diff --git a/mapping.csv b/mapping.csv index 4ca05b111dd..8d5e824b249 100644 --- a/mapping.csv +++ b/mapping.csv @@ -226816,3 +226816,150 @@ vulnerability,CVE-2020-36786,vulnerability--9187c9c8-0abc-40dc-ab6d-1064882bbe00 vulnerability,CVE-2020-36781,vulnerability--92d3147f-137f-4f80-a6ad-1bd7201bac02 vulnerability,CVE-2020-36778,vulnerability--13d2c501-9234-4bc9-9f1c-c0c38e3622ee vulnerability,CVE-2020-36779,vulnerability--29a71ac2-3d1f-4dda-acc3-e570bdf62932 +vulnerability,CVE-2023-52479,vulnerability--c024eed9-649e-402b-9dcd-2b0976b5eea5 +vulnerability,CVE-2023-52492,vulnerability--2b2699ba-2676-4d75-b3e4-f6800376ceb7 +vulnerability,CVE-2023-52494,vulnerability--168f8e85-0ff3-4d8d-873d-dbdb1ce45686 +vulnerability,CVE-2023-52495,vulnerability--2f94825e-a08d-472e-981b-f38701fb641f +vulnerability,CVE-2023-52482,vulnerability--95084b22-43d0-4595-b5db-bd5d25d0f79d +vulnerability,CVE-2023-52488,vulnerability--b73dc48f-4150-41f8-8f4a-176b7c943338 +vulnerability,CVE-2023-52491,vulnerability--1ca771cb-502d-4f17-bd47-6b2acf294f67 +vulnerability,CVE-2023-52487,vulnerability--240d8c22-7e45-4295-86e1-164689249ade +vulnerability,CVE-2023-52490,vulnerability--c5233b78-7ca8-4fa4-bcba-55d22aa48d8b +vulnerability,CVE-2023-52476,vulnerability--ac86276a-09a7-4606-9b10-95ce6dc56676 +vulnerability,CVE-2023-52498,vulnerability--f832de1a-deac-4ddf-9317-3bd0a3b240a3 +vulnerability,CVE-2023-52483,vulnerability--f4bf26b6-690a-4bce-bbcd-5ebdeb250c66 +vulnerability,CVE-2023-52489,vulnerability--77298dc8-756d-4db2-ac15-979fa0f956e0 +vulnerability,CVE-2023-52478,vulnerability--5297280d-1020-4674-905b-7d6c15f6fe25 +vulnerability,CVE-2023-52486,vulnerability--dee86549-a817-4aaf-84c9-a5d9e5a85790 +vulnerability,CVE-2023-52497,vulnerability--2cb875e6-df06-4caa-b063-9f9c9366632a +vulnerability,CVE-2023-52485,vulnerability--e1f4ad96-6ed1-4c4e-83dc-053a684f4aec +vulnerability,CVE-2023-52496,vulnerability--2de7451a-9cc4-4371-9d23-6d9ffd43a2da +vulnerability,CVE-2023-52481,vulnerability--2b8acdaf-6450-4eb6-9e1d-de33b67175e6 +vulnerability,CVE-2023-52475,vulnerability--a07b96ac-67df-4f7c-a7ff-bba0e73e5d8d +vulnerability,CVE-2023-52484,vulnerability--4d21c076-4db7-4cbd-a5fe-070aca8bcb18 +vulnerability,CVE-2023-52480,vulnerability--8306e031-83b3-4798-905a-247d34599f5e +vulnerability,CVE-2023-52477,vulnerability--05b69ac0-fadc-464a-b4f8-00eb044ac5cf +vulnerability,CVE-2023-52493,vulnerability--6b18d904-13d1-400b-807e-e1de56a568fb +vulnerability,CVE-2023-6090,vulnerability--02dd091a-5035-4533-83d5-692215d6e1c3 +vulnerability,CVE-2023-6132,vulnerability--2e91ca56-2f9c-47bc-a8e4-58e237f653ef +vulnerability,CVE-2023-1841,vulnerability--9c188e8d-ff8e-4c0c-ba25-986c54d2fb5b +vulnerability,CVE-2023-38372,vulnerability--34d407d2-a1b2-44a9-b4b5-e45d573c9c38 +vulnerability,CVE-2023-38367,vulnerability--9079fda7-0251-41dd-9b38-ece3cc3052e3 +vulnerability,CVE-2023-47874,vulnerability--ef76aa72-f28d-43a4-aca3-eb542ff2f1c3 +vulnerability,CVE-2023-27545,vulnerability--3c041ce5-e212-4a7d-a6c7-cdfa4a54d6bd +vulnerability,CVE-2023-51529,vulnerability--61d90f44-1ac7-4c16-a082-f41d5eebe337 +vulnerability,CVE-2023-51530,vulnerability--8fae8698-fc30-4eaf-b047-629dccf8afa6 +vulnerability,CVE-2023-51802,vulnerability--9ec3094b-9a95-48fa-9b7a-fe3311b899db +vulnerability,CVE-2023-51800,vulnerability--35c06b7a-6f0d-449a-b625-57a79996aedf +vulnerability,CVE-2023-51531,vulnerability--07689ec7-b6de-4e0f-9546-188b8b57f9ad +vulnerability,CVE-2023-51696,vulnerability--b84096a0-f210-48b2-a250-2d2049e7ba68 +vulnerability,CVE-2023-51801,vulnerability--728d3afb-130b-4e16-be60-459db38ea4eb +vulnerability,CVE-2023-51528,vulnerability--505f8d2d-d24d-41e4-8574-0078199948df +vulnerability,CVE-2023-25921,vulnerability--80cc033f-f897-48d2-bbb4-ea7a9705fc66 +vulnerability,CVE-2023-25926,vulnerability--d332bbe7-60a9-4442-a00d-0cd5d70b31d0 +vulnerability,CVE-2023-50905,vulnerability--acd42170-43b5-4fdf-a91a-bd7c7405304e +vulnerability,CVE-2024-20765,vulnerability--268f2fec-d928-4821-8313-f6ef58e67dbc +vulnerability,CVE-2024-22871,vulnerability--90307e28-3988-42a2-ba70-5acd149e434d +vulnerability,CVE-2024-1982,vulnerability--83432cc0-1f19-4626-8b39-39abd8e61b56 +vulnerability,CVE-2024-1949,vulnerability--1a35dfae-7050-402f-9b2f-bdcdaec14159 +vulnerability,CVE-2024-1468,vulnerability--b2cc591d-6c2c-4644-b3e0-e9abb0e8894c +vulnerability,CVE-2024-1434,vulnerability--d1bcaa4a-fae0-4c58-a6a0-83e38f726138 +vulnerability,CVE-2024-1953,vulnerability--c6c40fad-f955-4027-ae0c-896fd0b507bb +vulnerability,CVE-2024-1888,vulnerability--c39e73ac-71c9-4d42-a1ea-f79a06166ce5 +vulnerability,CVE-2024-1437,vulnerability--b045b25f-4fd8-46b4-afc9-7627a8b8f046 +vulnerability,CVE-2024-1939,vulnerability--e3664337-1ac2-4a3a-bf08-ce12ac2716b3 +vulnerability,CVE-2024-1595,vulnerability--1c5843f2-94a1-4061-9b84-411c8d6d5f1c +vulnerability,CVE-2024-1942,vulnerability--8ebbaf8c-e232-4c89-b23a-bbe9a9102518 +vulnerability,CVE-2024-1976,vulnerability--82c22767-105b-4734-87af-4e3500710639 +vulnerability,CVE-2024-1977,vulnerability--912827e9-732d-4926-b53e-9205665e525f +vulnerability,CVE-2024-1981,vulnerability--0c67a7be-090b-491b-a34f-4c076ed21a6b +vulnerability,CVE-2024-1952,vulnerability--a01e4428-0b10-49e6-abf7-17738feec27b +vulnerability,CVE-2024-1887,vulnerability--bb0132ff-3877-475b-b674-f75ee9217d62 +vulnerability,CVE-2024-1619,vulnerability--fdf274dd-ff8c-4844-a66c-74a83b88558b +vulnerability,CVE-2024-1341,vulnerability--52b9c6df-5696-447c-ba92-652ef8ec5136 +vulnerability,CVE-2024-1978,vulnerability--f22cfb8c-df80-4b32-beb4-21222b286df9 +vulnerability,CVE-2024-1435,vulnerability--c4e4547c-af2d-442d-8a6a-a3dd08927243 +vulnerability,CVE-2024-1908,vulnerability--5a668236-c515-4777-8600-8288f5750d08 +vulnerability,CVE-2024-1938,vulnerability--9daf9750-0bbd-40b1-835e-1c1a76afac92 +vulnerability,CVE-2024-23488,vulnerability--f9a4122f-1081-4693-b8ad-a0e931533285 +vulnerability,CVE-2024-23493,vulnerability--db506b5e-a7b9-4f12-ae4b-a7efe361ad4a +vulnerability,CVE-2024-23501,vulnerability--7ea721e8-a062-4925-9d34-4f084832a913 +vulnerability,CVE-2024-2009,vulnerability--49659866-8192-41ec-b0db-498e60711b5a +vulnerability,CVE-2024-2015,vulnerability--bed9c15d-69a6-4eac-8c8a-dd503040f98c +vulnerability,CVE-2024-2007,vulnerability--c169e4a7-4898-42fa-a68d-a0fdbedb1158 +vulnerability,CVE-2024-2001,vulnerability--d148267c-1056-4332-a09a-e63fdc7ad09c +vulnerability,CVE-2024-2014,vulnerability--2fae0601-5d5a-436f-9b2f-e0c86388217c +vulnerability,CVE-2024-2045,vulnerability--ee9012c5-bec0-491a-9bee-b39498907bba +vulnerability,CVE-2024-2021,vulnerability--dd38a2c3-0fd8-421f-96bc-df5dff83f3a0 +vulnerability,CVE-2024-2016,vulnerability--caaadc4a-c693-4673-83bf-5223be8d065d +vulnerability,CVE-2024-26612,vulnerability--f7d808c8-45b1-4ece-ac21-09e90d3f47d4 +vulnerability,CVE-2024-26617,vulnerability--feacf238-6d5c-4723-a7c3-92afd1cfe43b +vulnerability,CVE-2024-26614,vulnerability--c562300b-abb8-4d44-b50f-f76a8cbf0a4e +vulnerability,CVE-2024-26611,vulnerability--861f2482-d100-4d5d-a76c-b22e726901bb +vulnerability,CVE-2024-26618,vulnerability--e56b76e1-f517-40e0-b002-62dcb4366564 +vulnerability,CVE-2024-26619,vulnerability--15072d46-64e0-4a68-8f34-50e47453756d +vulnerability,CVE-2024-26548,vulnerability--32f0a797-28a8-4366-901f-3acde757a00a +vulnerability,CVE-2024-26613,vulnerability--aab046bb-9588-4c68-aa76-84319ccbe70f +vulnerability,CVE-2024-26608,vulnerability--9d37727d-4fb0-4a30-be0e-3219ed4725e9 +vulnerability,CVE-2024-26616,vulnerability--10e1e7c4-7ba8-4ac6-82ac-c13a4bdf9841 +vulnerability,CVE-2024-26196,vulnerability--943e1457-8834-4337-931d-fd5b384e8523 +vulnerability,CVE-2024-26609,vulnerability--0369a69c-ff30-48ef-9997-37ca979f902c +vulnerability,CVE-2024-26610,vulnerability--df7edde1-2160-4346-b005-af1d2b7251b8 +vulnerability,CVE-2024-26615,vulnerability--aa9db191-e1dd-4496-be45-01f933aa28df +vulnerability,CVE-2024-26607,vulnerability--fce1eea9-be37-43a9-9e78-671a51314b98 +vulnerability,CVE-2024-26620,vulnerability--cb2d7e98-78ea-47b4-8737-18aef622722d +vulnerability,CVE-2024-27661,vulnerability--865b7161-9db3-4af9-8e2f-31be566073f8 +vulnerability,CVE-2024-27290,vulnerability--39de7e01-a613-4a71-9d79-a6287916e770 +vulnerability,CVE-2024-27659,vulnerability--c750f570-19d2-4cb0-93bc-654f20a58c44 +vulnerability,CVE-2024-27656,vulnerability--ae5c2742-6ab4-40ad-bda0-3bf49cbb65b0 +vulnerability,CVE-2024-27658,vulnerability--dad80d4f-4a51-448e-b38f-af831e9bee7d +vulnerability,CVE-2024-27662,vulnerability--5cdc0c38-32ff-4bbe-b5fc-7cbbf1ff28d6 +vulnerability,CVE-2024-27094,vulnerability--5b8a6497-4a10-4cb4-bee7-38731332e0bf +vulnerability,CVE-2024-27660,vulnerability--e29057a3-987d-429c-97f9-a5a5380929a5 +vulnerability,CVE-2024-27906,vulnerability--d4017623-0dc0-444d-adda-8d8f116c1994 +vulnerability,CVE-2024-27655,vulnerability--bf914637-915d-4c86-a7bb-ee45b7f5a69a +vulnerability,CVE-2024-27291,vulnerability--35846607-e60a-4638-a797-862b1818255d +vulnerability,CVE-2024-27294,vulnerability--5730505f-119d-44b1-8f8c-3377c4faa22f +vulnerability,CVE-2024-27292,vulnerability--b85bba86-d17e-4eef-be04-22ee4a5cc697 +vulnerability,CVE-2024-27657,vulnerability--75b4e975-8910-4d07-adb7-68f3010633f3 +vulnerability,CVE-2024-0403,vulnerability--aeef469d-4580-42d8-bde9-1766ed252c92 +vulnerability,CVE-2024-0864,vulnerability--50c8cb16-bc62-4ac2-81c6-9a7851e5c1d0 +vulnerability,CVE-2024-0689,vulnerability--85675ddc-2f60-43d0-b441-1ccc99ecd455 +vulnerability,CVE-2024-0068,vulnerability--f2258a1d-d988-4520-aa21-e975185bc545 +vulnerability,CVE-2024-24988,vulnerability--396bc27f-7438-4cce-876c-94284e0c40a4 +vulnerability,CVE-2024-24525,vulnerability--d3881f82-94c1-4767-8c05-7b471dbdc585 +vulnerability,CVE-2024-24520,vulnerability--b33840f7-4d23-495a-ab55-08f47deed31c +vulnerability,CVE-2024-24818,vulnerability--b6b0d9f8-5bfc-42e7-bec6-8e29eac954b1 +vulnerability,CVE-2024-24110,vulnerability--08b4fb8e-b183-49e8-9985-ff2ff1a547a1 +vulnerability,CVE-2024-24028,vulnerability--b06a768a-a0c2-49e8-bc44-8eaea3e86906 +vulnerability,CVE-2024-24246,vulnerability--1e7cdefb-4d57-41c1-9b5b-9b5a7ea1ed97 +vulnerability,CVE-2024-21752,vulnerability--0e0a4ff5-5168-490b-9471-066e02124e35 +vulnerability,CVE-2024-25167,vulnerability--279008a3-30c3-4ac1-b486-41cdeb9d0038 +vulnerability,CVE-2024-25292,vulnerability--a48f70b5-7f1e-4716-b99f-6028da9f66f9 +vulnerability,CVE-2024-25093,vulnerability--d3d42663-94de-4e71-9b2e-e507381f00ac +vulnerability,CVE-2024-25094,vulnerability--67db70c9-71a6-4b8c-8f29-1d87756ac267 +vulnerability,CVE-2024-25291,vulnerability--d9c34aa4-fe59-4670-bd2d-d88b6b5a2969 +vulnerability,CVE-2024-25811,vulnerability--0ba6fb2e-f329-4bbc-8df6-abab404dde8d +vulnerability,CVE-2024-25594,vulnerability--1e0cd850-ae29-4265-9654-b331a8fde0d6 +vulnerability,CVE-2024-25098,vulnerability--e7e0ac8d-372e-4797-a2ac-daee6912d3b2 +vulnerability,CVE-2024-25239,vulnerability--359cf762-5c92-4a2a-9a20-3da06a987bc0 +vulnerability,CVE-2024-25180,vulnerability--9b89f0cf-c5d5-4f0a-901f-f075d00abb9d +vulnerability,CVE-2021-46959,vulnerability--3d59114a-3572-43b8-88da-c69a2d170df5 +vulnerability,CVE-2021-47055,vulnerability--a4734a01-e988-4cbd-bf36-1fe576dd0107 +vulnerability,CVE-2021-47068,vulnerability--689a2b37-e60c-4570-82dc-6e8df701f317 +vulnerability,CVE-2021-47057,vulnerability--c42dea90-04df-46f7-8074-86f02b95a09b +vulnerability,CVE-2021-47054,vulnerability--98aa4a17-3553-4d8e-87b6-986645e475f1 +vulnerability,CVE-2021-47064,vulnerability--e8784bff-8c2c-4f9f-9ae9-6a0194d7200d +vulnerability,CVE-2021-47016,vulnerability--3f2ba45d-d4d1-48b8-9775-d99418a67276 +vulnerability,CVE-2021-47060,vulnerability--63414db8-5c92-483b-a417-9b6b8237467d +vulnerability,CVE-2021-47061,vulnerability--c5e3d79b-9b56-432a-a532-573517dfc367 +vulnerability,CVE-2021-47059,vulnerability--a8ea47f8-5c67-4071-9611-edb3075a7075 +vulnerability,CVE-2021-47056,vulnerability--1d8a2dbc-e461-45fe-ab2c-90b613bca33e +vulnerability,CVE-2021-47062,vulnerability--1ff93ff1-1721-45c7-b2e3-f6ba14a43ff0 +vulnerability,CVE-2021-47063,vulnerability--5e7a519c-c7ba-4d1c-b23e-76d1dcc236c1 +vulnerability,CVE-2021-47020,vulnerability--3b26ea4e-de63-4cea-944c-dac143e5fec0 +vulnerability,CVE-2021-47067,vulnerability--d451eba7-4a35-4a54-a3a5-64a2ebf83878 +vulnerability,CVE-2021-47066,vulnerability--6151d122-428f-4dac-9327-01931bd48712 +vulnerability,CVE-2021-47065,vulnerability--30124c95-9b5a-44b9-ab6f-99b164101876 +vulnerability,CVE-2021-47058,vulnerability--27e743ae-24a3-4550-9254-0ef4482fc366 +vulnerability,CVE-2021-39090,vulnerability--ba30e3dc-bf87-4945-85d9-2180539d7ee8 diff --git a/objects/vulnerability/vulnerability--02dd091a-5035-4533-83d5-692215d6e1c3.json b/objects/vulnerability/vulnerability--02dd091a-5035-4533-83d5-692215d6e1c3.json new file mode 100644 index 00000000000..a86b8ac7deb --- /dev/null +++ b/objects/vulnerability/vulnerability--02dd091a-5035-4533-83d5-692215d6e1c3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e63a4394-5a3c-400a-8eb6-888eed1385a5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--02dd091a-5035-4533-83d5-692215d6e1c3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:46.46126Z", + "modified": "2024-03-01T00:30:46.46126Z", + "name": "CVE-2023-6090", + "description": "Unrestricted Upload of File with Dangerous Type vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a through 7.3.11.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6090" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0369a69c-ff30-48ef-9997-37ca979f902c.json b/objects/vulnerability/vulnerability--0369a69c-ff30-48ef-9997-37ca979f902c.json new file mode 100644 index 00000000000..b1ceaa56c71 --- /dev/null +++ b/objects/vulnerability/vulnerability--0369a69c-ff30-48ef-9997-37ca979f902c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e101bc64-8b8b-4c9f-a0b7-819ff7b5f52b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0369a69c-ff30-48ef-9997-37ca979f902c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.310227Z", + "modified": "2024-03-01T00:30:49.310227Z", + "name": "CVE-2024-26609", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: reject QUEUE/DROP verdict parameters\n\nThis reverts commit e0abdadcc6e1.\n\ncore.c:nf_hook_slow assumes that the upper 16 bits of NF_DROP\nverdicts contain a valid errno, i.e. -EPERM, -EHOSTUNREACH or similar,\nor 0.\n\nDue to the reverted commit, its possible to provide a positive\nvalue, e.g. NF_ACCEPT (1), which results in use-after-free.\n\nIts not clear to me why this commit was made.\n\nNF_QUEUE is not used by nftables; \"queue\" rules in nftables\nwill result in use of \"nft_queue\" expression.\n\nIf we later need to allow specifiying errno values from userspace\n(do not know why), this has to call NF_DROP_GETERR and check that\n\"err <= 0\" holds true.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-26609" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--05b69ac0-fadc-464a-b4f8-00eb044ac5cf.json b/objects/vulnerability/vulnerability--05b69ac0-fadc-464a-b4f8-00eb044ac5cf.json new file mode 100644 index 00000000000..23cafe9d141 --- /dev/null +++ b/objects/vulnerability/vulnerability--05b69ac0-fadc-464a-b4f8-00eb044ac5cf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--05dce5b1-5fc2-40b5-b180-b91c4fbfa225", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--05b69ac0-fadc-464a-b4f8-00eb044ac5cf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:45.908132Z", + "modified": "2024-03-01T00:30:45.908132Z", + "name": "CVE-2023-52477", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: hub: Guard against accesses to uninitialized BOS descriptors\n\nMany functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h\naccess fields inside udev->bos without checking if it was allocated and\ninitialized. If usb_get_bos_descriptor() fails for whatever\nreason, udev->bos will be NULL and those accesses will result in a\ncrash:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000018\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 5 PID: 17818 Comm: kworker/5:1 Tainted: G W 5.15.108-18910-gab0e1cb584e1 #1 \nHardware name: Google Kindred/Kindred, BIOS Google_Kindred.12672.413.0 02/03/2021\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:hub_port_reset+0x193/0x788\nCode: 89 f7 e8 20 f7 15 00 48 8b 43 08 80 b8 96 03 00 00 03 75 36 0f b7 88 92 03 00 00 81 f9 10 03 00 00 72 27 48 8b 80 a8 03 00 00 <48> 83 78 18 00 74 19 48 89 df 48 8b 75 b0 ba 02 00 00 00 4c 89 e9\nRSP: 0018:ffffab740c53fcf8 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffffa1bc5f678000 RCX: 0000000000000310\nRDX: fffffffffffffdff RSI: 0000000000000286 RDI: ffffa1be9655b840\nRBP: ffffab740c53fd70 R08: 00001b7d5edaa20c R09: ffffffffb005e060\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: ffffab740c53fd3e R14: 0000000000000032 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffffa1be96540000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000018 CR3: 000000022e80c005 CR4: 00000000003706e0\nCall Trace:\nhub_event+0x73f/0x156e\n? hub_activate+0x5b7/0x68f\nprocess_one_work+0x1a2/0x487\nworker_thread+0x11a/0x288\nkthread+0x13a/0x152\n? process_one_work+0x487/0x487\n? kthread_associate_blkcg+0x70/0x70\nret_from_fork+0x1f/0x30\n\nFall back to a default behavior if the BOS descriptor isn't accessible\nand skip all the functionalities that depend on it: LPM support checks,\nSuper Speed capabilitiy checks, U1/U2 states setup.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52477" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--07689ec7-b6de-4e0f-9546-188b8b57f9ad.json b/objects/vulnerability/vulnerability--07689ec7-b6de-4e0f-9546-188b8b57f9ad.json new file mode 100644 index 00000000000..369b900a87c --- /dev/null +++ b/objects/vulnerability/vulnerability--07689ec7-b6de-4e0f-9546-188b8b57f9ad.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--01b156ad-fe01-4406-ac3c-9b097122638e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--07689ec7-b6de-4e0f-9546-188b8b57f9ad", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:47.185532Z", + "modified": "2024-03-01T00:30:47.185532Z", + "name": "CVE-2023-51531", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thrive Automator.This issue affects Thrive Automator: from n/a through 1.17.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-51531" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--08b4fb8e-b183-49e8-9985-ff2ff1a547a1.json b/objects/vulnerability/vulnerability--08b4fb8e-b183-49e8-9985-ff2ff1a547a1.json new file mode 100644 index 00000000000..a61e1b7ec1e --- /dev/null +++ b/objects/vulnerability/vulnerability--08b4fb8e-b183-49e8-9985-ff2ff1a547a1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--98170bb8-4c7e-4ea8-b141-a6d649285962", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--08b4fb8e-b183-49e8-9985-ff2ff1a547a1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.476117Z", + "modified": "2024-03-01T00:30:49.476117Z", + "name": "CVE-2024-24110", + "description": "SQL Injection vulnerability in crmeb_java before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24110" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0ba6fb2e-f329-4bbc-8df6-abab404dde8d.json b/objects/vulnerability/vulnerability--0ba6fb2e-f329-4bbc-8df6-abab404dde8d.json new file mode 100644 index 00000000000..57470f7ffac --- /dev/null +++ b/objects/vulnerability/vulnerability--0ba6fb2e-f329-4bbc-8df6-abab404dde8d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c109c3e9-fd6a-4fba-b5d5-97d4f0d9d2ae", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0ba6fb2e-f329-4bbc-8df6-abab404dde8d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.572754Z", + "modified": "2024-03-01T00:30:49.572754Z", + "name": "CVE-2024-25811", + "description": "An access control issue in Dreamer CMS v4.0.1 allows attackers to download backup files and leak sensitive information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25811" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0c67a7be-090b-491b-a34f-4c076ed21a6b.json b/objects/vulnerability/vulnerability--0c67a7be-090b-491b-a34f-4c076ed21a6b.json new file mode 100644 index 00000000000..b03192e6673 --- /dev/null +++ b/objects/vulnerability/vulnerability--0c67a7be-090b-491b-a34f-4c076ed21a6b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--29593bb9-1bb8-4d1d-83b2-97400a1c8e33", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0c67a7be-090b-491b-a34f-4c076ed21a6b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.186406Z", + "modified": "2024-03-01T00:30:49.186406Z", + "name": "CVE-2024-1981", + "description": "The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to SQL Injection via the 'table_prefix' parameter in version 0.9.68 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1981" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0e0a4ff5-5168-490b-9471-066e02124e35.json b/objects/vulnerability/vulnerability--0e0a4ff5-5168-490b-9471-066e02124e35.json new file mode 100644 index 00000000000..1bb99cc1ee2 --- /dev/null +++ b/objects/vulnerability/vulnerability--0e0a4ff5-5168-490b-9471-066e02124e35.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4acc271e-a1e7-4708-a184-ab97df783117", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0e0a4ff5-5168-490b-9471-066e02124e35", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.524721Z", + "modified": "2024-03-01T00:30:49.524721Z", + "name": "CVE-2024-21752", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.This issue affects Ajax Search Lite: from n/a through 4.11.4.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21752" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--10e1e7c4-7ba8-4ac6-82ac-c13a4bdf9841.json b/objects/vulnerability/vulnerability--10e1e7c4-7ba8-4ac6-82ac-c13a4bdf9841.json new file mode 100644 index 00000000000..ecceb715e36 --- /dev/null +++ b/objects/vulnerability/vulnerability--10e1e7c4-7ba8-4ac6-82ac-c13a4bdf9841.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ea6f785c-26ba-4b2a-86e3-009147889450", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--10e1e7c4-7ba8-4ac6-82ac-c13a4bdf9841", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.306238Z", + "modified": "2024-03-01T00:30:49.306238Z", + "name": "CVE-2024-26616", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: scrub: avoid use-after-free when chunk length is not 64K aligned\n\n[BUG]\nThere is a bug report that, on a ext4-converted btrfs, scrub leads to\nvarious problems, including:\n\n- \"unable to find chunk map\" errors\n BTRFS info (device vdb): scrub: started on devid 1\n BTRFS critical (device vdb): unable to find chunk map for logical 2214744064 length 4096\n BTRFS critical (device vdb): unable to find chunk map for logical 2214744064 length 45056\n\n This would lead to unrepariable errors.\n\n- Use-after-free KASAN reports:\n ==================================================================\n BUG: KASAN: slab-use-after-free in __blk_rq_map_sg+0x18f/0x7c0\n Read of size 8 at addr ffff8881013c9040 by task btrfs/909\n CPU: 0 PID: 909 Comm: btrfs Not tainted 6.7.0-x64v3-dbg #11 c50636e9419a8354555555245df535e380563b2b\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 2023.11-2 12/24/2023\n Call Trace:\n \n dump_stack_lvl+0x43/0x60\n print_report+0xcf/0x640\n kasan_report+0xa6/0xd0\n __blk_rq_map_sg+0x18f/0x7c0\n virtblk_prep_rq.isra.0+0x215/0x6a0 [virtio_blk 19a65eeee9ae6fcf02edfad39bb9ddee07dcdaff]\n virtio_queue_rqs+0xc4/0x310 [virtio_blk 19a65eeee9ae6fcf02edfad39bb9ddee07dcdaff]\n blk_mq_flush_plug_list.part.0+0x780/0x860\n __blk_flush_plug+0x1ba/0x220\n blk_finish_plug+0x3b/0x60\n submit_initial_group_read+0x10a/0x290 [btrfs e57987a360bed82fe8756dcd3e0de5406ccfe965]\n flush_scrub_stripes+0x38e/0x430 [btrfs e57987a360bed82fe8756dcd3e0de5406ccfe965]\n scrub_stripe+0x82a/0xae0 [btrfs e57987a360bed82fe8756dcd3e0de5406ccfe965]\n scrub_chunk+0x178/0x200 [btrfs e57987a360bed82fe8756dcd3e0de5406ccfe965]\n scrub_enumerate_chunks+0x4bc/0xa30 [btrfs e57987a360bed82fe8756dcd3e0de5406ccfe965]\n btrfs_scrub_dev+0x398/0x810 [btrfs e57987a360bed82fe8756dcd3e0de5406ccfe965]\n btrfs_ioctl+0x4b9/0x3020 [btrfs e57987a360bed82fe8756dcd3e0de5406ccfe965]\n __x64_sys_ioctl+0xbd/0x100\n do_syscall_64+0x5d/0xe0\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n RIP: 0033:0x7f47e5e0952b\n\n- Crash, mostly due to above use-after-free\n\n[CAUSE]\nThe converted fs has the following data chunk layout:\n\n item 2 key (FIRST_CHUNK_TREE CHUNK_ITEM 2214658048) itemoff 16025 itemsize 80\n length 86016 owner 2 stripe_len 65536 type DATA|single\n\nFor above logical bytenr 2214744064, it's at the chunk end\n(2214658048 + 86016 = 2214744064).