CWE-390
Detection of Error Condition Without Action
The product detects a specific error, but takes no actions to handle the error.
CVE-2017-7485 (GCVE-0-2017-7485)
Vulnerability from cvelistv5 – Published: 2017-05-12 19:00 – Updated: 2024-08-05 16:04
VLAI?
Summary
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The PostgreSQL Global Development Group | PostgreSQL |
Affected:
9.3 - 9.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038476",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038476"
},
{
"name": "DSA-3851",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3851"
},
{
"name": "RHSA-2017:2425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2425"
},
{
"name": "RHSA-2017:1678",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1678"
},
{
"name": "RHSA-2017:1677",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1677"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.postgresql.org/about/news/1746/"
},
{
"name": "RHSA-2017:1838",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1838"
},
{
"name": "98461",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98461"
},
{
"name": "GLSA-201710-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PostgreSQL",
"vendor": "The PostgreSQL Global Development Group",
"versions": [
{
"status": "affected",
"version": "9.3 - 9.6"
}
]
}
],
"datePublic": "2017-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-390",
"description": "CWE-390",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1038476",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038476"
},
{
"name": "DSA-3851",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3851"
},
{
"name": "RHSA-2017:2425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2425"
},
{
"name": "RHSA-2017:1678",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1678"
},
{
"name": "RHSA-2017:1677",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1677"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.postgresql.org/about/news/1746/"
},
{
"name": "RHSA-2017:1838",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1838"
},
{
"name": "98461",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98461"
},
{
"name": "GLSA-201710-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PostgreSQL",
"version": {
"version_data": [
{
"version_value": "9.3 - 9.6"
}
]
}
}
]
},
"vendor_name": "The PostgreSQL Global Development Group"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-390"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038476",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038476"
},
{
"name": "DSA-3851",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3851"
},
{
"name": "RHSA-2017:2425",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2425"
},
{
"name": "RHSA-2017:1678",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1678"
},
{
"name": "RHSA-2017:1677",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1677"
},
{
"name": "https://www.postgresql.org/about/news/1746/",
"refsource": "CONFIRM",
"url": "https://www.postgresql.org/about/news/1746/"
},
{
"name": "RHSA-2017:1838",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1838"
},
{
"name": "98461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98461"
},
{
"name": "GLSA-201710-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7485",
"datePublished": "2017-05-12T19:00:00",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-08-05T16:04:11.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5051 (GCVE-0-2019-5051)
Vulnerability from cvelistv5 – Published: 2019-07-03 18:43 – Updated: 2024-08-04 19:47
VLAI?
Summary
An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- CWE-390 - Detection of Error Condition Without Action
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Simple DirectMedia |
Affected:
Simple DirectMedia Layer SDL2_image 2.0.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:55.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
},
{
"name": "openSUSE-SU-2019:2070",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
},
{
"name": "openSUSE-SU-2019:2108",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html"
},
{
"name": "USN-4238-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4238-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0820"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Simple DirectMedia",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Simple DirectMedia Layer SDL2_image 2.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-390",
"description": "CWE-390: Detection of Error Condition Without Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:33:25",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
},
{
"name": "openSUSE-SU-2019:2070",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
},
{
"name": "openSUSE-SU-2019:2108",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html"
},
{
"name": "USN-4238-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4238-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0820"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2019-5051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simple DirectMedia",
"version": {
"version_data": [
{
"version_value": "Simple DirectMedia Layer SDL2_image 2.0.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-390: Detection of Error Condition Without Action"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
},
{
"name": "openSUSE-SU-2019:2070",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
},
{
"name": "openSUSE-SU-2019:2108",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html"
},
{
"name": "USN-4238-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4238-1/"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0820",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0820"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2019-5051",
"datePublished": "2019-07-03T18:43:48",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:55.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40391 (GCVE-0-2021-40391)
Vulnerability from cvelistv5 – Published: 2021-11-19 18:53 – Updated: 2024-08-04 02:44
VLAI?
Summary
An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
Severity ?
10 (Critical)
CWE
- CWE-390 - Detection of Error Condition Without Action
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:44:09.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402"
},
{
"name": "[debian-lts-announce] 20211203 [SECURITY] [DLA 2839-1] gerbv security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00003.html"
},
{
"name": "FEDORA-2022-4a3ef86baa",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Gerbv",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Gerbv 2.7.0 , Gerbv dev (commit b5f1eacd) ,Gerbv forked dev (commit 71493260)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-390",
"description": "CWE-390: Detection of Error Condition Without Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-09T03:06:21",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402"
},
{
"name": "[debian-lts-announce] 20211203 [SECURITY] [DLA 2839-1] gerbv security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00003.html"
},
{
"name": "FEDORA-2022-4a3ef86baa",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2021-40391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gerbv",
"version": {
"version_data": [
{
"version_value": "Gerbv 2.7.0 , Gerbv dev (commit b5f1eacd) ,Gerbv forked dev (commit 71493260)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 10,
"baseSeverity": null,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-390: Detection of Error Condition Without Action"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402"
},
{
"name": "[debian-lts-announce] 20211203 [SECURITY] [DLA 2839-1] gerbv security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00003.html"
},
{
"name": "FEDORA-2022-4a3ef86baa",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2021-40391",
"datePublished": "2021-11-19T18:53:49",
"dateReserved": "2021-09-01T00:00:00",
"dateUpdated": "2024-08-04T02:44:09.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11942 (GCVE-0-2024-11942)
Vulnerability from cvelistv5 – Published: 2024-12-05 14:42 – Updated: 2024-12-05 15:41
VLAI?
Title
Drupal core - Moderately critical - Improper error handling - SA-CORE-2024-002
Summary
A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10.
Severity ?
5.9 (Medium)
CWE
- CWE-390 - Detection of Error Condition Without Action
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Drupal | Drupal Core |
Affected:
10.0.0 , < 10.2.10
(semver)
|
Credits
Pierre Rudloff
catch
Lee Rowlands
Benji Fisher
Kim Pepper
Wim Leers
xjm
Dave Long
Juraj Nemec
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:drupal:drupal_core:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "drupal_core",
"vendor": "drupal",
"versions": [
{
"lessThan": "10.2.10",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-11942",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T15:32:51.782373Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T15:41:56.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/drupal",
"defaultStatus": "unaffected",
"product": "Drupal Core",
"vendor": "Drupal",
"versions": [
{
"lessThan": "10.2.10",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pierre Rudloff"
},
{
"lang": "en",
"type": "remediation developer",
"value": "catch"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lee Rowlands"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Benji Fisher"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Kim Pepper"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Wim Leers"
},
{
"lang": "en",
"type": "remediation developer",
"value": "xjm"
},
{
"lang": "en",
"type": "coordinator",
"value": "Dave Long"
},
{
"lang": "en",
"type": "coordinator",
"value": "Juraj Nemec"
}
],
"datePublic": "2024-10-17T00:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in Drupal Core allows File Manipulation.\u003cp\u003eThis issue affects Drupal Core: from 10.0.0 before 10.2.10.\u003c/p\u003e"
}
],
"value": "A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10."
