "secure@microsoft.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "secure@microsoft.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,10 +61,76 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*", + "matchCriteriaId": "3259EBFE-AE2D-48B8-BE9A-E22BBDB31378" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*", + "matchCriteriaId": "CD25F492-9272-4836-832C-8439EBE64CCF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*", + "matchCriteriaId": "CD88F667-6773-4DB7-B6C3-9C7B769C0808" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*", + "matchCriteriaId": "B342EF98-B414-44D0-BAFB-FCA24294EECE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*", + "matchCriteriaId": "CF5DDD09-902E-4881-98D0-CB896333B4AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*", + "matchCriteriaId": "26A3B226-5D7C-4556-9350-5222DC8EFC2C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*", + "matchCriteriaId": "75F7306B-D1DA-48C2-AF87-4480E161D794" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*", + "matchCriteriaId": "BA9BCD55-F71E-4920-B906-A1386843776A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:*:x64:*", + "matchCriteriaId": "C461C8D7-D6DC-47E2-BF64-0872A4D24E43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:*:x86:*", + "matchCriteriaId": "875BEC9A-6123-48A9-8B89-88AEA8422B89" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43504", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43612.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43612.json index b54745a39f5..98a346f5183 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43612.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43612.json @@ -2,8 +2,8 @@ "id": "CVE-2024-43612", "sourceIdentifier": "secure@microsoft.com", "published": "2024-10-08T18:15:29.437", - "lastModified": "2024-10-10T12:56:30.817", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-21T20:48:02.050", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -18,8 +18,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "secure@microsoft.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, + { + "source": "secure@microsoft.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N", @@ -41,8 +61,18 @@ }, "weaknesses": [ { - "source": "secure@microsoft.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "secure@microsoft.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,10 +81,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:power_bi_report_server:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15.0.1116.121", + "matchCriteriaId": "38F60399-DB2D-46B1-811C-FFF3505EA324" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43612", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43614.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43614.json index e1138c20b78..ebd77b9a740 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43614.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43614.json @@ -2,8 +2,8 @@ "id": "CVE-2024-43614", "sourceIdentifier": "secure@microsoft.com", "published": "2024-10-08T18:15:29.623", - "lastModified": "2024-10-10T12:56:30.817", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-21T20:50:38.370", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -18,7 +18,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "secure@microsoft.com", + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -36,13 +36,43 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "secure@microsoft.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, "weaknesses": [ { - "source": "secure@microsoft.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "secure@microsoft.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,10 +81,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:defender_for_endpoint:*:*:*:*:*:linux:*:*", + "versionEndExcluding": "101.24052.0002", + "matchCriteriaId": "B1C19969-2E8D-4FDB-8345-61E3128B7819" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43614", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43615.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43615.json index 2134d2e79aa..32489371f05 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43615.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43615.json @@ -2,8 +2,8 @@ "id": "CVE-2024-43615", "sourceIdentifier": "secure@microsoft.com", "published": "2024-10-08T18:15:29.813", - "lastModified": "2024-10-10T12:56:30.817", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-21T21:00:34.967", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -41,8 +41,18 @@ }, "weaknesses": [ { - "source": "secure@microsoft.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "secure@microsoft.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,10 +61,86 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.6414", + "matchCriteriaId": "3E73B5EB-3264-4FFD-A467-03F716E8B410" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19044.5011", + "matchCriteriaId": "10021958-69E6-4B2A-8DF1-ECA2C2D95328" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.5011", + "matchCriteriaId": "DE70C979-F86C-43B3-BCF6-F8A3E1DB6042" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.3260", + "matchCriteriaId": "68801079-35D1-4489-A0AE-DA780FF4F9BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.4317", + "matchCriteriaId": "E727AE65-9D9E-49BA-A875-9D50FAE9F7DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22631.4317", + "matchCriteriaId": "BB1732A1-CE96-4F6A-BA6D-E67CD42C486D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.26100.2033", + "matchCriteriaId": "E07DF8B6-0DF9-4BF1-9C9B-4A29F9611C8A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.6414", + "matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.20348.2762", + "matchCriteriaId": "F438CECD-698A-4BDF-8B02-B4FE9E5B86E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.1189", + "matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43615", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43616.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43616.json index 1f1ee701232..2f2419f5868 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43616.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43616.json @@ -2,8 +2,8 @@ "id": "CVE-2024-43616", "sourceIdentifier": "secure@microsoft.com", "published": "2024-10-08T18:15:30.020", - "lastModified": "2024-10-10T12:56:30.817", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-21T20:47:00.313", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -41,8 +41,18 @@ }, "weaknesses": [ { - "source": "secure@microsoft.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "secure@microsoft.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,10 +61,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", + "matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*", + "matchCriteriaId": "0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:*:*:*", + "matchCriteriaId": "C5DC4F09-BCC3-4714-BF9D-230DF6445DE4" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43616", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-462xx/CVE-2024-46238.json b/CVE-2024/CVE-2024-462xx/CVE-2024-46238.json index 9531f1b60a9..a174e252b4f 100644 --- a/CVE-2024/CVE-2024-462xx/CVE-2024-46238.json +++ b/CVE-2024/CVE-2024-462xx/CVE-2024-46238.json @@ -2,7 +2,7 @@ "id": "CVE-2024-46238", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T19:15:03.363", - "lastModified": "2024-10-21T19:15:03.363", + "lastModified": "2024-10-21T21:35:03.580", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /admin/add-doctor.php and /admin/edit-doctor.php" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], "references": [ { "url": "https://github.com/anoncoder01/PHP_Gurukul_Hospital_Management_System_XSS/blob/master/vulnerabilities/XSS2.md", diff --git a/CVE-2024/CVE-2024-462xx/CVE-2024-46239.json b/CVE-2024/CVE-2024-462xx/CVE-2024-46239.json index 442525ab359..7ba2cb66a45 100644 --- a/CVE-2024/CVE-2024-462xx/CVE-2024-46239.json +++ b/CVE-2024/CVE-2024-462xx/CVE-2024-46239.json @@ -2,7 +2,7 @@ "id": "CVE-2024-46239", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T19:15:03.413", - "lastModified": "2024-10-21T19:15:03.413", + "lastModified": "2024-10-21T21:35:04.510", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "Multiple cross-site scripting vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /doctor/edit-profile.php and adminremark parameter in /admin/query-details.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], "references": [ { "url": "https://github.com/anoncoder01/PHP_Gurukul_Hospital_Management_System_XSS/blob/master/vulnerabilities/XSS3.md", diff --git a/CVE-2024/CVE-2024-463xx/CVE-2024-46326.json b/CVE-2024/CVE-2024-463xx/CVE-2024-46326.json new file mode 100644 index 00000000000..fb0c7118189 --- /dev/null +++ b/CVE-2024/CVE-2024-463xx/CVE-2024-46326.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-46326", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T20:15:14.637", + "lastModified": "2024-10-21T20:15:14.637", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Public Knowledge Project pkp-lib 3.4.0-7 and earlier is vulnerable to Open redirect due to a lack of input sanitization in the logout function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://drive.google.com/file/d/1AVVw1aibDPBHakU8eTpCA6hna5Ecg2UJ/view", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/beraoudabdelkhalek/research/blob/main/CVEs/CVE-2024-46326/README.md", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/pkp/pkp-lib/issues/10478", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-471xx/CVE-2024-47189.json b/CVE-2024/CVE-2024-471xx/CVE-2024-47189.json new file mode 100644 index 00000000000..5157bc574cd --- /dev/null +++ b/CVE-2024/CVE-2024-471xx/CVE-2024-47189.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-47189", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T20:15:14.697", + "lastModified": "2024-10-21T20:15:14.697", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The API Interface of the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful exploit could allow an attacker with knowledge of specific details to access non-sensitive user provisioning information and execute arbitrary SQL database commands." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0026", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-472xx/CVE-2024-47223.json b/CVE-2024/CVE-2024-472xx/CVE-2024-47223.json new file mode 100644 index 00000000000..86a2ef662c7 --- /dev/null +++ b/CVE-2024/CVE-2024-472xx/CVE-2024-47223.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-47223", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T20:15:14.770", + "lastModified": "2024-10-21T20:15:14.770", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access non-sensitive user provisioning information and execute arbitrary SQL database commands." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0028", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-472xx/CVE-2024-47224.json b/CVE-2024/CVE-2024-472xx/CVE-2024-47224.json new file mode 100644 index 00000000000..7a3a97d7b9b --- /dev/null +++ b/CVE-2024/CVE-2024-472xx/CVE-2024-47224.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-47224", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T21:15:06.650", + "lastModified": "2024-10-21T21:15:06.650", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a CRLF injection attack due to inadequate encoding of user input in URLs. A successful exploit could allow an attacker to perform a phishing attack." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0025", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-477xx/CVE-2024-47793.json b/CVE-2024/CVE-2024-477xx/CVE-2024-47793.json index 4574bef1a04..7858b839349 100644 --- a/CVE-2024/CVE-2024-477xx/CVE-2024-47793.json +++ b/CVE-2024/CVE-2024-477xx/CVE-2024-47793.json @@ -2,16 +2,42 @@ "id": "CVE-2024-47793", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-10-18T06:15:05.230", - "lastModified": "2024-10-18T12:52:33.507", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-21T21:25:36.697", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. When accessing the edit screen containing custom columns (column type: images or files), an arbitrary script may be executed on the web browser of the user." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de Cross-Site Scripting Almacenado en Exment v6.1.4 y versiones anteriores y Exment v5.0.11 y versiones anteriores. Al acceder a la pantalla de edici\u00f3n que contiene columnas personalizadas (tipo de columna: im\u00e1genes o archivos), se puede ejecutar una secuencia de comandos arbitraria en el navegador web del usuario." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "vultures@jpcert.or.jp", @@ -36,6 +62,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "vultures@jpcert.or.jp", "type": "Secondary", @@ -47,18 +83,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:exceedone:exment:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.0.11", + "matchCriteriaId": "2549CC6B-4C04-4F38-975A-898DFB2A1256" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:exceedone:exment:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndExcluding": "6.1.4", + "matchCriteriaId": "8FC82718-B952-41A6-9530-6D0119C504CE" + } + ] + } + ] + } + ], "references": [ { "url": "https://exment.net/docs/#/weakness/20241010", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://exment.net/vulnerability-correspondence-version-6-1-5-and-5-0-12-released/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://jvn.jp/en/jp/JVN74538317/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-479xx/CVE-2024-47912.json b/CVE-2024/CVE-2024-479xx/CVE-2024-47912.json new file mode 100644 index 00000000000..abc71da13b3 --- /dev/null +++ b/CVE-2024/CVE-2024-479xx/CVE-2024-47912.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-47912", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T20:15:14.877", + "lastModified": "2024-10-21T20:15:14.877", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the AWV (Audio, Web, and Video) Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to perform unauthorized data-access attacks due to missing authentication mechanisms. A successful exploit could allow an attacker to access and delete sensitive information." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0027", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-485xx/CVE-2024-48509.json b/CVE-2024/CVE-2024-485xx/CVE-2024-48509.json new file mode 100644 index 00000000000..8363d59831b --- /dev/null +++ b/CVE-2024/CVE-2024-485xx/CVE-2024-48509.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-48509", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T20:15:14.943", + "lastModified": "2024-10-21T20:35:11.953", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Learning with Texts (LWT) 2.0.3 is vulnerable to SQL Injection. This occurs when the application fails to properly sanitize user inputs, allowing attackers to manipulate SQL queries by injecting malicious SQL statements into URL parameters. By exploiting this vulnerability, an attacker could gain unauthorized access to the database, retrieve sensitive information, modify or delete data, and execute arbitrary commands." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://medium.com/%40ChadSecurity/the-cve-2024-48509-vulnerability-overview-df58a6be6864", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-485xx/CVE-2024-48597.json b/CVE-2024/CVE-2024-485xx/CVE-2024-48597.json new file mode 100644 index 00000000000..86fe8dbd4d8 --- /dev/null +++ b/CVE-2024/CVE-2024-485xx/CVE-2024-48597.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-48597", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T20:15:15.010", + "lastModified": "2024-10-21T20:35:13.860", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Online Clinic Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /success/editp.php?action=edit." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/h1-wh0areu/bug_report/blob/main/online-clinic-management-system/SQLi-1.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-486xx/CVE-2024-48645.json b/CVE-2024/CVE-2024-486xx/CVE-2024-48645.json new file mode 100644 index 00000000000..f56f3465f0f --- /dev/null +++ b/CVE-2024/CVE-2024-486xx/CVE-2024-48645.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-48645", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T20:15:15.070", + "lastModified": "2024-10-21T21:35:05.333", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In Minecraft mod \"Command Block IDE\" up to and including version 0.4.9, a missing authorization (CWE-862) allows any user to modify \"function\" files used by the game when installed on a dedicated server." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://gist.github.com/apple502j/f083fbe21a7cfe018036c73a0e5fff9a", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/arm32x/command-block-ide/commit/42e09840168d9c2fe2ee07f4472d296000b2a416", + "source": "cve@mitre.org" + }, + { + "url": "https://modrinth.com/mod/command-block-ide/version/0.4.10", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-486xx/CVE-2024-48659.json b/CVE-2024/CVE-2024-486xx/CVE-2024-48659.json new file mode 100644 index 00000000000..8b8d49f5e1b --- /dev/null +++ b/CVE-2024/CVE-2024-486xx/CVE-2024-48659.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-48659", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-10-21T20:15:15.260", + "lastModified": "2024-10-21T20:15:15.260", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the log_u_umount.php component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/CLan-nad/a879f7696a58656b384c46bf4ba74e80", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50019.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50019.json new file mode 100644 index 00000000000..96c05fb4c21 --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50019.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-50019", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:15.510", + "lastModified": "2024-10-21T20:15:15.510", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkthread: unpark only parked kthread\n\nCalling into kthread unparking unconditionally is mostly harmless when\nthe kthread is already unparked. The wake up is then simply ignored\nbecause the target is not in TASK_PARKED state.\n\nHowever if the kthread is per CPU, the wake up is preceded by a call\nto kthread_bind() which expects the task to be inactive and in\nTASK_PARKED state, which obviously isn't the case if it is unparked.\n\nAs a result, calling kthread_stop() on an unparked per-cpu kthread\ntriggers such a warning:\n\n\tWARNING: CPU: 0 PID: 11 at kernel/kthread.c:525 __kthread_bind_mask kernel/kthread.c:525\n\t \n\t kthread_stop+0x17a/0x630 kernel/kthread.c:707\n\t destroy_workqueue+0x136/0xc40 kernel/workqueue.c:5810\n\t wg_destruct+0x1e2/0x2e0 drivers/net/wireguard/device.c:257\n\t netdev_run_todo+0xe1a/0x1000 net/core/dev.c:10693\n\t default_device_exit_batch+0xa14/0xa90 net/core/dev.c:11769\n\t ops_exit_list net/core/net_namespace.c:178 [inline]\n\t cleanup_net+0x89d/0xcc0 net/core/net_namespace.c:640\n\t process_one_work kernel/workqueue.c:3231 [inline]\n\t process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312\n\t worker_thread+0x86d/0xd70 kernel/workqueue.c:3393\n\t kthread+0x2f0/0x390 kernel/kthread.c:389\n\t ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n\t ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\t \n\nFix this with skipping unecessary unparking while stopping a kthread." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/19a5029981c87c2ad0845e713837faa88f5d8e2b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/214e01ad4ed7158cab66498810094fac5d09b218", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/40a6e660d2a3a7a5cb99f0b8ff4fb41bad039f68", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8608196a155cb6cfae04d96b10a2652d0327e33f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cda5423c1a1c906062ef235c940f249b97d9d135", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50020.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50020.json new file mode 100644 index 00000000000..94ef2c93b3e --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50020.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-50020", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:15.573", + "lastModified": "2024-10-21T20:15:15.573", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count()\n\nThis patch addresses an issue with improper reference count handling in the\nice_sriov_set_msix_vec_count() function.\n\nFirst, the function calls ice_get_vf_by_id(), which increments the\nreference count of the vf pointer. If the subsequent call to\nice_get_vf_vsi() fails, the function currently returns an error without\ndecrementing the reference count of the vf pointer, leading to a reference\ncount leak. The correct behavior, as implemented in this patch, is to\ndecrement the reference count using ice_put_vf(vf) before returning an\nerror when vsi is NULL.\n\nSecond, the function calls ice_sriov_get_irqs(), which sets\nvf->first_vector_idx. If this call returns a negative value, indicating an\nerror, the function returns an error without decrementing the reference\ncount of the vf pointer, resulting in another reference count leak. The\npatch addresses this by adding a call to ice_put_vf(vf) before returning\nan error when vf->first_vector_idx < 0.\n\nThis bug was identified by an experimental static analysis tool developed\nby our team. The tool specializes in analyzing reference count operations\nand identifying potential mismanagement of reference counts. In this case,\nthe tool flagged the missing decrement operation as a potential issue,\nleading to this patch." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/416dbb815ca69684de148328990ba0ec53e6dbc1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d517cf89874c6039e6294b18d66f40988e62502a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50021.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50021.json new file mode 100644 index 00000000000..4cf7cee83ea --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50021.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-50021", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:15.630", + "lastModified": "2024-10-21T20:15:15.630", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper handling of refcount in ice_dpll_init_rclk_pins()\n\nThis patch addresses a reference count handling issue in the\nice_dpll_init_rclk_pins() function. The function calls ice_dpll_get_pins(),\nwhich increments the reference count of the relevant resources. However,\nif the condition WARN_ON((!vsi || !vsi->netdev)) is met, the function\ncurrently returns an error without properly releasing the resources\nacquired by ice_dpll_get_pins(), leading to a reference count leak.\n\nTo resolve this, the check has been moved to the top of the function. This\nensures that the function verifies the state before any resources are\nacquired, avoiding the need for additional resource management in the\nerror path.\n\nThis bug was identified by an experimental static analysis tool developed\nby our team. The tool specializes in analyzing reference count operations\nand detecting potential issues where resources are not properly managed.\nIn this case, the tool flagged the missing release operation as a\npotential problem, which led to the development of this patch." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/aefecead9d08f4a35ab6f51ba2e408d2cef4e31d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ccca30a18e36a742e606d5bf0630e75be7711d0a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50022.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50022.json new file mode 100644 index 00000000000..2d93493a838 --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50022.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-50022", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:15.690", + "lastModified": "2024-10-21T20:15:15.690", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndevice-dax: correct pgoff align in dax_set_mapping()\n\npgoff should be aligned using ALIGN_DOWN() instead of ALIGN(). Otherwise,\nvmf->address not aligned to fault_size will be aligned to the next\nalignment, that can result in memory failure getting the wrong address.\n\nIt's a subtle situation that only can be observed in\npage_mapped_in_vma() after the page is page fault handled by\ndev_dax_huge_fault. Generally, there is little chance to perform\npage_mapped_in_vma in dev-dax's page unless in specific error injection\nto the dax device to trigger an MCE - memory-failure. In that case,\npage_mapped_in_vma() will be triggered to determine which task is\naccessing the failure address and kill that task in the end.\n\n\nWe used self-developed dax device (which is 2M aligned mapping) , to\nperform error injection to random address. It turned out that error\ninjected to non-2M-aligned address was causing endless MCE until panic.\nBecause page_mapped_in_vma() kept resulting wrong address and the task\naccessing the failure address was never killed properly:\n\n\n[ 3783.719419] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3784.049006] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3784.049190] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3784.448042] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3784.448186] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3784.792026] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3784.792179] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3785.162502] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3785.162633] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3785.461116] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3785.461247] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3785.764730] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3785.764859] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3786.042128] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3786.042259] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3786.464293] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3786.464423] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3786.818090] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3786.818217] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3787.085297] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3787.085424] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n\nIt took us several weeks to pinpoint this problem,\u00a0 but we eventually\nused bpftrace to trace the page fault and mce address and successfully\nidentified the issue.\n\n\nJoao added:\n\n; Likely we never reproduce in production because we always pin\n: device-dax regions in the region align they provide (Qemu does\n: similarly with prealloc in hugetlb/file backed memory). I think this\n: bug requires that we touch *unpinned* device-dax regions unaligned to\n: the device-dax selected alignment (page size i.e. 4K/2M/1G)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/7fcbd9785d4c17ea533c42f20a9083a83f301fa6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9c4198dfdca818c5ce19c764d90eabd156bbc6da", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b822007e8db341d6f175c645ed79866db501ad86", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e877427d218159ac29c9326100920d24330c9ee6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50023.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50023.json new file mode 100644 index 00000000000..94d5950aed2 --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50023.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-50023", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:15.763", + "lastModified": "2024-10-21T20:15:15.763", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: Remove LED entry from LEDs list on unregister\n\nCommit c938ab4da0eb (\"net: phy: Manual remove LEDs to ensure correct\nordering\") correctly fixed a problem with using devm_ but missed\nremoving the LED entry from the LEDs list.\n\nThis cause kernel panic on specific scenario where the port for the PHY\nis torn down and up and the kmod for the PHY is removed.\n\nOn setting the port down the first time, the assosiacted LEDs are\ncorrectly unregistered. The associated kmod for the PHY is now removed.\nThe kmod is now added again and the port is now put up, the associated LED\nare registered again.\nOn putting the port down again for the second time after these step, the\nLED list now have 4 elements. With the first 2 already unregistered\npreviously and the 2 new one registered again.\n\nThis cause a kernel panic as the first 2 element should have been\nremoved.\n\nFix this by correctly removing the element when LED is unregistered." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/143ffa7878e2d9d9c3836ee8304ce4930f7852a3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f50b5d74c68e551667e265123659b187a30fe3a5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fba363f4d244269a0ba7abb8df953a244c6749af", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50024.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50024.json new file mode 100644 index 00000000000..599053d8201 --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50024.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2024-50024", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:15.850", + "lastModified": "2024-10-21T20:15:15.850", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix an unsafe loop on the list\n\nThe kernel may crash when deleting a genetlink family if there are still\nlisteners for that family:\n\nOops: Kernel access of bad area, sig: 11 [#1]\n ...\n NIP [c000000000c080bc] netlink_update_socket_mc+0x3c/0xc0\n LR [c000000000c0f764] __netlink_clear_multicast_users+0x74/0xc0\n Call Trace:\n__netlink_clear_multicast_users+0x74/0xc0\ngenl_unregister_family+0xd4/0x2d0\n\nChange the unsafe loop on the list to a safe one, because inside the\nloop there is an element removal from this list." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1cdec792b2450105b1314c5123a9a0452cb2c2f0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1dae9f1187189bc09ff6d25ca97ead711f7e26f9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3be342e0332a7c83eb26fbb22bf156fdca467a5d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/49f9b726bf2bf3dd2caf0d27cadf4bc1ccf7a7dd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5f03a7f601f33cda1f710611625235dc86fd8a9e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/68ad5da6ca630a276f0a5c924179e57724d00013", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50025.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50025.json new file mode 100644 index 00000000000..1ed66a357a3 --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50025.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-50025", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:15.930", + "lastModified": "2024-10-21T20:15:15.930", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: fnic: Move flush_work initialization out of if block\n\nAfter commit 379a58caa199 (\"scsi: fnic: Move fnic_fnic_flush_tx() to a\nwork queue\"), it can happen that a work item is sent to an uninitialized\nwork queue. This may has the effect that the item being queued is never\nactually queued, and any further actions depending on it will not\nproceed.\n\nThe following warning is observed while the fnic driver is loaded:\n\nkernel: WARNING: CPU: 11 PID: 0 at ../kernel/workqueue.c:1524 __queue_work+0x373/0x410\nkernel: \nkernel: queue_work_on+0x3a/0x50\nkernel: fnic_wq_copy_cmpl_handler+0x54a/0x730 [fnic 62fbff0c42e7fb825c60a55cde2fb91facb2ed24]\nkernel: fnic_isr_msix_wq_copy+0x2d/0x60 [fnic 62fbff0c42e7fb825c60a55cde2fb91facb2ed24]\nkernel: __handle_irq_event_percpu+0x36/0x1a0\nkernel: handle_irq_event_percpu+0x30/0x70\nkernel: handle_irq_event+0x34/0x60\nkernel: handle_edge_irq+0x7e/0x1a0\nkernel: __common_interrupt+0x3b/0xb0\nkernel: common_interrupt+0x58/0xa0\nkernel: \n\nIt has been observed that this may break the rediscovery of Fibre\nChannel devices after a temporary fabric failure.\n\nThis patch fixes it by moving the work queue initialization out of\nan if block in fnic_probe()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/6b7836b80061bf1accc5d78b12bc086aed252388", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f30e5f77d2f205ac14d09dec40fd4bb76712f13d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50026.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50026.json new file mode 100644 index 00000000000..b7c855ddb32 --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50026.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-50026", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:15.993", + "lastModified": "2024-10-21T20:15:15.993", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: wd33c93: Don't use stale scsi_pointer value\n\nA regression was introduced with commit dbb2da557a6a (\"scsi: wd33c93:\nMove the SCSI pointer to private command data\") which results in an oops\nin wd33c93_intr(). That commit added the scsi_pointer variable and\ninitialized it from hostdata->connected. However, during selection,\nhostdata->connected is not yet valid. Fix this by getting the current\nscsi_pointer from hostdata->selecting." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3afeceda855dea9b85cddd96307d4d17c8742005", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9023ed8d91eb1fcc93e64dc4962f7412b1c4cbec", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b60ff1a95c7c386cdd6153de3d7d85edaeabd800", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e04642a207f1d2ae28a08624c04c67f5681f3451", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50027.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50027.json new file mode 100644 index 00000000000..47fadb2724c --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50027.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-50027", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:16.093", + "lastModified": "2024-10-21T20:15:16.093", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: core: Free tzp copy along with the thermal zone\n\nThe object pointed to by tz->tzp may still be accessed after being\nfreed in thermal_zone_device_unregister(), so move the freeing of it\nto the point after the removal completion has been completed at which\nit cannot be accessed any more." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/827a07525c099f54d3b15110408824541ec66b3c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bdb0d40507c85bee33c2a71fde7b2e857346f112", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50028.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50028.json new file mode 100644 index 00000000000..9bcf540b165 --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50028.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-50028", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:16.163", + "lastModified": "2024-10-21T20:15:16.163", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: core: Reference count the zone in thermal_zone_get_by_id()\n\nThere are places in the thermal netlink code where nothing prevents\nthe thermal zone object from going away while being accessed after it\nhas been returned by thermal_zone_get_by_id().\n\nTo address this, make thermal_zone_get_by_id() get a reference on the\nthermal zone device object to be returned with the help of get_device(),\nunder thermal_list_lock, and adjust all of its callers to this change\nwith the help of the cleanup.h infrastructure." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/a42a5839f400e929c489bb1b58f54596c4535167", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c95538b286efc6109c987e97a051bc7844ede802", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50029.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50029.json new file mode 100644 index 00000000000..8d9071c6dd2 --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50029.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-50029", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:16.227", + "lastModified": "2024-10-21T20:15:16.227", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync\n\nThis checks if the ACL connection remains valid as it could be destroyed\nwhile hci_enhanced_setup_sync is pending on cmd_sync leading to the\nfollowing trace:\n\nBUG: KASAN: slab-use-after-free in hci_enhanced_setup_sync+0x91b/0xa60\nRead of size 1 at addr ffff888002328ffd by task kworker/u5:2/37\n\nCPU: 0 UID: 0 PID: 37 Comm: kworker/u5:2 Not tainted 6.11.0-rc6-01300-g810be445d8d6 #7099\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \n dump_stack_lvl+0x5d/0x80\n ? hci_enhanced_setup_sync+0x91b/0xa60\n print_report+0x152/0x4c0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n ? __virt_addr_valid+0x1fa/0x420\n ? hci_enhanced_setup_sync+0x91b/0xa60\n kasan_report+0xda/0x1b0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n hci_enhanced_setup_sync+0x91b/0xa60\n ? __pfx_hci_enhanced_setup_sync+0x10/0x10\n ? __pfx___mutex_lock+0x10/0x10\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n ? __pfx_lock_acquire+0x10/0x10\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x167/0x240\n worker_thread+0x5b7/0xf60\n ? __kthread_parkme+0xac/0x1c0\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x293/0x360\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2f/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \n\nAllocated by task 34:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __hci_conn_add+0x187/0x17d0\n hci_connect_sco+0x2e1/0xb90\n sco_sock_connect+0x2a2/0xb80\n __sys_connect+0x227/0x2a0\n __x64_sys_connect+0x6d/0xb0\n do_syscall_64+0x71/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 37:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x101/0x160\n kfree+0xd0/0x250\n device_release+0x9a/0x210\n kobject_put+0x151/0x280\n hci_conn_del+0x448/0xbf0\n hci_abort_conn_sync+0x46f/0x980\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n worker_thread+0x5b7/0xf60\n kthread+0x293/0x360\n ret_from_fork+0x2f/0x70\n ret_from_fork_asm+0x1a/0x30" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/18fd04ad856df07733f5bb07e7f7168e7443d393", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/867639300759e3e1c5b1e1a5ff89231f263a32a7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/98ccd44002d88cbf4edfc4480df532a3da5a013e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50030.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50030.json new file mode 100644 index 00000000000..1aa8a6e468a --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50030.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-50030", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:16.290", + "lastModified": "2024-10-21T20:15:16.290", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/ct: prevent UAF in send_recv()\n\nEnsure we serialize with completion side to prevent UAF with fence going\nout of scope on the stack, since we have no clue if it will fire after\nthe timeout before we can erase from the xa. Also we have some dependent\nloads and stores for which we need the correct ordering, and we lack the\nneeded barriers. Fix this by grabbing the ct->lock after the wait, which\nis also held by the completion side.\n\nv2 (Badal):\n - Also print done after acquiring the lock and seeing timeout.\n\n(cherry picked from commit 52789ce35c55ccd30c4b67b9cc5b2af55e0122ea)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/8ed7dd4c55e4fb21531a9645aeb66a30eaf43a46", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/db7f92af626178ba59dbbcdd5dee9ec24a987a88", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50031.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50031.json new file mode 100644 index 00000000000..dd2be7177ca --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50031.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-50031", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:16.350", + "lastModified": "2024-10-21T20:15:16.350", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Stop the active perfmon before being destroyed\n\nWhen running `kmscube` with one or more performance monitors enabled\nvia `GALLIUM_HUD`, the following kernel panic can occur:\n\n[ 55.008324] Unable to handle kernel paging request at virtual address 00000000052004a4\n[ 55.008368] Mem abort info:\n[ 55.008377] ESR = 0x0000000096000005\n[ 55.008387] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 55.008402] SET = 0, FnV = 0\n[ 55.008412] EA = 0, S1PTW = 0\n[ 55.008421] FSC = 0x05: level 1 translation fault\n[ 55.008434] Data abort info:\n[ 55.008442] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 55.008455] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 55.008467] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 55.008481] user pgtable: 4k pages, 39-bit VAs, pgdp=00000001046c6000\n[ 55.008497] [00000000052004a4] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 55.008525] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 55.008542] Modules linked in: rfcomm [...] vc4 v3d snd_soc_hdmi_codec drm_display_helper\ngpu_sched drm_shmem_helper cec drm_dma_helper drm_kms_helper i2c_brcmstb\ndrm drm_panel_orientation_quirks snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm snd_timer snd backlight\n[ 55.008799] CPU: 2 PID: 166 Comm: v3d_bin Tainted: G C 6.6.47+rpt-rpi-v8 #1 Debian 1:6.6.47-1+rpt1\n[ 55.008824] Hardware name: Raspberry Pi 4 Model B Rev 1.5 (DT)\n[ 55.008838] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 55.008855] pc : __mutex_lock.constprop.0+0x90/0x608\n[ 55.008879] lr : __mutex_lock.constprop.0+0x58/0x608\n[ 55.008895] sp : ffffffc080673cf0\n[ 55.008904] x29: ffffffc080673cf0 x28: 0000000000000000 x27: ffffff8106188a28\n[ 55.008926] x26: ffffff8101e78040 x25: ffffff8101baa6c0 x24: ffffffd9d989f148\n[ 55.008947] x23: ffffffda1c2a4008 x22: 0000000000000002 x21: ffffffc080673d38\n[ 55.008968] x20: ffffff8101238000 x19: ffffff8104f83188 x18: 0000000000000000\n[ 55.008988] x17: 0000000000000000 x16: ffffffda1bd04d18 x15: 00000055bb08bc90\n[ 55.009715] x14: 0000000000000000 x13: 0000000000000000 x12: ffffffda1bd4cbb0\n[ 55.010433] x11: 00000000fa83b2da x10: 0000000000001a40 x9 : ffffffda1bd04d04\n[ 55.011162] x8 : ffffff8102097b80 x7 : 0000000000000000 x6 : 00000000030a5857\n[ 55.011880] x5 : 00ffffffffffffff x4 : 0300000005200470 x3 : 0300000005200470\n[ 55.012598] x2 : ffffff8101238000 x1 : 0000000000000021 x0 : 0300000005200470\n[ 55.013292] Call trace:\n[ 55.013959] __mutex_lock.constprop.0+0x90/0x608\n[ 55.014646] __mutex_lock_slowpath+0x1c/0x30\n[ 55.015317] mutex_lock+0x50/0x68\n[ 55.015961] v3d_perfmon_stop+0x40/0xe0 [v3d]\n[ 55.016627] v3d_bin_job_run+0x10c/0x2d8 [v3d]\n[ 55.017282] drm_sched_main+0x178/0x3f8 [gpu_sched]\n[ 55.017921] kthread+0x11c/0x128\n[ 55.018554] ret_from_fork+0x10/0x20\n[ 55.019168] Code: f9400260 f1001c1f 54001ea9 927df000 (b9403401)\n[ 55.019776] ---[ end trace 0000000000000000 ]---\n[ 55.020411] note: v3d_bin[166] exited with preempt_count 1\n\nThis issue arises because, upon closing the file descriptor (which happens\nwhen we interrupt `kmscube`), the active performance monitor is not\nstopped. Although all perfmons are destroyed in `v3d_perfmon_close_file()`,\nthe active performance monitor's pointer (`v3d->active_perfmon`) is still\nretained.\n\nIf `kmscube` is run again, the driver will attempt to stop the active\nperformance monitor using the stale pointer in `v3d->active_perfmon`.\nHowever, this pointer is no longer valid because the previous process has\nalready terminated, and all performance monitors associated with it have\nbeen destroyed and freed.\n\nTo fix this, when the active performance monitor belongs to a given\nprocess, explicitly stop it before destroying and freeing it." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/07c51108d9e278831c16191d1223ee49986e7890", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/0c9e9a3a4873705740b19300cadc6599170646ef", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/24ab54a066d2ef671b03eb909ca2114c0c9ac1e7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/333767cbce6ac20ec794c76eec82ed0ef55022db", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7d1fd3638ee3a9f9bca4785fffb638ca19120718", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50032.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50032.json new file mode 100644 index 00000000000..45a98a37007 --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50032.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-50032", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:16.417", + "lastModified": "2024-10-21T20:15:16.417", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu/nocb: Fix rcuog wake-up from offline softirq\n\nAfter a CPU has set itself offline and before it eventually calls\nrcutree_report_cpu_dead(), there are still opportunities for callbacks\nto be enqueued, for example from a softirq. When that happens on NOCB,\nthe rcuog wake-up is deferred through an IPI to an online CPU in order\nnot to call into the scheduler and risk arming the RT-bandwidth after\nhrtimers have been migrated out and disabled.\n\nBut performing a synchronized IPI from a softirq is buggy as reported in\nthe following scenario:\n\n WARNING: CPU: 1 PID: 26 at kernel/smp.c:633 smp_call_function_single\n Modules linked in: rcutorture torture\n CPU: 1 UID: 0 PID: 26 Comm: migration/1 Not tainted 6.11.0-rc1-00012-g9139f93209d1 #1\n Stopper: multi_cpu_stop+0x0/0x320 <- __stop_cpus+0xd0/0x120\n RIP: 0010:smp_call_function_single\n \n swake_up_one_online\n __call_rcu_nocb_wake\n __call_rcu_common\n ? rcu_torture_one_read\n call_timer_fn\n __run_timers\n run_timer_softirq\n handle_softirqs\n irq_exit_rcu\n ? tick_handle_periodic\n sysvec_apic_timer_interrupt\n \n\nFix this with forcing deferred rcuog wake up through the NOCB timer when\nthe CPU is offline. The actual wake up will happen from\nrcutree_report_cpu_dead()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/84a5feebba10354c683983f5f1372a144225e4c2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e66b1e01f2eb3209d08122572f41f7838b79540d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f7345ccc62a4b880cf76458db5f320725f28e400", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50033.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50033.json new file mode 100644 index 00000000000..4bb39c04bff --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50033.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2024-50033", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:16.477", + "lastModified": "2024-10-21T20:15:16.477", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nslip: make slhc_remember() more robust against malicious packets\n\nsyzbot found that slhc_remember() was missing checks against\nmalicious packets [1].\n\nslhc_remember() only checked the size of the packet was at least 20,\nwhich is not good enough.\n\nWe need to make sure the packet includes the IPv4 and TCP header\nthat are supposed to be carried.\n\nAdd iph and th pointers to make the code more readable.\n\n[1]\n\nBUG: KMSAN: uninit-value in slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666\n slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666\n ppp_receive_nonmp_frame+0xe45/0x35e0 drivers/net/ppp/ppp_generic.c:2455\n ppp_receive_frame drivers/net/ppp/ppp_generic.c:2372 [inline]\n ppp_do_recv+0x65f/0x40d0 drivers/net/ppp/ppp_generic.c:2212\n ppp_input+0x7dc/0xe60 drivers/net/ppp/ppp_generic.c:2327\n pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113\n __release_sock+0x1da/0x330 net/core/sock.c:3072\n release_sock+0x6b/0x250 net/core/sock.c:3626\n pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\n __do_sys_sendmmsg net/socket.c:2771 [inline]\n __se_sys_sendmmsg net/socket.c:2768 [inline]\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4091 [inline]\n slab_alloc_node mm/slub.c:4134 [inline]\n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1322 [inline]\n sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732\n pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\n __do_sys_sendmmsg net/socket.c:2771 [inline]\n __se_sys_sendmmsg net/socket.c:2768 [inline]\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 5460 Comm: syz.2.33 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/29e8d96d44f51cf89a62dd042be35d052833b95c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/36b054324d18e51cf466134e13b6fbe3c91f52af", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5e336384cc9b608e0551f99c3d87316ca3b0e51a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7d3fce8cbe3a70a1c7c06c9b53696be5d5d8dd5c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8bb79eb1db85a10865f0d4dd15b013def3f2d246", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ff5e0f895315706e4ca5a19df15be6866cee4f5d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50034.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50034.json new file mode 100644 index 00000000000..3a10c0b1468 --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50034.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-50034", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:16.553", + "lastModified": "2024-10-21T20:15:16.553", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC\n\nEric report a panic on IPPROTO_SMC, and give the facts\nthat when INET_PROTOSW_ICSK was set, icsk->icsk_sync_mss must be set too.\n\nBug: Unable to handle kernel NULL pointer dereference at virtual address\n0000000000000000\nMem abort info:\nESR = 0x0000000086000005\nEC = 0x21: IABT (current EL), IL = 32 bits\nSET = 0, FnV = 0\nEA = 0, S1PTW = 0\nFSC = 0x05: level 1 translation fault\nuser pgtable: 4k pages, 48-bit VAs, pgdp=00000001195d1000\n[0000000000000000] pgd=0800000109c46003, p4d=0800000109c46003,\npud=0000000000000000\nInternal error: Oops: 0000000086000005 [#1] PREEMPT SMP\nModules linked in:\nCPU: 1 UID: 0 PID: 8037 Comm: syz.3.265 Not tainted\n6.11.0-rc7-syzkaller-g5f5673607153 #0\nHardware name: Google Google Compute Engine/Google Compute Engine,\nBIOS Google 08/06/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : 0x0\nlr : cipso_v4_sock_setattr+0x2a8/0x3c0 net/ipv4/cipso_ipv4.c:1910\nsp : ffff80009b887a90\nx29: ffff80009b887aa0 x28: ffff80008db94050 x27: 0000000000000000\nx26: 1fffe0001aa6f5b3 x25: dfff800000000000 x24: ffff0000db75da00\nx23: 0000000000000000 x22: ffff0000d8b78518 x21: 0000000000000000\nx20: ffff0000d537ad80 x19: ffff0000d8b78000 x18: 1fffe000366d79ee\nx17: ffff8000800614a8 x16: ffff800080569b84 x15: 0000000000000001\nx14: 000000008b336894 x13: 00000000cd96feaa x12: 0000000000000003\nx11: 0000000000040000 x10: 00000000000020a3 x9 : 1fffe0001b16f0f1\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 000000000000003f\nx5 : 0000000000000040 x4 : 0000000000000001 x3 : 0000000000000000\nx2 : 0000000000000002 x1 : 0000000000000000 x0 : ffff0000d8b78000\nCall trace:\n0x0\nnetlbl_sock_setattr+0x2e4/0x338 net/netlabel/netlabel_kapi.c:1000\nsmack_netlbl_add+0xa4/0x154 security/smack/smack_lsm.c:2593\nsmack_socket_post_create+0xa8/0x14c security/smack/smack_lsm.c:2973\nsecurity_socket_post_create+0x94/0xd4 security/security.c:4425\n__sock_create+0x4c8/0x884 net/socket.c:1587\nsock_create net/socket.c:1622 [inline]\n__sys_socket_create net/socket.c:1659 [inline]\n__sys_socket+0x134/0x340 net/socket.c:1706\n__do_sys_socket net/socket.c:1720 [inline]\n__se_sys_socket net/socket.c:1718 [inline]\n__arm64_sys_socket+0x7c/0x94 net/socket.c:1718\n__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\ninvoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\nel0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\ndo_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\nel0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712\nel0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\nel0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\nCode: ???????? ???????? ???????? ???????? (????????)\n---[ end trace 0000000000000000 ]---\n\nThis patch add a toy implementation that performs a simple return to\nprevent such panic. This is because MSS can be set in sock_create_kern\nor smc_setsockopt, similar to how it's done in AF_SMC. However, for\nAF_SMC, there is currently no way to synchronize MSS within\n__sys_connect_file. This toy implementation lays the groundwork for us\nto support such feature for IPPROTO_SMC in the future." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/44dc50df15f5bd4221d8f708885a9d49cda7f57e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6fd27ea183c208e478129a85e11d880fc70040f2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50035.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50035.json new file mode 100644 index 00000000000..ebc28eebf4f --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50035.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2024-50035", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:16.640", + "lastModified": "2024-10-21T20:15:16.640", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: fix ppp_async_encode() illegal access\n\nsyzbot reported an issue in ppp_async_encode() [1]\n\nIn this case, pppoe_sendmsg() is called with a zero size.\nThen ppp_async_encode() is called with an empty skb.\n\nBUG: KMSAN: uninit-value in ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline]\n BUG: KMSAN: uninit-value in ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675\n ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline]\n ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675\n ppp_async_send+0x130/0x1b0 drivers/net/ppp/ppp_async.c:634\n ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2280 [inline]\n ppp_input+0x1f1/0xe60 drivers/net/ppp/ppp_generic.c:2304\n pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113\n __release_sock+0x1da/0x330 net/core/sock.c:3072\n release_sock+0x6b/0x250 net/core/sock.c:3626\n pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\n __do_sys_sendmmsg net/socket.c:2771 [inline]\n __se_sys_sendmmsg net/socket.c:2768 [inline]\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4092 [inline]\n slab_alloc_node mm/slub.c:4135 [inline]\n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4187\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1322 [inline]\n sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732\n pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\n __do_sys_sendmmsg net/socket.c:2771 [inline]\n __se_sys_sendmmsg net/socket.c:2768 [inline]\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 1 UID: 0 PID: 5411 Comm: syz.1.14 Not tainted 6.12.0-rc1-syzkaller-00165-g360c1f1f24c6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/30d91a478d58cbae3dbaa8224d17d0d839f0d71b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/40dddd4b8bd08a69471efd96107a4e1c73fabefc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8fe992ff3df493d1949922ca234419f3ede08dff", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c007a14797240607038bd3464501109f408940e2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ce249a4c68d0ce27a8c5d853338d502e2711a314", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fadf8fdb3110d3138e05c3765f645535434f8d76", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50036.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50036.json new file mode 100644 index 00000000000..fe2eff46598 --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50036.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-50036", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:16.717", + "lastModified": "2024-10-21T20:15:16.717", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not delay dst_entries_add() in dst_release()\n\ndst_entries_add() uses per-cpu data that might be freed at netns\ndismantle from ip6_route_net_exit() calling dst_entries_destroy()\n\nBefore ip6_route_net_exit() can be called, we release all\nthe dsts associated with this netns, via calls to dst_release(),\nwhich waits an rcu grace period before calling dst_destroy()\n\ndst_entries_add() use in dst_destroy() is racy, because\ndst_entries_destroy() could have been called already.\n\nDecrementing the number of dsts must happen sooner.\n\nNotes:\n\n1) in CONFIG_XFRM case, dst_destroy() can call\n dst_release_immediate(child), this might also cause UAF\n if the child does not have DST_NOCOUNT set.\n IPSEC maintainers might take a look and see how to address this.\n\n2) There is also discussion about removing this count of dst,\n which might happen in future kernels." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3c7c918ec0aa3555372c5a57f18780b7a96c5cfc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ac888d58869bb99753e7652be19a151df9ecb35d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eae7435b48ffc8e9be0ff9cfeae40af479a609dd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50037.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50037.json new file mode 100644 index 00000000000..aff62c6e793 --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50037.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-50037", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:16.790", + "lastModified": "2024-10-21T20:15:16.790", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/fbdev-dma: Only cleanup deferred I/O if necessary\n\nCommit 5a498d4d06d6 (\"drm/fbdev-dma: Only install deferred I/O if\nnecessary\") initializes deferred I/O only if it is used.\ndrm_fbdev_dma_fb_destroy() however calls fb_deferred_io_cleanup()\nunconditionally with struct fb_info.fbdefio == NULL. KASAN with the\nout-of-tree Apple silicon display driver posts following warning from\n__flush_work() of a random struct work_struct instead of the expected\nNULL pointer derefs.\n\n[ 22.053799] ------------[ cut here ]------------\n[ 22.054832] WARNING: CPU: 2 PID: 1 at kernel/workqueue.c:4177 __flush_work+0x4d8/0x580\n[ 22.056597] Modules linked in: uhid bnep uinput nls_ascii ip6_tables ip_tables i2c_dev loop fuse dm_multipath nfnetlink zram hid_magicmouse btrfs xor xor_neon brcmfmac_wcc raid6_pq hci_bcm4377 bluetooth brcmfmac hid_apple brcmutil nvmem_spmi_mfd simple_mfd_spmi dockchannel_hid cfg80211 joydev regmap_spmi nvme_apple ecdh_generic ecc macsmc_hid rfkill dwc3 appledrm snd_soc_macaudio macsmc_power nvme_core apple_isp phy_apple_atc apple_sart apple_rtkit_helper apple_dockchannel tps6598x macsmc_hwmon snd_soc_cs42l84 videobuf2_v4l2 spmi_apple_controller nvmem_apple_efuses videobuf2_dma_sg apple_z2 videobuf2_memops spi_nor panel_summit videobuf2_common asahi videodev pwm_apple apple_dcp snd_soc_apple_mca apple_admac spi_apple clk_apple_nco i2c_pasemi_platform snd_pcm_dmaengine mc i2c_pasemi_core mux_core ofpart adpdrm drm_dma_helper apple_dart apple_soc_cpufreq leds_pwm phram\n[ 22.073768] CPU: 2 UID: 0 PID: 1 Comm: systemd-shutdow Not tainted 6.11.2-asahi+ #asahi-dev\n[ 22.075612] Hardware name: Apple MacBook Pro (13-inch, M2, 2022) (DT)\n[ 22.077032] pstate: 01400005 (nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[ 22.078567] pc : __flush_work+0x4d8/0x580\n[ 22.079471] lr : __flush_work+0x54/0x580\n[ 22.080345] sp : ffffc000836ef820\n[ 22.081089] x29: ffffc000836ef880 x28: 0000000000000000 x27: ffff80002ddb7128\n[ 22.082678] x26: dfffc00000000000 x25: 1ffff000096f0c57 x24: ffffc00082d3e358\n[ 22.084263] x23: ffff80004b7862b8 x22: dfffc00000000000 x21: ffff80005aa1d470\n[ 22.085855] x20: ffff80004b786000 x19: ffff80004b7862a0 x18: 0000000000000000\n[ 22.087439] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000005\n[ 22.089030] x14: 1ffff800106ddf0a x13: 0000000000000000 x12: 0000000000000000\n[ 22.090618] x11: ffffb800106ddf0f x10: dfffc00000000000 x9 : 1ffff800106ddf0e\n[ 22.092206] x8 : 0000000000000000 x7 : aaaaaaaaaaaaaaaa x6 : 0000000000000001\n[ 22.093790] x5 : ffffc000836ef728 x4 : 0000000000000000 x3 : 0000000000000020\n[ 22.095368] x2 : 0000000000000008 x1 : 00000000000000aa x0 : 0000000000000000\n[ 22.096955] Call trace:\n[ 22.097505] __flush_work+0x4d8/0x580\n[ 22.098330] flush_delayed_work+0x80/0xb8\n[ 22.099231] fb_deferred_io_cleanup+0x3c/0x130\n[ 22.100217] drm_fbdev_dma_fb_destroy+0x6c/0xe0 [drm_dma_helper]\n[ 22.101559] unregister_framebuffer+0x210/0x2f0\n[ 22.102575] drm_fb_helper_unregister_info+0x48/0x60\n[ 22.103683] drm_fbdev_dma_client_unregister+0x4c/0x80 [drm_dma_helper]\n[ 22.105147] drm_client_dev_unregister+0x1cc/0x230\n[ 22.106217] drm_dev_unregister+0x58/0x570\n[ 22.107125] apple_drm_unbind+0x50/0x98 [appledrm]\n[ 22.108199] component_del+0x1f8/0x3a8\n[ 22.109042] dcp_platform_shutdown+0x24/0x38 [apple_dcp]\n[ 22.110357] platform_shutdown+0x70/0x90\n[ 22.111219] device_shutdown+0x368/0x4d8\n[ 22.112095] kernel_restart+0x6c/0x1d0\n[ 22.112946] __arm64_sys_reboot+0x1c8/0x328\n[ 22.113868] invoke_syscall+0x78/0x1a8\n[ 22.114703] do_el0_svc+0x124/0x1a0\n[ 22.115498] el0_svc+0x3c/0xe0\n[ 22.116181] el0t_64_sync_handler+0x70/0xc0\n[ 22.117110] el0t_64_sync+0x190/0x198\n[ 22.117931] ---[ end trace 0000000000000000 ]---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5a4a8ea14c54c651ec532a480bd560d0c6e52f3d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fcddc71ec7ecf15b4df3c41288c9cf0b8e886111", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50038.