\n\nThis means btrfs_submit_bio() would split the bio, and trigger endio\nfunction for both of the two halves.\n\nHowever scrub_submit_initial_read() would only expect the endio function\nto be called once, not any more.\nThis means the first endio function would already free the bbio::bio,\nleaving the bvec freed, thus the 2nd endio call would lead to\nuse-after-free.\n\n[FIX]\n- Make sure scrub_read_endio() only updates bits in its range\n Since we may read less than 64K at the end of the chunk, we should not\n touch the bits beyond chunk boundary.\n\n- Make sure scrub_submit_initial_read() only to read the chunk range\n This is done by calculating the real number of sectors we need to\n read, and add sector-by-sector to the bio.\n\nThankfully the scrub read repair path won't need extra fixes:\n\n- scrub_stripe_submit_repair_read()\n With above fixes, we won't update error bit for range beyond chunk,\n thus scrub_stripe_submit_repair_read() should never submit any read\n beyond the chunk.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-26616" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--15072d46-64e0-4a68-8f34-50e47453756d.json b/objects/vulnerability/vulnerability--15072d46-64e0-4a68-8f34-50e47453756d.json new file mode 100644 index 00000000000..21956652cfb --- /dev/null +++ b/objects/vulnerability/vulnerability--15072d46-64e0-4a68-8f34-50e47453756d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ff9bb254-e884-48fa-8ca2-14d75fcff6bf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--15072d46-64e0-4a68-8f34-50e47453756d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.297118Z", + "modified": "2024-03-01T00:30:49.297118Z", + "name": "CVE-2024-26619", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Fix module loading free order\n\nReverse order of kfree calls to resolve use-after-free error.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-26619" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--168f8e85-0ff3-4d8d-873d-dbdb1ce45686.json b/objects/vulnerability/vulnerability--168f8e85-0ff3-4d8d-873d-dbdb1ce45686.json new file mode 100644 index 00000000000..4ebd50fa578 --- /dev/null +++ b/objects/vulnerability/vulnerability--168f8e85-0ff3-4d8d-873d-dbdb1ce45686.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b26b19cb-884a-4650-ab04-e5581bfbe188", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--168f8e85-0ff3-4d8d-873d-dbdb1ce45686", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:45.86607Z", + "modified": "2024-03-01T00:30:45.86607Z", + "name": "CVE-2023-52494", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: host: Add alignment check for event ring read pointer\n\nThough we do check the event ring read pointer by \"is_valid_ring_ptr\"\nto make sure it is in the buffer range, but there is another risk the\npointer may be not aligned. Since we are expecting event ring elements\nare 128 bits(struct mhi_ring_element) aligned, an unaligned read pointer\ncould lead to multiple issues like DoS or ring buffer memory corruption.\n\nSo add a alignment check for event ring read pointer.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52494" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1a35dfae-7050-402f-9b2f-bdcdaec14159.json b/objects/vulnerability/vulnerability--1a35dfae-7050-402f-9b2f-bdcdaec14159.json new file mode 100644 index 00000000000..7f91e7a6f2a --- /dev/null +++ b/objects/vulnerability/vulnerability--1a35dfae-7050-402f-9b2f-bdcdaec14159.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9146b48b-857c-4c03-8877-ce8038ac1e78", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1a35dfae-7050-402f-9b2f-bdcdaec14159", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.146124Z", + "modified": "2024-03-01T00:30:49.146124Z", + "name": "CVE-2024-1949", + "description": "A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1949" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1c5843f2-94a1-4061-9b84-411c8d6d5f1c.json b/objects/vulnerability/vulnerability--1c5843f2-94a1-4061-9b84-411c8d6d5f1c.json new file mode 100644 index 00000000000..8354e33ff6d --- /dev/null +++ b/objects/vulnerability/vulnerability--1c5843f2-94a1-4061-9b84-411c8d6d5f1c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b641d439-55cb-4e15-8683-ec751b043cb3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1c5843f2-94a1-4061-9b84-411c8d6d5f1c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.166161Z", + "modified": "2024-03-01T00:30:49.166161Z", + "name": "CVE-2024-1595", + "description": "Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82\n\n insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1595" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1ca771cb-502d-4f17-bd47-6b2acf294f67.json b/objects/vulnerability/vulnerability--1ca771cb-502d-4f17-bd47-6b2acf294f67.json new file mode 100644 index 00000000000..b74b25e9b8d --- /dev/null +++ b/objects/vulnerability/vulnerability--1ca771cb-502d-4f17-bd47-6b2acf294f67.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--71bae7b4-5188-473a-b988-36b1b80c4fa3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1ca771cb-502d-4f17-bd47-6b2acf294f67", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:45.875651Z", + "modified": "2024-03-01T00:30:45.875651Z", + "name": "CVE-2023-52491", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run\n\nIn mtk_jpeg_probe, &jpeg->job_timeout_work is bound with\nmtk_jpeg_job_timeout_work.\n\nIn mtk_jpeg_dec_device_run, if error happens in\nmtk_jpeg_set_dec_dst, it will finally start the worker while\nmark the job as finished by invoking v4l2_m2m_job_finish.\n\nThere are two methods to trigger the bug. If we remove the\nmodule, it which will call mtk_jpeg_remove to make cleanup.\nThe possible sequence is as follows, which will cause a\nuse-after-free bug.\n\nCPU0 CPU1\nmtk_jpeg_dec_... |\n start worker\t |\n |mtk_jpeg_job_timeout_work\nmtk_jpeg_remove |\n v4l2_m2m_release |\n kfree(m2m_dev); |\n |\n | v4l2_m2m_get_curr_priv\n | m2m_dev->curr_ctx //use\n\nIf we close the file descriptor, which will call mtk_jpeg_release,\nit will have a similar sequence.\n\nFix this bug by starting timeout worker only if started jpegdec worker\nsuccessfully. Then v4l2_m2m_job_finish will only be called in\neither mtk_jpeg_job_timeout_work or mtk_jpeg_dec_device_run.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52491" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1d8a2dbc-e461-45fe-ab2c-90b613bca33e.json b/objects/vulnerability/vulnerability--1d8a2dbc-e461-45fe-ab2c-90b613bca33e.json new file mode 100644 index 00000000000..94ac00a572f --- /dev/null +++ b/objects/vulnerability/vulnerability--1d8a2dbc-e461-45fe-ab2c-90b613bca33e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fc191cc6-cb8c-4cdc-bb23-41cab913f1b5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1d8a2dbc-e461-45fe-ab2c-90b613bca33e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:51.441719Z", + "modified": "2024-03-01T00:30:51.441719Z", + "name": "CVE-2021-47056", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init\n\nADF_STATUS_PF_RUNNING is (only) used and checked by adf_vf2pf_shutdown()\nbefore calling adf_iov_putmsg()->mutex_lock(vf2pf_lock), however the\nvf2pf_lock is initialized in adf_dev_init(), which can fail and when it\nfail, the vf2pf_lock is either not initialized or destroyed, a subsequent\nuse of vf2pf_lock will cause issue.\nTo fix this issue, only set this flag if adf_dev_init() returns 0.\n\n[ 7.178404] BUG: KASAN: user-memory-access in __mutex_lock.isra.0+0x1ac/0x7c0\n[ 7.180345] Call Trace:\n[ 7.182576] mutex_lock+0xc9/0xd0\n[ 7.183257] adf_iov_putmsg+0x118/0x1a0 [intel_qat]\n[ 7.183541] adf_vf2pf_shutdown+0x4d/0x7b [intel_qat]\n[ 7.183834] adf_dev_shutdown+0x172/0x2b0 [intel_qat]\n[ 7.184127] adf_probe+0x5e9/0x600 [qat_dh895xccvf]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47056" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1e0cd850-ae29-4265-9654-b331a8fde0d6.json b/objects/vulnerability/vulnerability--1e0cd850-ae29-4265-9654-b331a8fde0d6.json new file mode 100644 index 00000000000..ca2b9f0137b --- /dev/null +++ b/objects/vulnerability/vulnerability--1e0cd850-ae29-4265-9654-b331a8fde0d6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9e67dfc1-9cd8-4187-af26-d7806f50faa7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1e0cd850-ae29-4265-9654-b331a8fde0d6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.586027Z", + "modified": "2024-03-01T00:30:49.586027Z", + "name": "CVE-2024-25594", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Savvy Wordpress Development MyWaze allows Stored XSS.This issue affects MyWaze: from n/a through 1.6.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25594" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1e7cdefb-4d57-41c1-9b5b-9b5a7ea1ed97.json b/objects/vulnerability/vulnerability--1e7cdefb-4d57-41c1-9b5b-9b5a7ea1ed97.json new file mode 100644 index 00000000000..4148c368788 --- /dev/null +++ b/objects/vulnerability/vulnerability--1e7cdefb-4d57-41c1-9b5b-9b5a7ea1ed97.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--344af17e-8114-495e-96bd-823d681434bf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1e7cdefb-4d57-41c1-9b5b-9b5a7ea1ed97", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.500162Z", + "modified": "2024-03-01T00:30:49.500162Z", + "name": "CVE-2024-24246", + "description": "Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24246" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1ff93ff1-1721-45c7-b2e3-f6ba14a43ff0.json b/objects/vulnerability/vulnerability--1ff93ff1-1721-45c7-b2e3-f6ba14a43ff0.json new file mode 100644 index 00000000000..e5a2a4c67a6 --- /dev/null +++ b/objects/vulnerability/vulnerability--1ff93ff1-1721-45c7-b2e3-f6ba14a43ff0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b4db63a6-2572-4891-91ee-eb67171e1f1c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1ff93ff1-1721-45c7-b2e3-f6ba14a43ff0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:51.443107Z", + "modified": "2024-03-01T00:30:51.443107Z", + "name": "CVE-2021-47062", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Use online_vcpus, not created_vcpus, to iterate over vCPUs\n\nUse the kvm_for_each_vcpu() helper to iterate over vCPUs when encrypting\nVMSAs for SEV, which effectively switches to use online_vcpus instead of\ncreated_vcpus. This fixes a possible null-pointer dereference as\ncreated_vcpus does not guarantee a vCPU exists, since it is updated at\nthe very beginning of KVM_CREATE_VCPU. created_vcpus exists to allow the\nbulk of vCPU creation to run in parallel, while still correctly\nrestricting the max number of max vCPUs.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47062" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--240d8c22-7e45-4295-86e1-164689249ade.json b/objects/vulnerability/vulnerability--240d8c22-7e45-4295-86e1-164689249ade.json new file mode 100644 index 00000000000..e3c65b2dac2 --- /dev/null +++ b/objects/vulnerability/vulnerability--240d8c22-7e45-4295-86e1-164689249ade.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--391bba4f-532f-4401-88ab-125985935938", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--240d8c22-7e45-4295-86e1-164689249ade", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:45.87848Z", + "modified": "2024-03-01T00:30:45.87848Z", + "name": "CVE-2023-52487", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix peer flow lists handling\n\nThe cited change refactored mlx5e_tc_del_fdb_peer_flow() to only clear DUP\nflag when list of peer flows has become empty. However, if any concurrent\nuser holds a reference to a peer flow (for example, the neighbor update\nworkqueue task is updating peer flow's parent encap entry concurrently),\nthen the flow will not be removed from the peer list and, consecutively,\nDUP flag will remain set. Since mlx5e_tc_del_fdb_peers_flow() calls\nmlx5e_tc_del_fdb_peer_flow() for every possible peer index the algorithm\nwill try to remove the flow from eswitch instances that it has never peered\nwith causing either NULL pointer dereference when trying to remove the flow\npeer list head of peer_index that was never initialized or a warning if the\nlist debug config is enabled[0].\n\nFix the issue by always removing the peer flow from the list even when not\nreleasing the last reference to it.\n\n[0]:\n\n[ 3102.985806] ------------[ cut here ]------------\n[ 3102.986223] list_del corruption, ffff888139110698->next is NULL\n[ 3102.986757] WARNING: CPU: 2 PID: 22109 at lib/list_debug.c:53 __list_del_entry_valid_or_report+0x4f/0xc0\n[ 3102.987561] Modules linked in: act_ct nf_flow_table bonding act_tunnel_key act_mirred act_skbedit vxlan cls_matchall nfnetlink_cttimeout act_gact cls_flower sch_ingress mlx5_vdpa vringh vhost_iotlb vdpa openvswitch nsh xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat xt_addrtype xt_conntrack nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcg\nss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core mlx5_core [last unloaded: bonding]\n[ 3102.991113] CPU: 2 PID: 22109 Comm: revalidator28 Not tainted 6.6.0-rc6+ #3\n[ 3102.991695] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[ 3102.992605] RIP: 0010:__list_del_entry_valid_or_report+0x4f/0xc0\n[ 3102.993122] Code: 39 c2 74 56 48 8b 32 48 39 fe 75 62 48 8b 51 08 48 39 f2 75 73 b8 01 00 00 00 c3 48 89 fe 48 c7 c7 48 fd 0a 82 e8 41 0b ad ff <0f> 0b 31 c0 c3 48 89 fe 48 c7 c7 70 fd 0a 82 e8 2d 0b ad ff 0f 0b\n[ 3102.994615] RSP: 0018:ffff8881383e7710 EFLAGS: 00010286\n[ 3102.995078] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000\n[ 3102.995670] RDX: 0000000000000001 RSI: ffff88885f89b640 RDI: ffff88885f89b640\n[ 3102.997188] DEL flow 00000000be367878 on port 0\n[ 3102.998594] RBP: dead000000000122 R08: 0000000000000000 R09: c0000000ffffdfff\n[ 3102.999604] R10: 0000000000000008 R11: ffff8881383e7598 R12: dead000000000100\n[ 3103.000198] R13: 0000000000000002 R14: ffff888139110000 R15: ffff888101901240\n[ 3103.000790] FS: 00007f424cde4700(0000) GS:ffff88885f880000(0000) knlGS:0000000000000000\n[ 3103.001486] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 3103.001986] CR2: 00007fd42e8dcb70 CR3: 000000011e68a003 CR4: 0000000000370ea0\n[ 3103.002596] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 3103.003190] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 3103.003787] Call Trace:\n[ 3103.004055] \n[ 3103.004297] ? __warn+0x7d/0x130\n[ 3103.004623] ? __list_del_entry_valid_or_report+0x4f/0xc0\n[ 3103.005094] ? report_bug+0xf1/0x1c0\n[ 3103.005439] ? console_unlock+0x4a/0xd0\n[ 3103.005806] ? handle_bug+0x3f/0x70\n[ 3103.006149] ? exc_invalid_op+0x13/0x60\n[ 3103.006531] ? asm_exc_invalid_op+0x16/0x20\n[ 3103.007430] ? __list_del_entry_valid_or_report+0x4f/0xc0\n[ 3103.007910] mlx5e_tc_del_fdb_peers_flow+0xcf/0x240 [mlx5_core]\n[ 3103.008463] mlx5e_tc_del_flow+0x46/0x270 [mlx5_core]\n[ 3103.008944] mlx5e_flow_put+0x26/0x50 [mlx5_core]\n[ 3103.009401] mlx5e_delete_flower+0x25f/0x380 [mlx5_core]\n[ 3103.009901] tc_setup_cb_destroy+0xab/0x180\n[ 3103.010292] fl_hw_destroy_filter+0x99/0xc0 [cls_flower]\n[ 3103.010779] __fl_delete+0x2d4/0x2f0 [cls_flower]\n[ 3103.0\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52487" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--268f2fec-d928-4821-8313-f6ef58e67dbc.json b/objects/vulnerability/vulnerability--268f2fec-d928-4821-8313-f6ef58e67dbc.json new file mode 100644 index 00000000000..12dabf332b1 --- /dev/null +++ b/objects/vulnerability/vulnerability--268f2fec-d928-4821-8313-f6ef58e67dbc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2543e970-044a-45ed-a89f-c334f7a9b9fd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--268f2fec-d928-4821-8313-f6ef58e67dbc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.004885Z", + "modified": "2024-03-01T00:30:49.004885Z", + "name": "CVE-2024-20765", + "description": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20765" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--279008a3-30c3-4ac1-b486-41cdeb9d0038.json b/objects/vulnerability/vulnerability--279008a3-30c3-4ac1-b486-41cdeb9d0038.json new file mode 100644 index 00000000000..b8e5ea45a58 --- /dev/null +++ b/objects/vulnerability/vulnerability--279008a3-30c3-4ac1-b486-41cdeb9d0038.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--21c7e064-ef85-416c-bcac-7f25569a9813", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--279008a3-30c3-4ac1-b486-41cdeb9d0038", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.554254Z", + "modified": "2024-03-01T00:30:49.554254Z", + "name": "CVE-2024-25167", + "description": "Cross Site Scripting vulnerability in eblog v1.0 allows a remote attacker to execute arbitrary code via a crafted script to the argument description parameter when submitting a comment on a post.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25167" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--27e743ae-24a3-4550-9254-0ef4482fc366.json b/objects/vulnerability/vulnerability--27e743ae-24a3-4550-9254-0ef4482fc366.json new file mode 100644 index 00000000000..245413c71b9 --- /dev/null +++ b/objects/vulnerability/vulnerability--27e743ae-24a3-4550-9254-0ef4482fc366.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--026d50ce-f736-4d04-b404-0edc02dfde80", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--27e743ae-24a3-4550-9254-0ef4482fc366", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:51.451972Z", + "modified": "2024-03-01T00:30:51.451972Z", + "name": "CVE-2021-47058", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: set debugfs_name to NULL after it is freed\n\nThere is a upstream commit cffa4b2122f5(\"regmap:debugfs:\nFix a memory leak when calling regmap_attach_dev\") that\nadds a if condition when create name for debugfs_name.\nWith below function invoking logical, debugfs_name is\nfreed in regmap_debugfs_exit(), but it is not created again\nbecause of the if condition introduced by above commit.\nregmap_reinit_cache()\n\tregmap_debugfs_exit()\n\t...\n\tregmap_debugfs_init()\nSo, set debugfs_name to NULL after it is freed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47058" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2b2699ba-2676-4d75-b3e4-f6800376ceb7.json b/objects/vulnerability/vulnerability--2b2699ba-2676-4d75-b3e4-f6800376ceb7.json new file mode 100644 index 00000000000..52efaeb592e --- /dev/null +++ b/objects/vulnerability/vulnerability--2b2699ba-2676-4d75-b3e4-f6800376ceb7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d7e97c95-e716-45af-92c5-d53c6c4f49b0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2b2699ba-2676-4d75-b3e4-f6800376ceb7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:45.863161Z", + "modified": "2024-03-01T00:30:45.863161Z", + "name": "CVE-2023-52492", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: fix NULL pointer in channel unregistration function\n\n__dma_async_device_channel_register() can fail. In case of failure,\nchan->local is freed (with free_percpu()), and chan->local is nullified.\nWhen dma_async_device_unregister() is called (because of managed API or\nintentionally by DMA controller driver), channels are unconditionally\nunregistered, leading to this NULL pointer:\n[ 1.318693] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0\n[...]\n[ 1.484499] Call trace:\n[ 1.486930] device_del+0x40/0x394\n[ 1.490314] device_unregister+0x20/0x7c\n[ 1.494220] __dma_async_device_channel_unregister+0x68/0xc0\n\nLook at dma_async_device_register() function error path, channel device\nunregistration is done only if chan->local is not NULL.\n\nThen add the same condition at the beginning of\n__dma_async_device_channel_unregister() function, to avoid NULL pointer\nissue whatever the API used to reach this function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52492" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2b8acdaf-6450-4eb6-9e1d-de33b67175e6.json b/objects/vulnerability/vulnerability--2b8acdaf-6450-4eb6-9e1d-de33b67175e6.json new file mode 100644 index 00000000000..a964baa0efc --- /dev/null +++ b/objects/vulnerability/vulnerability--2b8acdaf-6450-4eb6-9e1d-de33b67175e6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b83ab21a-5438-41ac-8199-128a2270cb7a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2b8acdaf-6450-4eb6-9e1d-de33b67175e6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:45.899669Z", + "modified": "2024-03-01T00:30:45.899669Z", + "name": "CVE-2023-52481", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: errata: Add Cortex-A520 speculative unprivileged load workaround\n\nImplement the workaround for ARM Cortex-A520 erratum 2966298. On an\naffected Cortex-A520 core, a speculatively executed unprivileged load\nmight leak data from a privileged load via a cache side channel. The\nissue only exists for loads within a translation regime with the same\ntranslation (e.g. same ASID and VMID). Therefore, the issue only affects\nthe return to EL0.\n\nThe workaround is to execute a TLBI before returning to EL0 after all\nloads of privileged data. A non-shareable TLBI to any address is\nsufficient.\n\nThe workaround isn't necessary if page table isolation (KPTI) is\nenabled, but for simplicity it will be. Page table isolation should\nnormally be disabled for Cortex-A520 as it supports the CSV3 feature\nand the E0PD feature (used when KASLR is enabled).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52481" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2cb875e6-df06-4caa-b063-9f9c9366632a.json b/objects/vulnerability/vulnerability--2cb875e6-df06-4caa-b063-9f9c9366632a.json new file mode 100644 index 00000000000..6178dc6ebe3 --- /dev/null +++ b/objects/vulnerability/vulnerability--2cb875e6-df06-4caa-b063-9f9c9366632a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bc293a1b-7984-445c-83ff-ffd50d974daa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2cb875e6-df06-4caa-b063-9f9c9366632a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:45.895229Z", + "modified": "2024-03-01T00:30:45.895229Z", + "name": "CVE-2023-52497", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix lz4 inplace decompression\n\nCurrently EROFS can map another compressed buffer for inplace\ndecompression, that was used to handle the cases that some pages of\ncompressed data are actually not in-place I/O.\n\nHowever, like most simple LZ77 algorithms, LZ4 expects the compressed\ndata is arranged at the end of the decompressed buffer and it\nexplicitly uses memmove() to handle overlapping:\n __________________________________________________________\n |_ direction of decompression --> ____ |_ compressed data _|\n\nAlthough EROFS arranges compressed data like this, it typically maps two\nindividual virtual buffers so the relative order is uncertain.\nPreviously, it was hardly observed since LZ4 only uses memmove() for\nshort overlapped literals and x86/arm64 memmove implementations seem to\ncompletely cover it up and they don't have this issue. Juhyung reported\nthat EROFS data corruption can be found on a new Intel x86 processor.\nAfter some analysis, it seems that recent x86 processors with the new\nFSRM feature expose this issue with \"rep movsb\".\n\nLet's strictly use the decompressed buffer for lz4 inplace\ndecompression for now. Later, as an useful improvement, we could try\nto tie up these two buffers together in the correct order.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52497" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2de7451a-9cc4-4371-9d23-6d9ffd43a2da.json b/objects/vulnerability/vulnerability--2de7451a-9cc4-4371-9d23-6d9ffd43a2da.json new file mode 100644 index 00000000000..26dd92d15e6 --- /dev/null +++ b/objects/vulnerability/vulnerability--2de7451a-9cc4-4371-9d23-6d9ffd43a2da.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2b240ebb-b9bf-4167-8904-4879d1c185ab", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2de7451a-9cc4-4371-9d23-6d9ffd43a2da", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:45.898617Z", + "modified": "2024-03-01T00:30:45.898617Z", + "name": "CVE-2023-52496", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: maps: vmu-flash: Fix the (mtd core) switch to ref counters\n\nWhile switching to ref counters for track mtd devices use, the vmu-flash\ndriver was forgotten. The reason for reading the ref counter seems\ndebatable, but let's just fix the build for now.