}
],
"impacts": [
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-390",
"description": "CWE-390 Detection of Error Condition Without Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T14:42:07.812Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-core-2024-002"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Drupal core - Moderately critical - Improper error handling - SA-CORE-2024-002",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2024-11942",
"datePublished": "2024-12-05T14:42:07.812Z",
"dateReserved": "2024-11-27T23:16:49.385Z",
"dateUpdated": "2024-12-05T15:41:56.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12086 (GCVE-0-2024-12086)
Vulnerability from cvelistv5 – Published: 2025-01-14 17:37 – Updated: 2025-11-06 21:50
VLAI?
Title
Rsync: rsync server leaks arbitrary client files
Summary
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.
Severity ?
6.1 (Medium)
CWE
- CWE-390 - Detection of Error Condition Without Action
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Affected:
0 , ≤ 3.3.0
(semver)
|
||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12086",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T14:14:25.165183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T14:20:53.620Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:52:14.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250131-0002/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html"
},
{
"url": "https://www.kb.cert.org/vuls/id/952657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/RsyncProject/rsync",
"defaultStatus": "unaffected",
"packageName": "rsync",
"versions": [
{
"lessThanOrEqual": "3.3.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue."
}
],
"datePublic": "2025-01-14T15:06:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client\u0027s machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-390",
"description": "Detection of Error Condition Without Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T21:50:27.844Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-12086"
},
{
"name": "RHBZ#2330577",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330577"
},
{
"url": "https://kb.cert.org/vuls/id/952657"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-05T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-01-14T15:06:00+00:00",
"value": "Made public."
}
],
"title": "Rsync: rsync server leaks arbitrary client files",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-390: Detection of Error Condition Without Action"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-12086",
"datePublished": "2025-01-14T17:37:54.960Z",
"dateReserved": "2024-12-03T08:57:58.397Z",
"dateUpdated": "2025-11-06T21:50:27.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-20316 (GCVE-0-2024-20316)
Vulnerability from cvelistv5 – Published: 2024-03-27 16:49 – Updated: 2024-08-01 21:59
VLAI?
Summary
A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL).
This vulnerability is due to improper handling of error conditions when a successfully authorized device administrator updates an IPv4 ACL using the NETCONF or RESTCONF protocol, and the update would reorder access control entries (ACEs) in the updated ACL. An attacker could exploit this vulnerability by accessing resources that should have been protected across an affected device.
Severity ?
5.8 (Medium)
CWE
- CWE-390 - Detection of Error Condition Without Action
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XE Software |
Affected:
16.3.1
Affected: 16.3.2 Affected: 16.3.3 Affected: 16.3.1a Affected: 16.3.4 Affected: 16.3.5 Affected: 16.3.5b Affected: 16.3.6 Affected: 16.3.7 Affected: 16.3.8 Affected: 16.3.9 Affected: 16.3.10 Affected: 16.3.11 Affected: 16.4.1 Affected: 16.4.2 Affected: 16.4.3 Affected: 16.5.1 Affected: 16.5.1a Affected: 16.5.1b Affected: 16.5.2 Affected: 16.5.3 Affected: 16.6.1 Affected: 16.6.2 Affected: 16.6.3 Affected: 16.6.4 Affected: 16.6.5 Affected: 16.6.4a Affected: 16.6.5a Affected: 16.6.6 Affected: 16.6.7 Affected: 16.6.8 Affected: 16.6.9 Affected: 16.6.10 Affected: 16.7.1 Affected: 16.7.2 Affected: 16.7.3 Affected: 16.8.1 Affected: 16.8.1a Affected: 16.8.1b Affected: 16.8.1s Affected: 16.8.1c Affected: 16.8.2 Affected: 16.8.3 Affected: 16.9.1 Affected: 16.9.2 Affected: 16.9.1a Affected: 16.9.1b Affected: 16.9.1s Affected: 16.9.3 Affected: 16.9.4 Affected: 16.9.3a Affected: 16.9.5 Affected: 16.9.5f Affected: 16.9.6 Affected: 16.9.7 Affected: 16.9.8 Affected: 16.10.1 Affected: 16.10.1a Affected: 16.10.1b Affected: 16.10.1s Affected: 16.10.1e Affected: 16.10.2 Affected: 16.10.3 Affected: 16.11.1 Affected: 16.11.1a Affected: 16.11.1b Affected: 16.11.2 Affected: 16.11.1s Affected: 16.12.1 Affected: 16.12.1s Affected: 16.12.1a Affected: 16.12.1c Affected: 16.12.2 Affected: 16.12.2a Affected: 16.12.3 Affected: 16.12.8 Affected: 16.12.2s Affected: 16.12.1t Affected: 16.12.4 Affected: 16.12.3s Affected: 16.12.3a Affected: 16.12.4a Affected: 16.12.5 Affected: 16.12.6 Affected: 16.12.5a Affected: 16.12.5b Affected: 16.12.6a Affected: 16.12.7 Affected: 16.12.9 Affected: 16.12.10 Affected: 16.12.10a Affected: 16.12.11 Affected: 17.1.1 Affected: 17.1.1a Affected: 17.1.1s Affected: 17.1.1t Affected: 17.1.3 Affected: 17.2.1 Affected: 17.2.1r Affected: 17.2.1a Affected: 17.2.1v Affected: 17.2.2 Affected: 17.2.3 Affected: 17.3.1 Affected: 17.3.2 Affected: 17.3.3 Affected: 17.3.1a Affected: 17.3.2a Affected: 17.3.4 Affected: 17.3.5 Affected: 17.3.4a Affected: 17.3.6 Affected: 17.3.4b Affected: 17.3.4c Affected: 17.3.5a Affected: 17.3.5b Affected: 17.3.7 Affected: 17.3.8 Affected: 17.3.8a Affected: 17.4.1 Affected: 17.4.2 Affected: 17.4.1a Affected: 17.4.1b Affected: 17.4.2a Affected: 17.5.1 Affected: 17.5.1a Affected: 17.6.1 Affected: 17.6.2 Affected: 17.6.1a Affected: 17.6.3 Affected: 17.6.3a Affected: 17.6.4 Affected: 17.6.5 Affected: 17.6.6 Affected: 17.6.6a Affected: 17.6.5a Affected: 17.7.1 Affected: 17.7.1a Affected: 17.7.1b Affected: 17.7.2 Affected: 17.10.1 Affected: 17.10.1a Affected: 17.10.1b Affected: 17.8.1 Affected: 17.8.1a Affected: 17.9.1 Affected: 17.9.2 Affected: 17.9.1a Affected: 17.9.3 Affected: 17.9.2a Affected: 17.9.3a Affected: 17.9.4 Affected: 17.9.4a Affected: 17.11.1 Affected: 17.11.1a Affected: 17.12.1 Affected: 17.12.1a Affected: 17.12.2 Affected: 17.12.2a Affected: 17.11.99SW |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.3.2:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.3.3:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.3.1a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.3.4:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.3.5:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.3.5b:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.3.6:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.3.7:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.3.8:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.3.9:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.3.10:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.3.11:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.5.1a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.5.1b:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.5.2:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.5.3:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.6.1:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.6.2:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.6.3:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.6.4:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.6.5:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.6.4a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.6.5a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.6.6:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.6.7:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.6.8:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