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50038.json new file mode 100644 index 00000000000..8b5df5d9743 --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50038.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-50038", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:16.877", + "lastModified": "2024-10-21T20:15:16.877", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xtables: avoid NFPROTO_UNSPEC where needed\n\nsyzbot managed to call xt_cluster match via ebtables:\n\n WARNING: CPU: 0 PID: 11 at net/netfilter/xt_cluster.c:72 xt_cluster_mt+0x196/0x780\n [..]\n ebt_do_table+0x174b/0x2a40\n\nModule registers to NFPROTO_UNSPEC, but it assumes ipv4/ipv6 packet\nprocessing. As this is only useful to restrict locally terminating\nTCP/UDP traffic, register this for ipv4 and ipv6 family only.\n\nPablo points out that this is a general issue, direct users of the\nset/getsockopt interface can call into targets/matches that were only\nintended for use with ip(6)tables.\n\nCheck all UNSPEC matches and targets for similar issues:\n\n- matches and targets are fine except if they assume skb_network_header()\n is valid -- this is only true when called from inet layer: ip(6) stack\n pulls the ip/ipv6 header into linear data area.\n- targets that return XT_CONTINUE or other xtables verdicts must be\n restricted too, they are incompatbile with the ebtables traverser, e.g.\n EBT_CONTINUE is a completely different value than XT_CONTINUE.\n\nMost matches/targets are changed to register for NFPROTO_IPV4/IPV6, as\nthey are provided for use by ip(6)tables.\n\nThe MARK target is also used by arptables, so register for NFPROTO_ARP too.\n\nWhile at it, bail out if connbytes fails to enable the corresponding\nconntrack family.\n\nThis change passes the selftests in iptables.git." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0bfcb7b71e735560077a42847f69597ec7dcc326", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4cdc55ec6222bb195995cc58f7cb46e4d8907056", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/85ff9a0f793ca52c527e75cd40a69c948627ebde", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8f482bb7e27b37f1f734bb9a8eeb28b23d59d189", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/997f67d813ce0cf5eb3cdb8f124da68141e91b6c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50039.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50039.json new file mode 100644 index 00000000000..1705d2fe65a --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50039.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2024-50039", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:16.957", + "lastModified": "2024-10-21T20:15:16.957", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: accept TCA_STAB only for root qdisc\n\nMost qdiscs maintain their backlog using qdisc_pkt_len(skb)\non the assumption it is invariant between the enqueue()\nand dequeue() handlers.\n\nUnfortunately syzbot can crash a host rather easily using\na TBF + SFQ combination, with an STAB on SFQ [1]\n\nWe can't support TCA_STAB on arbitrary level, this would\nrequire to maintain per-qdisc storage.\n\n[1]\n[ 88.796496] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 88.798611] #PF: supervisor read access in kernel mode\n[ 88.799014] #PF: error_code(0x0000) - not-present page\n[ 88.799506] PGD 0 P4D 0\n[ 88.799829] Oops: Oops: 0000 [#1] SMP NOPTI\n[ 88.800569] CPU: 14 UID: 0 PID: 2053 Comm: b371744477 Not tainted 6.12.0-rc1-virtme #1117\n[ 88.801107] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 88.801779] RIP: 0010:sfq_dequeue (net/sched/sch_sfq.c:272 net/sched/sch_sfq.c:499) sch_sfq\n[ 88.802544] Code: 0f b7 50 12 48 8d 04 d5 00 00 00 00 48 89 d6 48 29 d0 48 8b 91 c0 01 00 00 48 c1 e0 03 48 01 c2 66 83 7a 1a 00 7e c0 48 8b 3a <4c> 8b 07 4c 89 02 49 89 50 08 48 c7 47 08 00 00 00 00 48 c7 07 00\nAll code\n========\n 0:\t0f b7 50 12 \tmovzwl 0x12(%rax),%edx\n 4:\t48 8d 04 d5 00 00 00 \tlea 0x0(,%rdx,8),%rax\n b:\t00\n c:\t48 89 d6 \tmov %rdx,%rsi\n f:\t48 29 d0 \tsub %rdx,%rax\n 12:\t48 8b 91 c0 01 00 00 \tmov 0x1c0(%rcx),%rdx\n 19:\t48 c1 e0 03 \tshl $0x3,%rax\n 1d:\t48 01 c2 \tadd %rax,%rdx\n 20:\t66 83 7a 1a 00 \tcmpw $0x0,0x1a(%rdx)\n 25:\t7e c0 \tjle 0xffffffffffffffe7\n 27:\t48 8b 3a \tmov (%rdx),%rdi\n 2a:*\t4c 8b 07 \tmov (%rdi),%r8\t\t<-- trapping instruction\n 2d:\t4c 89 02 \tmov %r8,(%rdx)\n 30:\t49 89 50 08 \tmov %rdx,0x8(%r8)\n 34:\t48 c7 47 08 00 00 00 \tmovq $0x0,0x8(%rdi)\n 3b:\t00\n 3c:\t48 \trex.W\n 3d:\tc7 \t.byte 0xc7\n 3e:\t07 \t(bad)\n\t...\n\nCode starting with the faulting instruction\n===========================================\n 0:\t4c 8b 07 \tmov (%rdi),%r8\n 3:\t4c 89 02 \tmov %r8,(%rdx)\n 6:\t49 89 50 08 \tmov %rdx,0x8(%r8)\n a:\t48 c7 47 08 00 00 00 \tmovq $0x0,0x8(%rdi)\n 11:\t00\n 12:\t48 \trex.W\n 13:\tc7 \t.byte 0xc7\n 14:\t07 \t(bad)\n\t...\n[ 88.803721] RSP: 0018:ffff9a1f892b7d58 EFLAGS: 00000206\n[ 88.804032] RAX: 0000000000000000 RBX: ffff9a1f8420c800 RCX: ffff9a1f8420c800\n[ 88.804560] RDX: ffff9a1f81bc1440 RSI: 0000000000000000 RDI: 0000000000000000\n[ 88.805056] RBP: ffffffffc04bb0e0 R08: 0000000000000001 R09: 00000000ff7f9a1f\n[ 88.805473] R10: 000000000001001b R11: 0000000000009a1f R12: 0000000000000140\n[ 88.806194] R13: 0000000000000001 R14: ffff9a1f886df400 R15: ffff9a1f886df4ac\n[ 88.806734] FS: 00007f445601a740(0000) GS:ffff9a2e7fd80000(0000) knlGS:0000000000000000\n[ 88.807225] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 88.807672] CR2: 0000000000000000 CR3: 000000050cc46000 CR4: 00000000000006f0\n[ 88.808165] Call Trace:\n[ 88.808459] \n[ 88.808710] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)\n[ 88.809261] ? page_fault_oops (arch/x86/mm/fault.c:715)\n[ 88.809561] ? exc_page_fault (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:87 ./arch/x86/include/asm/irqflags.h:147 arch/x86/mm/fault.c:1489 arch/x86/mm/fault.c:1539)\n[ 88.809806] ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623)\n[ 88.810074] ? sfq_dequeue (net/sched/sch_sfq.c:272 net/sched/sch_sfq.c:499) sch_sfq\n[ 88.810411] sfq_reset (net/sched/sch_sfq.c:525) sch_sfq\n[ 88.810671] qdisc_reset (./include/linux/skbuff.h:2135 ./include/linux/skbuff.h:2441 ./include/linux/skbuff.h:3304 ./include/linux/skbuff.h:3310 net/sched/sch_g\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1edf039ee01788ffc25625fe58a903ae2efa213e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3cb7cf1540ddff5473d6baeb530228d19bc97b8a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3dc6ee96473cc2962c6db4297d4631f261be150f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/76feedc74b90270390fbfdf74a2e944e96872363", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8fb6503592d39065316f45d267c5527b4e7cd995", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/adbc3eef43fc94c7c8436da832691ae02333a972", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50040.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50040.json new file mode 100644 index 00000000000..8a92f13b774 --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50040.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2024-50040", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:17.050", + "lastModified": "2024-10-21T20:15:17.050", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Do not bring the device up after non-fatal error\n\nCommit 004d25060c78 (\"igb: Fix igb_down hung on surprise removal\")\nchanged igb_io_error_detected() to ignore non-fatal pcie errors in order\nto avoid hung task that can happen when igb_down() is called multiple\ntimes. This caused an issue when processing transient non-fatal errors.\nigb_io_resume(), which is called after igb_io_error_detected(), assumes\nthat device is brought down by igb_io_error_detected() if the interface\nis up. This resulted in panic with stacktrace below.\n\n[ T3256] igb 0000:09:00.0 haeth0: igb: haeth0 NIC Link is Down\n[ T292] pcieport 0000:00:1c.5: AER: Uncorrected (Non-Fatal) error received: 0000:09:00.0\n[ T292] igb 0000:09:00.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)\n[ T292] igb 0000:09:00.0: device [8086:1537] error status/mask=00004000/00000000\n[ T292] igb 0000:09:00.0: [14] CmpltTO [ 200.105524,009][ T292] igb 0000:09:00.0: AER: TLP Header: 00000000 00000000 00000000 00000000\n[ T292] pcieport 0000:00:1c.5: AER: broadcast error_detected message\n[ T292] igb 0000:09:00.0: Non-correctable non-fatal error reported.\n[ T292] pcieport 0000:00:1c.5: AER: broadcast mmio_enabled message\n[ T292] pcieport 0000:00:1c.5: AER: broadcast resume message\n[ T292] ------------[ cut here ]------------\n[ T292] kernel BUG at net/core/dev.c:6539!\n[ T292] invalid opcode: 0000 [#1] PREEMPT SMP\n[ T292] RIP: 0010:napi_enable+0x37/0x40\n[ T292] Call Trace:\n[ T292] \n[ T292] ? die+0x33/0x90\n[ T292] ? do_trap+0xdc/0x110\n[ T292] ? napi_enable+0x37/0x40\n[ T292] ? do_error_trap+0x70/0xb0\n[ T292] ? napi_enable+0x37/0x40\n[ T292] ? napi_enable+0x37/0x40\n[ T292] ? exc_invalid_op+0x4e/0x70\n[ T292] ? napi_enable+0x37/0x40\n[ T292] ? asm_exc_invalid_op+0x16/0x20\n[ T292] ? napi_enable+0x37/0x40\n[ T292] igb_up+0x41/0x150\n[ T292] igb_io_resume+0x25/0x70\n[ T292] report_resume+0x54/0x70\n[ T292] ? report_frozen_detected+0x20/0x20\n[ T292] pci_walk_bus+0x6c/0x90\n[ T292] ? aer_print_port_info+0xa0/0xa0\n[ T292] pcie_do_recovery+0x22f/0x380\n[ T292] aer_process_err_devices+0x110/0x160\n[ T292] aer_isr+0x1c1/0x1e0\n[ T292] ? disable_irq_nosync+0x10/0x10\n[ T292] irq_thread_fn+0x1a/0x60\n[ T292] irq_thread+0xe3/0x1a0\n[ T292] ? irq_set_affinity_notifier+0x120/0x120\n[ T292] ? irq_affinity_notify+0x100/0x100\n[ T292] kthread+0xe2/0x110\n[ T292] ? kthread_complete_and_exit+0x20/0x20\n[ T292] ret_from_fork+0x2d/0x50\n[ T292] ? kthread_complete_and_exit+0x20/0x20\n[ T292] ret_from_fork_asm+0x11/0x20\n[ T292] \n\nTo fix this issue igb_io_resume() checks if the interface is running and\nthe device is not down this means igb_io_error_detected() did not bring\nthe device down and there is no need to bring it up." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0a94079e3841d00ea5abb05e3233d019a86745f6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/330a699ecbfc9c26ec92c6310686da1230b4e7eb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/500be93c5d53b7e2c5314292012185f0207bad0c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/57c5053eaa5f9a8a99e34732e37a86615318e464", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6a39c8f5c8aae74c5ab2ba466791f59ffaab0178", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d79af3af2f49c6aae9add3d492c04d60c1b85ce4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50041.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50041.json new file mode 100644 index 00000000000..69f97ce2611 --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50041.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-50041", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:17.133", + "lastModified": "2024-10-21T20:15:17.133", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix macvlan leak by synchronizing access to mac_filter_hash\n\nThis patch addresses a macvlan leak issue in the i40e driver caused by\nconcurrent access to vsi->mac_filter_hash. The leak occurs when multiple\nthreads attempt to modify the mac_filter_hash simultaneously, leading to\ninconsistent state and potential memory leaks.\n\nTo fix this, we now wrap the calls to i40e_del_mac_filter() and zeroing\nvf->default_lan_addr.addr with spin_lock/unlock_bh(&vsi->mac_filter_hash_lock),\nensuring atomic operations and preventing concurrent access.\n\nAdditionally, we add lockdep_assert_held(&vsi->mac_filter_hash_lock) in\ni40e_add_mac_filter() to help catch similar issues in the future.\n\nReproduction steps:\n1. Spawn VFs and configure port vlan on them.\n2. Trigger concurrent macvlan operations (e.g., adding and deleting\n\tportvlan and/or mac filters).\n3. Observe the potential memory leak and inconsistent state in the\n\tmac_filter_hash.\n\nThis synchronization ensures the integrity of the mac_filter_hash and prevents\nthe described leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/703c4d820b31bcadf465288d5746c53445f02a55", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8831abff1bd5b6bc8224f0c0671f46fbd702b5b2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9a9747288ba0a9ad4f5c9877f18dd245770ad64e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9db6ce9e2738b05a3672aff4d42169cf3bb5a3e3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dac6c7b3d33756d6ce09f00a96ea2ecd79fae9fb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50042.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50042.json new file mode 100644 index 00000000000..a265555e383 --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50042.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-50042", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:17.200", + "lastModified": "2024-10-21T20:15:17.200", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix increasing MSI-X on VF\n\nIncreasing MSI-X value on a VF leads to invalid memory operations. This\nis caused by not reallocating some arrays.\n\nReproducer:\n modprobe ice\n echo 0 > /sys/bus/pci/devices/$PF_PCI/sriov_drivers_autoprobe\n echo 1 > /sys/bus/pci/devices/$PF_PCI/sriov_numvfs\n echo 17 > /sys/bus/pci/devices/$VF0_PCI/sriov_vf_msix_count\n\nDefault MSI-X is 16, so 17 and above triggers this issue.\n\nKASAN reports:\n\n BUG: KASAN: slab-out-of-bounds in ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]\n Read of size 8 at addr ffff8888b937d180 by task bash/28433\n (...)\n\n Call Trace:\n (...)\n ? ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]\n kasan_report+0xed/0x120\n ? ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]\n ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]\n ice_vsi_cfg_def+0x3360/0x4770 [ice]\n ? mutex_unlock+0x83/0xd0\n ? __pfx_ice_vsi_cfg_def+0x10/0x10 [ice]\n ? __pfx_ice_remove_vsi_lkup_fltr+0x10/0x10 [ice]\n ice_vsi_cfg+0x7f/0x3b0 [ice]\n ice_vf_reconfig_vsi+0x114/0x210 [ice]\n ice_sriov_set_msix_vec_count+0x3d0/0x960 [ice]\n sriov_vf_msix_count_store+0x21c/0x300\n (...)\n\n Allocated by task 28201:\n (...)\n ice_vsi_cfg_def+0x1c8e/0x4770 [ice]\n ice_vsi_cfg+0x7f/0x3b0 [ice]\n ice_vsi_setup+0x179/0xa30 [ice]\n ice_sriov_configure+0xcaa/0x1520 [ice]\n sriov_numvfs_store+0x212/0x390\n (...)\n\nTo fix it, use ice_vsi_rebuild() instead of ice_vf_reconfig_vsi(). This\ncauses the required arrays to be reallocated taking the new queue count\ninto account (ice_vsi_realloc_stat_arrays()). Set req_txq and req_rxq\nbefore ice_vsi_rebuild(), so that realloc uses the newly set queue\ncount.\n\nAdditionally, ice_vsi_rebuild() does not remove VSI filters\n(ice_fltr_remove_all()), so ice_vf_init_host_cfg() is no longer\nnecessary." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/bce9af1b030bf59d51bbabf909a3ef164787e44e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cbda6197929418fabf0e45ecf9b7a76360944c70", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50043.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50043.json new file mode 100644 index 00000000000..5f4b4883339 --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50043.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-50043", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:17.263", + "lastModified": "2024-10-21T20:15:17.263", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix possible badness in FREE_STATEID\n\nWhen multiple FREE_STATEIDs are sent for the same delegation stateid,\nit can lead to a possible either use-after-free or counter refcount\nunderflow errors.\n\nIn nfsd4_free_stateid() under the client lock we find a delegation\nstateid, however the code drops the lock before calling nfs4_put_stid(),\nthat allows another FREE_STATE to find the stateid again. The first one\nwill proceed to then free the stateid which leads to either\nuse-after-free or decrementing already zeroed counter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/7ca9e472ce5c67daa3188a348ece8c02a0765039", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c88c150a467fcb670a1608e2272beeee3e86df6e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50044.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50044.json new file mode 100644 index 00000000000..a22ec4bc919 --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50044.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2024-50044", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:17.313", + "lastModified": "2024-10-21T20:15:17.313", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change\n\nrfcomm_sk_state_change attempts to use sock_lock so it must never be\ncalled with it locked but rfcomm_sock_ioctl always attempt to lock it\ncausing the following trace:\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted\n------------------------------------------------------\nsyz-executor386/5093 is trying to acquire lock:\nffff88807c396258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1671 [inline]\nffff88807c396258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sk_state_change+0x5b/0x310 net/bluetooth/rfcomm/sock.c:73\n\nbut task is already holding lock:\nffff88807badfd28 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x226/0x6a0 net/bluetooth/rfcomm/core.c:491" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/08d1914293dae38350b8088980e59fbc699a72fe", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/38b2d5a57d125e1c17661b8308c0240c4a43b534", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/496b2ab0fd10f205e08909a125485fdc98843dbe", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4cb9807c9b53bf1e5560420d26f319f528b50268", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ced98072d3511b232ae1d3347945f35f30c0e303", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ef44274dae9b0a90d1a97ce8b242a3b8243a7745", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50045.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50045.json new file mode 100644 index 00000000000..fd5def703e1 --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50045.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2024-50045", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:17.373", + "lastModified": "2024-10-21T20:15:17.373", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: br_netfilter: fix panic with metadata_dst skb\n\nFix a kernel panic in the br_netfilter module when sending untagged\ntraffic via a VxLAN device.\nThis happens during the check for fragmentation in br_nf_dev_queue_xmit.\n\nIt is dependent on:\n1) the br_netfilter module being loaded;\n2) net.bridge.bridge-nf-call-iptables set to 1;\n3) a bridge with a VxLAN (single-vxlan-device) netdevice as a bridge port;\n4) untagged frames with size higher than the VxLAN MTU forwarded/flooded\n\nWhen forwarding the untagged packet to the VxLAN bridge port, before\nthe netfilter hooks are called, br_handle_egress_vlan_tunnel is called and\nchanges the skb_dst to the tunnel dst. The tunnel_dst is a metadata type\nof dst, i.e., skb_valid_dst(skb) is false, and metadata->dst.dev is NULL.\n\nThen in the br_netfilter hooks, in br_nf_dev_queue_xmit, there's a check\nfor frames that needs to be fragmented: frames with higher MTU than the\nVxLAN device end up calling br_nf_ip_fragment, which in turns call\nip_skb_dst_mtu.\n\nThe ip_dst_mtu tries to use the skb_dst(skb) as if it was a valid dst\nwith valid dst->dev, thus the crash.\n\nThis case was never supported in the first place, so drop the packet\ninstead.\n\nPING 10.0.0.2 (10.0.0.2) from 0.0.0.0 h1-eth0: 2000(2028) bytes of data.\n[ 176.291791] Unable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000110\n[ 176.292101] Mem abort info:\n[ 176.292184] ESR = 0x0000000096000004\n[ 176.292322] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 176.292530] SET = 0, FnV = 0\n[ 176.292709] EA = 0, S1PTW = 0\n[ 176.292862] FSC = 0x04: level 0 translation fault\n[ 176.293013] Data abort info:\n[ 176.293104] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 176.293488] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 176.293787] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 176.293995] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000043ef5000\n[ 176.294166] [0000000000000110] pgd=0000000000000000,\np4d=0000000000000000\n[ 176.294827] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 176.295252] Modules linked in: vxlan ip6_udp_tunnel udp_tunnel veth\nbr_netfilter bridge stp llc ipv6 crct10dif_ce\n[ 176.295923] CPU: 0 PID: 188 Comm: ping Not tainted\n6.8.0-rc3-g5b3fbd61b9d1 #2\n[ 176.296314] Hardware name: linux,dummy-virt (DT)\n[ 176.296535] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS\nBTYPE=--)\n[ 176.296808] pc : br_nf_dev_queue_xmit+0x390/0x4ec [br_netfilter]\n[ 176.297382] lr : br_nf_dev_queue_xmit+0x2ac/0x4ec [br_netfilter]\n[ 176.297636] sp : ffff800080003630\n[ 176.297743] x29: ffff800080003630 x28: 0000000000000008 x27:\nffff6828c49ad9f8\n[ 176.298093] x26: ffff6828c49ad000 x25: 0000000000000000 x24:\n00000000000003e8\n[ 176.298430] x23: 0000000000000000 x22: ffff6828c4960b40 x21:\nffff6828c3b16d28\n[ 176.298652] x20: ffff6828c3167048 x19: ffff6828c3b16d00 x18:\n0000000000000014\n[ 176.298926] x17: ffffb0476322f000 x16: ffffb7e164023730 x15:\n0000000095744632\n[ 176.299296] x14: ffff6828c3f1c880 x13: 0000000000000002 x12:\nffffb7e137926a70\n[ 176.299574] x11: 0000000000000001 x10: ffff6828c3f1c898 x9 :\n0000000000000000\n[ 176.300049] x8 : ffff6828c49bf070 x7 : 0008460f18d5f20e x6 :\nf20e0100bebafeca\n[ 176.300302] x5 : ffff6828c7f918fe x4 : ffff6828c49bf070 x3 :\n0000000000000000\n[ 176.300586] x2 : 0000000000000000 x1 : ffff6828c3c7ad00 x0 :\nffff6828c7f918f0\n[ 176.300889] Call trace:\n[ 176.301123] br_nf_dev_queue_xmit+0x390/0x4ec [br_netfilter]\n[ 176.301411] br_nf_post_routing+0x2a8/0x3e4 [br_netfilter]\n[ 176.301703] nf_hook_slow+0x48/0x124\n[ 176.302060] br_forward_finish+0xc8/0xe8 [bridge]\n[ 176.302371] br_nf_hook_thresh+0x124/0x134 [br_netfilter]\n[ 176.302605] br_nf_forward_finish+0x118/0x22c [br_netfilter]\n[ 176.302824] br_nf_forward_ip.part.0+0x264/0x290 [br_netfilter]\n[ 176.303136] br_nf_forward+0x2b8/0x4e0 [br_netfilter]\n[ 176.303359] nf_hook_slow+0x48/0x124\n[ 176.303\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3453f5839420bfbb85c86c61e49f49ffd0f041c4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/78ed917133b118661e1fe62d4a85d5d428ee9568", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/915717e0bb9837cc5c101bc545af487bd787239e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/95c0cff5a1a5d28bf623b92eb5d1a8f56ed30803", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cce8419b8168f6e7eb637103a47f916f3de8bc81", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f9ff7665cd128012868098bbd07e28993e314fdb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50046.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50046.json new file mode 100644 index 00000000000..ad50191590f --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50046.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2024-50046", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:17.437", + "lastModified": "2024-10-21T20:15:17.437", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()\n\nOn the node of an NFS client, some files saved in the mountpoint of the\nNFS server were copied to another location of the same NFS server.\nAccidentally, the nfs42_complete_copies() got a NULL-pointer dereference\ncrash with the following syslog:\n\n[232064.838881] NFSv4: state recovery failed for open file nfs/pvc-12b5200d-cd0f-46a3-b9f0-af8f4fe0ef64.qcow2, error = -116\n[232064.839360] NFSv4: state recovery failed for open file nfs/pvc-12b5200d-cd0f-46a3-b9f0-af8f4fe0ef64.qcow2, error = -116\n[232066.588183] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000058\n[232066.588586] Mem abort info:\n[232066.588701] ESR = 0x0000000096000007\n[232066.588862] EC = 0x25: DABT (current EL), IL = 32 bits\n[232066.589084] SET = 0, FnV = 0\n[232066.589216] EA = 0, S1PTW = 0\n[232066.589340] FSC = 0x07: level 3 translation fault\n[232066.589559] Data abort info:\n[232066.589683] ISV = 0, ISS = 0x00000007\n[232066.589842] CM = 0, WnR = 0\n[232066.589967] user pgtable: 64k pages, 48-bit VAs, pgdp=00002000956ff400\n[232066.590231] [0000000000000058] pgd=08001100ae100003, p4d=08001100ae100003, pud=08001100ae100003, pmd=08001100b3c00003, pte=0000000000000000\n[232066.590757] Internal error: Oops: 96000007 [#1] SMP\n[232066.590958] Modules linked in: rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs ocfs2_dlmfs ocfs2_stack_o2cb ocfs2_dlm vhost_net vhost vhost_iotlb tap tun ipt_rpfilter xt_multiport ip_set_hash_ip ip_set_hash_net xfrm_interface xfrm6_tunnel tunnel4 tunnel6 esp4 ah4 wireguard libcurve25519_generic veth xt_addrtype xt_set nf_conntrack_netlink ip_set_hash_ipportnet ip_set_hash_ipportip ip_set_bitmap_port ip_set_hash_ipport dummy ip_set ip_vs_sh ip_vs_wrr ip_vs_rr ip_vs iptable_filter sch_ingress nfnetlink_cttimeout vport_gre ip_gre ip_tunnel gre vport_geneve geneve vport_vxlan vxlan ip6_udp_tunnel udp_tunnel openvswitch nf_conncount dm_round_robin dm_service_time dm_multipath xt_nat xt_MASQUERADE nft_chain_nat nf_nat xt_mark xt_conntrack xt_comment nft_compat nft_counter nf_tables nfnetlink ocfs2 ocfs2_nodemanager ocfs2_stackglue iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ipmi_ssif nbd overlay 8021q garp mrp bonding tls rfkill sunrpc ext4 mbcache jbd2\n[232066.591052] vfat fat cas_cache cas_disk ses enclosure scsi_transport_sas sg acpi_ipmi ipmi_si ipmi_devintf ipmi_msghandler ip_tables vfio_pci vfio_pci_core vfio_virqfd vfio_iommu_type1 vfio dm_mirror dm_region_hash dm_log dm_mod nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter bridge stp llc fuse xfs libcrc32c ast drm_vram_helper qla2xxx drm_kms_helper syscopyarea crct10dif_ce sysfillrect ghash_ce sysimgblt sha2_ce fb_sys_fops cec sha256_arm64 sha1_ce drm_ttm_helper ttm nvme_fc igb sbsa_gwdt nvme_fabrics drm nvme_core i2c_algo_bit i40e scsi_transport_fc megaraid_sas aes_neon_bs\n[232066.596953] CPU: 6 PID: 4124696 Comm: 10.253.166.125- Kdump: loaded Not tainted 5.15.131-9.cl9_ocfs2.aarch64 #1\n[232066.597356] Hardware name: Great Wall .\\x93\\x8e...RF6260 V5/GWMSSE2GL1T, BIOS T656FBE_V3.0.18 2024-01-06\n[232066.597721] pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[232066.598034] pc : nfs4_reclaim_open_state+0x220/0x800 [nfsv4]\n[232066.598327] lr : nfs4_reclaim_open_state+0x12c/0x800 [nfsv4]\n[232066.598595] sp : ffff8000f568fc70\n[232066.598731] x29: ffff8000f568fc70 x28: 0000000000001000 x27: ffff21003db33000\n[232066.599030] x26: ffff800005521ae0 x25: ffff0100f98fa3f0 x24: 0000000000000001\n[232066.599319] x23: ffff800009920008 x22: ffff21003db33040 x21: ffff21003db33050\n[232066.599628] x20: ffff410172fe9e40 x19: ffff410172fe9e00 x18: 0000000000000000\n[232066.599914] x17: 0000000000000000 x16: 0000000000000004 x15: 0000000000000000\n[232066.600195] x14: 0000000000000000 x13: ffff800008e685a8 x12: 00000000eac0c6e6\n[232066.600498] x11: 00000000000000\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/584c019baedddec3fd634053e8fb2d8836108d38", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/632344b9efa064ca737bfcdaaaced59fd5f18ae9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a848c29e3486189aaabd5663bc11aea50c5bd144", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ef9189bb15dcbe7ed3f3515aaa6fc8bf7483960d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f892165c564e3aab272948dbb556cc20e290c55a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fca41e5fa4914d12b2136c25f9dad69520b52683", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50047.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50047.json new file mode 100644 index 00000000000..70927e18817 --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50047.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-50047", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:17.507", + "lastModified": "2024-10-21T20:15:17.507", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix UAF in async decryption\n\nDoing an async decryption (large read) crashes with a\nslab-use-after-free way down in the crypto API.\n\nReproducer:\n # mount.cifs -o ...,seal,esize=1 //srv/share /mnt\n # dd if=/mnt/largefile of=/dev/null\n ...\n [ 194.196391] ==================================================================\n [ 194.196844] BUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xc1/0x110\n [ 194.197269] Read of size 8 at addr ffff888112bd0448 by task kworker/u77:2/899\n [ 194.197707]\n [ 194.197818] CPU: 12 UID: 0 PID: 899 Comm: kworker/u77:2 Not tainted 6.11.0-lku-00028-gfca3ca14a17a-dirty #43\n [ 194.198400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014\n [ 194.199046] Workqueue: smb3decryptd smb2_decrypt_offload [cifs]\n [ 194.200032] Call Trace:\n [ 194.200191] \n [ 194.200327] dump_stack_lvl+0x4e/0x70\n [ 194.200558] ? gf128mul_4k_lle+0xc1/0x110\n [ 194.200809] print_report+0x174/0x505\n [ 194.201040] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n [ 194.201352] ? srso_return_thunk+0x5/0x5f\n [ 194.201604] ? __virt_addr_valid+0xdf/0x1c0\n [ 194.201868] ? gf128mul_4k_lle+0xc1/0x110\n [ 194.202128] kasan_report+0xc8/0x150\n [ 194.202361] ? gf128mul_4k_lle+0xc1/0x110\n [ 194.202616] gf128mul_4k_lle+0xc1/0x110\n [ 194.202863] ghash_update+0x184/0x210\n [ 194.203103] shash_ahash_update+0x184/0x2a0\n [ 194.203377] ? __pfx_shash_ahash_update+0x10/0x10\n [ 194.203651] ? srso_return_thunk+0x5/0x5f\n [ 194.203877] ? crypto_gcm_init_common+0x1ba/0x340\n [ 194.204142] gcm_hash_assoc_remain_continue+0x10a/0x140\n [ 194.204434] crypt_message+0xec1/0x10a0 [cifs]\n [ 194.206489] ? __pfx_crypt_message+0x10/0x10 [cifs]\n [ 194.208507] ? srso_return_thunk+0x5/0x5f\n [ 194.209205] ? srso_return_thunk+0x5/0x5f\n [ 194.209925] ? srso_return_thunk+0x5/0x5f\n [ 194.210443] ? srso_return_thunk+0x5/0x5f\n [ 194.211037] decrypt_raw_data+0x15f/0x250 [cifs]\n [ 194.212906] ? __pfx_decrypt_raw_data+0x10/0x10 [cifs]\n [ 194.214670] ? srso_return_thunk+0x5/0x5f\n [ 194.215193] smb2_decrypt_offload+0x12a/0x6c0 [cifs]\n\nThis is because TFM is being used in parallel.