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52496" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2e91ca56-2f9c-47bc-a8e4-58e237f653ef.json b/objects/vulnerability/vulnerability--2e91ca56-2f9c-47bc-a8e4-58e237f653ef.json new file mode 100644 index 00000000000..bfaa89dc21f --- /dev/null +++ b/objects/vulnerability/vulnerability--2e91ca56-2f9c-47bc-a8e4-58e237f653ef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--40258505-f9b8-48a3-85b0-0779ed50dcb2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2e91ca56-2f9c-47bc-a8e4-58e237f653ef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:46.490331Z", + "modified": "2024-03-01T00:30:46.490331Z", + "name": "CVE-2023-6132", + "description": "\nThe vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6132" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2f94825e-a08d-472e-981b-f38701fb641f.json b/objects/vulnerability/vulnerability--2f94825e-a08d-472e-981b-f38701fb641f.json new file mode 100644 index 00000000000..82632febfb5 --- /dev/null +++ b/objects/vulnerability/vulnerability--2f94825e-a08d-472e-981b-f38701fb641f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--785053c5-5d58-4d83-b480-4e1df6327baa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2f94825e-a08d-472e-981b-f38701fb641f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:45.868789Z", + "modified": "2024-03-01T00:30:45.868789Z", + "name": "CVE-2023-52495", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pmic_glink_altmode: fix port sanity check\n\nThe PMIC GLINK altmode driver currently supports at most two ports.\n\nFix the incomplete port sanity check on notifications to avoid\naccessing and corrupting memory beyond the port array if we ever get a\nnotification for an unsupported port.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52495" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2fae0601-5d5a-436f-9b2f-e0c86388217c.json b/objects/vulnerability/vulnerability--2fae0601-5d5a-436f-9b2f-e0c86388217c.json new file mode 100644 index 00000000000..88c8d0591f6 --- /dev/null +++ b/objects/vulnerability/vulnerability--2fae0601-5d5a-436f-9b2f-e0c86388217c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--451ea197-af65-4014-a713-ae9bcccf870d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2fae0601-5d5a-436f-9b2f-e0c86388217c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.266255Z", + "modified": "2024-03-01T00:30:49.266255Z", + "name": "CVE-2024-2014", + "description": "A vulnerability classified as critical was found in Panabit Panalog 202103080942. This vulnerability affects unknown code of the file /Maintain/sprog_upstatus.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-2014" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--30124c95-9b5a-44b9-ab6f-99b164101876.json b/objects/vulnerability/vulnerability--30124c95-9b5a-44b9-ab6f-99b164101876.json new file mode 100644 index 00000000000..46d4521a3b9 --- /dev/null +++ b/objects/vulnerability/vulnerability--30124c95-9b5a-44b9-ab6f-99b164101876.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e49fbc15-3ff9-4054-91b0-81572ca7e11c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--30124c95-9b5a-44b9-ab6f-99b164101876", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:51.450528Z", + "modified": "2024-03-01T00:30:51.450528Z", + "name": "CVE-2021-47065", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtw88: Fix array overrun in rtw_get_tx_power_params()\n\nUsing a kernel with the Undefined Behaviour Sanity Checker (UBSAN) enabled, the\nfollowing array overrun is logged:\n\n================================================================================\nUBSAN: array-index-out-of-bounds in /home/finger/wireless-drivers-next/drivers/net/wireless/realtek/rtw88/phy.c:1789:34\nindex 5 is out of range for type 'u8 [5]'\nCPU: 2 PID: 84 Comm: kworker/u16:3 Tainted: G O 5.12.0-rc5-00086-gd88bba47038e-dirty #651\nHardware name: TOSHIBA TECRA A50-A/TECRA A50-A, BIOS Version 4.50 09/29/2014\nWorkqueue: phy0 ieee80211_scan_work [mac80211]\nCall Trace:\n dump_stack+0x64/0x7c\n ubsan_epilogue+0x5/0x40\n __ubsan_handle_out_of_bounds.cold+0x43/0x48\n rtw_get_tx_power_params+0x83a/drivers/net/wireless/realtek/rtw88/0xad0 [rtw_core]\n ? rtw_pci_read16+0x20/0x20 [rtw_pci]\n ? check_hw_ready+0x50/0x90 [rtw_core]\n rtw_phy_get_tx_power_index+0x4d/0xd0 [rtw_core]\n rtw_phy_set_tx_power_level+0xee/0x1b0 [rtw_core]\n rtw_set_channel+0xab/0x110 [rtw_core]\n rtw_ops_config+0x87/0xc0 [rtw_core]\n ieee80211_hw_config+0x9d/0x130 [mac80211]\n ieee80211_scan_state_set_channel+0x81/0x170 [mac80211]\n ieee80211_scan_work+0x19f/0x2a0 [mac80211]\n process_one_work+0x1dd/0x3a0\n worker_thread+0x49/0x330\n ? rescuer_thread+0x3a0/0x3a0\n kthread+0x134/0x150\n ? kthread_create_worker_on_cpu+0x70/0x70\n ret_from_fork+0x22/0x30\n================================================================================\n\nThe statement where an array is being overrun is shown in the following snippet:\n\n\tif (rate <= DESC_RATE11M)\n\t\ttx_power = pwr_idx_2g->cck_base[group];\n\telse\n====>\t\ttx_power = pwr_idx_2g->bw40_base[group];\n\nThe associated arrays are defined in main.h as follows:\n\nstruct rtw_2g_txpwr_idx {\n\tu8 cck_base[6];\n\tu8 bw40_base[5];\n\tstruct rtw_2g_1s_pwr_idx_diff ht_1s_diff;\n\tstruct rtw_2g_ns_pwr_idx_diff ht_2s_diff;\n\tstruct rtw_2g_ns_pwr_idx_diff ht_3s_diff;\n\tstruct rtw_2g_ns_pwr_idx_diff ht_4s_diff;\n};\n\nThe problem arises because the value of group is 5 for channel 14. The trivial\nincrease in the dimension of bw40_base fails as this struct must match the layout of\nefuse. The fix is to add the rate as an argument to rtw_get_channel_group() and set\nthe group for channel 14 to 4 if rate <= DESC_RATE11M.\n\nThis patch fixes commit fa6dfe6bff24 (\"rtw88: resolve order of tx power setting routines\")", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47065" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--32f0a797-28a8-4366-901f-3acde757a00a.json b/objects/vulnerability/vulnerability--32f0a797-28a8-4366-901f-3acde757a00a.json new file mode 100644 index 00000000000..34d619d16b4 --- /dev/null +++ b/objects/vulnerability/vulnerability--32f0a797-28a8-4366-901f-3acde757a00a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--99677d21-5762-496b-bd36-b9dc73d923c2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--32f0a797-28a8-4366-901f-3acde757a00a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.298878Z", + "modified": "2024-03-01T00:30:49.298878Z", + "name": "CVE-2024-26548", + "description": "An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the upload_file.cgi component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-26548" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--34d407d2-a1b2-44a9-b4b5-e45d573c9c38.json b/objects/vulnerability/vulnerability--34d407d2-a1b2-44a9-b4b5-e45d573c9c38.json new file mode 100644 index 00000000000..f4858f6b524 --- /dev/null +++ b/objects/vulnerability/vulnerability--34d407d2-a1b2-44a9-b4b5-e45d573c9c38.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a7abb892-bb96-47bb-b93e-2b29304af4cb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--34d407d2-a1b2-44a9-b4b5-e45d573c9c38", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:46.739257Z", + "modified": "2024-03-01T00:30:46.739257Z", + "name": "CVE-2023-38372", + "description": "An unauthorized attacker who has obtained an IBM Watson IoT Platform 1.0 security authentication token can use it to impersonate an authorized platform user. IBM X-Force ID: 261201.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-38372" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--35846607-e60a-4638-a797-862b1818255d.json b/objects/vulnerability/vulnerability--35846607-e60a-4638-a797-862b1818255d.json new file mode 100644 index 00000000000..4022cc59c22 --- /dev/null +++ b/objects/vulnerability/vulnerability--35846607-e60a-4638-a797-862b1818255d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--734f2c8d-9850-431b-a94b-094fb3a8bf02", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--35846607-e60a-4638-a797-862b1818255d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.36751Z", + "modified": "2024-03-01T00:30:49.36751Z", + "name": "CVE-2024-27291", + "description": "Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, it is possible to create a URL that acts as an open redirect. The vulnerability has been patched in version 1.4.97 of the master branch.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27291" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--359cf762-5c92-4a2a-9a20-3da06a987bc0.json b/objects/vulnerability/vulnerability--359cf762-5c92-4a2a-9a20-3da06a987bc0.json new file mode 100644 index 00000000000..f3c6c504c86 --- /dev/null +++ b/objects/vulnerability/vulnerability--359cf762-5c92-4a2a-9a20-3da06a987bc0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a268c3f2-fcd3-4bed-8919-9ad37feb000a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--359cf762-5c92-4a2a-9a20-3da06a987bc0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.592092Z", + "modified": "2024-03-01T00:30:49.592092Z", + "name": "CVE-2024-25239", + "description": "SQL Injection vulnerability in Sourcecodester Employee Management System v1.0 allows attackers to run arbitrary SQL commands via crafted POST request to /emloyee_akpoly/Account/login.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25239" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--35c06b7a-6f0d-449a-b625-57a79996aedf.json b/objects/vulnerability/vulnerability--35c06b7a-6f0d-449a-b625-57a79996aedf.json new file mode 100644 index 00000000000..51b24e53da8 --- /dev/null +++ b/objects/vulnerability/vulnerability--35c06b7a-6f0d-449a-b625-57a79996aedf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d441d6f5-831a-46f2-b1f6-3329163f4f13", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--35c06b7a-6f0d-449a-b625-57a79996aedf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:47.173602Z", + "modified": "2024-03-01T00:30:47.173602Z", + "name": "CVE-2023-51800", + "description": "Cross Site Scripting (XSS) vulnerability in School Fees Management System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the main_settings component in the phone, address, bank, acc_name, acc_number parameters, new_class and cname parameter, add_new_parent function in the name email parameters, new_term function in the tname parameter, and the edit_student function in the name parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-51800" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--396bc27f-7438-4cce-876c-94284e0c40a4.json b/objects/vulnerability/vulnerability--396bc27f-7438-4cce-876c-94284e0c40a4.json new file mode 100644 index 00000000000..791b0b16f3d --- /dev/null +++ b/objects/vulnerability/vulnerability--396bc27f-7438-4cce-876c-94284e0c40a4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1e61057b-4363-45eb-a0a9-1458aac26e3c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--396bc27f-7438-4cce-876c-94284e0c40a4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.45562Z", + "modified": "2024-03-01T00:30:49.45562Z", + "name": "CVE-2024-24988", + "description": "Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the server.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24988" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--39de7e01-a613-4a71-9d79-a6287916e770.json b/objects/vulnerability/vulnerability--39de7e01-a613-4a71-9d79-a6287916e770.json new file mode 100644 index 00000000000..d70241eda6d --- /dev/null +++ b/objects/vulnerability/vulnerability--39de7e01-a613-4a71-9d79-a6287916e770.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7b64601e-f8b0-4a13-a703-f203348f1f0d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--39de7e01-a613-4a71-9d79-a6287916e770", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.33924Z", + "modified": "2024-03-01T00:30:49.33924Z", + "name": "CVE-2024-27290", + "description": "Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, a user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The vulnerability has been patched in version 1.4.97 of the master branch.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27290" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3b26ea4e-de63-4cea-944c-dac143e5fec0.json b/objects/vulnerability/vulnerability--3b26ea4e-de63-4cea-944c-dac143e5fec0.json new file mode 100644 index 00000000000..eda11b073c8 --- /dev/null +++ b/objects/vulnerability/vulnerability--3b26ea4e-de63-4cea-944c-dac143e5fec0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9f396ceb-0911-401d-93f8-3af5dd74b72b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3b26ea4e-de63-4cea-944c-dac143e5fec0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:51.446321Z", + "modified": "2024-03-01T00:30:51.446321Z", + "name": "CVE-2021-47020", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoundwire: stream: fix memory leak in stream config error path\n\nWhen stream config is failed, master runtime will release all\nslave runtime in the slave_rt_list, but slave runtime is not\nadded to the list at this time. This patch frees slave runtime\nin the config error path to fix the memory leak.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47020" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3c041ce5-e212-4a7d-a6c7-cdfa4a54d6bd.json b/objects/vulnerability/vulnerability--3c041ce5-e212-4a7d-a6c7-cdfa4a54d6bd.json new file mode 100644 index 00000000000..aa5979c7c40 --- /dev/null +++ b/objects/vulnerability/vulnerability--3c041ce5-e212-4a7d-a6c7-cdfa4a54d6bd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7de7ac23-e51e-4765-b22c-e42030955d72", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3c041ce5-e212-4a7d-a6c7-cdfa4a54d6bd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:47.108332Z", + "modified": "2024-03-01T00:30:47.108332Z", + "name": "CVE-2023-27545", + "description": "IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 248947.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-27545" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3d59114a-3572-43b8-88da-c69a2d170df5.json b/objects/vulnerability/vulnerability--3d59114a-3572-43b8-88da-c69a2d170df5.json new file mode 100644 index 00000000000..5ec203fa967 --- /dev/null +++ b/objects/vulnerability/vulnerability--3d59114a-3572-43b8-88da-c69a2d170df5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e7e314e2-df16-464a-9110-9c6a6c8c1908", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3d59114a-3572-43b8-88da-c69a2d170df5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:51.377118Z", + "modified": "2024-03-01T00:30:51.377118Z", + "name": "CVE-2021-46959", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: Fix use-after-free with devm_spi_alloc_*\n\nWe can't rely on the contents of the devres list during\nspi_unregister_controller(), as the list is already torn down at the\ntime we perform devres_find() for devm_spi_release_controller. This\ncauses devices registered with devm_spi_alloc_{master,slave}() to be\nmistakenly identified as legacy, non-devm managed devices and have their\nreference counters decremented below 0.\n\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 660 at lib/refcount.c:28 refcount_warn_saturate+0x108/0x174\n[] (refcount_warn_saturate) from [] (kobject_put+0x90/0x98)\n[] (kobject_put) from [] (put_device+0x20/0x24)\n r4:b6700140\n[] (put_device) from [] (devm_spi_release_controller+0x3c/0x40)\n[] (devm_spi_release_controller) from [] (release_nodes+0x84/0xc4)\n r5:b6700180 r4:b6700100\n[] (release_nodes) from [] (devres_release_all+0x5c/0x60)\n r8:b1638c54 r7:b117ad94 r6:b1638c10 r5:b117ad94 r4:b163dc10\n[] (devres_release_all) from [] (__device_release_driver+0x144/0x1ec)\n r5:b117ad94 r4:b163dc10\n[] (__device_release_driver) from [] (device_driver_detach+0x84/0xa0)\n r9:00000000 r8:00000000 r7:b117ad94 r6:b163dc54 r5:b1638c10 r4:b163dc10\n[] (device_driver_detach) from [] (unbind_store+0xe4/0xf8)\n\nInstead, determine the devm allocation state as a flag on the\ncontroller which is guaranteed to be stable during cleanup.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-46959" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3f2ba45d-d4d1-48b8-9775-d99418a67276.json b/objects/vulnerability/vulnerability--3f2ba45d-d4d1-48b8-9775-d99418a67276.json new file mode 100644 index 00000000000..6e1765662e8 --- /dev/null +++ b/objects/vulnerability/vulnerability--3f2ba45d-d4d1-48b8-9775-d99418a67276.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--55895f95-18d3-475c-aace-4a263bd46ab9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3f2ba45d-d4d1-48b8-9775-d99418a67276", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:51.436955Z", + "modified": "2024-03-01T00:30:51.436955Z", + "name": "CVE-2021-47016", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nm68k: mvme147,mvme16x: Don't wipe PCC timer config bits\n\nDon't clear the timer 1 configuration bits when clearing the interrupt flag\nand counter overflow. As Michael reported, \"This results in no timer\ninterrupts being delivered after the first. Initialization then hangs\nin calibrate_delay as the jiffies counter is not updated.\"\n\nOn mvme16x, enable the timer after requesting the irq, consistent with\nmvme147.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47016" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--49659866-8192-41ec-b0db-498e60711b5a.json b/objects/vulnerability/vulnerability--49659866-8192-41ec-b0db-498e60711b5a.json new file mode 100644 index 00000000000..205f0df7f54 --- /dev/null +++ b/objects/vulnerability/vulnerability--49659866-8192-41ec-b0db-498e60711b5a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--08d208d3-72a1-436d-80f8-483b2451f32b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--49659866-8192-41ec-b0db-498e60711b5a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.262053Z", + "modified": "2024-03-01T00:30:49.262053Z", + "name": "CVE-2024-2009", + "description": "A vulnerability was found in Nway Pro 9. It has been rated as problematic. Affected by this issue is the function ajax_login_submit_form of the file login\\index.php of the component Argument Handler. The manipulation of the argument rsargs[] leads to information exposure through error message. The attack may be launched remotely. VDB-255266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-2009" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4d21c076-4db7-4cbd-a5fe-070aca8bcb18.json b/objects/vulnerability/vulnerability--4d21c076-4db7-4cbd-a5fe-070aca8bcb18.json new file mode 100644 index 00000000000..d0f666e05d8 --- /dev/null +++ b/objects/vulnerability/vulnerability--4d21c076-4db7-4cbd-a5fe-070aca8bcb18.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a91aa71d-830b-4779-954a-cb4f162ebcdc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4d21c076-4db7-4cbd-a5fe-070aca8bcb18", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:45.903033Z", + "modified": "2024-03-01T00:30:45.903033Z", + "name": "CVE-2023-52484", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range\n\nWhen running an SVA case, the following soft lockup is triggered:\n--------------------------------------------------------------------\nwatchdog: BUG: soft lockup - CPU#244 stuck for 26s!\npstate: 83400009 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\npc : arm_smmu_cmdq_issue_cmdlist+0x178/0xa50\nlr : arm_smmu_cmdq_issue_cmdlist+0x150/0xa50\nsp : ffff8000d83ef290\nx29: ffff8000d83ef290 x28: 000000003b9aca00 x27: 0000000000000000\nx26: ffff8000d83ef3c0 x25: da86c0812194a0e8 x24: 0000000000000000\nx23: 0000000000000040 x22: ffff8000d83ef340 x21: ffff0000c63980c0\nx20: 0000000000000001 x19: ffff0000c6398080 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: ffff3000b4a3bbb0\nx14: ffff3000b4a30888 x13: ffff3000b4a3cf60 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : ffffc08120e4d6bc\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000048cfa\nx5 : 0000000000000000 x4 : 0000000000000001 x3 : 000000000000000a\nx2 : 0000000080000000 x1 : 0000000000000000 x0 : 0000000000000001\nCall trace:\n arm_smmu_cmdq_issue_cmdlist+0x178/0xa50\n __arm_smmu_tlb_inv_range+0x118/0x254\n arm_smmu_tlb_inv_range_asid+0x6c/0x130\n arm_smmu_mm_invalidate_range+0xa0/0xa4\n __mmu_notifier_invalidate_range_end+0x88/0x120\n unmap_vmas+0x194/0x1e0\n unmap_region+0xb4/0x144\n do_mas_align_munmap+0x290/0x490\n do_mas_munmap+0xbc/0x124\n __vm_munmap+0xa8/0x19c\n __arm64_sys_munmap+0x28/0x50\n invoke_syscall+0x78/0x11c\n el0_svc_common.constprop.0+0x58/0x1c0\n do_el0_svc+0x34/0x60\n el0_svc+0x2c/0xd4\n el0t_64_sync_handler+0x114/0x140\n el0t_64_sync+0x1a4/0x1a8\n--------------------------------------------------------------------\n\nNote that since 6.6-rc1 the arm_smmu_mm_invalidate_range above is renamed\nto \"arm_smmu_mm_arch_invalidate_secondary_tlbs\", yet the problem remains.\n\nThe commit 06ff87bae8d3 (\"arm64: mm: remove unused functions and variable\nprotoypes\") fixed a similar lockup on the CPU MMU side. Yet, it can occur\nto SMMU too, since arm_smmu_mm_arch_invalidate_secondary_tlbs() is called\ntypically next to MMU tlb flush function, e.g.\n\ttlb_flush_mmu_tlbonly {\n\t\ttlb_flush {\n\t\t\t__flush_tlb_range {\n\t\t\t\t// check MAX_TLBI_OPS\n\t\t\t}\n\t\t}\n\t\tmmu_notifier_arch_invalidate_secondary_tlbs {\n\t\t\tarm_smmu_mm_arch_invalidate_secondary_tlbs {\n\t\t\t\t// does not check MAX_TLBI_OPS\n\t\t\t}\n\t\t}\n\t}\n\nClone a CMDQ_MAX_TLBI_OPS from the MAX_TLBI_OPS in tlbflush.h, since in an\nSVA case SMMU uses the CPU page table, so it makes sense to align with the\ntlbflush code. Then, replace per-page TLBI commands with a single per-asid\nTLBI command, if the request size hits this threshold.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52484" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--505f8d2d-d24d-41e4-8574-0078199948df.json b/objects/vulnerability/vulnerability--505f8d2d-d24d-41e4-8574-0078199948df.json new file mode 100644 index 00000000000..0a5e1dee5e1 --- /dev/null +++ b/objects/vulnerability/vulnerability--505f8d2d-d24d-41e4-8574-0078199948df.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e520ea0e-f386-46d4-8f27-22e7608c4008", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--505f8d2d-d24d-41e4-8574-0078199948df", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:47.198203Z", + "modified": "2024-03-01T00:30:47.198203Z", + "name": "CVE-2023-51528", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4.This issue affects AI Power: Complete AI Pack – Powered by GPT-4: from n/a through 1.8.12.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-51528" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--50c8cb16-bc62-4ac2-81c6-9a7851e5c1d0.json b/objects/vulnerability/vulnerability--50c8cb16-bc62-4ac2-81c6-9a7851e5c1d0.json new file mode 100644 index 00000000000..6ca241dca77 --- /dev/null +++ b/objects/vulnerability/vulnerability--50c8cb16-bc62-4ac2-81c6-9a7851e5c1d0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--456a8873-01bb-4f62-b4cb-ada2801aa01e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--50c8cb16-bc62-4ac2-81c6-9a7851e5c1d0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.408844Z", + "modified": "2024-03-01T00:30:49.408844Z", + "name": "CVE-2024-0864", + "description": "Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves as an example.\nBy default, Laragon is not vulnerable until a user decides to use the aforementioned plugin. \n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0864" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5297280d-1020-4674-905b-7d6c15f6fe25.json b/objects/vulnerability/vulnerability--5297280d-1020-4674-905b-7d6c15f6fe25.json new file mode 100644 index 00000000000..5792e24229b --- /dev/null +++ b/objects/vulnerability/vulnerability--5297280d-1020-4674-905b-7d6c15f6fe25.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0ddd2108-b96f-43fa-b0a0-3d2555437f24", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5297280d-1020-4674-905b-7d6c15f6fe25", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:45.891728Z", + "modified": "2024-03-01T00:30:45.891728Z", + "name": "CVE-2023-52478", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: logitech-hidpp: Fix kernel crash on receiver USB disconnect\n\nhidpp_connect_event() has *four* time-of-check vs time-of-use (TOCTOU)\nraces when it races with itself.\n\nhidpp_connect_event() primarily runs from a workqueue but it also runs\non probe() and if a \"device-connected\" packet is received by the hw\nwhen the thread running hidpp_connect_event() from probe() is waiting on\nthe hw, then a second thread running hidpp_connect_event() will be\nstarted from the workqueue.