-
Notifications
You must be signed in to change notification settings - Fork 39
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
51cba79
commit b55cd68
Showing
132 changed files
with
3,013 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--04d9cf9c-e048-46c5-9732-7e6f8b7f2132.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--4a858081-c9fd-4c8b-9115-0b5c70e44a30", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--04d9cf9c-e048-46c5-9732-7e6f8b7f2132", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-08-23T00:18:38.556601Z", | ||
| "modified": "2024-08-23T00:18:38.556601Z", | ||
| "name": "CVE-2024-43790", | ||
| "description": "Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689.", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2024-43790" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--0664f910-385e-424f-b1b2-3d4426feb71a.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--0d95ca34-49da-4580-9834-410cb67fec3f", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--0664f910-385e-424f-b1b2-3d4426feb71a", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-08-23T00:18:38.292793Z", | ||
| "modified": "2024-08-23T00:18:38.292793Z", | ||
| "name": "CVE-2024-7848", | ||
| "description": "The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpk_upvf_update_doc' due to missing validation on the 'docid' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to gain access to other user's private files.", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2024-7848" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--06744872-dd45-4215-b11b-eea73b86186b.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--8551c352-0fde-4e12-9899-6e72658eded9", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--06744872-dd45-4215-b11b-eea73b86186b", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-08-23T00:18:38.294685Z", | ||
| "modified": "2024-08-23T00:18:38.294685Z", | ||
| "name": "CVE-2024-7778", | ||
| "description": "The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.10.36 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2024-7778" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--098f9d7c-1a0b-4ab2-babb-bbcffa9659a9.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--7e237219-f8b9-45db-b610-f59d88da2e7c", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--098f9d7c-1a0b-4ab2-babb-bbcffa9659a9", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-08-23T00:18:25.244372Z", | ||
| "modified": "2024-08-23T00:18:25.244372Z", | ||
| "name": "CVE-2022-48910", | ||
| "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv6: ensure we call ipv6_mc_down() at most once\n\nThere are two reasons for addrconf_notify() to be called with NETDEV_DOWN:\neither the network device is actually going down, or IPv6 was disabled\non the interface.\n\nIf either of them stays down while the other is toggled, we repeatedly\ncall the code for NETDEV_DOWN, including ipv6_mc_down(), while never\ncalling the corresponding ipv6_mc_up() in between. This will cause a\nnew entry in idev->mc_tomb to be allocated for each multicast group\nthe interface is subscribed to, which in turn leaks one struct ifmcaddr6\nper nontrivial multicast group the interface is subscribed to.\n\nThe following reproducer will leak at least $n objects:\n\nip addr add ff2e::4242/32 dev eth0 autojoin\nsysctl -w net.ipv6.conf.eth0.disable_ipv6=1\nfor i in $(seq 1 $n); do\n\tip link set up eth0; ip link set down eth0\ndone\n\nJoining groups with IPV6_ADD_MEMBERSHIP (unprivileged) or setting the\nsysctl net.ipv6.conf.eth0.forwarding to 1 (=> subscribing to ff02::2)\ncan also be used to create a nontrivial idev->mc_list, which will the\nleak objects with the right up-down-sequence.\n\nBased on both sources for NETDEV_DOWN events the interface IPv6 state\nshould be considered:\n\n - not ready if the network interface is not ready OR IPv6 is disabled\n for it\n - ready if the network interface is ready AND IPv6 is enabled for it\n\nThe functions ipv6_mc_up() and ipv6_down() should only be run when this\nstate changes.\n\nImplement this by remembering when the IPv6 state is ready, and only\nrun ipv6_mc_down() if it actually changed from ready to not ready.\n\nThe other direction (not ready -> ready) already works correctly, as:\n\n - the interface notification triggered codepath for NETDEV_UP /\n NETDEV_CHANGE returns early if ipv6 is disabled, and\n - the disable_ipv6=0 triggered codepath skips fully initializing the\n interface as long as addrconf_link_ready(dev) returns false\n - calling ipv6_mc_up() repeatedly does not leak anything", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2022-48910" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--0b02302d-a98e-46d9-8b1b-9c4b15416ae6.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--b812a688-6a0b-4d9f-b5de-d171b2394310", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--0b02302d-a98e-46d9-8b1b-9c4b15416ae6", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-08-23T00:18:25.176054Z", | ||
| "modified": "2024-08-23T00:18:25.176054Z", | ||
| "name": "CVE-2022-48939", | ||
| "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Add schedule points in batch ops\n\nsyzbot reported various soft lockups caused by bpf batch operations.\n\n INFO: task kworker/1:1:27 blocked for more than 140 seconds.\n INFO: task hung in rcu_barrier\n\nNothing prevents batch ops to process huge amount of data,\nwe need to add schedule points in them.\n\nNote that maybe_wait_bpf_programs(map) calls from\ngeneric_map_delete_batch() can be factorized by moving\nthe call after the loop.\n\nThis will be done later in -next tree once we get this fix merged,\nunless there is strong opinion doing this optimization sooner.", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2022-48939" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
Oops, something went wrong.