\n\nFix this by allocating a new AEAD TFM for async decryption, but keep\nthe existing one for synchronous READ cases (similar to what is done\nin smb3_calc_signature()).\n\nAlso remove the calls to aead_request_set_callback() and\ncrypto_wait_req() since it's always going to be a synchronous operation." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0809fb86ad13b29e1d6d491364fc7ea4fb545995", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/538c26d9bf70c90edc460d18c81008a4e555925a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b0abcd65ec545701b8793e12bc27dc98042b151a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50048.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50048.json new file mode 100644 index 00000000000..a6594e3457a --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50048.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-50048", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:17.580", + "lastModified": "2024-10-21T20:15:17.580", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: Fix a NULL pointer dereference issue in fbcon_putcs\n\nsyzbot has found a NULL pointer dereference bug in fbcon.\nHere is the simplified C reproducer:\n\nstruct param {\n\tuint8_t type;\n\tstruct tiocl_selection ts;\n};\n\nint main()\n{\n\tstruct fb_con2fbmap con2fb;\n\tstruct param param;\n\n\tint fd = open(\"/dev/fb1\", 0, 0);\n\n\tcon2fb.console = 0x19;\n\tcon2fb.framebuffer = 0;\n\tioctl(fd, FBIOPUT_CON2FBMAP, &con2fb);\n\n\tparam.type = 2;\n\tparam.ts.xs = 0; param.ts.ys = 0;\n\tparam.ts.xe = 0; param.ts.ye = 0;\n\tparam.ts.sel_mode = 0;\n\n\tint fd1 = open(\"/dev/tty1\", O_RDWR, 0);\n\tioctl(fd1, TIOCLINUX, ¶m);\n\n\tcon2fb.console = 1;\n\tcon2fb.framebuffer = 0;\n\tioctl(fd, FBIOPUT_CON2FBMAP, &con2fb);\n\n\treturn 0;\n}\n\nAfter calling ioctl(fd1, TIOCLINUX, ¶m), the subsequent ioctl(fd, FBIOPUT_CON2FBMAP, &con2fb)\ncauses the kernel to follow a different execution path:\n\n set_con2fb_map\n -> con2fb_init_display\n -> fbcon_set_disp\n -> redraw_screen\n -> hide_cursor\n -> clear_selection\n -> highlight\n -> invert_screen\n -> do_update_region\n -> fbcon_putcs\n -> ops->putcs\n\nSince ops->putcs is a NULL pointer, this leads to a kernel panic.\nTo prevent this, we need to call set_blitting_type() within set_con2fb_map()\nto properly initialize ops->putcs." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5b97eebcce1b4f3f07a71f635d6aa3af96c236e7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8266ae6eafdcd5a3136592445ff4038bbc7ee80e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e5c2dba62996a3a6eeb34bd248b90fc69c5a6a1b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f7fb5dda555344529ce584ff7a28b109528d2f1b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50049.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50049.json new file mode 100644 index 00000000000..3d92a72346e --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50049.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2024-50049", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:17.687", + "lastModified": "2024-10-21T20:15:17.687", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointer before dereferencing se\n\n[WHAT & HOW]\nse is null checked previously in the same function, indicating\nit might be null; therefore, it must be checked when used again.\n\nThis fixes 1 FORWARD_NULL issue reported by Coverity." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/65b2d49e55fe13ae56da3a7685bdccadca31134a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/97a79933fb08a002ba9400d1a7a5df707ecdb896", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a9b4fd1946678fa0e069e442f3c5a7d3fa446fac", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c643ef59390e49f1dfab35e8ea65f5db5e527d64", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f4149eec960110ffd5bcb161075dd9f1d7773075", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ff599ef6970ee000fa5bc38d02fa5ff5f3fc7575", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50055.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50055.json new file mode 100644 index 00000000000..52689ad0588 --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50055.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-50055", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:17.770", + "lastModified": "2024-10-21T20:15:17.770", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: bus: Fix double free in driver API bus_register()\n\nFor bus_register(), any error which happens after kset_register() will\ncause that @priv are freed twice, fixed by setting @priv with NULL after\nthe first free." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/9ce15f68abedfae7ae0a35e95895aeddfd0f0c6a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bfa54a793ba77ef696755b66f3ac4ed00c7d1248", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d885c464c25018b81a6b58f5d548fc2e3ef87dd1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50056.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50056.json new file mode 100644 index 00000000000..c1d7689f1aa --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50056.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-50056", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:17.853", + "lastModified": "2024-10-21T20:15:17.853", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c\n\nFix potential dereferencing of ERR_PTR() in find_format_by_pix()\nand uvc_v4l2_enum_format().\n\nFix the following smatch errors:\n\ndrivers/usb/gadget/function/uvc_v4l2.c:124 find_format_by_pix()\nerror: 'fmtdesc' dereferencing possible ERR_PTR()\n\ndrivers/usb/gadget/function/uvc_v4l2.c:392 uvc_v4l2_enum_format()\nerror: 'fmtdesc' dereferencing possible ERR_PTR()\n\nAlso, fix similar issue in uvc_v4l2_try_format() for potential\ndereferencing of ERR_PTR()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/a7bb96b18864225a694e3887ac2733159489e4b0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cedeb36c3ff4acd0f3d09918dfd8ed1df05efdd6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50057.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50057.json new file mode 100644 index 00000000000..f24b1d29dfb --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50057.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-50057", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:17.933", + "lastModified": "2024-10-21T20:15:17.933", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tipd: Free IRQ only if it was requested before\n\nIn polling mode, if no IRQ was requested there is no need to free it.\nCall devm_free_irq() only if client->irq is set. This fixes the warning\ncaused by the tps6598x module removal:\n\nWARNING: CPU: 2 PID: 333 at kernel/irq/devres.c:144 devm_free_irq+0x80/0x8c\n...\n...\nCall trace:\n devm_free_irq+0x80/0x8c\n tps6598x_remove+0x28/0x88 [tps6598x]\n i2c_device_remove+0x2c/0x9c\n device_remove+0x4c/0x80\n device_release_driver_internal+0x1cc/0x228\n driver_detach+0x50/0x98\n bus_remove_driver+0x6c/0xbc\n driver_unregister+0x30/0x60\n i2c_del_driver+0x54/0x64\n tps6598x_i2c_driver_exit+0x18/0xc3c [tps6598x]\n __arm64_sys_delete_module+0x184/0x264\n invoke_syscall+0x48/0x110\n el0_svc_common.constprop.0+0xc8/0xe8\n do_el0_svc+0x20/0x2c\n el0_svc+0x28/0x98\n el0t_64_sync_handler+0x13c/0x158\n el0t_64_sync+0x190/0x194" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4d4b23c119542fbaed2a16794d3801cb4806ea02", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b72bf5cade51ba4055c8a8998d275e72e6b521ce", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/db63d9868f7f310de44ba7bea584e2454f8b4ed0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50058.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50058.json new file mode 100644 index 00000000000..6ec3c868ada --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50058.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-50058", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:17.993", + "lastModified": "2024-10-21T20:15:17.993", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: protect uart_port_dtr_rts() in uart_shutdown() too\n\nCommit af224ca2df29 (serial: core: Prevent unsafe uart port access, part\n3) added few uport == NULL checks. It added one to uart_shutdown(), so\nthe commit assumes, uport can be NULL in there. But right after that\nprotection, there is an unprotected \"uart_port_dtr_rts(uport, false);\"\ncall. That is invoked only if HUPCL is set, so I assume that is the\nreason why we do not see lots of these reports.\n\nOr it cannot be NULL at this point at all for some reason :P.\n\nUntil the above is investigated, stay on the safe side and move this\ndereference to the if too.\n\nI got this inconsistency from Coverity under CID 1585130. Thanks." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/602babaa84d627923713acaf5f7e9a4369e77473", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/76ed24a34223bb2c6b6162e1d8389ec4e602a290", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e418d91195d29d5f9c9685ff309b92b04b41dc40", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50059.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50059.json new file mode 100644 index 00000000000..7a40e22b903 --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50059.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2024-50059", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:18.057", + "lastModified": "2024-10-21T20:15:18.057", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition\n\nIn the switchtec_ntb_add function, it can call switchtec_ntb_init_sndev\nfunction, then &sndev->check_link_status_work is bound with\ncheck_link_status_work. switchtec_ntb_link_notification may be called\nto start the work.\n\nIf we remove the module which will call switchtec_ntb_remove to make\ncleanup, it will free sndev through kfree(sndev), while the work\nmentioned above will be used. The sequence of operations that may lead\nto a UAF bug is as follows:\n\nCPU0 CPU1\n\n | check_link_status_work\nswitchtec_ntb_remove |\nkfree(sndev); |\n | if (sndev->link_force_down)\n | // use sndev\n\nFix it by ensuring that the work is canceled before proceeding with\nthe cleanup in switchtec_ntb_remove." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/177925d9c8715a897bb79eca62628862213ba956", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3ae45be8492460a35b5aebf6acac1f1d32708946", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/92728fceefdaa2a0a3aae675f86193b006eeaa43", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b650189687822b705711f0567a65a164a314d8df", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e51aded92d42784313ba16c12f4f88cc4f973bbb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fa840ba4bd9f3bad7f104e5b32028ee73af8b3dd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50060.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50060.json new file mode 100644 index 00000000000..243d985273c --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50060.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-50060", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:18.117", + "lastModified": "2024-10-21T20:15:18.117", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: check if we need to reschedule during overflow flush\n\nIn terms of normal application usage, this list will always be empty.\nAnd if an application does overflow a bit, it'll have a few entries.\nHowever, nothing obviously prevents syzbot from running a test case\nthat generates a ton of overflow entries, and then flushing them can\ntake quite a while.\n\nCheck for needing to reschedule while flushing, and drop our locks and\ndo so if necessary. There's no state to maintain here as overflows\nalways prune from head-of-list, hence it's fine to drop and reacquire\nthe locks at the end of the loop." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/a2493904e95ce94bbec819d8f7f03b99976eb25c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c2eadeafce2d385b3f6d26a7f31fee5aba2bbbb0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eac2ca2d682f94f46b1973bdf5e77d85d77b8e53", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f4ce3b5d26ce149e77e6b8e8f2058aa80e5b034e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50061.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50061.json new file mode 100644 index 00000000000..69eeb810e89 --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50061.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-50061", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:18.210", + "lastModified": "2024-10-21T20:15:18.210", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition\n\nIn the cdns_i3c_master_probe function, &master->hj_work is bound with\ncdns_i3c_master_hj. And cdns_i3c_master_interrupt can call\ncnds_i3c_master_demux_ibis function to start the work.\n\nIf we remove the module which will call cdns_i3c_master_remove to\nmake cleanup, it will free master->base through i3c_master_unregister\nwhile the work mentioned above will be used. The sequence of operations\nthat may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | cdns_i3c_master_hj\ncdns_i3c_master_remove |\ni3c_master_unregister(&master->base) |\ndevice_unregister(&master->dev) |\ndevice_release |\n//free master->base |\n | i3c_master_do_daa(&master->base)\n | //use master->base\n\nFix it by ensuring that the work is canceled before proceeding with\nthe cleanup in cdns_i3c_master_remove." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/609366e7a06d035990df78f1562291c3bf0d4a12", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/687016d6a1efbfacdd2af913e2108de6b75a28d5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ea0256e393e0072e8c80fd941547807f0c28108b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50062.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50062.json new file mode 100644 index 00000000000..35b1c2d8b05 --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50062.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-50062", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:18.280", + "lastModified": "2024-10-21T20:15:18.280", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rtrs-srv: Avoid null pointer deref during path establishment\n\nFor RTRS path establishment, RTRS client initiates and completes con_num\nof connections. After establishing all its connections, the information\nis exchanged between the client and server through the info_req message.\nDuring this exchange, it is essential that all connections have been\nestablished, and the state of the RTRS srv path is CONNECTED.\n\nSo add these sanity checks, to make sure we detect and abort process in\nerror scenarios to avoid null pointer deref." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/394b2f4d5e014820455af3eb5859eb328eaafcfd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b5d4076664465487a9a3d226756995b12fb73d71", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b720792d7e8515bc695752e0ed5884e2ea34d12a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ccb8e44ae3e2391235f80ffc6be59bec6b889ead", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d0e62bf7b575fbfe591f6f570e7595dd60a2f5eb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50063.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50063.json new file mode 100644 index 00000000000..a7c47dd7cf7 --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50063.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-50063", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:18.360", + "lastModified": "2024-10-21T20:15:18.360", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Prevent tail call between progs attached to different hooks\n\nbpf progs can be attached to kernel functions, and the attached functions\ncan take different parameters or return different return values. If\nprog attached to one kernel function tail calls prog attached to another\nkernel function, the ctx access or return value verification could be\nbypassed.\n\nFor example, if prog1 is attached to func1 which takes only 1 parameter\nand prog2 is attached to func2 which takes two parameters. Since verifier\nassumes the bpf ctx passed to prog2 is constructed based on func2's\nprototype, verifier allows prog2 to access the second parameter from\nthe bpf ctx passed to it. The problem is that verifier does not prevent\nprog1 from passing its bpf ctx to prog2 via tail call. In this case,\nthe bpf ctx passed to prog2 is constructed from func1 instead of func2,\nthat is, the assumption for ctx access verification is bypassed.\n\nAnother example, if BPF LSM prog1 is attached to hook file_alloc_security,\nand BPF LSM prog2 is attached to hook bpf_lsm_audit_rule_known. Verifier\nknows the return value rules for these two hooks, e.g. it is legal for\nbpf_lsm_audit_rule_known to return positive number 1, and it is illegal\nfor file_alloc_security to return positive number. So verifier allows\nprog2 to return positive number 1, but does not allow prog1 to return\npositive number. The problem is that verifier does not prevent prog1\nfrom calling prog2 via tail call. In this case, prog2's return value 1\nwill be used as the return value for prog1's hook file_alloc_security.\nThat is, the return value rule is bypassed.\n\nThis patch adds restriction for tail call to prevent such bypasses." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/28ead3eaabc16ecc907cfb71876da028080f6356", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5d5e3b4cbe8ee16b7bf96fd73a421c92a9da3ca1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/88c2a10e6c176c2860cd0659f4c0e9d20b3f64d1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50064.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50064.json new file mode 100644 index 00000000000..d7e551524ce --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50064.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-50064", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:18.440", + "lastModified": "2024-10-21T20:15:18.440", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nzram: free secondary algorithms names\n\nWe need to kfree() secondary algorithms names when reset zram device that\nhad multi-streams, otherwise we leak memory.\n\n[senozhatsky@chromium.org: kfree(NULL) is legal]\n Link: https://lkml.kernel.org/r/20240917013021.868769-1-senozhatsky@chromium.org" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/6272936fd242ca1f784c3e21596dfb3859dff276", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/684826f8271ad97580b138b9ffd462005e470b99", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ef35cc0d15b89dd013e1bb829fe97db7b1ab79eb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50065.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50065.json new file mode 100644 index 00000000000..577c7662859 --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50065.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-50065", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-10-21T20:15:18.520", + "lastModified": "2024-10-21T20:15:18.520", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs3: Change to non-blocking allocation in ntfs_d_hash\n\nd_hash is done while under \"rcu-walk\" and should not sleep.\n__get_name() allocates using GFP_KERNEL, having the possibility\nto sleep when under memory pressure. Change the allocation to\nGFP_NOWAIT." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/589996bf8c459deb5bbc9747d8f1c51658608103", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c556e72cea2a1131ae418be017dd6fc76fffe2fb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d0c710372e238510db08ea01e7b8bd81ed995dd6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8625.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8625.json index 820e936c8e8..1a787af4eca 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8625.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8625.json @@ -2,7 +2,7 @@ "id": "CVE-2024-8625", "sourceIdentifier": "contact@wpscan.com", "published": "2024-10-21T06:15:02.207", - "lastModified": "2024-10-21T17:09:45.417", + "lastModified": "2024-10-21T20:35:22.930", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "El complemento TS Poll de WordPress anterior a la versi\u00f3n 2.4.0 no desinfecta ni escapa un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL, lo que permite a los administradores realizar ataques de inyecci\u00f3n SQL" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, "references": [ { "url": "https://wpscan.com/vulnerability/ab4d7065-4ea2-4233-9593-0f540f91f45e/", diff --git a/README.md b/README.md index 8ad086f42dc..ae03c56f4dc 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-10-21T20:00:28.273033+00:00 +2024-10-21T22:00:29.106281+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-10-21T19:50:08.363000+00:00 +2024-10-21T21:36:10.470000+00:00 ``` ### Last Data Feed Release @@ -33,69 +33,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -266521 +266682 ``` ### CVEs added in the last Commit Recently added CVEs: `161` -- [CVE-2024-49994](CVE-2024/CVE-2024-499xx/CVE-2024-49994.json) (`2024-10-21T18:15:19.557`) -- [CVE-2024-49995](CVE-2024/CVE-2024-499xx/CVE-2024-49995.json) (`2024-10-21T18:15:19.660`) -- [CVE-2024-49996](CVE-2024/CVE-2024-499xx/CVE-2024-49996.json) (`2024-10-21T18:15:19.760`) -- [CVE-2024-49997](CVE-2024/CVE-2024-499xx/CVE-2024-49997.json) (`2024-10-21T18:15:19.837`) -- [CVE-2024-49998](CVE-2024/CVE-2024-499xx/CVE-2024-49998.json) (`2024-10-21T18:15:19.907`) -- [CVE-2024-49999](CVE-2024/CVE-2024-499xx/CVE-2024-49999.json) (`2024-10-21T18:15:19.973`) -- [CVE-2024-50000](CVE-2024/CVE-2024-500xx/CVE-2024-50000.json) (`2024-10-21T18:15:20.063`) -- [CVE-2024-50001](CVE-2024/CVE-2024-500xx/CVE-2024-50001.json) (`2024-10-21T18:15:20.130`) -- [CVE-2024-50002](CVE-2024/CVE-2024-500xx/CVE-2024-50002.json) (`2024-10-21T18:15:20.200`) -- [CVE-2024-50003](CVE-2024/CVE-2024-500xx/CVE-2024-50003.json) (`2024-10-21T19:15:04.020`) -- [CVE-2024-50004](CVE-2024/CVE-2024-500xx/CVE-2024-50004.json) (`2024-10-21T19:15:04.083`) -- [CVE-2024-50005](CVE-2024/CVE-2024-500xx/CVE-2024-50005.json) (`2024-10-21T19:15:04.143`) -- [CVE-2024-50006](CVE-2024/CVE-2024-500xx/CVE-2024-50006.json) (`2024-10-21T19:15:04.223`) -- [CVE-2024-50007](CVE-2024/CVE-2024-500xx/CVE-2024-50007.json) (`2024-10-21T19:15:04.300`) -- [CVE-2024-50008](CVE-2024/CVE-2024-500xx/CVE-2024-50008.json) (`2024-10-21T19:15:04.367`) -- [CVE-2024-50009](CVE-2024/CVE-2024-500xx/CVE-2024-50009.json) (`2024-10-21T19:15:04.437`) -- [CVE-2024-50010](CVE-2024/CVE-2024-500xx/CVE-2024-50010.json) (`2024-10-21T19:15:04.523`) -- [CVE-2024-50011](CVE-2024/CVE-2024-500xx/CVE-2024-50011.json) (`2024-10-21T19:15:04.613`) -- [CVE-2024-50012](CVE-2024/CVE-2024-500xx/CVE-2024-50012.json) (`2024-10-21T19:15:04.683`) -- [CVE-2024-50013](CVE-2024/CVE-2024-500xx/CVE-2024-50013.json) (`2024-10-21T19:15:04.767`) -- [CVE-2024-50014](CVE-2024/CVE-2024-500xx/CVE-2024-50014.json) (`2024-10-21T19:15:04.830`) -- [CVE-2024-50015](CVE-2024/CVE-2024-500xx/CVE-2024-50015.json) (`2024-10-21T19:15:04.890`) -- [CVE-2024-50016](CVE-2024/CVE-2024-500xx/CVE-2024-50016.json) (`2024-10-21T19:15:04.970`) -- [CVE-2024-50017](CVE-2024/CVE-2024-500xx/CVE-2024-50017.json) (`2024-10-21T19:15:05.043`) -- [CVE-2024-50018](CVE-2024/CVE-2024-500xx/CVE-2024-50018.json) (`2024-10-21T19:15:05.123`) +- [CVE-2024-50036](CVE-2024/CVE-2024-500xx/CVE-2024-50036.json) (`2024-10-21T20:15:16.717`) +- [CVE-2024-50037](CVE-2024/CVE-2024-500xx/CVE-2024-50037.json) (`2024-10-21T20:15:16.790`) +- [CVE-2024-50038](CVE-2024/CVE-2024-500xx/CVE-2024-50038.json) (`2024-10-21T20:15:16.877`) +- [CVE-2024-50039](CVE-2024/CVE-2024-500xx/CVE-2024-50039.json) (`2024-10-21T20:15:16.957`) +- [CVE-2024-50040](CVE-2024/CVE-2024-500xx/CVE-2024-50040.json) (`2024-10-21T20:15:17.050`) +- [CVE-2024-50041](CVE-2024/CVE-2024-500xx/CVE-2024-50041.json) (`2024-10-21T20:15:17.133`) +- [CVE-2024-50042](CVE-2024/CVE-2024-500xx/CVE-2024-50042.json) (`2024-10-21T20:15:17.200`) +- [CVE-2024-50043](CVE-2024/CVE-2024-500xx/CVE-2024-50043.json) (`2024-10-21T20:15:17.263`) +- [CVE-2024-50044](CVE-2024/CVE-2024-500xx/CVE-2024-50044.json) (`2024-10-21T20:15:17.313`) +- [CVE-2024-50045](CVE-2024/CVE-2024-500xx/CVE-2024-50045.json) (`2024-10-21T20:15:17.373`) +- [CVE-2024-50046](CVE-2024/CVE-2024-500xx/CVE-2024-50046.json) (`2024-10-21T20:15:17.437`) +- [CVE-2024-50047](CVE-2024/CVE-2024-500xx/CVE-2024-50047.json) (`2024-10-21T20:15:17.507`) +- [CVE-2024-50048](CVE-2024/CVE-2024-500xx/CVE-2024-50048.json) (`2024-10-21T20:15:17.580`) +- [CVE-2024-50049](CVE-2024/CVE-2024-500xx/CVE-2024-50049.json) (`2024-10-21T20:15:17.687`) +- [CVE-2024-50055](CVE-2024/CVE-2024-500xx/CVE-2024-50055.json) (`2024-10-21T20:15:17.770`) +- [CVE-2024-50056](CVE-2024/CVE-2024-500xx/CVE-2024-50056.json) (`2024-10-21T20:15:17.853`) +- [CVE-2024-50057](CVE-2024/CVE-2024-500xx/CVE-2024-50057.json) (`2024-10-21T20:15:17.933`) +- [CVE-2024-50058](CVE-2024/CVE-2024-500xx/CVE-2024-50058.json) (`2024-10-21T20:15:17.993`) +- [CVE-2024-50059](CVE-2024/CVE-2024-500xx/CVE-2024-50059.json) (`2024-10-21T20:15:18.057`) +- [CVE-2024-50060](CVE-2024/CVE-2024-500xx/CVE-2024-50060.json) (`2024-10-21T20:15:18.117`) +- [CVE-2024-50061](CVE-2024/CVE-2024-500xx/CVE-2024-50061.json) (`2024-10-21T20:15:18.210`) +- [CVE-2024-50062](CVE-2024/CVE-2024-500xx/CVE-2024-50062.json) (`2024-10-21T20:15:18.280`) +- [CVE-2024-50063](CVE-2024/CVE-2024-500xx/CVE-2024-50063.json) (`2024-10-21T20:15:18.360`) +- [CVE-2024-50064](CVE-2024/CVE-2024-500xx/CVE-2024-50064.json) (`2024-10-21T20:15:18.440`) +- [CVE-2024-50065](CVE-2024/CVE-2024-500xx/CVE-2024-50065.json) (`2024-10-21T20:15:18.520`) ### CVEs modified in the last Commit -Recently modified CVEs: `33` - -- [CVE-2023-4045](CVE-2023/CVE-2023-40xx/CVE-2023-4045.json) (`2024-10-21T19:24:02.230`) -- [CVE-2023-4046](CVE-2023/CVE-2023-40xx/CVE-2023-4046.json) (`2024-10-21T19:24:02.230`) -- [CVE-2023-4047](CVE-2023/CVE-2023-40xx/CVE-2023-4047.json) (`2024-10-21T19:24:02.230`) -- [CVE-2023-4048](CVE-2023/CVE-2023-40xx/CVE-2023-4048.json) (`2024-10-21T19:24:02.230`) -- [CVE-2023-4049](CVE-2023/CVE-2023-40xx/CVE-2023-4049.json) (`2024-10-21T19:24:02.230`) -- [CVE-2023-4050](CVE-2023/CVE-2023-40xx/CVE-2023-4050.json) (`2024-10-21T19:24:02.230`) -- [CVE-2023-4054](CVE-2023/CVE-2023-40xx/CVE-2023-4054.json) (`2024-10-21T19:24:02.230`) -- [CVE-2023-4055](CVE-2023/CVE-2023-40xx/CVE-2023-4055.json) (`2024-10-21T19:24:02.230`) -- [CVE-2023-4056](CVE-2023/CVE-2023-40xx/CVE-2023-4056.json) (`2024-10-21T19:24:02.230`) -- [CVE-2023-6152](CVE-2023/CVE-2023-61xx/CVE-2023-6152.json) (`2024-10-21T18:35:59.507`) -- [CVE-2024-21251](CVE-2024/CVE-2024-212xx/CVE-2024-21251.json) (`2024-10-21T18:00:45.143`) -- [CVE-2024-21261](CVE-2024/CVE-2024-212xx/CVE-2024-21261.json) (`2024-10-21T18:27:17.307`) -- [CVE-2024-22042](CVE-2024/CVE-2024-220xx/CVE-2024-22042.json) (`2024-10-21T19:50:08.363`) -- [CVE-2024-29213](CVE-2024/CVE-2024-292xx/CVE-2024-29213.json) (`2024-10-21T18:35:11.263`) -- [CVE-2024-29821](CVE-2024/CVE-2024-298xx/CVE-2024-29821.json) (`2024-10-21T18:35:11.957`) -- [CVE-2024-38814](CVE-2024/CVE-2024-388xx/CVE-2024-38814.json) (`2024-10-21T18:20:53.267`) -- [CVE-2024-43485](CVE-2024/CVE-2024-434xx/CVE-2024-43485.json) (`2024-10-21T18:01:28.623`) -- [CVE-2024-45271](CVE-2024/CVE-2024-452xx/CVE-2024-45271.json) (`2024-10-21T19:21:58.680`) -- [CVE-2024-45944](CVE-2024/CVE-2024-459xx/CVE-2024-45944.json) (`2024-10-21T18:35:12.750`) -- [CVE-2024-46237](CVE-2024/CVE-2024-462xx/CVE-2024-46237.json) (`2024-10-21T19:15:03.277`) -- [CVE-2024-47674](CVE-2024/CVE-2024-476xx/CVE-2024-47674.json) (`2024-10-21T18:15:05.993`) -- [CVE-2024-47945](CVE-2024/CVE-2024-479xx/CVE-2024-47945.json) (`2024-10-21T19:41:10.407`) -- [CVE-2024-48231](CVE-2024/CVE-2024-482xx/CVE-2024-48231.json) (`2024-10-21T19:35:06.217`) -- [CVE-2024-7993](CVE-2024/CVE-2024-79xx/CVE-2024-7993.json) (`2024-10-21T18:27:01.950`) -- [CVE-2024-7994](CVE-2024/CVE-2024-79xx/CVE-2024-7994.json) (`2024-10-21T18:35:55.397`) +Recently modified CVEs: `31` + +- [CVE-2024-10057](CVE-2024/CVE-2024-100xx/CVE-2024-10057.json) (`2024-10-21T20:53:22.813`) +- [CVE-2024-10099](CVE-2024/CVE-2024-100xx/CVE-2024-10099.json) (`2024-10-21T21:03:53.647`) +- [CVE-2024-10161](CVE-2024/CVE-2024-101xx/CVE-2024-10161.json) (`2024-10-21T21:35:33.377`) +- [CVE-2024-10162](CVE-2024/CVE-2024-101xx/CVE-2024-10162.json) (`2024-10-21T21:36:10.470`) +- [CVE-2024-10165](CVE-2024/CVE-2024-101xx/CVE-2024-10165.json) (`2024-10-21T21:35:06.987`) +- [CVE-2024-10166](CVE-2024/CVE-2024-101xx/CVE-2024-10166.json) (`2024-10-21T21:34:52.430`) +- [CVE-2024-10167](CVE-2024/CVE-2024-101xx/CVE-2024-10167.json) (`2024-10-21T21:34:25.810`) +- [CVE-2024-10170](CVE-2024/CVE-2024-101xx/CVE-2024-10170.json) (`2024-10-21T21:33:49.663`) +- [CVE-2024-10171](CVE-2024/CVE-2024-101xx/CVE-2024-10171.json) (`2024-10-21T21:33:26.937`) +- [CVE-2024-1485](CVE-2024/CVE-2024-14xx/CVE-2024-1485.json) (`2024-10-21T20:13:56.083`) +- [CVE-2024-24814](CVE-2024/CVE-2024-248xx/CVE-2024-24814.json) (`2024-10-21T20:02:16.720`) +- [CVE-2024-25125](CVE-2024/CVE-2024-251xx/CVE-2024-25125.json) (`2024-10-21T20:09:54.923`) +- [CVE-2024-25718](CVE-2024/CVE-2024-257xx/CVE-2024-25718.json) (`2024-10-21T20:29:00.463`) +- [CVE-2024-33898](CVE-2024/CVE-2024-338xx/CVE-2024-33898.json) (`2024-10-21T20:15:14.470`) +- [CVE-2024-43456](CVE-2024/CVE-2024-434xx/CVE-2024-43456.json) (`2024-10-21T21:28:15.323`) +- [CVE-2024-43488](CVE-2024/CVE-2024-434xx/CVE-2024-43488.json) (`2024-10-21T21:05:53.340`) +- [CVE-2024-43504](CVE-2024/CVE-2024-435xx/CVE-2024-43504.json) (`2024-10-21T21:26:41.257`) +- [CVE-2024-43612](CVE-2024/CVE-2024-436xx/CVE-2024-43612.json) (`2024-10-21T20:48:02.050`) +- [CVE-2024-43614](CVE-2024/CVE-2024-436xx/CVE-2024-43614.json) (`2024-10-21T20:50:38.370`) +- [CVE-2024-43615](CVE-2024/CVE-2024-436xx/CVE-2024-43615.json) (`2024-10-21T21:00:34.967`) +- [CVE-2024-43616](CVE-2024/CVE-2024-436xx/CVE-2024-43616.json) (`2024-10-21T20:47:00.313`) +- [CVE-2024-46238](CVE-2024/CVE-2024-462xx/CVE-2024-46238.json) (`2024-10-21T21:35:03.580`) +- [CVE-2024-46239](CVE-2024/CVE-2024-462xx/CVE-2024-46239.json) (`2024-10-21T21:35:04.510`) +- [CVE-2024-47793](CVE-2024/CVE-2024-477xx/CVE-2024-47793.json) (`2024-10-21T21:25:36.697`) +- [CVE-2024-8625](CVE-2024/CVE-2024-86xx/CVE-2024-8625.json) (`2024-10-21T20:35:22.930`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 