.6.9:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.6.10:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.7.1:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.7.2:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.7.3:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.8.1:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.8.1a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.8.1b:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.8.1s:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.8.1c:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.8.2:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.8.3:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.9.1:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.9.2:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.9.1a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.9.1b:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.9.1s:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.9.3:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.9.4:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.9.3a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.9.5:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.9.5f:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.9.6:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.9.7:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.9.8:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.10.1:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.10.1a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.10.1b:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.10.1s:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.10.1e:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.10.2:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.10.3:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.11.2:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.11.1s:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.12.2:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.12.2a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.12.3:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.12.8:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.12.2s:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.12.4:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.12.3s:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.12.3a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.12.4a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.12.5:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.12.6:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.12.5a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.12.5b:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.12.6a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.12.7:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.12.9:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.12.10:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.12.10a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:16.12.11:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.1.1a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.1.1s:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.1.1t:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.2.1r:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.2.1a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.2.1v:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.3.1:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.3.2:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.3.3:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.3.1a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.3.2a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.3.4:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.3.5:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.3.4a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.3.6:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.3.4b:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.3.4c:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.3.5a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.3.5b:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.3.7:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.3.8:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.3.8a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.4.1a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.4.1b:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.4.2a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.5.1:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.5.1a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.6.1:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.6.2:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.6.1a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.6.3:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.6.3a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.6.4:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.6.5:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.6.6:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.6.6a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.6.5a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.7.1:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.7.1a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.7.1b:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.7.2:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.10.1:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.10.1a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.10.1b:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.8.1:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.8.1a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.9.1:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.9.2:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.9.1a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.9.3:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.9.2a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.9.3a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.9.4:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.9.4a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.11.1:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.11.1a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.12.1:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.12.1a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.12.2:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.12.2a:*:*:*:*:*:*:*",
"cpe:2.3:o:cisco:ios_xe:17.11.99SW:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios_xe",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "16.3.1"
},
{
"status": "affected",
"version": "16.3.2"
},
{
"status": "affected",
"version": "16.3.3"
},
{
"status": "affected",
"version": "16.3.1a"
},
{
"status": "affected",
"version": "16.3.4"
},
{
"status": "affected",
"version": "16.3.5"
},
{
"status": "affected",
"version": "16.3.5b"
},
{
"status": "affected",
"version": "16.3.6"
},
{
"status": "affected",
"version": "16.3.7"
},
{
"status": "affected",
"version": "16.3.8"
},
{
"status": "affected",
"version": "16.3.9"
},
{
"status": "affected",
"version": "16.3.10"
},
{
"status": "affected",
"version": "16.3.11"
},
{
"status": "affected",
"version": "16.4.1"
},
{
"status": "affected",
"version": "16.4.2"
},
{
"status": "affected",
"version": "16.4.3"
},
{
"status": "affected",
"version": "16.5.1"
},
{
"status": "affected",
"version": "16.5.1a"
},
{
"status": "affected",
"version": "16.5.1b"
},
{
"status": "affected",
"version": "16.5.2"
},
{
"status": "affected",
"version": "16.5.3"
},
{
"status": "affected",
"version": "16.6.1"
},
{
"status": "affected",
"version": "16.6.2"
},
{
"status": "affected",
"version": "16.6.3"
},
{