\n\nThis opens the following races (note the below code is simplified):\n\n1. Retrieving + printing the protocol (harmless race):\n\n\tif (!hidpp->protocol_major) {\n\t\thidpp_root_get_protocol_version()\n\t\thidpp->protocol_major = response.rap.params[0];\n\t}\n\nWe can actually see this race hit in the dmesg in the abrt output\nattached to rhbz#2227968:\n\n[ 3064.624215] logitech-hidpp-device 0003:046D:4071.0049: HID++ 4.5 device connected.\n[ 3064.658184] logitech-hidpp-device 0003:046D:4071.0049: HID++ 4.5 device connected.\n\nTesting with extra logging added has shown that after this the 2 threads\ntake turn grabbing the hw access mutex (send_mutex) so they ping-pong\nthrough all the other TOCTOU cases managing to hit all of them:\n\n2. Updating the name to the HIDPP name (harmless race):\n\n\tif (hidpp->name == hdev->name) {\n\t\t...\n\t\thidpp->name = new_name;\n\t}\n\n3. Initializing the power_supply class for the battery (problematic!):\n\nhidpp_initialize_battery()\n{\n if (hidpp->battery.ps)\n return 0;\n\n\tprobe_battery(); /* Blocks, threads take turns executing this */\n\n\thidpp->battery.desc.properties =\n\t\tdevm_kmemdup(dev, hidpp_battery_props, cnt, GFP_KERNEL);\n\n\thidpp->battery.ps =\n\t\tdevm_power_supply_register(&hidpp->hid_dev->dev,\n\t\t\t\t\t &hidpp->battery.desc, cfg);\n}\n\n4. Creating delayed input_device (potentially problematic):\n\n\tif (hidpp->delayed_input)\n\t\treturn;\n\n\thidpp->delayed_input = hidpp_allocate_input(hdev);\n\nThe really big problem here is 3. Hitting the race leads to the following\nsequence:\n\n\thidpp->battery.desc.properties =\n\t\tdevm_kmemdup(dev, hidpp_battery_props, cnt, GFP_KERNEL);\n\n\thidpp->battery.ps =\n\t\tdevm_power_supply_register(&hidpp->hid_dev->dev,\n\t\t\t\t\t &hidpp->battery.desc, cfg);\n\n\t...\n\n\thidpp->battery.desc.properties =\n\t\tdevm_kmemdup(dev, hidpp_battery_props, cnt, GFP_KERNEL);\n\n\thidpp->battery.ps =\n\t\tdevm_power_supply_register(&hidpp->hid_dev->dev,\n\t\t\t\t\t &hidpp->battery.desc, cfg);\n\nSo now we have registered 2 power supplies for the same battery,\nwhich looks a bit weird from userspace's pov but this is not even\nthe really big problem.\n\nNotice how:\n\n1. This is all devm-maganaged\n2. The hidpp->battery.desc struct is shared between the 2 power supplies\n3. hidpp->battery.desc.properties points to the result from the second\n devm_kmemdup()\n\nThis causes a use after free scenario on USB disconnect of the receiver:\n1. The last registered power supply class device gets unregistered\n2. The memory from the last devm_kmemdup() call gets freed,\n hidpp->battery.desc.properties now points to freed memory\n3. The first registered power supply class device gets unregistered,\n this involves sending a remove uevent to userspace which invokes\n power_supply_uevent() to fill the uevent data\n4. power_supply_uevent() uses hidpp->battery.desc.properties which\n now points to freed memory leading to backtraces like this one:\n\nSep 22 20:01:35 eric kernel: BUG: unable to handle page fault for address: ffffb2140e017f08\n...\nSep 22 20:01:35 eric kernel: Workqueue: usb_hub_wq hub_event\nSep 22 20:01:35 eric kernel: RIP: 0010:power_supply_uevent+0xee/0x1d0\n...\nSep 22 20:01:35 eric kernel: ? asm_exc_page_fault+0x26/0x30\nSep 22 20:01:35 eric kernel: ? power_supply_uevent+0xee/0x1d0\nSep 22 20:01:35 eric kernel: ? power_supply_uevent+0x10d/0x1d0\nSep 22 20:01:35 eric kernel: dev_uevent+0x10f/0x2d0\nSep 22 20:01:35 eric kernel: kobject_uevent_env+0x291/0x680\nSep 22 20:01:35 eric kernel: \n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52478" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--52b9c6df-5696-447c-ba92-652ef8ec5136.json b/objects/vulnerability/vulnerability--52b9c6df-5696-447c-ba92-652ef8ec5136.json new file mode 100644 index 00000000000..c53e2f818dd --- /dev/null +++ b/objects/vulnerability/vulnerability--52b9c6df-5696-447c-ba92-652ef8ec5136.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b6d775b8-0c0c-4a76-a398-3ad96f11068a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--52b9c6df-5696-447c-ba92-652ef8ec5136", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.193398Z", + "modified": "2024-03-01T00:30:49.193398Z", + "name": "CVE-2024-1341", + "description": "The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advanced_iframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additional_js attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1341" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5730505f-119d-44b1-8f8c-3377c4faa22f.json b/objects/vulnerability/vulnerability--5730505f-119d-44b1-8f8c-3377c4faa22f.json new file mode 100644 index 00000000000..8473df324fb --- /dev/null +++ b/objects/vulnerability/vulnerability--5730505f-119d-44b1-8f8c-3377c4faa22f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7348c0ff-d37f-4f4b-82c5-d70a18dc362d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5730505f-119d-44b1-8f8c-3377c4faa22f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.371297Z", + "modified": "2024-03-01T00:30:49.371297Z", + "name": "CVE-2024-27294", + "description": "dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive, go1.4-bootstrap-20170518.tar.gz, or go1.4-bootstrap-20170531.tar.gz. The user and group specified in Puppet code were ignored for files within the archive. dp-puppet version 1.2.7 will recreate installations if the owner or group of any file or directory within that installation does not match the requested owner or group", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27294" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5a668236-c515-4777-8600-8288f5750d08.json b/objects/vulnerability/vulnerability--5a668236-c515-4777-8600-8288f5750d08.json new file mode 100644 index 00000000000..163548498ed --- /dev/null +++ b/objects/vulnerability/vulnerability--5a668236-c515-4777-8600-8288f5750d08.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f3406298-3ecc-403a-bd70-23282f989708", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5a668236-c515-4777-8600-8288f5750d08", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.201677Z", + "modified": "2024-03-01T00:30:49.201677Z", + "name": "CVE-2024-1908", + "description": "An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the server instance with non-default settings for GitHub Connect. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.16, 3.9.11, 3.10.8, and 3.11.6. This vulnerability was reported via the GitHub Bug Bounty program. \n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1908" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5b8a6497-4a10-4cb4-bee7-38731332e0bf.json b/objects/vulnerability/vulnerability--5b8a6497-4a10-4cb4-bee7-38731332e0bf.json new file mode 100644 index 00000000000..878d72b9c87 --- /dev/null +++ b/objects/vulnerability/vulnerability--5b8a6497-4a10-4cb4-bee7-38731332e0bf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b7c0cac3-7063-4825-8950-dffe3eca3e5f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5b8a6497-4a10-4cb4-bee7-38731332e0bf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.360265Z", + "modified": "2024-03-01T00:30:49.360265Z", + "name": "CVE-2024-27094", + "description": "OpenZeppelin Contracts is a library for secure smart contract development. The `Base64.encode` function encodes a `bytes` input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The vulnerability is fixed in 5.0.2 and 4.9.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27094" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5cdc0c38-32ff-4bbe-b5fc-7cbbf1ff28d6.json b/objects/vulnerability/vulnerability--5cdc0c38-32ff-4bbe-b5fc-7cbbf1ff28d6.json new file mode 100644 index 00000000000..cce6092e967 --- /dev/null +++ b/objects/vulnerability/vulnerability--5cdc0c38-32ff-4bbe-b5fc-7cbbf1ff28d6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--92fa5447-b872-4272-bba4-7233dc66cfc2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5cdc0c38-32ff-4bbe-b5fc-7cbbf1ff28d6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.357707Z", + "modified": "2024-03-01T00:30:49.357707Z", + "name": "CVE-2024-27662", + "description": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_4110f4(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27662" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5e7a519c-c7ba-4d1c-b23e-76d1dcc236c1.json b/objects/vulnerability/vulnerability--5e7a519c-c7ba-4d1c-b23e-76d1dcc236c1.json new file mode 100644 index 00000000000..5cb7b2fcfee --- /dev/null +++ b/objects/vulnerability/vulnerability--5e7a519c-c7ba-4d1c-b23e-76d1dcc236c1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d57d3f2d-b4bf-49b8-8e4a-a3490623fb90", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5e7a519c-c7ba-4d1c-b23e-76d1dcc236c1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:51.444286Z", + "modified": "2024-03-01T00:30:51.444286Z", + "name": "CVE-2021-47063", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge/panel: Cleanup connector on bridge detach\n\nIf we don't call drm_connector_cleanup() manually in\npanel_bridge_detach(), the connector will be cleaned up with the other\nDRM objects in the call to drm_mode_config_cleanup(). However, since our\ndrm_connector is devm-allocated, by the time drm_mode_config_cleanup()\nwill be called, our connector will be long gone. Therefore, the\nconnector must be cleaned up when the bridge is detached to avoid\nuse-after-free conditions.\n\nv2: Cleanup connector only if it was created\n\nv3: Add FIXME\n\nv4: (Use connector->dev) directly in if() block", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47063" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6151d122-428f-4dac-9327-01931bd48712.json b/objects/vulnerability/vulnerability--6151d122-428f-4dac-9327-01931bd48712.json new file mode 100644 index 00000000000..ae0ec162778 --- /dev/null +++ b/objects/vulnerability/vulnerability--6151d122-428f-4dac-9327-01931bd48712.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c8a2d92c-8190-4f2d-b14c-ed1dced55d00", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6151d122-428f-4dac-9327-01931bd48712", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:51.448757Z", + "modified": "2024-03-01T00:30:51.448757Z", + "name": "CVE-2021-47066", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nasync_xor: increase src_offs when dropping destination page\n\nNow we support sharing one page if PAGE_SIZE is not equal stripe size. To\nsupport this, it needs to support calculating xor value with different\noffsets for each r5dev. One offset array is used to record those offsets.\n\nIn RMW mode, parity page is used as a source page. It sets\nASYNC_TX_XOR_DROP_DST before calculating xor value in ops_run_prexor5.\nSo it needs to add src_list and src_offs at the same time. Now it only\nneeds src_list. So the xor value which is calculated is wrong. It can\ncause data corruption problem.\n\nI can reproduce this problem 100% on a POWER8 machine. The steps are:\n\n mdadm -CR /dev/md0 -l5 -n3 /dev/sdb1 /dev/sdc1 /dev/sdd1 --size=3G\n mkfs.xfs /dev/md0\n mount /dev/md0 /mnt/test\n mount: /mnt/test: mount(2) system call failed: Structure needs cleaning.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47066" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--61d90f44-1ac7-4c16-a082-f41d5eebe337.json b/objects/vulnerability/vulnerability--61d90f44-1ac7-4c16-a082-f41d5eebe337.json new file mode 100644 index 00000000000..71706a16d54 --- /dev/null +++ b/objects/vulnerability/vulnerability--61d90f44-1ac7-4c16-a082-f41d5eebe337.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--00bab79b-3532-48ba-b6a1-59c150adc9a9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--61d90f44-1ac7-4c16-a082-f41d5eebe337", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:47.14776Z", + "modified": "2024-03-01T00:30:47.14776Z", + "name": "CVE-2023-51529", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Mega – Absolute Addons For Elementor.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.3.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-51529" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--63414db8-5c92-483b-a417-9b6b8237467d.json b/objects/vulnerability/vulnerability--63414db8-5c92-483b-a417-9b6b8237467d.json new file mode 100644 index 00000000000..5b390dec1da --- /dev/null +++ b/objects/vulnerability/vulnerability--63414db8-5c92-483b-a417-9b6b8237467d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--363cf54d-daa5-4e1f-aa08-cf9261d32852", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--63414db8-5c92-483b-a417-9b6b8237467d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:51.438305Z", + "modified": "2024-03-01T00:30:51.438305Z", + "name": "CVE-2021-47060", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Stop looking for coalesced MMIO zones if the bus is destroyed\n\nAbort the walk of coalesced MMIO zones if kvm_io_bus_unregister_dev()\nfails to allocate memory for the new instance of the bus. If it can't\ninstantiate a new bus, unregister_dev() destroys all devices _except_ the\ntarget device. But, it doesn't tell the caller that it obliterated the\nbus and invoked the destructor for all devices that were on the bus. In\nthe coalesced MMIO case, this can result in a deleted list entry\ndereference due to attempting to continue iterating on coalesced_zones\nafter future entries (in the walk) have been deleted.\n\nOpportunistically add curly braces to the for-loop, which encompasses\nmany lines but sneaks by without braces due to the guts being a single\nif statement.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47060" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--67db70c9-71a6-4b8c-8f29-1d87756ac267.json b/objects/vulnerability/vulnerability--67db70c9-71a6-4b8c-8f29-1d87756ac267.json new file mode 100644 index 00000000000..8f406760ed1 --- /dev/null +++ b/objects/vulnerability/vulnerability--67db70c9-71a6-4b8c-8f29-1d87756ac267.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f1a15339-2afa-4b8b-8a70-c5eb5e4f55fe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--67db70c9-71a6-4b8c-8f29-1d87756ac267", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.564498Z", + "modified": "2024-03-01T00:30:49.564498Z", + "name": "CVE-2024-25094", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Jura & Nicolas Montigny PJ News Ticker allows Stored XSS.This issue affects PJ News Ticker: from n/a through 1.9.5.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25094" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--689a2b37-e60c-4570-82dc-6e8df701f317.json b/objects/vulnerability/vulnerability--689a2b37-e60c-4570-82dc-6e8df701f317.json new file mode 100644 index 00000000000..fc6a0b98377 --- /dev/null +++ b/objects/vulnerability/vulnerability--689a2b37-e60c-4570-82dc-6e8df701f317.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--34995dda-ff32-4985-b58a-c441f9c35bb9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--689a2b37-e60c-4570-82dc-6e8df701f317", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:51.432442Z", + "modified": "2024-03-01T00:30:51.432442Z", + "name": "CVE-2021-47068", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/nfc: fix use-after-free llcp_sock_bind/connect\n\nCommits 8a4cd82d (\"nfc: fix refcount leak in llcp_sock_connect()\")\nand c33b1cc62 (\"nfc: fix refcount leak in llcp_sock_bind()\")\nfixed a refcount leak bug in bind/connect but introduced a\nuse-after-free if the same local is assigned to 2 different sockets.\n\nThis can be triggered by the following simple program:\n int sock1 = socket( AF_NFC, SOCK_STREAM, NFC_SOCKPROTO_LLCP );\n int sock2 = socket( AF_NFC, SOCK_STREAM, NFC_SOCKPROTO_LLCP );\n memset( &addr, 0, sizeof(struct sockaddr_nfc_llcp) );\n addr.sa_family = AF_NFC;\n addr.nfc_protocol = NFC_PROTO_NFC_DEP;\n bind( sock1, (struct sockaddr*) &addr, sizeof(struct sockaddr_nfc_llcp) )\n bind( sock2, (struct sockaddr*) &addr, sizeof(struct sockaddr_nfc_llcp) )\n close(sock1);\n close(sock2);\n\nFix this by assigning NULL to llcp_sock->local after calling\nnfc_llcp_local_put.\n\nThis addresses CVE-2021-23134.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47068" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6b18d904-13d1-400b-807e-e1de56a568fb.json b/objects/vulnerability/vulnerability--6b18d904-13d1-400b-807e-e1de56a568fb.json new file mode 100644 index 00000000000..414d894c38f --- /dev/null +++ b/objects/vulnerability/vulnerability--6b18d904-13d1-400b-807e-e1de56a568fb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ef4e22ec-09e0-4004-8c22-0963012e70f6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6b18d904-13d1-400b-807e-e1de56a568fb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:45.910128Z", + "modified": "2024-03-01T00:30:45.910128Z", + "name": "CVE-2023-52493", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: host: Drop chan lock before queuing buffers\n\nEnsure read and write locks for the channel are not taken in succession by\ndropping the read lock from parse_xfer_event() such that a callback given\nto client can potentially queue buffers and acquire the write lock in that\nprocess. Any queueing of buffers should be done without channel read lock\nacquired as it can result in multiple locks and a soft lockup.\n\n[mani: added fixes tag and cc'ed stable]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52493" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--728d3afb-130b-4e16-be60-459db38ea4eb.json b/objects/vulnerability/vulnerability--728d3afb-130b-4e16-be60-459db38ea4eb.json new file mode 100644 index 00000000000..1911ddc4421 --- /dev/null +++ b/objects/vulnerability/vulnerability--728d3afb-130b-4e16-be60-459db38ea4eb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c842a8a4-5601-4de8-bdb9-337697f06fc1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--728d3afb-130b-4e16-be60-459db38ea4eb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:47.191582Z", + "modified": "2024-03-01T00:30:47.191582Z", + "name": "CVE-2023-51801", + "description": "SQL Injection vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the id parameter in the student_form.php and the class_form.php pages.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-51801" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--75b4e975-8910-4d07-adb7-68f3010633f3.json b/objects/vulnerability/vulnerability--75b4e975-8910-4d07-adb7-68f3010633f3.json new file mode 100644 index 00000000000..1dae153a25e --- /dev/null +++ b/objects/vulnerability/vulnerability--75b4e975-8910-4d07-adb7-68f3010633f3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--330fae29-f7a3-490b-8749-b034135ab16b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--75b4e975-8910-4d07-adb7-68f3010633f3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.385867Z", + "modified": "2024-03-01T00:30:49.385867Z", + "name": "CVE-2024-27657", + "description": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the User-Agent parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27657" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--77298dc8-756d-4db2-ac15-979fa0f956e0.json b/objects/vulnerability/vulnerability--77298dc8-756d-4db2-ac15-979fa0f956e0.json new file mode 100644 index 00000000000..c4c0decb4af --- /dev/null +++ b/objects/vulnerability/vulnerability--77298dc8-756d-4db2-ac15-979fa0f956e0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0c2adc6e-82ad-4e19-bee0-29d6d62f8169", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--77298dc8-756d-4db2-ac15-979fa0f956e0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:45.890266Z", + "modified": "2024-03-01T00:30:45.890266Z", + "name": "CVE-2023-52489", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/sparsemem: fix race in accessing memory_section->usage\n\nThe below race is observed on a PFN which falls into the device memory\nregion with the system memory configuration where PFN's are such that\n[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL]. Since normal zone start and end\npfn contains the device memory PFN's as well, the compaction triggered\nwill try on the device memory PFN's too though they end up in NOP(because\npfn_to_online_page() returns NULL for ZONE_DEVICE memory sections). When\nfrom other core, the section mappings are being removed for the\nZONE_DEVICE region, that the PFN in question belongs to, on which\ncompaction is currently being operated is resulting into the kernel crash\nwith CONFIG_SPASEMEM_VMEMAP enabled. The crash logs can be seen at [1].\n\ncompact_zone()\t\t\tmemunmap_pages\n-------------\t\t\t---------------\n__pageblock_pfn_to_page\n ......\n (a)pfn_valid():\n valid_section()//return true\n\t\t\t (b)__remove_pages()->\n\t\t\t\t sparse_remove_section()->\n\t\t\t\t section_deactivate():\n\t\t\t\t [Free the array ms->usage and set\n\t\t\t\t ms->usage = NULL]\n pfn_section_valid()\n [Access ms->usage which\n is NULL]\n\nNOTE: From the above it can be said that the race is reduced to between\nthe pfn_valid()/pfn_section_valid() and the section deactivate with\nSPASEMEM_VMEMAP enabled.\n\nThe commit b943f045a9af(\"mm/sparse: fix kernel crash with\npfn_section_valid check\") tried to address the same problem by clearing\nthe SECTION_HAS_MEM_MAP with the expectation of valid_section() returns\nfalse thus ms->usage is not accessed.\n\nFix this issue by the below steps:\n\na) Clear SECTION_HAS_MEM_MAP before freeing the ->usage.\n\nb) RCU protected read side critical section will either return NULL\n when SECTION_HAS_MEM_MAP is cleared or can successfully access ->usage.\n\nc) Free the ->usage with kfree_rcu() and set ms->usage = NULL. No\n attempt will be made to access ->usage after this as the\n SECTION_HAS_MEM_MAP is cleared thus valid_section() return false.\n\nThanks to David/Pavan for their inputs on this patch.\n\n[1] https://lore.kernel.org/linux-mm/994410bb-89aa-d987-1f50-f514903c55aa@quicinc.com/\n\nOn Snapdragon SoC, with the mentioned memory configuration of PFN's as\n[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL], we are able to see bunch of\nissues daily while testing on a device farm.\n\nFor this particular issue below is the log. Though the below log is\nnot directly pointing to the pfn_section_valid(){ ms->usage;}, when we\nloaded this dump on T32 lauterbach tool, it is pointing.\n\n[ 540.578056] Unable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000000\n[ 540.578068] Mem abort info:\n[ 540.578070] ESR = 0x0000000096000005\n[ 540.578073] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 540.578077] SET = 0, FnV = 0\n[ 540.578080] EA = 0, S1PTW = 0\n[ 540.578082] FSC = 0x05: level 1 translation fault\n[ 540.578085] Data abort info:\n[ 540.578086] ISV = 0, ISS = 0x00000005\n[ 540.578088] CM = 0, WnR = 0\n[ 540.579431] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBSBTYPE=--)\n[ 540.579436] pc : __pageblock_pfn_to_page+0x6c/0x14c\n[ 540.579454] lr : compact_zone+0x994/0x1058\n[ 540.579460] sp : ffffffc03579b510\n[ 540.579463] x29: ffffffc03579b510 x28: 0000000000235800 x27:000000000000000c\n[ 540.579470] x26: 0000000000235c00 x25: 0000000000000068 x24:ffffffc03579b640\n[ 540.579477] x23: 0000000000000001 x22: ffffffc03579b660 x21:0000000000000000\n[ 540.579483] x20: 0000000000235bff x19: ffffffdebf7e3940 x18:ffffffdebf66d140\n[ 540.579489] x17: 00000000739ba063 x16: 00000000739ba063 x15:00000000009f4bff\n[ 540.579495] x14: 0000008000000000 x13: 0000000000000000 x12:0000000000000001\n[ 540.579501] x11: 0000000000000000 x10: 0000000000000000 x9 :ffffff897d2cd440\n[ 540.579507] x8 : 0000000000000000 x7 : 0000000000000000 x6 :ffffffc03579b5b4\n[ 540.579512] x5 : 0000000000027f25 x4 : ffffffc03579b5b8 x3 :0000000000000\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52489" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7ea721e8-a062-4925-9d34-4f084832a913.json b/objects/vulnerability/vulnerability--7ea721e8-a062-4925-9d34-4f084832a913.json new file mode 100644 index 00000000000..05248187b18 --- /dev/null +++ b/objects/vulnerability/vulnerability--7ea721e8-a062-4925-9d34-4f084832a913.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--14ac5afc-8d87-4f0c-a727-a127478f6f35", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7ea721e8-a062-4925-9d34-4f084832a913", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.253584Z", + "modified": "2024-03-01T00:30:49.253584Z", + "name": "CVE-2024-23501", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shopfiles Ltd Ebook Store allows Stored XSS.This issue affects Ebook Store: from n/a through 5.788.