4094699b949..a6cf7e41500 100644 --- a/_state.csv +++ b/_state.csv @@ -138386,7 +138386,7 @@ CVE-2019-25149,0,0,02c1258bc1bd3972bf0128b31a4d325f5728feca4e2b9192efd0f5eec8136 CVE-2019-25150,0,0,f9c7e54b0a7f8ba5b7233ff941d616a90b39234519b4346d8eb4dd796fd23563,2023-11-07T03:09:22.247000 CVE-2019-25151,0,0,49c260ee0d773070ead33bf6bb6bec708922854a3cd5103e7a460e1d7da6991d,2023-11-07T03:09:22.350000 CVE-2019-25152,0,0,fe5a843d51f9080892aeacfcb3f1b7de95b804b6e56991419e1363b8cbced396,2023-11-07T03:09:22.440000 -CVE-2019-25154,0,0,ef28f3eebd3b042316efc8c9f2c5bddf978e38e570e4d830fad2010209ad7b1c,2024-07-17T13:34:20.520000 +CVE-2019-25154,0,1,dd7151755d2fe11ecf8544883885c70d80800409a6727c981072ea8d337a55ff,2024-10-21T21:16:21.877000 CVE-2019-25155,0,0,0ff1cb9cbb31879acf1ab3e9e7cc3ce8de0ba649d30695569825d0cc2763ccd4,2023-11-14T18:49:01.977000 CVE-2019-25156,0,0,da3182ebff111a4d7515de84621f6ad4713c55ee5ecc4ed670a4bb2d4bab1e8c,2024-05-17T01:36:43.510000 CVE-2019-25157,0,0,0be7a033b7ecc07d402c3f7d60b74ac2b13b8a98f1369c9397e460c26933a207,2024-05-17T01:36:43.627000 @@ -212554,15 +212554,103 @@ CVE-2022-48942,0,0,2cf46354691478839d2223efa2eaa869b06a9729fd72ecdcbb1c9e9660f0a CVE-2022-48943,0,0,a7018e1dbe7c5677e235ba4ed082a73fce76282052204bd38ca850f621dffe72,2024-08-22T18:27:42.807000 CVE-2022-48944,0,0,78b35f4e96175b0acbd7eb76c8fc345abc146c0623b459d55b4bfe903afbd190,2024-09-03T14:26:56.393000 CVE-2022-48945,0,0,04e7494c867d2745065a695f3c050464fcd7db6e245bb13442273deff488e24a,2024-09-26T13:32:55.343000 +CVE-2022-48946,1,1,aa3240ffc10453865bde88d3264235517f9c57a3c1f0aa29fe21b0f513b35516,2024-10-21T20:15:06.020000 +CVE-2022-48947,1,1,b2df6088df0ddb6c9933c1f4f27862b615d0afe71cc5c6e107d751885517630e,2024-10-21T20:15:06.150000 +CVE-2022-48948,1,1,5ebceb86567fdd0bd7f86b4c4854a82d67ac53ff9b695ef78422bf9710153201,2024-10-21T20:15:06.230000 +CVE-2022-48949,1,1,e1c131babe1d75d09fa509245a1326df8509b156d8ce70cbe6c25b17d84ad118,2024-10-21T20:15:06.337000 CVE-2022-4895,0,0,0efd54174b680d04b5646c623fd6b294801b419a72088921312b45e7bb6c068f,2023-11-07T03:59:15.667000 +CVE-2022-48950,1,1,7f65c93ae6e2667d8c70ffa25c6da7c7a6835a9211ae83ed272ecfe03e6fcc53,2024-10-21T20:15:06.440000 +CVE-2022-48951,1,1,07972e0fa011b3a75cef42ad728f9fac8d63bc8ed8951ffc13c0d81b02b2ebd1,2024-10-21T20:15:06.530000 +CVE-2022-48952,1,1,d60627f41827a76ee28383172717e973078d706904c183fc221b0659f9d69122,2024-10-21T20:15:06.617000 +CVE-2022-48953,1,1,0eeb6ca2c8c22c2ef15a36d47679819444dc92fb589182d1531c5b3e73306209,2024-10-21T20:15:06.700000 +CVE-2022-48954,1,1,2c81cb910ecf9a13f78686fb3037fd1f4ab06cf0a39ba7bf2abe181ad671a1f9,2024-10-21T20:15:06.783000 +CVE-2022-48955,1,1,4c96b0f0132e1edbf7a699739f250807c17583db7b92f12f2179cf255216284d,2024-10-21T20:15:06.870000 +CVE-2022-48956,1,1,71caf01dd368b3a3d52bc4a615bfcefd528f5c7fd09d55997a260dd4583e0aa8,2024-10-21T20:15:06.973000 +CVE-2022-48957,1,1,51c40a0750e3d021d7e8531decce58a7d6df77178e8427015398ba5372bd825c,2024-10-21T20:15:07.090000 +CVE-2022-48958,1,1,b4ef58e208fec54f976a34bbd87143fef4f7fb6fbfd082575a32464e35015ddf,2024-10-21T20:15:07.270000 +CVE-2022-48959,1,1,34e704c95a17174d5727d8943e70c7fa90ce455efe8a21e8809bddd9e0f47ec6,2024-10-21T20:15:07.460000 CVE-2022-4896,0,0,04cb60ab8732a1bfba8bf7d8a4df08b8371cdecc380fd455d1b928e8213822e1,2023-09-15T15:18:10.843000 +CVE-2022-48960,1,1,6274a590c0d138d7075bf9ba1efdc2f845820da424a897c6f99837b00235118d,2024-10-21T20:15:07.663000 +CVE-2022-48961,1,1,03260afda2c34dc47fdb4d6f4839240b9967194257201f021980ea4d5dd3b4e3,2024-10-21T20:15:07.887000 +CVE-2022-48962,1,1,22acedf5e3e67e1fa8580544bc1b82fcd2b7fc29a79ea84451e63a16f68c8620,2024-10-21T20:15:08.117000 +CVE-2022-48963,1,1,c8eeadf93bdd070d0065a40f2e3e220cff1da16e4383a3f286d11dc41c3e0a4c,2024-10-21T20:15:08.273000 +CVE-2022-48964,1,1,adc4d4f17b8fffbd9b347b72d8a1ad3b103339879396db1ef7dc67fa4bdd08af,2024-10-21T20:15:08.377000 +CVE-2022-48965,1,1,bbde06ed95d08d260d1952ed5963fb686beb7d77a4bbb1ba94e25cbdd8610af0,2024-10-21T20:15:08.470000 +CVE-2022-48966,1,1,67828554db3a81726e39e44562e02b83c98e18661e0de9e7e1aae2dd7e74bba3,2024-10-21T20:15:08.573000 +CVE-2022-48967,1,1,9d77249ea48f18a9590613a35a92250cd70d4c4e5bf49f59966517ae36bae4f6,2024-10-21T20:15:08.757000 +CVE-2022-48968,1,1,ae0f1f7668be4906c1d39f98d8aa1bdb7010ac2f0f322066018f8399313d3a37,2024-10-21T20:15:08.897000 +CVE-2022-48969,1,1,72ecf3b0be7f7bb0f608a21f949c7d395a0d7b77e88e90e24be8855c64f8c315,2024-10-21T20:15:09.037000 CVE-2022-4897,0,0,0a243664793293bb535173693d8b2bb850e8caf27eb71e5f98003bf4c293392a,2023-11-07T03:59:15.853000 +CVE-2022-48970,1,1,215f9044f583e8313335b6a323d0416030d0f99207de8c08c813efbcd66849fb,2024-10-21T20:15:09.177000 +CVE-2022-48971,1,1,ad6ce752df2de2dfa7bbb6e27239c1f5d53b28094d2a57dd8da2a5cabd4d71ba,2024-10-21T20:15:09.260000 +CVE-2022-48972,1,1,6e0bf18b7030f636281a3b0b20acb8bb2a825fa43cbf178e8cfd4c2999b63d3d,2024-10-21T20:15:09.343000 +CVE-2022-48973,1,1,f016f25c6406121bf53aaf15fa8935b7a01bdcafca920f222553048728f40927,2024-10-21T20:15:09.430000 +CVE-2022-48974,1,1,d651e7b66cf9cd5678f845c51dbbc422a41ddbe6aea34be99bc80723739073a5,2024-10-21T20:15:09.517000 +CVE-2022-48975,1,1,00f651a26432eb0e308c80a64ef6a46c0362fc478008e2234f32b5abec4b4b52,2024-10-21T20:15:09.597000 +CVE-2022-48976,1,1,548606305b6a7d3f20c1ac5ad67980594eaf044857e59ab045886f8d61e42939,2024-10-21T20:15:09.680000 +CVE-2022-48977,1,1,db0e52d43683d2c5f5be64e8cac205cd197ee05d0189e86c0d25204b70375aab,2024-10-21T20:15:09.763000 +CVE-2022-48978,1,1,a9a9b8195fcf276aca4dc4683ff93cd6f3f6c0bc8b568e4cf5674d7452e6eee5,2024-10-21T20:15:09.850000 +CVE-2022-48979,1,1,60a5139f43cfc96e1b0c3ff48eea1940514948c2b3e5ab192b0b6f9e88db2643,2024-10-21T20:15:09.947000 CVE-2022-4898,0,0,45b8fe73140eae686f75256e6a033fa7f76a1c506314cc4b83a596aba96b02bc,2023-02-21T15:15:12.023000 +CVE-2022-48980,1,1,59522db8b0c28e71de30ce512df7d69c65ee8c2e564edb72e179460415315ba7,2024-10-21T20:15:10.037000 +CVE-2022-48981,1,1,222856c87b11d5bf5b6a9f7558b97ab8bd22eb0299634c9e0d0db269437fe3af,2024-10-21T20:15:10.130000 +CVE-2022-48982,1,1,9d714c445d725bf1249f6e06108444808312dd2028ae221aa177d9514251b1fb,2024-10-21T20:15:10.210000 +CVE-2022-48983,1,1,38493d36caa0a9eda3929568b02d57e6cd05358d5d4d3c17f72c723cb903c211,2024-10-21T20:15:10.283000 +CVE-2022-48984,1,1,090b7825de0e4f8bec85a2432218f52e0352eeb54aa6ec974d429d55592951f4,2024-10-21T20:15:10.360000 +CVE-2022-48985,1,1,896ab0ef7dc8e424e8bac6ec63ccfd441f1e6511634a26da9de22b74bbd35dea,2024-10-21T20:15:10.463000 +CVE-2022-48986,1,1,05cdfc273093bbe9f655f3ae21bdc25785dd466da3ffec7021a0e94662f81cf1,2024-10-21T20:15:10.527000 +CVE-2022-48987,1,1,17fadc0fde31281f5b0ec0487996f33590278d32e81b5902c6b59f92932b09e0,2024-10-21T20:15:10.617000 +CVE-2022-48988,1,1,c53c27fc655319903f72294de22f370ec3cb4122af430d49c9fc56e0abf54a82,2024-10-21T20:15:10.710000 +CVE-2022-48989,1,1,ea5c65d118b303fa52b0a68eaffb7f1c16d91364f907343582434290a73b55c2,2024-10-21T20:15:10.820000 CVE-2022-4899,0,0,64070b82b08d57aace9b84f3711bc30a23fda3b7a68f2b187d0af07aa5382f53,2023-11-07T03:59:16.090000 +CVE-2022-48990,1,1,3a2954ab94b1ae268f2103031717e5cd66b63293be0497957927430422796f1a,2024-10-21T20:15:10.910000 +CVE-2022-48991,1,1,4cac372f908915eff4a2f14085333fee8ccfc60c272553bbad63194353ac6319,2024-10-21T20:15:11 +CVE-2022-48992,1,1,a185c5433dadef8240cfcea6cc8a4a4a82a0c0cf2662f7641eaa26136556ce4b,2024-10-21T20:15:11.067000 +CVE-2022-48993,1,1,5aa3af78bd065f0af013cd1fb4d94533edc564b9a60328f12d905e342fdd3924,2024-10-21T20:15:11.163000 +CVE-2022-48994,1,1,ae9a0e662c2d06e42ad756bcc38ff1250f2e0fc04a2d3c1041611666ac57de19,2024-10-21T20:15:11.257000 +CVE-2022-48995,1,1,9a7f2caabe7819fcd012ff7905ee1d1a731ebbb61bf233df1fb3ad06dedf80c2,2024-10-21T20:15:11.343000 +CVE-2022-48996,1,1,e6ea1226a77c17a54021df252583a23884023a5a65c35af89fbcb61150e1c604,2024-10-21T20:15:11.423000 +CVE-2022-48997,1,1,566f7f45ad2b12c046c6b7b5e336b7a56f4e3b17b1a98602597e4e36af133960,2024-10-21T20:15:11.503000 +CVE-2022-48998,1,1,3f56e50493a4fc0c1ed2d46dee38d327b164a801ada4fb84049b53fa7c3d8e0e,2024-10-21T20:15:11.570000 +CVE-2022-48999,1,1,715d7094612ab017b5584db8e96878a849c354e2d641381c733e020487cd25ea,2024-10-21T20:15:11.630000 CVE-2022-4900,0,0,190b62a537516e288099ba80e5f84457dcb946e631ca8348b4310cc8613075c4,2023-11-30T22:15:07.600000 +CVE-2022-49000,1,1,c7e2bb7ac34b2e2691bbde0d352ecad4cac46a9956201cf96cb37ae9298eaa8f,2024-10-21T20:15:11.710000 +CVE-2022-49001,1,1,258a0d348b978547de150a3d968b66621c201ef7af35c2d75680d602f7c5b838,2024-10-21T20:15:11.773000 +CVE-2022-49002,1,1,99966d738cd628fcd32d9c794cde0f9974ebda5479f902c03bcd2305a300b233,2024-10-21T20:15:11.853000 +CVE-2022-49003,1,1,629cb3f7ba2d630a5ec5b2e1d4146852301fc351dc8c2a5215f05ce3713d5175,2024-10-21T20:15:11.920000 +CVE-2022-49004,1,1,715f68b72e7aed1bb16874ab89a28cac2e6cd08224f337444932981683da2c13,2024-10-21T20:15:11.990000 +CVE-2022-49005,1,1,1f8d33e585f01ff7993f18a5f5b1f823400f09efdcd7d8ad6162b482787c0d72,2024-10-21T20:15:12.040000 +CVE-2022-49006,1,1,9aca12a9bc3d65fd12ca97dbf39ebb44d927aa58184285662503e3a65d97830d,2024-10-21T20:15:12.103000 +CVE-2022-49007,1,1,10eb5e5a83e19937cfcde61bb20326bd97d506147312d7251a54027b65cdc3f0,2024-10-21T20:15:12.197000 +CVE-2022-49008,1,1,557511220ae3420ad9efe998620e64b23efd2f64750f9841871256eb75b61741,2024-10-21T20:15:12.290000 +CVE-2022-49009,1,1,65e9e1d8f0251cb2edb0f6c389d9e02504b3ef676baf18274eeb3e0649c643e8,2024-10-21T20:15:12.373000 CVE-2022-4901,0,0,b216b364f33ab0ef7a0c7606c08559e2c099c064cab5e2ac5756fa24252b7a04,2023-03-09T01:06:23.703000 +CVE-2022-49010,1,1,372058aac3867d3911cf0e39c74d65b34d6402a0cd746cca99e6bfb308c5be39,2024-10-21T20:15:12.433000 +CVE-2022-49011,1,1,0714b11089767b7b6250f54c0b05881d2c58922bd791d7caf2d279a921ceb26f,2024-10-21T20:15:12.500000 +CVE-2022-49012,1,1,927e20772f7137233709977820c95fa6c5f9774374b6593c4af052bd2da0daf3,2024-10-21T20:15:12.573000 +CVE-2022-49013,1,1,d5116e3d1066376f8cc1d44c2be9d6d75ba660c93fc08175f15d59968373a55e,2024-10-21T20:15:12.637000 +CVE-2022-49014,1,1,da4dd4f4962f407c9709eca58f50baa702de72649c1cb6612073b0b23dd31e4a,2024-10-21T20:15:12.707000 +CVE-2022-49015,1,1,f57a72c49bcc7608dba42a1a30687a812cc716457fb7400082f61903d7f11770,2024-10-21T20:15:12.787000 +CVE-2022-49016,1,1,4e8914b8448df4fc788dd297f7b8a125647fe887c82c6a918ad968440cd4b438,2024-10-21T20:15:12.840000 +CVE-2022-49017,1,1,9bb1ba565477d24454f36591810caa433546ea94175db689cd61dd0597947622,2024-10-21T20:15:12.910000 +CVE-2022-49018,1,1,546d30048d47d37606dc1afae8d502453270c6e5406c6f56643f4fc720905a1f,2024-10-21T20:15:12.973000 +CVE-2022-49019,1,1,c9c878f0928eef7054e2800c4f87809f3c05d735e61dadd6a3fa53292a6a22d6,2024-10-21T20:15:13.040000 CVE-2022-4902,0,0,287e358bd6e692608595d8f35e480fa1fc0a17dda86b7a57dcb446074ab1fd22,2024-05-17T02:17:02.280000 +CVE-2022-49020,1,1,71bffe8455376b3c225bed4a0b6dd305929ae889367a1d0debcf9830fdebb26e,2024-10-21T20:15:13.100000 +CVE-2022-49021,1,1,b42931adcfdf192b76216697664aacce6ef003a75e4ac4e0f06e9346e2fa8850,2024-10-21T20:15:13.163000 +CVE-2022-49022,1,1,edf85585b5cceb08ae98379790062102443426d437f1efe5635f073d7ee656d6,2024-10-21T20:15:13.233000 +CVE-2022-49023,1,1,e8f358c56afe7353f4e999ca863eeefd82f349e6ef44a380a58dd0bb8c578c0b,2024-10-21T20:15:13.290000 +CVE-2022-49024,1,1,54ce59942793fa8eb5252ddaff58bb0bab6fc0461e2b45c1cfeca355e0f09199,2024-10-21T20:15:13.367000 +CVE-2022-49025,1,1,125c2f9a1e6c3c60d73767bca9f3a9e109456445c61d57f42cb9b407c7190919,2024-10-21T20:15:13.427000 +CVE-2022-49026,1,1,a5d83fa98a30fb44d3de5f0bd4d743c76c73ee668ec2c313a5152932399ac336,2024-10-21T20:15:13.490000 +CVE-2022-49027,1,1,e02a5365a8b72dec2bd4bbbc8c3635867a424623c52cd9567ecea32bceb3939e,2024-10-21T20:15:13.563000 +CVE-2022-49028,1,1,2d9e5b2b740a4156545963d02d19af0c9f9a3d1791c79c6b993cfed6cb9cc867,2024-10-21T20:15:13.627000 +CVE-2022-49029,1,1,ea672fd2a64fce09693599d9ffa392fc05f3324b10a2615724679418f4fd9bdb,2024-10-21T20:15:13.690000 CVE-2022-4903,0,0,cf9430f75554b10fc3063c2d4e895e2575b24650a7af1dc91ee51937fe80926d,2024-05-17T02:17:02.397000 +CVE-2022-49030,1,1,becd3939ee4dea707ad88b9bb076bb0a811edef3fb92448f881ea9ef2128d089,2024-10-21T20:15:13.747000 +CVE-2022-49031,1,1,7540ae958cf90c3af2210fc685c26025a66de882a6a35325157dce5804520a2e,2024-10-21T20:15:13.807000 +CVE-2022-49032,1,1,8dc46e6d43a3b6bb370a7d07778b399d929a978e8e9374cb80b4fba730faed1c,2024-10-21T20:15:13.877000 +CVE-2022-49033,1,1,2363120e675f407538ca9191956b3d3c07e597125372a2204c4e3b04194f17ac,2024-10-21T20:15:13.943000 CVE-2022-49037,0,0,d1881b67cff6ffd1cd4a44c62a3eeff49dad87129228607de02747a08dc9d03b,2024-10-08T16:08:55.390000 CVE-2022-49038,0,0,26bf80583e02462755629eb75d32d3c2894b1263d5b99e87b4bfae13ac56c00a,2024-10-08T16:08:35.743000 CVE-2022-49039,0,0,3fa8a10f3d81d2265a7106534dc05a400de9995334e02e08b86692ec188f1511,2024-10-08T16:08:08.507000 @@ -215136,19 +215224,19 @@ CVE-2023-20833,0,0,0d4fbfbfcfca4b8d072b58089465cf19c7295168fffc28d5689dd850a4e87 CVE-2023-20834,0,0,dc16d76c142b5193ac17f5b75dcaa8b22795b017cd9742b79328932e1dab905f,2024-10-21T17:35:15.610000 CVE-2023-20835,0,0,faae3ca1fca36ceaf58420d62f93d6cbb39caed5d00af1e0556c749eac4e1f76,2024-10-21T17:35:16.473000 CVE-2023-20836,0,0,2f520cac45241c9826fab91b98c1ee8658d002bcc30c36c2d99b511a81023f38,2023-09-07T19:14:40.490000 -CVE-2023-20837,0,1,9ba27771330d130543c76494b32b57ca993168f3e95d9f9139665b85a21b0f44,2024-10-21T18:35:01.410000 +CVE-2023-20837,0,0,9ba27771330d130543c76494b32b57ca993168f3e95d9f9139665b85a21b0f44,2024-10-21T18:35:01.410000 CVE-2023-20838,0,0,e9b487898facb858564fc7672c4f07c3709a1ded5b0e18db3f85ec7e2cd61dd2,2023-09-07T14:41:14.693000 CVE-2023-20839,0,0,fb94bf34a328591800378bd0c4652dcddcae29b9430e4760ea09a13e33370008,2023-09-07T14:41:27.213000 CVE-2023-2084,0,0,37d16cf6ff7f82f38ea8c5d1a4fe50872ea96767264ceed1db54e5368b183c19,2023-11-07T04:11:54.810000 -CVE-2023-20840,0,1,4b3f15101e93d6308c02dcf2ffd92f3306637c4c6e77e4201c3b7c15aab3fec7,2024-10-21T18:35:04.043000 -CVE-2023-20841,0,1,2c5ca5dcb5af2b05d27ccbe5a949e335366a49c271735cadc2ee6f88ec40576e,2024-10-21T18:35:04.963000 -CVE-2023-20842,0,1,faa6ebc7dd504b8d21fe057ada26b3ab5b76eface0bfece427be8e1a5d6ea344,2024-10-21T18:35:05.873000 +CVE-2023-20840,0,0,4b3f15101e93d6308c02dcf2ffd92f3306637c4c6e77e4201c3b7c15aab3fec7,2024-10-21T18:35:04.043000 +CVE-2023-20841,0,0,2c5ca5dcb5af2b05d27ccbe5a949e335366a49c271735cadc2ee6f88ec40576e,2024-10-21T18:35:04.963000 +CVE-2023-20842,0,0,faa6ebc7dd504b8d21fe057ada26b3ab5b76eface0bfece427be8e1a5d6ea344,2024-10-21T18:35:05.873000 CVE-2023-20843,0,0,cb176ab1c9868be04ed63e783c56d617cf0b55fa5c22baa28a9682d9cb97c90f,2023-09-07T14:41:36.843000 CVE-2023-20844,0,0,d039f6079c769217f2fdc61ef7b074e74ed5836a59926d0f81b1112b2dc6c1f7,2023-09-07T14:41:45.870000 CVE-2023-20845,0,0,02fc9de8b79334f19e56f97c1e0d83a8ed285d0db1c41fa812625c5f136124e2,2023-09-07T14:41:57.077000 CVE-2023-20846,0,0,6cd059ec6b277b1d7eb18c1c547341c79d6b806c2d39572a914bec0a227f4e62,2023-09-07T14:42:09.063000 CVE-2023-20847,0,0,fca0d6701300e43b9ac492b44dba1f93abaea048fb485ddb4172af838081672a,2023-09-07T14:43:55.820000 -CVE-2023-20848,0,1,1dc591db7b3419cfb4601f0b37fc00695ffdf168eb4a8afe86de43cf3625f85e,2024-10-21T18:35:06.753000 +CVE-2023-20848,0,0,1dc591db7b3419cfb4601f0b37fc00695ffdf168eb4a8afe86de43cf3625f85e,2024-10-21T18:35:06.753000 CVE-2023-20849,0,0,732ea1440309f4e1beded71f9f4fba5ac28aea4f3eff22c819fa9a5b01f18bdd,2024-10-01T19:35:01.137000 CVE-2023-2085,0,0,338a62bf8724204748fc07e75fa57132a1fae27e3dff7bdb8f58ed05edf063d5,2023-11-07T04:11:54.957000 CVE-2023-20850,0,0,73fd7189993018104a47c923837818af31364782c90b09203ab602d9e71b3051,2024-10-01T18:35:02.863000 @@ -220048,7 +220136,7 @@ CVE-2023-26557,0,0,6ceb9df97f905e78eb0cf74c0dfac9c255477f8bcba9936e70c69834ef3d2 CVE-2023-26559,0,0,7144c7ce70a92362705b43611255593f6f4b7b693ca02c130d84d4711d779ed9,2023-04-22T02:05:06.593000 CVE-2023-2656,0,0,de6e3a629e1021beb21e62d6fd7b92d61e8ad49246395f3b1f420dbf028ab74a,2024-05-17T02:23:07.677000 CVE-2023-26560,0,0,f910a3ed247eff66581acc7099551245be65e2e039b8bd41738ed8e3904749c6,2023-05-08T14:16:07.847000 -CVE-2023-26562,0,0,e0dbfda6879c0ea22ce3c18d06e8bacad5463a94b9fdd98fef77bb7da6038737,2024-02-13T18:23:02.393000 +CVE-2023-26562,0,1,942c700299a73ec6197332a4400af9038c0b9f0a9030d7260b1e31898e1ec766,2024-10-21T20:35:24.773000 CVE-2023-26563,0,0,4b577c215fc421399ece2edc739a6d2b39eea3dd1b5bf242b8decfa1d8fc9625,2023-07-26T16:23:15.603000 CVE-2023-26564,0,0,232d8f6ffea0c0586d38553e12a1d1e373276a81ac2b2be9b2eacbe21ab124e5,2023-07-26T13:58:32.947000 CVE-2023-26566,0,0,ae4ea3cf14a7d506042dd39ffbc958f2d012f8a28764a157d6db66e3943cac77,2024-07-03T01:39:39.010000 @@ -224893,13 +224981,13 @@ CVE-2023-32801,0,0,ff096bac379e7fdda871610826ff6cf1626c7a6fc205c6d872c3347a16e15 CVE-2023-32802,0,0,4040ae51299c241304e912615502a0cb9ca260ffd6afb1aa755d04462c398322,2023-08-31T18:41:51.600000 CVE-2023-32804,0,0,8f752ab4b0675a28ca34443c0aa40ba5102336b6a55e5a6491c0c6fd66c7a7a2,2023-12-07T20:09:10.640000 CVE-2023-32805,0,0,6540707b686ee11e3b334c263b1dd2839476aa160e47611c24f376ce2aa25941,2023-09-07T19:10:30.657000 -CVE-2023-32806,0,1,a326357cb1692657e2e52276e1cb9ad6810ccbc04a6518e9f9c564cbe3d0f8d1,2024-10-21T18:35:08.193000 +CVE-2023-32806,0,0,a326357cb1692657e2e52276e1cb9ad6810ccbc04a6518e9f9c564cbe3d0f8d1,2024-10-21T18:35:08.193000 CVE-2023-32807,0,0,d8a6af0507a0d41f9a8ee4ad9d32298e7eae1bab1e6d2928ee6b7def5c98547f,2023-09-07T19:12:25.147000 CVE-2023-32808,0,0,bd0af10904aecc1ae16ec029049d57afde81c9af3947ef3356881d7703008230,2023-09-07T19:12:34.423000 CVE-2023-32809,0,0,929cb445486c4573195687241ba6c1ed4f870abddd481c25e4dc12969ed4fd51,2023-09-07T19:12:43.770000 CVE-2023-32810,0,0,4fb3f76b2305d513fe8fafd71268d676dbcee10861a6e4da52ccaed05bc22c8d,2023-09-07T19:12:56.850000 CVE-2023-32811,0,0,c7e3a2acd8ac3002d64478758a339565290c41241e59c530e4832384cd1c700a,2024-10-01T19:35:02.820000 -CVE-2023-32812,0,1,c00f21913a69492d85960ae4e707d450034750f5b4a4a4ac08e6243f6e1eff61,2024-10-21T18:35:09.023000 +CVE-2023-32812,0,0,c00f21913a69492d85960ae4e707d450034750f5b4a4a4ac08e6243f6e1eff61,2024-10-21T18:35:09.023000 CVE-2023-32813,0,0,c96bd46cd9ba2352828083b7c7200ae5888cb4d37f5907c2db7d910bb0203cef,2023-09-07T14:42:39.470000 CVE-2023-32814,0,0,4feadb463c76a88ab596897a43377e7f80236c0d7ca7b35eb9093f0abea1d20c,2023-09-07T14:42:58.513000 CVE-2023-32815,0,0,f16706f2fd269f898840a89aa7b1bcfb374da64c42c50c54517b41ca6551d06a,2023-09-07T14:43:12.923000 @@ -227139,7 +227227,7 @@ CVE-2023-35987,0,0,0092d8acb4edfca24b67c2de9a222432602b6c7bb47187fca3b07b36a3f10 CVE-2023-35989,0,0,5ea9fc86c15be01a2e0360817ae8cbdf04bf51dc78857327e32dbc2673e7ad31,2024-04-09T21:15:10.167000 CVE-2023-3599,0,0,047495667ec956e514235d0914b269f9c6d59aae1a47ba378f0248d9961cd2ab,2024-05-17T02:27:37.867000 CVE-2023-35990,0,0,ad3a4c8f9a76469497327f695ade5fb8a1e4ee3d1419eab7fd161eb4adcbe022,2023-10-12T02:12:41.530000 -CVE-2023-35991,0,0,d72aba67015a295fea6e9b57d5bc557fe6011aade4c059d9fb34f02375a91843,2023-08-29T18:58:15.803000 +CVE-2023-35991,0,1,2ef776d5417daabb2e9168bbf8d0aadc490009c020bd7b0f34274fc64760ca51,2024-10-21T21:35:01.433000 CVE-2023-35992,0,0,99196ff9394e726bbf48e9e4cb99c587562102b371d12ef02b41d14fb7d44e94,2024-04-09T21:15:10.260000 CVE-2023-35993,0,0,a97a4bb39b3e03a07df9977e4883832fa1549e90c2d7d30de6ab91a48ca03f48,2023-08-03T17:01:05.247000 CVE-2023-35994,0,0,d68ff6b4f4efc96325e1c6da57296cac96c9816316b460639172dd033556acb7,2024-04-09T21:15:10.360000 @@ -229512,7 +229600,7 @@ CVE-2023-38955,0,0,63df79de95a7f767ae6c552fb72a83c8d27dbe345709dbf28da7594408238 CVE-2023-38956,0,0,8b5acdedffa237807149370b588431544e43928059cfd0e43b78be3e3e90098a,2023-08-07T20:31:50.570000 CVE-2023-38958,0,0,1bd8ff159c889b971231a70f32c881fe52d6fee82a669559bf480f216ef6e2d8,2023-08-08T14:51:10.603000 CVE-2023-3896,0,0,ecf6ec50833c424a9f4f7d6290fb2b0bb114529dcc96bb3860a9f4f2e2d15537,2023-08-31T19:15:11.223000 -CVE-2023-38960,0,1,6c4b244a3f87d6578d98e8806ed1e925433a636a405c2a0234e83b01d3383f96,2024-10-21T19:05:59.087000 +CVE-2023-38960,0,0,6c4b244a3f87d6578d98e8806ed1e925433a636a405c2a0234e83b01d3383f96,2024-10-21T19:05:59.087000 CVE-2023-38961,0,0,9be574ed7afa5e17ea5dee6013540111f34bc32be853041d0dbe01b66ca3de88,2023-08-24T21:06:17.447000 CVE-2023-38964,0,0,074a29d1b4b534ddaa79d12d5c4cac64b3e9be14868bfefd4571471dc5fe19b0,2023-10-30T19:45:12.257000 CVE-2023-38965,0,0,b66398cdb2dbe26905c454a859d795e74aa58a4ffb14b7e4c93c47c97e257736,2023-11-13T14:46:29.883000 @@ -230669,7 +230757,7 @@ CVE-2023-40446,0,0,8b9a0fd6e5e167cdc12afda812614c846650c66be74645c257321ba890664 CVE-2023-40447,0,0,ba8a4588c5be24be94940418440cd7e1a7f9ce1a9cf1573462fff78623750e4f,2023-12-07T20:15:37.680000 CVE-2023-40448,0,0,23da6ec20146bd3914f77a7eb5aeffa03207be4a0f4c6afd09f5029201d17dd3,2023-11-07T04:20:14.757000 CVE-2023-40449,0,0,3c0e9b8344d0d7cb0a51347962d0f9d1ade8c23957cccada2d3c6b2f24752671,2023-11-02T14:58:19.950000 -CVE-2023-4045,0,1,1c329113f0de66880f7fc5a2ac54d6a109625161d91d464e87b08dbc5394deae,2024-10-21T19:24:02.230000 +CVE-2023-4045,0,0,1c329113f0de66880f7fc5a2ac54d6a109625161d91d464e87b08dbc5394deae,2024-10-21T19:24:02.230000 CVE-2023-40450,0,0,d0d2fe2c6b77e1b2d928d2f49e58cbf3458bbc4f130f706689cabf8b5c61637d,2023-10-12T02:28:48.060000 CVE-2023-40451,0,0,53d52bb36c7903dce04fb0f4b9d72e63a58a839302277d2ef2af4250f9c72b5b,2024-01-31T15:15:09.977000 CVE-2023-40452,0,0,abfd30a5fdb80950f171cfbe800d51816fc83d170b610aa52771f6852a1f724d,2023-11-07T04:20:14.897000 @@ -230679,7 +230767,7 @@ CVE-2023-40455,0,0,058abdb8c2eae30e165ec5b264dbf295ba8e09c6c3830c69886965016a5de CVE-2023-40456,0,0,7169803686183a5f1d426b39f88228ec6dce3691ab53bc177c949c7a8fd9efca,2023-11-07T04:20:15.193000 CVE-2023-40458,0,0,79a445a17e1f85e1f6c9345cf6a43d9301aed3a647416fbf1fc2770253362cdc,2023-12-05T01:55:09.410000 CVE-2023-40459,0,0,72958d07cda00b0c6d4ae1b61eff24e072a6de9dcd7e9245179ab8da7c7dd63d,2023-12-08T15:47:51.637000 -CVE-2023-4046,0,1,64889660c90ed96dffb36b392dad990b52f684e74bc2a30c683852e7a3354c73,2024-10-21T19:24:02.230000 +CVE-2023-4046,0,0,64889660c90ed96dffb36b392dad990b52f684e74bc2a30c683852e7a3354c73,2024-10-21T19:24:02.230000 CVE-2023-40460,0,0,cb8d4a4b518509c4362ccb8f0afbc3d4ba81059d0c319d00ce1a78f314f5df45,2023-12-08T15:47:41.403000 CVE-2023-40461,0,0,2ca71e2d74941f7db08d3ae15972c35f65a7a1c0b913d4173afa994ddac5a43a,2023-12-08T15:47:23.163000 CVE-2023-40462,0,0,ffd7cbc54880373ae62e24016d5dd35693f5e2718a1f76f9f7406aa53c66dcee,2024-02-02T03:12:25.617000 @@ -230688,7 +230776,7 @@ CVE-2023-40464,0,0,8231b0c451d5b4c35d027e1b67bba80c7df83e1e1ad17ab04a2494355e768 CVE-2023-40465,0,0,c70021b90b2721ff443a40c1111bf31fef348ab6ba2a7cf6bbcd8bc7822299fa,2023-12-08T15:44:51.933000 CVE-2023-40468,0,0,7d84164a8bc2564940a981b796397726ff721c6aa0efdcb2152db15cd7184661,2024-05-03T12:50:12.213000 CVE-2023-40469,0,0,0ed69cdce8225d95cfae6682abc1ebaf65719f0b970e047791ac57fa9c47f189,2024-05-03T12:50:12.213000 -CVE-2023-4047,0,1,53121fc9835c528f43f4e27d812b5d6ec5056bccf0b3eefdb432f2299f21732b,2024-10-21T19:24:02.230000 +CVE-2023-4047,0,0,53121fc9835c528f43f4e27d812b5d6ec5056bccf0b3eefdb432f2299f21732b,2024-10-21T19:24:02.230000 CVE-2023-40470,0,0,afada78b6007b2ba33bbf78e11be4d28f3cd22e160c8e61f962a7cebd7f52155,2024-05-03T12:50:12.213000 CVE-2023-40471,0,0,becbb43c9e1a564fe69963a88bb1087ad0f2669a388b9f3e94466c56f3f010c0,2024-05-03T12:50:12.213000 CVE-2023-40472,0,0,63bad795c4e37646c5a06e5ac3ca24cbaa679ad10a3550f3f51a2397791e5a38,2024-05-03T12:50:12.213000 @@ -230699,7 +230787,7 @@ CVE-2023-40476,0,0,990cdb29579a0a42e2b0b90e1ff61c936b2215b9b38d595acb2c3b495a94d CVE-2023-40477,0,0,bf7bd805408bb9938532327c097b39611135aa4263d48f1c31bff5599ca5f6ac,2024-05-03T12:50:12.213000 CVE-2023-40478,0,0,3813fa4ea718093279009f433811c990f4f34dc459cf82b9e9ca779ceeaac098,2024-05-03T12:50:12.213000 CVE-2023-40479,0,0,1a7d396842ef92259b6deb8297ef0b077b3ee7a9e535f945f97aa32494822be5,2024-05-03T12:50:12.213000 -CVE-2023-4048,0,1,802393fc76fafa069d10826d5ffadc2af24b867bf92685d5eeb3c0c73c10aa95,2024-10-21T19:24:02.230000 +CVE-2023-4048,0,0,802393fc76fafa069d10826d5ffadc2af24b867bf92685d5eeb3c0c73c10aa95,2024-10-21T19:24:02.230000 CVE-2023-40480,0,0,07de3baa211ab35f535d27f20039971bedfb9cbd3fe7579f3e4e6b21d0dc9c86,2024-05-03T12:50:12.213000 CVE-2023-40481,0,0,3150de1a4b1356cd76c239ffd3c3ce8db9996021a524f873c625498ad746e97f,2024-05-03T12:50:12.213000 CVE-2023-40482,0,0,8f94395e9ba4410d50fe2038a3c2e8560042bfdc2934680d88774c764f0115a8,2024-05-03T12:50:12.213000 @@ -230710,7 +230798,7 @@ CVE-2023-40486,0,0,a83f928f9636179621a9a22eb4e681aef6d1177ef61d83b3f38ce044f578e CVE-2023-40487,0,0,ae74d94247714de39db18229bcfec1084c5b5a6c591ba8a718a2ac5bbf7adc8b,2024-05-03T12:50:12.213000 CVE-2023-40488,0,0,6d9932a99868f3ba51fd20d98621922b5fea112d62f5687677942cc42ca41387,2024-05-03T12:50:12.213000 CVE-2023-40489,0,0,1b0fbddedbe1eba7f8d6447733accff90acbe5dd7ba43100381753fde689538d,2024-05-03T12:50:12.213000 -CVE-2023-4049,0,1,6e53d0faf62020a5434f451eef98fb2ef00194a55d4306e2991763f990e89e57,2024-10-21T19:24:02.230000 +CVE-2023-4049,0,0,6e53d0faf62020a5434f451eef98fb2ef00194a55d4306e2991763f990e89e57,2024-10-21T19:24:02.230000 CVE-2023-40490,0,0,ffaaae63bf9476dd245ea2b1b05c4848a3a394ccd4a27d35c8f297f8972060bd,2024-05-08T13:15:00.690000 CVE-2023-40491,0,0,b8e05583b64f200d6827277cb79eb1645eff3ae05aceebc727f6edfbc6ef10b6,2024-05-03T12:50:12.213000 CVE-2023-40492,0,0,1383c09bc601f5cf41687f9e41f3cacd69fa75e8c3adff5771234a8f76fd1ebd,2024-09-18T19:15:32.220000 @@ -230721,7 +230809,7 @@ CVE-2023-40496,0,0,e07b3584ba620f5ac82b33a51d47f4b6db5cf29141bafd245a2386c9d2ab7 CVE-2023-40497,0,0,211e4ceb10f8230341965f4d26f72576b2d46d3ec80dd86afcce4098919f69d1,2024-09-18T19:15:32.663000 CVE-2023-40498,0,0,8c3c3c412caa7f09cefe68786071ba42775e538c386156372798f30f0cab15c8,2024-09-18T19:15:32.760000 CVE-2023-40499,0,0,0151b97ea369bd7b25160c6403930085e47cba4319f95af956184d9e8aa08a9d,2024-09-18T19:15:32.850000 -CVE-2023-4050,0,1,b229b3d6ad3777f9274dd060bbf76aa042c369b699456e30634896f079a6002e,2024-10-21T19:24:02.230000 +CVE-2023-4050,0,0,b229b3d6ad3777f9274dd060bbf76aa042c369b699456e30634896f079a6002e,2024-10-21T19:24:02.230000 CVE-2023-40500,0,0,6b5126d7090bd2a93d6b8168862762a9bba0dbb3617e7be38b2c00a08a0ea09c,2024-09-18T19:15:32.940000 CVE-2023-40501,0,0,75baeb6c816bb63e7c384e6d546c6c81be287293711c9c31008508f55ef7b53c,2024-09-18T19:15:33.027000 CVE-2023-40502,0,0,ca47a92f877be96f466f860045142e5579f904e7059a363872bff431c798df94,2024-09-18T19:15:33.120000 @@ -230757,7 +230845,7 @@ CVE-2023-40535,0,0,3dd8b6e353e77bc78b3eaf66d47e8a5e362a0b31feec7a87804f2cc657d03 CVE-2023-40536,0,0,9551e2fe36c80eabdc1a2e97ded6be800d2fb9f544e15a4ec84bb644eba227af,2024-05-17T18:36:05.263000 CVE-2023-40537,0,0,75f58d7d08cd8fb906c24aefd5bbf6d6b69c82ba74790056d8b068a8723a2e25,2023-10-19T16:43:11.323000 CVE-2023-40539,0,0,acd3d042bf442094e597836496b1b9323a740bc93f77f5fe42a7bce86aacddd5,2024-09-05T21:14:36.220000 -CVE-2023-4054,0,1,5711b34d4f55c4928fe6a9749d291a731f317f09dd2fc97ed884de9062fbc0d2,2024-10-21T19:24:02.230000 +CVE-2023-4054,0,0,5711b34d4f55c4928fe6a9749d291a731f317f09dd2fc97ed884de9062fbc0d2,2024-10-21T19:24:02.230000 CVE-2023-40540,0,0,1e03a01e888f27e7c3ca51db2a4bc2550b4a2afd268bf6a33f8cdd0d825d3736,2023-11-22T15:13:18.220000 CVE-2023-40541,0,0,daaec126802b21cc7a612331601c83efdf2fbb147626236fb6df03c2ce8ee7c6,2023-10-12T02:32:07.413000 CVE-2023-40542,0,0,3e94edf4177b263f441dfba9104a5c1faf5acb6a3d8e1da0c96b19398aadd4fe,2023-10-17T19:43:55.697000 @@ -230767,7 +230855,7 @@ CVE-2023-40546,0,0,6ddbdc19841f6cb290ec2b905e60bc26911fc88c11de04bc8a7d662cb4831 CVE-2023-40547,0,0,aa8c5d2793a75f3ad9a6a915b845d7aafd35608216f0b3f68592a1e5df2bf1b7,2024-09-16T19:16:05.947000 CVE-2023-40548,0,0,dac643ade65c1a191d65ee168a845e302723e7116b47e0d5a4611a62d6447ec0,2024-10-01T14:15:04.700000 CVE-2023-40549,0,0,409bbcdd4cb8887d85ad6922d10081d4ffe6d9a4dd03532a76d9c9a92dc5fdfe,2024-09-16T19:16:06.287000 -CVE-2023-4055,0,1,c4ae3aaca3ca61d56e1ef1d531f4eab118ce319b18110288a2d5f6bd42c0ce0c,2024-10-21T19:24:02.230000 +CVE-2023-4055,0,0,c4ae3aaca3ca61d56e1ef1d531f4eab118ce319b18110288a2d5f6bd42c0ce0c,2024-10-21T19:24:02.230000 CVE-2023-40550,0,0,7e315e619d697d87543604bbff3ef14f7418177adad4c5f0a7f3c6da81e8e2d8,2024-09-16T19:16:06.450000 CVE-2023-40551,0,0,6015c82d4677150430822f1faf7d1f0c96ba6952a50dbabd6ada6225e4354973,2024-09-16T19:16:06.617000 CVE-2023-40552,0,0,7fe5ec65193750dbc75f8e72724337bc87d791c5b7214d5dca88292f9d38f754,2023-09-08T21:27:56.877000 @@ -230778,7 +230866,7 @@ CVE-2023-40556,0,0,de58fe186b2f1020d026ffae947fb39dbfc6fd85de37930c26c30401ecc65 CVE-2023-40557,0,0,3bf2b397ce3609c07e1447ba3d8690991b98b23c568e53cca57115b5519cdfa4,2024-06-04T16:57:41.053000 CVE-2023-40558,0,0,d9bded5de9ca7bb0315ab4655cf0114aa43781be397f7f4855550ffc64418611,2023-10-06T16:25:05.677000 CVE-2023-40559,0,0,346b45cc4a075a124495f9f473e10d92f45160dc29983943d7e4ac13986a7691,2023-10-05T18:23:25.127000 -CVE-2023-4056,0,1,d24cc463e779a339254720f9b2eb413aa3030b7d621f84c42a47ec968b70d35f,2024-10-21T19:24:02.230000 +CVE-2023-4056,0,0,d24cc463e779a339254720f9b2eb413aa3030b7d621f84c42a47ec968b70d35f,2024-10-21T19:24:02.230000 CVE-2023-40560,0,0,2ac7acb552da11dbd8db8d3a9f352b3544176079d47aeb4fc4b3a606679cd9d6,2023-09-08T21:22:09.650000 CVE-2023-40561,0,0,3026ef6bac008dd95d8f16dd0d67f2f87c167e758f891e01316af5841b03710f,2023-10-05T18:10:04.607000 CVE-2023-40567,0,0,5a5dccccfa357e32e21d1393c6606fd901aacb680c90ce141f0ee5ba31ccc650,2024-01-12T13:15:11.090000 @@ -232091,7 +232179,7 @@ CVE-2023-42365,0,0,b406aedf5cff3690cb0cdced542258b1116fc3739fd082c9556fafea525dc CVE-2023-42366,0,0,96aa4788059f0643e44792bf7c219cbf02f22946e327a1c617c1427bb3d00c10,2023-11-30T05:08:23.197000 CVE-2023-4237,0,0,6cf38aec3bd975284a4d86b8e8e2c267e312c6daf36ee9d95139bc404b921d75,2023-12-01T12:15:07.670000 CVE-2023-42371,0,0,0e281a41b11b08a02a0cd51a620dbf419b44c135c1cb4fbf938f26407644aeea,2023-09-21T17:26:09.130000 -CVE-2023-42374,0,0,aca719c6150367dec09fd11f6c9b807012468e35c3abed94ca0623eb6077f3b5,2024-08-01T18:35:04.073000 +CVE-2023-42374,0,1,3234420f5caac7400d28a5d1e23e00687f8cb4e55adc666217ad31bc29a13ce3,2024-10-21T20:17:34.267000 CVE-2023-4238,0,0,509443a1351feb89b6b94e830e94202e715b86b22544bf06f7ffb748465e25f5,2023-11-07T04:22:21.423000 CVE-2023-42387,0,0,ac5e3cab9e1acad87196ba54b8837904055e4058b1be2bd923c1212b5a265fd6,2024-09-25T18:35:03.937000 CVE-2023-4239,0,0,4c7e293324e9ceca8eac54be9b764efefa575bfaceb6af4ac238174d794121e1,2023-11-07T04:22:21.503000 @@ -233264,7 +233352,7 @@ CVE-2023-4407,0,0,5856f12cc35e0b2c6edb626e272e45337f86d7aa7030389df5e9e25594e18f CVE-2023-44075,0,0,3309f000078c7a4ad17714a7a33b669b501aff8fa3e8adf386c81c2f1724ad4f,2023-10-06T22:31:17.653000 CVE-2023-44077,0,0,6f50e2242814ff72fb76c982ade027d0514d77c4a158a8d553f7d4098c3fe2bc,2024-02-08T01:15:26.870000 CVE-2023-44078,0,0,f4721573d756898bfdf4e1579d72f102203d15ffb88367799bfb08cc3e577a80,2023-11-07T04:21:33.440000 -CVE-2023-4408,0,0,0a0d637138bf1d0819dc7be81e1e8a7ff32f664a2ad58bf2a4b82bb253e59ca4,2024-04-26T09:15:08.727000 +CVE-2023-4408,0,1,76770b7f720567347573beb4dfc7dc9a0a973c38cb0c7970d56f618baf494718,2024-10-21T21:02:42.820000 CVE-2023-44080,0,0,007f9f92128228decf3cb5fcc39618da71ce85d1b258ac586882744d4be869c1,2024-09-25T01:36:42.567000 CVE-2023-44081,0,0,7109043a6e954daa8b1d0a9d907c2dc61207a6bab6c2673b8fd1c0cc406c2e50,2023-10-12T00:42:21.237000 CVE-2023-44082,0,0,ace05d77849fdf184bf8ddbcddfef213b9bb3032a1139cbfd124d56c02c502d6,2023-10-12T00:42:40.427000 @@ -238999,7 +239087,7 @@ CVE-2023-52428,0,0,0a04486874aac3629974d1ca44929c76c47902d8c17eb2cde1efd5de3b490 CVE-2023-52429,0,0,bb71f6867b546918a32b40939aad4a54664a6e064966565e92e979c5b5823dd4,2024-06-27T12:15:13.797000 CVE-2023-5243,0,0,e49838102a5721a273506f040a2a95bdeca1c43c3e414141d5a1a29f3ab700c3,2023-11-08T18:40:41.847000 CVE-2023-52430,0,0,9b119fede2bb0d45c16cf06aac5c3bb465a163e763f0ae820658b0f4e7b632b3,2024-10-16T13:11:53.423000 -CVE-2023-52431,0,0,66ecb5d0d036ac42092513cb05b38d83d511ab77eadc17266adb6bb7737e255d,2024-08-01T18:35:05.050000 +CVE-2023-52431,0,1,c64a02a0cf6c92acef7a3c67de07bba1d63a180e819e78f76030c959fd7430a0,2024-10-21T20:19:07.513000 CVE-2023-52432,0,0,33470768b31e3ca42f4e91386984f89611d22bbf917c9270afe6f040d18c0aa7,2024-03-05T13:41:01.900000 CVE-2023-52433,0,0,5c95197bc729cebc3540e26fddb8edd3d3fb52d95160d4c0a67697d37cf469ee,2024-06-16T13:15:50.413000 CVE-2023-52434,0,0,b72f32c1cbec248d35f9c41a46397d6f83aca29d211f6de56a2e5906d4279d8e,2024-06-25T22:15:14.567000 @@ -240344,7 +240432,7 @@ CVE-2023-6148,0,0,1b57c1d9a49ccecd4677e923685643bc45630f2eac85bc58cc77ca82dc8b1f CVE-2023-6149,0,0,5a1ccefc7e309805723c1e710b75a15b5addf28ca2d264aaa061adf8ceb5e0bc,2024-01-12T19:55:38.860000 CVE-2023-6150,0,0,333a48e8e003d17ac75b47746fb8e51fb121d7e3d52273876c372ea0168fdd9f,2024-09-26T12:15:03.463000 CVE-2023-6151,0,0,01fc60e1cbc6e1e96e0b7b952e7832d74d8ca7156467c2597d36d908dcaeb1a2,2024-09-26T12:15:03.583000 -CVE-2023-6152,0,1,1f2e80bfb045085038297a2fa763f02e8b40b9bf032e905a177e927c45bf23a1,2024-10-21T18:35:59.507000 +CVE-2023-6152,0,0,1f2e80bfb045085038297a2fa763f02e8b40b9bf032e905a177e927c45bf23a1,2024-10-21T18:35:59.507000 CVE-2023-6153,0,0,64c8750e1add6b283c202acc9f7c145138f085f17b9a40e6d77edbf949e4648d,2024-03-27T15:49:51.300000 CVE-2023-6154,0,0,ea79ef7106538fbc68e1e41b2608f4b1a33d1c9bd0e166ed2658519f1ceeb79f,2024-04-01T12:49:00.877000 CVE-2023-6155,0,0,8999e28dacf358c98e2deb0d543f61d7454111fd1c5e35599649cebc3b861eb6,2024-09-12T13:35:21.663000 @@ -242242,7 +242330,7 @@ CVE-2024-10040,0,0,e60010f49ca3103740274faae9ff6204ef5e8179ea2561631dfe21b2ee350 CVE-2024-10049,0,0,53720c9da49b26dcdd62ca517621f91bdc81303aa9036eed1b0a1b7834addde0,2024-10-18T12:52:33.507000 CVE-2024-1005,0,0,1191b4a20d5b719ff3ba58b8e13bb4278d19f2133e7221e782230a58acb2d18f,2024-05-17T02:35:09.367000 CVE-2024-10055,0,0,6d434f327f323d1d4e7933b0f8db3edb29a6b4c6a11d2f352406cae112cfb5b5,2024-10-18T12:52:33.507000 -CVE-2024-10057,0,0,f00e9b97b4e44a71501e4f152f47b736e9dfea0be964004b9f96030a2909ecb3,2024-10-18T12:52:33.507000 +CVE-2024-10057,0,1,d8a525e53057703eafafe41b97e25f6595177cb8b862a21217c338a0239a3d3c,2024-10-21T20:53:22.813000 CVE-2024-1006,0,0,fe82f3d0065ffa9f2a59eb5b63e144d9442dc24b73dc23626043d548cf903e88,2024-05-17T02:35:09.467000 CVE-2024-10068,0,0,d30a41a047eea99fec87733a3e9cf71e01923d623f7bff84eb08ba80a39dc81d,2024-10-18T12:52:33.507000 CVE-2024-10069,0,0,3deecf378edc88d42f5e3696d99a60fded7005d195b49a0977c4e7373c383b23,2024-10-18T12:52:33.507000 @@ -242257,7 +242345,7 @@ CVE-2024-1008,0,0,a9b7d9e2e828ed74dc3f97aef993fcfdb7b13561fd219152455ff7524c8067 CVE-2024-10080,0,0,7dee1bdb0654db1839e6846f51c6c9699dc09bcdb5e7141706a72d57a008f278,2024-10-18T12:52:33.507000 CVE-2024-1009,0,0,97af4237278897e4de60a52c929ac5642d8b709167b278dc1af6a70d4d177e3b,2024-05-17T02:35:09.780000 CVE-2024-10093,0,0,655dbc008c9c21b76c775eaa92108777c983716e956bf10f0085a4f9c49fc737,2024-10-18T12:52:33.507000 -CVE-2024-10099,0,0,b3a11ebc9f9c6c715099c9fa0f4896335c8086b813d9eb8c78b7713f9817c86f,2024-10-18T12:52:33.507000 +CVE-2024-10099,0,1,f14bdb99d2ca7956ea9400330266332303014dc510bc6e629dc22733e615abb6,2024-10-21T21:03:53.647000 CVE-2024-1010,0,0,b9c2292e551f86bb732084025c958f6307d4b05614efbc31206ace678efe61b8,2024-05-17T02:35:09.883000 CVE-2024-10100,0,0,551af785b2583dfc00dd65a689907bc427d5051278643ae24a3a0c57fb4f9ff3,2024-10-18T12:52:33.507000 CVE-2024-10101,0,0,1d42831444f093da17057d1135157fc2c61373ed2c6e3aa4b33071a4d1f4b2d6,2024-10-18T12:52:33.507000 @@ -242296,16 +242384,16 @@ CVE-2024-10158,0,0,11be81b514db49e0d4c1036e7ab29fac60ab54dcdf053c939bb522543b8de CVE-2024-10159,0,0,a957e43b8f013253bae388b72bbe1442546c3b250ce9a226033f467eed2129a7,2024-10-21T17:09:45.417000 CVE-2024-1016,0,0,71cf76ab1a6b276906d8ecf764cf0be1d15a9c7c60543569d9e172588701616f,2024-05-17T02:35:10.520000 CVE-2024-10160,0,0,39ac2bf156dc39ee077d3610aca8618443383beab962b00159650b8b309870e8,2024-10-21T17:09:45.417000 -CVE-2024-10161,0,0,8fd8b3180bd09399bfa659caa70bb1a8447b61c2f2436446da055256915430c9,2024-10-21T17:09:45.417000 -CVE-2024-10162,0,0,94cad70254661d6f66fe1ffeef44715e7f3687893d620f0b4d4b9fe91fd30213,2024-10-21T17:09:45.417000 +CVE-2024-10161,0,1,84bc31c1f8b9c1424a33f38beb007afd12cef556097f836456e7db6854141f50,2024-10-21T21:35:33.377000 +CVE-2024-10162,0,1,9586e193571470cd409c779979783fe30cf8798f29cade742d2c6e6b9b66240c,2024-10-21T21:36:10.470000 CVE-2024-10163,0,0,9b28215d70d6803fa02b8f91773221fcb00ce8e2ccbc25ea7d995d6ba8095203,2024-10-21T17:09:45.417000 -CVE-2024-10165,0,0,af33e6c84fb24a12266113d886a6c62172a37d83283eb52bb3b3bae79a2d30c7,2024-10-21T17:09:45.417000 -CVE-2024-10166,0,0,c02796774fbfad39072540da70f572ec18cfe723462ac98aa668f4ded95cd25a,2024-10-21T17:09:45.417000 -CVE-2024-10167,0,0,7ad81aa5e3faff9fd4be8885b7196a53b9bc768ed5519afa8c13456c816fccc0,2024-10-21T17:09:45.417000 +CVE-2024-10165,0,1,5e96b8bac045d76007a8a1ccaf66b23094bbe577806718f5c39b95850bfcb648,2024-10-21T21:35:06.987000 +CVE-2024-10166,0,1,d38e0eaedffd343f532bd4c1abf13dec4f7eece79809104c00c35d23c5bd77f6,2024-10-21T21:34:52.430000 +CVE-2024-10167,0,1,e7ee4350c0d87b98f4009c350ce488d1222a8473f5eed0163be4fcf02375526f,2024-10-21T21:34:25.810000 CVE-2024-10169,0,0,e8e6c9fb9383945c3d410fc4f008280f899970c875613eff84d409b4d2eaf686,2024-10-21T17:09:45.417000 CVE-2024-1017,0,0,50b68641acb97d381e6a65107328f0dab0fccf027bea27ef0f379cc058119760,2024-05-17T02:35:10.627000 -CVE-2024-10170,0,0,e74978c38cd6ed16ba78778da65e688748cf710b3030d5cf952802d91f4b963a,2024-10-21T17:09:45.417000 -CVE-2024-10171,0,0,481df1b8718c33e758d1a94b88a3698e27a92399d99d0fda0b9748fff3238e54,2024-10-21T17:09:45.417000 +CVE-2024-10170,0,1,43858dc94e553ea996e2f62171c2a07580bf4384f9d10283ecd355d244289e84,2024-10-21T21:33:49.663000 +CVE-2024-10171,0,1,6def7c486839e6a93365a9531b31890798e7138f9c8ee651ff23d937de5aea60,2024-10-21T21:33:26.937000 CVE-2024-10173,0,0,f6c48dfe45f526ea19e91b20ef708b171d9e0a76591dad105e56c584bb12efdc,2024-10-21T17:09:45.417000 CVE-2024-1018,0,0,6a41753bbb9bddfdeb27e8da1aa301f604399583ccfe73ec2b7c0e024f66f45f,2024-05-17T02:35:10.733000 CVE-2024-1019,0,0,9d34fb91efb6a448073ac765944da7eab7ec7fd07c6fef378639c859599f6841,2024-02-20T02:15:49.973000 @@ -242766,7 +242854,7 @@ CVE-2024-1481,0,0,8ec746082eb3e01e56f31a1580ff8886182032e2bea5ae281bbcc575b73ba7 CVE-2024-1482,0,0,1d7777acb8f6767c0326a8b8463062ed94367cf76b55dfd2e7eca1de7665d146,2024-02-15T06:23:39.303000 CVE-2024-1483,0,0,977a71600513b30bb0eb6deb926ece36832c06dcc47ba3ddd3e7f35b0c5387d0,2024-04-16T13:24:07.103000 CVE-2024-1484,0,0,e884df7f8647f3afd501319772981132c9825cc30f5b6cc87c1e6bf272a5d8ae,2024-03-13T18:15:58.530000 -CVE-2024-1485,0,0,17c18a5bef032479b224456f9118284119e69658a2a7e6b21bbc38674fdb7e22,2024-02-22T01:15:07.980000 +CVE-2024-1485,0,1,a8526b2991a3830f484cbc55ced73558f9e0c8461a3bd3477e123a6fa5e7b374,2024-10-21T20:13:56.083000 CVE-2024-1486,0,0,e701e39a238b49f5d8616e373531defaca6422ab904fbcdd1daeb8b8b0de1062,2024-05-14T19:18:31.490000 CVE-2024-1487,0,0,c8eb46fc04eb1a30f1923f7e4ec53edf581984da21f0a62ca04b0c9b869a73cc,2024-03-12T12:40:13.500000 CVE-2024-1488,0,0,882c78fbd7b0e9fe7403aeecbc9ce3b63d8e8855dfc05e684b04e2f8c2e6badf,2024-05-08T08:15:37.870000 @@ -244213,7 +244301,7 @@ CVE-2024-21248,0,0,9d2bec6b0c5bd428b3273089dc6de78cffbb45eee6dc4edb4da7a745f217b CVE-2024-21249,0,0,8c8448494e88fa3a51a4461e9a5ac6bad487d7f244a14567a92f93a8fd3bd8b2,2024-10-16T16:38:43.170000 CVE-2024-2125,0,0,872a2657310e63ac8c9e764159a2a2b1b3991a1ff9d35b42d26ee113c654f515,2024-04-10T13:23:38.787000 CVE-2024-21250,0,0,c3a216316fd161ecf42e4b85935aab4377046a8c65dc40e8a08a09abcd439125,2024-10-17T14:35:19.303000 -CVE-2024-21251,0,1,29a498ae81d2116872698430d5045b8b8f1f3be886ca38c9c2eaf04efe0450af,2024-10-21T18:00:45.143000 +CVE-2024-21251,0,0,29a498ae81d2116872698430d5045b8b8f1f3be886ca38c9c2eaf04efe0450af,2024-10-21T18:00:45.143000 CVE-2024-21252,0,0,3562e5499767a042e190a60bfd9dbb9b6b695af77c5fafca40036938307414a4,2024-10-18T17:04:44.797000 CVE-2024-21253,0,0,82cb10003f4ec5bdfbeaba5304d2361b5866cecedb70f3ece91f971a87496d10,2024-10-18T14:59:43.660000 CVE-2024-21254,0,0,69ca4bf103295a9b35d72b61c0821b7611adf3b7f78c0a3144fa3da855147ce0,2024-10-18T17:05:58.723000 @@ -244223,7 +244311,7 @@ CVE-2024-21258,0,0,d66d60d8ebe1253680938995404bc802bc4b9dba35146ae97db380f0d8c97 CVE-2024-21259,0,0,f4f5607ed9f1a78aaccb5e08790e38092d26477ddc636f65efb0050b27293955,2024-10-18T15:00:17.133000 CVE-2024-2126,0,0,4ce1f11f7bd5c084b75067cba762f3a64c791e384d09fc3623bdffa8d2aef429,2024-03-13T18:15:58.530000 CVE-2024-21260,0,0,7a47438a9729091b847bae11b79b0b39e45eeeb29dbb35a8c4d79bd78f465c02,2024-10-18T19:05:29.830000 -CVE-2024-21261,0,1,0899d9cbcc2683b4e5f057eef455f1d9ca53b0f3260b8ba7058f26a504b9b734,2024-10-21T18:27:17.307000 +CVE-2024-21261,0,0,0899d9cbcc2683b4e5f057eef455f1d9ca53b0f3260b8ba7058f26a504b9b734,2024-10-21T18:27:17.307000 CVE-2024-21262,0,0,82558944e30d58821a3281c570a2d377b7ec0772f885917aea1c19c8d3bb4a8f,2024-10-21T16:28:16.427000 CVE-2024-21263,0,0,7ac7bc00544efec065b7a3ea0c417046cafbfd2ff0aea2fefa7b4595b67183a3,2024-10-18T15:00:52.463000 CVE-2024-21264,0,0,43edc8b0674a64ea84e7381a14394594bbb3f638fa4e4e95e2e0a620c8f8163d,2024-10-16T16:38:43.170000 @@ -244854,7 +244942,7 @@ CVE-2024-22039,0,0,93b46f47ed43224423d7dcdd7cb5da88aa6d4c08cceaffd1397a4ad32f5be CVE-2024-2204,0,0,a1b09b74c91818340209a8ddf823ec1cf800d4476587d084b8cf03d19b7025dd,2024-03-15T12:53:06.423000 CVE-2024-22040,0,0,be358f199493e83f56d872322bfd43fdac4427b513b4fe755395a46f51c51b1d,2024-05-14T16:16:05.417000 CVE-2024-22041,0,0,b5443db0c86e6457cab6a387b03922b3d7f0b5665f00c0fc059d18dd37af355a,2024-05-14T16:16:06.063000 -CVE-2024-22042,0,1,371c6620006335b0ee7fbd31a930b65a5425c9b8019f8098035753b72616947e,2024-10-21T19:50:08.363000 +CVE-2024-22042,0,0,371c6620006335b0ee7fbd31a930b65a5425c9b8019f8098035753b72616947e,2024-10-21T19:50:08.363000 CVE-2024-22043,0,0,9e476139d6d724b0e5de7cce022f763d77f88747a669d7f1dbe27dfd871a9603,2024-10-10T15:44:13.010000 CVE-2024-22044,0,0,eebeb23ba8a6b13727ce5f42031738195bd52d4a50bd5c3f51bde42fc8fdd786,2024-03-12T12:40:13.500000 CVE-2024-22045,0,0,0934b761764d7359e221a8250519572915febccdf4c0aa0b54ead29e97778d40,2024-03-25T16:24:56.037000 @@ -246666,7 +246754,7 @@ CVE-2024-24810,0,0,ea6fdca62b7e00257691fd5291f58ce467dc80f8017a89bfa4b202bc0e1c6 CVE-2024-24811,0,0,7d5ff8ad0fe3f1f541d707926a7dd4068a8926ae5ea3a1008260caead5d642c5,2024-02-14T20:26:39.143000 CVE-2024-24812,0,0,0181c2c9ae6cc21c49aaebe92a03a31e9d8ba638d3713134fde53fa7f600c486,2024-02-14T20:22:02.537000 CVE-2024-24813,0,0,3e60f204ede1f8ef7119c7c5260c605cef5493853ea87c7a7b75d96c7ff426c4,2024-03-21T12:58:51.093000 -CVE-2024-24814,0,0,12e51377f8e768cb098fc0e2e1507c3b7350536d0e5ed7e8030f7f36b0cf718f,2024-03-21T02:52:11.957000 +CVE-2024-24814,0,1,b5811f49d92caced53b2a848652e773c37466990e3fca0034b958798b5250d78,2024-10-21T20:02:16.720000 CVE-2024-24815,0,0,1752b9f7001655d746800666b7851b33b09dfa9987a811bd752948dc8966243e,2024-03-06T10:15:45.293000 CVE-2024-24816,0,0,0917d7bd5dc6c3b76e09c38685bb57dd6e8e90e3381ae1bf2026646ec2c89195,2024-02-15T05:01:35.393000 CVE-2024-24817,0,0,4b6df4ebd7ab00bafdd25fd5b8b1be918f7061753988ac6e2409eafcc6345f20,2024-02-22T19:07:27.197000 @@ -246924,7 +247012,7 @@ CVE-2024-25121,0,0,633ca1f5f8fdbb9d8ab9fd4780ede0f55f205713bfaf916f50a19319dc6bb CVE-2024-25122,0,0,e365e28bb2f56caaa3ef9b80a1cc325b36fe31e51625a47d99ef7167fe1c5bf2,2024-10-11T19:15:51.707000 CVE-2024-25123,0,0,d91338db3ed95b8913dc378067e1f32dfba4b3ec82603f1ac01d187651acb75a,2024-02-16T13:38:00.047000 CVE-2024-25124,0,0,d570849c8f0f5f2638ea1dc3ea0947e3bcb6425f6af78c4802a7a9fc8debac63,2024-02-22T19:07:27.197000 -CVE-2024-25125,0,0,72a5acd0687c32211b7e2c0a7082cefb738b75531ea50a5a67218ea8a2c1aca7,2024-02-14T13:59:35.580000 +CVE-2024-25125,0,1,d6ddc29c96dcad7028dd2df56e5482e32f6084144fc3b3bf692943c99142aeb7,2024-10-21T20:09:54.923000 CVE-2024-25126,0,0,23f016e55610abad81e6d9deecb5884c2df823f3793b1f3952a19c4d73965c85,2024-06-10T18:15:27.553000 CVE-2024-25128,0,0,ac426d191aad5ee1c28f9b0e0170a37080e5d4fc6590878754b348866bd26a76,2024-02-29T13:49:29.390000 CVE-2024-25129,0,0,7486ea0d16eb332f11a4090e258b52d95003d6f81511545e6100dd617a69be87,2024-02-23T02:42:54.547000 @@ -247309,7 +247397,7 @@ CVE-2024-25712,0,0,cd76bf59fa3b149c026f0736470198c42042811b7fa0e2166e37d9fe09aff CVE-2024-25713,0,0,3d79b0984c1664e4ac69ee01cb3f8d7ad091cc5b18ae7eaaba60f08548db4afd,2024-08-28T21:35:04.973000 CVE-2024-25714,0,0,2873351a6af80135ad77a9bcc3e4dfb72663502923a58c50c79611835741c222,2024-10-18T14:08:58.867000 CVE-2024-25715,0,0,c088d4b977142e9dcb9ad21b32e4f9aa61385e1d7ddbd4c017103ce015b7a37f,2024-02-16T21:35:54.270000 -CVE-2024-25718,0,0,ae3e7adaed565c4b7011dbf928b218006e1c872144ce7016bbce633e7ca027f0,2024-08-01T20:35:25.977000 +CVE-2024-25718,0,1,42b9f7aa73a19bf29b3befbb306be09039aa625e9e00975aa31197375d08c940,2024-10-21T20:29:00.463000 CVE-2024-2572,0,0,5b74e34492d90066cf583f89ae3fdf47d4796ec58fbab0c453f87f07a2a5fb4a,2024-05-17T02:38:20.357000 CVE-2024-25722,0,0,92d3b9468bc91e349275846c28f9045c86a0984b3586a9d2c81948ecb8ae65e5,2024-09-05T13:32:17.380000 CVE-2024-25723,0,0,8c3612f460be05084d2da9e8693ad88b2c515e61b1e81491f670f8acc6d04fab,2024-08-01T13:47:49.970000 @@ -250024,7 +250112,7 @@ CVE-2024-29209,0,0,524c07895762e5b44d3e9ef1c206b4e7d4d5b3430c7ff6d4160e0e7acbfcd CVE-2024-2921,0,0,f4e342ffc58e19f9931b03228666e88722fb82add7b9c9b268ee78781cd5e71e,2024-04-09T19:15:38.423000 CVE-2024-29210,0,0,35f2fb1127989a840ec44eff998dd4dd34dd991643ed4983f752d1672da1ba01,2024-07-03T01:52:19.497000 CVE-2024-29212,0,0,1247faf67a6d05877ef4c24ac6b7bb7d5fbf779bfef43566ef9132ba263c1abf,2024-07-03T01:52:20.207000 -CVE-2024-29213,0,1,923c285048ea8e8ada1ec8fc14c3379597d106a93dc5f7c0191835b40c0543ad,2024-10-21T18:35:11.263000 +CVE-2024-29213,0,0,923c285048ea8e8ada1ec8fc14c3379597d106a93dc5f7c0191835b40c0543ad,2024-10-21T18:35:11.263000 CVE-2024-29215,0,0,c3b478aa1710010c8b99ef1ca4fa2246febf1b61f49cb0a36af3387869a40afd,2024-05-28T12:39:42.673000 CVE-2024-29216,0,0,2aed50ca06d94573fdcea13916b8acc52550da1faf8cd9bfb64a818c7964e9a0,2024-03-25T13:47:14.087000 CVE-2024-29217,0,0,1379e154758970ea220e13f9d29020765e0cdb03091ce67a8deaa8fc55306947,2024-07-03T01:52:20.987000 @@ -250300,7 +250388,7 @@ CVE-2024-29818,0,0,b43be17b77573322064c5ec9d358afd6cf43c212bfe31910c801278a1ce0d CVE-2024-29819,0,0,4749576a07ae228f73869f312addb287fdf690803f9e8863734daca01a87fc2c,2024-03-27T12:29:30.307000 CVE-2024-2982,0,0,2211724d734198d9fb233becb17ec8dbde10e8455d29ee4fab78e86ceaba5ae1,2024-05-17T02:38:40.403000 CVE-2024-29820,0,0,2528d491aed96a02281e4f078b8e3f22ccbe89d79da1f8a661b52ce76993e523,2024-03-27T12:29:30.307000 -CVE-2024-29821,0,1,b4c6b50dcd0aa25f58b1925e34b668429968d3d74b8651b3de59e06c3145e1e4,2024-10-21T18:35:11.957000 +CVE-2024-29821,0,0,b4c6b50dcd0aa25f58b1925e34b668429968d3d74b8651b3de59e06c3145e1e4,2024-10-21T18:35:11.957000 CVE-2024-29822,0,0,5d2c9e00bb0fe2f46c08dc837f1280f283485a53b01db1b74e5b392194998b98,2024-10-03T16:45:19.060000 CVE-2024-29823,0,0,7935be43b4ac46d887d4f03748872441ac79f4dab527d9f95095fada77eba679,2024-10-03T16:45:20.897000 CVE-2024-29824,0,0,1b740fa01a83c6e4b995d74f425eef2cbb5e7538bcbdf87088945ee820fd5f8a,2024-10-03T16:45:28.117000 @@ -250615,7 +250703,11 @@ CVE-2024-30135,0,0,434c5499719264a4e2ad07af1f36d8ed1af6151b19467e0009865806919ae CVE-2024-3014,0,0,c46983235075ad6c61a858c21d5be28ec226124df8363686d4a4d1cade05d3fc,2024-05-17T02:39:40.800000 CVE-2024-3015,0,0,cf3ef36018f814f81d7c4b278b721ac941c52c0f1c0bedc65491406707b51ee6,2024-05-17T02:39:40.887000 CVE-2024-30156,0,0,3d53855c757ad6b4fdec1c866bc6a474f7a081008c29fdfc2556616a5702f89d,2024-03-25T01:51:01.223000 +CVE-2024-30157,1,1,b4413e2e5263fd764d22ffa6255e560222ce447dceec65fcb4225e2b11135a83,2024-10-21T21:15:04.620000 +CVE-2024-30158,1,1,9b3aaea4a5f6664cb8a6843b70c6c66fb885297b5d97196e433e44583b6e8248,2024-10-21T21:15:04.860000 +CVE-2024-30159,1,1,b905413140e33de6a3d93be87dd7cad7a2e92a94fa8fca3348535d1caf49c569,2024-10-21T21:15:05.073000 CVE-2024-3016,0,0,365b1d8bd40146c56247f165cad66ba9032ab62d7024128ecd437112ab8f9af3,2024-08-22T15:35:08.600000 +CVE-2024-30160,1,1,47aa9aaeaf0d9d3169383db35f7389cfd4e3ae26d2060339142e175448806635,2024-10-21T21:15:05.190000 CVE-2024-30161,0,0,1923ba0ba6f178ce866a1a8ca8f64984391bfd8920138b4d8c36e03ff657287b,2024-04-11T14:15:12.083000 CVE-2024-30162,0,0,bfc1b2dd1f9f0516f5fde509ec8f6b937e3d3043c9b38e8e614a15ddc80d79a3,2024-07-03T01:53:51.970000 CVE-2024-30163,0,0,a73a629b03deb6cd2f20f667428a8c95efd54363034c035eeeed31541b8e07f7,2024-08-08T21:25:19.010000 @@ -251258,6 +251350,7 @@ CVE-2024-31002,0,0,91060d363efbbd57c96984ebcb08d042f61fbe28b157d9f0ed5ab606981c6 CVE-2024-31003,0,0,4468ff6139dffd902d54dba282442b03643ad92e636b3ecc84e56f5157573f49,2024-08-01T13:50:37.813000 CVE-2024-31004,0,0,4704ee13f9f534d8c7bace10a79d7d4280ca43ae0178f7a716eda9d0db56ea6c,2024-04-02T12:50:42.233000 CVE-2024-31005,0,0,045b5d5570cfb671aba58425d476f29fa3e750f6d99363d9b536e986ebd3831d,2024-07-03T01:54:33.603000 +CVE-2024-31007,1,1,debfba7fef715479be89acce3d87f867aadf0e1e679f7d0e87ff45f0593cb4f4,2024-10-21T21:35:02.513000 CVE-2024-31008,0,0,a974f67fc051176587797d68bd7b8f7fe117012e84496a743cd76182b8fe18e1,2024-08-01T13:50:38.620000 CVE-2024-31009,0,0,3077bfb383403641b21b3b69eff09950c4c56bae68058cba13568ddd6189034f,2024-08-01T13:50:39.423000 CVE-2024-3101,0,0,437dbb9fcac4bacba400f2fa9de8c79fbcdd2c0866383f4a0cb42b039afb8d76,2024-04-10T19:49:51.183000 @@ -253318,7 +253411,7 @@ CVE-2024-33894,0,0,2185bbeec74aacc0192ac4c0f14cc0154df27885b0566a150aabe2fcb3f08 CVE-2024-33895,0,0,04ba0b007ee4b02eaf9ac803d97de9384b439a729983817e69ee63aaf5768dba,2024-09-03T19:02:31.517000 CVE-2024-33896,0,0,8d1d8374b6336dd7da119946080ba4c57ec39623b8d4b7ec76ee16ffac44a26f,2024-09-03T19:02:37.870000 CVE-2024-33897,0,0,5d7a03e146af861404c7a7c6c6ab907bf79dfa17bf7b0f45f835d86998016793,2024-10-10T13:00:37.257000 -CVE-2024-33898,0,0,d8c3e8424b1aff6ae8a0fcc91c86b5228f2623afdea66b8b7db25938bc363225,2024-08-01T13:52:11.823000 +CVE-2024-33898,0,1,464190f463d7c4938abb5ab1f58560e9dfc19834d7afe8e643a8f4211b22d81c,2024-10-21T20:15:14.470000 CVE-2024-33899,0,0,215d012a0aeed617e9223e785f340f85e2514c39cf4a2326738c4b3613b1edd0,2024-07-03T01:59:09.200000 CVE-2024-33900,0,0,269cc21c173c9c584795c12f1ce91d2738b696474fbebedc5c423a95f8259b67,2024-08-02T03:15:33.783000 CVE-2024-33901,0,0,a1f0948d73a23ff6210c02030912794a258b1439fa01bfbefd0ef5985673396e,2024-08-02T03:15:33.887000 @@ -254321,6 +254414,9 @@ CVE-2024-3528,0,0,c96e1e132295c243d4fa4a90d8abf77e41d771305ddbcf81d644bca2cdde7d CVE-2024-35282,0,0,fe23f4116601299cd085746b33d91adab4014743ea1af63d79bf69af6ebb68e0,2024-09-20T19:44:17.557000 CVE-2024-35283,0,0,517940d61eca1185fcc5d68a59f62111cbe8fdc81301b4e7c0610afefcc22645,2024-05-29T19:50:25.303000 CVE-2024-35284,0,0,3a94c448d00dd5059f3fd361118e6cd65d80e9412861f2d6774f390c6aa71d9d,2024-05-29T19:50:25.303000 +CVE-2024-35285,1,1,63fcf5c98a147b03d8e844c1ed6c33828795c16947640844179b23a9f41d94ea,2024-10-21T21:15:05.307000 +CVE-2024-35286,1,1,1823e5c8c1413061cb3a119f974234b8b662a2d4703fc2b77aab950d39f7057f,2024-10-21T21:15:05.367000 +CVE-2024-35287,1,1,03be90eb0615a866e66e0dc31c3c5f33a2f8485bf68f63f8c6f5da7c001eb9a5,2024-10-21T21:15:05.450000 CVE-2024-35288,0,0,5a7e419c5723f5855a10246582e4e92910b876efa85bd2048c10c45e071584c8,2024-10-10T12:51:56.987000 CVE-2024-3529,0,0,b7433b023ce9172d03becfe0cc0d18595c43e3d8737e87c779d288c2827cf3e8,2024-05-17T02:39:59.247000 CVE-2024-35291,0,0,5225c2a0abe81b64c53a235e59e3157e49cd9481d5912145de7f4fa19255770a,2024-05-28T12:39:28.377000 @@ -254344,6 +254440,8 @@ CVE-2024-3531,0,0,a342a9958ba8d00c279b1676525284c1cab302a477225f05f9d97b5deb0711 CVE-2024-35311,0,0,94751a7e140c2a3ff83ee374530e5919b0823edf97b2e344646a9709229c503b,2024-05-29T19:50:25.303000 CVE-2024-35312,0,0,81ee7e5cffa0828718ff42985b5f71e3223019ea36fce71fb3a2d6856e31b3e3,2024-05-20T13:00:34.807000 CVE-2024-35313,0,0,1eb4867830818e97987762ca58d043d2f7f53fc926bce8bfb2e66b630c99ca4a,2024-05-20T13:00:34.807000 +CVE-2024-35314,1,1,52db695a81430e21b0a01e6c641aab28770f84011fb9c90b28668a94f7e8d5a8,2024-10-21T21:15:05.533000 +CVE-2024-35315,1,1,84efd35bd289a945021a9c7dd1849ff64be9b144534b4418f264cb0672980105,2024-10-21T21:15:05.613000 CVE-2024-3532,0,0,861b69b5ea2c2097afdbe40dd2c40123c9da7c07e730e8c939be6340175b992f,2024-05-17T02:39:59.520000 CVE-2024-35324,0,0,97e62876b974bdb37d65a00c14d6ae80121537e286249b5814c033b73ffdbb1b,2024-08-20T16:35:11.473000 CVE-2024-35325,0,0,073df6c9b920e39e00ae6bf411b4ce7fcbfdedf8b124ea4a78741a586d12ac92,2024-08-28T16:15:08.417000 @@ -256929,7 +257027,7 @@ CVE-2024-38810,0,0,a8d05ba61ad79ab8e573251f3391c7e33071f14ecb67883defa939520cad5 CVE-2024-38811,0,0,7963530e20965c3e978de3e3d7e692a26c21382a2c5c912f03ba846ab4c56eb4,2024-09-17T13:33:32.957000 CVE-2024-38812,0,0,34d8657a2d86accb47b9e7e7219bd48126133821add77e5ea4911708e30f2104,2024-10-02T14:16:47.610000 CVE-2024-38813,0,0,3d08a10b622d3af5696a9ed2c2a45317011023f873f91120d4c5c5927c60a9b1,2024-10-02T13:59:52.887000 -CVE-2024-38814,0,1,6d15529384bab551aa5b8c9c159d49412d83f2b6314b71a8cc518a22a1174f57,2024-10-21T18:20:53.267000 +CVE-2024-38814,0,0,6d15529384bab551aa5b8c9c159d49412d83f2b6314b71a8cc518a22a1174f57,2024-10-21T18:20:53.267000 CVE-2024-38815,0,0,3a4b59062178be01e22848b989a9a62de86c1bfb989586c3092abdaac97fd53c,2024-10-10T12:51:56.987000 CVE-2024-38816,0,0,6659455d4c0832fae3abce29bdd91d446a380e8317fc9229e602957b66269232,2024-09-13T14:06:04.777000 CVE-2024-38817,0,0,09723b24db0d6a084c268e07b58c10ca202cbe9290f0f8fec2db45f626cd7af3,2024-10-10T12:51:56.987000 @@ -257697,7 +257795,16 @@ CVE-2024-40060,0,0,8684e047d9ba2e6cc4bcc7c4afd5cb58b4b20c732a4bb0dd43020155d17e1 CVE-2024-4007,0,0,857ffd215040050c5517e94efdf82e72cc62aae4cfd62acb973d56bcff6e13cd,2024-07-01T16:37:39.040000 CVE-2024-40075,0,0,ea8801174ab63f09ecb78691088214272746fb9a3a5615024827c9ef25c43b0c,2024-07-24T12:55:13.223000 CVE-2024-4008,0,0,41ba43cb718e067f099fac417cd6110082f457ea9bc7353b1528141e52f4a2d0,2024-06-18T17:00:01.570000 +CVE-2024-40083,1,1,11e680e8bf1517e2634a64aa49a46d6caf49581be97998a9d9f77cf3267fbcc9,2024-10-21T21:15:05.703000 +CVE-2024-40084,1,1,534d11aef460ce9b34eb113477df41417197fd033d77d213100aad9c356df749,2024-10-21T21:15:05.770000 +CVE-2024-40085,1,1,5e26333c4ab2860e64b8bbaca881d20b70f9d1931f87426da705490dd3f5755b,2024-10-21T21:15:05.853000 +CVE-2024-40086,1,1,c921105c5ce57300119e18e8e6cfd8c24b8606d1f2e73bc08ab08f658ee80221,2024-10-21T21:15:05.923000 +CVE-2024-40087,1,1,6ee4107522c5969a2a517f5043d2f6b349c6a2286a5705254f08c3d25d87672b,2024-10-21T21:15:06.003000 +CVE-2024-40088,1,1,9bd439fc0f89180bc756b2e108aa1e9eded4d06880c5600d7a8db3a4f6c7a053,2024-10-21T21:15:06.080000 +CVE-2024-40089,1,1,fe50fd0a5e7736656c8bd604a9e5fad05ea85bca29858fe641bda85bc04f9a4a,2024-10-21T21:15:06.150000 CVE-2024-4009,0,0,26a6ec4a10b164e2f280e8681d4c21dd6301b3a45dfa2578f28e720f7416c2f5,2024-06-18T17:01:19.897000 +CVE-2024-40090,1,1,71c1d9398c5476b3448760d412c55985d17dac30c14dfff9be3cec0e88b95dcf,2024-10-21T21:15:06.223000 +CVE-2024-40091,1,1,77588eb2eb6db1704cc9e7edc29d724d334c5e0f77077e1081bebdfa0e3119b6,2024-10-21T21:15:06.313000 CVE-2024-40094,0,0,5d1ab4fa5a1484beb0714ef3fcebe3147b446e4d722942df6d84c0a1bd2dd7f2,2024-07-30T13:32:45.943000 CVE-2024-40096,0,0,7067973a4296a7a70beea7b209cd71d2a86d44a9bdfd60035b86d8848d99631b,2024-08-30T16:14:41.957000 CVE-2024-4010,0,0,6f96a951ba4d658f2d216c10726beef3ec3f9c518875bc1c492ed89999ff3fc2,2024-05-15T16:40:19.330000 @@ -258589,6 +258696,9 @@ CVE-2024-41709,0,0,6713bfc73e81c65bc7923627db30413fcbe413ec587fff89449c3abd86e7e CVE-2024-4171,0,0,87597e8caa4479ab69c883527c35fc22af72d614757313d16953f50dcfa107c2,2024-06-04T19:20:31.980000 CVE-2024-41710,0,0,60d485e1ae4ab9a6a76b69400c8e45c5632e291398c40e0cff7baeda3bb118be,2024-08-14T18:35:06.257000 CVE-2024-41711,0,0,a7d50100784e2b53720ec9203abd546adbf9c7f45f11894e83b991465b2f1919,2024-08-14T16:35:15.033000 +CVE-2024-41712,1,1,fda1df8096c7e740d7c1e5b76ebc20ad4db1e4b92172ce54a6c2dabadb93a134,2024-10-21T21:15:06.387000 +CVE-2024-41713,1,1,87db2ddfb0ffbb040eca7bea76fe1680906fd0f93e77e188d37d9b33d082acd7,2024-10-21T21:15:06.470000 +CVE-2024-41714,1,1,4e02ba45b4731890d79ff233d01ec2c05f30c60b536a21f7ebcc410f0fe1d5a8,2024-10-21T21:15:06.547000 CVE-2024-41715,0,0,35d1e19982d6029b0a8b7671c2382ff20d85aa479fa52b1ecc90bc4ca8088cf0,2024-10-17T17:15:11.530000 CVE-2024-41716,0,0,add00a3b8bb5c856cb11efe54462b72e0907045ad71076c98ae404e938cc3293,2024-09-13T19:53:47.723000 CVE-2024-41718,0,0,7651686104923551937c1bf922db9a37da5f3ad1631e564fe3c0dca9a6e79a72,2024-09-03T11:15:15.050000 @@ -259748,7 +259858,7 @@ CVE-2024-4345,0,0,991a52fb88968c952c460a76f59f283c0ad80fedc25d9533338fbc3b0d515f CVE-2024-43453,0,0,c941563eee0035394ae37700c8a3b91a1f220c8f4da80c0f896f8a39e45a51a8,2024-10-10T12:56:30.817000 CVE-2024-43454,0,0,f0995c64c71167afbbf899e7ce1038e4a80441f5a273809866a5c3103af339c0,2024-09-13T14:52:28.570000 CVE-2024-43455,0,0,7effa4d2d49733857a939b9c56001fb62c3a8618d5be7fb4155055d0a4466b05,2024-09-13T14:50:02.390000 -CVE-2024-43456,0,0,e2cc7c4090302ac9e63219e78a5808d0af452e7b7d8cbdc32b3824627a6842e1,2024-10-10T12:56:30.817000 +CVE-2024-43456,0,1,7e33172df2a3bcdeebebada3a1490c286c11a1e92c4e5a2d00db0b809ed4d2cc,2024-10-21T21:28:15.323000 CVE-2024-43457,0,0,2d39da1954a904290cdb655f8413466318bc2fb9e79e95d1239baead98599e5b,2024-09-17T16:25:03.037000 CVE-2024-43458,0,0,d510a08722ad4b01e3bd416a3ff1688485cee9b82fed026222465a1f7268669b,2024-09-17T16:24:06.837000 CVE-2024-4346,0,0,9d7617b39f85e35f3b425bc36c01c8cc51c24d84e65ff0d34bf4ea7488f000ec,2024-05-07T13:39:32.710000 @@ -259775,9 +259885,9 @@ CVE-2024-43481,0,0,fa0a86aff51fa534acc1bf04e9514a8b9ae5e4b98d0edc7dae95695ec2e5d CVE-2024-43482,0,0,d8f402bc0f3ce251083854e9d472514518876444465b9e6fddf99899cdf432df,2024-09-18T14:11:50.303000 CVE-2024-43483,0,0,2a21f19b6ee33c4d4ab036de56fe28511c1c49ff9f4c577369d2fdd9684bd311,2024-10-21T17:35:34.827000 CVE-2024-43484,0,0,2aff961590fa56cdbb2c8e494b028e421066c209b13d02c2bf1f3f38ed845831,2024-10-21T17:35:44.460000 -CVE-2024-43485,0,1,7d81d7aa55beb9dc57b1fb30cf619b936b1d41c7a36fe4644137261e927c9e5e,2024-10-21T18:01:28.623000 +CVE-2024-43485,0,0,7d81d7aa55beb9dc57b1fb30cf619b936b1d41c7a36fe4644137261e927c9e5e,2024-10-21T18:01:28.623000 CVE-2024-43487,0,0,b1bbbe6f3eeb8f594d4cca9a1e5f97347bd8ae24b6674c21dd2e36175fe4aaad,2024-09-18T14:10:20.320000 -CVE-2024-43488,0,0,77f6f6423bdd8555de92dc96aa2c0828d81550946d3c9fa13293b1d31c3b2806,2024-10-10T12:56:30.817000 +CVE-2024-43488,0,1,93c6db48644ce0afca109d0f607b9352d087521f24a343cf9d74e9e9302c05c6,2024-10-21T21:05:53.340000 CVE-2024-43489,0,0,9f3663a5117643ca66490ff50d07401aac7a21947903cd82d777468b0669d10d,2024-09-23T17:33:25.633000 CVE-2024-4349,0,0,a8b03025f36b8713c52951e7ebcf312d165d904bb8cd188665520ff04ec5e58b,2024-06-04T19:20:36.340000 CVE-2024-43491,0,0,d198019651bd96853897866c0609cb57460e36f90bdbdfaf53a9951b0099ab32,2024-09-26T01:00:01.267000 @@ -259790,7 +259900,7 @@ CVE-2024-43500,0,0,78bdbde8586a4aeadf73d960935866ca71ecb415ed1914c17c331c1e31d9d CVE-2024-43501,0,0,3dab9521c0cc7c6361671a7526673e1c684c3d41e5a05cbd155304b95f78c3a9,2024-10-17T21:06:07.377000 CVE-2024-43502,0,0,a97c3292db824bc02479152a24f624a8cb599b16a484bd7d3fb33b2df58be75e,2024-10-17T20:58:37.107000 CVE-2024-43503,0,0,e91430a1a892e4dd630a8e4e880ef8553de96ce6afb7d015e24a27e9b76eb12f,2024-10-17T20:19:17.793000 -CVE-2024-43504,0,0,ceb0125b1b0b97c4e6df05f16658ceb4c5d22dd6834de849222c2c30128b3a9c,2024-10-10T12:56:30.817000 +CVE-2024-43504,0,1,ce74cb41608ffaea2636b3ffa6a98e0df3d40bf492178387178cafb9a6017541,2024-10-21T21:26:41.257000 CVE-2024-43505,0,0,eaf2d519e99ba8b127c6f0f1c26b3a86c9026401d2e104751b90d31de1306225,2024-10-17T18:16:50.360000 CVE-2024-43506,0,0,7abef514a183832e9d9245fa295e5ffdc4fc43590e41a40ef0f8a1798deb96ae,2024-10-17T20:19:06.707000 CVE-2024-43508,0,0,7f0c7bbb0a631f3161a1c90ecea6dcc2fbe1f8b2af920e1298d39f4bdb13b3e9,2024-10-17T20:18:55.517000 @@ -259892,10 +260002,10 @@ CVE-2024-43609,0,0,b51bc951febae72cfbab824fd5dae1956187d25f6e42e962d7d237590a326 CVE-2024-4361,0,0,59805155c6666ce54d8263fcaceec5e0fc128f8100df5fb2e590f4610d5a88ea,2024-05-21T12:37:59.687000 CVE-2024-43610,0,0,e05bc7d7fba9921ddb28639aa2d807e02a712368195686314d74c31cc0c1b1bd,2024-10-10T12:51:56.987000 CVE-2024-43611,0,0,e71bb37110cf57f4ebc98f5c779227b1c5e9d69f96a05916c17f38187ef51de9,2024-10-10T12:56:30.817000 -CVE-2024-43612,0,0,a1717cd48c81cec47c45368f6b873decb99f46de9cc6e458935374bf5887afeb,2024-10-10T12:56:30.817000 -CVE-2024-43614,0,0,bcf84428144b3872d54a9a85ccb5ab2c26a221d0495e0b319c5f3a39fffe8972,2024-10-10T12:56:30.817000 -CVE-2024-43615,0,0,6345b6b14ab68ce525dad82dcc27a751e8c9a4e4271dc87a8834b97b4a5c4d2c,2024-10-10T12:56:30.817000 -CVE-2024-43616,0,0,1043a77fe9a25238a70bbd8fab7132e35c29a9756cf9cae9a00fa99c3cacbabe,2024-10-10T12:56:30.817000 +CVE-2024-43612,0,1,2d63857a7410863939630233bd3c57b8a869ef6d82a1dc4e625bbf528ee43c0a,2024-10-21T20:48:02.050000 +CVE-2024-43614,0,1,37f86979c4c4ec96d0dd61c1d9daa59ec511d8fd5452834efe232d695cc74469,2024-10-21T20:50:38.370000 +CVE-2024-43615,0,1,841e5833e1934c639d3a9a11a43505704ba14c449fb8c86b43a2c5341378c86b,2024-10-21T21:00:34.967000 +CVE-2024-43616,0,1,15ca7e9be3a91b920fd3f7c8d4a29e60f6c23503343614efbabdf7dee4793679,2024-10-21T20:47:00.313000 CVE-2024-4362,0,0,16bcb3e7fd20cddcf2afd5e423805494786dbf969e82eb67d1ba08cf8ffd4c26,2024-05-22T12:46:53.887000 CVE-2024-4363,0,0,2c7c654c7422e9473b7010560ae2a1c2e3350cf44cdf9b6cc5ffb58dc4446aff,2024-05-15T16:40:19.330000 CVE-2024-4364,0,0,9332cb50f761fbdff3ec7a6ec045f13accb15b963b30845c4aa93399b834b7a1,2024-07-24T20:23:31.487000 @@ -260788,7 +260898,7 @@ CVE-2024-45265,0,0,0bfdc3ea11a3a8b692c725170390e0ed5e5bfa861ba7586668c7c78868fd4 CVE-2024-45269,0,0,930c2dda66909b7393cc3daf8d8e0bcb8066c589d45124dd784354d0c2c32ffd,2024-09-04T11:49:36.950000 CVE-2024-4527,0,0,c7ad79186f39af6c4287cf90f197f2ec298291b738fc5af7e4ddede8b4e9adfb,2024-06-04T19:20:41.810000 CVE-2024-45270,0,0,c7af37af49333c30529c68858eecc171381f5cb95414149d25997e187a81c107,2024-09-04T11:51:30.887000 -CVE-2024-45271,0,1,7c92d46e48700c1ca43ab08ba7f2559e4d62c12c92d2f0bd39a052a4c28c1a26,2024-10-21T19:21:58.680000 +CVE-2024-45271,0,0,7c92d46e48700c1ca43ab08ba7f2559e4d62c12c92d2f0bd39a052a4c28c1a26,2024-10-21T19:21:58.680000 CVE-2024-45272,0,0,a76579046564892d2e34c5f690f11d41858e8cad689dea098e6cdde0d4bd8478,2024-10-17T17:42:42.197000 CVE-2024-45273,0,0,c68c26959493b8bdb5a6e0f8fb0c0f3ccd854da00b6c3d41e3b43310e52bc72e,2024-10-17T17:41:43.017000 CVE-2024-45274,0,0,962df114e3e3c66d9d19f1ca544b8230483172f76eaafa5fd0b600c57eee6936,2024-10-17T17:40:10.690000 @@ -261140,7 +261250,7 @@ CVE-2024-4593,0,0,94ecb7e459fb704ab815ca1814a0a7a4397cf6e067d30b0e365dc0bb210150 CVE-2024-45932,0,0,2ed9f934b88b8715dee6d1403606d8675e56a0a52183b37f1e481d7c65afc5b2,2024-10-11T13:21:12.003000 CVE-2024-45933,0,0,5a4c436ed920625b31726987668deff1799338d95efdc881a4c3f3acc7baa01c,2024-10-08T19:35:19.013000 CVE-2024-4594,0,0,6353480e983dfe68c6b174c583e75b67b6ebde5befefc4e80bf75a35aedb2302,2024-06-04T19:20:43.657000 -CVE-2024-45944,0,1,b6ac7ba7187fa87296210ba6ad0b4edc3bd776a0f0641e90b12b768a8e574c03,2024-10-21T18:35:12.750000 +CVE-2024-45944,0,0,b6ac7ba7187fa87296210ba6ad0b4edc3bd776a0f0641e90b12b768a8e574c03,2024-10-21T18:35:12.750000 CVE-2024-4595,0,0,a34d956039b7343ba69c0066573aab0165928a92f89b42d7c5d672a51296492e,2024-06-17T19:15:59.063000 CVE-2024-4596,0,0,dbe0fd0eb8770735bec19f4c23a1e0e23418b2478aa147d47acbafa8a1854f1c,2024-06-04T19:20:43.750000 CVE-2024-45960,0,0,d6abae379e9e9c51c8d55d00b2041f6c01d4089ebb39e6f4c0aa02e3bfda222c,2024-10-04T13:50:43.727000 @@ -261211,10 +261321,10 @@ CVE-2024-46213,0,0,27e374a93d05489cae0dc7b637416d222349a9ff3127ca1d693830a2cb84a CVE-2024-46215,0,0,d9c9b41b37ebb8d2c46b9303b2f662f08cd28b45185e47d3a9c15d51a3370a31,2024-10-15T21:35:30.590000 CVE-2024-4622,0,0,7ee7f5b0dbbae0efd9526a317b5150a2af537411986feb7d056b697fe5fc8d53,2024-05-15T18:35:11.453000 CVE-2024-4623,0,0,c53a127683caa8cc49c11a88cc217ef787af901116f1ba89c4741730eb1cc926,2024-06-20T12:44:01.637000 -CVE-2024-46236,1,1,209f5305021314c3b6255b9d0e8e8a0308a4fd597e09d99072173108ec464c84,2024-10-21T19:35:03.590000 -CVE-2024-46237,0,1,e9a03598fb64b05ba8882f6b5b526c713a555a3e7fdae15963deddf3bd8ceb51,2024-10-21T19:15:03.277000 -CVE-2024-46238,1,1,e05c57cd1a463d94d1ebec6518cc5aed3b93e64613eb178c5300f8bc5cf3104f,2024-10-21T19:15:03.363000 -CVE-2024-46239,1,1,1c594f369511c61406b75c60affb76f2dfe4b8ec33b6a262383f2feb426e79e4,2024-10-21T19:15:03.413000 +CVE-2024-46236,0,0,209f5305021314c3b6255b9d0e8e8a0308a4fd597e09d99072173108ec464c84,2024-10-21T19:35:03.590000 +CVE-2024-46237,0,0,e9a03598fb64b05ba8882f6b5b526c713a555a3e7fdae15963deddf3bd8ceb51,2024-10-21T19:15:03.277000 +CVE-2024-46238,0,1,e04df7a8502d302f172444f965d1fa00612ca87792c631612b16a6e649750ad1,2024-10-21T21:35:03.580000 +CVE-2024-46239,0,1,926566aaeaac1cf6bfa054ea714a4093c287c3bf6826d025bfc5db3fb3092da4,2024-10-21T21:35:04.510000 CVE-2024-4624,0,0,8d5df292e17ba086eddadcbafacc529f2ebc3c5e49d7b6ea9488db217d327898,2024-05-14T19:17:55.627000 CVE-2024-46241,0,0,e8f867d722224165a0936937fdbb3a70034985bd08f25a28d6b30ab6a32199ce,2024-09-26T13:32:55.343000 CVE-2024-46256,0,0,3eabf4e0bd1ddec40016e8895217bf93aabad097691dbd82d3a7db1e6662a8b3,2024-10-03T18:35:08.983000 @@ -261243,6 +261353,7 @@ CVE-2024-46313,0,0,0b29c605876b046853c74672dadf1c8118f0e83614058ed8950277f93a0b2 CVE-2024-46316,0,0,54b9c1fe9acfe98423855e0709c0cdd187e74f76088027a762e1c19f14357911,2024-10-10T12:51:56.987000 CVE-2024-4632,0,0,1847fe54466daf978000619c24fbece5b125c2ebcf9d5cf0d1e6a4b41146457c,2024-06-20T12:44:01.637000 CVE-2024-46325,0,0,2552c217f6f2bafd1ae497da9a6104efc7773541d10c748bee2c01ded062ab22,2024-10-08T19:35:19.850000 +CVE-2024-46326,1,1,7875fb14992074ba281d1d956aa63318aab5cb652a91e574fe8b467bc536c6d1,2024-10-21T20:15:14.637000 CVE-2024-46327,0,0,d444c66c2d1131cacb5a6cc939ae8062aae08f60f0b531cdd6bc43039126a6e8,2024-09-30T12:46:20.237000 CVE-2024-46328,0,0,150e1d7b5fcc22f852cb919b13410447bdf1e8cb19cb878b6bbbd7be01f4269b,2024-09-30T12:46:20.237000 CVE-2024-46329,0,0,8c93b211ce727ef89bff0e17a07fc114c301812ff446c3d9b747d9a6ed124748,2024-09-30T12:46:20.237000 @@ -261749,6 +261860,7 @@ CVE-2024-47184,0,0,ec4f2d4aa381d6be3b04a5d96e034e76004fe037b3abeb496a459d57a9fce CVE-2024-47186,0,0,039f38f277124d2a0772e43f534fb151851ccf4c65185f4966f7e81d742991ce,2024-10-07T13:30:55.640000 CVE-2024-47187,0,0,d8854507a527fb8c4265133fb81ace80865ddf113c07ef5aa0872aa706f3c75d,2024-10-18T12:53:04.627000 CVE-2024-47188,0,0,dfa61399ad0e0aec42523d160d88f7c1cf41a75c10c15fb404c3256433a27054,2024-10-18T12:53:04.627000 +CVE-2024-47189,1,1,7cfb297f069ec0bde01366fc1e98ed4b7494ca96d20ea4c39eda69e4b21882bf,2024-10-21T20:15:14.697000 CVE-2024-4719,0,0,5f15010ce3da97593d62bd8e5cbd7e4df0db8fec077945fcbb72e898184ff8a0,2024-06-20T20:15:19.763000 CVE-2024-47191,0,0,2d0ea97c75991dd32a2813bf0ef51251f3610baaa622ce7906ea2e3545fc5ab0,2024-10-10T12:51:56.987000 CVE-2024-47194,0,0,0afa0b09ca6b7bbd6bd860b01b5c9153eec47be962883f1807d6c455d470088c,2024-10-16T18:15:04.043000 @@ -261765,6 +261877,8 @@ CVE-2024-4722,0,0,d0eb70616d7559be2944527d8cacda4cb03faa787985cf2ceace067dd7c5ef CVE-2024-47220,0,0,ec1088c10a16b1d5d48c36f52f549a9f66295221614c4c2acd2563482d5ed68e,2024-09-26T13:32:55.343000 CVE-2024-47221,0,0,cc80d5b45c9b68b206ee1a2dbfe9f9a68f652cad6fbd63e536e536e628b771d4,2024-09-29T00:45:21.857000 CVE-2024-47222,0,0,c74f6ce55a0f72a72d3d22a82ae52356e74326f3e21780a319e444b828ec8b8d,2024-09-30T14:02:23.007000 +CVE-2024-47223,1,1,7b7c5dfada9c3a18b4d792ccd64411ff021bcebcc068165595949b9109fffe5b,2024-10-21T20:15:14.770000 +CVE-2024-47224,1,1,0cb275a6c41266c4316d80da854515c99c83745da7bd8c045804d500798ee0a9,2024-10-21T21:15:06.650000 CVE-2024-47226,0,0,67acd1dda98161941683c1ecdf3fb2829a8afb2cdb12d796e19b0a64631c82e3,2024-09-26T13:32:55.343000 CVE-2024-47227,0,0,411c02c14211cd5d3ec12de94c1c6b5b491382d24a6716c2e035097b7090e042,2024-09-27T16:37:44.143000 CVE-2024-4723,0,0,7af98ecd367a90ef8c416c400db7bb1bdf630fc1c111a3c8e6b7b48b9bb15bbe,2024-06-04T19:20:47.717000 @@ -262034,7 +262148,7 @@ CVE-2024-47670,0,0,47fba4dee4b00f21dbff6c6decd1bc6ab83cdd30571ca10600e97efb139e2 CVE-2024-47671,0,0,6ed788244a5b1c264869a97a389632df94bcd4e1ed09a4e006408f0739ce7d92,2024-10-17T14:15:13.697000 CVE-2024-47672,0,0,208c9363d63200a0f87e54b2ecaa4588cdcb8ebe0fa60448ea15f5f621cd45a2,2024-10-17T14:15:13.780000 CVE-2024-47673,0,0,2317135deeb5a2ba1be6a2e702cd3dee3239bc7e08807d40785f15a0d93329d9,2024-10-17T14:15:13.853000 -CVE-2024-47674,0,1,9273dcf5991b9b8c8433130a4938740f9721051fe1fcb6d45b5c4bc4625153d6,2024-10-21T18:15:05.993000 +CVE-2024-47674,0,0,9273dcf5991b9b8c8433130a4938740f9721051fe1fcb6d45b5c4bc4625153d6,2024-10-21T18:15:05.993000 CVE-2024-47675,0,0,fff2226e2e91403974930f662f226a29696936c529972a0662f08267575cdd8e,2024-10-21T17:09:45.417000 CVE-2024-47676,0,0,647f2a3a1d3c30594b68c3c4e4b627dfaf40a57c2604da0b88353cfb7110d574,2024-10-21T17:09:45.417000 CVE-2024-47677,0,0,933d90797f1b0a5fd2fb3b9fa8c4abe9c0cdd7abda15cbc8d8905db2206a3b4e,2024-10-21T17:09:45.417000 @@ -262147,7 +262261,7 @@ CVE-2024-47782,0,0,378aebd3accf9c3d67ee33eb38516895e49edcc53cea98d4b8c2ea1a1799f CVE-2024-47789,0,0,5cca8aa9572eb6cd0c059882137f083cb8544427e147bc3f1f0eab6346cef001,2024-10-14T11:15:11.797000 CVE-2024-4779,0,0,7a9d6158e8d260b03b3581dd37b23bd10d59ba6243714ad236ba79968e8d9b16,2024-05-24T01:15:30.977000 CVE-2024-47790,0,0,d4701041e3b7826b48d6d13bc4c86004b58b4b8b272120def31051056a8f0260,2024-10-14T11:15:11.930000 -CVE-2024-47793,0,0,808c4d3b2b8344afda706b9214fe03a600c43998d8782aadca85fadac42e9dfb,2024-10-18T12:52:33.507000 +CVE-2024-47793,0,1,9908766d9802c80c9f07e38bc1dd6d38dc8823614346066184a43b3d9b28a705,2024-10-21T21:25:36.697000 CVE-2024-4780,0,0,4aec24b958d50bff73d14c7bd2f67b2a9793d4893d5ddbdba18f0fb02ea18cc9,2024-07-16T13:43:58.773000 CVE-2024-47803,0,0,e1d97b5f24ae71b6bd2435048764e12dedac3de98ce838d43be96ca9d7087e5f,2024-10-04T13:50:43.727000 CVE-2024-47804,0,0,a4af3b64d3fcfe309769ac07755d247ecf7636977262b35234365d56289d52aa,2024-10-04T13:50:43.727000 @@ -262166,7 +262280,7 @@ CVE-2024-4782,0,0,37dcdb14f7d23ae467b62646ac8eb504448e2a7781e3c175892c72dc54d3ae CVE-2024-47822,0,0,659225121d6760adf8eca1f83c834e75b86ebec31d9e1e0ebc639ac3cc87e33f,2024-10-10T12:56:30.817000 CVE-2024-47823,0,0,aba6c10bf903d75799cabb92b24bf5cc826ec4b52223e2aab9a9f7d8d8298a07,2024-10-10T12:56:30.817000 CVE-2024-47824,0,0,60e3e0b82e04fc3016ce5ff7f0485ad8429207cb4be5065515079214bfa51129,2024-10-16T16:38:43.170000 -CVE-2024-47825,1,1,e6e94693ebedcf56110bdb9f855c5f47b6c720dc40ab6904281b3b8627802481,2024-10-21T19:15:03.500000 +CVE-2024-47825,0,0,e6e94693ebedcf56110bdb9f855c5f47b6c720dc40ab6904281b3b8627802481,2024-10-21T19:15:03.500000 CVE-2024-47826,0,0,e0e92319bd7ff9f0b6142ef26fd12487604c5bd0a7b38d2c0ea52634274a8fe7,2024-10-15T12:57:46.880000 CVE-2024-47828,0,0,a6b81ff1073f19581e05e8c790863d706cba88272fb227df996495bf444dca26,2024-10-17T13:55:23.577000 CVE-2024-4783,0,0,413c0436e6758a988a0c847533b21e34b17a9d936626eba8cda1a5d1f87e0181,2024-05-24T01:15:30.977000 @@ -262210,13 +262324,14 @@ CVE-2024-4790,0,0,96aecd7cd4f769c190cdd6309a2627db4d493e5cf9efda536a135cb9a7f4eb CVE-2024-4791,0,0,45f7f0badd9eeca0c08f0ffcf78bd3c1e9a171e1e79fba42777d793a804985ff,2024-05-17T02:40:37.090000 CVE-2024-47910,0,0,da0097185007355b026dacc76d86a72088b7bf1d898f5a147fff92f16ae106b9,2024-10-07T19:37:43.677000 CVE-2024-47911,0,0,1780d2f9891b374cce407dc3e6f68171fc1b0dbbc46286fbacc7f087c63dae2c,2024-10-07T19:37:44.613000 +CVE-2024-47912,1,1,e6e33705267099b3a97e65fd629544665038ab8b124faa67f6cd3abcf994c6f3,2024-10-21T20:15:14.877000 CVE-2024-47913,0,0,dc38cdbfa262901d16ea1ec6ec0c83500e8aa0e3d84f1c11ffa637c829ee03f8,2024-10-07T17:48:28.117000 CVE-2024-4792,0,0,d367db616eff60413675ec0cb96dcf5072899c5126e3ab7b85dd0b323d2aa0a3,2024-06-12T20:15:13.643000 CVE-2024-4793,0,0,d7ea24a63b045e67640f8521c21cc9fd0113236775183a92ddafb3253726675a,2024-06-04T19:20:49.390000 CVE-2024-4794,0,0,ae0da7f20a3f797e26793f17108eae7df40bf3f3b44a06ce135aa4fe4b35db7e,2024-06-04T19:20:49.487000 CVE-2024-47943,0,0,d4d5358ab48548c04867b54233602bd267d194af91388df45333461289a48f25,2024-10-15T12:57:46.880000 CVE-2024-47944,0,0,8c2dcd259cac2bc345d70afe119d0b88c60fe63597fe98a2528a606f007cae1c,2024-10-15T16:35:09.410000 -CVE-2024-47945,0,1,55dd1a9d68ac241f4312e57ed6d79883a9185bbba2d8714aa4e48fddc29f70d5,2024-10-21T19:41:10.407000 +CVE-2024-47945,0,0,55dd1a9d68ac241f4312e57ed6d79883a9185bbba2d8714aa4e48fddc29f70d5,2024-10-21T19:41:10.407000 CVE-2024-47948,0,0,aafd0e8fc979ea94b2b8df4bf3f1f60d1fa5454036169ceb387558bd65bac363,2024-10-11T19:56:44.863000 CVE-2024-47949,0,0,8ba4c45c98cb1da5a81b6d150df81b78f598bd9353dce1414e0f42eb2bdd7632,2024-10-11T19:57:06.207000 CVE-2024-4795,0,0,2bcc48011ff4ecb8dd1cdbe375174bc480d75b3ad4f0c787cda1ca7cd904e298,2024-06-04T19:20:49.590000 @@ -262299,7 +262414,7 @@ CVE-2024-4820,0,0,832738c431d4032e72cf5367ea2c2310b7c6cd840d9bc0fc3f10b9e1f0e05e CVE-2024-4821,0,0,dc7d4132f68a39a1fe6c6bac80c0ac3156e2e90bf5e433ad24749311cb9093af,2024-06-11T17:29:33.213000 CVE-2024-4822,0,0,35737e7a1acb373d4b9b0a7db2a81b8ded4d641f08c88a2e676b684417908472,2024-05-14T16:11:39.510000 CVE-2024-4823,0,0,0c5de98ac761e11f69c407a8dbff0028d3fe4b31e8abb3e2bfd72a91e6adb2ed,2024-05-14T16:11:39.510000 -CVE-2024-48231,0,1,937449141a6aa1a64ac6ee0f623969ee8c2a56a4e76a3e216a9b1fafdd881546,2024-10-21T19:35:06.217000 +CVE-2024-48231,0,0,937449141a6aa1a64ac6ee0f623969ee8c2a56a4e76a3e216a9b1fafdd881546,2024-10-21T19:35:06.217000 CVE-2024-4824,0,0,e31432116aed0554c3dc4b1001cfc03d00512889f9f84533cba85f3e0d8e9591,2024-05-14T16:11:39.510000 CVE-2024-48249,0,0,da8b8817e37741a9aa47e2e2d74b7c2d9016e75eaeb0e762d84c505d09bf271b,2024-10-15T18:35:15.607000 CVE-2024-4825,0,0,155a89a5474625dde1ab63dcac3020c23f71c92d3744c7dbee990f6fffb4feb0,2024-05-14T16:11:39.510000 @@ -262331,6 +262446,7 @@ CVE-2024-4846,0,0,354213cecebbad5d2830809199864dadc70a5508c38afeb47a24b8f17c4c0f CVE-2024-4847,0,0,3e175fcde7743d0dafc07697dcd3c0585505cba50a8840c440513434f4a1e2f1,2024-05-15T16:40:19.330000 CVE-2024-4848,0,0,e9a992014a82f7f25ea8b020a59a54821debcc21ba29ea30b909eb2d249ee224,2024-07-29T11:15:09.920000 CVE-2024-4849,0,0,ea1119b37dea5602dfce7972c7449fed4caaba21295f1145a8612489a3c2fd07,2024-05-20T13:00:34.807000 +CVE-2024-48509,1,1,0dbfb0204216b0e7fdee05a93164dd894790913bc376ddde67012f43046bda19,2024-10-21T20:35:11.953000 CVE-2024-4851,0,0,444f4e959fbd50fab42bb9cd6f5b1019a6d50ea56a5371bcf4f4fa6566e3e360,2024-10-17T18:45:13.093000 CVE-2024-4853,0,0,7e943be0a2434f6362f67f453fe22910f05fecde26076344b21d97f20b2d6efa,2024-08-29T15:15:31.687000 CVE-2024-4854,0,0,9d5d733c00183e47994464da1b76a252c7e4b8268459cd8a1634b1fda6297d73,2024-08-29T15:15:31.797000 @@ -262339,6 +262455,7 @@ CVE-2024-4856,0,0,01234b09ea1a4585c989c1dc87d23ed182241e8a50536214983ade66b15e19 CVE-2024-4857,0,0,1a28f92c79b598b55521235359a1d50b478306861b37a5a0ef0abc4d3160ef4c,2024-06-04T16:57:41.053000 CVE-2024-4858,0,0,3cb9bd8b6c75f95328665e9ee04ad5356aa75f69b8a71bb4682aa7bcb86b9454,2024-05-28T12:39:42.673000 CVE-2024-4859,0,0,8383b8e86eb4a4e5b90aae7f1f2380c0c5e94dbe99d2c93d082bf89d93f61e82,2024-05-14T19:17:55.627000 +CVE-2024-48597,1,1,d418873f3e9303c59419cda288a50538e497ca866e7b1cfaef7313951a15ddbe,2024-10-21T20:35:13.860000 CVE-2024-4860,0,0,51415b9207d508daf9b92cfd5981ba904e23fd57e3ad30c10a4a3319cff2429d,2024-05-14T19:17:55.627000 CVE-2024-4862,0,0,1615bd8ef961831b9e24202d7c6665df3c0d355a3a7edbddf82c728a6e33bae9,2024-07-09T18:19:14.047000 CVE-2024-48622,0,0,4cd7a4b67551e1c7266b414b834e1956aa3a51a75d895e45be98bc89b06ddf81,2024-10-16T16:38:43.170000 @@ -262355,12 +262472,14 @@ CVE-2024-48635,0,0,70acc62db2773972323caa582098c14d2ba0630ccd28542fd3671e2f06f9a CVE-2024-48636,0,0,a1b3046a0d6b06507f3010f4369f5a0d6853a8c7798cca6c53bc4bbbc77e9757,2024-10-18T12:52:33.507000 CVE-2024-48637,0,0,d42c2fa4f588b75285bfd9e74cf828ce6be24d319097efc6470bbe43fee07e4e,2024-10-18T12:52:33.507000 CVE-2024-48638,0,0,93a9606c88551eca2a43d58a9a18871f8de782bd448d66dc6474dd57c860ad86,2024-10-18T12:52:33.507000 +CVE-2024-48645,1,1,4d15b7126f0cd9aed73fd4742963f6dd9be03e82c6b83bb18d5e9d425a39f324,2024-10-21T21:35:05.333000 CVE-2024-4865,0,0,df8706c5d26e485ec9b623150b314bb58c6338346ba72ce79d78a6dbca58bc77,2024-05-20T13:00:34.807000 +CVE-2024-48659,1,1,129c37fc89efc6f1a9c450a91bdbaf4b7ea24426486873fc912206941a59efef,2024-10-21T20:15:15.260000 CVE-2024-4866,0,0,1fd2c3b939730f1522c70c99454a98badb9f05648f1c0fa9438c4abc3e506e92,2024-07-11T13:05:54.930000 CVE-2024-4868,0,0,115d92ddb75cc1364cb7dc1ed780a32e113f5bc6f17706ce21f4cd60cd219a13,2024-07-09T18:19:14.047000 CVE-2024-4869,0,0,c966893d60f3d2b834063ff6490a8006deca39b71769e89345f5be1133a2f10c,2024-06-26T12:44:29.693000 CVE-2024-4870,0,0,34dc62fe0d9ee09fd087b0b9ccdcdae4c15125668207018dedb4b3cfd451baf0,2024-06-04T16:57:41.053000 -CVE-2024-48709,1,1,a2f1048f43a5ff6c83482412ed457499b4f82b0c444a20075955708fd04c880e,2024-10-21T19:35:07.443000 +CVE-2024-48709,0,0,a2f1048f43a5ff6c83482412ed457499b4f82b0c444a20075955708fd04c880e,2024-10-21T19:35:07.443000 CVE-2024-4871,0,0,27d58887099f376e93909bb4c2214524b0789bbba79f05cabea36e120d5295ee,2024-08-12T16:15:17.313000 CVE-2024-48710,0,0,2fbd0f8c58cb24ce52b0e5c8d654e92a74d3cd7c1aadc3c4c977083a33ba41b8,2024-10-16T17:35:03.423000 CVE-2024-48712,0,0,26c5ef0ec7563b7eb021e1452100a4e706852158c36c374f8078b72afb6523b7,2024-10-16T17:35:04.483000 @@ -262704,176 +262823,218 @@ CVE-2024-49859,0,0,eddb9cd522b0a40cdf04d9de3fb4a472c8ba55ab85e4eab90561b01c58a4d CVE-2024-49860,0,0,f5150f7cf3bb2d2d0ca50e9d424c876fd9c84254fcf7bd6f2627024294f5ef2f,2024-10-21T17:09:45.417000 CVE-2024-49861,0,0,f8d823d453896bd63aeb95297d35b7ca2209aad13429ece51e5e583706dfbad3,2024-10-21T17:09:45.417000 CVE-2024-49862,0,0,0c94aa307fd6d2aeab9692641051191e71a94c4443ed0051d87097b98891acf2,2024-10-21T17:09:45.417000 -CVE-2024-49863,1,1,822195cb0ed5a8eb5305b6c6995ed00981a3a731df5cefc0aa94b0fdfd665d9e,2024-10-21T18:15:06.120000 -CVE-2024-49864,1,1,6d71b5cb6c263d61926e5c2f5a13dac01179c41cee6fbee949f55b69f290dc25,2024-10-21T18:15:06.203000 -CVE-2024-49865,1,1,d3936da15db8dd0c28ab82a1303351819461189ffdbc05b4575c1c8949d30daa,2024-10-21T18:15:06.270000 -CVE-2024-49866,1,1,223f08efee6d6fd103561d2bfe6667c5c652b9b1d364d45948e6953463f2fa72,2024-10-21T18:15:06.330000 -CVE-2024-49867,1,1,416ecbdb938e48206fbf939237542df67fd6b413b49ab7671f9ac83071d0f4f7,2024-10-21T18:15:06.403000 -CVE-2024-49868,1,1,e0587f668434e32601927b15211646418fb45e28b3498782bf08f80ed874267f,2024-10-21T18:15:06.623000 -CVE-2024-49869,1,1,df0569bb8ac0457556a7222fee8db954b39b39b213dcf9cc2ec112549c7c5a69,2024-10-21T18:15:08.340000 -CVE-2024-49870,1,1,7565ea41c34064735f8a0ceb75aa3ce614341d0f5f6fc6dd5acb6ba655ded8b4,2024-10-21T18:15:08.413000 -CVE-2024-49871,1,1,a3eb587e201acd871bb6ed4f52e94278ab7ec07dc2b38464b095cdf3c32c6264,2024-10-21T18:15:08.500000 -CVE-2024-49872,1,1,4c1b0ae825fd6f1bc464ed359c2666ebe034fc27ed59d22585c6f79cf2bb47d9,2024-10-21T18:15:08.587000 -CVE-2024-49873,1,1,f871db5540c384cbb1cf8d630c5066d3c423821bc91b9d9ee601a60f242b3196,2024-10-21T18:15:08.763000 -CVE-2024-49874,1,1,ae04eb32c377c4df2e287852e90692c56b89abd59714074934dc0a4b522c5c48,2024-10-21T18:15:08.983000 -CVE-2024-49875,1,1,702b6f3aadc1435a59abe2eff4ea714f51aacb444e571c2e656bd5a7da5c8f0e,2024-10-21T18:15:09.183000 -CVE-2024-49876,1,1,2c290ed2484874bf93fd15eac4fa64fbbabe0dc7ab9d513214753d6bc7d9724e,2024-10-21T18:15:09.450000 -CVE-2024-49877,1,1,9d1fcb4643e7b32fd01b5fd208dd30de92c90754b1d411f1dc924a5896853e9c,2024-10-21T18:15:09.657000 -CVE-2024-49878,1,1,77286e77eac85019bf9ee751853c1f1be5b07a044889371f6dab142c686bba19,2024-10-21T18:15:09.863000 -CVE-2024-49879,1,1,33ad68a54532867d0f9bfab8cc84f3e652acdb17bd76a4ece5dfd8ee737b9b38,2024-10-21T18:15:10.147000 +CVE-2024-49863,0,0,822195cb0ed5a8eb5305b6c6995ed00981a3a731df5cefc0aa94b0fdfd665d9e,2024-10-21T18:15:06.120000 +CVE-2024-49864,0,0,6d71b5cb6c263d61926e5c2f5a13dac01179c41cee6fbee949f55b69f290dc25,2024-10-21T18:15:06.203000 +CVE-2024-49865,0,0,d3936da15db8dd0c28ab82a1303351819461189ffdbc05b4575c1c8949d30daa,2024-10-21T18:15:06.270000 +CVE-2024-49866,0,0,223f08efee6d6fd103561d2bfe6667c5c652b9b1d364d45948e6953463f2fa72,2024-10-21T18:15:06.330000 +CVE-2024-49867,0,0,416ecbdb938e48206fbf939237542df67fd6b413b49ab7671f9ac83071d0f4f7,2024-10-21T18:15:06.403000 +CVE-2024-49868,0,0,e0587f668434e32601927b15211646418fb45e28b3498782bf08f80ed874267f,2024-10-21T18:15:06.623000 +CVE-2024-49869,0,0,df0569bb8ac0457556a7222fee8db954b39b39b213dcf9cc2ec112549c7c5a69,2024-10-21T18:15:08.340000 +CVE-2024-49870,0,0,7565ea41c34064735f8a0ceb75aa3ce614341d0f5f6fc6dd5acb6ba655ded8b4,2024-10-21T18:15:08.413000 +CVE-2024-49871,0,0,a3eb587e201acd871bb6ed4f52e94278ab7ec07dc2b38464b095cdf3c32c6264,2024-10-21T18:15:08.500000 +CVE-2024-49872,0,0,4c1b0ae825fd6f1bc464ed359c2666ebe034fc27ed59d22585c6f79cf2bb47d9,2024-10-21T18:15:08.587000 +CVE-2024-49873,0,0,f871db5540c384cbb1cf8d630c5066d3c423821bc91b9d9ee601a60f242b3196,2024-10-21T18:15:08.763000 +CVE-2024-49874,0,0,ae04eb32c377c4df2e287852e90692c56b89abd59714074934dc0a4b522c5c48,2024-10-21T18:15:08.983000 +CVE-2024-49875,0,0,702b6f3aadc1435a59abe2eff4ea714f51aacb444e571c2e656bd5a7da5c8f0e,2024-10-21T18:15:09.183000 +CVE-2024-49876,0,0,2c290ed2484874bf93fd15eac4fa64fbbabe0dc7ab9d513214753d6bc7d9724e,2024-10-21T18:15:09.450000 +CVE-2024-49877,0,0,9d1fcb4643e7b32fd01b5fd208dd30de92c90754b1d411f1dc924a5896853e9c,2024-10-21T18:15:09.657000 +CVE-2024-49878,0,0,77286e77eac85019bf9ee751853c1f1be5b07a044889371f6dab142c686bba19,2024-10-21T18:15:09.863000 +CVE-2024-49879,0,0,33ad68a54532867d0f9bfab8cc84f3e652acdb17bd76a4ece5dfd8ee737b9b38,2024-10-21T18:15:10.147000 CVE-2024-4988,0,0,ff557f66f633c813e65ed42f6b56820b4233d3efc23d00548e6797ba166f3d35,2024-08-21T03:15:05.460000 -CVE-2024-49880,1,1,b52fb0ef3f6e1c21d5cbce06d56f874dcf18fb3dd97b125db1d402a4ecf4e757,2024-10-21T18:15:10.373000 -CVE-2024-49881,1,1,98042a06494613f2928e094d2fa909c115df3ab72353ec52b6422e91ca8ed993,2024-10-21T18:15:10.560000 -CVE-2024-49882,1,1,e66023ce971a9d11e792bd78cf40b7bc0fe9ac7894c0512eab6adc79894b9c9f,2024-10-21T18:15:10.790000 -CVE-2024-49883,1,1,37acdbcd398e8228bb279278844f4406b7efd6d6a63221000e833a66f7591c86,2024-10-21T18:15:11.060000 -CVE-2024-49884,1,1,e38c65326228a8cd1318f0f0cefdf4e5bbdf82e377f91e76732ff8f23931e9b5,2024-10-21T18:15:11.130000 -CVE-2024-49885,1,1,ed1572b2de9b402a83c9af591110cc9779fe23b7c58bcdb07fc312ae985bf00f,2024-10-21T18:15:11.230000 -CVE-2024-49886,1,1,cb8b5df158124ff581fff00849defb8fcc783d4461719a4b9d6c866e2e0d2521,2024-10-21T18:15:11.293000 -CVE-2024-49887,1,1,f132982427955349e6ed007dd6d71d9b3c92c457318d6c07927122fc94ace4d5,2024-10-21T18:15:11.360000 -CVE-2024-49888,1,1,cc924b819d51c229517a448a28b418cfa0732d8ab757fd6a1592d71570083222,2024-10-21T18:15:11.443000 -CVE-2024-49889,1,1,79b51de9360ff25a6471e1b00f5c2a3125562a23cf089765cd35288762ec4fb0,2024-10-21T18:15:11.513000 -CVE-2024-49890,1,1,77696cc73866150a5d1b49602ab09dc71c0e59c660923ecde53f4495e81f51af,2024-10-21T18:15:11.580000 -CVE-2024-49891,1,1,dd81b0b06c1d053d8a74180b9da79f7d22b80900500b1817b5765aa3e1b8b868,2024-10-21T18:15:11.657000 -CVE-2024-49892,1,1,1580fe96fb288cd989bb2f85632f6cfc6b24e2e629fd16687a2d7cf3a403a83c,2024-10-21T18:15:11.757000 -CVE-2024-49893,1,1,d511d03f18a8ca11bee91aa3894ff0d0f9bb4aacf685837e1f411585af990d9a,2024-10-21T18:15:11.850000 -CVE-2024-49894,1,1,88cd5ce3fd8ba369e038399b97d0be3dfe18f5cd822e94addebbc26af1ab3f79,2024-10-21T18:15:11.913000 -CVE-2024-49895,1,1,0d0647ca2e335320804377a2cbd6e5c56a2e5a09d2590d50cd806644e941bf5f,2024-10-21T18:15:11.990000 -CVE-2024-49896,1,1,a908826b168746e98694b2d3ffcfa8d0b8fb4574b82019c69efdb76d8fbcea34,2024-10-21T18:15:12.067000 -CVE-2024-49897,1,1,25edab85ea7603452b090b4a5a467a9927aa8931b61a4a7012c475069483a2d5,2024-10-21T18:15:12.133000 -CVE-2024-49898,1,1,d271df81d1c49f8689cb713176a41237c0b0bd646bf55d199db062eaf422babd,2024-10-21T18:15:12.190000 -CVE-2024-49899,1,1,7a489c872f4a8a6cafd4adf72eee8bf0477915eeda84a46614c444f2c5dbf5cf,2024-10-21T18:15:12.253000 -CVE-2024-49900,1,1,442f871c5033fb4d817dcb23172cb4af712873e6d3847088a999310a236f2a67,2024-10-21T18:15:12.320000 -CVE-2024-49901,1,1,38f2ab7e79608192ef80e2320379c51a334ebe822c589fe77f2fbd0dce3fd44f,2024-10-21T18:15:12.480000 -CVE-2024-49902,1,1,a434c9f51e23ab195ac49be2982a8c0fc8838491da8278c8e75db9c76acbd657,2024-10-21T18:15:12.700000 -CVE-2024-49903,1,1,c2309ee0c8d24d23ab7529a4918687b1cdce0bc12188c01955f1dc5a34002d17,2024-10-21T18:15:12.873000 -CVE-2024-49904,1,1,f77065ef3436d9c51b738f2ed393d552149f94dccc5342833a080d9ef008810f,2024-10-21T18:15:12.960000 -CVE-2024-49905,1,1,429fdbbcc0be5ba7747df2aff250fc438efe916999f88efd462a46f49fc8de85,2024-10-21T18:15:13.033000 -CVE-2024-49906,1,1,f1db4cceb57fd758fcf854abdf77016dc83260c8dcb0126b9f115f528c71fc5f,2024-10-21T18:15:13.120000 -CVE-2024-49907,1,1,5d8edc2e7c5e0325d116a4c4e1004945cfe1513ae8038f938d1c05ced14bb9cc,2024-10-21T18:15:13.210000 -CVE-2024-49908,1,1,e2e1e97c872425b428014aaf05dc7637c6a779f36ea763f76672da6671899329,2024-10-21T18:15:13.290000 -CVE-2024-49909,1,1,209e3d539a7883f6a78b4925601153902bdb9a63b70fac4709b5f8e6cc0ac9dc,2024-10-21T18:15:13.357000 +CVE-2024-49880,0,0,b52fb0ef3f6e1c21d5cbce06d56f874dcf18fb3dd97b125db1d402a4ecf4e757,2024-10-21T18:15:10.373000 +CVE-2024-49881,0,0,98042a06494613f2928e094d2fa909c115df3ab72353ec52b6422e91ca8ed993,2024-10-21T18:15:10.560000 +CVE-2024-49882,0,0,e66023ce971a9d11e792bd78cf40b7bc0fe9ac7894c0512eab6adc79894b9c9f,2024-10-21T18:15:10.790000 +CVE-2024-49883,0,0,37acdbcd398e8228bb279278844f4406b7efd6d6a63221000e833a66f7591c86,2024-10-21T18:15:11.060000 +CVE-2024-49884,0,0,e38c65326228a8cd1318f0f0cefdf4e5bbdf82e377f91e76732ff8f23931e9b5,2024-10-21T18:15:11.130000 +CVE-2024-49885,0,0,ed1572b2de9b402a83c9af591110cc9779fe23b7c58bcdb07fc312ae985bf00f,2024-10-21T18:15:11.230000 +CVE-2024-49886,0,0,cb8b5df158124ff581fff00849defb8fcc783d4461719a4b9d6c866e2e0d2521,2024-10-21T18:15:11.293000 +CVE-2024-49887,0,0,f132982427955349e6ed007dd6d71d9b3c92c457318d6c07927122fc94ace4d5,2024-10-21T18:15:11.360000 +CVE-2024-49888,0,0,cc924b819d51c229517a448a28b418cfa0732d8ab757fd6a1592d71570083222,2024-10-21T18:15:11.443000 +CVE-2024-49889,0,0,79b51de9360ff25a6471e1b00f5c2a3125562a23cf089765cd35288762ec4fb0,2024-10-21T18:15:11.513000 +CVE-2024-49890,0,0,77696cc73866150a5d1b49602ab09dc71c0e59c660923ecde53f4495e81f51af,2024-10-21T18:15:11.580000 +CVE-2024-49891,0,0,dd81b0b06c1d053d8a74180b9da79f7d22b80900500b1817b5765aa3e1b8b868,2024-10-21T18:15:11.657000 +CVE-2024-49892,0,0,1580fe96fb288cd989bb2f85632f6cfc6b24e2e629fd16687a2d7cf3a403a83c,2024-10-21T18:15:11.757000 +CVE-2024-49893,0,0,d511d03f18a8ca11bee91aa3894ff0d0f9bb4aacf685837e1f411585af990d9a,2024-10-21T18:15:11.850000 +CVE-2024-49894,0,0,88cd5ce3fd8ba369e038399b97d0be3dfe18f5cd822e94addebbc26af1ab3f79,2024-10-21T18:15:11.913000 +CVE-2024-49895,0,0,0d0647ca2e335320804377a2cbd6e5c56a2e5a09d2590d50cd806644e941bf5f,2024-10-21T18:15:11.990000 +CVE-2024-49896,0,0,a908826b168746e98694b2d3ffcfa8d0b8fb4574b82019c69efdb76d8fbcea34,2024-10-21T18:15:12.067000 +CVE-2024-49897,0,0,25edab85ea7603452b090b4a5a467a9927aa8931b61a4a7012c475069483a2d5,2024-10-21T18:15:12.133000 +CVE-2024-49898,0,0,d271df81d1c49f8689cb713176a41237c0b0bd646bf55d199db062eaf422babd,2024-10-21T18:15:12.190000 +CVE-2024-49899,0,0,7a489c872f4a8a6cafd4adf72eee8bf0477915eeda84a46614c444f2c5dbf5cf,2024-10-21T18:15:12.253000 +CVE-2024-49900,0,0,442f871c5033fb4d817dcb23172cb4af712873e6d3847088a999310a236f2a67,2024-10-21T18:15:12.320000 +CVE-2024-49901,0,0,38f2ab7e79608192ef80e2320379c51a334ebe822c589fe77f2fbd0dce3fd44f,2024-10-21T18:15:12.480000 +CVE-2024-49902,0,0,a434c9f51e23ab195ac49be2982a8c0fc8838491da8278c8e75db9c76acbd657,2024-10-21T18:15:12.700000 +CVE-2024-49903,0,0,c2309ee0c8d24d23ab7529a4918687b1cdce0bc12188c01955f1dc5a34002d17,2024-10-21T18:15:12.873000 +CVE-2024-49904,0,0,f77065ef3436d9c51b738f2ed393d552149f94dccc5342833a080d9ef008810f,2024-10-21T18:15:12.960000 +CVE-2024-49905,0,0,429fdbbcc0be5ba7747df2aff250fc438efe916999f88efd462a46f49fc8de85,2024-10-21T18:15:13.033000 +CVE-2024-49906,0,0,f1db4cceb57fd758fcf854abdf77016dc83260c8dcb0126b9f115f528c71fc5f,2024-10-21T18:15:13.120000 +CVE-2024-49907,0,0,5d8edc2e7c5e0325d116a4c4e1004945cfe1513ae8038f938d1c05ced14bb9cc,2024-10-21T18:15:13.210000 +CVE-2024-49908,0,0,e2e1e97c872425b428014aaf05dc7637c6a779f36ea763f76672da6671899329,2024-10-21T18:15:13.290000 +CVE-2024-49909,0,0,209e3d539a7883f6a78b4925601153902bdb9a63b70fac4709b5f8e6cc0ac9dc,2024-10-21T18:15:13.357000 CVE-2024-4991,0,0,3aef226cc1578adb6c75565d63e7f13bcda4a2e79607b48e5e73e305c3d938d8,2024-05-16T13:03:05.353000 -CVE-2024-49910,1,1,9002cd9822cfb0b26c3db7f3625eda7d5f68149e09a4156321b451dca09022b4,2024-10-21T18:15:13.433000 -CVE-2024-49911,1,1,b4f3eb0672d010e1104202c01ae700e4bd3b933899d9893b7cf5b85831d844ba,2024-10-21T18:15:13.507000 -CVE-2024-49912,1,1,f597fae29b7a4adba3b76ab90a77333cf88f55a537a41c489cbf8bdccd30681d,2024-10-21T18:15:13.593000 -CVE-2024-49913,1,1,6b7b9001a0078a16aa1db709291851c1ff86a37900db34a9e31e0c57c94fff02,2024-10-21T18:15:13.657000 -CVE-2024-49914,1,1,7a1220bc0049369ff60198dc952d2fc5b9b22ece9d565373ddfe6cfcf796246b,2024-10-21T18:15:13.723000 -CVE-2024-49915,1,1,8df6804ece8345329cc1c59f9582351e960e6379f3bf306fe54776a8dca7b452,2024-10-21T18:15:13.787000 -CVE-2024-49916,1,1,2af08f83a3923e938fa0adea8c18df68d49f1ccc0006aa3d43946150716816ee,2024-10-21T18:15:13.877000 -CVE-2024-49917,1,1,fca889031914f17c7b5c14febfc4f8d0f9b45af802be647e68ea61e59ae25154,2024-10-21T18:15:13.937000 -CVE-2024-49918,1,1,1e0c906d39bb179e6f5d05ea02581f75a2fe6b128e89c87bc47089fcc3a916dc,2024-10-21T18:15:14.030000 -CVE-2024-49919,1,1,a4fe0a18d0f2a766ecb3fe7724dc2ecfd051f9395d18cdeb8cf178a37da70c78,2024-10-21T18:15:14.117000 +CVE-2024-49910,0,0,9002cd9822cfb0b26c3db7f3625eda7d5f68149e09a4156321b451dca09022b4,2024-10-21T18:15:13.433000 +CVE-2024-49911,0,0,b4f3eb0672d010e1104202c01ae700e4bd3b933899d9893b7cf5b85831d844ba,2024-10-21T18:15:13.507000 +CVE-2024-49912,0,0,f597fae29b7a4adba3b76ab90a77333cf88f55a537a41c489cbf8bdccd30681d,2024-10-21T18:15:13.593000 +CVE-2024-49913,0,0,6b7b9001a0078a16aa1db709291851c1ff86a37900db34a9e31e0c57c94fff02,2024-10-21T18:15:13.657000 +CVE-2024-49914,0,0,7a1220bc0049369ff60198dc952d2fc5b9b22ece9d565373ddfe6cfcf796246b,2024-10-21T18:15:13.723000 +CVE-2024-49915,0,0,8df6804ece8345329cc1c59f9582351e960e6379f3bf306fe54776a8dca7b452,2024-10-21T18:15:13.787000 +CVE-2024-49916,0,0,2af08f83a3923e938fa0adea8c18df68d49f1ccc0006aa3d43946150716816ee,2024-10-21T18:15:13.877000 +CVE-2024-49917,0,0,fca889031914f17c7b5c14febfc4f8d0f9b45af802be647e68ea61e59ae25154,2024-10-21T18:15:13.937000 +CVE-2024-49918,0,0,1e0c906d39bb179e6f5d05ea02581f75a2fe6b128e89c87bc47089fcc3a916dc,2024-10-21T18:15:14.030000 +CVE-2024-49919,0,0,a4fe0a18d0f2a766ecb3fe7724dc2ecfd051f9395d18cdeb8cf178a37da70c78,2024-10-21T18:15:14.117000 CVE-2024-4992,0,0,e061228a83f2d41e21e64f404fd50aefb3a354b638438e4cf4870e41885d01e3,2024-05-16T13:03:05.353000 -CVE-2024-49920,1,1,d19cba17e864a9eda13f9d1aa49fc53522990944d4393b761cba518cb04555cd,2024-10-21T18:15:14.180000 -CVE-2024-49921,1,1,07c55719bdfbeb00f399a97321920e141ac09f80a1fbd4fc3d43b5d76bb452af,2024-10-21T18:15:14.260000 -CVE-2024-49922,1,1,ca98b5474538d4941e42a98fc6501e48eff9ea72286b6d4c586e08cb291f9234,2024-10-21T18:15:14.327000 -CVE-2024-49923,1,1,17081ddbbc6491ddec9264d205799a3ade9f91a463e56d376b89e58eec530869,2024-10-21T18:15:14.390000 -CVE-2024-49924,1,1,2b4dbfa5adf706b6944bfd736663a333915bb65e91672520e3613e7f2c3fd20e,2024-10-21T18:15:14.450000 -CVE-2024-49925,1,1,300579539cd2c62d72358d822844d7bbb6f8318488edc3104e1b0d77aee8b870,2024-10-21T18:15:14.540000 -CVE-2024-49926,1,1,8295c638191f98bdfc784646694df103593717711af8bdea643d76bd3920f222,2024-10-21T18:15:14.623000 -CVE-2024-49927,1,1,fdb1b82be7aa736fe77c1740d5b1b893e6439d0a26054b85a487db8a197d4316,2024-10-21T18:15:14.737000 -CVE-2024-49928,1,1,a28c9b49b27cf4b159d6e80a9042ff01d34bd4f26b8ef611d7137fa5a6c6b24d,2024-10-21T18:15:14.813000 -CVE-2024-49929,1,1,2c500301366de57531faadd6576ed5fb0f5c8af9209abfc4fd595e9c1d5a0a61,2024-10-21T18:15:14.907000 +CVE-2024-49920,0,0,d19cba17e864a9eda13f9d1aa49fc53522990944d4393b761cba518cb04555cd,2024-10-21T18:15:14.180000 +CVE-2024-49921,0,0,07c55719bdfbeb00f399a97321920e141ac09f80a1fbd4fc3d43b5d76bb452af,2024-10-21T18:15:14.260000 +CVE-2024-49922,0,0,ca98b5474538d4941e42a98fc6501e48eff9ea72286b6d4c586e08cb291f9234,2024-10-21T18:15:14.327000 +CVE-2024-49923,0,0,17081ddbbc6491ddec9264d205799a3ade9f91a463e56d376b89e58eec530869,2024-10-21T18:15:14.390000 +CVE-2024-49924,0,0,2b4dbfa5adf706b6944bfd736663a333915bb65e91672520e3613e7f2c3fd20e,2024-10-21T18:15:14.450000 +CVE-2024-49925,0,0,300579539cd2c62d72358d822844d7bbb6f8318488edc3104e1b0d77aee8b870,2024-10-21T18:15:14.540000 +CVE-2024-49926,0,0,8295c638191f98bdfc784646694df103593717711af8bdea643d76bd3920f222,2024-10-21T18:15:14.623000 +CVE-2024-49927,0,0,fdb1b82be7aa736fe77c1740d5b1b893e6439d0a26054b85a487db8a197d4316,2024-10-21T18:15:14.737000 +CVE-2024-49928,0,0,a28c9b49b27cf4b159d6e80a9042ff01d34bd4f26b8ef611d7137fa5a6c6b24d,2024-10-21T18:15:14.813000 +CVE-2024-49929,0,0,2c500301366de57531faadd6576ed5fb0f5c8af9209abfc4fd595e9c1d5a0a61,2024-10-21T18:15:14.907000 CVE-2024-4993,0,0,e0839a9575413089a3f10a1147258f2a987a3e24cb291a41fcab67561670893d,2024-05-16T13:03:05.353000 -CVE-2024-49930,1,1,f87ae058263eb14a43e150779ecfe6a6b2c54b273c028069ccb0531d23ca481e,2024-10-21T18:15:14.990000 -CVE-2024-49931,1,1,1ea64b73d6d7be29c14fee7565f572c6f0b1d85a4d56e3a3f1df87ff8f35ece3,2024-10-21T18:15:15.080000 -CVE-2024-49932,1,1,f9d9af52eb0d6c08fa93b4674d91baeb24719f016aa5418492835d7da9a8a6e3,2024-10-21T18:15:15.140000 -CVE-2024-49933,1,1,53d9bdf6e358cb2590bf9930d3e462dfbf8337dcaccf84f1af09e4d831bfb06b,2024-10-21T18:15:15.210000 -CVE-2024-49934,1,1,e3e503d02467e48b261cecb555e830ee8ad2498cccc70a40e395d2581b3238ef,2024-10-21T18:15:15.273000 -CVE-2024-49935,1,1,017079fa5c5b311c34097bd4316c72ac2c86c92be41f7db652f907fd24a91108,2024-10-21T18:15:15.350000 -CVE-2024-49936,1,1,faa86ce6b4427b6993dfa663ffd1f353935541bd4beda40cca817752117a40b8,2024-10-21T18:15:15.413000 -CVE-2024-49937,1,1,1ddc94453fc4ade819c835bccffc70cad973fc09f9134d4bea3fdce78570e544,2024-10-21T18:15:15.477000 -CVE-2024-49938,1,1,f4d365d0ce3d1578401fd4ae19766e2055c6381d5173bbeba2e2bf9ca7166b3d,2024-10-21T18:15:15.547000 -CVE-2024-49939,1,1,c535086680310b5cc330a339e194c8adc816254c07431417b5811844dd38b771,2024-10-21T18:15:15.620000 -CVE-2024-49940,1,1,d1ce6d9df63ab6d69c0470ff48d7bb6ad598c90a2adcc7e54403053b0155ba85,2024-10-21T18:15:15.703000 -CVE-2024-49941,1,1,c1c1ec78aa90860ef902850c44ce3f3bbbc66b9dcb65b22a58acc96c3013c323,2024-10-21T18:15:15.780000 -CVE-2024-49942,1,1,42ebb307bff9b6cfd1d80515a75fee68471522d7e23528152f5b221d5f99c97a,2024-10-21T18:15:15.843000 -CVE-2024-49943,1,1,5bd0baba9fad401ae2966a5afd74a17f3b5bfe07bacab8ea3c37210a3328453d,2024-10-21T18:15:15.920000 -CVE-2024-49944,1,1,131c3f4f4324d3d83ab08d53894a0c1feeffea665e9f3d106a9edafb8a327374,2024-10-21T18:15:15.993000 -CVE-2024-49945,1,1,d9768bdb8102c7ab9ddb3b09c537888ccdaeb1b8af4a6f393e4a1fb1e01c2f2f,2024-10-21T18:15:16.073000 -CVE-2024-49946,1,1,27f03b5c6f7aeb147a87a037e8f388338f0b52f097a9d9861b253ebf06f8cfe1,2024-10-21T18:15:16.133000 -CVE-2024-49947,1,1,048174b765afe4fff0c0cb6c741193768a0856c7a5d6919d8839d34be72e1e95,2024-10-21T18:15:16.207000 -CVE-2024-49948,1,1,254afb0ae03c5e9dbcf7f646813d286f1525d08f0c6cc2d07d9d611f45343d70,2024-10-21T18:15:16.260000 -CVE-2024-49949,1,1,e1092862299ce2c90d8dc9a6173a127653d464f87c63c33bc0b16a0254336281,2024-10-21T18:15:16.323000 -CVE-2024-49950,1,1,8c3ceff9ef2c46644cfa82096677d88e5b39d893622537c208a1379c0aa5065a,2024-10-21T18:15:16.417000 -CVE-2024-49951,1,1,f2d7dd21313fb994299de3b7796ba73e7501de3715ddfa306199ffb483498741,2024-10-21T18:15:16.500000 -CVE-2024-49952,1,1,1bb95eb5d4ef2d31c0a6b16abcd360f5a0eb081f2f426604ba15a122a80d7613,2024-10-21T18:15:16.590000 -CVE-2024-49953,1,1,19d8f29bafed9da3ffb2b84289b2750096f58d3bd457c1901ca28261ce9dd74c,2024-10-21T18:15:16.673000 -CVE-2024-49954,1,1,b1a986232473fbcfaa049070a08bedc0ed2c07ce5a4b31091951e293e0c61739,2024-10-21T18:15:16.753000 -CVE-2024-49955,1,1,aca53a3848ae59f6411183a6d02fe08aae05858fa3793016881531f8bfe4853d,2024-10-21T18:15:16.833000 -CVE-2024-49956,1,1,5d2727ebf758b416781a5d4a4e1bd34d5b44318ce922ae92fd7249dc1dd664d5,2024-10-21T18:15:16.893000 -CVE-2024-49957,1,1,168b9f19695f22254a9ead8b94a483b3363a005b371841e85614f102ca81a4eb,2024-10-21T18:15:16.950000 -CVE-2024-49958,1,1,f742b4c7f6ff35425a742d12878093da94c170c2aff781b9947e0db4ef79bc79,2024-10-21T18:15:17.050000 -CVE-2024-49959,1,1,1395433d71ba6b8b5ff523aae9d2129edb28c5a2c7178880b545addd92619984,2024-10-21T18:15:17.123000 -CVE-2024-49960,1,1,ae6e4b5068ce7c61e9258e27cd900cd0e377ff54e299d7ac667348ce8f09a9da,2024-10-21T18:15:17.187000 -CVE-2024-49961,1,1,63ad463f5a2970d8047fdba10230ee9f25327cbe40f72d00f253bbf480117139,2024-10-21T18:15:17.267000 -CVE-2024-49962,1,1,772d37517642b62f43e18a8bd98b5765760cf422eb44b7859b5fe8f13409c8a1,2024-10-21T18:15:17.353000 -CVE-2024-49963,1,1,1a3dc9c6fa04a0e5ec44b10dc02f1102fe3348f86942b060ce235940bcff9a3e,2024-10-21T18:15:17.447000 -CVE-2024-49964,1,1,d00b13f0a86a8e82ad126be507aa8914df12ef8058acb2cc46031008ce73cc53,2024-10-21T18:15:17.510000 -CVE-2024-49965,1,1,bed6a26a6e6527f5290db79dfbb22f109500d5f51b23f828b34271d37c0b59d1,2024-10-21T18:15:17.593000 -CVE-2024-49966,1,1,0d7e177c5626c70a931d26c60a8bd5469472651852136ab3aae4982b68bc1b8d,2024-10-21T18:15:17.683000 -CVE-2024-49967,1,1,5484f6985708cb6ff867d8b0ce901b49b803a6318104557919204a14f9d79a5b,2024-10-21T18:15:17.767000 -CVE-2024-49968,1,1,7077da0c2636949275d97eb608839ef01b868b7f2f46611d031760f40a878f3a,2024-10-21T18:15:17.833000 -CVE-2024-49969,1,1,5cb11d1f9ea0bc3f3f316c96a8323de21329a6fccf58f5b2b3f9c4173ebcfcb2,2024-10-21T18:15:17.910000 +CVE-2024-49930,0,0,f87ae058263eb14a43e150779ecfe6a6b2c54b273c028069ccb0531d23ca481e,2024-10-21T18:15:14.990000 +CVE-2024-49931,0,0,1ea64b73d6d7be29c14fee7565f572c6f0b1d85a4d56e3a3f1df87ff8f35ece3,2024-10-21T18:15:15.080000 +CVE-2024-49932,0,0,f9d9af52eb0d6c08fa93b4674d91baeb24719f016aa5418492835d7da9a8a6e3,2024-10-21T18:15:15.140000 +CVE-2024-49933,0,0,53d9bdf6e358cb2590bf9930d3e462dfbf8337dcaccf84f1af09e4d831bfb06b,2024-10-21T18:15:15.210000 +CVE-2024-49934,0,0,e3e503d02467e48b261cecb555e830ee8ad2498cccc70a40e395d2581b3238ef,2024-10-21T18:15:15.273000 +CVE-2024-49935,0,0,017079fa5c5b311c34097bd4316c72ac2c86c92be41f7db652f907fd24a91108,2024-10-21T18:15:15.350000 +CVE-2024-49936,0,0,faa86ce6b4427b6993dfa663ffd1f353935541bd4beda40cca817752117a40b8,2024-10-21T18:15:15.413000 +CVE-2024-49937,0,0,1ddc94453fc4ade819c835bccffc70cad973fc09f9134d4bea3fdce78570e544,2024-10-21T18:15:15.477000 +CVE-2024-49938,0,0,f4d365d0ce3d1578401fd4ae19766e2055c6381d5173bbeba2e2bf9ca7166b3d,2024-10-21T18:15:15.547000 +CVE-2024-49939,0,0,c535086680310b5cc330a339e194c8adc816254c07431417b5811844dd38b771,2024-10-21T18:15:15.620000 +CVE-2024-49940,0,0,d1ce6d9df63ab6d69c0470ff48d7bb6ad598c90a2adcc7e54403053b0155ba85,2024-10-21T18:15:15.703000 +CVE-2024-49941,0,0,c1c1ec78aa90860ef902850c44ce3f3bbbc66b9dcb65b22a58acc96c3013c323,2024-10-21T18:15:15.780000 +CVE-2024-49942,0,0,42ebb307bff9b6cfd1d80515a75fee68471522d7e23528152f5b221d5f99c97a,2024-10-21T18:15:15.843000 +CVE-2024-49943,0,0,5bd0baba9fad401ae2966a5afd74a17f3b5bfe07bacab8ea3c37210a3328453d,2024-10-21T18:15:15.920000 +CVE-2024-49944,0,0,131c3f4f4324d3d83ab08d53894a0c1feeffea665e9f3d106a9edafb8a327374,2024-10-21T18:15:15.993000 +CVE-2024-49945,0,0,d9768bdb8102c7ab9ddb3b09c537888ccdaeb1b8af4a6f393e4a1fb1e01c2f2f,2024-10-21T18:15:16.073000 +CVE-2024-49946,0,0,27f03b5c6f7aeb147a87a037e8f388338f0b52f097a9d9861b253ebf06f8cfe1,2024-10-21T18:15:16.133000 +CVE-2024-49947,0,0,048174b765afe4fff0c0cb6c741193768a0856c7a5d6919d8839d34be72e1e95,2024-10-21T18:15:16.207000 +CVE-2024-49948,0,0,254afb0ae03c5e9dbcf7f646813d286f1525d08f0c6cc2d07d9d611f45343d70,2024-10-21T18:15:16.260000 +CVE-2024-49949,0,0,e1092862299ce2c90d8dc9a6173a127653d464f87c63c33bc0b16a0254336281,2024-10-21T18:15:16.323000 +CVE-2024-49950,0,0,8c3ceff9ef2c46644cfa82096677d88e5b39d893622537c208a1379c0aa5065a,2024-10-21T18:15:16.417000 +CVE-2024-49951,0,0,f2d7dd21313fb994299de3b7796ba73e7501de3715ddfa306199ffb483498741,2024-10-21T18:15:16.500000 +CVE-2024-49952,0,0,1bb95eb5d4ef2d31c0a6b16abcd360f5a0eb081f2f426604ba15a122a80d7613,2024-10-21T18:15:16.590000 +CVE-2024-49953,0,0,19d8f29bafed9da3ffb2b84289b2750096f58d3bd457c1901ca28261ce9dd74c,2024-10-21T18:15:16.673000 +CVE-2024-49954,0,0,b1a986232473fbcfaa049070a08bedc0ed2c07ce5a4b31091951e293e0c61739,2024-10-21T18:15:16.753000 +CVE-2024-49955,0,0,aca53a3848ae59f6411183a6d02fe08aae05858fa3793016881531f8bfe4853d,2024-10-21T18:15:16.833000 +CVE-2024-49956,0,0,5d2727ebf758b416781a5d4a4e1bd34d5b44318ce922ae92fd7249dc1dd664d5,2024-10-21T18:15:16.893000 +CVE-2024-49957,0,0,168b9f19695f22254a9ead8b94a483b3363a005b371841e85614f102ca81a4eb,2024-10-21T18:15:16.950000 +CVE-2024-49958,0,0,f742b4c7f6ff35425a742d12878093da94c170c2aff781b9947e0db4ef79bc79,2024-10-21T18:15:17.050000 +CVE-2024-49959,0,0,1395433d71ba6b8b5ff523aae9d2129edb28c5a2c7178880b545addd92619984,2024-10-21T18:15:17.123000 +CVE-2024-49960,0,0,ae6e4b5068ce7c61e9258e27cd900cd0e377ff54e299d7ac667348ce8f09a9da,2024-10-21T18:15:17.187000 +CVE-2024-49961,0,0,63ad463f5a2970d8047fdba10230ee9f25327cbe40f72d00f253bbf480117139,2024-10-21T18:15:17.267000 +CVE-2024-49962,0,0,772d37517642b62f43e18a8bd98b5765760cf422eb44b7859b5fe8f13409c8a1,2024-10-21T18:15:17.353000 +CVE-2024-49963,0,0,1a3dc9c6fa04a0e5ec44b10dc02f1102fe3348f86942b060ce235940bcff9a3e,2024-10-21T18:15:17.447000 +CVE-2024-49964,0,0,d00b13f0a86a8e82ad126be507aa8914df12ef8058acb2cc46031008ce73cc53,2024-10-21T18:15:17.510000 +CVE-2024-49965,0,0,bed6a26a6e6527f5290db79dfbb22f109500d5f51b23f828b34271d37c0b59d1,2024-10-21T18:15:17.593000 +CVE-2024-49966,0,0,0d7e177c5626c70a931d26c60a8bd5469472651852136ab3aae4982b68bc1b8d,2024-10-21T18:15:17.683000 +CVE-2024-49967,0,0,5484f6985708cb6ff867d8b0ce901b49b803a6318104557919204a14f9d79a5b,2024-10-21T18:15:17.767000 +CVE-2024-49968,0,0,7077da0c2636949275d97eb608839ef01b868b7f2f46611d031760f40a878f3a,2024-10-21T18:15:17.833000 +CVE-2024-49969,0,0,5cb11d1f9ea0bc3f3f316c96a8323de21329a6fccf58f5b2b3f9c4173ebcfcb2,2024-10-21T18:15:17.910000 CVE-2024-4997,0,0,8869d8cee41a7f38be4f03ad1383841d0fd18dd2f92c0e8b0f0fd7c6f2096580,2024-06-04T16:57:41.053000 -CVE-2024-49970,1,1,a92a08cf657d3b6cb7016730305a2f8ec2b8405aaa645a94dbbccbe58c3386c0,2024-10-21T18:15:17.973000 -CVE-2024-49971,1,1,d1bfc54a12d69a88bfb4c0fbab3e6e5dbac24fcd6a47ee94b8ca898b5b468222,2024-10-21T18:15:18.050000 -CVE-2024-49972,1,1,31006d82ec83f4a48470e846f62404f299b662cacc51f74cadd6efc5f0a3144b,2024-10-21T18:15:18.103000 -CVE-2024-49973,1,1,e9393f93e0bb17121dae1744c7545703eba04aa461372b88c7b5998b8ce3fbd1,2024-10-21T18:15:18.163000 -CVE-2024-49974,1,1,22990b5793ffd3a3db4a2e723e3e2b68b982e87be73df176ecd83dd716d2ff48,2024-10-21T18:15:18.227000 -CVE-2024-49975,1,1,9e75c148e45696385a95893bed64802cf6ef2387afe5146d2bc948a94a22cacc,2024-10-21T18:15:18.287000 -CVE-2024-49976,1,1,dfe82f308748223d7c8cdc664b67f3d3c4432af4f35e61f164f2262dd652da9e,2024-10-21T18:15:18.353000 -CVE-2024-49977,1,1,5870e97c47d6047660e494f5028be2a8e2df62d2eed94394dc6cc676af12d5e1,2024-10-21T18:15:18.417000 -CVE-2024-49978,1,1,49f5a3869bbf77d42d4b37fa44119e3515a6e68804ee502502377ade5c127c3e,2024-10-21T18:15:18.483000 -CVE-2024-49979,1,1,a04965f311e4a668522b1896583b26462db2eb79b79676e413f0f91f037fefa4,2024-10-21T18:15:18.550000 +CVE-2024-49970,0,0,a92a08cf657d3b6cb7016730305a2f8ec2b8405aaa645a94dbbccbe58c3386c0,2024-10-21T18:15:17.973000 +CVE-2024-49971,0,0,d1bfc54a12d69a88bfb4c0fbab3e6e5dbac24fcd6a47ee94b8ca898b5b468222,2024-10-21T18:15:18.050000 +CVE-2024-49972,0,0,31006d82ec83f4a48470e846f62404f299b662cacc51f74cadd6efc5f0a3144b,2024-10-21T18:15:18.103000 +CVE-2024-49973,0,0,e9393f93e0bb17121dae1744c7545703eba04aa461372b88c7b5998b8ce3fbd1,2024-10-21T18:15:18.163000 +CVE-2024-49974,0,0,22990b5793ffd3a3db4a2e723e3e2b68b982e87be73df176ecd83dd716d2ff48,2024-10-21T18:15:18.227000 +CVE-2024-49975,0,0,9e75c148e45696385a95893bed64802cf6ef2387afe5146d2bc948a94a22cacc,2024-10-21T18:15:18.287000 +CVE-2024-49976,0,0,dfe82f308748223d7c8cdc664b67f3d3c4432af4f35e61f164f2262dd652da9e,2024-10-21T18:15:18.353000 +CVE-2024-49977,0,0,5870e97c47d6047660e494f5028be2a8e2df62d2eed94394dc6cc676af12d5e1,2024-10-21T18:15:18.417000 +CVE-2024-49978,0,0,49f5a3869bbf77d42d4b37fa44119e3515a6e68804ee502502377ade5c127c3e,2024-10-21T18:15:18.483000 +CVE-2024-49979,0,0,a04965f311e4a668522b1896583b26462db2eb79b79676e413f0f91f037fefa4,2024-10-21T18:15:18.550000 CVE-2024-4998,0,0,fe1bc994ac10ee97dd90e00ffa3b2211d68ef77cdb160f8aaa68bd1eee2d92b4,2024-05-17T16:15:08.160000 -CVE-2024-49980,1,1,4c4d10e0b138a936b62d1fe20876a830dbe6d6f2098feaab3df441298138363b,2024-10-21T18:15:18.613000 -CVE-2024-49981,1,1,3a1da79b1ff1b73f82c4a59642da7840ce792ca43e6766037b8a23eb02e1a7f7,2024-10-21T18:15:18.670000 -CVE-2024-49982,1,1,cd7f5dd8502170f0cf8b08a6b21eb7cd649dd9ce4193dff78b8a9c159ca08574,2024-10-21T18:15:18.733000 -CVE-2024-49983,1,1,9396b31bd2a85016e67c4496b171ff7cc88d0597f1c67f420507e7d015d981db,2024-10-21T18:15:18.797000 -CVE-2024-49984,1,1,2ddabeeaf068d075b3784b8f5e2e0311f60884f0863af13c94bc80b18bd63a5e,2024-10-21T18:15:18.873000 -CVE-2024-49985,1,1,9a6c118c8135a1dc8b15bb28eb9ce074d325aa55167dcad7b1d3b3d9b8c2f6e7,2024-10-21T18:15:18.950000 -CVE-2024-49986,1,1,61d242649b735c508b878e5a443579b5e56736f895d651584088df7127f61617,2024-10-21T18:15:19.020000 -CVE-2024-49987,1,1,0badac39da449e246304db3fa5a0d8ec9f8e6bdb4f3b9d2ac7e077debbe8562d,2024-10-21T18:15:19.087000 -CVE-2024-49988,1,1,e7eecfcbffe0e4043e9c744ff25523cd6af58676f1b106c498f055e0613f1a1b,2024-10-21T18:15:19.147000 -CVE-2024-49989,1,1,8419611c4d7c2dda7fffe3f5f6e201c368616b4fbf61bcf73ad5198829629b4b,2024-10-21T18:15:19.207000 +CVE-2024-49980,0,0,4c4d10e0b138a936b62d1fe20876a830dbe6d6f2098feaab3df441298138363b,2024-10-21T18:15:18.613000 +CVE-2024-49981,0,0,3a1da79b1ff1b73f82c4a59642da7840ce792ca43e6766037b8a23eb02e1a7f7,2024-10-21T18:15:18.670000 +CVE-2024-49982,0,0,cd7f5dd8502170f0cf8b08a6b21eb7cd649dd9ce4193dff78b8a9c159ca08574,2024-10-21T18:15:18.733000 +CVE-2024-49983,0,0,9396b31bd2a85016e67c4496b171ff7cc88d0597f1c67f420507e7d015d981db,2024-10-21T18:15:18.797000 +CVE-2024-49984,0,0,2ddabeeaf068d075b3784b8f5e2e0311f60884f0863af13c94bc80b18bd63a5e,2024-10-21T18:15:18.873000 +CVE-2024-49985,0,0,9a6c118c8135a1dc8b15bb28eb9ce074d325aa55167dcad7b1d3b3d9b8c2f6e7,2024-10-21T18:15:18.950000 +CVE-2024-49986,0,0,61d242649b735c508b878e5a443579b5e56736f895d651584088df7127f61617,2024-10-21T18:15:19.020000 +CVE-2024-49987,0,0,0badac39da449e246304db3fa5a0d8ec9f8e6bdb4f3b9d2ac7e077debbe8562d,2024-10-21T18:15:19.087000 +CVE-2024-49988,0,0,e7eecfcbffe0e4043e9c744ff25523cd6af58676f1b106c498f055e0613f1a1b,2024-10-21T18:15:19.147000 +CVE-2024-49989,0,0,8419611c4d7c2dda7fffe3f5f6e201c368616b4fbf61bcf73ad5198829629b4b,2024-10-21T18:15:19.207000 CVE-2024-4999,0,0,aeea1ad154336e8cbd739fb19642e978908300b067641ea9bc4ea587cb0b31ba,2024-05-16T15:44:44.683000 -CVE-2024-49990,1,1,39546e1cdb783104b0b21d042037c3517f174690869a65e2304e57fb94f35994,2024-10-21T18:15:19.270000 -CVE-2024-49991,1,1,1e79bf3162e186614e9411a4eae6aa4ca42a80d7742ee548da61dccbdf9a80b7,2024-10-21T18:15:19.330000 -CVE-2024-49992,1,1,0311e3e674c8377ca728d3da5378d92f106011a0f7f446e6602d68fbbd7d30d2,2024-10-21T18:15:19.387000 -CVE-2024-49993,1,1,42ed8e3f240f649a6e7d9c0f43e912a15c4e62d0bc9575a508f6bc2145f88df8,2024-10-21T18:15:19.477000 -CVE-2024-49994,1,1,e2b5a07f36db56b1a5d542da9bcdd20f61638414ed97fd5b350c94f2c5f93ca0,2024-10-21T18:15:19.557000 -CVE-2024-49995,1,1,16c858b6d3b667e454cb1700cea98be9e2abc25303cc228d830bb4528c410b60,2024-10-21T18:15:19.660000 -CVE-2024-49996,1,1,7e2dba942c7507914d2a0ecd67ed4a4c2d3b8365fd52b6351a32bbc41c376b18,2024-10-21T18:15:19.760000 -CVE-2024-49997,1,1,2149d3e894cfeb3d69bffdd471dd8aaeeb9444fbf5fc75397c88dca4fd3fd954,2024-10-21T18:15:19.837000 -CVE-2024-49998,1,1,efeb80f977254c3dabb05b028cec66fe96fe7dc98b92e5165d95edc9e3c76f46,2024-10-21T18:15:19.907000 -CVE-2024-49999,1,1,dc6b44582e762cea0df74bb37cbf27f60d95b223d72ae4cf8f92feafa8821751,2024-10-21T18:15:19.973000 +CVE-2024-49990,0,0,39546e1cdb783104b0b21d042037c3517f174690869a65e2304e57fb94f35994,2024-10-21T18:15:19.270000 +CVE-2024-49991,0,0,1e79bf3162e186614e9411a4eae6aa4ca42a80d7742ee548da61dccbdf9a80b7,2024-10-21T18:15:19.330000 +CVE-2024-49992,0,0,0311e3e674c8377ca728d3da5378d92f106011a0f7f446e6602d68fbbd7d30d2,2024-10-21T18:15:19.387000 +CVE-2024-49993,0,0,42ed8e3f240f649a6e7d9c0f43e912a15c4e62d0bc9575a508f6bc2145f88df8,2024-10-21T18:15:19.477000 +CVE-2024-49994,0,0,e2b5a07f36db56b1a5d542da9bcdd20f61638414ed97fd5b350c94f2c5f93ca0,2024-10-21T18:15:19.557000 +CVE-2024-49995,0,0,16c858b6d3b667e454cb1700cea98be9e2abc25303cc228d830bb4528c410b60,2024-10-21T18:15:19.660000 +CVE-2024-49996,0,0,7e2dba942c7507914d2a0ecd67ed4a4c2d3b8365fd52b6351a32bbc41c376b18,2024-10-21T18:15:19.760000 +CVE-2024-49997,0,0,2149d3e894cfeb3d69bffdd471dd8aaeeb9444fbf5fc75397c88dca4fd3fd954,2024-10-21T18:15:19.837000 +CVE-2024-49998,0,0,efeb80f977254c3dabb05b028cec66fe96fe7dc98b92e5165d95edc9e3c76f46,2024-10-21T18:15:19.907000 +CVE-2024-49999,0,0,dc6b44582e762cea0df74bb37cbf27f60d95b223d72ae4cf8f92feafa8821751,2024-10-21T18:15:19.973000 CVE-2024-5000,0,0,78aa4b3aa9bab8131501fa8740489ecb0fe42637a1055cb7cfa2d7935a7c9e42,2024-06-04T16:57:41.053000 -CVE-2024-50000,1,1,17685d3641d55e9708668d377d79f9832a0ce37d1c83a966b2540044e2e956c8,2024-10-21T18:15:20.063000 -CVE-2024-50001,1,1,e1035271ec7049855b01eb75c0c422d1c30e900e319441b20773b408b766a86c,2024-10-21T18:15:20.130000 -CVE-2024-50002,1,1,4e061a3eba3f4f7b184c6bedec6f93a6ac06ce60beb51fdc1935126b4ef8f526,2024-10-21T18:15:20.200000 -CVE-2024-50003,1,1,57eafeee9812a2b7d98ad832a5611cf2622ed1aedbcaaa9515385c36fa1a7bfa,2024-10-21T19:15:04.020000 -CVE-2024-50004,1,1,e01f942e490cb8ed605edbb2c4c8b5eda45dfb87609026c1693329e5972e9748,2024-10-21T19:15:04.083000 -CVE-2024-50005,1,1,7322ce5d5d7b49e612f442f3b9735e48e141061ab9d3ea0a91ef96e5ab9f4df5,2024-10-21T19:15:04.143000 -CVE-2024-50006,1,1,8fa8b64a0eef9ae08a4e58e1a2f33dbf1b64e0af7796c7f4949cc744f2ea6a4e,2024-10-21T19:15:04.223000 -CVE-2024-50007,1,1,89b12aa223a0371a2bf93340464905abfa9b72db24328a74cda142a8f9da1c20,2024-10-21T19:15:04.300000 -CVE-2024-50008,1,1,9fe4276ddd16b749967559f43bd7dc5ee81fd12011dad530eef68c2ec97539d0,2024-10-21T19:15:04.367000 -CVE-2024-50009,1,1,15fc8a86b421ee1c16daf57ac09dfc7d0000a4dbe2fdd7b20f00ef6791b62003,2024-10-21T19:15:04.437000 +CVE-2024-50000,0,0,17685d3641d55e9708668d377d79f9832a0ce37d1c83a966b2540044e2e956c8,2024-10-21T18:15:20.063000 +CVE-2024-50001,0,0,e1035271ec7049855b01eb75c0c422d1c30e900e319441b20773b408b766a86c,2024-10-21T18:15:20.130000 +CVE-2024-50002,0,0,4e061a3eba3f4f7b184c6bedec6f93a6ac06ce60beb51fdc1935126b4ef8f526,2024-10-21T18:15:20.200000 +CVE-2024-50003,0,0,57eafeee9812a2b7d98ad832a5611cf2622ed1aedbcaaa9515385c36fa1a7bfa,2024-10-21T19:15:04.020000 +CVE-2024-50004,0,0,e01f942e490cb8ed605edbb2c4c8b5eda45dfb87609026c1693329e5972e9748,2024-10-21T19:15:04.083000 +CVE-2024-50005,0,0,7322ce5d5d7b49e612f442f3b9735e48e141061ab9d3ea0a91ef96e5ab9f4df5,2024-10-21T19:15:04.143000 +CVE-2024-50006,0,0,8fa8b64a0eef9ae08a4e58e1a2f33dbf1b64e0af7796c7f4949cc744f2ea6a4e,2024-10-21T19:15:04.223000 +CVE-2024-50007,0,0,89b12aa223a0371a2bf93340464905abfa9b72db24328a74cda142a8f9da1c20,2024-10-21T19:15:04.300000 +CVE-2024-50008,0,0,9fe4276ddd16b749967559f43bd7dc5ee81fd12011dad530eef68c2ec97539d0,2024-10-21T19:15:04.367000 +CVE-2024-50009,0,0,15fc8a86b421ee1c16daf57ac09dfc7d0000a4dbe2fdd7b20f00ef6791b62003,2024-10-21T19:15:04.437000 CVE-2024-5001,0,0,d13fccabd833b06301db98a96a793d9305ac650b09885bcad3ab7a5e90e7be86,2024-07-23T20:32:50.207000 -CVE-2024-50010,1,1,c53ba20f15be46922415c033fc3e7ed380519ce0eb76211d27b09088e1790b0b,2024-10-21T19:15:04.523000 -CVE-2024-50011,1,1,5f035249db3ba2b24e53e8ba6260368180018cbcfac0b7055d0e4e4e355f8612,2024-10-21T19:15:04.613000 -CVE-2024-50012,1,1,e6eb0338dc2e9f6e121b0c74a88f027b67d6ce68afa6ed8e34c013a1f58544c7,2024-10-21T19:15:04.683000 -CVE-2024-50013,1,1,9bce96b82be6041c6d31723e95529da6b4fa6cda3221f6ed2f78bdb71a07769d,2024-10-21T19:15:04.767000 -CVE-2024-50014,1,1,9fbe5dcd27cf39996764d864e981d268a8c59f48be0444fad3649a08b81849b6,2024-10-21T19:15:04.830000 -CVE-2024-50015,1,1,e8088df4c2e48d549683ae8c2e7ff9235e47300a0012eae1875188102af57d45,2024-10-21T19:15:04.890000 -CVE-2024-50016,1,1,a55f4725ca2402415ab9e6b67bddded136cc2be1fda35777a7494e7090316b41,2024-10-21T19:15:04.970000 -CVE-2024-50017,1,1,f197fab2448a05a2d2cabec81e981b67753477ab29cefc2f0a1ac6c3746fcbcf,2024-10-21T19:15:05.043000 -CVE-2024-50018,1,1,e61c42de23ac70a8b7dfe6acc1a6567293aee16725c673fdeef594cc676a5348,2024-10-21T19:15:05.123000 +CVE-2024-50010,0,0,c53ba20f15be46922415c033fc3e7ed380519ce0eb76211d27b09088e1790b0b,2024-10-21T19:15:04.523000 +CVE-2024-50011,0,0,5f035249db3ba2b24e53e8ba6260368180018cbcfac0b7055d0e4e4e355f8612,2024-10-21T19:15:04.613000 +CVE-2024-50012,0,0,e6eb0338dc2e9f6e121b0c74a88f027b67d6ce68afa6ed8e34c013a1f58544c7,2024-10-21T19:15:04.683000 +CVE-2024-50013,0,0,9bce96b82be6041c6d31723e95529da6b4fa6cda3221f6ed2f78bdb71a07769d,2024-10-21T19:15:04.767000 +CVE-2024-50014,0,0,9fbe5dcd27cf39996764d864e981d268a8c59f48be0444fad3649a08b81849b6,2024-10-21T19:15:04.830000 +CVE-2024-50015,0,0,e8088df4c2e48d549683ae8c2e7ff9235e47300a0012eae1875188102af57d45,2024-10-21T19:15:04.890000 +CVE-2024-50016,0,0,a55f4725ca2402415ab9e6b67bddded136cc2be1fda35777a7494e7090316b41,2024-10-21T19:15:04.970000 +CVE-2024-50017,0,0,f197fab2448a05a2d2cabec81e981b67753477ab29cefc2f0a1ac6c3746fcbcf,2024-10-21T19:15:05.043000 +CVE-2024-50018,0,0,e61c42de23ac70a8b7dfe6acc1a6567293aee16725c673fdeef594cc676a5348,2024-10-21T19:15:05.123000 +CVE-2024-50019,1,1,cbb287c8633689427f38851cc0239f9757bf9915fb89d42096ae94e9fa5e5757,2024-10-21T20:15:15.510000 CVE-2024-5002,0,0,28b740bd033d1abfd76c98a370fcc8a1a0efc6df8c7198f0eedf875190207207,2024-08-01T13:59:37.720000 +CVE-2024-50020,1,1,20e7dcb18b7cff318c41c4cb12cf93f059cf494ec49ee4401c2c60b1d6795f0a,2024-10-21T20:15:15.573000 +CVE-2024-50021,1,1,a45ccb84243633ca75617bcf0bac7b407aa8e502d7b6be23514f6af4dac1dbd0,2024-10-21T20:15:15.630000 +CVE-2024-50022,1,1,9d59c6abd8f8b8c4b9d5277a2ff7021a63d7ee1a681efa5f78ea97b9fd8e6208,2024-10-21T20:15:15.690000 +CVE-2024-50023,1,1,37d2a53073f14ccab5fad125d93dbb07996160f8377ac498e1c4b7fc9232a834,2024-10-21T20:15:15.763000 +CVE-2024-50024,1,1,23bb14f749e0ff00090db76adda8ffffbdfd89c3ced4d30c3fe654bab5ad4776,2024-10-21T20:15:15.850000 +CVE-2024-50025,1,1,a9a2ffb95d9049b1d0f3b5c92e7345060d015d1847e90374e928a341c983f2fe,2024-10-21T20:15:15.930000 +CVE-2024-50026,1,1,10d6bd1bf65686521e063ae744bc64199a1fa3eccd383487f66291d1513531c3,2024-10-21T20:15:15.993000 +CVE-2024-50027,1,1,ea24396ffe206891d48ed674035750bb0f10e5820a8687a3666569d113e801b2,2024-10-21T20:15:16.093000 +CVE-2024-50028,1,1,5bddbbbf1b498cc47b05663d60d38dcaa892daeb07018f2947d7f79ea6f5e85c,2024-10-21T20:15:16.163000 +CVE-2024-50029,1,1,908ccdc28f219977da34e942b527add1c79f6bf0c75e220e1391bf77cf76a5e0,2024-10-21T20:15:16.227000 CVE-2024-5003,0,0,657f01af6ae4ffebd5508957e0a4ee664437c9c42d64fc0c4eaff54aefed6593,2024-07-18T16:18:33.020000 +CVE-2024-50030,1,1,2820ca347e96bb99ae01165c561178d1f4b2b30d597a22bb8c66fb9dcd7cf12b,2024-10-21T20:15:16.290000 +CVE-2024-50031,1,1,5577e00e592f411d2925477599390ea1179feed62f2414eef683c5b5f6f62a91,2024-10-21T20:15:16.350000 +CVE-2024-50032,1,1,58741c2b03e923c21b4caf61e31dd44b07c3797453f4d018386cbf66e695e8d2,2024-10-21T20:15:16.417000 +CVE-2024-50033,1,1,d9c247041dad42666c83a61b37ab976e615eee25bba516ade70e0a578ab243d5,2024-10-21T20:15:16.477000 +CVE-2024-50034,1,1,3e68e1bfc2822ddf6c1a9385983634f53894326fe8bdd8bfb279b53886d96c67,2024-10-21T20:15:16.553000 +CVE-2024-50035,1,1,1a993d1601899fa65f25d1f6798aef8e0748632c10d4cf038c7544c632b7ff64,2024-10-21T20:15:16.640000 +CVE-2024-50036,1,1,08017c23066132093c7c8be825ab7913669dac7377e3ab67bec46c91aec762bc,2024-10-21T20:15:16.717000 +CVE-2024-50037,1,1,ebb18a5f46464009313e33743691c82bd7bcdabcd751592516e3847e9f870703,2024-10-21T20:15:16.790000 +CVE-2024-50038,1,1,4a8fc5089115369ff65aee23f026b751831c2b31eb6829afe1e5be8f6daef12d,2024-10-21T20:15:16.877000 +CVE-2024-50039,1,1,5eb4ab27e6920e114dcd1ebbc38bd9562f77cd742a1de8fc32358ee77562a1dc,2024-10-21T20:15:16.957000 CVE-2024-5004,0,0,dbb46916d3eaa00ba190ac36848b4f73f0fcf9ebf3415c8f81f52119cf8e2d54,2024-08-01T13:59:37.913000 +CVE-2024-50040,1,1,d6b1a90b7498a56545a72c4cfa538c889ed69357db0a1e79146f8f0158f45a9f,2024-10-21T20:15:17.050000 +CVE-2024-50041,1,1,d6f144471017b965b7206de68b5899d2aaf7aa50537f9c39e7b30bd6697f9cd5,2024-10-21T20:15:17.133000 +CVE-2024-50042,1,1,df8d52719d5c5939c3110b5fc299627d5eba6e1633761af5feae5616c2186b39,2024-10-21T20:15:17.200000 +CVE-2024-50043,1,1,05f6b3b96d98d7a8e68358e323b35f8e9baea184211ec6f5e5da7b1a7a8f60b3,2024-10-21T20:15:17.263000 +CVE-2024-50044,1,1,9c51415ddda45d9289d71098414c12a2c2afb532f8a3c39af5c8877bbca544ce,2024-10-21T20:15:17.313000 +CVE-2024-50045,1,1,a02c27392f36375d0e00db128405326c4d32c7194ab61b670d5f636807bf269c,2024-10-21T20:15:17.373000 +CVE-2024-50046,1,1,b53bab411a7fde18d223f7c717d17b432252f7f98229b0fc90e5bfb323bd1967,2024-10-21T20:15:17.437000 +CVE-2024-50047,1,1,1648a7adf144e3172b18c7815c0bd1fb4c77ae00b67b3bade48ac7b55e27ea2c,2024-10-21T20:15:17.507000 +CVE-2024-50048,1,1,2446bfba00b9ae3aec430ee57d03fc34dacfb6108b2b3b3b22181060be701461,2024-10-21T20:15:17.580000 +CVE-2024-50049,1,1,740df24ddd739c0044b6838c10c264c6e739a76dd6342b699d037285f4e120ce,2024-10-21T20:15:17.687000 CVE-2024-5005,0,0,28bdb1683e492d24b33087981d0823dd42f49eeb8c271eabba28b1e925e506ca,2024-10-15T12:58:51.050000 +CVE-2024-50055,1,1,8bd61933350af1166da21bf2ca1be74290bd9d7366a90972c29b58636d50b70a,2024-10-21T20:15:17.770000 +CVE-2024-50056,1,1,444857506fba3c76533324304e863d594f5bf4e73ccb8869fbfe082e0e19398d,2024-10-21T20:15:17.853000 +CVE-2024-50057,1,1,2c92e6aa013f2f07906ab2ccc4c5ced84993d19b57ea4a30c645d2ccb546a028,2024-10-21T20:15:17.933000 +CVE-2024-50058,1,1,d4967b66a672f6ad3e3ef66310d5c3c123bd93183433e377509491b4687a3629,2024-10-21T20:15:17.993000 +CVE-2024-50059,1,1,816f93c86ac255501b5de5777044500171097c3ec70953ee9f1a3a7d571fce38,2024-10-21T20:15:18.057000 CVE-2024-5006,0,0,275a7db4a7750ed7acf4e95109b09b599d0f03c3ae61db2773b61bbc80a38eed,2024-06-11T17:36:24 +CVE-2024-50060,1,1,8c6274c881b862e2c60714c4398ea997354579ddc09e90ef5a5a485bd52a4dea,2024-10-21T20:15:18.117000 +CVE-2024-50061,1,1,77aa399b1d69012adec6d3543af38358452290eb74c54ff4cbf41cf090c9502e,2024-10-21T20:15:18.210000 +CVE-2024-50062,1,1,6f5ca0ab24218bdc3a66845ef7a25d33f8fee4816aeb71f302bd0b77f4dbdce2,2024-10-21T20:15:18.280000 +CVE-2024-50063,1,1,d759cd8b06ee26350df3838a67993a2f428080f68be3d878c568416e1030f14f,2024-10-21T20:15:18.360000 +CVE-2024-50064,1,1,a9c0a9e4f0c519a4c22abec4357d9c45d0d914896a8ed6df430d438f3ba7542c,2024-10-21T20:15:18.440000 +CVE-2024-50065,1,1,8b2909d6581c9e4861514583ddb674698f4fdfdf8c4f85ae747650769c9c2972,2024-10-21T20:15:18.520000 CVE-2024-5008,0,0,41c3cff745583fe16908c309126d70e41415ad78f2790f83925cbb0a70eb9065,2024-09-06T22:43:49.557000 CVE-2024-5009,0,0,4fd7bfd86519955de695550b550ff6287bae2637bb330aab0edb8e0b318761f0,2024-09-06T22:43:04.747000 CVE-2024-5010,0,0,3c850c266940942fbe09adbb4c98bc7afc61c3edf80ecba9d04f15eeefca6109,2024-09-06T22:42:39.017000 @@ -265383,8 +265544,8 @@ CVE-2024-7986,0,0,a43751c0931e4929788be7df13e0b692f335646e8ba6bbd66f7625d734a5da CVE-2024-7987,0,0,76927c94eae9954117a932c513da8aebd30f47001e85e588d746e509b6294d24,2024-08-26T18:35:13.553000 CVE-2024-7988,0,0,f1ca0f1a43359526a6c9585e72942b31e1455ffa80a01c452c09ecf831a670e6,2024-08-26T18:35:14.617000 CVE-2024-7989,0,0,cd26af6c9ba19e6a7e0856f5be7c1437b90e54abd28d7f811499d7cb8cc81786,2024-08-26T21:15:29.777000 -CVE-2024-7993,0,1,f5d8ce4e740e416affd8e0aa81b49c04864f17ee770befacf4a96c4d9988583c,2024-10-21T18:27:01.950000 -CVE-2024-7994,0,1,5869f45b11df8c023b86ee171f284a639849bded2dfdba799d5d6a2b878c2a64,2024-10-21T18:35:55.397000 +CVE-2024-7993,0,0,f5d8ce4e740e416affd8e0aa81b49c04864f17ee770befacf4a96c4d9988583c,2024-10-21T18:27:01.950000 +CVE-2024-7994,0,0,5869f45b11df8c023b86ee171f284a639849bded2dfdba799d5d6a2b878c2a64,2024-10-21T18:35:55.397000 CVE-2024-7998,0,0,8aa3505a1b6ed462573d7b65c55c5633ff88a81168885ae03bec6b1db69a2167,2024-08-21T12:30:33.697000 CVE-2024-8003,0,0,1eb6cc8bd16248d54ed281136e233da0a723cb74879af6e3337c9532a3caf8e1,2024-08-21T15:51:28.397000 CVE-2024-8004,0,0,6053860c0b4fdc62f3a7122a051813b35afd677f12aaae8780fae160750aa789,2024-09-04T14:56:46.947000 @@ -265811,7 +265972,7 @@ CVE-2024-8621,0,0,da11617ee187bea39361c3e736358efdd8e000970ca04e836eaac8c5eeb75d CVE-2024-8622,0,0,3dd68829fc11e22f0c21c42ebfb82eece7f179bcaa47d99ccdf324ecdb81f1e2,2024-09-26T14:59:27.770000 CVE-2024-8623,0,0,b38d11e5ea040f7d1c1df76eb8b329847342918d3746a88d315f2eac79041136,2024-09-26T16:46:28.590000 CVE-2024-8624,0,0,1732629a73b0f7a73256425937c92b86f35ca441eabdeb398d592189eec06617,2024-09-26T16:45:40.470000 -CVE-2024-8625,0,0,eaa35f0f916143fbe7a79cf12dd88e2402dd5c384be43d893a2fa29be259065a,2024-10-21T17:09:45.417000 +CVE-2024-8625,0,1,eb4be4a2bb6b14d702cc0e9e5afc32446db7496f5d76ed65f94ac85d514cbea0,2024-10-21T20:35:22.930000 CVE-2024-8626,0,0,0a3a6a067accd62c7f1e4362c07a97c5507716edc2a0ef32e9c35b5c51ec20a4,2024-10-10T12:56:30.817000 CVE-2024-8628,0,0,eae51dc9330e4c3449bbbf5b2aafba06ad0db1b999ee8c88380618befb3102be,2024-09-26T16:42:16.700000 CVE-2024-8629,0,0,6c9063bb86e9be09fbe263c2afa91e0d043c7779d47db076384be2da04357d8a,2024-10-10T12:56:30.817000