"status": "affected",
"version": "16.6.4"
},
{
"status": "affected",
"version": "16.6.5"
},
{
"status": "affected",
"version": "16.6.4a"
},
{
"status": "affected",
"version": "16.6.5a"
},
{
"status": "affected",
"version": "16.6.6"
},
{
"status": "affected",
"version": "16.6.7"
},
{
"status": "affected",
"version": "16.6.8"
},
{
"status": "affected",
"version": "16.6.9"
},
{
"status": "affected",
"version": "16.6.10"
},
{
"status": "affected",
"version": "16.7.1"
},
{
"status": "affected",
"version": "16.7.2"
},
{
"status": "affected",
"version": "16.7.3"
},
{
"status": "affected",
"version": "16.8.1"
},
{
"status": "affected",
"version": "16.8.1a"
},
{
"status": "affected",
"version": "16.8.1b"
},
{
"status": "affected",
"version": "16.8.1s"
},
{
"status": "affected",
"version": "16.8.1c"
},
{
"status": "affected",
"version": "16.8.2"
},
{
"status": "affected",
"version": "16.8.3"
},
{
"status": "affected",
"version": "16.9.1"
},
{
"status": "affected",
"version": "16.9.2"
},
{
"status": "affected",
"version": "16.9.1a"
},
{
"status": "affected",
"version": "16.9.1b"
},
{
"status": "affected",
"version": "16.9.1s"
},
{
"status": "affected",
"version": "16.9.3"
},
{
"status": "affected",
"version": "16.9.4"
},
{
"status": "affected",
"version": "16.9.3a"
},
{
"status": "affected",
"version": "16.9.5"
},
{
"status": "affected",
"version": "16.9.5f"
},
{
"status": "affected",
"version": "16.9.6"
},
{
"status": "affected",
"version": "16.9.7"
},
{
"status": "affected",
"version": "16.9.8"
},
{
"status": "affected",
"version": "16.10.1"
},
{
"status": "affected",
"version": "16.10.1a"
},
{
"status": "affected",
"version": "16.10.1b"
},
{
"status": "affected",
"version": "16.10.1s"
},
{
"status": "affected",
"version": "16.10.1e"
},
{
"status": "affected",
"version": "16.10.2"
},
{
"status": "affected",
"version": "16.10.3"
},
{
"status": "affected",
"version": "16.11.1"
},
{
"status": "affected",
"version": "16.11.1a"
},
{
"status": "affected",
"version": "16.11.1b"
},
{
"status": "affected",
"version": "16.11.2"
},
{
"status": "affected",
"version": "16.11.1s"
},
{
"status": "affected",
"version": "16.12.1"
},
{
"status": "affected",
"version": "16.12.1s"
},
{
"status": "affected",
"version": "16.12.1a"
},
{
"status": "affected",
"version": "16.12.1c"
},
{
"status": "affected",
"version": "16.12.2"
},
{
"status": "affected",
"version": "16.12.2a"
},
{
"status": "affected",
"version": "16.12.3"
},
{
"status": "affected",
"version": "16.12.8"
},
{
"status": "affected",
"version": "16.12.2s"
},
{
"status": "affected",
"version": "16.12.1t"
},
{
"status": "affected",
"version": "16.12.4"
},
{
"status": "affected",
"version": "16.12.3s"
},
{
"status": "affected",
"version": "16.12.3a"
},
{
"status": "affected",
"version": "16.12.4a"
},
{
"status": "affected",
"version": "16.12.5"
},
{
"status": "affected",
"version": "16.12.6"
},
{
"status": "affected",
"version": "16.12.5a"
},
{
"status": "affected",
"version": "16.12.5b"
},
{
"status": "affected",
"version": "16.12.6a"
},
{
"status": "affected",
"version": "16.12.7"
},
{
"status": "affected",
"version": "16.12.9"
},
{
"status": "affected",
"version": "16.12.10"
},
{
"status": "affected",
"version": "16.12.10a"
},
{
"status": "affected",
"version": "16.12.11"
},
{
"status": "affected",
"version": "17.1.1"
},
{
"status": "affected",
"version": "17.1.1a"
},
{
"status": "affected",
"version": "17.1.1s"
},
{
"status": "affected",
"version": "17.1.1t"
},
{
"status": "affected",
"version": "17.1.3"
},
{
"status": "affected",
"version": "17.2.1"
},
{
"status": "affected",
"version": "17.2.1r"
},
{
"status": "affected",
"version": "17.2.1a"
},
{
"status": "affected",
"version": "17.2.1v"
},
{
"status": "affected",
"version": "17.2.2"
},
{
"status": "affected",
"version": "17.2.3"
},
{
"status": "affected",
"version": "17.3.1"
},
{
"status": "affected",
"version": "17.3.2"
},
{
"status": "affected",
"version": "17.3.3"
},
{
"status": "affected",
"version": "17.3.1a"
},
{
"status": "affected",
"version": "17.3.2a"
},
{
"status": "affected",
"version": "17.3.4"
},
{
"status": "affected",
"version": "17.3.5"
},
{
"status": "affected",
"version": "17.3.4a"
},
{
"status": "affected",
"version": "17.3.6"
},
{
"status": "affected",
"version": "17.3.4b"
},
{
"status": "affected",
"version": "17.3.4c"
},
{
"status": "affected",
"version": "17.3.5a"
},
{
"status": "affected",
"version": "17.3.5b"
},
{
"status": "affected",
"version": "17.3.7"
},
{
"status": "affected",
"version": "17.3.8"
},
{
"status": "affected",
"version": "17.3.8a"
},
{
"status": "affected",
"version": "17.4.1"
},
{
"status": "affected",
"version": "17.4.2"
},
{
"status": "affected",
"version": "17.4.1a"
},
{
"status": "affected",
"version": "17.4.1b"
},
{
"status": "affected",
"version": "17.4.2a"
},
{
"status": "affected",
"version": "17.5.1"
},
{
"status": "affected",
"version": "17.5.1a"
},
{
"status": "affected",
"version": "17.6.1"
},
{
"status": "affected",
"version": "17.6.2"
},
{
"status": "affected",
"version": "17.6.1a"
},
{
"status": "affected",
"version": "17.6.3"
},
{
"status": "affected",
"version": "17.6.3a"
},
{
"status": "affected",
"version": "17.6.4"
},
{
"status": "affected",
"version": "17.6.5"
},
{
"status": "affected",
"version": "17.6.6"
},
{
"status": "affected",
"version": "17.6.6a"
},
{
"status": "affected",
"version": "17.6.5a"
},
{
"status": "affected",
"version": "17.7.1"
},
{
"status": "affected",
"version": "17.7.1a"
},
{
"status": "affected",
"version": "17.7.1b"
},
{
"status": "affected",
"version": "17.7.2"
},
{
"status": "affected",
"version": "17.10.1"
},
{
"status": "affected",
"version": "17.10.1a"
},
{
"status": "affected",
"version": "17.10.1b"
},
{
"status": "affected",
"version": "17.8.1"
},
{
"status": "affected",
"version": "17.8.1a"
},
{
"status": "affected",
"version": "17.9.1"
},
{
"status": "affected",
"version": "17.9.2"
},
{
"status": "affected",
"version": "17.9.1a"
},
{
"status": "affected",
"version": "17.9.3"
},
{
"status": "affected",
"version": "17.9.2a"
},
{
"status": "affected",
"version": "17.9.3a"
},
{
"status": "affected",
"version": "17.9.4"
},
{
"status": "affected",
"version": "17.9.4a"
},
{
"status": "affected",
"version": "17.11.1"
},
{
"status": "affected",
"version": "17.11.1a"
},
{
"status": "affected",
"version": "17.12.1"
},
{
"status": "affected",
"version": "17.12.1a"
},
{
"status": "affected",
"version": "17.12.2"
},
{
"status": "affected",
"version": "17.12.2a"
},
{
"status": "affected",
"version": "17.11.99SW"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20316",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-29T17:11:12.713334Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T16:25:58.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-dmi-acl-bypass-Xv8FO8Vz",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dmi-acl-bypass-Xv8FO8Vz"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "16.3.1"
},
{
"status": "affected",
"version": "16.3.2"
},
{
"status": "affected",
"version": "16.3.3"
},
{
"status": "affected",
"version": "16.3.1a"
},
{
"status": "affected",
"version": "16.3.4"
},
{
"status": "affected",
"version": "16.3.5"
},
{
"status": "affected",
"version": "16.3.5b"
},
{
"status": "affected",
"version": "16.3.6"
},
{
"status": "affected",
"version": "16.3.7"
},
{
"status": "affected",
"version": "16.3.8"
},
{
"status": "affected",
"version": "16.3.9"
},
{
"status": "affected",
"version": "16.3.10"
},
{
"status": "affected",
"version": "16.3.11"
},
{
"status": "affected",
"version": "16.4.1"
},
{
"status": "affected",
"version": "16.4.2"
},
{
"status": "affected",
"version": "16.4.3"
},
{
"status": "affected",
"version": "16.5.1"
},
{
"status": "affected",
"version": "16.5.1a"
},
{
"status": "affected",
"version": "16.5.1b"
},
{
"status": "affected",
"version": "16.5.2"
},
{
"status": "affected",
"version": "16.5.3"
},
{
"status": "affected",