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23501" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--80cc033f-f897-48d2-bbb4-ea7a9705fc66.json b/objects/vulnerability/vulnerability--80cc033f-f897-48d2-bbb4-ea7a9705fc66.json new file mode 100644 index 00000000000..b52a5d39f76 --- /dev/null +++ b/objects/vulnerability/vulnerability--80cc033f-f897-48d2-bbb4-ea7a9705fc66.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--24e6963c-425c-4b69-877f-7a1d2ae34255", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--80cc033f-f897-48d2-bbb4-ea7a9705fc66", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:47.740241Z", + "modified": "2024-03-01T00:30:47.740241Z", + "name": "CVE-2023-25921", + "description": "\nIBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247620.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-25921" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--82c22767-105b-4734-87af-4e3500710639.json b/objects/vulnerability/vulnerability--82c22767-105b-4734-87af-4e3500710639.json new file mode 100644 index 00000000000..5a030bb6598 --- /dev/null +++ b/objects/vulnerability/vulnerability--82c22767-105b-4734-87af-4e3500710639.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fe7d814c-e2cc-433a-818b-7154a082bd6c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--82c22767-105b-4734-87af-4e3500710639", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.181608Z", + "modified": "2024-03-01T00:30:49.181608Z", + "name": "CVE-2024-1976", + "description": "The Marketing Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20200925. This is due to missing or incorrect nonce validation via the admin/main-settings-page.php file. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1976" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8306e031-83b3-4798-905a-247d34599f5e.json b/objects/vulnerability/vulnerability--8306e031-83b3-4798-905a-247d34599f5e.json new file mode 100644 index 00000000000..cc3817217b6 --- /dev/null +++ b/objects/vulnerability/vulnerability--8306e031-83b3-4798-905a-247d34599f5e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cf3a2332-dc57-49f7-937f-cdad091948b6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8306e031-83b3-4798-905a-247d34599f5e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:45.905255Z", + "modified": "2024-03-01T00:30:45.905255Z", + "name": "CVE-2023-52480", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix race condition between session lookup and expire\n\n Thread A + Thread B\n ksmbd_session_lookup | smb2_sess_setup\n sess = xa_load |\n |\n | xa_erase(&conn->sessions, sess->id);\n |\n | ksmbd_session_destroy(sess) --> kfree(sess)\n |\n // UAF! |\n sess->last_active = jiffies |\n +\n\nThis patch add rwsem to fix race condition between ksmbd_session_lookup\nand ksmbd_expire_session.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52480" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--83432cc0-1f19-4626-8b39-39abd8e61b56.json b/objects/vulnerability/vulnerability--83432cc0-1f19-4626-8b39-39abd8e61b56.json new file mode 100644 index 00000000000..f8690f1e4c9 --- /dev/null +++ b/objects/vulnerability/vulnerability--83432cc0-1f19-4626-8b39-39abd8e61b56.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f87ef716-1080-494e-a5e6-10346f192bc7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--83432cc0-1f19-4626-8b39-39abd8e61b56", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.144916Z", + "modified": "2024-03-01T00:30:49.144916Z", + "name": "CVE-2024-1982", + "description": "The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the get_restore_progress() and restore() functions in all versions up to, and including, 0.9.68. This makes it possible for unauthenticated attackers to exploit a SQL injection vulnerability or trigger a DoS.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1982" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--85675ddc-2f60-43d0-b441-1ccc99ecd455.json b/objects/vulnerability/vulnerability--85675ddc-2f60-43d0-b441-1ccc99ecd455.json new file mode 100644 index 00000000000..ae2aab6081c --- /dev/null +++ b/objects/vulnerability/vulnerability--85675ddc-2f60-43d0-b441-1ccc99ecd455.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5f478e81-c171-40f3-9e95-212a18e891d9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--85675ddc-2f60-43d0-b441-1ccc99ecd455", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.418403Z", + "modified": "2024-03-01T00:30:49.418403Z", + "name": "CVE-2024-0689", + "description": "The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a meta import in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the meta values. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0689" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--861f2482-d100-4d5d-a76c-b22e726901bb.json b/objects/vulnerability/vulnerability--861f2482-d100-4d5d-a76c-b22e726901bb.json new file mode 100644 index 00000000000..4f8690d8c22 --- /dev/null +++ b/objects/vulnerability/vulnerability--861f2482-d100-4d5d-a76c-b22e726901bb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--92b974ec-9c8a-47b7-bfc8-10dd7157710a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--861f2482-d100-4d5d-a76c-b22e726901bb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.285799Z", + "modified": "2024-03-01T00:30:49.285799Z", + "name": "CVE-2024-26611", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: fix usage of multi-buffer BPF helpers for ZC XDP\n\nCurrently when packet is shrunk via bpf_xdp_adjust_tail() and memory\ntype is set to MEM_TYPE_XSK_BUFF_POOL, null ptr dereference happens:\n\n[1136314.192256] BUG: kernel NULL pointer dereference, address:\n0000000000000034\n[1136314.203943] #PF: supervisor read access in kernel mode\n[1136314.213768] #PF: error_code(0x0000) - not-present page\n[1136314.223550] PGD 0 P4D 0\n[1136314.230684] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[1136314.239621] CPU: 8 PID: 54203 Comm: xdpsock Not tainted 6.6.0+ #257\n[1136314.250469] Hardware name: Intel Corporation S2600WFT/S2600WFT,\nBIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019\n[1136314.265615] RIP: 0010:__xdp_return+0x6c/0x210\n[1136314.274653] Code: ad 00 48 8b 47 08 49 89 f8 a8 01 0f 85 9b 01 00 00 0f 1f 44 00 00 f0 41 ff 48 34 75 32 4c 89 c7 e9 79 cd 80 ff 83 fe 03 75 17 41 34 01 0f 85 02 01 00 00 48 89 cf e9 22 cc 1e 00 e9 3d d2 86\n[1136314.302907] RSP: 0018:ffffc900089f8db0 EFLAGS: 00010246\n[1136314.312967] RAX: ffffc9003168aed0 RBX: ffff8881c3300000 RCX:\n0000000000000000\n[1136314.324953] RDX: 0000000000000000 RSI: 0000000000000003 RDI:\nffffc9003168c000\n[1136314.336929] RBP: 0000000000000ae0 R08: 0000000000000002 R09:\n0000000000010000\n[1136314.348844] R10: ffffc9000e495000 R11: 0000000000000040 R12:\n0000000000000001\n[1136314.360706] R13: 0000000000000524 R14: ffffc9003168aec0 R15:\n0000000000000001\n[1136314.373298] FS: 00007f8df8bbcb80(0000) GS:ffff8897e0e00000(0000)\nknlGS:0000000000000000\n[1136314.386105] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[1136314.396532] CR2: 0000000000000034 CR3: 00000001aa912002 CR4:\n00000000007706f0\n[1136314.408377] DR0: 0000000000000000 DR1: 0000000000000000 DR2:\n0000000000000000\n[1136314.420173] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:\n0000000000000400\n[1136314.431890] PKRU: 55555554\n[1136314.439143] Call Trace:\n[1136314.446058] \n[1136314.452465] ? __die+0x20/0x70\n[1136314.459881] ? page_fault_oops+0x15b/0x440\n[1136314.468305] ? exc_page_fault+0x6a/0x150\n[1136314.476491] ? asm_exc_page_fault+0x22/0x30\n[1136314.484927] ? __xdp_return+0x6c/0x210\n[1136314.492863] bpf_xdp_adjust_tail+0x155/0x1d0\n[1136314.501269] bpf_prog_ccc47ae29d3b6570_xdp_sock_prog+0x15/0x60\n[1136314.511263] ice_clean_rx_irq_zc+0x206/0xc60 [ice]\n[1136314.520222] ? ice_xmit_zc+0x6e/0x150 [ice]\n[1136314.528506] ice_napi_poll+0x467/0x670 [ice]\n[1136314.536858] ? ttwu_do_activate.constprop.0+0x8f/0x1a0\n[1136314.546010] __napi_poll+0x29/0x1b0\n[1136314.553462] net_rx_action+0x133/0x270\n[1136314.561619] __do_softirq+0xbe/0x28e\n[1136314.569303] do_softirq+0x3f/0x60\n\nThis comes from __xdp_return() call with xdp_buff argument passed as\nNULL which is supposed to be consumed by xsk_buff_free() call.\n\nTo address this properly, in ZC case, a node that represents the frag\nbeing removed has to be pulled out of xskb_list. Introduce\nappropriate xsk helpers to do such node operation and use them\naccordingly within bpf_xdp_adjust_tail().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-26611" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--865b7161-9db3-4af9-8e2f-31be566073f8.json b/objects/vulnerability/vulnerability--865b7161-9db3-4af9-8e2f-31be566073f8.json new file mode 100644 index 00000000000..f5ddcb54c7a --- /dev/null +++ b/objects/vulnerability/vulnerability--865b7161-9db3-4af9-8e2f-31be566073f8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d69e22dc-20b9-46ae-8d0c-e0e854d52ae0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--865b7161-9db3-4af9-8e2f-31be566073f8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.337787Z", + "modified": "2024-03-01T00:30:49.337787Z", + "name": "CVE-2024-27661", + "description": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27661" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8ebbaf8c-e232-4c89-b23a-bbe9a9102518.json b/objects/vulnerability/vulnerability--8ebbaf8c-e232-4c89-b23a-bbe9a9102518.json new file mode 100644 index 00000000000..6db50f25e45 --- /dev/null +++ b/objects/vulnerability/vulnerability--8ebbaf8c-e232-4c89-b23a-bbe9a9102518.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--82580e2d-7370-4f5c-8042-2b43b6f9e489", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8ebbaf8c-e232-4c89-b23a-bbe9a9102518", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.176438Z", + "modified": "2024-03-01T00:30:49.176438Z", + "name": "CVE-2024-1942", + "description": "Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1942" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8fae8698-fc30-4eaf-b047-629dccf8afa6.json b/objects/vulnerability/vulnerability--8fae8698-fc30-4eaf-b047-629dccf8afa6.json new file mode 100644 index 00000000000..75eb87e6c4b --- /dev/null +++ b/objects/vulnerability/vulnerability--8fae8698-fc30-4eaf-b047-629dccf8afa6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--994721c9-5bde-4e39-802e-fc4569c6a81c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8fae8698-fc30-4eaf-b047-629dccf8afa6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:47.152045Z", + "modified": "2024-03-01T00:30:47.152045Z", + "name": "CVE-2023-51530", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation: from n/a through 3.5.1.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-51530" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--90307e28-3988-42a2-ba70-5acd149e434d.json b/objects/vulnerability/vulnerability--90307e28-3988-42a2-ba70-5acd149e434d.json new file mode 100644 index 00000000000..7691a82fdaf --- /dev/null +++ b/objects/vulnerability/vulnerability--90307e28-3988-42a2-ba70-5acd149e434d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d0db3c3d-83c4-4614-b5c8-9f93160b29ee", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--90307e28-3988-42a2-ba70-5acd149e434d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.095919Z", + "modified": "2024-03-01T00:30:49.095919Z", + "name": "CVE-2024-22871", + "description": "An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service (DoS) via the clojure.core$partial$fn__5920 function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-22871" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9079fda7-0251-41dd-9b38-ece3cc3052e3.json b/objects/vulnerability/vulnerability--9079fda7-0251-41dd-9b38-ece3cc3052e3.json new file mode 100644 index 00000000000..25c3f05777f --- /dev/null +++ b/objects/vulnerability/vulnerability--9079fda7-0251-41dd-9b38-ece3cc3052e3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3339af9f-e2b2-4819-a8f0-9f55738348f9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9079fda7-0251-41dd-9b38-ece3cc3052e3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:46.788948Z", + "modified": "2024-03-01T00:30:46.788948Z", + "name": "CVE-2023-38367", + "description": "IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker to view, update, delete or create an IdP configuration. IBM X-Force ID: 261130.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-38367" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--912827e9-732d-4926-b53e-9205665e525f.json b/objects/vulnerability/vulnerability--912827e9-732d-4926-b53e-9205665e525f.json new file mode 100644 index 00000000000..b3b729ff7a2 --- /dev/null +++ b/objects/vulnerability/vulnerability--912827e9-732d-4926-b53e-9205665e525f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--81e65f50-5445-4c2c-9b44-ed8802b1ca8a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--912827e9-732d-4926-b53e-9205665e525f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.184409Z", + "modified": "2024-03-01T00:30:49.184409Z", + "name": "CVE-2024-1977", + "description": "The Restaurant Solutions – Checklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Checklist points in version 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1977" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--943e1457-8834-4337-931d-fd5b384e8523.json b/objects/vulnerability/vulnerability--943e1457-8834-4337-931d-fd5b384e8523.json new file mode 100644 index 00000000000..825c8a6a484 --- /dev/null +++ b/objects/vulnerability/vulnerability--943e1457-8834-4337-931d-fd5b384e8523.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c7fa0664-9fdb-45b1-b6d4-acc8d172619a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--943e1457-8834-4337-931d-fd5b384e8523", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.309068Z", + "modified": "2024-03-01T00:30:49.309068Z", + "name": "CVE-2024-26196", + "description": "Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-26196" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--95084b22-43d0-4595-b5db-bd5d25d0f79d.json b/objects/vulnerability/vulnerability--95084b22-43d0-4595-b5db-bd5d25d0f79d.json new file mode 100644 index 00000000000..f66ac9f5d5c --- /dev/null +++ b/objects/vulnerability/vulnerability--95084b22-43d0-4595-b5db-bd5d25d0f79d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a8fc5c41-099f-44b3-8330-b12604e88db4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--95084b22-43d0-4595-b5db-bd5d25d0f79d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:45.872759Z", + "modified": "2024-03-01T00:30:45.872759Z", + "name": "CVE-2023-52482", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/srso: Add SRSO mitigation for Hygon processors\n\nAdd mitigation for the speculative return stack overflow vulnerability\nwhich exists on Hygon processors too.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52482" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--98aa4a17-3553-4d8e-87b6-986645e475f1.json b/objects/vulnerability/vulnerability--98aa4a17-3553-4d8e-87b6-986645e475f1.json new file mode 100644 index 00000000000..a30f3ab483f --- /dev/null +++ b/objects/vulnerability/vulnerability--98aa4a17-3553-4d8e-87b6-986645e475f1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3ed5f179-aa70-4110-9cbe-1b1ea289947e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--98aa4a17-3553-4d8e-87b6-986645e475f1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:51.434841Z", + "modified": "2024-03-01T00:30:51.434841Z", + "name": "CVE-2021-47054", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: qcom: Put child node before return\n\nPut child node before return to fix potential reference count leak.\nGenerally, the reference count of child is incremented and decremented\nautomatically in the macro for_each_available_child_of_node() and should\nbe decremented manually if the loop is broken in loop body.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47054" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9b89f0cf-c5d5-4f0a-901f-f075d00abb9d.json b/objects/vulnerability/vulnerability--9b89f0cf-c5d5-4f0a-901f-f075d00abb9d.json new file mode 100644 index 00000000000..66d8322af75 --- /dev/null +++ b/objects/vulnerability/vulnerability--9b89f0cf-c5d5-4f0a-901f-f075d00abb9d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7b7ea869-623c-43b0-96c9-61d07f61e817", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9b89f0cf-c5d5-4f0a-901f-f075d00abb9d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.594535Z", + "modified": "2024-03-01T00:30:49.594535Z", + "name": "CVE-2024-25180", + "description": "An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the path '/pdf'.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25180" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9c188e8d-ff8e-4c0c-ba25-986c54d2fb5b.json b/objects/vulnerability/vulnerability--9c188e8d-ff8e-4c0c-ba25-986c54d2fb5b.json new file mode 100644 index 00000000000..eb7b9dd9661 --- /dev/null +++ b/objects/vulnerability/vulnerability--9c188e8d-ff8e-4c0c-ba25-986c54d2fb5b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--666949b1-4135-4912-8550-1d5468f40670", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9c188e8d-ff8e-4c0c-ba25-986c54d2fb5b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:46.523868Z", + "modified": "2024-03-01T00:30:46.523868Z", + "name": "CVE-2023-1841", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Honeywell MPA2 Access Panel (Web server modules) allows XSS Using Invalid Characters.This issue affects MPA2 Access Panel all version prior to R1.00.08.05. \n\nHoneywell released firmware update package MPA2 firmware R1.00.08.05 which addresses this vulnerability. This version and all later versions\ncorrect the reported vulnerability.\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-1841" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9d37727d-4fb0-4a30-be0e-3219ed4725e9.json b/objects/vulnerability/vulnerability--9d37727d-4fb0-4a30-be0e-3219ed4725e9.json new file mode 100644 index 00000000000..b3aa0a9bde6 --- /dev/null +++ b/objects/vulnerability/vulnerability--9d37727d-4fb0-4a30-be0e-3219ed4725e9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cdf21ba9-51f7-42a8-b5fb-db8e0283bf6e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9d37727d-4fb0-4a30-be0e-3219ed4725e9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.304277Z", + "modified": "2024-03-01T00:30:49.304277Z", + "name": "CVE-2024-26608", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix global oob in ksmbd_nl_policy\n\nSimilar to a reported issue (check the commit b33fb5b801c6 (\"net:\nqualcomm: rmnet: fix global oob in rmnet_policy\"), my local fuzzer finds\nanother global out-of-bounds read for policy ksmbd_nl_policy. See bug\ntrace below:\n\n==================================================================\nBUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline]\nBUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600\nRead of size 1 at addr ffffffff8f24b100 by task syz-executor.1/62810\n\nCPU: 0 PID: 62810 Comm: syz-executor.1 Tainted: G N 6.1.0 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x172/0x475 mm/kasan/report.c:395\n kasan_report+0xbb/0x1c0 mm/kasan/report.c:495\n validate_nla lib/nlattr.c:386 [inline]\n __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600\n __nla_parse+0x3e/0x50 lib/nlattr.c:697\n __nlmsg_parse include/net/netlink.h:748 [inline]\n genl_family_rcv_msg_attrs_parse.constprop.0+0x1b0/0x290 net/netlink/genetlink.c:565\n genl_family_rcv_msg_doit+0xda/0x330 net/netlink/genetlink.c:734\n genl_family_rcv_msg net/netlink/genetlink.c:833 [inline]\n genl_rcv_msg+0x441/0x780 net/netlink/genetlink.c:850\n netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540\n genl_rcv+0x24/0x40 net/netlink/genetlink.c:861\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg+0x154/0x190 net/socket.c:734\n ____sys_sendmsg+0x6df/0x840 net/socket.c:2482\n ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536\n __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fdd66a8f359\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fdd65e00168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007fdd66bbcf80 RCX: 00007fdd66a8f359\nRDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000003\nRBP: 00007fdd66ada493 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007ffc84b81aff R14: 00007fdd65e00300 R15: 0000000000022000\n \n\nThe buggy address belongs to the variable:\n ksmbd_nl_policy+0x100/0xa80\n\nThe buggy address belongs to the physical page:\npage:0000000034f47940 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1ccc4b\nflags: 0x200000000001000(reserved|node=0|zone=2)\nraw: 0200000000001000 ffffea00073312c8 ffffea00073312c8 0000000000000000\nraw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffffffff8f24b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffffffff8f24b080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n>ffffffff8f24b100: f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 00 00 07 f9\n ^\n ffffffff8f24b180: f9 f9 f9 f9 00 05 f9 f9 f9 f9 f9 f9 00 00 00 05\n ffffffff8f24b200: f9 f9 f9 f9 00 00 03 f9 f9 f9 f9 f9 00 00 04 f9\n==================================================================\n\nTo fix it, add a placeholder named __KSMBD_EVENT_MAX and let\nKSMBD_EVENT_MAX to be its original value - 1 according to what other\nnetlink families do. Also change two sites that refer the\nKSMBD_EVENT_MAX to correct value.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-26608" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9daf9750-0bbd-40b1-835e-1c1a76afac92.json b/objects/vulnerability/vulnerability--9daf9750-0bbd-40b1-835e-1c1a76afac92.json new file mode 100644 index 00000000000..19cb3068352 --- /dev/null +++ b/objects/vulnerability/vulnerability--9daf9750-0bbd-40b1-835e-1c1a76afac92.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d8bc2f8f-c379-4c67-9338-1da1f7456878", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9daf9750-0bbd-40b1-835e-1c1a76afac92", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.205206Z", + "modified": "2024-03-01T00:30:49.205206Z", + "name": "CVE-2024-1938", + "description": "Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1938" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9ec3094b-9a95-48fa-9b7a-fe3311b899db.json b/objects/vulnerability/vulnerability--9ec3094b-9a95-48fa-9b7a-fe3311b899db.json new file mode 100644 index 00000000000..780ed0e5136 --- /dev/null +++ b/objects/vulnerability/vulnerability--9ec3094b-9a95-48fa-9b7a-fe3311b899db.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--31555cbb-7c03-4274-bf01-69be580e0866", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9ec3094b-9a95-48fa-9b7a-fe3311b899db", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:47.154299Z", + "modified": "2024-03-01T00:30:47.154299Z", + "name": "CVE-2023-51802", + "description": "Cross Site Scripting (XSS) vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the page or class_month parameter in the /php-attendance/attendance_report component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-51802" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a01e4428-0b10-49e6-abf7-17738feec27b.json b/objects/vulnerability/vulnerability--a01e4428-0b10-49e6-abf7-17738feec27b.json new file mode 100644 index 00000000000..fa06b9599db --- /dev/null +++ b/objects/vulnerability/vulnerability--a01e4428-0b10-49e6-abf7-17738feec27b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8190d167-d678-4cbb-9973-a94012547e8f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a01e4428-0b10-49e6-abf7-17738feec27b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.188444Z", + "modified": "2024-03-01T00:30:49.188444Z", + "name": "CVE-2024-1952", + "description": "Mattermost version 8.1.x before 8.1.9 fails to sanitize data associated with permalinks when a plugin updates an ephemeral post, allowing an authenticated attacker who can control the ephemeral post update to access individual posts' contents in channels they are not a member of.