generated content from 2025-01-23

mapping.csv

@@ -264893,3 +264893,26 @@ vulnerability,CVE-2025-20128,vulnerability--c149c9d5-3d43-464d-8537-d1647790485c
 vulnerability,CVE-2025-20165,vulnerability--5ec1ac77-f44a-4544-b6a1-52d4e3226bfa
 vulnerability,CVE-2025-20617,vulnerability--afcc42c4-8a95-4f1e-b441-1198855a54fd
 vulnerability,CVE-2025-20156,vulnerability--926f300a-a0ab-4ace-be84-94538df7d81c
+vulnerability,CVE-2024-45672,vulnerability--b7a45c9a-5802-4200-bd47-0242eac604b0
+vulnerability,CVE-2024-57912,vulnerability--4998c556-ee7a-4c11-8ff6-ade29aac4707
+vulnerability,CVE-2024-57908,vulnerability--796e7faf-fcbc-4d51-803a-5ba11d690ccf
+vulnerability,CVE-2024-57911,vulnerability--5579ba6d-6ce2-480c-8ac6-449dbc7f4e02
+vulnerability,CVE-2024-57906,vulnerability--e2bae1e4-a2dc-47dc-9f9c-b39abcc4e065
+vulnerability,CVE-2024-57913,vulnerability--f91afdc9-2955-4104-b206-fa36e01c03a9
+vulnerability,CVE-2024-57922,vulnerability--bb862c0d-e531-424e-961e-e468633ae784
+vulnerability,CVE-2024-57915,vulnerability--5d98ba84-da41-4452-a021-16fd0898842b
+vulnerability,CVE-2024-57904,vulnerability--7da8b6f9-0c4b-42f7-9dc7-b1783cb7bfb4
+vulnerability,CVE-2024-57907,vulnerability--3fb97f38-7269-4091-9eef-86ddb198bb63
+vulnerability,CVE-2024-57917,vulnerability--4e26c556-b9a3-4c4c-b925-02bab9c6dfe1
+vulnerability,CVE-2024-57910,vulnerability--f4a83c21-b2e2-4185-89ac-39409191284f
+vulnerability,CVE-2024-55925,vulnerability--bf58e788-d4d9-4570-a44f-75c99de36e40
+vulnerability,CVE-2024-55928,vulnerability--2fd1ac5c-9ec5-4d5a-bb76-fbb08c52c4e4
+vulnerability,CVE-2024-55927,vulnerability--00cc1a57-5a68-4391-a843-b6b16b11f800
+vulnerability,CVE-2024-55929,vulnerability--83e790de-c0ae-4902-8a48-c82eed075d7c
+vulnerability,CVE-2024-55926,vulnerability--901732bf-a165-4756-8dd1-ea7210136f16
+vulnerability,CVE-2024-55930,vulnerability--9cbe1fb8-b85a-4c29-9ba3-403ff2c4103f
+vulnerability,CVE-2025-22153,vulnerability--395da076-0e6f-4960-9f66-e46c80c06a53
+vulnerability,CVE-2025-23227,vulnerability--61c48d30-26d6-4b5c-b296-d539241cad44
+vulnerability,CVE-2025-24034,vulnerability--36207490-f528-4b2f-9d14-203625dd40c1
+vulnerability,CVE-2025-24033,vulnerability--4f589dd2-6614-488f-b30c-57bb15ced5b3
+vulnerability,CVE-2025-24353,vulnerability--85dcd26b-842f-47c3-93e5-152daed37a30

objects/vulnerability/vulnerability--00cc1a57-5a68-4391-a843-b6b16b11f800.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--1a3ddced-8853-4535-a06e-c1bdf68e9fdd",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--00cc1a57-5a68-4391-a843-b6b16b11f800",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2025-01-23T18:26:28.803784Z",
+            "modified": "2025-01-23T18:26:28.803784Z",
+            "name": "CVE-2024-55927",
+            "description": "Flawed token generation implementation & Hard-coded key implementation",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-55927"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--2fd1ac5c-9ec5-4d5a-bb76-fbb08c52c4e4.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--fc6b32ff-cf79-4093-ac2d-9b914333c271",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--2fd1ac5c-9ec5-4d5a-bb76-fbb08c52c4e4",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2025-01-23T18:26:28.790278Z",
+            "modified": "2025-01-23T18:26:28.790278Z",
+            "name": "CVE-2024-55928",
+            "description": "Clear text secrets returned & Remote system secrets in clear text",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-55928"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--36207490-f528-4b2f-9d14-203625dd40c1.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--84f5b6f4-f282-476f-a73e-395f2cf13bab",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--36207490-f528-4b2f-9d14-203625dd40c1",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2025-01-23T18:26:37.698105Z",
+            "modified": "2025-01-23T18:26:37.698105Z",
+            "name": "CVE-2025-24034",
+            "description": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially exposing sensitive authentication data. Similarly, Kerberos Ticket-Granting Tickets (TGTs) are logged when debug logging is enabled. Both issues pose a risk of exposing sensitive credentials, particularly in environments where debug logging is enabled. Himmelblau versions 0.7.15 and 0.8.3 contain a patch that fixes both issues. Some workarounds are available for users who are unable to upgrade. For the **logon compliance script issue**, disable the `logon_script` option in `/etc/himmelblau/himmelblau.conf`, and avoid using the `-d` flag when starting the `himmelblaud` daemon. For the Kerberos CCache issue, one may disable debug logging globally by setting the `debug` option in `/etc/himmelblau/himmelblau.conf` to `false` and avoiding the `-d` parameter when starting `himmelblaud`.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2025-24034"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--395da076-0e6f-4960-9f66-e46c80c06a53.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--5f831a57-c2a5-4d4c-97b7-b0bfd0b6fe42",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--395da076-0e6f-4960-9f66-e46c80c06a53",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2025-01-23T18:26:37.597521Z",
+            "modified": "2025-01-23T18:26:37.597521Z",
+            "name": "CVE-2025-22153",