"version": "16.6.1"
},
{
"status": "affected",
"version": "16.6.2"
},
{
"status": "affected",
"version": "16.6.3"
},
{
"status": "affected",
"version": "16.6.4"
},
{
"status": "affected",
"version": "16.6.5"
},
{
"status": "affected",
"version": "16.6.4a"
},
{
"status": "affected",
"version": "16.6.5a"
},
{
"status": "affected",
"version": "16.6.6"
},
{
"status": "affected",
"version": "16.6.7"
},
{
"status": "affected",
"version": "16.6.8"
},
{
"status": "affected",
"version": "16.6.9"
},
{
"status": "affected",
"version": "16.6.10"
},
{
"status": "affected",
"version": "16.7.1"
},
{
"status": "affected",
"version": "16.7.2"
},
{
"status": "affected",
"version": "16.7.3"
},
{
"status": "affected",
"version": "16.8.1"
},
{
"status": "affected",
"version": "16.8.1a"
},
{
"status": "affected",
"version": "16.8.1b"
},
{
"status": "affected",
"version": "16.8.1s"
},
{
"status": "affected",
"version": "16.8.1c"
},
{
"status": "affected",
"version": "16.8.2"
},
{
"status": "affected",
"version": "16.8.3"
},
{
"status": "affected",
"version": "16.9.1"
},
{
"status": "affected",
"version": "16.9.2"
},
{
"status": "affected",
"version": "16.9.1a"
},
{
"status": "affected",
"version": "16.9.1b"
},
{
"status": "affected",
"version": "16.9.1s"
},
{
"status": "affected",
"version": "16.9.3"
},
{
"status": "affected",
"version": "16.9.4"
},
{
"status": "affected",
"version": "16.9.3a"
},
{
"status": "affected",
"version": "16.9.5"
},
{
"status": "affected",
"version": "16.9.5f"
},
{
"status": "affected",
"version": "16.9.6"
},
{
"status": "affected",
"version": "16.9.7"
},
{
"status": "affected",
"version": "16.9.8"
},
{
"status": "affected",
"version": "16.10.1"
},
{
"status": "affected",
"version": "16.10.1a"
},
{
"status": "affected",
"version": "16.10.1b"
},
{
"status": "affected",
"version": "16.10.1s"
},
{
"status": "affected",
"version": "16.10.1e"
},
{
"status": "affected",
"version": "16.10.2"
},
{
"status": "affected",
"version": "16.10.3"
},
{
"status": "affected",
"version": "16.11.1"
},
{
"status": "affected",
"version": "16.11.1a"
},
{
"status": "affected",
"version": "16.11.1b"
},
{
"status": "affected",
"version": "16.11.2"
},
{
"status": "affected",
"version": "16.11.1s"
},
{
"status": "affected",
"version": "16.12.1"
},
{
"status": "affected",
"version": "16.12.1s"
},
{
"status": "affected",
"version": "16.12.1a"
},
{
"status": "affected",
"version": "16.12.1c"
},
{
"status": "affected",
"version": "16.12.2"
},
{
"status": "affected",
"version": "16.12.2a"
},
{
"status": "affected",
"version": "16.12.3"
},
{
"status": "affected",
"version": "16.12.8"
},
{
"status": "affected",
"version": "16.12.2s"
},
{
"status": "affected",
"version": "16.12.1t"
},
{
"status": "affected",
"version": "16.12.4"
},
{
"status": "affected",
"version": "16.12.3s"
},
{
"status": "affected",
"version": "16.12.3a"
},
{
"status": "affected",
"version": "16.12.4a"
},
{
"status": "affected",
"version": "16.12.5"
},
{
"status": "affected",
"version": "16.12.6"
},
{
"status": "affected",
"version": "16.12.5a"
},
{
"status": "affected",
"version": "16.12.5b"
},
{
"status": "affected",
"version": "16.12.6a"
},
{
"status": "affected",
"version": "16.12.7"
},
{
"status": "affected",
"version": "16.12.9"
},
{
"status": "affected",
"version": "16.12.10"
},
{
"status": "affected",
"version": "16.12.10a"
},
{
"status": "affected",
"version": "16.12.11"
},
{
"status": "affected",
"version": "17.1.1"
},
{
"status": "affected",
"version": "17.1.1a"
},
{
"status": "affected",
"version": "17.1.1s"
},
{
"status": "affected",
"version": "17.1.1t"
},
{
"status": "affected",
"version": "17.1.3"
},
{
"status": "affected",
"version": "17.2.1"
},
{
"status": "affected",
"version": "17.2.1r"
},
{
"status": "affected",
"version": "17.2.1a"
},
{
"status": "affected",
"version": "17.2.1v"
},
{
"status": "affected",
"version": "17.2.2"
},
{
"status": "affected",
"version": "17.2.3"
},
{
"status": "affected",
"version": "17.3.1"
},
{
"status": "affected",
"version": "17.3.2"
},
{
"status": "affected",
"version": "17.3.3"
},
{
"status": "affected",
"version": "17.3.1a"
},
{
"status": "affected",
"version": "17.3.2a"
},
{
"status": "affected",
"version": "17.3.4"
},
{
"status": "affected",
"version": "17.3.5"
},
{
"status": "affected",
"version": "17.3.4a"
},
{
"status": "affected",
"version": "17.3.6"
},
{
"status": "affected",
"version": "17.3.4b"
},
{
"status": "affected",
"version": "17.3.4c"
},
{
"status": "affected",
"version": "17.3.5a"
},
{
"status": "affected",
"version": "17.3.5b"
},
{
"status": "affected",
"version": "17.3.7"
},
{
"status": "affected",
"version": "17.3.8"
},
{
"status": "affected",
"version": "17.3.8a"
},
{
"status": "affected",
"version": "17.4.1"
},
{
"status": "affected",
"version": "17.4.2"
},
{
"status": "affected",
"version": "17.4.1a"
},
{
"status": "affected",
"version": "17.4.1b"
},
{
"status": "affected",
"version": "17.4.2a"
},
{
"status": "affected",
"version": "17.5.1"
},
{
"status": "affected",
"version": "17.5.1a"
},
{
"status": "affected",
"version": "17.6.1"
},
{
"status": "affected",
"version": "17.6.2"
},
{
"status": "affected",
"version": "17.6.1a"
},
{
"status": "affected",
"version": "17.6.3"
},
{
"status": "affected",
"version": "17.6.3a"
},
{
"status": "affected",
"version": "17.6.4"
},
{
"status": "affected",
"version": "17.6.5"
},
{
"status": "affected",
"version": "17.6.6"
},
{
"status": "affected",
"version": "17.6.6a"
},
{
"status": "affected",
"version": "17.6.5a"
},
{
"status": "affected",
"version": "17.7.1"
},
{
"status": "affected",
"version": "17.7.1a"
},
{
"status": "affected",
"version": "17.7.1b"
},
{
"status": "affected",
"version": "17.7.2"
},
{
"status": "affected",
"version": "17.10.1"
},
{
"status": "affected",
"version": "17.10.1a"
},
{
"status": "affected",
"version": "17.10.1b"
},
{
"status": "affected",
"version": "17.8.1"
},
{
"status": "affected",
"version": "17.8.1a"
},
{
"status": "affected",
"version": "17.9.1"
},
{
"status": "affected",
"version": "17.9.2"
},
{
"status": "affected",
"version": "17.9.1a"
},
{
"status": "affected",
"version": "17.9.3"
},
{
"status": "affected",
"version": "17.9.2a"
},
{
"status": "affected",
"version": "17.9.3a"
},
{
"status": "affected",
"version": "17.9.4"
},
{
"status": "affected",
"version": "17.9.4a"
},
{
"status": "affected",
"version": "17.11.1"
},
{
"status": "affected",
"version": "17.11.1a"
},
{
"status": "affected",
"version": "17.12.1"
},
{
"status": "affected",
"version": "17.12.1a"
},
{
"status": "affected",
"version": "17.12.2"
},
{
"status": "affected",
"version": "17.12.2a"
},
{
"status": "affected",
"version": "17.11.99SW"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL).\r\n\r This vulnerability is due to improper handling of error conditions when a successfully authorized device administrator updates an IPv4 ACL using the NETCONF or RESTCONF protocol, and the update would reorder access control entries (ACEs) in the updated ACL. An attacker could exploit this vulnerability by accessing resources that should have been protected across an affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-390",
"description": "Detection of Error Condition Without Action",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T16:49:03.113Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-dmi-acl-bypass-Xv8FO8Vz",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dmi-acl-bypass-Xv8FO8Vz"
}
],
"source": {
"advisory": "cisco-sa-dmi-acl-bypass-Xv8FO8Vz",
"defects": [
"CSCwf92391",
"CSCwe12169"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20316",
"datePublished": "2024-03-27T16:49:03.113Z",
"dateReserved": "2023-11-08T15:08:07.632Z",
"dateUpdated": "2024-08-01T21:59:42.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27919 (GCVE-0-2024-27919)
Vulnerability from cvelistv5 – Published: 2024-04-04 14:30 – Updated: 2025-11-04 18:30
VLAI?