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1952" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a07b96ac-67df-4f7c-a7ff-bba0e73e5d8d.json b/objects/vulnerability/vulnerability--a07b96ac-67df-4f7c-a7ff-bba0e73e5d8d.json new file mode 100644 index 00000000000..0e3540cacda --- /dev/null +++ b/objects/vulnerability/vulnerability--a07b96ac-67df-4f7c-a7ff-bba0e73e5d8d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bb57136a-0016-4266-8551-90bd05a281a3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a07b96ac-67df-4f7c-a7ff-bba0e73e5d8d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:45.901139Z", + "modified": "2024-03-01T00:30:45.901139Z", + "name": "CVE-2023-52475", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: powermate - fix use-after-free in powermate_config_complete\n\nsyzbot has found a use-after-free bug [1] in the powermate driver. This\nhappens when the device is disconnected, which leads to a memory free from\nthe powermate_device struct. When an asynchronous control message\ncompletes after the kfree and its callback is invoked, the lock does not\nexist anymore and hence the bug.\n\nUse usb_kill_urb() on pm->config to cancel any in-progress requests upon\ndevice disconnection.\n\n[1] https://syzkaller.appspot.com/bug?extid=0434ac83f907a1dbdd1e", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52475" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a4734a01-e988-4cbd-bf36-1fe576dd0107.json b/objects/vulnerability/vulnerability--a4734a01-e988-4cbd-bf36-1fe576dd0107.json new file mode 100644 index 00000000000..c13378a596b --- /dev/null +++ b/objects/vulnerability/vulnerability--a4734a01-e988-4cbd-bf36-1fe576dd0107.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0ee2e580-58c6-450c-a99c-720937976637", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a4734a01-e988-4cbd-bf36-1fe576dd0107", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:51.430863Z", + "modified": "2024-03-01T00:30:51.430863Z", + "name": "CVE-2021-47055", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: require write permissions for locking and badblock ioctls\n\nMEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require\nwrite permission. Depending on the hardware MEMLOCK might even be\nwrite-once, e.g. for SPI-NOR flashes with their WP# tied to GND. OTPLOCK\nis always write-once.\n\nMEMSETBADBLOCK modifies the bad block table.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47055" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a48f70b5-7f1e-4716-b99f-6028da9f66f9.json b/objects/vulnerability/vulnerability--a48f70b5-7f1e-4716-b99f-6028da9f66f9.json new file mode 100644 index 00000000000..49b726b04dd --- /dev/null +++ b/objects/vulnerability/vulnerability--a48f70b5-7f1e-4716-b99f-6028da9f66f9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5e875c8f-06b0-4993-bab3-86ff3cdfc4c0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a48f70b5-7f1e-4716-b99f-6028da9f66f9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.555459Z", + "modified": "2024-03-01T00:30:49.555459Z", + "name": "CVE-2024-25292", + "description": "Cross-site scripting (XSS) vulnerability in RenderTune v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Upload Title parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25292" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a8ea47f8-5c67-4071-9611-edb3075a7075.json b/objects/vulnerability/vulnerability--a8ea47f8-5c67-4071-9611-edb3075a7075.json new file mode 100644 index 00000000000..63d2366a149 --- /dev/null +++ b/objects/vulnerability/vulnerability--a8ea47f8-5c67-4071-9611-edb3075a7075.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b9c1af50-fbf0-4376-b884-5dcf13f5be8b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a8ea47f8-5c67-4071-9611-edb3075a7075", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:51.440647Z", + "modified": "2024-03-01T00:30:51.440647Z", + "name": "CVE-2021-47059", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: sun8i-ss - fix result memory leak on error path\n\nThis patch fixes a memory leak on an error path.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47059" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aa9db191-e1dd-4496-be45-01f933aa28df.json b/objects/vulnerability/vulnerability--aa9db191-e1dd-4496-be45-01f933aa28df.json new file mode 100644 index 00000000000..c8919046169 --- /dev/null +++ b/objects/vulnerability/vulnerability--aa9db191-e1dd-4496-be45-01f933aa28df.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ac7558ce-8196-4326-9ecc-c07192280b22", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aa9db191-e1dd-4496-be45-01f933aa28df", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.323566Z", + "modified": "2024-03-01T00:30:49.323566Z", + "name": "CVE-2024-26615", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix illegal rmb_desc access in SMC-D connection dump\n\nA crash was found when dumping SMC-D connections. It can be reproduced\nby following steps:\n\n- run nginx/wrk test:\n smc_run nginx\n smc_run wrk -t 16 -c 1000 -d -H 'Connection: Close' \n\n- continuously dump SMC-D connections in parallel:\n watch -n 1 'smcss -D'\n\n BUG: kernel NULL pointer dereference, address: 0000000000000030\n CPU: 2 PID: 7204 Comm: smcss Kdump: loaded Tainted: G\tE 6.7.0+ #55\n RIP: 0010:__smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag]\n Call Trace:\n \n ? __die+0x24/0x70\n ? page_fault_oops+0x66/0x150\n ? exc_page_fault+0x69/0x140\n ? asm_exc_page_fault+0x26/0x30\n ? __smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag]\n ? __kmalloc_node_track_caller+0x35d/0x430\n ? __alloc_skb+0x77/0x170\n smc_diag_dump_proto+0xd0/0xf0 [smc_diag]\n smc_diag_dump+0x26/0x60 [smc_diag]\n netlink_dump+0x19f/0x320\n __netlink_dump_start+0x1dc/0x300\n smc_diag_handler_dump+0x6a/0x80 [smc_diag]\n ? __pfx_smc_diag_dump+0x10/0x10 [smc_diag]\n sock_diag_rcv_msg+0x121/0x140\n ? __pfx_sock_diag_rcv_msg+0x10/0x10\n netlink_rcv_skb+0x5a/0x110\n sock_diag_rcv+0x28/0x40\n netlink_unicast+0x22a/0x330\n netlink_sendmsg+0x1f8/0x420\n __sock_sendmsg+0xb0/0xc0\n ____sys_sendmsg+0x24e/0x300\n ? copy_msghdr_from_user+0x62/0x80\n ___sys_sendmsg+0x7c/0xd0\n ? __do_fault+0x34/0x160\n ? do_read_fault+0x5f/0x100\n ? do_fault+0xb0/0x110\n ? __handle_mm_fault+0x2b0/0x6c0\n __sys_sendmsg+0x4d/0x80\n do_syscall_64+0x69/0x180\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nIt is possible that the connection is in process of being established\nwhen we dump it. Assumed that the connection has been registered in a\nlink group by smc_conn_create() but the rmb_desc has not yet been\ninitialized by smc_buf_create(), thus causing the illegal access to\nconn->rmb_desc. So fix it by checking before dump.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-26615" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aab046bb-9588-4c68-aa76-84319ccbe70f.json b/objects/vulnerability/vulnerability--aab046bb-9588-4c68-aa76-84319ccbe70f.json new file mode 100644 index 00000000000..8aa3f9f57fa --- /dev/null +++ b/objects/vulnerability/vulnerability--aab046bb-9588-4c68-aa76-84319ccbe70f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--78f8f21e-79c5-4172-95fe-e5f494f56885", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aab046bb-9588-4c68-aa76-84319ccbe70f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.300664Z", + "modified": "2024-03-01T00:30:49.300664Z", + "name": "CVE-2024-26613", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv\n\nSyzcaller UBSAN crash occurs in rds_cmsg_recv(),\nwhich reads inc->i_rx_lat_trace[j + 1] with index 4 (3 + 1),\nbut with array size of 4 (RDS_RX_MAX_TRACES).\nHere 'j' is assigned from rs->rs_rx_trace[i] and in-turn from\ntrace.rx_trace_pos[i] in rds_recv_track_latency(),\nwith both arrays sized 3 (RDS_MSG_RX_DGRAM_TRACE_MAX). So fix the\noff-by-one bounds check in rds_recv_track_latency() to prevent\na potential crash in rds_cmsg_recv().\n\nFound by syzcaller:\n=================================================================\nUBSAN: array-index-out-of-bounds in net/rds/recv.c:585:39\nindex 4 is out of range for type 'u64 [4]'\nCPU: 1 PID: 8058 Comm: syz-executor228 Not tainted 6.6.0-gd2f51b3516da #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS 1.15.0-1 04/01/2014\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x136/0x150 lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:217 [inline]\n __ubsan_handle_out_of_bounds+0xd5/0x130 lib/ubsan.c:348\n rds_cmsg_recv+0x60d/0x700 net/rds/recv.c:585\n rds_recvmsg+0x3fb/0x1610 net/rds/recv.c:716\n sock_recvmsg_nosec net/socket.c:1044 [inline]\n sock_recvmsg+0xe2/0x160 net/socket.c:1066\n __sys_recvfrom+0x1b6/0x2f0 net/socket.c:2246\n __do_sys_recvfrom net/socket.c:2264 [inline]\n __se_sys_recvfrom net/socket.c:2260 [inline]\n __x64_sys_recvfrom+0xe0/0x1b0 net/socket.c:2260\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n==================================================================", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-26613" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ac86276a-09a7-4606-9b10-95ce6dc56676.json b/objects/vulnerability/vulnerability--ac86276a-09a7-4606-9b10-95ce6dc56676.json new file mode 100644 index 00000000000..b76d2bc9457 --- /dev/null +++ b/objects/vulnerability/vulnerability--ac86276a-09a7-4606-9b10-95ce6dc56676.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ecb92cd3-d649-415c-8d52-e5734a9f2393", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ac86276a-09a7-4606-9b10-95ce6dc56676", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:45.886464Z", + "modified": "2024-03-01T00:30:45.886464Z", + "name": "CVE-2023-52476", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/lbr: Filter vsyscall addresses\n\nWe found that a panic can occur when a vsyscall is made while LBR sampling\nis active. If the vsyscall is interrupted (NMI) for perf sampling, this\ncall sequence can occur (most recent at top):\n\n __insn_get_emulate_prefix()\n insn_get_emulate_prefix()\n insn_get_prefixes()\n insn_get_opcode()\n decode_branch_type()\n get_branch_type()\n intel_pmu_lbr_filter()\n intel_pmu_handle_irq()\n perf_event_nmi_handler()\n\nWithin __insn_get_emulate_prefix() at frame 0, a macro is called:\n\n peek_nbyte_next(insn_byte_t, insn, i)\n\nWithin this macro, this dereference occurs:\n\n (insn)->next_byte\n\nInspecting registers at this point, the value of the next_byte field is the\naddress of the vsyscall made, for example the location of the vsyscall\nversion of gettimeofday() at 0xffffffffff600000. The access to an address\nin the vsyscall region will trigger an oops due to an unhandled page fault.\n\nTo fix the bug, filtering for vsyscalls can be done when\ndetermining the branch type. This patch will return\na \"none\" branch if a kernel address if found to lie in the\nvsyscall region.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52476" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--acd42170-43b5-4fdf-a91a-bd7c7405304e.json b/objects/vulnerability/vulnerability--acd42170-43b5-4fdf-a91a-bd7c7405304e.json new file mode 100644 index 00000000000..69e29716d68 --- /dev/null +++ b/objects/vulnerability/vulnerability--acd42170-43b5-4fdf-a91a-bd7c7405304e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9fd71191-3e01-4509-911c-3972cd626a10", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--acd42170-43b5-4fdf-a91a-bd7c7405304e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:47.815165Z", + "modified": "2024-03-01T00:30:47.815165Z", + "name": "CVE-2023-50905", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log allows Stored XSS.This issue affects WP Activity Log: from n/a through 4.6.1.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-50905" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ae5c2742-6ab4-40ad-bda0-3bf49cbb65b0.json b/objects/vulnerability/vulnerability--ae5c2742-6ab4-40ad-bda0-3bf49cbb65b0.json new file mode 100644 index 00000000000..42002948fc1 --- /dev/null +++ b/objects/vulnerability/vulnerability--ae5c2742-6ab4-40ad-bda0-3bf49cbb65b0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b06177ec-5340-4891-979a-b494bbe76713", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ae5c2742-6ab4-40ad-bda0-3bf49cbb65b0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.345845Z", + "modified": "2024-03-01T00:30:49.345845Z", + "name": "CVE-2024-27656", + "description": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Cookie parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27656" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aeef469d-4580-42d8-bde9-1766ed252c92.json b/objects/vulnerability/vulnerability--aeef469d-4580-42d8-bde9-1766ed252c92.json new file mode 100644 index 00000000000..34fdc31e69b --- /dev/null +++ b/objects/vulnerability/vulnerability--aeef469d-4580-42d8-bde9-1766ed252c92.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7d5797bd-3ce7-489d-ad91-70bdf3e38b98", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aeef469d-4580-42d8-bde9-1766ed252c92", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.399309Z", + "modified": "2024-03-01T00:30:49.399309Z", + "name": "CVE-2024-0403", + "description": "Recipes version 1.5.10 allows arbitrary HTTP requests to be made\n\nthrough the server. This is possible because the application is\n\nvulnerable to SSRF.\n\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0403" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b045b25f-4fd8-46b4-afc9-7627a8b8f046.json b/objects/vulnerability/vulnerability--b045b25f-4fd8-46b4-afc9-7627a8b8f046.json new file mode 100644 index 00000000000..5ce862df526 --- /dev/null +++ b/objects/vulnerability/vulnerability--b045b25f-4fd8-46b4-afc9-7627a8b8f046.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--346d905b-ef11-44b6-a114-538cfd39345d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b045b25f-4fd8-46b4-afc9-7627a8b8f046", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.163576Z", + "modified": "2024-03-01T00:30:49.163576Z", + "name": "CVE-2024-1437", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in José Fernandez Adsmonetizer allows Reflected XSS.This issue affects Adsmonetizer: from n/a through 3.1.2.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1437" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b06a768a-a0c2-49e8-bc44-8eaea3e86906.json b/objects/vulnerability/vulnerability--b06a768a-a0c2-49e8-bc44-8eaea3e86906.json new file mode 100644 index 00000000000..654073c52a9 --- /dev/null +++ b/objects/vulnerability/vulnerability--b06a768a-a0c2-49e8-bc44-8eaea3e86906.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a8d105d0-f0fc-4f7c-a1d5-5c7919594e0d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b06a768a-a0c2-49e8-bc44-8eaea3e86906", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.497188Z", + "modified": "2024-03-01T00:30:49.497188Z", + "name": "CVE-2024-24028", + "description": "Server Side Request Forgery (SSRF) vulnerability in Likeshop before 2.5.7 allows attackers to view sensitive information via the avatar parameter in function UserLogic::updateWechatInfo.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24028" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b2cc591d-6c2c-4644-b3e0-e9abb0e8894c.json b/objects/vulnerability/vulnerability--b2cc591d-6c2c-4644-b3e0-e9abb0e8894c.json new file mode 100644 index 00000000000..109ab541bb1 --- /dev/null +++ b/objects/vulnerability/vulnerability--b2cc591d-6c2c-4644-b3e0-e9abb0e8894c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--85d98a60-f755-439c-917c-f3b189c60546", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b2cc591d-6c2c-4644-b3e0-e9abb0e8894c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.147607Z", + "modified": "2024-03-01T00:30:49.147607Z", + "name": "CVE-2024-1468", + "description": "The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_import_options() function in all versions up to, and including, 7.11.4. This makes it possible for authenticated attackers, with contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1468" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b33840f7-4d23-495a-ab55-08f47deed31c.json b/objects/vulnerability/vulnerability--b33840f7-4d23-495a-ab55-08f47deed31c.json new file mode 100644 index 00000000000..2c9489d62f5 --- /dev/null +++ b/objects/vulnerability/vulnerability--b33840f7-4d23-495a-ab55-08f47deed31c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--56923c82-9d94-4580-bfa3-fc04d524d141", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b33840f7-4d23-495a-ab55-08f47deed31c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.462424Z", + "modified": "2024-03-01T00:30:49.462424Z", + "name": "CVE-2024-24520", + "description": "An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24520" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b6b0d9f8-5bfc-42e7-bec6-8e29eac954b1.json b/objects/vulnerability/vulnerability--b6b0d9f8-5bfc-42e7-bec6-8e29eac954b1.json new file mode 100644 index 00000000000..fe9a92a2426 --- /dev/null +++ b/objects/vulnerability/vulnerability--b6b0d9f8-5bfc-42e7-bec6-8e29eac954b1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--18a3ffc6-ef5e-431d-abe6-9ddb40692fe7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b6b0d9f8-5bfc-42e7-bec6-8e29eac954b1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.472566Z", + "modified": "2024-03-01T00:30:49.472566Z", + "name": "CVE-2024-24818", + "description": "EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in \"Password Change\" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24818" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b73dc48f-4150-41f8-8f4a-176b7c943338.json b/objects/vulnerability/vulnerability--b73dc48f-4150-41f8-8f4a-176b7c943338.json new file mode 100644 index 00000000000..e762bee931f --- /dev/null +++ b/objects/vulnerability/vulnerability--b73dc48f-4150-41f8-8f4a-176b7c943338.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c11a5991-b772-49b3-8d28-4d46a9df37ad", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b73dc48f-4150-41f8-8f4a-176b7c943338", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:45.873834Z", + "modified": "2024-03-01T00:30:45.873834Z", + "name": "CVE-2023-52488", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO\n\nThe SC16IS7XX IC supports a burst mode to access the FIFOs where the\ninitial register address is sent ($00), followed by all the FIFO data\nwithout having to resend the register address each time. In this mode, the\nIC doesn't increment the register address for each R/W byte.\n\nThe regmap_raw_read() and regmap_raw_write() are functions which can\nperform IO over multiple registers. They are currently used to read/write\nfrom/to the FIFO, and although they operate correctly in this burst mode on\nthe SPI bus, they would corrupt the regmap cache if it was not disabled\nmanually. The reason is that when the R/W size is more than 1 byte, these\nfunctions assume that the register address is incremented and handle the\ncache accordingly.\n\nConvert FIFO R/W functions to use the regmap _noinc_ versions in order to\nremove the manual cache control which was a workaround when using the\n_raw_ versions. FIFO registers are properly declared as volatile so\ncache will not be used/updated for FIFO accesses.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52488" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b84096a0-f210-48b2-a250-2d2049e7ba68.json b/objects/vulnerability/vulnerability--b84096a0-f210-48b2-a250-2d2049e7ba68.json new file mode 100644 index 00000000000..f109b232dc3 --- /dev/null +++ b/objects/vulnerability/vulnerability--b84096a0-f210-48b2-a250-2d2049e7ba68.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fba9a33d-21da-4b4d-b428-59e05be7b86e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b84096a0-f210-48b2-a250-2d2049e7ba68", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:47.19057Z", + "modified": "2024-03-01T00:30:47.19057Z", + "name": "CVE-2023-51696", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-51696" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b85bba86-d17e-4eef-be04-22ee4a5cc697.json b/objects/vulnerability/vulnerability--b85bba86-d17e-4eef-be04-22ee4a5cc697.json new file mode 100644 index 00000000000..201ad787c1b --- /dev/null +++ b/objects/vulnerability/vulnerability--b85bba86-d17e-4eef-be04-22ee4a5cc697.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3090950e-e39c-45b2-8558-1998c149a3be", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b85bba86-d17e-4eef-be04-22ee4a5cc697", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.3746Z", + "modified": "2024-03-01T00:30:49.3746Z", + "name": "CVE-2024-27292", + "description": "Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27292" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ba30e3dc-bf87-4945-85d9-2180539d7ee8.json b/objects/vulnerability/vulnerability--ba30e3dc-bf87-4945-85d9-2180539d7ee8.json new file mode 100644 index 00000000000..41ab9fc7c3a --- /dev/null +++ b/objects/vulnerability/vulnerability--ba30e3dc-bf87-4945-85d9-2180539d7ee8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c114f2fe-883b-48f6-86af-9c444b126ab1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ba30e3dc-bf87-4945-85d9-2180539d7ee8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:51.725588Z", + "modified": "2024-03-01T00:30:51.725588Z", + "name": "CVE-2021-39090", + "description": "IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 216388.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-39090" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bb0132ff-3877-475b-b674-f75ee9217d62.json b/objects/vulnerability/vulnerability--bb0132ff-3877-475b-b674-f75ee9217d62.json new file mode 100644 index 00000000000..68086f6fb6e --- /dev/null +++ b/objects/vulnerability/vulnerability--bb0132ff-3877-475b-b674-f75ee9217d62.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9c291bc5-c0f0-4a89-b787-a69fc81df12b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bb0132ff-3877-475b-b674-f75ee9217d62", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.19043Z", + "modified": "2024-03-01T00:30:49.19043Z", + "name": "CVE-2024-1887", + "description": "Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export. \n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1887" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bed9c15d-69a6-4eac-8c8a-dd503040f98c.json b/objects/vulnerability/vulnerability--bed9c15d-69a6-4eac-8c8a-dd503040f98c.json new file mode 100644 index 00000000000..81c8741e82f --- /dev/null +++ b/objects/vulnerability/vulnerability--bed9c15d-69a6-4eac-8c8a-dd503040f98c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c079bef2-03ce-488e-8482-51675ee7c726", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bed9c15d-69a6-4eac-8c8a-dd503040f98c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.263209Z", + "modified": "2024-03-01T00:30:49.263209Z", + "name": "CVE-2024-2015", + "description": "A vulnerability, which was classified as critical, has been found in ZhiCms 4.0. This issue affects the function getindexdata of the file app/index/controller/mcontroller.php. The manipulation of the argument key leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255269 was assigned to this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-2015" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bf914637-915d-4c86-a7bb-ee45b7f5a69a.json b/objects/vulnerability/vulnerability--bf914637-915d-4c86-a7bb-ee45b7f5a69a.json new file mode 100644 index 00000000000..fcb534d626b --- /dev/null +++ b/objects/vulnerability/vulnerability--bf914637-915d-4c86-a7bb-ee45b7f5a69a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--806fb4f6-74e5-4ab5-a8de-3be201c2996a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bf914637-915d-4c86-a7bb-ee45b7f5a69a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.365249Z", + "modified": "2024-03-01T00:30:49.365249Z", + "name": "CVE-2024-27655", + "description": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SOAPACTION parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27655" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c024eed9-649e-402b-9dcd-2b0976b5eea5.json b/objects/vulnerability/vulnerability--c024eed9-649e-402b-9dcd-2b0976b5eea5.json new file mode 100644 index 00000000000..064542a4c45 --- /dev/null +++ b/objects/vulnerability/vulnerability--c024eed9-649e-402b-9dcd-2b0976b5eea5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--75eb2be5-89e7-4ea0-be16-c3db6a7d9879", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c024eed9-649e-402b-9dcd-2b0976b5eea5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:45.860061Z", + "modified": "2024-03-01T00:30:45.860061Z", + "name": "CVE-2023-52479", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix uaf in smb20_oplock_break_ack\n\ndrop reference after use opinfo.