+            "description": "RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using `try/except*`, RestrictedPython starting in version 6.0 and prior to version 8.0 could be bypassed. The issue is patched in version 8.0 of RestrictedPython by removing support for `try/except*` clauses. No known workarounds are available.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2025-22153"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--3fb97f38-7269-4091-9eef-86ddb198bb63.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--e5b67e10-ea39-42c7-b8f7-71e1aae7e6bb",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--3fb97f38-7269-4091-9eef-86ddb198bb63",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2025-01-23T18:26:27.681468Z",
+            "modified": "2025-01-23T18:26:27.681468Z",
+            "name": "CVE-2024-57907",
+            "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: rockchip_saradc: fix information leak in triggered buffer\n\nThe 'data' local struct is used to push data to user space from a\ntriggered buffer, but it does not set values for inactive channels, as\nit only uses iio_for_each_active_channel() to assign new values.\n\nInitialize the struct to zero before using it to avoid pushing\nuninitialized information to userspace.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-57907"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--4998c556-ee7a-4c11-8ff6-ade29aac4707.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--45e11f18-f4ab-4760-b090-9e62a62cdafc",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--4998c556-ee7a-4c11-8ff6-ade29aac4707",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2025-01-23T18:26:27.641366Z",
+            "modified": "2025-01-23T18:26:27.641366Z",
+            "name": "CVE-2024-57912",
+            "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: pressure: zpa2326: fix information leak in triggered buffer\n\nThe 'sample' local struct is used to push data to user space from a\ntriggered buffer, but it has a hole between the temperature and the\ntimestamp (u32 pressure, u16 temperature, GAP, u64 timestamp).\nThis hole is never initialized.\n\nInitialize the struct to zero before using it to avoid pushing\nuninitialized information to userspace.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-57912"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--4e26c556-b9a3-4c4c-b925-02bab9c6dfe1.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--04b9f4c6-7c2b-4cb4-9f66-fcaa32867c48",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--4e26c556-b9a3-4c4c-b925-02bab9c6dfe1",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2025-01-23T18:26:27.682958Z",
+            "modified": "2025-01-23T18:26:27.682958Z",
+            "name": "CVE-2024-57917",
+            "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntopology: Keep the cpumask unchanged when printing cpumap\n\nDuring fuzz testing, the following warning was discovered:\n\n different return values (15 and 11) from vsnprintf(\"%*pbl\n \", ...)\n\n test:keyward is WARNING in kvasprintf\n WARNING: CPU: 55 PID: 1168477 at lib/kasprintf.c:30 kvasprintf+0x121/0x130\n Call Trace:\n  kvasprintf+0x121/0x130\n  kasprintf+0xa6/0xe0\n  bitmap_print_to_buf+0x89/0x100\n  core_siblings_list_read+0x7e/0xb0\n  kernfs_file_read_iter+0x15b/0x270\n  new_sync_read+0x153/0x260\n  vfs_read+0x215/0x290\n  ksys_read+0xb9/0x160\n  do_syscall_64+0x56/0x100\n  entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\nThe call trace shows that kvasprintf() reported this warning during the\nprinting of core_siblings_list. kvasprintf() has several steps:\n\n (1) First, calculate the length of the resulting formatted string.\n\n (2) Allocate a buffer based on the returned length.\n\n (3) Then, perform the actual string formatting.\n\n (4) Check whether the lengths of the formatted strings returned in\n     steps (1) and (2) are consistent.\n\nIf the core_cpumask is modified between steps (1) and (3), the lengths\nobtained in these two steps may not match. Indeed our test includes cpu\nhotplugging, which should modify core_cpumask while printing.\n\nTo fix this issue, cache the cpumask into a temporary variable before\ncalling cpumap_print_{list, cpumask}_to_buf(), to keep it unchanged\nduring the printing process.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-57917"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--4f589dd2-6614-488f-b30c-57bb15ced5b3.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--0fcbf9c5-31fb-45b1-a3d1-64c2966579d3",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--4f589dd2-6614-488f-b30c-57bb15ced5b3",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2025-01-23T18:26:37.70382Z",
+            "modified": "2025-01-23T18:26:37.70382Z",
+            "name": "CVE-2025-24033",
+            "description": "@fastify/multipart is a Fastify plugin for parsing the multipart content-type. Prior to versions 8.3.1 and 9.0.3, the `saveRequestFiles` function does not delete the uploaded temporary files when user cancels the request. The issue is fixed in versions 8.3.1 and 9.0.3. As a workaround, do not use `saveRequestFiles`.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2025-24033"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--5579ba6d-6ce2-480c-8ac6-449dbc7f4e02.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--35e9b573-e952-4142-82ba-1178dbb1a320",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--5579ba6d-6ce2-480c-8ac6-449dbc7f4e02",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2025-01-23T18:26:27.653856Z",