Title
HTTP/2: memory exhaustion due to CONTINUATION frame flood
Summary
Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does not reset a request when header map limits have been exceeded. This allows an attacker to send an sequence of CONTINUATION frames without the END_HEADERS bit set causing unlimited memory consumption. This can lead to denial of service through memory exhaustion. Users should upgrade to versions 1.29.2 to mitigate the effects of the CONTINUATION flood. Note that this vulnerability is a regression in Envoy version 1.29.0 and 1.29.1 only. As a workaround, downgrade to version 1.28.1 or earlier or disable HTTP/2 protocol for downstream connections.
Severity ?
7.5 (High)
CWE
- CWE-390 - Detection of Error Condition Without Action
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Affected:
>= 1.29.0, < 1.29.2
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:envoyproxy:envoy:1.29.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"lessThan": "1.29.2",
"status": "affected",
"version": "1.29.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27919",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T00:03:09.545061Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T00:04:41.158Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:30:17.720Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gghf-vfxp-799r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gghf-vfxp-799r"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/57a02565532c18eb9df972a3e8974be3ae59f2d5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/57a02565532c18eb9df972a3e8974be3ae59f2d5"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/05/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"
},
{
"url": "https://www.kb.cert.org/vuls/id/421644"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c 1.29.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy\u0027s HTTP/2 codec does not reset a request when header map limits have been exceeded. This allows an attacker to send an sequence of CONTINUATION frames without the END_HEADERS bit set causing unlimited memory consumption. This can lead to denial of service through memory exhaustion. Users should upgrade to versions 1.29.2 to mitigate the effects of the CONTINUATION flood. Note that this vulnerability is a regression in Envoy version 1.29.0 and 1.29.1 only. As a workaround, downgrade to version 1.28.1 or earlier or disable HTTP/2 protocol for downstream connections."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-390",
"description": "CWE-390: Detection of Error Condition Without Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T18:07:45.997Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gghf-vfxp-799r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gghf-vfxp-799r"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/57a02565532c18eb9df972a3e8974be3ae59f2d5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/57a02565532c18eb9df972a3e8974be3ae59f2d5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/05/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"
}
],
"source": {
"advisory": "GHSA-gghf-vfxp-799r",
"discovery": "UNKNOWN"
},
"title": "HTTP/2: memory exhaustion due to CONTINUATION frame flood"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27919",
"datePublished": "2024-04-04T14:30:11.144Z",
"dateReserved": "2024-02-28T15:14:14.214Z",
"dateUpdated": "2025-11-04T18:30:17.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-30255 (GCVE-0-2024-30255)
Vulnerability from cvelistv5 – Published: 2024-04-04 19:41 – Updated: 2025-11-04 18:30
VLAI?
Title
HTTP/2: CPU exhaustion due to CONTINUATION frame flood
Summary
Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy's header map limits. This allows an attacker to send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic and culminating in denial of service through CPU exhaustion. Users should upgrade to version 1.29.3, 1.28.2, 1.27.4, or 1.26.8 to mitigate the effects of the CONTINUATION flood. As a workaround, disable HTTP/2 protocol for downstream connections.
Severity ?
5.3 (Medium)
CWE
- CWE-390 - Detection of Error Condition Without Action
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Affected:
>= 1.29.0, < 1.29.3
Affected: >= 1.28.0, < 1.28.2 Affected: >= 1.27.0, < 1.27.4 Affected: < 1.26.8 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"lessThan": "1.29.3",
"status": "affected",
"version": "1.29.0",
"versionType": "custom"
},
{
"lessThan": "1.28.2",
"status": "affected",
"version": "1.28.0",
"versionType": "custom"
},
{
"lessThan": "1.27.4",
"status": "affected",
"version": "1.27.0",
"versionType": "custom"
},
{
"lessThan": "1.26.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30255",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-08T14:58:49.679014Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T13:47:51.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:30:33.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/05/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"
},
{
"url": "https://www.kb.cert.org/vuls/id/421644"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c 1.29.3"
},
{
"status": "affected",
"version": "\u003e= 1.28.0, \u003c 1.28.2"
},
{
"status": "affected",
"version": "\u003e= 1.27.0, \u003c 1.27.4"
},
{
"status": "affected",
"version": "\u003c 1.26.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy\u0027s HTTP/2 codec allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy\u0027s header map limits. This allows an attacker to send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic and culminating in denial of service through CPU exhaustion. Users should upgrade to version 1.29.3, 1.28.2, 1.27.4, or 1.26.8 to mitigate the effects of the CONTINUATION flood. As a workaround, disable HTTP/2 protocol for downstream connections."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-390",
"description": "CWE-390: Detection of Error Condition Without Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T18:07:47.558Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/05/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"
}
],
"source": {
"advisory": "GHSA-j654-3ccm-vfmm",
"discovery": "UNKNOWN"
},
"title": "HTTP/2: CPU exhaustion due to CONTINUATION frame flood"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-30255",
"datePublished": "2024-04-04T19:41:02.634Z",
"dateReserved": "2024-03-26T12:52:00.934Z",
"dateUpdated": "2025-11-04T18:30:33.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49841 (GCVE-0-2024-49841)
Vulnerability from cvelistv5 – Published: 2025-05-06 08:32 – Updated: 2025-05-07 18:54
VLAI?
Title
Detection of Error Condition Without Action in Hypervisor
Summary
Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.
Severity ?