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52479" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c169e4a7-4898-42fa-a68d-a0fdbedb1158.json b/objects/vulnerability/vulnerability--c169e4a7-4898-42fa-a68d-a0fdbedb1158.json new file mode 100644 index 00000000000..aa4803488e2 --- /dev/null +++ b/objects/vulnerability/vulnerability--c169e4a7-4898-42fa-a68d-a0fdbedb1158.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dd06573f-b7ee-4aa1-9a49-ebacdb7075b9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c169e4a7-4898-42fa-a68d-a0fdbedb1158", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.264278Z", + "modified": "2024-03-01T00:30:49.264278Z", + "name": "CVE-2024-2007", + "description": "A vulnerability was found in OpenBMB XAgent 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Privileged Mode. The manipulation leads to sandbox issue. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-255265 was assigned to this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-2007" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c39e73ac-71c9-4d42-a1ea-f79a06166ce5.json b/objects/vulnerability/vulnerability--c39e73ac-71c9-4d42-a1ea-f79a06166ce5.json new file mode 100644 index 00000000000..9930ef21e19 --- /dev/null +++ b/objects/vulnerability/vulnerability--c39e73ac-71c9-4d42-a1ea-f79a06166ce5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--47db9778-1991-44e7-8ada-195047f601b0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c39e73ac-71c9-4d42-a1ea-f79a06166ce5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.158822Z", + "modified": "2024-03-01T00:30:49.158822Z", + "name": "CVE-2024-1888", + "description": "Mattermost fails to check the \"invite_guest\" permission when inviting guests of other teams to a team, allowing a member with permissions to add other members but not to add guests to add a guest to a team as long as the guest was already a guest in another team of the server\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1888" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c42dea90-04df-46f7-8074-86f02b95a09b.json b/objects/vulnerability/vulnerability--c42dea90-04df-46f7-8074-86f02b95a09b.json new file mode 100644 index 00000000000..4cfbcd9dda2 --- /dev/null +++ b/objects/vulnerability/vulnerability--c42dea90-04df-46f7-8074-86f02b95a09b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dd7d8133-f855-4819-9991-2de9307fbdbf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c42dea90-04df-46f7-8074-86f02b95a09b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:51.433531Z", + "modified": "2024-03-01T00:30:51.433531Z", + "name": "CVE-2021-47057", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: sun8i-ss - Fix memory leak of object d when dma_iv fails to map\n\nIn the case where the dma_iv mapping fails, the return error path leaks\nthe memory allocated to object d. Fix this by adding a new error return\nlabel and jumping to this to ensure d is free'd before the return.\n\nAddresses-Coverity: (\"Resource leak\")", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47057" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c4e4547c-af2d-442d-8a6a-a3dd08927243.json b/objects/vulnerability/vulnerability--c4e4547c-af2d-442d-8a6a-a3dd08927243.json new file mode 100644 index 00000000000..fd81e303aca --- /dev/null +++ b/objects/vulnerability/vulnerability--c4e4547c-af2d-442d-8a6a-a3dd08927243.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--19e059f8-5e27-4093-ab35-19a7f5a96965", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c4e4547c-af2d-442d-8a6a-a3dd08927243", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.199039Z", + "modified": "2024-03-01T00:30:49.199039Z", + "name": "CVE-2024-1435", + "description": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Tainacan.Org Tainacan.This issue affects Tainacan: from n/a through 0.20.6.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1435" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c5233b78-7ca8-4fa4-bcba-55d22aa48d8b.json b/objects/vulnerability/vulnerability--c5233b78-7ca8-4fa4-bcba-55d22aa48d8b.json new file mode 100644 index 00000000000..832c77d2abc --- /dev/null +++ b/objects/vulnerability/vulnerability--c5233b78-7ca8-4fa4-bcba-55d22aa48d8b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e7ac580f-9cd7-4c07-8cf6-8bfa579e9db3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c5233b78-7ca8-4fa4-bcba-55d22aa48d8b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:45.880679Z", + "modified": "2024-03-01T00:30:45.880679Z", + "name": "CVE-2023-52490", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: migrate: fix getting incorrect page mapping during page migration\n\nWhen running stress-ng testing, we found below kernel crash after a few hours:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000000\npc : dentry_name+0xd8/0x224\nlr : pointer+0x22c/0x370\nsp : ffff800025f134c0\n......\nCall trace:\n dentry_name+0xd8/0x224\n pointer+0x22c/0x370\n vsnprintf+0x1ec/0x730\n vscnprintf+0x2c/0x60\n vprintk_store+0x70/0x234\n vprintk_emit+0xe0/0x24c\n vprintk_default+0x3c/0x44\n vprintk_func+0x84/0x2d0\n printk+0x64/0x88\n __dump_page+0x52c/0x530\n dump_page+0x14/0x20\n set_migratetype_isolate+0x110/0x224\n start_isolate_page_range+0xc4/0x20c\n offline_pages+0x124/0x474\n memory_block_offline+0x44/0xf4\n memory_subsys_offline+0x3c/0x70\n device_offline+0xf0/0x120\n ......\n\nAfter analyzing the vmcore, I found this issue is caused by page migration.\nThe scenario is that, one thread is doing page migration, and we will use the\ntarget page's ->mapping field to save 'anon_vma' pointer between page unmap and\npage move, and now the target page is locked and refcount is 1.\n\nCurrently, there is another stress-ng thread performing memory hotplug,\nattempting to offline the target page that is being migrated. It discovers that\nthe refcount of this target page is 1, preventing the offline operation, thus\nproceeding to dump the page. However, page_mapping() of the target page may\nreturn an incorrect file mapping to crash the system in dump_mapping(), since\nthe target page->mapping only saves 'anon_vma' pointer without setting\nPAGE_MAPPING_ANON flag.\n\nThere are seveval ways to fix this issue:\n(1) Setting the PAGE_MAPPING_ANON flag for target page's ->mapping when saving\n'anon_vma', but this can confuse PageAnon() for PFN walkers, since the target\npage has not built mappings yet.\n(2) Getting the page lock to call page_mapping() in __dump_page() to avoid crashing\nthe system, however, there are still some PFN walkers that call page_mapping()\nwithout holding the page lock, such as compaction.\n(3) Using target page->private field to save the 'anon_vma' pointer and 2 bits\npage state, just as page->mapping records an anonymous page, which can remove\nthe page_mapping() impact for PFN walkers and also seems a simple way.\n\nSo I choose option 3 to fix this issue, and this can also fix other potential\nissues for PFN walkers, such as compaction.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52490" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c562300b-abb8-4d44-b50f-f76a8cbf0a4e.json b/objects/vulnerability/vulnerability--c562300b-abb8-4d44-b50f-f76a8cbf0a4e.json new file mode 100644 index 00000000000..effc1e49786 --- /dev/null +++ b/objects/vulnerability/vulnerability--c562300b-abb8-4d44-b50f-f76a8cbf0a4e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7ae95de4-c6e3-46fe-92eb-835463bf27e4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c562300b-abb8-4d44-b50f-f76a8cbf0a4e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.276543Z", + "modified": "2024-03-01T00:30:49.276543Z", + "name": "CVE-2024-26614", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: make sure init the accept_queue's spinlocks once\n\nWhen I run syz's reproduction C program locally, it causes the following\nissue:\npvqspinlock: lock 0xffff9d181cd5c660 has corrupted value 0x0!\nWARNING: CPU: 19 PID: 21160 at __pv_queued_spin_unlock_slowpath (kernel/locking/qspinlock_paravirt.h:508)\nHardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\nRIP: 0010:__pv_queued_spin_unlock_slowpath (kernel/locking/qspinlock_paravirt.h:508)\nCode: 73 56 3a ff 90 c3 cc cc cc cc 8b 05 bb 1f 48 01 85 c0 74 05 c3 cc cc cc cc 8b 17 48 89 fe 48 c7 c7\n30 20 ce 8f e8 ad 56 42 ff <0f> 0b c3 cc cc cc cc 0f 0b 0f 1f 40 00 90 90 90 90 90 90 90 90 90\nRSP: 0018:ffffa8d200604cb8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9d1ef60e0908\nRDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff9d1ef60e0900\nRBP: ffff9d181cd5c280 R08: 0000000000000000 R09: 00000000ffff7fff\nR10: ffffa8d200604b68 R11: ffffffff907dcdc8 R12: 0000000000000000\nR13: ffff9d181cd5c660 R14: ffff9d1813a3f330 R15: 0000000000001000\nFS: 00007fa110184640(0000) GS:ffff9d1ef60c0000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000000 CR3: 000000011f65e000 CR4: 00000000000006f0\nCall Trace:\n\n _raw_spin_unlock (kernel/locking/spinlock.c:186)\n inet_csk_reqsk_queue_add (net/ipv4/inet_connection_sock.c:1321)\n inet_csk_complete_hashdance (net/ipv4/inet_connection_sock.c:1358)\n tcp_check_req (net/ipv4/tcp_minisocks.c:868)\n tcp_v4_rcv (net/ipv4/tcp_ipv4.c:2260)\n ip_protocol_deliver_rcu (net/ipv4/ip_input.c:205)\n ip_local_deliver_finish (net/ipv4/ip_input.c:234)\n __netif_receive_skb_one_core (net/core/dev.c:5529)\n process_backlog (./include/linux/rcupdate.h:779)\n __napi_poll (net/core/dev.c:6533)\n net_rx_action (net/core/dev.c:6604)\n __do_softirq (./arch/x86/include/asm/jump_label.h:27)\n do_softirq (kernel/softirq.c:454 kernel/softirq.c:441)\n\n\n __local_bh_enable_ip (kernel/softirq.c:381)\n __dev_queue_xmit (net/core/dev.c:4374)\n ip_finish_output2 (./include/net/neighbour.h:540 net/ipv4/ip_output.c:235)\n __ip_queue_xmit (net/ipv4/ip_output.c:535)\n __tcp_transmit_skb (net/ipv4/tcp_output.c:1462)\n tcp_rcv_synsent_state_process (net/ipv4/tcp_input.c:6469)\n tcp_rcv_state_process (net/ipv4/tcp_input.c:6657)\n tcp_v4_do_rcv (net/ipv4/tcp_ipv4.c:1929)\n __release_sock (./include/net/sock.h:1121 net/core/sock.c:2968)\n release_sock (net/core/sock.c:3536)\n inet_wait_for_connect (net/ipv4/af_inet.c:609)\n __inet_stream_connect (net/ipv4/af_inet.c:702)\n inet_stream_connect (net/ipv4/af_inet.c:748)\n __sys_connect (./include/linux/file.h:45 net/socket.c:2064)\n __x64_sys_connect (net/socket.c:2073 net/socket.c:2070 net/socket.c:2070)\n do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:82)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129)\n RIP: 0033:0x7fa10ff05a3d\n Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89\n c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ab a3 0e 00 f7 d8 64 89 01 48\n RSP: 002b:00007fa110183de8 EFLAGS: 00000202 ORIG_RAX: 000000000000002a\n RAX: ffffffffffffffda RBX: 0000000020000054 RCX: 00007fa10ff05a3d\n RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000003\n RBP: 00007fa110183e20 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000202 R12: 00007fa110184640\n R13: 0000000000000000 R14: 00007fa10fe8b060 R15: 00007fff73e23b20\n\n\nThe issue triggering process is analyzed as follows:\nThread A Thread B\ntcp_v4_rcv\t//receive ack TCP packet inet_shutdown\n tcp_check_req tcp_disconnect //disconnect sock\n ... tcp_set_state(sk, TCP_CLOSE)\n inet_csk_complete_hashdance ...\n inet_csk_reqsk_queue_add \n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-26614" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c5e3d79b-9b56-432a-a532-573517dfc367.json b/objects/vulnerability/vulnerability--c5e3d79b-9b56-432a-a532-573517dfc367.json new file mode 100644 index 00000000000..23476a5ad69 --- /dev/null +++ b/objects/vulnerability/vulnerability--c5e3d79b-9b56-432a-a532-573517dfc367.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--785a08bb-fafb-49d2-a65f-0c5c79bcd590", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c5e3d79b-9b56-432a-a532-573517dfc367", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:51.439295Z", + "modified": "2024-03-01T00:30:51.439295Z", + "name": "CVE-2021-47061", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Destroy I/O bus devices on unregister failure _after_ sync'ing SRCU\n\nIf allocating a new instance of an I/O bus fails when unregistering a\ndevice, wait to destroy the device until after all readers are guaranteed\nto see the new null bus. Destroying devices before the bus is nullified\ncould lead to use-after-free since readers expect the devices on their\nreference of the bus to remain valid.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47061" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c6c40fad-f955-4027-ae0c-896fd0b507bb.json b/objects/vulnerability/vulnerability--c6c40fad-f955-4027-ae0c-896fd0b507bb.json new file mode 100644 index 00000000000..939485bb27a --- /dev/null +++ b/objects/vulnerability/vulnerability--c6c40fad-f955-4027-ae0c-896fd0b507bb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eeff62a1-9580-4a09-802f-247b52ac0232", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c6c40fad-f955-4027-ae0c-896fd0b507bb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.155608Z", + "modified": "2024-03-01T00:30:49.155608Z", + "name": "CVE-2024-1953", + "description": "Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1953" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c750f570-19d2-4cb0-93bc-654f20a58c44.json b/objects/vulnerability/vulnerability--c750f570-19d2-4cb0-93bc-654f20a58c44.json new file mode 100644 index 00000000000..37490b73292 --- /dev/null +++ b/objects/vulnerability/vulnerability--c750f570-19d2-4cb0-93bc-654f20a58c44.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5d7b739a-4551-4c6e-9682-9c7a1737c3c0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c750f570-19d2-4cb0-93bc-654f20a58c44", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.3435Z", + "modified": "2024-03-01T00:30:49.3435Z", + "name": "CVE-2024-27659", + "description": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_42AF30(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27659" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--caaadc4a-c693-4673-83bf-5223be8d065d.json b/objects/vulnerability/vulnerability--caaadc4a-c693-4673-83bf-5223be8d065d.json new file mode 100644 index 00000000000..5628ab7540f --- /dev/null +++ b/objects/vulnerability/vulnerability--caaadc4a-c693-4673-83bf-5223be8d065d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a8332ed9-a7ae-46ad-aaee-6218ac7a64c9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--caaadc4a-c693-4673-83bf-5223be8d065d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.270183Z", + "modified": "2024-03-01T00:30:49.270183Z", + "name": "CVE-2024-2016", + "description": "A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the function index of the file app/manage/controller/setcontroller.php. The manipulation of the argument sitename leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255270 is the identifier assigned to this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-2016" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cb2d7e98-78ea-47b4-8737-18aef622722d.json b/objects/vulnerability/vulnerability--cb2d7e98-78ea-47b4-8737-18aef622722d.json new file mode 100644 index 00000000000..35eb6bab751 --- /dev/null +++ b/objects/vulnerability/vulnerability--cb2d7e98-78ea-47b4-8737-18aef622722d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3c7e173a-69a6-4233-b9ee-e118fe277106", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cb2d7e98-78ea-47b4-8737-18aef622722d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.327071Z", + "modified": "2024-03-01T00:30:49.327071Z", + "name": "CVE-2024-26620", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/vfio-ap: always filter entire AP matrix\n\nThe vfio_ap_mdev_filter_matrix function is called whenever a new adapter or\ndomain is assigned to the mdev. The purpose of the function is to update\nthe guest's AP configuration by filtering the matrix of adapters and\ndomains assigned to the mdev. When an adapter or domain is assigned, only\nthe APQNs associated with the APID of the new adapter or APQI of the new\ndomain are inspected. If an APQN does not reference a queue device bound to\nthe vfio_ap device driver, then it's APID will be filtered from the mdev's\nmatrix when updating the guest's AP configuration.\n\nInspecting only the APID of the new adapter or APQI of the new domain will\nresult in passing AP queues through to a guest that are not bound to the\nvfio_ap device driver under certain circumstances. Consider the following:\n\nguest's AP configuration (all also assigned to the mdev's matrix):\n14.0004\n14.0005\n14.0006\n16.0004\n16.0005\n16.0006\n\nunassign domain 4\nunbind queue 16.0005\nassign domain 4\n\nWhen domain 4 is re-assigned, since only domain 4 will be inspected, the\nAPQNs that will be examined will be:\n14.0004\n16.0004\n\nSince both of those APQNs reference queue devices that are bound to the\nvfio_ap device driver, nothing will get filtered from the mdev's matrix\nwhen updating the guest's AP configuration. Consequently, queue 16.0005\nwill get passed through despite not being bound to the driver. This\nviolates the linux device model requirement that a guest shall only be\ngiven access to devices bound to the device driver facilitating their\npass-through.\n\nTo resolve this problem, every adapter and domain assigned to the mdev will\nbe inspected when filtering the mdev's matrix.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-26620" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d148267c-1056-4332-a09a-e63fdc7ad09c.json b/objects/vulnerability/vulnerability--d148267c-1056-4332-a09a-e63fdc7ad09c.json new file mode 100644 index 00000000000..e4d18f0a779 --- /dev/null +++ b/objects/vulnerability/vulnerability--d148267c-1056-4332-a09a-e63fdc7ad09c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--46b34365-ff4a-4690-b5ec-34ca57ec50af", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d148267c-1056-4332-a09a-e63fdc7ad09c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.265287Z", + "modified": "2024-03-01T00:30:49.265287Z", + "name": "CVE-2024-2001", + "description": "A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is uploaded.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-2001" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d1bcaa4a-fae0-4c58-a6a0-83e38f726138.json b/objects/vulnerability/vulnerability--d1bcaa4a-fae0-4c58-a6a0-83e38f726138.json new file mode 100644 index 00000000000..2dcf98d0a6d --- /dev/null +++ b/objects/vulnerability/vulnerability--d1bcaa4a-fae0-4c58-a6a0-83e38f726138.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c50e5d4c-8858-4703-9996-c8e4ef712ba5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d1bcaa4a-fae0-4c58-a6a0-83e38f726138", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.150673Z", + "modified": "2024-03-01T00:30:49.150673Z", + "name": "CVE-2024-1434", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Media Alt Renamer allows Stored XSS.This issue affects Media Alt Renamer: from n/a through 0.0.1.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1434" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d332bbe7-60a9-4442-a00d-0cd5d70b31d0.json b/objects/vulnerability/vulnerability--d332bbe7-60a9-4442-a00d-0cd5d70b31d0.json new file mode 100644 index 00000000000..0f0671329df --- /dev/null +++ b/objects/vulnerability/vulnerability--d332bbe7-60a9-4442-a00d-0cd5d70b31d0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--83b99d25-a849-4dd3-81e0-fd9504693f55", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d332bbe7-60a9-4442-a00d-0cd5d70b31d0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:47.743805Z", + "modified": "2024-03-01T00:30:47.743805Z", + "name": "CVE-2023-25926", + "description": "IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 247599.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-25926" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d3881f82-94c1-4767-8c05-7b471dbdc585.json b/objects/vulnerability/vulnerability--d3881f82-94c1-4767-8c05-7b471dbdc585.json new file mode 100644 index 00000000000..bab74624b87 --- /dev/null +++ b/objects/vulnerability/vulnerability--d3881f82-94c1-4767-8c05-7b471dbdc585.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a41fd28e-9028-462d-80ee-8716801bd44b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d3881f82-94c1-4767-8c05-7b471dbdc585", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.461405Z", + "modified": "2024-03-01T00:30:49.461405Z", + "name": "CVE-2024-24525", + "description": "An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 allows a remote attacker to execute arbitrary code via the infoid parameter of the URL.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24525" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d3d42663-94de-4e71-9b2e-e507381f00ac.json b/objects/vulnerability/vulnerability--d3d42663-94de-4e71-9b2e-e507381f00ac.json new file mode 100644 index 00000000000..a06d0c57bad --- /dev/null +++ b/objects/vulnerability/vulnerability--d3d42663-94de-4e71-9b2e-e507381f00ac.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--378e556a-ccc3-4f44-bf82-836a707f644a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d3d42663-94de-4e71-9b2e-e507381f00ac", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.556695Z", + "modified": "2024-03-01T00:30:49.556695Z", + "name": "CVE-2024-25093", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD Rating System allows Stored XSS.This issue affects GD Rating System: from n/a through 3.5.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25093" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d4017623-0dc0-444d-adda-8d8f116c1994.json b/objects/vulnerability/vulnerability--d4017623-0dc0-444d-adda-8d8f116c1994.json new file mode 100644 index 00000000000..c6794662f25 --- /dev/null +++ b/objects/vulnerability/vulnerability--d4017623-0dc0-444d-adda-8d8f116c1994.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--72b2734d-98bf-4623-a8d2-14981c532b8d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d4017623-0dc0-444d-adda-8d8f116c1994", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.363784Z", + "modified": "2024-03-01T00:30:49.363784Z", + "name": "CVE-2024-27906", + "description": "Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI.\n\nUsers of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27906" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d451eba7-4a35-4a54-a3a5-64a2ebf83878.json b/objects/vulnerability/vulnerability--d451eba7-4a35-4a54-a3a5-64a2ebf83878.json new file mode 100644 index 00000000000..2943e0211fc --- /dev/null +++ b/objects/vulnerability/vulnerability--d451eba7-4a35-4a54-a3a5-64a2ebf83878.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cf930958-1a31-4abf-9c61-bfae1d294083", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d451eba7-4a35-4a54-a3a5-64a2ebf83878", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:51.447487Z", + "modified": "2024-03-01T00:30:51.447487Z", + "name": "CVE-2021-47067", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc/tegra: regulators: Fix locking up when voltage-spread is out of range\n\nFix voltage coupler lockup which happens when voltage-spread is out\nof range due to a bug in the code. The max-spread requirement shall be\naccounted when CPU regulator doesn't have consumers. This problem is\nobserved on Tegra30 Ouya game console once system-wide DVFS is enabled\nin a device-tree.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47067" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d9c34aa4-fe59-4670-bd2d-d88b6b5a2969.json b/objects/vulnerability/vulnerability--d9c34aa4-fe59-4670-bd2d-d88b6b5a2969.json new file mode 100644 index 00000000000..83d5ea44890 --- /dev/null +++ b/objects/vulnerability/vulnerability--d9c34aa4-fe59-4670-bd2d-d88b6b5a2969.