+            "modified": "2025-01-23T18:26:27.653856Z",
+            "name": "CVE-2024-57911",
+            "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer\n\nThe 'data' array is allocated via kmalloc() and it is used to push data\nto user space from a triggered buffer, but it does not set values for\ninactive channels, as it only uses iio_for_each_active_channel()\nto assign new values.\n\nUse kzalloc for the memory allocation to avoid pushing uninitialized\ninformation to userspace.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-57911"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--5d98ba84-da41-4452-a021-16fd0898842b.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--85b062b2-45a1-4882-8544-6a205d1d130b",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--5d98ba84-da41-4452-a021-16fd0898842b",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2025-01-23T18:26:27.668884Z",
+            "modified": "2025-01-23T18:26:27.668884Z",
+            "name": "CVE-2024-57915",
+            "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null\n\nConsidering that in some extreme cases, when performing the\nunbinding operation, gserial_disconnect has cleared gser->ioport,\nwhich triggers gadget reconfiguration, and then calls gs_read_complete,\nresulting in access to a null pointer. Therefore, ep is disabled before\ngserial_disconnect sets port to null to prevent this from happening.\n\nCall trace:\n gs_read_complete+0x58/0x240\n usb_gadget_giveback_request+0x40/0x160\n dwc3_remove_requests+0x170/0x484\n dwc3_ep0_out_start+0xb0/0x1d4\n __dwc3_gadget_start+0x25c/0x720\n kretprobe_trampoline.cfi_jt+0x0/0x8\n kretprobe_trampoline.cfi_jt+0x0/0x8\n udc_bind_to_driver+0x1d8/0x300\n usb_gadget_probe_driver+0xa8/0x1dc\n gadget_dev_desc_UDC_store+0x13c/0x188\n configfs_write_iter+0x160/0x1f4\n vfs_write+0x2d0/0x40c\n ksys_write+0x7c/0xf0\n __arm64_sys_write+0x20/0x30\n invoke_syscall+0x60/0x150\n el0_svc_common+0x8c/0xf8\n do_el0_svc+0x28/0xa0\n el0_svc+0x24/0x84",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-57915"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--61c48d30-26d6-4b5c-b296-d539241cad44.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--fbba603f-8c2f-478b-874d-04ef4cf78a03",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--61c48d30-26d6-4b5c-b296-d539241cad44",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2025-01-23T18:26:37.679142Z",
+            "modified": "2025-01-23T18:26:37.679142Z",
+            "name": "CVE-2025-23227",
+            "description": "IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2025-23227"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--796e7faf-fcbc-4d51-803a-5ba11d690ccf.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--4c060e64-3bb4-411a-9a41-c0b8c0ce00f7",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--796e7faf-fcbc-4d51-803a-5ba11d690ccf",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2025-01-23T18:26:27.651018Z",
+            "modified": "2025-01-23T18:26:27.651018Z",
+            "name": "CVE-2024-57908",
+            "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: imu: kmx61: fix information leak in triggered buffer\n\nThe 'buffer' local array is used to push data to user space from a\ntriggered buffer, but it does not set values for inactive channels, as\nit only uses iio_for_each_active_channel() to assign new values.\n\nInitialize the array to zero before using it to avoid pushing\nuninitialized information to userspace.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-57908"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--7da8b6f9-0c4b-42f7-9dc7-b1783cb7bfb4.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--668570dd-b9ab-4549-8d38-7bdc71df9ac1",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--7da8b6f9-0c4b-42f7-9dc7-b1783cb7bfb4",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2025-01-23T18:26:27.670601Z",
+            "modified": "2025-01-23T18:26:27.670601Z",
+            "name": "CVE-2024-57904",
+            "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: at91: call input_free_device() on allocated iio_dev\n\nCurrent implementation of at91_ts_register() calls input_free_deivce()\non st->ts_input, however, the err label can be reached before the\nallocated iio_dev is stored to st->ts_input. Thus call\ninput_free_device() on input instead of st->ts_input.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-57904"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--83e790de-c0ae-4902-8a48-c82eed075d7c.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--9501c41e-600f-4a7d-a2b5-5b2d279db46f",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--83e790de-c0ae-4902-8a48-c82eed075d7c",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2025-01-23T18:26:28.808613Z",
+            "modified": "2025-01-23T18:26:28.808613Z",
+            "name": "CVE-2024-55929",
+            "description": "Mail spoofing",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-55929"
+                }
+            ]
+        }
+    ]
+}