7.8 (High)
CWE
- CWE-390 - Detection of Error Condition Without Action
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
AQT1000
Affected: AR8035 Affected: FastConnect 6200 Affected: FastConnect 6700 Affected: FastConnect 6800 Affected: FastConnect 6900 Affected: FastConnect 7800 Affected: QAM8255P Affected: QAM8295P Affected: QAM8620P Affected: QAM8650P Affected: QAM8775P Affected: QAMSRV1H Affected: QAMSRV1M Affected: QCA6174A Affected: QCA6310 Affected: QCA6335 Affected: QCA6391 Affected: QCA6420 Affected: QCA6421 Affected: QCA6426 Affected: QCA6430 Affected: QCA6431 Affected: QCA6436 Affected: QCA6564A Affected: QCA6564AU Affected: QCA6574 Affected: QCA6574A Affected: QCA6574AU Affected: QCA6584AU Affected: QCA6595 Affected: QCA6595AU Affected: QCA6678AQ Affected: QCA6688AQ Affected: QCA6696 Affected: QCA6698AQ Affected: QCA6797AQ Affected: QCA8081 Affected: QCA8337 Affected: QCA9377 Affected: QCC710 Affected: QCM5430 Affected: QCM6490 Affected: QCM8550 Affected: QCN6224 Affected: QCN6274 Affected: QCN9274 Affected: QCS5430 Affected: QCS6490 Affected: QCS8300 Affected: QCS8550 Affected: QCS9100 Affected: QDU1000 Affected: QDU1010 Affected: QDU1110 Affected: QDU1210 Affected: QDX1010 Affected: QDX1011 Affected: QEP8111 Affected: QFW7114 Affected: QFW7124 Affected: QMP1000 Affected: QRU1032 Affected: QRU1052 Affected: QRU1062 Affected: QSM8350 Affected: Qualcomm Video Collaboration VC3 Platform Affected: Robotics RB3 Platform Affected: SA6145P Affected: SA6155 Affected: SA6155P Affected: SA7255P Affected: SA7775P Affected: SA8150P Affected: SA8155 Affected: SA8155P Affected: SA8255P Affected: SA8295P Affected: SA8540P Affected: SA8620P Affected: SA8650P Affected: SA8770P Affected: SA8775P Affected: SA9000P Affected: SC8380XP Affected: SD 675 Affected: SD 8 Gen1 5G Affected: SD 8CX Affected: SD670 Affected: SD675 Affected: SD855 Affected: SD865 5G Affected: SDX55 Affected: SDX57M Affected: SDX80M Affected: SM7250P Affected: SM8735 Affected: SM8750 Affected: SM8750P Affected: Snapdragon 670 Mobile Platform Affected: Snapdragon 675 Mobile Platform Affected: Snapdragon 678 Mobile Platform (SM6150-AC) Affected: Snapdragon 765 5G Mobile Platform (SM7250-AA) Affected: Snapdragon 765G 5G Mobile Platform (SM7250-AB) Affected: Snapdragon 768G 5G Mobile Platform (SM7250-AC) Affected: Snapdragon 8 Gen 1 Mobile Platform Affected: Snapdragon 8 Gen 3 Mobile Platform Affected: Snapdragon 845 Mobile Platform Affected: Snapdragon 850 Mobile Compute Platform Affected: Snapdragon 855 Mobile Platform Affected: Snapdragon 855+/860 Mobile Platform (SM8150-AC) Affected: Snapdragon 865 5G Mobile Platform Affected: Snapdragon 865+ 5G Mobile Platform (SM8250-AB) Affected: Snapdragon 870 5G Mobile Platform (SM8250-AC) Affected: Snapdragon 888 5G Mobile Platform Affected: Snapdragon 888+ 5G Mobile Platform (SM8350-AC) Affected: Snapdragon 8c Compute Platform (SC8180X-AD) "Poipu Lite" Affected: Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite" Affected: Snapdragon 8cx Compute Platform (SC8180X-AA, AB) Affected: Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) "Poipu Pro" Affected: Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) "Poipu Pro" Affected: Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB) Affected: Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB) Affected: Snapdragon AR1 Gen 1 Platform Affected: Snapdragon AR1 Gen 1 Platform "Luna1" Affected: Snapdragon AR2 Gen 1 Platform Affected: Snapdragon Auto 5G Modem-RF Gen 2 Affected: Snapdragon X24 LTE Modem Affected: Snapdragon X32 5G Modem-RF System Affected: Snapdragon X35 5G Modem-RF System Affected: Snapdragon X50 5G Modem-RF System Affected: Snapdragon X55 5G Modem-RF System Affected: Snapdragon X62 5G Modem-RF System Affected: Snapdragon X65 5G Modem-RF System Affected: Snapdragon X72 5G Modem-RF System Affected: Snapdragon X75 5G Modem-RF System Affected: Snapdragon XR2 5G Platform Affected: SRV1H Affected: SRV1L Affected: SRV1M Affected: SSG2115P Affected: SSG2125P Affected: SXR1230P Affected: SXR2130 Affected: SXR2330P Affected: Vision Intelligence 300 Platform Affected: Vision Intelligence 400 Platform Affected: WCD9326 Affected: WCD9340 Affected: WCD9341 Affected: WCD9370 Affected: WCD9375 Affected: WCD9378 Affected: WCD9380 Affected: WCD9385 Affected: WCD9390 Affected: WCD9395 Affected: WCN3950 Affected: WCN3980 Affected: WCN3990 Affected: WCN7750 Affected: WCN7860 Affected: WCN7861 Affected: WCN7880 Affected: WCN7881 Affected: WSA8810 Affected: WSA8815 Affected: WSA8830 Affected: WSA8832 Affected: WSA8835 Affected: WSA8840 Affected: WSA8845 Affected: WSA8845H |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49841",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T03:55:34.813937Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T18:54:32.715Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Compute",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon MDM",
"Snapdragon Mobile",
"Snapdragon Technology"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AQT1000"
},
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "FastConnect 6200"
},
{
"status": "affected",
"version": "FastConnect 6700"
},
{
"status": "affected",
"version": "FastConnect 6800"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "QAM8255P"
},
{
"status": "affected",
"version": "QAM8295P"
},
{
"status": "affected",
"version": "QAM8620P"
},
{
"status": "affected",
"version": "QAM8650P"
},
{
"status": "affected",
"version": "QAM8775P"
},
{
"status": "affected",
"version": "QAMSRV1H"
},
{
"status": "affected",
"version": "QAMSRV1M"
},
{
"status": "affected",
"version": "QCA6174A"
},
{
"status": "affected",
"version": "QCA6310"
},
{
"status": "affected",
"version": "QCA6335"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6420"
},
{
"status": "affected",
"version": "QCA6421"
},
{
"status": "affected",
"version": "QCA6426"
},
{
"status": "affected",
"version": "QCA6430"
},
{
"status": "affected",
"version": "QCA6431"
},
{
"status": "affected",
"version": "QCA6436"
},
{
"status": "affected",
"version": "QCA6564A"
},
{
"status": "affected",
"version": "QCA6564AU"
},
{
"status": "affected",
"version": "QCA6574"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6584AU"
},
{
"status": "affected",
"version": "QCA6595"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6678AQ"
},
{
"status": "affected",
"version": "QCA6688AQ"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCA6698AQ"
},
{
"status": "affected",
"version": "QCA6797AQ"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCA9377"
},
{
"status": "affected",
"version": "QCC710"
},
{
"status": "affected",
"version": "QCM5430"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "QCM8550"
},
{
"status": "affected",
"version": "QCN6224"
},
{
"status": "affected",
"version": "QCN6274"
},
{
"status": "affected",
"version": "QCN9274"
},
{
"status": "affected",
"version": "QCS5430"
},
{
"status": "affected",
"version": "QCS6490"
},
{
"status": "affected",
"version": "QCS8300"
},
{
"status": "affected",
"version": "QCS8550"
},
{
"status": "affected",
"version": "QCS9100"
},
{
"status": "affected",
"version": "QDU1000"
},
{
"status": "affected",
"version": "QDU1010"
},
{
"status": "affected",
"version": "QDU1110"
},
{
"status": "affected",
"version": "QDU1210"
},
{
"status": "affected",
"version": "QDX1010"
},
{
"status": "affected",
"version": "QDX1011"
},
{
"status": "affected",
"version": "QEP8111"
},
{
"status": "affected",
"version": "QFW7114"
},
{
"status": "affected",
"version": "QFW7124"
},
{
"status": "affected",
"version": "QMP1000"
},
{
"status": "affected",
"version": "QRU1032"
},
{
"status": "affected",
"version": "QRU1052"
},
{
"status": "affected",
"version": "QRU1062"
},
{
"status": "affected",
"version": "QSM8350"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC3 Platform"
},
{
"status": "affected",
"version": "Robotics RB3 Platform"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6155"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA7255P"
},
{
"status": "affected",
"version": "SA7775P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8255P"
},
{
"status": "affected",
"version": "SA8295P"
},
{
"status": "affected",
"version": "SA8540P"
},
{
"status": "affected",
"version": "SA8620P"
},
{
"status": "affected",
"version": "SA8650P"
},
{
"status": "affected",
"version": "SA8770P"
},
{
"status": "affected",
"version": "SA8775P"
},
{
"status": "affected",
"version": "SA9000P"
},
{
"status": "affected",
"version": "SC8380XP"
},
{
"status": "affected",