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dc425f50-f3d4-47f8-9387-5335cdd265d9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d9c34aa4-fe59-4670-bd2d-d88b6b5a2969", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.570288Z", + "modified": "2024-03-01T00:30:49.570288Z", + "name": "CVE-2024-25291", + "description": "Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25291" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dad80d4f-4a51-448e-b38f-af831e9bee7d.json b/objects/vulnerability/vulnerability--dad80d4f-4a51-448e-b38f-af831e9bee7d.json new file mode 100644 index 00000000000..53e68c07c26 --- /dev/null +++ b/objects/vulnerability/vulnerability--dad80d4f-4a51-448e-b38f-af831e9bee7d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--edf5e17b-da5d-4183-9ee3-d49c8210a0be", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dad80d4f-4a51-448e-b38f-af831e9bee7d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.352734Z", + "modified": "2024-03-01T00:30:49.352734Z", + "name": "CVE-2024-27658", + "description": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27658" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--db506b5e-a7b9-4f12-ae4b-a7efe361ad4a.json b/objects/vulnerability/vulnerability--db506b5e-a7b9-4f12-ae4b-a7efe361ad4a.json new file mode 100644 index 00000000000..39a4b7d4e32 --- /dev/null +++ b/objects/vulnerability/vulnerability--db506b5e-a7b9-4f12-ae4b-a7efe361ad4a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b7bd74ec-800a-4237-b1b4-3b24e8c69960", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--db506b5e-a7b9-4f12-ae4b-a7efe361ad4a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.229367Z", + "modified": "2024-03-01T00:30:49.229367Z", + "name": "CVE-2024-23493", + "description": "Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of. \n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23493" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dd38a2c3-0fd8-421f-96bc-df5dff83f3a0.json b/objects/vulnerability/vulnerability--dd38a2c3-0fd8-421f-96bc-df5dff83f3a0.json new file mode 100644 index 00000000000..ef9433e0bf5 --- /dev/null +++ b/objects/vulnerability/vulnerability--dd38a2c3-0fd8-421f-96bc-df5dff83f3a0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9f597ff6-fef3-4d85-ba72-631c0f7146d9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dd38a2c3-0fd8-421f-96bc-df5dff83f3a0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.269075Z", + "modified": "2024-03-01T00:30:49.269075Z", + "name": "CVE-2024-2021", + "description": "A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. Affected is an unknown function of the file /admin/list_localuser.php. The manipulation of the argument ResId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255300. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-2021" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dee86549-a817-4aaf-84c9-a5d9e5a85790.json b/objects/vulnerability/vulnerability--dee86549-a817-4aaf-84c9-a5d9e5a85790.json new file mode 100644 index 00000000000..153c5a434f8 --- /dev/null +++ b/objects/vulnerability/vulnerability--dee86549-a817-4aaf-84c9-a5d9e5a85790.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3cf5b7bf-9375-4cb1-b95f-c90f5a523635", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dee86549-a817-4aaf-84c9-a5d9e5a85790", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:45.892968Z", + "modified": "2024-03-01T00:30:45.892968Z", + "name": "CVE-2023-52486", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: Don't unref the same fb many times by mistake due to deadlock handling\n\nIf we get a deadlock after the fb lookup in drm_mode_page_flip_ioctl()\nwe proceed to unref the fb and then retry the whole thing from the top.\nBut we forget to reset the fb pointer back to NULL, and so if we then\nget another error during the retry, before the fb lookup, we proceed\nthe unref the same fb again without having gotten another reference.\nThe end result is that the fb will (eventually) end up being freed\nwhile it's still in use.\n\nReset fb to NULL once we've unreffed it to avoid doing it again\nuntil we've done another fb lookup.\n\nThis turned out to be pretty easy to hit on a DG2 when doing async\nflips (and CONFIG_DEBUG_WW_MUTEX_SLOWPATH=y). The first symptom I\nsaw that drm_closefb() simply got stuck in a busy loop while walking\nthe framebuffer list. Fortunately I was able to convince it to oops\ninstead, and from there it was easier to track down the culprit.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52486" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--df7edde1-2160-4346-b005-af1d2b7251b8.json b/objects/vulnerability/vulnerability--df7edde1-2160-4346-b005-af1d2b7251b8.json new file mode 100644 index 00000000000..a681515bc85 --- /dev/null +++ b/objects/vulnerability/vulnerability--df7edde1-2160-4346-b005-af1d2b7251b8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a4f21e4c-772f-4248-a234-fc7a66d285b4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--df7edde1-2160-4346-b005-af1d2b7251b8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.321817Z", + "modified": "2024-03-01T00:30:49.321817Z", + "name": "CVE-2024-26610", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: fix a memory corruption\n\niwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that\nif we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in\nbytes, we'll write past the buffer.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-26610" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e1f4ad96-6ed1-4c4e-83dc-053a684f4aec.json b/objects/vulnerability/vulnerability--e1f4ad96-6ed1-4c4e-83dc-053a684f4aec.json new file mode 100644 index 00000000000..4da51bac62a --- /dev/null +++ b/objects/vulnerability/vulnerability--e1f4ad96-6ed1-4c4e-83dc-053a684f4aec.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a2d99391-f681-4d34-8d17-3b6a68a16770", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e1f4ad96-6ed1-4c4e-83dc-053a684f4aec", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:45.897217Z", + "modified": "2024-03-01T00:30:45.897217Z", + "name": "CVE-2023-52485", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Wake DMCUB before sending a command\n\n[Why]\nWe can hang in place trying to send commands when the DMCUB isn't\npowered on.\n\n[How]\nFor functions that execute within a DC context or DC lock we can\nwrap the direct calls to dm_execute_dmub_cmd/list with code that\nexits idle power optimizations and reallows once we're done with\nthe command submission on success.\n\nFor DM direct submissions the DM will need to manage the enter/exit\nsequencing manually.\n\nWe cannot invoke a DMCUB command directly within the DM execution\nhelper or we can deadlock.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52485" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e29057a3-987d-429c-97f9-a5a5380929a5.json b/objects/vulnerability/vulnerability--e29057a3-987d-429c-97f9-a5a5380929a5.json new file mode 100644 index 00000000000..f765ac8d3db --- /dev/null +++ b/objects/vulnerability/vulnerability--e29057a3-987d-429c-97f9-a5a5380929a5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9a9bc281-9135-4b03-a6df-08e26b0fdb59", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e29057a3-987d-429c-97f9-a5a5380929a5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.362762Z", + "modified": "2024-03-01T00:30:49.362762Z", + "name": "CVE-2024-27660", + "description": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_41C488(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27660" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e3664337-1ac2-4a3a-bf08-ce12ac2716b3.json b/objects/vulnerability/vulnerability--e3664337-1ac2-4a3a-bf08-ce12ac2716b3.json new file mode 100644 index 00000000000..426d383c46c --- /dev/null +++ b/objects/vulnerability/vulnerability--e3664337-1ac2-4a3a-bf08-ce12ac2716b3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fc2e489d-b323-407c-ae4d-280cae846110", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e3664337-1ac2-4a3a-bf08-ce12ac2716b3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.16469Z", + "modified": "2024-03-01T00:30:49.16469Z", + "name": "CVE-2024-1939", + "description": "Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1939" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e56b76e1-f517-40e0-b002-62dcb4366564.json b/objects/vulnerability/vulnerability--e56b76e1-f517-40e0-b002-62dcb4366564.json new file mode 100644 index 00000000000..01e6fb621e2 --- /dev/null +++ b/objects/vulnerability/vulnerability--e56b76e1-f517-40e0-b002-62dcb4366564.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--62e64bfe-e249-468c-addf-e8901c135814", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e56b76e1-f517-40e0-b002-62dcb4366564", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.295376Z", + "modified": "2024-03-01T00:30:49.295376Z", + "name": "CVE-2024-26618", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64/sme: Always exit sme_alloc() early with existing storage\n\nWhen sme_alloc() is called with existing storage and we are not flushing we\nwill always allocate new storage, both leaking the existing storage and\ncorrupting the state. Fix this by separating the checks for flushing and\nfor existing storage as we do for SVE.\n\nCallers that reallocate (eg, due to changing the vector length) should\ncall sme_free() themselves.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-26618" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e7e0ac8d-372e-4797-a2ac-daee6912d3b2.json b/objects/vulnerability/vulnerability--e7e0ac8d-372e-4797-a2ac-daee6912d3b2.json new file mode 100644 index 00000000000..0f2f58d60f4 --- /dev/null +++ b/objects/vulnerability/vulnerability--e7e0ac8d-372e-4797-a2ac-daee6912d3b2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--26d98972-5a6a-4efc-a878-6709069a386e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e7e0ac8d-372e-4797-a2ac-daee6912d3b2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.590171Z", + "modified": "2024-03-01T00:30:49.590171Z", + "name": "CVE-2024-25098", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pascal Bajorat PB oEmbed HTML5 Audio – with Cache Support allows Stored XSS.This issue affects PB oEmbed HTML5 Audio – with Cache Support: from n/a through 2.6.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25098" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e8784bff-8c2c-4f9f-9ae9-6a0194d7200d.json b/objects/vulnerability/vulnerability--e8784bff-8c2c-4f9f-9ae9-6a0194d7200d.json new file mode 100644 index 00000000000..731c48c8689 --- /dev/null +++ b/objects/vulnerability/vulnerability--e8784bff-8c2c-4f9f-9ae9-6a0194d7200d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--86329dbc-5e5d-44af-ba2e-358754cfdff4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e8784bff-8c2c-4f9f-9ae9-6a0194d7200d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:51.435873Z", + "modified": "2024-03-01T00:30:51.435873Z", + "name": "CVE-2021-47064", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: fix potential DMA mapping leak\n\nWith buf uninitialized in mt76_dma_tx_queue_skb_raw, its field skip_unmap\ncould potentially inherit a non-zero value from stack garbage.\nIf this happens, it will cause DMA mappings for MCU command frames to not be\nunmapped after completion", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-47064" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ee9012c5-bec0-491a-9bee-b39498907bba.json b/objects/vulnerability/vulnerability--ee9012c5-bec0-491a-9bee-b39498907bba.json new file mode 100644 index 00000000000..a8881d98972 --- /dev/null +++ b/objects/vulnerability/vulnerability--ee9012c5-bec0-491a-9bee-b39498907bba.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3bee45d7-32ab-4da1-abc1-15f8c912b290", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ee9012c5-bec0-491a-9bee-b39498907bba", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.267526Z", + "modified": "2024-03-01T00:30:49.267526Z", + "name": "CVE-2024-2045", + "description": "Session version 1.17.5 allows obtaining internal application files and public\n\nfiles from the user's device without the user's consent. This is possible\n\nbecause the application is vulnerable to Local File Read via chat attachments.\n\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-2045" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ef76aa72-f28d-43a4-aca3-eb542ff2f1c3.json b/objects/vulnerability/vulnerability--ef76aa72-f28d-43a4-aca3-eb542ff2f1c3.json new file mode 100644 index 00000000000..96921355432 --- /dev/null +++ b/objects/vulnerability/vulnerability--ef76aa72-f28d-43a4-aca3-eb542ff2f1c3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--39413ee9-0218-4c3b-9668-5e2af7877f9b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ef76aa72-f28d-43a4-aca3-eb542ff2f1c3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:46.967645Z", + "modified": "2024-03-01T00:30:46.967645Z", + "name": "CVE-2023-47874", + "description": "Missing Authorization vulnerability in Perfmatters.This issue affects Perfmatters: from n/a through 2.1.6.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-47874" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f2258a1d-d988-4520-aa21-e975185bc545.json b/objects/vulnerability/vulnerability--f2258a1d-d988-4520-aa21-e975185bc545.json new file mode 100644 index 00000000000..c2f02b2db66 --- /dev/null +++ b/objects/vulnerability/vulnerability--f2258a1d-d988-4520-aa21-e975185bc545.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7ca9371b-e31e-4bf2-ae9e-c52742715276", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f2258a1d-d988-4520-aa21-e975185bc545", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.430741Z", + "modified": "2024-03-01T00:30:49.430741Z", + "name": "CVE-2024-0068", + "description": "Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows File Manipulation.This issue affects Workforce Access: before 8.7.1.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0068" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f22cfb8c-df80-4b32-beb4-21222b286df9.json b/objects/vulnerability/vulnerability--f22cfb8c-df80-4b32-beb4-21222b286df9.json new file mode 100644 index 00000000000..2548fa3022a --- /dev/null +++ b/objects/vulnerability/vulnerability--f22cfb8c-df80-4b32-beb4-21222b286df9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--16446c5b-c447-4f65-9df5-73a5148eaff0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f22cfb8c-df80-4b32-beb4-21222b286df9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.197538Z", + "modified": "2024-03-01T00:30:49.197538Z", + "name": "CVE-2024-1978", + "description": "The Friends plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.5 via the discover_available_feeds function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1978" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f4bf26b6-690a-4bce-bbcd-5ebdeb250c66.json b/objects/vulnerability/vulnerability--f4bf26b6-690a-4bce-bbcd-5ebdeb250c66.json new file mode 100644 index 00000000000..0f67aa78580 --- /dev/null +++ b/objects/vulnerability/vulnerability--f4bf26b6-690a-4bce-bbcd-5ebdeb250c66.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f54d1690-e56b-4d49-ba58-fa424e55b3af", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f4bf26b6-690a-4bce-bbcd-5ebdeb250c66", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:45.888819Z", + "modified": "2024-03-01T00:30:45.888819Z", + "name": "CVE-2023-52483", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmctp: perform route lookups under a RCU read-side lock\n\nOur current route lookups (mctp_route_lookup and mctp_route_lookup_null)\ntraverse the net's route list without the RCU read lock held. This means\nthe route lookup is subject to preemption, resulting in an potential\ngrace period expiry, and so an eventual kfree() while we still have the\nroute pointer.\n\nAdd the proper read-side critical section locks around the route\nlookups, preventing premption and a possible parallel kfree.\n\nThe remaining net->mctp.routes accesses are already under a\nrcu_read_lock, or protected by the RTNL for updates.\n\nBased on an analysis from Sili Luo , where\nintroducing a delay in the route lookup could cause a UAF on\nsimultaneous sendmsg() and route deletion.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52483" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f7d808c8-45b1-4ece-ac21-09e90d3f47d4.json b/objects/vulnerability/vulnerability--f7d808c8-45b1-4ece-ac21-09e90d3f47d4.json new file mode 100644 index 00000000000..f82dddddbb4 --- /dev/null +++ b/objects/vulnerability/vulnerability--f7d808c8-45b1-4ece-ac21-09e90d3f47d4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--48c432f1-27e7-4992-832d-221787de9698", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f7d808c8-45b1-4ece-ac21-09e90d3f47d4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.272551Z", + "modified": "2024-03-01T00:30:49.272551Z", + "name": "CVE-2024-26612", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs, fscache: Prevent Oops in fscache_put_cache()\n\nThis function dereferences \"cache\" and then checks if it's\nIS_ERR_OR_NULL(). Check first, then dereference.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-26612" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f832de1a-deac-4ddf-9317-3bd0a3b240a3.json b/objects/vulnerability/vulnerability--f832de1a-deac-4ddf-9317-3bd0a3b240a3.json new file mode 100644 index 00000000000..d8658263b9d --- /dev/null +++ b/objects/vulnerability/vulnerability--f832de1a-deac-4ddf-9317-3bd0a3b240a3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--255f5ccf-e56b-4a79-a12b-60a5349b0c6c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f832de1a-deac-4ddf-9317-3bd0a3b240a3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:45.887449Z", + "modified": "2024-03-01T00:30:45.887449Z", + "name": "CVE-2023-52498", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM: sleep: Fix possible deadlocks in core system-wide PM code\n\nIt is reported that in low-memory situations the system-wide resume core\ncode deadlocks, because async_schedule_dev() executes its argument\nfunction synchronously if it cannot allocate memory (and not only in\nthat case) and that function attempts to acquire a mutex that is already\nheld. Executing the argument function synchronously from within\ndpm_async_fn() may also be problematic for ordering reasons (it may\ncause a consumer device's resume callback to be invoked before a\nrequisite supplier device's one, for example).\n\nAddress this by changing the code in question to use\nasync_schedule_dev_nocall() for scheduling the asynchronous\nexecution of device suspend and resume functions and to directly\nrun them synchronously if async_schedule_dev_nocall() returns false.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52498" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f9a4122f-1081-4693-b8ad-a0e931533285.json b/objects/vulnerability/vulnerability--f9a4122f-1081-4693-b8ad-a0e931533285.json new file mode 100644 index 00000000000..3e2e22cf5f3 --- /dev/null +++ b/objects/vulnerability/vulnerability--f9a4122f-1081-4693-b8ad-a0e931533285.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--13854c39-287d-4559-a60c-6bafe7a40864", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f9a4122f-1081-4693-b8ad-a0e931533285", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.214376Z", + "modified": "2024-03-01T00:30:49.214376Z", + "name": "CVE-2024-23488", + "description": "Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the “Allow users to view archived channels” option is disabled.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23488" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fce1eea9-be37-43a9-9e78-671a51314b98.json b/objects/vulnerability/vulnerability--fce1eea9-be37-43a9-9e78-671a51314b98.json new file mode 100644 index 00000000000..3999b91d17e --- /dev/null +++ b/objects/vulnerability/vulnerability--fce1eea9-be37-43a9-9e78-671a51314b98.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c6e3fa79-fdec-403f-94b8-0a4cc2616902", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fce1eea9-be37-43a9-9e78-671a51314b98", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.324832Z", + "modified": "2024-03-01T00:30:49.324832Z", + "name": "CVE-2024-26607", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: sii902x: Fix probing race issue\n\nA null pointer dereference crash has been observed rarely on TI\nplatforms using sii9022 bridge:\n\n[ 53.271356] sii902x_get_edid+0x34/0x70 [sii902x]\n[ 53.276066] sii902x_bridge_get_edid+0x14/0x20 [sii902x]\n[ 53.281381] drm_bridge_get_edid+0x20/0x34 [drm]\n[ 53.286305] drm_bridge_connector_get_modes+0x8c/0xcc [drm_kms_helper]\n[ 53.292955] drm_helper_probe_single_connector_modes+0x190/0x538 [drm_kms_helper]\n[ 53.300510] drm_client_modeset_probe+0x1f0/0xbd4 [drm]\n[ 53.305958] __drm_fb_helper_initial_config_and_unlock+0x50/0x510 [drm_kms_helper]\n[ 53.313611] drm_fb_helper_initial_config+0x48/0x58 [drm_kms_helper]\n[ 53.320039] drm_fbdev_dma_client_hotplug+0x84/0xd4 [drm_dma_helper]\n[ 53.326401] drm_client_register+0x5c/0xa0 [drm]\n[ 53.331216] drm_fbdev_dma_setup+0xc8/0x13c [drm_dma_helper]\n[ 53.336881] tidss_probe+0x128/0x264 [tidss]\n[ 53.341174] platform_probe+0x68/0xc4\n[ 53.344841] really_probe+0x188/0x3c4\n[ 53.348501] __driver_probe_device+0x7c/0x16c\n[ 53.352854] driver_probe_device+0x3c/0x10c\n[ 53.357033] __device_attach_driver+0xbc/0x158\n[ 53.361472] bus_for_each_drv+0x88/0xe8\n[ 53.365303] __device_attach+0xa0/0x1b4\n[ 53.369135] device_initial_probe+0x14/0x20\n[ 53.373314] bus_probe_device+0xb0/0xb4\n[ 53.377145] deferred_probe_work_func+0xcc/0x124\n[ 53.381757] process_one_work+0x1f0/0x518\n[ 53.385770] worker_thread+0x1e8/0x3dc\n[ 53.389519] kthread+0x11c/0x120\n[ 53.392750] ret_from_fork+0x10/0x20\n\nThe issue here is as follows:\n\n- tidss probes, but is deferred as sii902x is still missing.\n- sii902x starts probing and enters sii902x_init().\n- sii902x calls drm_bridge_add(). Now the sii902x bridge is ready from\n DRM's perspective.\n- sii902x calls sii902x_audio_codec_init() and\n platform_device_register_data()\n- The registration of the audio platform device causes probing of the\n deferred devices.\n- tidss probes, which eventually causes sii902x_bridge_get_edid() to be\n called.\n- sii902x_bridge_get_edid() tries to use the i2c to read the edid.\n However, the sii902x driver has not set up the i2c part yet, leading\n to the crash.\n\nFix this by moving the drm_bridge_add() to the end of the\nsii902x_init(), which is also at the very end of sii902x_probe().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-26607" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fdf274dd-ff8c-4844-a66c-74a83b88558b.json b/objects/vulnerability/vulnerability--fdf274dd-ff8c-4844-a66c-74a83b88558b.json new file mode 100644 index 00000000000..044580882d6 --- /dev/null +++ b/objects/vulnerability/vulnerability--fdf274dd-ff8c-4844-a66c-74a83b88558b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5e4cd480-51f2-48f9-b0de-2ad41170970a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fdf274dd-ff8c-4844-a66c-74a83b88558b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.192115Z", + "modified": "2024-03-01T00:30:49.192115Z", + "name": "CVE-2024-1619", + "description": "Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. The issue was that an attacker could potentially force an administrator to click on a malicious link to perform unauthorized actions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1619" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--feacf238-6d5c-4723-a7c3-92afd1cfe43b.json b/objects/vulnerability/vulnerability--feacf238-6d5c-4723-a7c3-92afd1cfe43b.json new file mode 100644 index 00000000000..5043de9c064 --- /dev/null +++ b/objects/vulnerability/vulnerability--feacf238-6d5c-4723-a7c3-92afd1cfe43b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c80e2194-b95f-4b25-958b-7c1eb34a573b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--feacf238-6d5c-4723-a7c3-92afd1cfe43b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-03-01T00:30:49.273799Z", + "modified": "2024-03-01T00:30:49.273799Z", + "name": "CVE-2024-26617", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/proc/task_mmu: move mmu notification mechanism inside mm lock\n\nMove mmu notification mechanism inside mm lock to prevent race condition\nin other components which depend on it. The notifier will invalidate\nmemory range. Depending upon the number of iterations, different memory\nranges would be invalidated.\n\nThe following warning would be removed by this patch:\nWARNING: CPU: 0 PID: 5067 at arch/x86/kvm/../../../virt/kvm/kvm_main.c:734 kvm_mmu_notifier_change_pte+0x860/0x960 arch/x86/kvm/../../../virt/kvm/kvm_main.c:734\n\nThere is no behavioural and performance change with this patch when\nthere is no component registered with the mmu notifier.\n\n[akpm@linux-foundation.org: narrow the scope of `range', per Sean]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-26617" + } + ] + } + ] +} \ No newline at end of file