"version": "SD 675"
},
{
"status": "affected",
"version": "SD 8 Gen1 5G"
},
{
"status": "affected",
"version": "SD 8CX"
},
{
"status": "affected",
"version": "SD670"
},
{
"status": "affected",
"version": "SD675"
},
{
"status": "affected",
"version": "SD855"
},
{
"status": "affected",
"version": "SD865 5G"
},
{
"status": "affected",
"version": "SDX55"
},
{
"status": "affected",
"version": "SDX57M"
},
{
"status": "affected",
"version": "SDX80M"
},
{
"status": "affected",
"version": "SM7250P"
},
{
"status": "affected",
"version": "SM8735"
},
{
"status": "affected",
"version": "SM8750"
},
{
"status": "affected",
"version": "SM8750P"
},
{
"status": "affected",
"version": "Snapdragon 670 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 675 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 678 Mobile Platform (SM6150-AC)"
},
{
"status": "affected",
"version": "Snapdragon 765 5G Mobile Platform (SM7250-AA)"
},
{
"status": "affected",
"version": "Snapdragon 765G 5G Mobile Platform (SM7250-AB)"
},
{
"status": "affected",
"version": "Snapdragon 768G 5G Mobile Platform (SM7250-AC)"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 3 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 845 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 850 Mobile Compute Platform"
},
{
"status": "affected",
"version": "Snapdragon 855 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 855+/860 Mobile Platform (SM8150-AC)"
},
{
"status": "affected",
"version": "Snapdragon 865 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)"
},
{
"status": "affected",
"version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)"
},
{
"status": "affected",
"version": "Snapdragon 888 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)"
},
{
"status": "affected",
"version": "Snapdragon 8c Compute Platform (SC8180X-AD) \"Poipu Lite\""
},
{
"status": "affected",
"version": "Snapdragon 8c Compute Platform (SC8180XP-AD) \"Poipu Lite\""
},
{
"status": "affected",
"version": "Snapdragon 8cx Compute Platform (SC8180X-AA, AB)"
},
{
"status": "affected",
"version": "Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) \"Poipu Pro\""
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) \"Poipu Pro\""
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB)"
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB)"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform \"Luna1\""
},
{
"status": "affected",
"version": "Snapdragon AR2 Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon Auto 5G Modem-RF Gen 2"
},
{
"status": "affected",
"version": "Snapdragon X24 LTE Modem"
},
{
"status": "affected",
"version": "Snapdragon X32 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X35 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X50 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X55 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X62 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X65 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X72 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X75 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon XR2 5G Platform"
},
{
"status": "affected",
"version": "SRV1H"
},
{
"status": "affected",
"version": "SRV1L"
},
{
"status": "affected",
"version": "SRV1M"
},
{
"status": "affected",
"version": "SSG2115P"
},
{
"status": "affected",
"version": "SSG2125P"
},
{
"status": "affected",
"version": "SXR1230P"
},
{
"status": "affected",
"version": "SXR2130"
},
{
"status": "affected",
"version": "SXR2330P"
},
{
"status": "affected",
"version": "Vision Intelligence 300 Platform"
},
{
"status": "affected",
"version": "Vision Intelligence 400 Platform"
},
{
"status": "affected",
"version": "WCD9326"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9378"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCD9390"
},
{
"status": "affected",
"version": "WCD9395"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3990"
},
{
"status": "affected",
"version": "WCN7750"
},
{
"status": "affected",
"version": "WCN7860"
},
{
"status": "affected",
"version": "WCN7861"
},
{
"status": "affected",
"version": "WCN7880"
},
{
"status": "affected",
"version": "WCN7881"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-390",
"description": "CWE-390 Detection of Error Condition Without Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T08:32:18.628Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html"
}
],
"title": "Detection of Error Condition Without Action in Hypervisor"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2024-49841",
"datePublished": "2025-05-06T08:32:18.628Z",
"dateReserved": "2024-10-20T17:18:43.216Z",
"dateUpdated": "2025-05-07T18:54:32.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25204 (GCVE-0-2025-25204)
Vulnerability from cvelistv5 – Published: 2025-02-14 16:38 – Updated: 2025-03-03 19:13
VLAI?
Title
`gh attestation verify` returns incorrect exit code during verification if no attestations are present
Summary
`gh` is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool `gh attestation verify` causes it to return a zero exit status when no attestations are present. This behavior is incorrect: When no attestations are present, `gh attestation verify` should return a non-zero exit status code, thereby signaling verification failure. An attacker can abuse this flaw to, for example, deploy malicious artifacts in any system that uses `gh attestation verify`'s exit codes to gatekeep deployments. Users are advised to update `gh` to patched version `v2.67.0` as soon as possible.
Severity ?
6.3 (Medium)
CWE
- CWE-390 - Detection of Error Condition Without Action
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25204",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T15:29:05.799010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T19:13:28.888Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cli",
"vendor": "cli",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.49.0, \u003c 2.67.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "`gh` is GitHub\u2019s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub\u0027s Artifact Attestation cli tool `gh attestation verify` causes it to return a zero exit status when no attestations are present. This behavior is incorrect: When no attestations are present, `gh attestation verify` should return a non-zero exit status code, thereby signaling verification failure. An attacker can abuse this flaw to, for example, deploy malicious artifacts in any system that uses `gh attestation verify`\u0027s exit codes to gatekeep deployments. Users are advised to update `gh` to patched version `v2.67.0` as soon as possible."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-390",
"description": "CWE-390: Detection of Error Condition Without Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T16:38:29.038Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cli/cli/security/advisories/GHSA-fgw4-v983-mgp8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cli/cli/security/advisories/GHSA-fgw4-v983-mgp8"
},
{
"name": "https://github.com/cli/cli/issues/10418",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cli/cli/issues/10418"
},
{
"name": "https://github.com/cli/cli/pull/10421",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cli/cli/pull/10421"
}
],
"source": {
"advisory": "GHSA-fgw4-v983-mgp8",
"discovery": "UNKNOWN"
},
"title": "`gh attestation verify` returns incorrect exit code during verification if no attestations are present"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-25204",
"datePublished": "2025-02-14T16:38:29.038Z",
"dateReserved": "2025-02-03T19:30:53.401Z",
"dateUpdated": "2025-03-03T19:13:28.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Implementation
Description:
- Properly handle each exception. This is the recommended solution. Ensure that all exceptions are handled in such a way that you can be sure of the state of your system at any given moment.
Mitigation
Phase: Implementation
Description:
- If a function returns an error, it is important to either fix the problem and try again, alert the user that an error has happened and let the program continue, or alert the user and close and cleanup the program.
Mitigation
Phase: Testing
Description:
- Subject the product to extensive testing to discover some of the possible instances of where/how errors or return values are not handled. Consider testing techniques such as ad hoc, equivalence partitioning, robustness and fault tolerance, mutation, and fuzzing.
No CAPEC attack patterns related to this CWE.